Windows 7: BSOD: Software (Isys) Causing Issue?

John23 · 22 Jul 2010

New Systems just deployed to users
Dell Optiplex 960
Windows 7 Buisness X64
Intel Core 2 Duo E8400 Wolfdale 3.0GHz
8 GB Ram
HDD 80 GB
ATI Radeon HD 3450

Have multiple machines with same specs and same base image. Systems with Isys (Search Software) are having BSOD issue.

Used the the Debugger and received some of the following below.

HTML Code:

icrosoft (R) Windows Debugger Version 6.12.0002.633 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Documents and Settings\jrobinson\Desktop\072110-31371-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7600 MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16385.amd64fre.win7_rtm.090713-1255
Machine Name:
Kernel base = 0xfffff800`0285d000 PsLoadedModuleList = 0xfffff800`02a9ae50
Debug session time: Wed Jul 21 14:07:11.625 2010 (UTC - 4:00)
System Uptime: 0 days 2:54:52.155
Loading Kernel Symbols
...............................................................
................................................................
..................................................
Loading User Symbols
Loading unloaded module list
...........
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 3B, {80000003, fffff800028c6f40, fffff88007a0fe50, 0}

Probably caused by : ntkrnlmp.exe ( nt!KiSystemServiceHandler+7c )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 0000000080000003, Exception code that caused the bugcheck
Arg2: fffff800028c6f40, Address of the instruction which caused the bugcheck
Arg3: fffff88007a0fe50, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.

Debugging Details:
------------------


EXCEPTION_CODE: (HRESULT) 0x80000003 (2147483651) - One or more arguments are invalid

FAULTING_IP: 
nt!DbgBreakPoint+0
fffff800`028c6f40 cc              int     3

CONTEXT:  fffff88007a0fe50 -- (.cxr 0xfffff88007a0fe50)
rax=fffff8000297e6d0 rbx=fffffa80093f3540 rcx=fffff88005bd0860
rdx=fffffa80093f3540 rsi=0000000000000000 rdi=fffffa80093f3540
rip=fffff800028c6f40 rsp=fffff88007a10838 rbp=0000000000000000
 r8=0000000000000000  r9=0000000000000000 r10=fffff80002a487c0
r11=fffffa8009826b60 r12=0000000000000000 r13=0000000000000000
r14=fffffa80093f3540 r15=0000000000000001
iopl=0         nv up ei ng nz na pe nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00000282
nt!DbgBreakPoint:
fffff800`028c6f40 cc              int     3
Resetting default scope

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0x3B

PROCESS_NAME:  IQW.EXE

CURRENT_IRQL:  2

LAST_CONTROL_TRANSFER:  from 0000000000000000 to fffff800028c6f40

STACK_TEXT:  
fffff880`07a0f588 fffff800`028ce469 : 00000000`0000003b 00000000`80000003 fffff800`028c6f40 fffff880`07a0fe50 : nt!KeBugCheckEx
fffff880`07a0f590 fffff800`028cddbc : fffff880`07a105f8 fffff880`07a0fe50 00000000`00000000 fffff800`028fd450 : nt!KiBugCheckDispatch+0x69
fffff880`07a0f6d0 fffff800`028f4bed : fffff800`02aee464 fffff800`02a2cef4 fffff800`0285d000 fffff880`07a105f8 : nt!KiSystemServiceHandler+0x7c
fffff880`07a0f710 fffff800`028fc250 : fffff800`02a1d1e8 fffff880`07a0f788 fffff880`07a105f8 fffff800`0285d000 : nt!RtlpExecuteHandlerForException+0xd
fffff880`07a0f740 fffff800`029091b5 : fffff880`07a105f8 fffff880`07a0fe50 fffff880`00000000 fffffa80`00000005 : nt!RtlDispatchException+0x410
fffff880`07a0fe20 fffff800`028ce542 : fffff880`07a105f8 fffffa80`093f3540 fffff880`07a106a0 00000000`00000000 : nt!KiDispatchException+0x135
fffff880`07a104c0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiExceptionDispatch+0xc2


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt!KiSystemServiceHandler+7c
fffff800`028cddbc b801000000      mov     eax,1

SYMBOL_STACK_INDEX:  2

SYMBOL_NAME:  nt!KiSystemServiceHandler+7c

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  4a5bc600

FAILURE_BUCKET_ID:  X64_0x3B_nt!KiSystemServiceHandler+7c

BUCKET_ID:  X64_0x3B_nt!KiSystemServiceHandler+7c

Followup: MachineOwner
---------

Capt.Jack Sparrow · 22 Jul 2010

Hello,

Please post us the Dump Files http://www.sevenforums.com/crashes-d...tructions.html

- Captain

Capt.Jack Sparrow · 22 Jul 2010

Hello,

The Dump files unfortunately didn't help much. But few thing i would point to is out-dated driver the main reason to crash the System. Update them.

