BSOD at random times doing random things


  1. Posts : 5
    Microsoft Windows 7 Professional 64-bit 7601 Multiprocessor Free Service Pack 1
       #1

    BSOD at random times doing random things


    My system has been extremely unstable since the last Windows updates about a week ago. Kaspersky Internet Security stops and restarts. Firefox, Outlook, World of Warcraft,etc crashing frequently. BSOD several times a day. I come to my desk and the logon screen is often there indicating the system crashed and rebooted while I was out.

    This is very atypical for my system. I often go weeks without rebooting or having any program crash. I have noticed two error messages in the BSOD. One was memory management and the other was bad pool header. I suspect there have been others, but I'm not present every time Windows crashes.

    Win7 Pro 64bit retail original OS on this system. I built this system about 6 months ago and it's been running very well until a week or so ago. Suggestions gratefully accepted.
      My Computer


  2. Posts : 5,705
    Win7 x64 + x86
       #2

    One of the memory dumps in the WER section of MSINFO32 blames Kaspersky (as do 2 of the 9 memory dumps). Please do the following:
    Anti-Virus Removal:
    Please do the following:
    - download a free antivirus for testing purposes: Free AntiVirus
    - uninstall the antivirus software from your system (you can reinstall it, if so desired, when we're done troubleshooting)
    - remove any remnants of the antivirus software using one of these free tools: Antivirus Uninstallers
    - IMMEDIATELY install and update the free antivirus
    - check to see if this fixes the BSOD's
    NOTE: NEVER run more than 1 anti-virus, firewall, Internet Security/Security Center application at the same time.
    Older versions of Acronis are known to cause BSOD's on Win7 systems also. Your copy has drivers that date from 2007. As such you MUST uninstall it.

    In the table below is a list of drivers. Please update or remove the programs associated with any drivers dated from 2009 or earlier. Below the table is a list of links to more information about the drivers (it'll help you find out what programs belong to the drivers in question).

    If all of that doesn't fix it, then please run Driver Verifier according to these instructions: Driver Verifier Settings

    The following info is just FYI, I've already addressed the issues that I saw in the above paragraphs

    - Further info on BSOD error messages available at: http://www.carrona.org/bsodindx.html
    - Info on how to troubleshoot BSOD's (DRAFT): http://www.carrona.org/userbsod.html
    - How I do it: http://www.carrona.org/howidoit.html

    3RD PARTY DRIVERS PRESENT IN THE DUMP FILES
    Code:
    
    HECIx64.sys      Tue Oct 19 19:33:43 2010 (4CBE2AD7)
    LGBusEnum.sys    Mon Nov 23 20:36:48 2009 (4B0B38B0)
    LGVirHid.sys     Mon Nov 23 20:36:48 2009 (4B0B38B0)
    PROCEXP152.SYS   Sat Jun 16 17:21:56 2012 (4FDCF8F4)
    RTKVHD64.sys     Tue Nov 02 07:25:59 2010 (4CCFF547)
    WSDPrint.sys     Mon Jul 13 20:39:20 2009 (4A5BD3B8)
    amdxata.sys      Fri Mar 19 12:18:18 2010 (4BA3A3CA)
    dump_iaStor.sys  Tue Apr 26 14:06:18 2011 (4DB7099A)
    e1c62x64.sys     Tue Sep 21 17:34:15 2010 (4C9924D7)
    iaStor.sys       Tue Apr 26 14:06:18 2011 (4DB7099A)
    jraid.sys        Tue Aug 10 05:28:44 2010 (4C611BCC)
    kl1.sys          Fri Mar 04 04:20:03 2011 (4D70AEC3)
    kl2.sys          Fri Mar 04 04:17:31 2011 (4D70AE2B)
    klif.sys         Wed Apr 20 06:34:31 2011 (4DAEB6B7)
    klim6.sys        Thu Mar 10 09:36:02 2011 (4D78E1D2)
    klmouflt.sys     Mon Nov 02 11:26:06 2009 (4AEF081E)
    ladfGSCamd64.sys Mon Apr 11 14:41:01 2011 (4DA34B3D)
    ladfGSRamd64.sys Mon Apr 11 14:41:07 2011 (4DA34B43)
    nusb3hub.sys     Thu Dec 09 23:50:35 2010 (4D01B19B)
    nusb3xhc.sys     Thu Dec 09 23:50:35 2010 (4D01B19B)
    nvBridge.kmd     Fri May 20 23:58:23 2011 (4DD7385F)
    nvlddmkm.sys     Thu Feb 09 21:02:58 2012 (4F347AD2)
    snapman.sys      Thu Nov 22 03:19:33 2007 (47453B95)
    tdrpman.sys      Mon Nov 12 08:36:33 2007 (473856E1)
    tifsfilt.sys     Wed Aug 29 08:37:29 2007 (46D56889)
    timntr.sys       Wed Aug 29 08:38:23 2007 (46D568BF)
    
