BSOD still going on

Discussion in 'Windows 7 Blue Screen of Death (BSOD)' started by nkwablahii, Oct 4, 2011.

  1. nkwablahii

    nkwablahii New Member

    Joined:
    Sep 8, 2011
    Messages:
    22
    Likes Received:
    0
    I have been having BSOD's from 2 weeks of owning this laptop. I have reinstalled windows and drivers, hard drive and soun card replaced.. still BSOD. please find attached the dmp files i have gotten.

    please help
     

    Attached Files:

    #1 nkwablahii, Oct 4, 2011
    Last edited: Oct 4, 2011
  2. Trouble

    Trouble Noob Whisperer

    Joined:
    Nov 30, 2009
    Messages:
    13,845
    Likes Received:
    833
    With only a single dump file and three drivers identified within it as potential offending parties, I would start by completely removing Norton/Symantec. Control panel, programs and features, uninstall, followed up by the vendor specific proprietary removal tools, google it.
    If blue screens persist, please attach new dump files.
    Regards
    Randy
     
  3. nkwablahii

    nkwablahii New Member

    Joined:
    Sep 8, 2011
    Messages:
    22
    Likes Received:
    0
    Hi Randy,
    Thank you very much. I removed norton anti-virus and put on avg free anti virus just to keep me safe as i monitor the situation.

    I have 2 other dmp files fro the origianl BSOD(not after removing norton) but the file manager is not allowing me to attach one of them. I have attached the other one though.

    I really appreciate your help

    Nathan
     

    Attached Files:

  4. Trouble

    Trouble Noob Whisperer

    Joined:
    Nov 30, 2009
    Messages:
    13,845
    Likes Received:
    833
    First of all let me apologize for not making my standard recommendation of replacing any such antivirus product with MSE.
    And now you have another antivirus product which is often associated with BSODs to remove.
    Norton vendor specific removal tool from here
    AVG vendor specific removal tool from here
    Make sure to choose the correct version of the removal tool for you system and installed product.
    I'll look at the other dump file that you've attached, but I'm actually hoping to see one that does not include any AVG or Symantec product until we are able to isolate your actual issues. Microsoft Security Essentials has been pretty BSOD friendly and supplies adequate protection. You can always return to the product of your choice should either or neither prove to be at issue.
     
  5. Trouble

    Trouble Noob Whisperer

    Joined:
    Nov 30, 2009
    Messages:
    13,845
    Likes Received:
    833
    Looked at the other dump file and the thing that the both have in common is Norton/Symantec.
    And although they appear to be only 7 minutes apart they do not share two driver files which are identified in the latest
    NETwNs64.sys 1/4/2011 Looks to be an Intel Wireless Adapter driver
    and probably a product of having installed the above driver
    afd.sys 4/24/2011 Ancillary Function Driver for WinSock (Microsoft)
    I wouldn't worry about either of these two for now, until we can be sure that nothing remains from either Norton/Symantec or AVG. If Blue Screens persist after the complete removal of both those products, post the new ones and we'll look more closely.
     
  6. nkwablahii

    nkwablahii New Member

    Joined:
    Sep 8, 2011
    Messages:
    22
    Likes Received:
    0
    thank you very much. avg is gone .. thank you. lik eyou said, after installing avg i had a bsd, i have now removed it and installed MSE.

    i will update you

    your assistance is greatly appreciated
     
  7. nkwablahii

    nkwablahii New Member

    Joined:
    Sep 8, 2011
    Messages:
    22
    Likes Received:
    0
    HI randy , i just had multiple BSOD's with different error messages. Please find attached the dmp files.

    thank you
     

    Attached Files:

  8. Trouble

    Trouble Noob Whisperer

    Joined:
    Nov 30, 2009
    Messages:
    13,845
    Likes Received:
    833
    According to that dump file it looks like AVG is still present
    AVGIDSDriver.Sys 7/10/2011 17:36
    AVGIDSFilter.Sys 7/10/2011 17:37
    avgldx64.sys 7/10/2011 17:42
    avgrkx64.sys 7/10/2011 17:43
    avgtdia.sys 7/10/2011 17:46
    avgmfx64.sys 8/7/2011 22:41
    Try running the vendor specific proprietary removal tool again and see if that will get rid of all remnants.
    DUMP FILE:
    Code:
    .......
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    Use !analyze -v to get detailed debugging information.
    
