Can't think of a thread title that stands out but TONS of BSOD, help!


  1. MLT
    Posts : 20
    Windows 7 Pro (x64)
       #1

    Can't think of a thread title that stands out but TONS of BSOD, help!


    System is only 2mons old and is now extremely unstable.

    Win 7 Pro x64
    i7 2.8Ghx
    OnBoard Audio
    ATI HD 5750
    Display via HDMI

    OS is Full Retail and clean install. Was installed on new drive. Stability was fine for about a month or so and I can't be certain but seems to crash more after installing Norton 360 (i know i know...) Don't remember it happening too much before that but I think maybe a couple times.

    If I go in or out of sleep or full screen it typically crashes. I don't know if it is a vid driver or Norton or what. I have a feeling I need to clean up my registry but Win 7 won't allow me access to registry or restore. Admin acct is disable and my user login as an Admin but didn't want to blindly edit security policies and increase vulnerability until I got some better advice/direction.

    Attached is Sys Health Report and crash dump files.

    Thanks in advance.
      My Computer


  2. MLT
    Posts : 20
    Windows 7 Pro (x64)
    Thread Starter
       #2

    Oh and I searched this and other forums like crazy to do as much as I could to resolve this before posting and wasting your time for something answered in several other posts.

    I've got malwarebytes and norton installed and system seems clean.

    Thanks in advance for your time.
      My Computer


  3. Posts : 28,845
    Win 8 Release candidate 8400
       #3

    MLT said:
    System is only 2mons old and is now extremely unstable.

    Win 7 Pro x64
    i7 2.8Ghx
    OnBoard Audio
    ATI HD 5750
    Display via HDMI

    OS is Full Retail and clean install. Was installed on new drive. Stability was fine for about a month or so and I can't be certain but seems to crash more after installing Norton 360 (i know i know...) Don't remember it happening too much before that but I think maybe a couple times.

    If I go in or out of sleep or full screen it typically crashes. I don't know if it is a vid driver or Norton or what. I have a feeling I need to clean up my registry but Win 7 won't allow me access to registry or restore. Admin acct is disable and my user login as an Admin but didn't want to blindly edit security policies and increase vulnerability until I got some better advice/direction.

    Attached is Sys Health Report and crash dump files.

    Thanks in advance.
    They are all over the map and you have made many changes so I just analyzed the newest. It was caused by Symantec

    Code:
    Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
    Copyright (c) Microsoft Corporation. All rights reserved.
    
    
    Loading Dump File [C:\Users\K\Desktop\Windows_NT6_BSOD_jcgriff2\011911-38438-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available
    
    Symbol search path is: SRV*C:\Symbols*http://msdl.microsoft.com/download/symbols;srv*e:\symbols
    *http://msdl.microsoft.com/download/symbols
    Executable search path is: 
    Windows 7 Kernel Version 7600 MP (8 procs) Free x64
    Product: WinNt, suite: TerminalServer SingleUserTS
    Built by: 7600.16617.amd64fre.win7_gdr.100618-1621
    Machine Name:
    Kernel base = 0xfffff800`03465000 PsLoadedModuleList = 0xfffff800`036a2e50
    Debug session time: Wed Jan 19 18:55:18.727 2011 (GMT-5)
    System Uptime: 0 days 16:02:31.788
    Loading Kernel Symbols
    .
    
    Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
    Run !sym noisy before .reload to track down problems loading symbols.
    
    ..............................................................
    ................................................................
    ...................................
    Loading User Symbols
    Loading unloaded module list
    .......
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    Use !analyze -v to get detailed debugging information.
    