    http://www.carrona.org/drivers/driver.php?id=HECIx64.sys
    http://www.carrona.org/drivers/driver.php?id=LGBusEnum.sys
    http://www.carrona.org/drivers/driver.php?id=LGVirHid.sys
    http://www.carrona.org/drivers/driver.php?id=PROCEXP152.SYS
    http://www.carrona.org/drivers/driver.php?id=RTKVHD64.sys
    http://www.carrona.org/drivers/driver.php?id=WSDPrint.sys
    http://www.carrona.org/drivers/driver.php?id=amdxata.sys
    http://www.carrona.org/drivers/driver.php?id=dump_iaStor.sys
    http://www.carrona.org/drivers/driver.php?id=e1c62x64.sys
    http://www.carrona.org/drivers/driver.php?id=iaStor.sys
    http://www.carrona.org/drivers/driver.php?id=jraid.sys
    http://www.carrona.org/drivers/driver.php?id=kl1.sys
    http://www.carrona.org/drivers/driver.php?id=kl2.sys
    http://www.carrona.org/drivers/driver.php?id=klif.sys
    http://www.carrona.org/drivers/driver.php?id=klim6.sys
    http://www.carrona.org/drivers/driver.php?id=klmouflt.sys
    http://www.carrona.org/drivers/driver.php?id=ladfGSCamd64.sys
    http://www.carrona.org/drivers/driver.php?id=ladfGSRamd64.sys
    http://www.carrona.org/drivers/driver.php?id=nusb3hub.sys
    http://www.carrona.org/drivers/driver.php?id=nusb3xhc.sys
    http://www.carrona.org/drivers/driver.php?id=nvBridge.kmd
    http://www.carrona.org/drivers/driver.php?id=nvlddmkm.sys
    http://www.carrona.org/drivers/driver.php?id=snapman.sys
    http://www.carrona.org/drivers/driver.php?id=tdrpman.sys
    http://www.carrona.org/drivers/driver.php?id=tifsfilt.sys
    http://www.carrona.org/drivers/driver.php?id=timntr.sys

    BSOD BUGCHECK SUMMARY

    Code:
    