    BugCheck F7, {20007340148, f88000dcf160, ffff077fff230e9f, 0}
    
    Probably caused by : fltmgr.sys ( fltmgr!_report_gsfailure+26 )
    
    Followup: MachineOwner
    ---------
    
    0: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    DRIVER_OVERRAN_STACK_BUFFER (f7)
    A driver has overrun a stack-based buffer.  This overrun could potentially
    allow a malicious user to gain control of this machine.
    [COLOR=#b22222][U][I][B]DESCRIPTION
    A driver overran a stack-based buffer (or local variable) in a way that would
    have overwritten the function's return address and jumped back to an arbitrary
    address when the function returned.  This is the classic "buffer overrun"
    hacking attack and the system has been brought down to prevent a malicious user
    from gaining complete control of it.[/B][/I][/U][/COLOR]
    Do a kb to get a stack backtrace -- the last routine on the stack before the
    buffer overrun handlers and bugcheck call is the one that overran its local
    variable(s).
    Arguments:
    Arg1: 0000020007340148, Actual security check cookie from the stack
    Arg2: 0000f88000dcf160, Expected security check cookie
    Arg3: ffff077fff230e9f, Complement of the expected security check cookie
    Arg4: 0000000000000000, zero
    
    Debugging Details:
    ------------------
    
    
    DEFAULT_BUCKET_ID:  GS_FALSE_POSITIVE_MISSING_GSFRAME
    
    SECURITY_COOKIE:  Expected 0000f88000dcf160 found 0000020007340148
    
    CUSTOMER_CRASH_COUNT:  1
    
    BUGCHECK_STR:  0xF7
    
    PROCESS_NAME:  System
    
    CURRENT_IRQL:  0
    
    EXCEPTION_RECORD:  fffff8800337e568 -- (.exr 0xfffff8800337e568)
    ExceptionAddress: fffff88000db4020 (fltmgr!FltpPerformFastIoCall+0x0000000000000010)
       ExceptionCode: c0000005 (Access violation)
      ExceptionFlags: 00000000
    NumberParameters: 2
       Parameter[0]: 0000000000000000
       Parameter[1]: 0000000000000008
    Attempt to read from address 0000000000000008
    
    TRAP_FRAME:  fffff8800337e610 -- (.trap 0xfffff8800337e610)
    Unable to read trap frame at fffff880`0337e610
    
    LAST_CONTROL_TRANSFER:  from fffff88000dbc3d6 to fffff80002ce2c40
    
    STACK_TEXT:  
    fffff880`0337d608 fffff880`00dbc3d6 : 00000000`000000f7 00000200`07340148 0000f880`00dcf160 ffff077f`ff230e9f : nt!KeBugCheckEx
    fffff880`0337d610 fffff880`00dbc4cf : 00000000`00000000 00000000`00000002 fffff880`0337ddc0 fffff800`02d0e830 : fltmgr!_report_gsfailure+0x26
    fffff880`0337d650 fffff800`02d0e4fd : fffff880`00dd1000 fffff880`00dcadec fffff880`00db3000 fffff880`0337e568 : fltmgr!_GSHandlerCheck+0x13
    fffff880`0337d680 fffff800`02d0d2d5 : fffff880`00dcc1b4 fffff880`0337d6f8 fffff880`0337e568 fffff880`00db3000 : nt!RtlpExecuteHandlerForException+0xd
    fffff880`0337d6b0 fffff800`02d1e361 : fffff880`0337e568 fffff880`0337ddc0 fffff880`00000000 00000000`00000000 : nt!RtlDispatchException+0x415
    fffff880`0337dd90 fffff800`02ce22c2 : fffff880`0337e568 00000000`00000001 fffff880`0337e610 fffff8a0`0149d8f0 : nt!KiDispatchException+0x135
    fffff880`0337e430 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiExceptionDispatch+0xc2
    
