I have a windows 7 machine that crashed over the weekend. I do have a Seagate external hard drive hooked in via usb, for back up. I have installed the bug check application and symbols. The report is point to Ntfs.sys as the problem child. Below is the first part of the report. Can some one please look at this and tell me what I am to do with the Ntfs.sys driver. How can I update the driver, or is that not what needs to be done?? Please point me in the right direction. Thanks!! NTFS_FILE_SYSTEM (24) If you see NtfsExceptionFilter on the stack then the 2nd and 3rd parameters are the exception record and context record. Do a .cxr on the 3rd parameter and then kb to obtain a more informative stack trace. Arguments: Arg1: 00000000001904fb Arg2: fffff88006ff7588 Arg3: fffff88006ff6df0 Arg4: fffff80002e37a09 Debugging Details: ------------------ EXCEPTION_RECORD: fffff88006ff7588 -- (.exr 0xfffff88006ff7588) .exr 0xfffff88006ff7588 ExceptionAddress: fffff80002e37a09 (nt!RtlSubtreePredecessor+0x0000000000000009) ExceptionCode: c0000005 (Access violation) ExceptionFlags: 00000000 NumberParameters: 2 Parameter[0]: 0000000000000000 Parameter[1]: ffffffffffffffff Attempt to read from address ffffffffffffffff CONTEXT: fffff88006ff6df0 -- (.cxr 0xfffff88006ff6df0) .cxr 0xfffff88006ff6df0 rax=fa8004cf6e4004c0 rbx=fa8004cf6e4004c0 rcx=fffff8a00f3ea028 rdx=fa8004cf6e4004c0 rsi=ffffffffffffffff rdi=0000000000000000 rip=fffff80002e37a09 rsp=fffff88006ff77c8 rbp=fffffa8007be7170 r8=ffffffffffffffff r9=ffffffffffffffff r10=fffff8a010d847e0 r11=fffff8a00f3ea028 r12=0000000000000705 r13=0000000000000000 r14=fffffa8007be7128 r15=fffff8a010d84b78 iopl=0 nv up ei ng nz na po nc cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010286 nt!RtlSubtreePredecessor+0x9: fffff800`02e37a09 488b4810 mov rcx,qword ptr [rax+10h] ds:002b:fa8004cf`6e4004d0=???????????????? .cxr Resetting default scope CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT PROCESS_NAME: System CURRENT_IRQL: 0 ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s. EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s. EXCEPTION_PARAMETER1: 0000000000000000 EXCEPTION_PARAMETER2: ffffffffffffffff READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800030b80e0 ffffffffffffffff FOLLOWUP_IP: Ntfs!NtfsDeleteScb+108 fffff880`012aabcc 488b03 mov rax,qword ptr [rbx] FAULTING_IP: nt!RtlSubtreePredecessor+9 fffff800`02e37a09 488b4810 mov rcx,qword ptr [rax+10h] BUGCHECK_STR: 0x24 LAST_CONTROL_TRANSFER: from fffff80002e63ca8 to fffff80002e37a09 STACK_TEXT: fffff880`06ff77c8 fffff800`02e63ca8 : 00000000`000007ff 00000000`00000150 fffff8a0`10c9f8f0 fffff880`01026633 : nt!RtlSubtreePredecessor+0x9 fffff880`06ff77d0 fffff880`01028373 : fffffa80`05fd1668 fffffa80`07d01b50 fffffa80`07d01bb0 ffffffff`ffffffff : nt!RtlDeleteNoSplay+0x7c fffff880`06ff7800 fffff880`01024238 : ffffffff`ffffffff fffff8a0`10cc9630 fffffa80`6e664d46 fffff880`0102d66e : fltmgr!TreeUnlinkNoBalance+0x13 fffff880`06ff7830 fffff880`0104235c : 00000000`00000130 fffff8a0`10c53c00 00000000`000007ff 00000000`00000040 : fltmgr!TreeUnlinkMulti+0x148 fffff880`06ff7880 fffff880`01044bc1 : fffffa80`05fd1010 00000000`00000130 