0x0000003b BSOD Random Crashing

Discussion in 'Windows 7 Blue Screen of Death (BSOD)' started by mcginnis, Nov 30, 2011.

  1. mcginnis

    mcginnis New Member

    Joined:
    Nov 30, 2011
    Messages:
    32
    Likes Received:
    1
    Lately, I have been getting bsod randomly. Any ideas? :D

    I uploaded a few of the dump files from those bsod's. Thanks!
     

    Attached Files:

  2. Trouble

    Trouble Noob Whisperer

    Joined:
    Nov 30, 2009
    Messages:
    13,845
    Likes Received:
    833
    Maybe we should start with AVG.
    DUMP:
    Code:
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    Use !analyze -v to get detailed debugging information.
    
    BugCheck D1, {10, 2, 0, fffff880044101d9}
    
    Unable to load image \SystemRoot\system32\DRIVERS\avgtdia.sys, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for avgtdia.sys
    *** ERROR: Module load completed but symbols could not be loaded for avgtdia.sys
    Probably caused by : [COLOR=#ff0000][U][B]avgtdia.sys ( avgtdia+11d9 )[/B][/U][/COLOR]
    
    Followup: MachineOwner
    ---------
    
    0: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
    An attempt was made to access a pageable (or completely invalid) address at an
    interrupt request level (IRQL) that is too high.  This is usually
    caused by drivers using improper addresses.
    If kernel debugger is available get stack backtrace.
    Arguments:
    Arg1: 0000000000000010, memory referenced
    Arg2: 0000000000000002, IRQL
    Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
    Arg4: fffff880044101d9, address which referenced memory
    
    Debugging Details:
    ------------------
    
    
    READ_ADDRESS: GetPointerFromAddress: unable to read from fffff8000370b100
     0000000000000010 
    
    CURRENT_IRQL:  2
    
    FAULTING_IP: 
    avgtdia+11d9
    fffff880`044101d9 397b18          cmp     dword ptr [rbx+18h],edi
    
    CUSTOMER_CRASH_COUNT:  1
    
    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
    
    BUGCHECK_STR:  0xD1
    
    PROCESS_NAME:  avgnsa.exe
    
    TRAP_FRAME:  fffff88006ecb700 -- (.trap 0xfffff88006ecb700)
    NOTE: The trap frame does not contain all registers.
    Some register values may be zeroed or incorrect.
    rax=0000000000000000 rbx=0000000000000000 rcx=fffffa80087ce1b0
    rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
    rip=fffff880044101d9 rsp=fffff88006ecb890 rbp=fffff88006787080
     r8=fffffa80087ce1c0  r9=0000000000000000 r10=0000000000000000
    r11=0000fffffffff000 r12=0000000000000000 r13=0000000000000000
    r14=0000000000000000 r15=0000000000000000
    iopl=0         nv up ei pl nz na pe cy
    avgtdia+0x11d9:
    fffff880`044101d9 397b18          cmp     dword ptr [rbx+18h],edi ds:66d0:00000000`00000018=????????
    Resetting default scope
    
    LAST_CONTROL_TRANSFER:  from fffff800034d81e9 to fffff800034d8c40
    
    STACK_TEXT:  
    fffff880`06ecb5b8 fffff800`034d81e9 : 00000000`0000000a 00000000`00000010 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
    fffff880`06ecb5c0 fffff800`034d6e60 : 00000000`00000000 00000000`00000000 00000014`00000000 ffffffff`fffffff8 : nt!KiBugCheckDispatch+0x69
    fffff880`06ecb700 fffff880`044101d9 : 00000000`000186a0 fffffa80`0b06a5d0 00000000`00000b12 00000000`00000000 : nt!KiPageFault+0x260
    fffff880`06ecb890 00000000`000186a0 : fffffa80`0b06a5d0 00000000`00000b12 00000000`00000000 fffffa80`0b06a500 : [COLOR=#ff0000][U][B]avgtdia+0x11d9[/B][/U][/COLOR]
    fffff880`06ecb898 fffffa80`0b06a5d0 : 00000000`00000b12 00000000`00000000 fffffa80`0b06a500 fffff880`04413570 : 0x186a0
    fffff880`06ecb8a0 00000000`00000b12 : 00000000`00000000 fffffa80`0b06a500 fffff880`04413570 00000000`00000000 : 0xfffffa80`0b06a5d0
    fffff880`06ecb8a8 00000000`00000000 : fffffa80`0b06a500 fffff880`04413570 00000000`00000000 00000000`00000000 : 0xb12
    