    
    STACK_COMMAND:  kb
    
    FOLLOWUP_IP: 
    fltmgr!_report_gsfailure+26
    fffff880`00dbc3d6 cc              int     3
    
    SYMBOL_STACK_INDEX:  1
    
    SYMBOL_NAME:  fltmgr!_report_gsfailure+26
    
    FOLLOWUP_NAME:  MachineOwner
    
    MODULE_NAME: fltmgr
    
    IMAGE_NAME:  fltmgr.sys
    
    DEBUG_FLR_IMAGE_TIMESTAMP:  4ce7929c
    
    FAILURE_BUCKET_ID:  X64_0xF7_MISSING_GSFRAME_fltmgr!_report_gsfailure+26
    
    BUCKET_ID:  X64_0xF7_MISSING_GSFRAME_fltmgr!_report_gsfailure+26
    
    Followup: MachineOwner
    
    Additionally if you have any reason to believe that your machine has actually been infected by any malicious software (virus / malware) you may want to get some free help from these resources.
    Malware, Malicious Software Removal Tool, Protect Your Computer
    Microsoft Safety Scanner - Antivirus | Remove Spyware, Malware, Viruses Free
    http://www.superantispyware.com/download.html
    Sorry for the delay, real life busy.
    Regards
    Randy
     
    #8 Trouble, Oct 4, 2011
    Last edited: Oct 4, 2011
    1 person likes this.
  9. nkwablahii

    nkwablahii New Member

    Joined:
    Sep 8, 2011
    Messages:
    22
    Likes Received:
    0
    hi Randy
    So i run the anti virus software programs and used the avg proprietary uninstall tool. I realized the laptop stays on for about 4 hours and then a bsod . once again i have attached an associated dmp file.

    thank you once again for your help. i apologize for the continuous many posts
     

    Attached Files:

  10. Trouble

    Trouble Noob Whisperer

    Joined:
    Nov 30, 2009
    Messages:
    13,845
    Likes Received:
    833
    Greetings. Looks like you've managed to rid you PC of the other issues we had been discussing and now your latest dump file has gone in a completely new direction and the current issues seems to be related to more of a power configuration issue, possibly related to sleep or some other hybrid power saving state.
    Please take some time a have a look at these two links to see what might be going on with your present power settings.
    Using PowerCfg to Evaluate System Energy Efficiency (download the .docx, if you don't have word 2010 installed the office word viewer application is available through the same link).
    How Do I: Use PowerCfg in Windows 7? (video walkthough of how to use the powercfg command from an elevated command prompt)
    Keep in mind that some older legacy hardware may have issues with the Windows 7 power saving APIs and some laptop manufacturer's include there own power saving utility which may conflict. You may need to check with your laptop manufacturer for driver updates specific for your installed hardware, paying particular attention to any power related applications, as well as possible Chipset, Video, Audio, LAN (wireless and wired), as well as possible BIOS updates.
    DUMP FILES:
    Code:
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    IRQL_NOT_LESS_OR_EQUAL (a)
    An attempt was made to access a pageable (or completely invalid) address at an
    interrupt request level (IRQL) that is too high.  This is usually
    caused by drivers using improper addresses.
    If a kernel debugger is available get the stack backtrace.
    Arguments:
    Arg1: 0000000000000001, memory referenced
    Arg2: 0000000000000002, IRQL
    Arg3: 0000000000000001, bitfield :
        bit 0 : value 0 = read operation, 1 = write operation
        bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
    Arg4: fffff80002c98c0e, address which referenced memory
    
    Debugging Details:
    ------------------
    
    
    WORKER_ROUTINE: 
    +6465363863633935
    00000000`00000001 ??              ???
    