fffff8a0`10d84910 fffff8a0`10d84910 : fltmgr!FltpDeleteContextList+0x3c fffff880`06ff78b0 fffff880`01044b7b : fffffa80`05fd1010 fffff8a0`10d84b78 fffffa80`05fd1010 fffff800`030255a0 : fltmgr!CleanupStreamListCtrl+0x21 fffff880`06ff78e0 fffff800`0316f896 : 00000000`00000001 fffff880`012ab0b8 fffff880`06ff79b0 00000000`00000000 : fltmgr!DeleteStreamListCtrlCallback+0x6b fffff880`06ff7910 fffff880`012aabcc : fffff8a0`10d84910 fffffa80`08812040 fffff880`06ff79e8 00000000`00000706 : nt!FsRtlTeardownPerStreamContexts+0xe2 fffff880`06ff7960 fffff880`012aa8d5 : 00000000`00000000 00000000`00000000 fffff800`03025500 00000000`00000001 : Ntfs!NtfsDeleteScb+0x108 fffff880`06ff79a0 fffff880`0121dcb4 : fffff8a0`10d84810 fffff8a0`10d84910 fffff800`03025500 fffff880`06ff7b12 : Ntfs!NtfsRemoveScb+0x61 fffff880`06ff79e0 fffff880`012a82dc : fffff8a0`10d847e0 fffff800`030255a0 fffff880`06ff7b12 fffffa80`07c1e010 : Ntfs!NtfsPrepareFcbForRemoval+0x50 fffff880`06ff7a10 fffff880`01226882 : fffffa80`07c1e010 fffffa80`07c1e010 fffff8a0`10d847e0 00000000`00000000 : Ntfs!NtfsTeardownStructures+0xdc fffff880`06ff7a90 fffff880`012bf813 : fffffa80`07c1e010 fffff800`030255a0 fffff8a0`10d847e0 00000000`00000009 : Ntfs!NtfsDecrementCloseCounts+0xa2 fffff880`06ff7ad0 fffff880`0129938f : fffffa80`07c1e010 fffff8a0`10d84910 fffff8a0`10d847e0 fffffa80`05875180 : Ntfs!NtfsCommonClose+0x353 fffff880`06ff7ba0 fffff800`02e8d961 : 00000000`00000000 fffff880`0116e500 fffffa80`06837901 00000000`00000002 : Ntfs!NtfsFspClose+0x15f fffff880`06ff7c70 fffff800`03124c06 : 00000000`00000000 fffffa80`08812040 00000000`00000080 fffffa80`039dc040 : nt!ExpWorkerThread+0x111 fffff880`06ff7d00 fffff800`02e5ec26 : fffff880`009ea180 fffffa80`08812040 fffff880`009f4fc0 fffff880`01223534 : nt!PspSystemThreadStartup+0x5a fffff880`06ff7d40 00000000`00000000 : fffff880`06ff8000 fffff880`06ff2000 fffff880`06ff79b0 00000000`00000000 : nt!KxStartSystemThread+0x16 SYMBOL_STACK_INDEX: 8 SYMBOL_NAME: Ntfs!NtfsDeleteScb+108 FOLLOWUP_NAME: MachineOwner MODULE_NAME: Ntfs IMAGE_NAME: Ntfs.sys DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bc14f STACK_COMMAND: .cxr 0xfffff88006ff6df0 ; kb FAILURE_BUCKET_ID: X64_0x24_Ntfs!NtfsDeleteScb+108 BUCKET_ID: X64_0x24_Ntfs!NtfsDeleteScb+108 Followup: MachineOwner --------- 1: kd> !thread GetPointerFromAddress: unable to read from fffff800030b8000 THREAD fffffa8008812040 Cid 0004.0b94 Teb: 0000000000000000 Win32Thread: 0000000000000000 RUNNING on processor 1 Not impersonating GetUlongFromAddress: unable to read from fffff80002ff6b74 Owning Process fffffa80039dc040 Image: System Attached Process N/A Image: N/A fffff78000000000: Unable to get shared data Wait Start TickCount 1144093 Context Switch Count 2119 ReadMemory error: Cannot get nt!KeMaximumIncrement value. UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address nt!ExpWorkerThread (0xfffff80002e8d850) Stack Init fffff88006ff7d70 Current fffff88006ff79b0 Base fffff88006ff8000 Limit fffff88006ff2000 Call 0 Priority 13 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`06ff65a8 fffff880`012363d8 : 00000000`00000024 00000000`001904fb fffff880`06ff7588 fffff880`06ff6df0 : nt!KeBugCheckEx fffff880`06ff65b0 fffff880`0130af80 : fffff880`01266fc8 fffff880`06ff7ba0 fffff880`06ff7ba0 00000000`00000000 : Ntfs! ?? ::FNODOBFM::`string'+0x2cc9 fffff880`06ff65f0 fffff800`02eaed1c : 00000000`00000001 fffff880`06ff6700 fffffa80`05dbf180 00000000`00000000 : Ntfs! ?? ::NNGAKEGL::`string'+0x7d3d fffff880`06ff6640 fffff800`02ea640d : fffff880`01266fbc fffff880`06ff7ba0 00000000`00000000 fffff880`01215000 : nt!