    
    STACK_COMMAND:  kb
    
    FOLLOWUP_IP: 
    [COLOR=#ff0000][U][B]avgtdia+11d9[/B][/U][/COLOR]
    fffff880`044101d9 397b18          cmp     dword ptr [rbx+18h],edi
    
    SYMBOL_STACK_INDEX:  3
    
    SYMBOL_NAME:  [B][U][COLOR=#ff0000]avgtdia+11d9[/COLOR][/U][/B]
    
    FOLLOWUP_NAME:  MachineOwner
    
    MODULE_NAME: [COLOR=#ff0000][U][B]avgtdia[/B][/U][/COLOR]
    
    IMAGE_NAME:  [COLOR=#ff0000][U][B]avgtdia.sys[/B][/U][/COLOR]
    
    DEBUG_FLR_IMAGE_TIMESTAMP:  4e1a2bdd
    
    FAILURE_BUCKET_ID:  X64_0xD1_[COLOR=#ff0000][U][B]avgtdia+11d9[/B][/U][/COLOR]
    
    BUCKET_ID:  X64_0xD1_[B][U][COLOR=#ff0000]avgtdia+11d9[/COLOR][/U][/B] 
    
    Uninstall it using programs and features applet in the control panel and follow that up with the vendor specific proprietary removal tool get the correct one for your architecture. Replace with MSE from here.
    If Blue Screens persist;
    Please read the first post in this sticky thread here How to ask for help with a BSOD problem
    Do your best to accumulate the data required.
    Run the SF Diagnostic tool (download and right click the executable and choose run as administrator)
    Download and run CPUz. Use the Windows snipping tool to gather images from all tabs including all slots populated with memory under the SPD tab.
    Likewise RAMMon. Export the html report, put everything into a desktop folder that you've created for this purpose, zip it up and attach it to your next post (right click it and choose send to, compressed (zipped) folder.
    You have any number of old, pre Windows 7 RTM, that you may want to address, perhaps use google to see if you can find some updates from the applicable vendors. You can start with these;
    [TABLE]
    [TR]
    [TD]RTCore64.sys
    [/TD]
    [TD]5/25/2005 0:39
    [/TD]
    [/TR]
    [TR]
    [TD]GEARAspiWDM.sys
    [/TD]
    [TD]8/7/2006 11:11
    [/TD]
    [/TR]
    [TR]
    [TD]ElbyCDFL.sys
    [/TD]
    [TD]12/14/2006 15:22
    [/TD]
    [/TR]
    [TR]
    [TD]wacommousefilter.sys
    [/TD]
    [TD]2/16/2007 12:12
    [/TD]
    [/TR]
    [TR]
    [TD]nvstor64.sys
    [/TD]
    [TD]7/2/2007 18:35
    [/TD]
    [/TR]
    [TR]
    [TD]SCDEmu.SYS
    [/TD]
    [TD]8/7/2007 9:19
    [/TD]
    [/TR]
    [TR]
    [TD]RTKVHD64.sys
    [/TD]
    [TD]9/9/2008 4:06
    [/TD]
    [/TR]
    [TR]
    [TD]nvm62x64.sys
    [/TD]
    [TD]10/17/2008 15:01
    [/TD]
    [/TR]
    [TR]
    [TD]adfs.SYS
    [/TD]
    [TD]11/3/2008 10:48
    [/TD]
    [/TR]
    [TR]
    [TD]RimSerial_AMD64.sys
    [/TD]
    [TD]11/24/2008 11:01
    [/TD]
    [/TR]
    [TR]
    [TD]ElbyCDIO.sys
    [/TD]
    [TD]2/17/2009 11:11
    [/TD]
    [/TR]
    [TR]
    [TD]wacomvhid.sys
    [/TD]
    [TD]5/20/2009 13:53
    [/TD]
    [/TR]
    [TR]
    [TD]netr28ux.sys
    [/TD]
    [TD]5/24/2009 22:38
    [/TD]
    [/TR]
    [TR]
    [TD]FileLock.sys
    [/TD]
    [TD]5/30/2009 9:11
    [/TD]
    [/TR]
    [/TABLE]
     
  3. mcginnis

    mcginnis New Member

    Joined:
    Nov 30, 2011
    Messages:
    32
    Likes Received:
    1
    Thanks, I'll do what you suggested. Quick question though, what is the ntoskrnl.exe? On all three dumps that's the red one that seems to be the issue? Avg only showed once.
     