    BugCheck A, {0, 2, 0, fffff800034f52b3}
    
    Unable to load image \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20110114.001\BHDrvx64.sys, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for BHDrvx64.sys
    *** ERROR: Module load completed but symbols could not be loaded for BHDrvx64.sys
    Probably caused by : BHDrvx64.sys ( BHDrvx64+2be80 )
    
    Followup: MachineOwner
    ---------
    
    2: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    IRQL_NOT_LESS_OR_EQUAL (a)
    An attempt was made to access a pageable (or completely invalid) address at an
    interrupt request level (IRQL) that is too high.  This is usually
    caused by drivers using improper addresses.
    If a kernel debugger is available get the stack backtrace.
    Arguments:
    Arg1: 0000000000000000, memory referenced
    Arg2: 0000000000000002, IRQL
    Arg3: 0000000000000000, bitfield :
        bit 0 : value 0 = read operation, 1 = write operation
        bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
    Arg4: fffff800034f52b3, address which referenced memory
    
    Debugging Details:
    ------------------
    
    
    READ_ADDRESS: GetPointerFromAddress: unable to read from fffff8000370d0e0
     0000000000000000 
    
    CURRENT_IRQL:  2
    
    FAULTING_IP: 
    nt!IopCompleteRequest+ae3
    fffff800`034f52b3 488b09          mov     rcx,qword ptr [rcx]
    
    CUSTOMER_CRASH_COUNT:  1
    
    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
    
    BUGCHECK_STR:  0xA
    
    PROCESS_NAME:  WerFault.exe
    
    IRP_ADDRESS:  ffffffffffffff89
    
    TRAP_FRAME:  fffff8800986f0a0 -- (.trap 0xfffff8800986f0a0)
    NOTE: The trap frame does not contain all registers.
    Some register values may be zeroed or incorrect.
    rax=fffff8800986f428 rbx=0000000000000000 rcx=0000000000000000
    rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
    rip=fffff800034f52b3 rsp=fffff8800986f230 rbp=fffff8800986f380
     r8=fffffa8007949580  r9=fffff8800986f330 r10=0000000000000002
    r11=fffffa800794c910 r12=0000000000000000 r13=0000000000000000
    r14=0000000000000000 r15=0000000000000000
    iopl=0         nv up ei pl nz ac po cy
    nt!IopCompleteRequest+0xae3:
    fffff800`034f52b3 488b09          mov     rcx,qword ptr [rcx] ds:ec90:00000000`00000000=????????????????
    Resetting default scope
    
    LAST_CONTROL_TRANSFER:  from fffff800034d4ca9 to fffff800034d5740
    
    STACK_TEXT:  
    fffff880`0986ef58 fffff800`034d4ca9 : 00000000`0000000a 00000000`00000000 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
    fffff880`0986ef60 fffff800`034d3920 : fffffa80`079b7b60 fffffa80`07c40460 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
    fffff880`0986f0a0 fffff800`034f52b3 : fffffa80`079d1630 fffff680`0000dbf8 00000000`0000005c fffff800`03609646 : nt!KiPageFault+0x260
    fffff880`0986f230 fffff800`034b20c7 : 00000000`00000001 fffff800`034b4e05 fffff8a0`0050ba00 00000000`00000000 : nt!IopCompleteRequest+0xae3
    fffff880`0986f300 fffff800`034b2487 : fffff8a0`02d74270 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDeliverApc+0x1d7
    fffff880`0986f380 fffff880`04915e80 : 00000000`00000003 fffff880`0111121f fffffa80`0644d790 fffff8a0`108c0cb0 : nt!KiApcInterrupt+0xd7
    fffff880`0986f510 00000000`00000003 : fffff880`0111121f fffffa80`0644d790 fffff8a0`108c0cb0 fffff8a0`02ba2070 : BHDrvx64+0x2be80
    fffff880`0986f518 fffff880`0111121f : fffffa80`0644d790 fffff8a0`108c0cb0 fffff8a0`02ba2070 fffff8a0`02b9d018 : 0x3
    fffff880`0986f520 fffff880`04909d30 : 00000003`00000000 fffff8a0`02d74270 00000000`00000000 fffffa80`07b320d0 : fltmgr!FltAcquirePushLockExclusive+0xf
    fffff880`0986f550 00000003`00000000 : fffff8a0`02d74270 00000000`00000000 fffffa80`07b320d0 fffff800`03684748 : BHDrvx64+0x1fd30
    fffff880`0986f558 fffff8a0`02d74270 : 00000000`00000000 fffffa80`07b320d0 fffff800`03684748 fffff880`0986f6f0 : 0x3`00000000
    fffff880`0986f560 00000000`00000000 : fffffa80`07b320d0 fffff800`03684748 fffff880`0986f6f0 fffff8a0`02d74270 : 0xfffff8a0`02d74270
    
    
    STACK_COMMAND:  kb
    
    FOLLOWUP_IP: 
    BHDrvx64+2be80
    fffff880`04915e80 ??              ???
    
