BSOD caused by ntoskrnl.exe

koolkat77 · 09 Aug 2013

Please uninstall Sunbelt Personal Firewall driver/Sunbelt Software with Revo as instructed.

Code:

Microsoft (R) Windows Debugger Version 6.2.9200.20512 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\USER\Downloads\slicksax\SF_09-08-2013\080913-102430-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7600 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7600.17273.amd64fre.win7_gdr.130318-1532
Machine Name:
Kernel base = 0xfffff800`03404000 PsLoadedModuleList = 0xfffff800`03640e70
Debug session time: Fri Aug  9 20:38:52.252 2013 (UTC + 6:00)
System Uptime: 0 days 0:05:33.469
Loading Kernel Symbols
...............................................................
................................................................
.........................................
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck D1, {0, 2, 8, 0}

*** WARNING: Unable to verify timestamp for SbFw.sys
*** ERROR: Module load completed but symbols could not be loaded for SbFw.sys
Probably caused by : SbFw.sys ( SbFw+a7b1 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 0000000000000000, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000008, value 0 = read operation, 1 = write operation
Arg4: 0000000000000000, address which referenced memory

Debugging Details:
------------------


READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800036ab0e0
GetUlongFromAddress: unable to read from fffff800036ab198
 0000000000000000 Nonpaged pool

CURRENT_IRQL:  2

FAULTING_IP: 
+0
00000000`00000000 ??              ???

PROCESS_NAME:  networx.exe

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT

BUGCHECK_STR:  0xD1

TAG_NOT_DEFINED_c000000f:  FFFFF80000BA2FB0

TRAP_FRAME:  fffff80000ba2b50 -- (.trap 0xfffff80000ba2b50)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000000
rdx=fffffa800bfbf6a0 rsi=0000000000000000 rdi=0000000000000000
rip=0000000000000000 rsp=fffff80000ba2ce8 rbp=0000000000000000
 r8=0000000000000000  r9=0000000000000000 r10=fffff800035eeca0
r11=0000000000000002 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl zr na po nc
00000000`00000000 ??              ???
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff80003472de9 to fffff80003473880

FAILED_INSTRUCTION_ADDRESS: 
+0
00000000`00000000 ??              ???

STACK_TEXT:  
fffff800`00ba2ce8 fffff880`03f3c7b1 : fffffa80`0bfb9b00 ffffffff`ffffffff 00000000`00000004 00000000`00000004 : 0x0
fffff800`00ba2cf0 fffffa80`0bfb9b00 : ffffffff`ffffffff 00000000`00000004 00000000`00000004 fffffa80`00000000 : SbFw+0xa7b1
fffff800`00ba2cf8 ffffffff`ffffffff : 00000000`00000004 00000000`00000004 fffffa80`00000000 00000000`00000000 : 0xfffffa80`0bfb9b00
fffff800`00ba2d00 00000000`00000004 : 00000000`00000004 fffffa80`00000000 00000000`00000000 fffffa80`00000004 : 0xffffffff`ffffffff
fffff800`00ba2d08 00000000`00000004 : fffffa80`00000000 00000000`00000000 fffffa80`00000004 00000000`00000000 : 0x4
fffff800`00ba2d10 fffffa80`00000000 : 00000000`00000000 fffffa80`00000004 00000000`00000000 fffff880`03f3c6f0 : 0x4
fffff800`00ba2d18 00000000`00000000 : fffffa80`00000004 00000000`00000000 fffff880`03f3c6f0 00000000`00000004 : 0xfffffa80`00000000


STACK_COMMAND:  .trap 0xfffff80000ba2b50 ; kb

FOLLOWUP_IP: 
SbFw+a7b1
fffff880`03f3c7b1 ??              ???

SYMBOL_STACK_INDEX:  1

SYMBOL_NAME:  SbFw+a7b1

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: SbFw

IMAGE_NAME:  SbFw.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4eef215b

FAILURE_BUCKET_ID:  X64_0xD1_CODE_AV_NULL_IP_SbFw+a7b1

BUCKET_ID:  X64_0xD1_CODE_AV_NULL_IP_SbFw+a7b1

Followup: MachineOwner
---------

0: kd> lmvm SbFw
start             end                 module name
fffff880`03f32000 fffff880`03f98000   SbFw     T (no symbols)           
    Loaded symbol image file: SbFw.sys
    Image path: \SystemRoot\system32\drivers\SbFw.sys
    Image name: SbFw.sys
    Timestamp:        Mon Dec 19 17:34:51 2011 (4EEF215B)
    CheckSum:         0004A1AD
    ImageSize:        00066000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4

Driver Reference Table - SbFw.sys

slicksax · 09 Aug 2013

Speccy
-see attached screenshot
-I am in Safe Mode w/ Networking right now to prevent crashes will I work. I don't know if this is why Speccy has not been able to run properly
Attachment 280611

HWMonitor
-see attached screenshot
Attachment 280612

koolkat77 · 09 Aug 2013

Okay. Have you uninstalled sunbelt?

slicksax · 09 Aug 2013

Revo cannot find any Sunbelt software

koolkat77 · 09 Aug 2013

Can you find it in control panel, add remove programs?

slicksax · 09 Aug 2013

Sorry, I should I have said I tried that too. I also tried Start --> Search and that didn't turn up any "sunbelt" either

koolkat77 · 09 Aug 2013

Okay, please go for the clean install then.

The steps are here:
Clean Reinstall - Factory OEM Windows 7

Chetan Savade · 12 Aug 2013

Hi,

I am Chetan Savade from Symantec Technical Support team.

By looking at thread conversion it seems you are using multiple Antivirus and trying to solve your issue.

From Symantec side I would like to say not to install more than one antivirus at a time. If you installed multiple antivirus it may drain your resources, may caused conflict within two antivirues.

As long as using the latest version of SEP (SEP 11 RU7 MP3 or SEP 12.1 RU3) there shouldn't be any issue related to BSOD.

Is it possible for you to repair Operating System?

Regards,
Chetan Savade

Neiron0809wtf · 12 Aug 2013

Guys please help, it comes with freezing in random situations
sometimes it happens more oftenly sometime not
but i ran hdd scan no bad sector was found
can you please let me know how can i fix this mistake? here take my dump files

Ihave Asus p5e motherboard,1tb sata seagate, nod 32, windows 7 x64 ultiamte, 550ti nvidia geforce, 4gb ram

slicksax · 12 Aug 2013

@ koolkat77 - I did a reinstall Saturday and everything seems to be back to normal. I made sure to only install MSE and MWB free and I won't allow IT to mess with it again

as this was the first time ever having BSOD . Again, I'll wait the full week to make sure nothing else happens.

@ Chetan - Well I was only running Microsoft Security Essentials, but due to compliance rules the IT guy installed Symantec which ended up causing the problem. I completely wiped and reinstalled Win 7 and everything seems to be fine now using MSE and MalwareBytes

BSOD caused by ntoskrnl.exe

Help bsod ntokernel