Random different BSODs, ntoskrnl.exe

[peterau]

My friend has a Desktop PC that has some random BSODs and I decide to help him.
Started on January and getting worse last month.
After the forth BSOD I tried to find out the problem but it seems the problem not really exact. (Run WinDbg, got different results)
Then I reinstalled motherboard, video card, wlan and the lan drivers. Run chkdsk and system file checker (src /scannow), found nothing. Checked the SSD firmware, up to date.
Run stress test on the CPU and the GPU, there weren't overheating (at that time).
Tested the RAMs using memtest86+ overnight, passed 5 times, no errors.
Run Driver Verifier for 17 hours, no BSOD. After deleted the existing settings, restarting the windows caused BSOD (5th).
Uninstalled Gigabyte Dynamic Energy Saver and manually disabled the gdrv.sys using Autoruns. But this seems only the last BSOD (or not).

I was wondering if somebody could help.
Thank you in advance.

 

[cipley]

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck C1, {fffff9807ec22ff0, fffff9807ec22ffc, 7d000c, 24}

Unable to load image \??\C:\Windows\gdrv.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for gdrv.sys
*** ERROR: Module load completed but symbols could not be loaded for gdrv.sys
[B][COLOR="Red"]Probably caused by : gdrv.sys ( gdrv+30c7 )[/COLOR][/B]

Followup: MachineOwner
---------

Loaded symbol image file: gdrv.sys
    Image path: \??\C:\Windows\gdrv.sys
    Image name: gdrv.sys
[B][COLOR="red"]    Timestamp:        Fri Mar 13 10:22:29 2009 (49B9D175) 2009 (49B9D175)[/COLOR][/B]

the driver's very old...should update those
GIGABYTE
EDIT:
if you are planniing to uninstall that anyway, just uninstall it as it's one of the cause of BSOD...

Start Menu\Programs\Norton Internet Security	Public:Start Menu\Programs\Norton Internet Security	Public

also, it's recommended that you uninstall Norton and use MSE instead

Antivirus Uninstaller
Microsoft Security Essentials | Protect against viruses, spyware, and other malware

run chkdisk /f /r to search for drive corruption, and sfc /scannow to scan for corrupted windows system file


Cheers

 

[peterau]

Thank you for the help.
I already uninstalled Gigabyte Dynamic Energy Saver (5th BSOD, gdrv.sys).
What do you think about the first 4 BSODs?
Also before the 5th BSOD happened I had already checked the filesystem and run the sfc/ scannow but no problem found.

 

[cipley]

check for the leftover, just in case
http://www.sevenforums.com/tutorials/83814-drivers-clean-left-over-files-after-uninstalling.html

One of the BSOD states DRIVER_POWER_STATE_FAILURE (9f), caused by usbhub.sys

the others, while pointing to different process, are invoked when you launch some program named Poker or something...

BUGCHECK_STR:  0x3B

PROCESS_NAME:  PokerClient.ex

CURRENT_IRQL:  0

this might be one of the cause

also, I see that you have a quite hefty list of startup programs :shock:
Perform a clean startup and see if BSOD occur:
http://www.sevenforums.com/tutorials/179159-troubleshoot-application-conflicts-performing-clean-startup.html

don't forger to do a full scan for malware though

 

[peterau]

Thank you for the advise.

I'd advise him to remove the Norton only if we were sure the problem caused by that.
I did malware scan before the 5th BSOD using Malwarebytes Antimalware, Hitman Pro and RogueKiller, no problem found.

As the BSOD does not happen every day (only about in 10-15 days) using the clean startup may not help.

Does it mean the other 3 BSODs caused by the pokerclient.exe? My friend are using that program all the times.

 

[x BlueRobot]

BSOD Analysis -

[COLOR="Red"]BugCheck 3B[/COLOR], {[COLOR="SeaGreen"]c0000005[/COLOR], fffff960000955ea, fffff88016a5b210, 0}

Probably caused by : [COLOR="Red"]win32k.sys[/COLOR] ( win32k!NtUserQueryWindow+18a )

Usual causes:  System service, Device driver, graphics driver, memory

win32k.sys is part of the Windows API, and primarily provides support for kernel-based graphics interface support, by directly communicating with the graphics driver, which makes sense since your graphics driver does seem to be causing a few issues. win32k.sys also serves other purposes, such as the Window Manager, which deals with some input devices such as the keyboard.