  4. Trouble

    Trouble Noob Whisperer

    Joined:
    Nov 30, 2009
    Messages:
    13,845
    Likes Received:
    833
    Not sure where you are seeing the ntoskrnl.exe but it any case that is a system process integral to the Operating System same with the other two files mentioned in the other two (of three) dump files;
    ntkrnlmp.exe: Google it.
    Code:
    .....
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    Use !analyze -v to get detailed debugging information.
    BugCheck 1000007E, {ffffffffc0000005, fffff800034ad3b5, fffff88003532608, fffff88003531e60}
    Probably caused by : [COLOR=#ff0000][U][B]ntkrnlmp.exe[/B][/U][/COLOR] ( nt!FsFilterPerformCallbacks+35 )
    Followup: MachineOwner
    ---------
    0: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
    This is a very common bugcheck.  Usually the exception address pinpoints
    the driver/function that caused the problem
    and
    win32k.sys
    Code:
    .....
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    Use !analyze -v to get detailed debugging information.
    BugCheck 3B, {c0000005, fffff800034b37e9, fffff8800c1af0e0, 0}
    Probably caused by : [COLOR=#ff0000][U][B]win32k.sys[/B][/U][/COLOR] ( win32k!GreLockVisRgnShared+41 )
    Followup: MachineOwner
    ---------
    1: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    SYSTEM_SERVICE_EXCEPTION (3b)
    An exception happened while executing a system service routine.
    
    Often these system files are picked up in the Bugcheck and get blamed but are rarely if ever actually at fault.
     
  5. mcginnis

    mcginnis New Member

    Joined:
    Nov 30, 2011
    Messages:
    32
    Likes Received:
    1
    Cool thanks! And sorry, I dl'd this dump viewer and it showed that file as the main cause (red) or so I thought. XD I'll look into doing the updates and such and hopefully it all works out.
     
  6. mcginnis

    mcginnis New Member

    Joined:
    Nov 30, 2011
    Messages:
    32
    Likes Received:
    1
    Did the seven forums folder with cpu-z pics. I uninstalled if not updated the drivers you listed. (Through control panel after finding what program it goes to) I still got a BSOD this morning while getting on firefox and ie. :( Also, uninstalled avg and using mse now. Plz help...
     

    Attached Files:

  7. Trouble

    Trouble Noob Whisperer

    Joined:
    Nov 30, 2009
    Messages:
    13,845
    Likes Received:
    833
    Thanks for the attachment, but it doesn't contain (for some reason) your most recent dump file from today that you mention above. Please attach that so we can have a look. Thanks
     
  8. mcginnis

    mcginnis New Member

    Joined:
    Nov 30, 2011
    Messages:
    32
    Likes Received:
    1
    It didn't make one... o_O It went BSOD said it dumped it and when it rebooted I didn't get a notification like I always do after a crash saying it crashed. So no dump file. One of the dump files included is really recent, about a day or so ago.
     
  9. Trouble

    Trouble Noob Whisperer

    Joined:
    Nov 30, 2009
    Messages:
    13,845
    Likes Received:
    833
    We're going to need new dump files to forward the diagnostic process. And to see any impact you changes and adjustments have had on your current configuration. So....
    Double check and make sure nothing has changed regarding how you are writing .dmp(s)
    SOURCE: http://windows7forums.com/blue-screen-death-bsod/38837-how-ask-help-bsod-problem.html#post140795


    In the mean time I don't suppose a little TLC would hurt at you discretion perhaps a disk cleanup with either the built in utility or Ccleaner, a couple passes with the built in disk defrag utility. From an elevated command prompt
    type chkdsk C: /R answer yes "Y" to the prompt and reboot let it finish all five stages and see what it has to say. Again from an elevated command prompt type sfc /scannow, see if that produces any information.
    Install, update and run Malwarebytes see if that finds anything worth mentioning.
     
    #9 Trouble, Dec 1, 2011
    Last edited: Dec 1, 2011
    1 person likes this.
  10. mcginnis

    mcginnis New Member

    Joined:
    Nov 30, 2011
    Messages:
    32
    Likes Received:
    1
    Done :) The small memory dump wasn't selected so I did that and everything else. ^_^ Thanks for the TLC. lol have forgotten to do that for a while.
     
    1 person likes this.
  11. mcginnis

    mcginnis New Member

    Joined:
    Nov 30, 2011
    Messages:
    32
    Likes Received:
    1
    Guess I should wait for it to crash again? :/
     
  12. Trouble

    Trouble Noob Whisperer

    Joined:
    Nov 30, 2009
    Messages:
    13,845
    Likes Received:
    833
    Yes, I think that's where we are right now.
    Any new .dmp(s) attach to your next post and we'll proceed from there.
     
