BSOD caused by ntoskrnl.exe

slicksax · 06 Aug 2013

Hey guys, as the title says I've been getting BSOD about everyday now. I've tried troubleshooting on my own, but that hasn't worked. BCCode associated with them is either d1 or 9f (not sure if this helps).

I've attached the SF log.

I've run memtest86+ and haven't gotten a failure yet. I keep my laptop virus free. I believe my drivers are up to date.

Setup:
-HP dv6t-3100
-intel i5
-575 HDD
-6 RAM
-ATI Mobility Radeon HD 5470 & Intel HD Graphics

Any help would be great. I will be going to sleep soon (go to work early) but I will be on all day tomorrow.

Thanks!

koolkat77 · 06 Aug 2013

Please uninstall the following software with Revo Uninstaller:

Code:

Start Menu\Programs\Ad-Aware Antivirus
Start Menu\Programs\Auslogics\Disk Defrag
Start Menu\Programs\Glary Utilities 3

Note

Download and install Revo Uninstaller free from here:

Download Revo Uninstaller Freeware

Opt for "Advanced Mode" and uninstall the software (also delete the leftover registry entries).

Norton antivirus is a frequent cause of BSOD's. Uninstall all and any other antivirus software from your system. Please only keep Microsoft Security Essentials & the Free version of Malwarebytes, update and make full scans separately:

Uninstallers (removal tools) for common antivirus software - ESET Knowledgebase

Help protect your PC with Microsoft Security Essentials

Malwarebytes Free

Do not start the trial version of MalwareBytes

You may also take a look at:

Good & Free System Security Combination

Reduce items at start up:

Performing a Clean Startup in Windows 7

Add, or Remove Startup Programs in Windows 7

Antivirus software is basically whats just needed there.

Use the System File Checker tool and Run Disk Check:

Repair Windows 7 System Files with System File Checker

Run Disk Check in Windows 7 for Bad Sectors & Errors

Monitor hardware temperature with system monitoring software like Speccy or HWMonitor:

Piriform - Speccy

CPUID - HWMonitor

Upload a screenshot using:

CrystalDiskInfo

For how to upload a screenshot or file, read here

Test your Hard Drive by running:

Hard Drive Diagnostic Procedure

Install all updates including Service Pack 1 to your system.

Learn how to install Windows 7 Service Pack 1 (SP1)

Bugcheck:

Code:

Microsoft (R) Windows Debugger Version 6.2.9200.20512 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\USER\Downloads\slicksax\SF_06-08-2013\080613-71713-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7600 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7600.17273.amd64fre.win7_gdr.130318-1532
Machine Name:
Kernel base = 0xfffff800`03406000 PsLoadedModuleList = 0xfffff800`03642e70
Debug session time: Wed Aug  7 04:52:35.921 2013 (UTC + 6:00)
System Uptime: 0 days 0:07:27.139
Loading Kernel Symbols
...............................................................
................................................................
.......................................
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 50, {fffff80003c36082, 0, fffff8800a368d83, 2}

*** WARNING: Unable to verify timestamp for SRTSPL64.SYS
*** ERROR: Module load completed but symbols could not be loaded for SRTSPL64.SYS

Could not read faulting driver name
Probably caused by : SRTSPL64.SYS ( SRTSPL64+27d83 )

Followup: MachineOwner
---------

2: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced.  This cannot be protected by try-except,
it must be protected by a Probe.  Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: fffff80003c36082, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff8800a368d83, If non-zero, the instruction address which referenced the bad memory
	address.
Arg4: 0000000000000002, (reserved)

Debugging Details:
------------------


Could not read faulting driver name

READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800036ad0e0
GetUlongFromAddress: unable to read from fffff800036ad198
 fffff80003c36082 Nonpaged pool

FAULTING_IP: 
SRTSPL64+27d83
fffff880`0a368d83 420fb60c08      movzx   ecx,byte ptr [rax+r9]