-----------------------------------------------------------

Steps -

Update:

start             end                 module name
fffff880`04a41000 fffff880`054e9000   nvlddmkm T (no symbols)           
    Loaded symbol image file: nvlddmkm.sys
    Image path: \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    Image name: [COLOR="red"]nvlddmkm.sys[/COLOR]
    Timestamp:        [COLOR="red"]Sat Feb 09 23:13:08 2013[/COLOR] (5116D804)
    CheckSum:         00A90CB0
    ImageSize:        00AA8000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4

Your nVidia graphics driver seems to be slightly outdated, best to update it to this WHQL version, which has been tested by Windows for stability and compatibility:

Version: 314.22
Release Date for Desktops and Notebooks : March 25th 2013
In Device Manager: 9.18.13.1422

• NVIDIA Driver Downloads - Advanced Search

1. Download Driver
2. Start rb: Type: Device Manager
3. Expand Display Adapters
4. Right-Click Driver Name, Uninstall
5. Reboot
6. Run Driver Sweeper
7. Reboot
8. Install Downloaded Driver

Driver Sweeper will scan for any left over files from the old driver, old driver files can cause conflicts with new driver installations. Create a System Restore point beforehand, in case any problems or issues arise.

Driver Sweeper:

• http://www.sevenforums.com/tutorials/83814-drivers-clean-left-over-files-after-uninstalling.html
  
  Update:

start             end                 module name
fffff880`01168000 fffff880`01173000   amdxata  T (no symbols)           
    Loaded symbol image file: amdxata.sys
    Image path: \SystemRoot\system32\DRIVERS\amdxata.sys
    Image name: [COLOR="red"]amdxata.sys[/COLOR]
    Timestamp:        [COLOR="Red"]Wed Oct 07 21:13:10 2009[/COLOR] (4ACCF656)
    CheckSum:         00007A58
    ImageSize:        0000B000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4

Update:

Your AMD Storage Controller driver seems to be very outdated, please update through Windows Update:

1. Start rb:
2. Type: Windows Update
3. Check for Updates
4. Install all available updates

Update:

start             end                 module name
fffff880`010f1000 fffff880`01105000   amdsata  T (no symbols)           
    Loaded symbol image file: amdsata.sys
    Image path: \SystemRoot\system32\DRIVERS\amdsata.sys
    Image name: [COLOR="red"]amdsata.sys[/COLOR]
    Timestamp:        [COLOR="red"]Wed Oct 07 21:13:09 2009[/COLOR] (4ACCF655)
    CheckSum:         0001C14A
    ImageSize:        00014000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4

Your AMD ACHI driver is also very outdated, please update it from the AMD Support page - http://support.amd.com/us/Pages/AMDSupportHub.aspx

Remove:

start             end                 module name
fffff880`01000000 fffff880`01071000   SYMDS64  T (no symbols)           
    Loaded symbol image file: SYMDS64.SYS
    Image path: \SystemRoot\system32\drivers\NISx64\1309010.00E\SYMDS64.SYS
    Image name: [COLOR="red"]SYMDS64.SYS[/COLOR]
    Timestamp:        [COLOR="red"]Mon May 16 23:15:03 2011[/COLOR] (4DD1A1E7)
    CheckSum:         0007D541
    ImageSize:        00071000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4

Norton is causing problems here, it is a very bloated anti-virus program, and is well known to cause BSODs in Windows 7, please remove this program completely using the Norton Removal Tool, and then install and run full scans with these free and proven alternatives which work best with Windows 7:

Install and perform full scans with:

• Malwarebytes : Free anti-malware download
• Microsoft Security Essentials | Protect against viruses, spyware, and other malware

   Information

Remember to install the free version of Malwarebytes not the free trail; untick the free trial box during installation. MSE is the most lightweight and compatible with the Windows 7 operating system

You can also view this thread for a complete free and lightweight security protection combination:

• http://www.sevenforums.com/system-security/206705-good-free-system-security-combination.html

 

[peterau]

I downloaded the Nvidia driver you recommended.
I will definitely remove the Norton.