    SYMBOL_STACK_INDEX:  6
    
    SYMBOL_NAME:  BHDrvx64+2be80
    
    FOLLOWUP_NAME:  MachineOwner
    
    MODULE_NAME: BHDrvx64
    
    IMAGE_NAME:  BHDrvx64.sys
    
    DEBUG_FLR_IMAGE_TIMESTAMP:  4ce1be27
    
    FAILURE_BUCKET_ID:  X64_0xA_BHDrvx64+2be80
    
    BUCKET_ID:  X64_0xA_BHDrvx64+2be80
    
    Followup: MachineOwner
    ---------
    
    2: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    IRQL_NOT_LESS_OR_EQUAL (a)
    An attempt was made to access a pageable (or completely invalid) address at an
    interrupt request level (IRQL) that is too high.  This is usually
    caused by drivers using improper addresses.
    If a kernel debugger is available get the stack backtrace.
    Arguments:
    Arg1: 0000000000000000, memory referenced
    Arg2: 0000000000000002, IRQL
    Arg3: 0000000000000000, bitfield :
        bit 0 : value 0 = read operation, 1 = write operation
        bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
    Arg4: fffff800034f52b3, address which referenced memory
    
    Debugging Details:
    ------------------
    
    
    READ_ADDRESS:  0000000000000000 
    
    CURRENT_IRQL:  2
    
    FAULTING_IP: 
    nt!IopCompleteRequest+ae3
    fffff800`034f52b3 488b09          mov     rcx,qword ptr [rcx]
    
    CUSTOMER_CRASH_COUNT:  1
    
    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
    
    BUGCHECK_STR:  0xA
    
    PROCESS_NAME:  WerFault.exe
    
    IRP_ADDRESS:  ffffffffffffff89
    
    TRAP_FRAME:  fffff8800986f0a0 -- (.trap 0xfffff8800986f0a0)
    NOTE: The trap frame does not contain all registers.
    Some register values may be zeroed or incorrect.
    rax=fffff8800986f428 rbx=0000000000000000 rcx=0000000000000000
    rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
    rip=fffff800034f52b3 rsp=fffff8800986f230 rbp=fffff8800986f380
     r8=fffffa8007949580  r9=fffff8800986f330 r10=0000000000000002
    r11=fffffa800794c910 r12=0000000000000000 r13=0000000000000000
    r14=0000000000000000 r15=0000000000000000
    iopl=0         nv up ei pl nz ac po cy
    nt!IopCompleteRequest+0xae3:
    fffff800`034f52b3 488b09          mov     rcx,qword ptr [rcx] ds:ec90:00000000`00000000=????????????????
    Resetting default scope
    