    Loading Dump File [C:\Users\John\_jcgriff2_\dbug\__Kernel__\062512-14976-01.dmp]
    Built by: 7601.17803.amd64fre.win7sp1_gdr.120330-1504
    Debug session time: Mon Jun 25 07:10:15.665 2012 (UTC - 4:00)
    System Uptime: 0 days 11:53:09.883
    BugCheck A, {15f8d5, 2, 0, fffff80002edaca0}
    *** WARNING: Unable to verify timestamp for win32k.sys
    *** ERROR: Module load completed but symbols could not be loaded for win32k.sys
    Probably caused by : afd.sys ( afd!AfdReturnBuffer+1fa )
    DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT
    BUGCHECK_STR:  0xA
    PROCESS_NAME:  System
    FAILURE_BUCKET_ID:  X64_0xA_afd!AfdReturnBuffer+1fa
    Bugcheck code 0000000A
    Arguments 00000000`0015f8d5 00000000`00000002 00000000`00000000 fffff800`02edaca0
    BiosVersion = 2001
    BiosReleaseDate = 09/20/2011
    SystemManufacturer = System manufacturer
    SystemProductName = System Product Name
    CPUID:        "Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz"
    MaxSpeed:     3300
    CurrentSpeed: 3310
    ииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииии``
    Loading Dump File [C:\Users\John\_jcgriff2_\dbug\__Kernel__\070112-17378-01.dmp]
    Built by: 7601.17835.amd64fre.win7sp1_gdr.120503-2030
    Debug session time: Sun Jul  1 15:14:33.478 2012 (UTC - 4:00)
    System Uptime: 0 days 0:02:56.695
    BugCheck 50, {fffff900c2d8db60, 0, fffff9600006c6a6, 2}
    *** WARNING: Unable to verify timestamp for win32k.sys
    *** ERROR: Module load completed but symbols could not be loaded for win32k.sys
    Probably caused by : win32k.sys ( win32k+5c6a6 )
    DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT
    BUGCHECK_STR:  0x50
    PROCESS_NAME:  dw20.exe
    FAILURE_BUCKET_ID:  X64_0x50_win32k+5c6a6
    Bugcheck code 00000050
    Arguments fffff900`c2d8db60 00000000`00000000 fffff960`0006c6a6 00000000`00000002
    BiosVersion = 2001
    BiosReleaseDate = 09/20/2011
    SystemManufacturer = System manufacturer
    SystemProductName = System Product Name
    CPUID:        "Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz"
    MaxSpeed:     3300
    CurrentSpeed: 3310
    ииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииии``
    Loading Dump File [C:\Users\John\_jcgriff2_\dbug\__Kernel__\070112-17643-01.dmp]
    Built by: 7601.17835.amd64fre.win7sp1_gdr.120503-2030
    Debug session time: Sun Jul  1 15:10:08.644 2012 (UTC - 4:00)
    System Uptime: 0 days 2:38:24.862
    BugCheck 50, {fffff900c1f86000, 0, fffff80003009afd, 0}
    *** WARNING: Unable to verify timestamp for win32k.sys
    *** ERROR: Module load completed but symbols could not be loaded for win32k.sys
    Probably caused by : Pool_Corruption ( nt!ExDeferredFreePool+241 )
    DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT
    BUGCHECK_STR:  0x50
    PROCESS_NAME:  robotaskbarico
    FAILURE_BUCKET_ID:  X64_0x50_nt!ExDeferredFreePool+241
    Bugcheck code 00000050
    Arguments fffff900`c1f86000 00000000`00000000 fffff800`03009afd 00000000`00000000
    BiosVersion = 2001
    BiosReleaseDate = 09/20/2011
    SystemManufacturer = System manufacturer
    SystemProductName = System Product Name
    CPUID:        "Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz"
    MaxSpeed:     3300
    CurrentSpeed: 3310
    ииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииии``
    Loading Dump File [C:\Users\John\_jcgriff2_\dbug\__Kernel__\070112-18782-01.dmp]
    Built by: 7601.17835.amd64fre.win7sp1_gdr.120503-2030
    Debug session time: Sun Jul  1 12:25:21.664 2012 (UTC - 4:00)
    System Uptime: 5 days 15:06:38.155
    BugCheck 19, {21, fffff8a004c84000, 1180, 181180}
    *** WARNING: Unable to verify timestamp for kl1.sys
    *** ERROR: Module load completed but symbols could not be loaded for kl1.sys
    *** WARNING: Unable to verify timestamp for win32k.sys
    *** ERROR: Module load completed but symbols could not be loaded for win32k.sys
    Probably caused by : kl1.sys ( kl1+fd207 )
    BUGCHECK_STR:  0x19_21
    DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT
    PROCESS_NAME:  avp.exe
    FAILURE_BUCKET_ID:  X64_0x19_21_kl1+fd207
    Bugcheck code 00000019
    Arguments 00000000`00000021 fffff8a0`04c84000 00000000`00001180 00000000`00181180
    BiosVersion = 2001
    BiosReleaseDate = 09/20/2011
    SystemManufacturer = System manufacturer
    SystemProductName = System Product Name
    CPUID:        "Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz"
    MaxSpeed:     3300
    CurrentSpeed: 3310
    ииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииии``
    Loading Dump File [C:\Users\John\_jcgriff2_\dbug\__Kernel__\070112-19453-01.dmp]
    Built by: 7601.17835.amd64fre.win7sp1_gdr.120503-2030
    Debug session time: Sun Jul  1 12:30:22.874 2012 (UTC - 4:00)
    System Uptime: 0 days 0:03:32.091
    BugCheck 1A, {41790, fffffa80039f8ee0, ffff, 0}
    *** WARNING: Unable to verify timestamp for win32k.sys
    *** ERROR: Module load completed but symbols could not be loaded for win32k.sys
    Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+355e4 )
    BUGCHECK_STR:  0x1a_41790
    DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT
    PROCESS_NAME:  avp.exe
