sorry for the double post, i got the help page up (wasnt working for me before)
Here are the minidump files, there are 3 in total.
Thanks so much for help!
Hello Welcome to SF,
I guess the problem is with BHDrvx64.sys Norton / Symantec. I would recommend to uninstall Norton / Symantec completely use the Norton Removal Tool and clean everything out completely. Check whether you have any BIOS updates. Ensure that the machine is adequately cooled.
HardwareTroubleshooting
Run the
Memory Diagnostic &
HD Diagnostic
Also i would recommend to run System Integrity Checker
Start > Run > CMD >Right Click and Run as administrator > SFC/ SCANNOW
Update the following Driver
Code:
wg111v3.sys Fri Dec 28 12:29:29 2007
Bugcheck Analysis
Code:
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: fffff8800a401bc8, memory referenced.
Arg2: 0000000000000001, value 0 = read operation, 1 = write operation.
Arg3: fffff80002891adf, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000000, (reserved)
Debugging Details:
------------------
Could not read faulting driver name
WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff80002abd0e0
fffff8800a401bc8
FAULTING_IP:
nt!KeRemoveQueueEx+31f
fffff800`02891adf 4c8918 mov qword ptr [rax],r11
MM_INTERNAL_CODE: 0
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x50
PROCESS_NAME: svchost.exe
CURRENT_IRQL: 0
TRAP_FRAME: fffff8800ac01850 -- (.trap 0xfffff8800ac01850)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffff8800a401bc8 rbx=0000000000000000 rcx=0000000000000000
rdx=00000000000007ff rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002891adf rsp=fffff8800ac019e0 rbp=0000000000000000
r8=fffff80002815000 r9=0000000000000000 r10=fffffffffffffffe
r11=fffffa8007ae5810 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na pe nc
nt!KeRemoveQueueEx+0x31f:
fffff800`02891adf 4c8918 mov qword ptr [rax],r11 ds:fffff880`0a401bc8=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff800029061e4 to fffff80002886f00
STACK_TEXT:
fffff880`0ac016e8 fffff800`029061e4 : 00000000`00000050 fffff880`0a401bc8 00000000`00000001 fffff880`0ac01850 : nt!KeBugCheckEx
fffff880`0ac016f0 fffff800`02884fee : 00000000`00000001 00000020`e483dccd 00000000`00000000 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x42907
fffff880`0ac01850 fffff800`02891adf : fffffa80`082593f8 fffffa80`06a49b60 fffffa80`00000075 fffff8a0`083e96a0 : nt!KiPageFault+0x16e
fffff880`0ac019e0 fffff800`02b7f6d7 : fffffa80`00010000 fffff880`0ac01bc8 00000000`00000001 fffff880`0ac01b40 : nt!KeRemoveQueueEx+0x31f
fffff880`0ac01a90 fffff800`02897296 : 00000000`00000000 fffff880`0ac01ba8 fffff880`0ac01bc8 00000000`00000001 : nt!IoRemoveIoCompletion+0x47
fffff880`0ac01b20 fffff800`02886153 : fffffa80`06a49b60 00000000`77544270 fffff880`0ac01ca0 00000000`00000000 : nt!NtWaitForWorkViaWorkerFactory+0x285
fffff880`0ac01c20 00000000`774917ba : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0423f578 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x774917ba
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!KeRemoveQueueEx+31f
fffff800`02891adf 4c8918 mov qword ptr [rax],r11
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: nt!KeRemoveQueueEx+31f
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bc600
FAILURE_BUCKET_ID: X64_0x50_nt!KeRemoveQueueEx+31f
BUCKET_ID: X64_0x50_nt!KeRemoveQueueEx+31f
Use !analyze -v to get detailed debugging information.
BugCheck 19, {20, fffff8a001ac5fb0, fffff8a001ac63c0, 541040a}
Unable to load image \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100211.001\BHDrvx64.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for BHDrvx64.sys
*** ERROR: Module load completed but symbols could not be loaded for BHDrvx64.sys
Probably caused by : BHDrvx64.sys ( BHDrvx64+4f897 )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
BAD_POOL_HEADER (19)
The pool is already corrupt at the time of the current request.
This may or may not be due to the caller.
The internal pool links must be walked to figure out a possible cause of
the problem, and then special pool applied to the suspect tags or the driver
verifier to a suspect driver.
Arguments:
Arg1: 0000000000000020, a pool block header size is corrupt.
Arg2: fffff8a001ac5fb0, The pool entry we were looking for within the page.
Arg3: fffff8a001ac63c0, The next pool entry.
Arg4: 000000000541040a, (reserved)
Debugging Details:
------------------
BUGCHECK_STR: 0x19_20
POOL_ADDRESS: GetPointerFromAddress: unable to read from fffff80002d050e0
fffff8a001ac5fb0
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: WerFault.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff80002c006d3 to fffff80002acef00
STACK_TEXT:
fffff880`0af5b588 fffff800`02c006d3 : 00000000`00000019 00000000`00000020 fffff8a0`01ac5fb0 fffff8a0`01ac63c0 : nt!KeBugCheckEx
fffff880`0af5b590 fffff880`010541c0 : 00000000`00000000 00000000`00000028 fffffa80`6e664d46 00000000`000007ff : nt!ExFreePool+0xda4
fffff880`0af5b640 fffff880`01055361 : fffff8a0`00000034 00000000`00000034 00000000`00000029 00000000`00000000 : fltmgr!FltpExpandShortNames+0x2f0
fffff880`0af5b6a0 fffff880`0105513e : fffffa80`04c51e80 fffffa80`072b0000 00000000`00000000 fffffa80`06b3db60 : fltmgr!FltpGetNormalizedFileNameWorker+0xc1
fffff880`0af5b6e0 fffff880`0103654b : fffffa80`04e0e010 fffffa80`06458ed0 fffffa80`04ae5080 fffff880`0af5d000 : fltmgr!FltpCreateFileNameInformation+0xee
fffff880`0af5b740 fffff880`01041ad4 : 00000000`00008000 fffffa80`06458ed0 fffffa80`072bf010 00000000`00000101 : fltmgr!FltpGetFileNameInformation+0x26b
fffff880`0af5b7c0 fffff880`04173897 : fffffa80`04c51e80 00000000`00000000 00000000`c0000225 fffff880`0af5bc10 : fltmgr!FltGetFileNameInformation+0x184
fffff880`0af5b850 fffffa80`04c51e80 : 00000000`00000000 00000000`c0000225 fffff880`0af5bc10 fffff880`0af5bc10 : BHDrvx64+0x4f897
fffff880`0af5b858 00000000`00000000 : 00000000`c0000225 fffff880`0af5bc10 fffff880`0af5bc10 fffff880`0417242f : 0xfffffa80`04c51e80
STACK_COMMAND: kb
FOLLOWUP_IP:
BHDrvx64+4f897
fffff880`04173897 ?? ???
SYMBOL_STACK_INDEX: 7
SYMBOL_NAME: BHDrvx64+4f897
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: BHDrvx64
IMAGE_NAME: BHDrvx64.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4b70f5f2
FAILURE_BUCKET_ID: X64_0x19_20_BHDrvx64+4f897
BUCKET_ID: X64_0x19_20_BHDrvx64+4f897
Followup: MachineOwner
Hope this helps,
Captain