MM_INTERNAL_CODE:  2

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT

BUGCHECK_STR:  0x50

PROCESS_NAME:  System

CURRENT_IRQL:  0

TRAP_FRAME:  fffff880033af480 -- (.trap 0xfffff880033af480)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffff8800a3b9390 rbx=0000000000000000 rcx=00000000000000d9
rdx=0000000000000050 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8800a368d83 rsp=fffff880033af610 rbp=0000000000000001
 r8=0000000000000441  r9=ffffff7ff987ccf2 r10=fffff8000392c028
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei ng nz na pe cy
SRTSPL64+0x27d83:
fffff880`0a368d83 420fb60c08      movzx   ecx,byte ptr [rax+r9] ds:fffff800`03c36082=??
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff800034f4072 to fffff80003475880

STACK_TEXT:  
fffff880`033af318 fffff800`034f4072 : 00000000`00000050 fffff800`03c36082 00000000`00000000 fffff880`033af480 : nt!KeBugCheckEx
fffff880`033af320 fffff800`0347396e : 00000000`00000000 fffff800`03406000 00000000`00000000 fffff8a0`0735ddf0 : nt! ?? ::FNODOBFM::`string'+0x40440
fffff880`033af480 fffff880`0a368d83 : fffff800`03406000 00000000`00000001 ffffffff`00000040 fffff800`03471070 : nt!KiPageFault+0x16e
fffff880`033af610 fffff800`03406000 : 00000000`00000001 ffffffff`00000040 fffff800`03471070 00000000`00000441 : SRTSPL64+0x27d83
fffff880`033af618 00000000`00000001 : ffffffff`00000040 fffff800`03471070 00000000`00000441 00000000`00000086 : nt!MmIsSessionAddress <PERF> (nt+0x0)
fffff880`033af620 ffffffff`00000040 : fffff800`03471070 00000000`00000441 00000000`00000086 ffffffff`80000d00 : 0x1
fffff880`033af628 fffff800`0347106f : 00000000`00000441 00000000`00000086 ffffffff`80000d00 fffff8a0`0735ddf0 : 0xffffffff`00000040
fffff880`033af630 00000000`00000441 : 00000000`00000086 ffffffff`80000d00 fffff8a0`0735ddf0 fffff8a0`05321ce0 : nt!KiIdleLoop+0x15f
fffff880`033af638 00000000`00000086 : ffffffff`80000d00 fffff8a0`0735ddf0 fffff8a0`05321ce0 fffff880`0a36af49 : 0x441
fffff880`033af640 ffffffff`80000d00 : fffff8a0`0735ddf0 fffff8a0`05321ce0 fffff880`0a36af49 00000000`00000001 : 0x86
fffff880`033af648 fffff8a0`0735ddf0 : fffff8a0`05321ce0 fffff880`0a36af49 00000000`00000001 00000000`00000001 : 0xffffffff`80000d00
fffff880`033af650 fffff8a0`05321ce0 : fffff880`0a36af49 00000000`00000001 00000000`00000001 00000000`00000841 : 0xfffff8a0`0735ddf0
fffff880`033af658 fffff880`0a36af49 : 00000000`00000001 00000000`00000001 00000000`00000841 fffff8a0`00000000 : 0xfffff8a0`05321ce0
fffff880`033af660 00000000`00000001 : 00000000`00000001 00000000`00000841 fffff8a0`00000000 00000006`00000001 : SRTSPL64+0x29f49
fffff880`033af668 00000000`00000001 : 00000000`00000841 fffff8a0`00000000 00000006`00000001 fffffa80`00000001 : 0x1
fffff880`033af670 00000000`00000841 : fffff8a0`00000000 00000006`00000001 fffffa80`00000001 fffff8a0`000000cf : 0x1
fffff880`033af678 fffff8a0`00000000 : 00000006`00000001 fffffa80`00000001 fffff8a0`000000cf 00000000`00000000 : 0x841
fffff880`033af680 00000006`00000001 : fffffa80`00000001 fffff8a0`000000cf 00000000`00000000 00000000`00000000 : 0xfffff8a0`00000000
fffff880`033af688 fffffa80`00000001 : fffff8a0`000000cf 00000000`00000000 00000000`00000000 fffff800`03406000 : 0x00000006`00000001
fffff880`033af690 fffff8a0`000000cf : 00000000`00000000 00000000`00000000 fffff800`03406000 08004000`005da000 : 0xfffffa80`00000001
fffff880`033af698 00000000`00000000 : 00000000`00000000 fffff800`03406000 08004000`005da000 0015007b`00000000 : 0xfffff8a0`000000cf