    FAILURE_BUCKET_ID:  X64_0x1a_41790_nt!_??_::FNODOBFM::_string_+355e4
    Bugcheck code 0000001A
    Arguments 00000000`00041790 fffffa80`039f8ee0 00000000`0000ffff 00000000`00000000
    BiosVersion = 2001
    BiosReleaseDate = 09/20/2011
    SystemManufacturer = System manufacturer
    SystemProductName = System Product Name
    CPUID:        "Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz"
    MaxSpeed:     3300
    CurrentSpeed: 3310
    ииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииии``
    Loading Dump File [C:\Users\John\_jcgriff2_\dbug\__Kernel__\070112-22432-01.dmp]
    Built by: 7601.17835.amd64fre.win7sp1_gdr.120503-2030
    Debug session time: Sun Jul  1 19:44:45.596 2012 (UTC - 4:00)
    System Uptime: 0 days 4:12:35.440
    BugCheck 1A, {41284, 73f5001, 2177, fffff70001080000}
    *** WARNING: Unable to verify timestamp for win32k.sys
    *** ERROR: Module load completed but symbols could not be loaded for win32k.sys
    Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+4ac3 )
    BUGCHECK_STR:  0x1a_41284
    DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT
    PROCESS_NAME:  Wow.exe
    FAILURE_BUCKET_ID:  X64_0x1a_41284_nt!_??_::FNODOBFM::_string_+4ac3
    Bugcheck code 0000001A
    Arguments 00000000`00041284 00000000`073f5001 00000000`00002177 fffff700`01080000
    BiosVersion = 2001
    BiosReleaseDate = 09/20/2011
    SystemManufacturer = System manufacturer
    SystemProductName = System Product Name
    CPUID:        "Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz"
    MaxSpeed:     3300
    CurrentSpeed: 3310
    ииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииии``
    Loading Dump File [C:\Users\John\_jcgriff2_\dbug\__Kernel__\070212-19624-01.dmp]
    Built by: 7601.17835.amd64fre.win7sp1_gdr.120503-2030
    Debug session time: Mon Jul  2 09:55:08.863 2012 (UTC - 4:00)
    System Uptime: 0 days 14:08:57.707
    BugCheck 19, {21, fffff8a00dbb9000, 1180, 531180}
    *** WARNING: Unable to verify timestamp for kl1.sys
    *** ERROR: Module load completed but symbols could not be loaded for kl1.sys
    *** WARNING: Unable to verify timestamp for win32k.sys
    *** ERROR: Module load completed but symbols could not be loaded for win32k.sys
    Probably caused by : kl1.sys ( kl1+fd207 )
    BUGCHECK_STR:  0x19_21
    DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT
    PROCESS_NAME:  avp.exe
    FAILURE_BUCKET_ID:  X64_0x19_21_kl1+fd207
    Bugcheck code 00000019
    Arguments 00000000`00000021 fffff8a0`0dbb9000 00000000`00001180 00000000`00531180
    BiosVersion = 2001
    BiosReleaseDate = 09/20/2011
    SystemManufacturer = System manufacturer
    SystemProductName = System Product Name
    CPUID:        "Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz"
    MaxSpeed:     3300
    CurrentSpeed: 3310
    ииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииии``
    Loading Dump File [C:\Users\John\_jcgriff2_\dbug\__Kernel__\070312-18096-01.dmp]
    Built by: 7601.17835.amd64fre.win7sp1_gdr.120503-2030
    Debug session time: Tue Jul  3 09:15:10.803 2012 (UTC - 4:00)
    System Uptime: 0 days 1:16:25.020
    BugCheck 19, {3, fffff8a01634f1f0, fffff8a016cdf1f0, fffff8a01634f1f0}
    *** WARNING: Unable to verify timestamp for win32k.sys
    *** ERROR: Module load completed but symbols could not be loaded for win32k.sys
    Probably caused by : Pool_Corruption ( nt!ExDeferredFreePool+118b )
    BUGCHECK_STR:  0x19_3
    DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT
    PROCESS_NAME:  firefox.exe
    FAILURE_BUCKET_ID:  X64_0x19_3_nt!ExDeferredFreePool+118b
    Bugcheck code 00000019
    Arguments 00000000`00000003 fffff8a0`1634f1f0 fffff8a0`16cdf1f0 fffff8a0`1634f1f0
    BiosVersion = 2001
    BiosReleaseDate = 09/20/2011
    SystemManufacturer = System manufacturer
    SystemProductName = System Product Name
    CPUID:        "Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz"
    MaxSpeed:     3300
    CurrentSpeed: 3310
    ииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииии``
    Loading Dump File [C:\Users\John\_jcgriff2_\dbug\__Kernel__\070312-18720-01.dmp]
    Built by: 7601.17835.amd64fre.win7sp1_gdr.120503-2030
    Debug session time: Tue Jul  3 07:56:53.100 2012 (UTC - 4:00)
    System Uptime: 0 days 17:05:01.317
    BugCheck 1A, {41284, fffff7044019a001, 195a2a, fffff70001080000}
    *** WARNING: Unable to verify timestamp for win32k.sys
    *** ERROR: Module load completed but symbols could not be loaded for win32k.sys
    Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+4ac3 )
    BUGCHECK_STR:  0x1a_41284
    DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT
    PROCESS_NAME:  CurseClient.ex
    FAILURE_BUCKET_ID:  X64_0x1a_41284_nt!_??_::FNODOBFM::_string_+4ac3
    Bugcheck code 0000001A
    Arguments 00000000`00041284 fffff704`4019a001 00000000`00195a2a fffff700`01080000
    BiosVersion = 2001
    BiosReleaseDate = 09/20/2011
    SystemManufacturer = System manufacturer
    SystemProductName = System Product Name
    CPUID:        "Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz"
    MaxSpeed:     3300
    CurrentSpeed: 3310
    ииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииии``
    
