System is only 2mons old and is now extremely unstable.
Win 7 Pro x64
i7 2.8Ghx
OnBoard Audio
ATI HD 5750
Display via HDMI
OS is Full Retail and clean install. Was installed on new drive. Stability was fine for about a month or so and I can't be certain but seems to crash more after installing Norton 360 (i know i know...) Don't remember it happening too much before that but I think maybe a couple times.
If I go in or out of sleep or full screen it typically crashes. I don't know if it is a vid driver or Norton or what. I have a feeling I need to clean up my registry but Win 7 won't allow me access to registry or restore. Admin acct is disable and my user login as an Admin but didn't want to blindly edit security policies and increase vulnerability until I got some better advice/direction.
Attached is Sys Health Report and crash dump files.
Thanks in advance.
They are all over the map and you have made many changes so I just analyzed the newest. It was caused by Symantec
Code:
Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\K\Desktop\Windows_NT6_BSOD_jcgriff2\011911-38438-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*C:\Symbols*http://msdl.microsoft.com/download/symbols;srv*e:\symbols
*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16617.amd64fre.win7_gdr.100618-1621
Machine Name:
Kernel base = 0xfffff800`03465000 PsLoadedModuleList = 0xfffff800`036a2e50
Debug session time: Wed Jan 19 18:55:18.727 2011 (GMT-5)
System Uptime: 0 days 16:02:31.788
Loading Kernel Symbols
.
Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
Run !sym noisy before .reload to track down problems loading symbols.
..............................................................
................................................................
...................................
Loading User Symbols
Loading unloaded module list
.......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck A, {0, 2, 0, fffff800034f52b3}
Unable to load image \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20110114.001\BHDrvx64.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for BHDrvx64.sys
*** ERROR: Module load completed but symbols could not be loaded for BHDrvx64.sys
Probably caused by : BHDrvx64.sys ( BHDrvx64+2be80 )
Followup: MachineOwner
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0000000000000000, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff800034f52b3, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff8000370d0e0
0000000000000000
CURRENT_IRQL: 2
FAULTING_IP:
nt!IopCompleteRequest+ae3
fffff800`034f52b3 488b09 mov rcx,qword ptr [rcx]
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: WerFault.exe
IRP_ADDRESS: ffffffffffffff89
TRAP_FRAME: fffff8800986f0a0 -- (.trap 0xfffff8800986f0a0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffff8800986f428 rbx=0000000000000000 rcx=0000000000000000
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff800034f52b3 rsp=fffff8800986f230 rbp=fffff8800986f380
r8=fffffa8007949580 r9=fffff8800986f330 r10=0000000000000002
r11=fffffa800794c910 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz ac po cy
nt!IopCompleteRequest+0xae3:
fffff800`034f52b3 488b09 mov rcx,qword ptr [rcx] ds:ec90:00000000`00000000=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff800034d4ca9 to fffff800034d5740
STACK_TEXT:
fffff880`0986ef58 fffff800`034d4ca9 : 00000000`0000000a 00000000`00000000 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff880`0986ef60 fffff800`034d3920 : fffffa80`079b7b60 fffffa80`07c40460 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
fffff880`0986f0a0 fffff800`034f52b3 : fffffa80`079d1630 fffff680`0000dbf8 00000000`0000005c fffff800`03609646 : nt!KiPageFault+0x260
fffff880`0986f230 fffff800`034b20c7 : 00000000`00000001 fffff800`034b4e05 fffff8a0`0050ba00 00000000`00000000 : nt!IopCompleteRequest+0xae3
fffff880`0986f300 fffff800`034b2487 : fffff8a0`02d74270 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDeliverApc+0x1d7
fffff880`0986f380 fffff880`04915e80 : 00000000`00000003 fffff880`0111121f fffffa80`0644d790 fffff8a0`108c0cb0 : nt!KiApcInterrupt+0xd7
fffff880`0986f510 00000000`00000003 : fffff880`0111121f fffffa80`0644d790 fffff8a0`108c0cb0 fffff8a0`02ba2070 : BHDrvx64+0x2be80
fffff880`0986f518 fffff880`0111121f : fffffa80`0644d790 fffff8a0`108c0cb0 fffff8a0`02ba2070 fffff8a0`02b9d018 : 0x3
fffff880`0986f520 fffff880`04909d30 : 00000003`00000000 fffff8a0`02d74270 00000000`00000000 fffffa80`07b320d0 : fltmgr!FltAcquirePushLockExclusive+0xf
fffff880`0986f550 00000003`00000000 : fffff8a0`02d74270 00000000`00000000 fffffa80`07b320d0 fffff800`03684748 : BHDrvx64+0x1fd30
fffff880`0986f558 fffff8a0`02d74270 : 00000000`00000000 fffffa80`07b320d0 fffff800`03684748 fffff880`0986f6f0 : 0x3`00000000
fffff880`0986f560 00000000`00000000 : fffffa80`07b320d0 fffff800`03684748 fffff880`0986f6f0 fffff8a0`02d74270 : 0xfffff8a0`02d74270
STACK_COMMAND: kb
FOLLOWUP_IP:
BHDrvx64+2be80
fffff880`04915e80 ?? ???