Code:

PBADRV64.sys Tue Jan 08 00:42:13 2008
dfmirage.sys Sat Jan 12 02:34:26 2008

Uninstall Symantec seems like something is causing trouble to it. Make sure you run the Cleanup Tool to clean the left over entries.

The crash has happen when IQW.EXE is running. From google few of them says it Trojan few says it from Company ISYS so if you don't have any program from ISYS then run Malwarebytes and do a complete system scan.

Hope this helps,
Captain

John23 · 23 Jul 2010

Quote: Originally Posted by Capt.Jack Sparrow

Hello,

The Dump files unfortunately didn't help much. But few thing i would point to is out-dated driver the main reason to crash the System. Update them.

Code:

PBADRV64.sys Tue Jan 08 00:42:13 2008
dfmirage.sys Sat Jan 12 02:34:26 2008

Uninstall Symantec seems like something is causing trouble to it. Make sure you run the Cleanup Tool to clean the left over entries.
Captain

Is symantec not going to work with Isys, a search program we have, or may there be a way to install symantec in a way that Isys would work?

Also what driver is pbadrv64.sys pointing to? Google search is coming up mostly empty.

Capt.Jack Sparrow · 23 Jul 2010

If it's a search Program then you can leave it alone. Regarding the Symantec uninstall it and see how it goes if the system is stable then you know what i causing it. pbadrv64.sys belongs to DLS_Dell_Smartcard

- Captain

**cluberti** · 23 Jul 2010

In looking at the dump for a bit, it looks like the IQW.EXE process is terminating when the crash occurs. You've got unloaded virus def files, so I think Captain Jack is onto something here:

Code:

1: kd> lmvm EX64
start             end                 module name
fffff880`03c10000 fffff880`03dca000   EX64       (deferred)             
    Image path: \??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20100721.002\EX64.SYS
    Image name: EX64.SYS
    Timestamp:        Thu Jul 01 14:19:15 2010 (4C2CDC23)
    CheckSum:         001B81CB
    ImageSize:        001BA000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4

1: kd> lmvm SYMEVENT64x86
start             end                 module name
fffff880`03dca000 fffff880`03e00000   SYMEVENT64x86   (deferred)             
    Image path: \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
    Image name: SYMEVENT64x86.SYS
    Timestamp:        Wed Jun 24 16:19:12 2009 (4A428A40)
    CheckSum:         0002B2E0
    ImageSize:        00036000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4

I would suggest upgrading the engine too for Symantec when (or if, maybe) you reinstall it. Updates to the Symantec engine can be found here, for reference (the page on how to update symevent files that this was gathered from is here). The latest version is 12.5.3.2, and it's very recent. Yours is older, so upgrading that is always a good idea when symevent is involved. I would agree though, testing without Symantec installed (at all) is your best bet - if IQW still crashes, let's get more dumps.

John23 · 27 Jul 2010

thanks for all your help guys, after updating the appropriate drivers and updating the engine it crashed on me.....i uninstalled symantec and it has yet to crash but i dont think we can afford not using this antivirus

Jonathan_King · 27 Jul 2010

Be sure to use Microsoft Security Essentials as your anti-virus.

www.microsoft.com/Security_Essentials/

CarlTR6 · 27 Jul 2010

John, Symantec is a known cause of crashes on some Win 7 systems. Take Jonathan's advice and install MSE. Also make sure Windows Firewall is turned on. Most 3rd party security suites, antivirus programs and firewalls have problems with Win 7, at least on some systems.

John23 · 28 Jul 2010

thanks for the tips, isys is not supported by win 7 ....i will try without symantec

Windows 7: BSOD: Software (Isys) Causing Issue?

BSOD: Software (Isys) Causing Issue? problems?