    LAST_CONTROL_TRANSFER:  from fffff800034d4ca9 to fffff800034d5740
    
    STACK_TEXT:  
    fffff880`0986ef58 fffff800`034d4ca9 : 00000000`0000000a 00000000`00000000 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
    fffff880`0986ef60 fffff800`034d3920 : fffffa80`079b7b60 fffffa80`07c40460 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
    fffff880`0986f0a0 fffff800`034f52b3 : fffffa80`079d1630 fffff680`0000dbf8 00000000`0000005c fffff800`03609646 : nt!KiPageFault+0x260
    fffff880`0986f230 fffff800`034b20c7 : 00000000`00000001 fffff800`034b4e05 fffff8a0`0050ba00 00000000`00000000 : nt!IopCompleteRequest+0xae3
    fffff880`0986f300 fffff800`034b2487 : fffff8a0`02d74270 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDeliverApc+0x1d7
    fffff880`0986f380 fffff880`04915e80 : 00000000`00000003 fffff880`0111121f fffffa80`0644d790 fffff8a0`108c0cb0 : nt!KiApcInterrupt+0xd7
    fffff880`0986f510 00000000`00000003 : fffff880`0111121f fffffa80`0644d790 fffff8a0`108c0cb0 fffff8a0`02ba2070 : BHDrvx64+0x2be80
    fffff880`0986f518 fffff880`0111121f : fffffa80`0644d790 fffff8a0`108c0cb0 fffff8a0`02ba2070 fffff8a0`02b9d018 : 0x3
    fffff880`0986f520 fffff880`04909d30 : 00000003`00000000 fffff8a0`02d74270 00000000`00000000 fffffa80`07b320d0 : fltmgr!FltAcquirePushLockExclusive+0xf
    fffff880`0986f550 00000003`00000000 : fffff8a0`02d74270 00000000`00000000 fffffa80`07b320d0 fffff800`03684748 : BHDrvx64+0x1fd30
    fffff880`0986f558 fffff8a0`02d74270 : 00000000`00000000 fffffa80`07b320d0 fffff800`03684748 fffff880`0986f6f0 : 0x3`00000000
    fffff880`0986f560 00000000`00000000 : fffffa80`07b320d0 fffff800`03684748 fffff880`0986f6f0 fffff8a0`02d74270 : 0xfffff8a0`02d74270
    
    
    STACK_COMMAND:  kb
    
    FOLLOWUP_IP: 
    BHDrvx64+2be80
    fffff880`04915e80 ??              ???
    
    SYMBOL_STACK_INDEX:  6
    
    SYMBOL_NAME:  BHDrvx64+2be80
    
    FOLLOWUP_NAME:  MachineOwner
    
    MODULE_NAME: BHDrvx64
    
    IMAGE_NAME:  BHDrvx64.sys
    
    DEBUG_FLR_IMAGE_TIMESTAMP:  4ce1be27
    
    FAILURE_BUCKET_ID:  X64_0xA_BHDrvx64+2be80
    
    BUCKET_ID:  X64_0xA_BHDrvx64+2be80
    
    Followup: MachineOwner
    ---------
    Remove and replace with Microsoft Security Essentials

    Download and run the Norton Removal Tool to uninstall your Norton product | Norton Support

    http://www.microsoft.com/security_essentials/


    I would also run memtest since most of these are memory exceptions

    Download a copy of Memtest86 and burn the ISO to a CD using Iso Recorder or another ISO burning program. Boot from the CD, and leave it running for at least 5 or 6 passes.


    Just remember, any time Memtest reports errors, it can be either bad RAM or a bad motherboard slot. Test the sticks individually, and if you find a good one, test it in all slots.

      My Computer


  4. MLT
    Posts : 20
    Windows 7 Pro (x64)
    Thread Starter
       #4

    Ok I will give that a shot. I wonder if you would mind analyzing any of the others. I scanned through them and didn't see Symantec or Norton in any of the others. Just the most recent. Please look at any from 1/14 to current if you have time.

    I ran Windows memory diagnostic (set it to run on boot from safe) and came back with no problems. Do you think it is still worth scanning w/ the memtest tool you mentioned?

    Will I lose any security by switching to MS? I will still have active AV protection?

    Thank you so much for taking the time to reply to my post, I really appreciate it.

    MLT
      My Computer


  5. MLT
    Posts : 20
    Windows 7 Pro (x64)
    Thread Starter
       #5

    Bumping this to the top because I am getting constant BSOD now and haven't even been able to boot to collect more recent dmp files to post. The ones I looked at all seem to be cause by different things...? Can someone please look at these and tell me if they see something that could be causing the crashes?

    Thanks in advance
    Last edited by MLT; 02 Feb 2011 at 23:49.
      My Computer


  6. MLT
    Posts : 20
    Windows 7 Pro (x64)
    Thread Starter
       #6

    oh yeah, I have since uninstalled Norton and run memtest, no errors and no change - if anything crashes are more frequent so couldn't be related to Norton (used removal tool)
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 17:29.
Find Us