STACK_COMMAND:  kb

FOLLOWUP_IP: 
SRTSPL64+27d83
fffff880`0a368d83 420fb60c08      movzx   ecx,byte ptr [rax+r9]

SYMBOL_STACK_INDEX:  3

SYMBOL_NAME:  SRTSPL64+27d83

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: SRTSPL64

IMAGE_NAME:  SRTSPL64.SYS

DEBUG_FLR_IMAGE_TIMESTAMP:  4a80e58a

FAILURE_BUCKET_ID:  X64_0x50_SRTSPL64+27d83

BUCKET_ID:  X64_0x50_SRTSPL64+27d83

Followup: MachineOwner
---------

2: kd> lmvm SRTSPL64
start             end                 module name
fffff880`0a341000 fffff880`0a3c3000   SRTSPL64 T (no symbols)           
    Loaded symbol image file: SRTSPL64.SYS
    Image path: \SystemRoot\System32\Drivers\SRTSPL64.SYS
    Image name: SRTSPL64.SYS
    Timestamp:        Tue Aug 11 09:29:14 2009 (4A80E58A)
    CheckSum:         00078723
    ImageSize:        00082000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4

slicksax · 07 Aug 2013

koolkat77, thanks for the response! I uninstalled Symantec, Glary and Disk Defrag. The IT guy at my office uninstalled MSE and installed Symantec because it was "safer". I was running MWB and MSE together before. I was able to use my laptop for a bit this morning fine, but then another blue screen (BCCode: d1). MWB quick scan showed nothing. Kaspersky anti-rootkit showed nothing. I've attached a new SF log.

koolkat77 · 07 Aug 2013

Have you completed the rest of the steps>
And your recent bsods were caused by the same driver from Symantec\Norton.
Please report back once you have completed all steps for further help.

slicksax · 07 Aug 2013

ESET Knowledgebase
-missed this part, ran the Norton uninstall (appears to be running better now)

System File Checker
-sfc /scannow would run to 61% and then stop. This happened 5 times

Disk Check
-found 0 errors

Speccy
-installed, but would crash and not run completely

CrystalDiskInfo
-see attached screenshot
Attachment 280272

Hard Drive Diagnostic
-do not have access to a blank cd, will check when I get home

Windows Service Pack
-tried install in safe mode w/networking, did not work (can't run the update at the moment, but running a lot better)

koolkat77 · 07 Aug 2013

Try this: How to Check / Repair the Windows System Files from a Command Prompt at Boot

slicksax · 08 Aug 2013

So after I left work yesterday, it was able to complete 100%. Since using the ESET tool to remove Symantec completely, my laptop has been running smooth with no BSOD (knock on wood). I would like to think that this is solved. Any other thoughts? If not, thanks for all your help koolkat

koolkat77 · 08 Aug 2013

You're welcome, glad I am able to help.

Please wait for a week before considering as solved.
:)

slicksax · 09 Aug 2013

Welp, spoke too soon. BSOD this morning (BCCode: d1, IQRL_NOT_LESS_OR_EQUAL_TO)...

I've attached the SF Log.

At this point would you recommend a clean reinstall of Windows?

koolkat77 · 09 Aug 2013

Yes maybe.
Can you upload a screenshot of Speccy or HWmonitor