    WORK_ITEM:  fffff80002c98c0e
    
    CURRENT_IRQL:  2
    
    CUSTOMER_CRASH_COUNT:  1
    
    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
    
    BUGCHECK_STR:  0xA
    
    PROCESS_NAME:  System
    
    TRAP_FRAME:  fffff880033a0bf0 -- (.trap 0xfffff880033a0bf0)
    NOTE: The trap frame does not contain all registers.
    Some register values may be zeroed or incorrect.
    rax=0000000000000001 rbx=0000000000000000 rcx=0000000000000000
    rdx=fffffa80070ebac0 rsi=0000000000000000 rdi=0000000000000000
    rip=fffff80002c98c0e rsp=fffff880033a0d80 rbp=0000000000000000
     r8=0000000000000000  r9=0000000000000000 r10=0000000000000000
    r11=fffff880031d5180 r12=0000000000000000 r13=0000000000000000
    r14=0000000000000000 r15=0000000000000000
    iopl=0         nv up ei ng nz na po cy
    nt!KiSignalSynchronizationObject+0x4e:
    fffff800`02c98c0e 488908          mov     qword ptr [rax],rcx ds:00000000`00000001=????????????????
    Resetting default scope
    
    LOCK_ADDRESS:  fffff80002e90b80 -- (!locks fffff80002e90b80)
    
    Resource @ nt!PiEngineLock (0xfffff80002e90b80)    Available
    
    WARNING: SystemResourcesList->Flink chain invalid. Resource may be corrupted, or already deleted.
    
    
    WARNING: SystemResourcesList->Blink chain invalid. Resource may be corrupted, or already deleted.
    
    1 total locks
    
    PNP_TRIAGE: 
        Lock address  : 0xfffff80002e90b80
        Thread Count  : 0
        Thread address: 0x0000000000000000
        Thread wait   : 0x0
    