After the amdsata.sys related BSOD I upgraded the motherboard drivers including the AHCI drivers too.
In the driver list I found new amd_sata.sys (12/04/2012) and amd_xata.sys (12/04/2012) just next to the amdsata.sys (08/10/2009) and amdxata.sys (08/10/2009.
It was a bit confused so I searched for them. I found in this:

Chipset Driver Release 1.2.001.210
Renamed
- amdsata.inf -> amd_sata.inf
- amdsata.cat -> amd_sata.cat
- amdsata.sys -> amd_sata.sys
- amdxata.sys -> amd_xata.sys

Is it possible the system is using both the old and the new remamed versions?
Do you think disabling the old versions would solve the this BSOD?

Could you please help with the 032913-13572-01.dmp and the 040313-13712-01.dmp BSODs too?

Thank you for your help.

 

[x BlueRobot]

Post the files using these steps - http://www.sevenforums.com/bsod-help-support/96879-blue-screen-death-bsod-posting-instructions.html

If you updated the drivers, then it should be only using the latest drivers installed.

 

[peterau]

Thank you for your answer.

I cannot access his computer now at he is not here at the moment. I can make the modification after he comes back.
Do you want me to attach the same report again as in my original post? I did it following the instructions.

Any advise for the 032913-13572-01.dmp and the 040313-13712-01.dmp BSODs?
Thank you.

 

[x BlueRobot]

[COLOR="Red"]BugCheck 9F[/COLOR], {[COLOR="Blue"]3[/COLOR], fffffa8015e1e440, fffff80000b9c518, [COLOR="SeaGreen"]fffffa801503d260[/COLOR]}

Probably caused by : usbhub.sys

This indicates that a Device Object, which is how Windows represents Devices, has been blocking a IRP packet for too long.

The blocked IRP packet seems to be related to your Atheros AR9271 Wireless Network Adapter, see here:

0: kd> [COLOR="SeaGreen"]!irp fffffa801503d260[/COLOR]
Irp is active with 9 stacks 7 is current (= 0xfffffa801503d4e0)
 No Mdl: No System Buffer: Thread 00000000:  Irp stack trace.  
     cmd  flg cl Device   File     Completion-Context
 [  0, 0]   0  0 00000000 00000000 00000000-00000000    

			Args: 00000000 00000000 00000000 00000000
 [  0, 0]   0  0 00000000 00000000 00000000-00000000    

			Args: 00000000 00000000 00000000 00000000
 [  0, 0]   0  0 00000000 00000000 00000000-00000000    

			Args: 00000000 00000000 00000000 00000000
 [  0, 0]   0  0 00000000 00000000 00000000-00000000    

			Args: 00000000 00000000 00000000 00000000
 [  0, 0]   0  0 00000000 00000000 00000000-00000000    

			Args: 00000000 00000000 00000000 00000000
 [  0, 0]   0  0 00000000 00000000 00000000-00000000    

			Args: 00000000 00000000 00000000 00000000
[COLOR="blue"]>[ 16, 3]   0  0 fffffa800f8d9050 00000000 00000000-00000000    
	      Unable to load image \SystemRoot\system32\DRIVERS\athurx.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for athurx.sys
*** ERROR: Module load completed but symbols could not be loaded for athurx.sys
 \Driver\athur[/COLOR]
			Args: 00016600 00000000 00000006 00000005
 [ 16, 3]   0 e1 fffffa80141478a0 00000000 fffff80003b1c200-fffffa800e2af220 Success Error Cancel pending
	       \Driver\vwifibus	nt!PopSystemIrpCompletion
			Args: 00016600 00000000 00000006 00000005
 [  0, 0]   0  0 00000000 00000000 00000000-fffffa800e2af220

Update:

0: kd> [COLOR="SeaGreen"]lmvm athurx[/COLOR]
start             end                 module name
fffff880`0560d000 fffff880`057d6000   athurx   T (no symbols)           
    Loaded symbol image file: athurx.sys
    Image path: \SystemRoot\system32\DRIVERS\athurx.sys
    Image name: athurx.sys
    Timestamp:        [COLOR="Red"]Wed Feb 24 11:41:07 2010[/COLOR] (4B851053)
    CheckSum:         001CD557
    ImageSize:        001C9000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4

Please update the driver from here - ATHEROS drivers for Microsoft Windows (Atheros?????)