  13. gamerk2

    gamerk2 Well-Known Member

    Joined:
    Dec 2, 2011
    Messages:
    13
    Likes Received:
    0
    My thought, from lots of past experiance: IRQL Blue Screens are either due to shoddy drivers, or faulty RAM. In either case, the module that crashes is usually not the root cause, just the bystander that got hit by the effects. A memory diagnostic using either Memtest86 or Microsoft Memory Diagnostic couldn't hurt, just to rule out the case of bad RAM.
     
  14. mcginnis

    mcginnis New Member

    Joined:
    Nov 30, 2011
    Messages:
    32
    Likes Received:
    1
    Thanks :D I'll do that and see if there's any errors.
     
  15. mcginnis

    mcginnis New Member

    Joined:
    Nov 30, 2011
    Messages:
    32
    Likes Received:
    1
    Did memtest86 for 8 hrs with no errors. :) Don't think it's my RAM.
     
    #15 mcginnis, Dec 3, 2011
    Last edited: Dec 3, 2011
  16. mcginnis

    mcginnis New Member

    Joined:
    Nov 30, 2011
    Messages:
    32
    Likes Received:
    1
    Well I was hoping it wouldn't BSOD anymore but yep happened again tonight. :( Gave me a dump file though so let me know if anything screams out.
     

    Attached Files:

  17. Trouble

    Trouble Noob Whisperer

    Joined:
    Nov 30, 2009
    Messages:
    13,845
    Likes Received:
    833
    Update the following drivers
    GEARAspiWDM.sys 8/7/2006 from here Driver updates - GEAR Software
    adfs.SYS 11/3/2008 Adobe Drive File System Driver
    mcdbus.sys 2/24/2009 MagicISO SCSI Host Controller
    netr28ux.sys 5/24/2009 Looks like a RaLink 2870, you might give this link a try Ralink-A MEDIATEK COMPANY best to confirm first exactly what type of network adapter it is.
    FileLock.sys 5/30/2009 File Lock Kernel Modual from Gili Soft Inc.
    All are pre-Windows 7 RTM and should be updated if possible. If not then uninstalled by uninstalling the associated software or device. Or as a last resort consider renaming the file extension .sys to .BAK easily reversed if problem present.
    Additionally it looks like you have a relatively old version of True Image from Acronis installed
    snapman.sys 9/8/2009
    timntr.sys 8/17/2009
    Not sure about its' compatibility with Windows 7, you may want to consider upgrading that as well.
    Nothing spectacular about the
    DUMP:
    Code:
    .....
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    Use !analyze -v to get detailed debugging information.
    BugCheck D1, {28000e003f, 2, 0, fffff88004d3e6e7}
    [COLOR=#ff0000][U][B]Probably caused by : USBPORT.SYS[/B][/U][/COLOR] ( USBPORT!USBPORT_Core_iCheckAbortList+c3 )
    Followup: MachineOwner
    ---------
    0: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
    An attempt was made to access a pageable (or completely invalid) address at an
    interrupt request level (IRQL) that is too high.  [COLOR=#ff0000][U][B]This is usually
    caused by drivers using improper addresses.[/B][/U][/COLOR]
    If kernel debugger is available get stack backtrace.
    Arguments:
    Arg1: 00000028000e003f, memory referenced
    Arg2: 0000000000000002, IRQL
    Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
    Arg4: fffff88004d3e6e7, address which referenced memory
    Debugging Details:
    ------------------
    READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80003907100
     00000028000e003f 
    CURRENT_IRQL:  2
    FAULTING_IP: 
    USBPORT!USBPORT_Core_iCheckAbortList+c3
    fffff880`04d3e6e7 8b5740          mov     edx,dword ptr [rdi+40h]
    CUSTOMER_CRASH_COUNT:  1
    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
    BUGCHECK_STR:  0xD1
    PROCESS_NAME:  System
    TRAP_FRAME:  fffff80000b9c940 -- (.trap 0xfffff80000b9c940)
    NOTE: The trap frame does not contain all registers.
    Some register values may be zeroed or incorrect.
    rax=00000000fe3dbc49 rbx=0000000000000000 rcx=fffffa80090a7920
    rdx=fffffa8008eb91a0 rsi=0000000000000000 rdi=0000000000000000
    rip=fffff88004d3e6e7 rsp=fffff80000b9cad0 rbp=fffffa800733c260
     r8=0000000058726261  r9=000000000000000b r10=00000000ffffffff
    r11=fffffa8008eb91a0 r12=0000000000000000 r13=0000000000000000
    r14=0000000000000000 r15=0000000000000000
    iopl=0         nv up ei ng nz na pe nc
    USBPORT!USBPORT_Core_iCheckAbortList+0xc3:
    fffff880`04d3e6e7 8b5740          mov     edx,dword ptr [rdi+40h] ds:c390:00000000`00000040=????????
    Resetting default scope
    LAST_CONTROL_TRANSFER:  from fffff800036d41e9 to fffff800036d4c40
    STACK_TEXT:  
    fffff800`00b9c7f8 fffff800`036d41e9 : 00000000`0000000a 00000028`000e003f 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
    fffff800`00b9c800 fffff800`036d2e60 : ffffffff`00000000 fffffa80`0a9fd2b0 fffffa80`08eb9ba0 fffffa80`08eb9050 : nt!KiBugCheckDispatch+0x69
    fffff800`00b9c940 fffff880`04d3e6e7 : fffffa80`0a9fd7b0 fffffa80`07438cc0 fffffa80`08eb9050 fffff880`04d379b9 : nt!KiPageFault+0x260
    fffff800`00b9cad0 fffff880`04d3ac9a : fffffa80`08eb9eb0 00000000`ffffffff fffffa80`08eb9050 fffff880`04d3956a : USBPORT!USBPORT_Core_iCheckAbortList+0xc3
    fffff800`00b9cb20 fffff880`04d3bb0f : fffffa80`0733c202 fffffa80`0ae3bc60 00000000`ffffffff fffffa80`08eb9eb0 : USBPORT!USBPORT_Core_iCompleteDoneTransfer+0x7e
    fffff800`00b9cc00 fffff880`04d3966f : fffffa80`08eb9eb0 fffffa80`08eb91a0 fffffa80`08eba050 00000000`00000000 : USBPORT!USBPORT_Core_iIrpCsqCompleteDoneTransfer+0x3a7
    fffff800`00b9cc60 fffff880`04d2af89 : fffffa80`08eb9050 00000000`00000000 fffffa80`08eb9e02 fffffa80`08eb9eb0 : USBPORT!USBPORT_Core_UsbIocDpc_Worker+0xf3
    fffff800`00b9cca0 fffff800`036e00ac : fffff800`0384ae80 fffffa80`08eb9eb0 fffffa80`08eb9ec8 00000000`00000000 : USBPORT!USBPORT_Xdpc_Worker+0x1d9
    fffff800`00b9ccd0 fffff800`036cc96a : fffff800`0384ae80 fffff800`03858cc0 00000000`00000000 fffff880`04d2adb0 : nt!KiRetireDpcList+0x1bc
    fffff800`00b9cd80 00000000`00000000 : fffff800`00b9d000 fffff800`00b97000 fffff800`00b9cd40 00000000`00000000 : nt!KiIdleLoop+0x5a
    STACK_COMMAND:  kb
    FOLLOWUP_IP: 
    USBPORT!USBPORT_Core_iCheckAbortList+c3
    fffff880`04d3e6e7 8b5740          mov     edx,dword ptr [rdi+40h]
    SYMBOL_STACK_INDEX:  3
    SYMBOL_NAME:  USBPORT!USBPORT_Core_iCheckAbortList+c3
    FOLLOWUP_NAME:  MachineOwner
    MODULE_NAME: USBPORT
    IMAGE_NAME:  USBPORT.SYS
    DEBUG_FLR_IMAGE_TIMESTAMP:  4d8c0c08
    FAILURE_BUCKET_ID:  X64_0xD1_USBPORT!USBPORT_Core_iCheckAbortList+c3
    BUCKET_ID:  X64_0xD1_USBPORT!USBPORT_Core_iCheckAbortList+c3
    Followup: MachineOwner
    
     
    1 person likes this.
  18. Trouble

    Trouble Noob Whisperer

    Joined:
    Nov 30, 2009
    Messages:
    13,845
    Likes Received:
    833
    In addition to the ones listed above I just found one other driver that deserves some immediate attention as well
    sptd.sys 03/22/2009 Usually associated with Daemon Tools use the utility found here DuplexSecure - Downloads make sure go get the one for your architecture (32 or 64 bit) and be sure to click Uninstall to remove it.
    Sorry I missed it earlier.
     
    1 person likes this.
  19. mcginnis

    mcginnis New Member

    Joined:
    Nov 30, 2011
    Messages:
    32
    Likes Received:
    1
    Thanks! I did that but I guess I'll wait for another...crash. XD
     
  20. Trouble

    Trouble Noob Whisperer

    Joined:
    Nov 30, 2009
    Messages:
    13,845
    Likes Received:
    833
    We'll be here.
     
    1 person likes this.

Share This Page

Loading...