    
      My Computer


  3. Posts : 5
    Microsoft Windows 7 Professional 64-bit 7601 Multiprocessor Free Service Pack 1
    Thread Starter
       #3

    That's pretty wild having all those old drivers. This was a new system install 6-8 months ago with all programs freshly downloaded and installed. Thanks for the suggestions. I really appreciate you taking the time to look at the logs and make recommendations. I'll get at it tonight.
      My Computer


  4. Posts : 5
    Microsoft Windows 7 Professional 64-bit 7601 Multiprocessor Free Service Pack 1
    Thread Starter
       #4

    I uninstalled Kaspersky via their uninstall tool. I also uninstalled Acronis True Image via the Control Panel.

    I installed Microsoft Security Essentials and am using the Windows firewall atm.

    I haven't checked all of the drivers in the list that were older than 2009. Actually I started at the bottom and worked up. I checked the bottom 4. snapman.sys tdrpman.sys tifsfilt.sys timntr.sys All appear to be from Acronis and are still present.

    I did a registry search. snapman.sys and tdrpman.sys are not present in the registry while the other two are. Should I edit registry keys that have the old drivers to remove those references or just wait and see what happens with the changes made so far?
      My Computer


  5. Posts : 5,705
    Win7 x64 + x86
       #5

    Don't do anything other than uninstall them through Control Panel.
    If they stay and cause problems - then we can rip them out by the roots (with a couple of safety tips along the way).
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

й Designer Media Ltd
All times are GMT -5. The time now is 04:49.
Find Us