    LAST_CONTROL_TRANSFER:  from fffff80002c911e9 to fffff80002c91c40
    
    STACK_TEXT:  
    fffff880`033a0aa8 fffff800`02c911e9 : 00000000`0000000a 00000000`00000001 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
    fffff880`033a0ab0 fffff800`02c8fe60 : 00000000`00000000 00000000`00000000 00000000`00000000 fffffa80`070ebac8 : nt!KiBugCheckDispatch+0x69
    fffff880`033a0bf0 fffff800`02c98c0e : 00000000`00000000 00000000`00000000 00000000`00000000 fffff800`02f66384 : nt!KiPageFault+0x260
    fffff880`033a0d80 fffff800`02c95ca6 : 00000000`00000000 00000000`00000801 00000000`00000000 00000000`00000000 : nt!KiSignalSynchronizationObject+0x4e
    fffff880`033a0dd0 fffff880`00effb8c : 00000000`00000000 00000000`00000000 fffff880`031d5100 fffff880`00ea68e9 : nt!KeSetEvent+0x106
    fffff880`033a0e40 fffff880`00eff74e : fffff8a0`00641000 00000000`00000030 00000000`0000000f fffff880`033a0f28 : Wdf01000!FxWaitLockTransactionedList::ReleaseLock+0x18
    fffff880`033a0e70 fffff880`00f11b88 : 00000000`00000008 00000000`00000000 00000000`00000004 fffff880`033a0f40 : Wdf01000!FxTransactionedList::LockForEnum+0x2e
    fffff880`033a0ea0 fffff880`00f10b53 : 00000000`00000000 00000000`00000000 fffff880`00f25600 fffffa80`072a8b60 : Wdf01000!FxPkgPnp::PowerDmaEnableAndScan+0xb4
    fffff880`033a0ed0 fffff880`00f106eb : 00000000`00000311 00000000`00000000 fffff880`00f255e0 00000000`00000000 : Wdf01000!FxPkgPnp::PowerD0StartingDmaEnable+0xb
    fffff880`033a0f00 fffff880`00f1038e : fffffa80`072a8b60 00000000`00000040 fffff880`00f253e0 00000000`00000040 : Wdf01000!FxPkgPnp::PowerEnterNewState+0x1db
    fffff880`033a1030 fffff880`00f1006c : 00000000`00000000 00000000`00000040 fffff880`00f22da0 fffffa80`072a8b60 : Wdf01000!FxPkgPnp::PowerProcessEventInner+0x13e
    fffff880`033a10a0 fffff880`00f19c34 : 00000000`00000000 00000000`00000000 fffffa80`072a8b60 fffff880`00f22da0 : Wdf01000!FxPkgPnp::PowerProcessEvent+0x1d4
    fffff880`033a1130 fffff880`00f19b37 : 00000000`00000000 00000000`00000000 fffff880`00f22da0 fffff880`00f1415c : Wdf01000!FxPkgPnp::PowerPolStarting+0x50
    fffff880`033a1160 fffff880`00f19691 : fffffa80`072a8b60 00000000`00000001 fffff880`00f22d80 00000000`00000001 : Wdf01000!FxPkgPnp::PowerPolicyEnterNewState+0x1db
    fffff880`033a1290 fffff880`00f19372 : 00000000`00000000 00000000`00000001 00000000`00000000 00000000`00000000 : Wdf01000!FxPkgPnp::PowerPolicyProcessEventInner+0x139
    fffff880`033a1300 fffff880`00f15a45 : 00000000`00000000 00000000`00000000 00000000`00000108 00000000`00000000 : Wdf01000!FxPkgPnp::PowerPolicyProcessEvent+0x1e2
    fffff880`033a1390 fffff880`00f15841 : 00000000`00000101 00000000`00000108 00000000`00000108 fffff800`02c50400 : Wdf01000!FxPkgPnp::PnpEventHardwareAvailable+0x111
    fffff880`033a13d0 fffff880`00f154fe : fffffa80`072a8b60 fffff880`033a1500 00000000`00000004 fffff880`00f24390 : Wdf01000!FxPkgPnp::PnpEnterNewState+0x1a5
    fffff880`033a1440 fffff880`00f15201 : 00000000`00000000 00000000`00000002 00000000`00000000 fffffa80`072a8b60 : Wdf01000!FxPkgPnp::PnpProcessEventInner+0x122
    fffff880`033a14b0 fffff880`00f0cd9c : 00000000`00000000 fffffa80`072a8b60 fffffa80`0764b010 00000000`00000000 : Wdf01000!FxPkgPnp::PnpProcessEvent+0x1b1
    fffff880`033a1540 fffff880`00f0bdd6 : fffffa80`0729ee70 fffffa80`0764b010 00000000`00000000 fffffa80`072a8b60 : Wdf01000!FxPkgPnp::_PnpStartDevice+0x20
    fffff880`033a1570 fffff880`00edb245 : fffffa80`077d39a0 fffffa80`077d39a0 fffffa80`072a8400 fffff800`02d8bfa0 : Wdf01000!FxPkgPnp::Dispatch+0x1b2
    fffff880`033a15e0 fffff880`00edb14b : 00000000`00000003 fffffa80`077d39a0 fffffa80`0764b010 fffffa80`072a8400 : Wdf01000!FxDevice::Dispatch+0xa9
    fffff880`033a1610 fffff800`0304ad6e : fffffa80`077d39a0 fffffa80`0764b010 fffffa80`072a8400 fffff880`03164180 : Wdf01000!FxDevice::DispatchWithLock+0x93
    fffff880`033a1650 fffff800`02d8287d : fffffa80`049a0e40 fffffa80`0764b010 fffff800`02d8bfa0 00000000`00000000 : nt!PnpAsynchronousCall+0xce
    fffff880`033a1690 fffff800`0305a0b6 : fffff800`02e90940 fffffa80`04994d90 fffffa80`0764b010 fffffa80`04994f38 : nt!PnpStartDevice+0x11d
    fffff880`033a1750 fffff800`0305a354 : fffffa80`04994d90 fffffa80`03ff0062 fffffa80`03ffe710 00000000`00000001 : nt!PnpStartDeviceNode+0x156
    fffff880`033a17e0 fffff800`0307da86 : fffffa80`04994d90 fffffa80`03ffe710 00000000`00000001 00000000`00000103 : nt!PipProcessStartPhase1+0x74
    fffff880`033a1810 fffff800`0307df3c : fffff800`02e8e500 00000000`00000000 00000000`00000000 00000000`00000000 : nt!PipProcessDevNodeTree+0x296
    fffff880`033a1a80 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!PiProcessStartSystemDevices+0x7c
    