_C_specific_handler+0x8c fffff880`06ff66b0 fffff800`02eada90 : fffff880`01266fbc fffff880`06ff6728 fffff880`06ff7588 fffff880`01215000 : nt!RtlpExecuteHandlerForException+0xd fffff880`06ff66e0 fffff800`02eba9ef : fffff880`06ff7588 fffff880`06ff6df0 fffff880`00000000 00000000`00000000 : nt!RtlDispatchException+0x410 fffff880`06ff6dc0 fffff800`02e7fd82 : fffff880`06ff7588 fa8004cf`6e4004c0 fffff880`06ff7630 ffffffff`ffffffff : nt!KiDispatchException+0x16f fffff880`06ff7450 fffff800`02e7e68a : f8a010c9`21900400 00000000`00000000 fffffa80`07d01b58 00000000`00000004 : nt!KiExceptionDispatch+0xc2 fffff880`06ff7630 fffff800`02e37a09 : fffff800`02e63ca8 00000000`000007ff 00000000`00000150 fffff8a0`10c9f8f0 : nt!KiGeneralProtectionFault+0x10a (TrapFrame @ fffff880`06ff7630) fffff880`06ff77c8 fffff800`02e63ca8 : 00000000`000007ff 00000000`00000150 fffff8a0`10c9f8f0 fffff880`01026633 : nt!RtlSubtreePredecessor+0x9 fffff880`06ff77d0 fffff880`01028373 : fffffa80`05fd1668 fffffa80`07d01b50 fffffa80`07d01bb0 ffffffff`ffffffff : nt!RtlDeleteNoSplay+0x7c fffff880`06ff7800 fffff880`01024238 : ffffffff`ffffffff fffff8a0`10cc9630 fffffa80`6e664d46 fffff880`0102d66e : fltmgr!TreeUnlinkNoBalance+0x13 fffff880`06ff7830 fffff880`0104235c : 00000000`00000130 fffff8a0`10c53c00 00000000`000007ff 00000000`00000040 : fltmgr!TreeUnlinkMulti+0x148 fffff880`06ff7880 fffff880`01044bc1 : fffffa80`05fd1010 00000000`00000130 fffff8a0`10d84910 fffff8a0`10d84910 : fltmgr!FltpDeleteContextList+0x3c fffff880`06ff78b0 fffff880`01044b7b : fffffa80`05fd1010 fffff8a0`10d84b78 fffffa80`05fd1010 fffff800`030255a0 : fltmgr!CleanupStreamListCtrl+0x21 fffff880`06ff78e0 fffff800`0316f896 : 00000000`00000001 fffff880`012ab0b8 fffff880`06ff79b0 00000000`00000000 : fltmgr!DeleteStreamListCtrlCallback+0x6b fffff880`06ff7910 fffff880`012aabcc : fffff8a0`10d84910 fffffa80`08812040 fffff880`06ff79e8 00000000`00000706 : nt!FsRtlTeardownPerStreamContexts+0xe2 fffff880`06ff7960 fffff880`012aa8d5 : 00000000`00000000 00000000`00000000 fffff800`03025500 00000000`00000001 : Ntfs!NtfsDeleteScb+0x108 fffff880`06ff79a0 fffff880`0121dcb4 : fffff8a0`10d84810 fffff8a0`10d84910 fffff800`03025500 fffff880`06ff7b12 : Ntfs!NtfsRemoveScb+0x61 fffff880`06ff79e0 fffff880`012a82dc : fffff8a0`10d847e0 fffff800`030255a0 fffff880`06ff7b12 fffffa80`07c1e010 : Ntfs!NtfsPrepareFcbForRemoval+0x50 fffff880`06ff7a10 fffff880`01226882 : fffffa80`07c1e010 fffffa80`07c1e010 fffff8a0`10d847e0 00000000`00000000 : Ntfs!NtfsTeardownStructures+0xdc fffff880`06ff7a90 fffff880`012bf813 : fffffa80`07c1e010 fffff800`030255a0 fffff8a0`10d847e0 00000000`00000009 : Ntfs!NtfsDecrementCloseCounts+0xa2 fffff880`06ff7ad0 fffff880`0129938f : fffffa80`07c1e010 fffff8a0`10d84910 fffff8a0`10d847e0 fffffa80`05875180 : Ntfs!NtfsCommonClose+0x353 fffff880`06ff7ba0 fffff800`02e8d961 : 00000000`00000000 fffff880`0116e500 fffffa80`06837901 00000000`00000002 : Ntfs!NtfsFspClose+0x15f fffff880`06ff7c70 fffff800`03124c06 : 00000000`00000000 fffffa80`08812040 00000000`00000080 fffffa80`039dc040 : nt!ExpWorkerThread+0x111 fffff880`06ff7d00 fffff800`02e5ec26 : fffff880`009ea180 fffffa80`08812040 fffff880`009f4fc0 fffff880`01223534 : nt!PspSystemThreadStartup+0x5a fffff880`06ff7d40 00000000`00000000 : fffff880`06ff8000 fffff880`06ff2000 fffff880`06ff79b0 00000000`00000000 : nt!KxStartSystemThread+0x16HhTech

Please run chkdsk C: /r /f."A programmer is just a tool which converts caffeine into code" CLIP- Stellvertreter http://www.winvistaside.de/

You may troubleshoot in Clean Boot Mode. Perform a clean startup to determine whether background programs are interfering with your game or program Please be assure that the antivirus is not enabled in Clean Boot Mode. If the issue persists in Clean Boot Mode, please try to download firmware updates for your BIOS and hard drive. If the issue remains, please check driver signature, rename all unsigned drivers and check the result. To do so, in Start Search box enter sigverif.exe. Then click the start button in “File Signature Verification”. In the result list, please pick up *.sys files, rename one of them and then shut down or restart to check if the issue still occurs. If the issue persists, rename another *.sys file listed in the result of driver signature verifying, and check result again. By doing so we can determine which un-singed driver is the root cause. Arthur Xie TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.com.Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Thanks for the input! I have run the chkdsk command on all internal drives. I have not yet completed the chkdsk on the external drive. I looked in the event veiwer and their was an error message 'Kernal Power' Error 41 - which pointed to drive 8, whick is the external backup drive. I am running a chkdsk on the external drive now. I'll update whaen it finishes. Could the external drive throw this error and make the system crash, or possibly the RAM memory? HhTech

Have you tried to upgrade firmware for your BIOS and hard drive?Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi, I just would like to confirm if you have got the issue resolved.Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

The issue is still happening. I have updated the firmware on the drives and the BIOS. I have run numorus chkdsk scans and sfc /scannow scans. This seems to fix the problem only for a day or 2 then the BSOD comes back again. I have examined the dump files and each time it points to the driver NTSF.sys. Could this be caused by RAM? I have run a memory test and all seems to be ok, but I suspect the RAM because I have used this memory in other servers and had similar issues. Could failing RAM cause this type of action? Thanks!HhTech

test the RAM and also check the HDD with a diagnsotic toolkit from your HDD manufacture."A programmer is just a tool which converts caffeine into code" CLIP- Stellvertreter http://www.winvistaside.de/