 

[peterau]

Attached everything.
Thank you very much.

 

[x BlueRobot]

Sorry I thought you another BSOD, but anyhow, I will show the other information from the other BSOD you requested.

[COLOR="Red"]BugCheck 3B[/COLOR], {[COLOR="SeaGreen"]c0000005[/COLOR], fffff8800110a777, fffff8800e86b920, 0}

Probably caused by : fltmgr.sys ( fltmgr!FltAcquirePushLockShared+17 )

1: kd>[COLOR="SeaGreen"] lmvm SRTSP64[/COLOR]
start             end                 module name
fffff880`174b5000 fffff880`17574000   SRTSP64  T (no symbols)           
    Loaded symbol image file: SRTSP64.SYS
    Image path: \SystemRoot\System32\Drivers\NISx64\1309010.00E\SRTSP64.SYS
    Image name: SRTSP64.SYS
    Timestamp:        [COLOR="Red"]Mon Jul 02 19:20:28 2012 [/COLOR](4FF1E66C)
    CheckSum:         000B7546
    ImageSize:        000BF000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4

It appears the Symantec Real Time Storage Protection driver is conflicting with the Windows filesystem filter drivers, the driver is also part of the Norton program package, use the same removal tool in my first post to remove this program.

 

[peterau]

Thank you very much.
May only the first BSOD left 012713-9594-01.dmp.
Could you please help me with that too?

 

[x BlueRobot]

[COLOR="Red"]BugCheck 3B[/COLOR], {[COLOR="SeaGreen"]c0000005[/COLOR], fffff80003876944, fffff8800c89c000, 0}

Probably caused by : ntkrnlmp.exe ( nt!KiDeliverApc+d4 )

Here's a few more drivers which I have found:

3: kd> [COLOR="SeaGreen"]lmvm SYMEVENT64x86[/COLOR]
start             end                 module name
fffff880`04357000 fffff880`0438f000   SYMEVENT64x86 T (no symbols)           
    Loaded symbol image file: SYMEVENT64x86.SYS
    Image path: \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
    Image name: SYMEVENT64x86.SYS
    Timestamp:        [COLOR="Red"]Tue Nov 22 18:30:48 2011[/COLOR] (4ECBEA58)
    CheckSum:         00030D61
    ImageSize:        00038000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4

Your Norton Internet Security driver is also causing problems, again please remove this program with the Norton Removal Tool which has already been provided.

3: kd> [COLOR="SeaGreen"]lmvm BHDrvx64[/COLOR]
start             end                 module name
fffff880`0469b000 fffff880`047f2000   BHDrvx64 T (no symbols)           
    Loaded symbol image file: BHDrvx64.sys
    Image path: \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\BASHDefs\20130116.013\BHDrvx64.sys
    Image name: BHDrvx64.sys
    Timestamp:       [COLOR="Red"] Fri Jan 11 18:50:17 2013 [/COLOR](50F05EE9)
    CheckSum:         00157CEA
    ImageSize:        00157000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4

Your Symantec Heuristics Driver is causing a few problems, and this part of the Norton program package, best to remove the program using the Norton Removal Tool.

Summary:

*Norton seems to be causing many problems, there's four Norton related drivers, among all the BSODs analyzed, so remove the program entirely using the Norton Removal Tool (see first post).

*Check for updates for your network adapter.

*Update driver for nVidia graphics card.

 

[peterau]

Thank you very much for your help.
I'll go tomorrow and remove the Norton and update the drivers.

 

[x BlueRobot]

Very welcome and good