    
    STACK_COMMAND:  kb
    
    FOLLOWUP_IP: 
    Wdf01000!FxWaitLockTransactionedList::ReleaseLock+18
    fffff880`00effb8c 4883c428        add     rsp,28h
    
    SYMBOL_STACK_INDEX:  5
    
    SYMBOL_NAME:  Wdf01000!FxWaitLockTransactionedList::ReleaseLock+18
    
    FOLLOWUP_NAME:  MachineOwner
    
    MODULE_NAME: Wdf01000
    
    IMAGE_NAME:  Wdf01000.sys
    
    DEBUG_FLR_IMAGE_TIMESTAMP:  4a5bc19f
    
    FAILURE_BUCKET_ID:  X64_0xA_Wdf01000!FxWaitLockTransactionedList::ReleaseLock+18
    
    BUCKET_ID:  X64_0xA_Wdf01000!FxWaitLockTransactionedList::ReleaseLock+18
    
    Followup: MachineOwner
    
    
     
    1 person likes this.
  11. nkwablahii

    nkwablahii New Member

    Joined:
    Sep 8, 2011
    Messages:
    22
    Likes Received:
    0
    Hi Randy,
    I have run the powercfg and there was a problem with power management with the sleep function. specifically: 'Platform Power Management Capabilities:pCI Express Active-State Power Management (ASPM) Disabled: PCI Express Active-State Power Management (ASPM) has been disabled due to a known incompatibility with the hardware in this computer.' The text provided does not give specific resolution except checking with my manufacturer, a search online shows its a problem out there with no real solution (please correct me if I am wrong). I updated BIOS and display driver as shown as needed. My wireless driver shows as out-of-date, i searched and got intel utility to install and check the driver, it was cleared but still shows as that. after all this i restarted my laptop and before shutdown I got another bsod. I will include the dmp file along with others prior just to know if this power problem is a common feature.

    Thank you so much. I am learning a lot aswell.

    Nathan.
     

    Attached Files:

  12. Trouble

    Trouble Noob Whisperer

    Joined:
    Nov 30, 2009
    Messages:
    13,845
    Likes Received:
    833
    First, have you taken the time to run all of the scanners that I linked to in this post http://windows7forums.com/blue-screen-death-bsod/73357-bsod-still-going.html#post239477
    The only thing that seems to be consistent regarding your dump files, is that there is no apparent consistency.
    The most recent ones seem to be indicating some issues with
    readyboost.sys, usbd.sys (maybe associated if you're using a thumbdrive or other readyboost device) and something called "spsys" (which may be related to the other two or could possibly be a virus, no spsys.sys in your loaded drivers so I'm not sure what it is).
    I think it's time to get some more relative information from you regarding your system specs. Please read this http://windows7forums.com/windows-7-support/72212-help-us-help-you-filling-your-system-specs.html
    Additionally read the first post here http://windows7forums.com/blue-screen-death-bsod/38837-how-ask-help-bsod-problem.html#post140678 . Accumulate the information requested, from CPUz (All slots under the SPD tab) export the html report from RAMMon, download and run (right click the executable and choose run as administrator) the Captain's W7 Diagnostic Tool, put everything in a folder on your desktop, zip it up and attach it to your next post.
    Thanks
    Randy
     
  13. nkwablahii

    nkwablahii New Member

    Joined:
    Sep 8, 2011
    Messages:
    22
    Likes Received:
    0
    HI Randy thank you. I have filled in the specs sheet to the best of my ability. The only portion i could not ill out was my Power supply unit info.

    I have attached the zip containing the information gathered from the various programs you recommended.

    I must add though in the past 20hours of using my pc (active usage 13 hours) i have not had a bsod as yet. There was only one spontaneous shut down with no blue screen error seen. However i will still like to get to the bottom of this just incase it returns

    thank you
    Nathan.
     

    Attached Files:

Share This Page

Loading...