SYMBOL_STACK_INDEX: 6
SYMBOL_NAME: BHDrvx64+2be80
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: BHDrvx64
IMAGE_NAME: BHDrvx64.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4ce1be27
FAILURE_BUCKET_ID: X64_0xA_BHDrvx64+2be80
BUCKET_ID: X64_0xA_BHDrvx64+2be80
Followup: MachineOwner
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0000000000000000, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff800034f52b3, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: 0000000000000000
CURRENT_IRQL: 2
FAULTING_IP:
nt!IopCompleteRequest+ae3
fffff800`034f52b3 488b09 mov rcx,qword ptr [rcx]
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: WerFault.exe
IRP_ADDRESS: ffffffffffffff89
TRAP_FRAME: fffff8800986f0a0 -- (.trap 0xfffff8800986f0a0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffff8800986f428 rbx=0000000000000000 rcx=0000000000000000
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff800034f52b3 rsp=fffff8800986f230 rbp=fffff8800986f380
r8=fffffa8007949580 r9=fffff8800986f330 r10=0000000000000002
r11=fffffa800794c910 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz ac po cy
nt!IopCompleteRequest+0xae3:
fffff800`034f52b3 488b09 mov rcx,qword ptr [rcx] ds:ec90:00000000`00000000=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff800034d4ca9 to fffff800034d5740
STACK_TEXT:
fffff880`0986ef58 fffff800`034d4ca9 : 00000000`0000000a 00000000`00000000 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff880`0986ef60 fffff800`034d3920 : fffffa80`079b7b60 fffffa80`07c40460 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
fffff880`0986f0a0 fffff800`034f52b3 : fffffa80`079d1630 fffff680`0000dbf8 00000000`0000005c fffff800`03609646 : nt!KiPageFault+0x260
fffff880`0986f230 fffff800`034b20c7 : 00000000`00000001 fffff800`034b4e05 fffff8a0`0050ba00 00000000`00000000 : nt!IopCompleteRequest+0xae3
fffff880`0986f300 fffff800`034b2487 : fffff8a0`02d74270 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDeliverApc+0x1d7
fffff880`0986f380 fffff880`04915e80 : 00000000`00000003 fffff880`0111121f fffffa80`0644d790 fffff8a0`108c0cb0 : nt!KiApcInterrupt+0xd7
fffff880`0986f510 00000000`00000003 : fffff880`0111121f fffffa80`0644d790 fffff8a0`108c0cb0 fffff8a0`02ba2070 : BHDrvx64+0x2be80
fffff880`0986f518 fffff880`0111121f : fffffa80`0644d790 fffff8a0`108c0cb0 fffff8a0`02ba2070 fffff8a0`02b9d018 : 0x3
fffff880`0986f520 fffff880`04909d30 : 00000003`00000000 fffff8a0`02d74270 00000000`00000000 fffffa80`07b320d0 : fltmgr!FltAcquirePushLockExclusive+0xf
fffff880`0986f550 00000003`00000000 : fffff8a0`02d74270 00000000`00000000 fffffa80`07b320d0 fffff800`03684748 : BHDrvx64+0x1fd30
fffff880`0986f558 fffff8a0`02d74270 : 00000000`00000000 fffffa80`07b320d0 fffff800`03684748 fffff880`0986f6f0 : 0x3`00000000
fffff880`0986f560 00000000`00000000 : fffffa80`07b320d0 fffff800`03684748 fffff880`0986f6f0 fffff8a0`02d74270 : 0xfffff8a0`02d74270
STACK_COMMAND: kb
FOLLOWUP_IP:
BHDrvx64+2be80
fffff880`04915e80 ?? ???
SYMBOL_STACK_INDEX: 6
SYMBOL_NAME: BHDrvx64+2be80
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: BHDrvx64
IMAGE_NAME: BHDrvx64.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4ce1be27
FAILURE_BUCKET_ID: X64_0xA_BHDrvx64+2be80
BUCKET_ID: X64_0xA_BHDrvx64+2be80
Followup: MachineOwner
---------
Remove and replace with Microsoft Security Essentials
Download and run the Norton Removal Tool to uninstall your Norton product | Norton Support
http://www.microsoft.com/security_essentials/
I would also run memtest since most of these are memory exceptions
Download a copy of Memtest86 and burn the ISO to a CD using Iso Recorder or another ISO burning program. Boot from the CD, and leave it running for at least 5 or 6 passes.
Just remember, any time Memtest reports errors, it can be either bad RAM or a bad motherboard slot. Test the sticks individually, and if you find a good one, test it in all slots.