Windows 7 BSOD still going on

[nkwablahii]

I have been having BSOD's from 2 weeks of owning this laptop. I have reinstalled windows and drivers, hard drive and soun card replaced.. still BSOD. please find attached the dmp files i have gotten.

please help

 

[Trouble]

With only a single dump file and three drivers identified within it as potential offending parties, I would start by completely removing Norton/Symantec. Control panel, programs and features, uninstall, followed up by the vendor specific proprietary removal tools, google it.
If blue screens persist, please attach new dump files.
Regards
Randy

 

[nkwablahii]

Hi Randy,
Thank you very much. I removed norton anti-virus and put on avg free anti virus just to keep me safe as i monitor the situation.

I have 2 other dmp files fro the origianl BSOD(not after removing norton) but the file manager is not allowing me to attach one of them. I have attached the other one though.

I really appreciate your help

Nathan

 

[Trouble]

First of all let me apologize for not making my standard recommendation of replacing any such antivirus product with Link Removed due to 404 Error.
And now you have another antivirus product which is often associated with BSODs to remove.
Norton vendor specific removal tool from here
AVG vendor specific removal tool from here
Make sure to choose the correct version of the removal tool for you system and installed product.
I'll look at the other dump file that you've attached, but I'm actually hoping to see one that does not include any AVG or Symantec product until we are able to isolate your actual issues. Microsoft Security Essentials has been pretty BSOD friendly and supplies adequate protection. You can always return to the product of your choice should either or neither prove to be at issue.

 

[Trouble]

Looked at the other dump file and the thing that the both have in common is Norton/Symantec.
And although they appear to be only 7 minutes apart they do not share two driver files which are identified in the latest
NETwNs64.sys 1/4/2011 Looks to be an Intel Wireless Adapter driver
and probably a product of having installed the above driver
afd.sys 4/24/2011 Ancillary Function Driver for WinSock (Microsoft)
I wouldn't worry about either of these two for now, until we can be sure that nothing remains from either Norton/Symantec or AVG. If Blue Screens persist after the complete removal of both those products, post the new ones and we'll look more closely.

 

[nkwablahii]

thank you very much. avg is gone .. thank you. lik eyou said, after installing avg i had a bsd, i have now removed it and installed MSE.

i will update you

your assistance is greatly appreciated

 

[nkwablahii]

HI randy , i just had multiple BSOD's with different error messages. Please find attached the dmp files.

thank you

 

[Trouble]

According to that dump file it looks like AVG is still present
AVGIDSDriver.Sys 7/10/2011 17:36
AVGIDSFilter.Sys 7/10/2011 17:37
avgldx64.sys 7/10/2011 17:42
avgrkx64.sys 7/10/2011 17:43
avgtdia.sys 7/10/2011 17:46
avgmfx64.sys 8/7/2011 22:41
Try running the vendor specific proprietary removal tool again and see if that will get rid of all remnants.
DUMP FILE:

.......
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck F7, {20007340148, f88000dcf160, ffff077fff230e9f, 0}

Probably caused by : fltmgr.sys ( fltmgr!_report_gsfailure+26 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_OVERRAN_STACK_BUFFER (f7)
A driver has overrun a stack-based buffer.  This overrun could potentially
allow a malicious user to gain control of this machine.
[COLOR=#b22222][U][I][B]DESCRIPTION
A driver overran a stack-based buffer (or local variable) in a way that would
have overwritten the function's return address and jumped back to an arbitrary
address when the function returned.  This is the classic "buffer overrun"
hacking attack and the system has been brought down to prevent a malicious user
from gaining complete control of it.[/B][/I][/U][/COLOR]
Do a kb to get a stack backtrace -- the last routine on the stack before the
buffer overrun handlers and bugcheck call is the one that overran its local
variable(s).
Arguments:
Arg1: 0000020007340148, Actual security check cookie from the stack
Arg2: 0000f88000dcf160, Expected security check cookie
Arg3: ffff077fff230e9f, Complement of the expected security check cookie
Arg4: 0000000000000000, zero

Debugging Details:
------------------


DEFAULT_BUCKET_ID:  GS_FALSE_POSITIVE_MISSING_GSFRAME

SECURITY_COOKIE:  Expected 0000f88000dcf160 found 0000020007340148

CUSTOMER_CRASH_COUNT:  1

BUGCHECK_STR:  0xF7

PROCESS_NAME:  System

CURRENT_IRQL:  0

EXCEPTION_RECORD:  fffff8800337e568 -- (.exr 0xfffff8800337e568)
ExceptionAddress: fffff88000db4020 (fltmgr!FltpPerformFastIoCall+0x0000000000000010)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 0000000000000000
   Parameter[1]: 0000000000000008
Attempt to read from address 0000000000000008

TRAP_FRAME:  fffff8800337e610 -- (.trap 0xfffff8800337e610)
Unable to read trap frame at fffff880`0337e610

LAST_CONTROL_TRANSFER:  from fffff88000dbc3d6 to fffff80002ce2c40

STACK_TEXT:  
fffff880`0337d608 fffff880`00dbc3d6 : 00000000`000000f7 00000200`07340148 0000f880`00dcf160 ffff077f`ff230e9f : nt!KeBugCheckEx
fffff880`0337d610 fffff880`00dbc4cf : 00000000`00000000 00000000`00000002 fffff880`0337ddc0 fffff800`02d0e830 : fltmgr!_report_gsfailure+0x26
fffff880`0337d650 fffff800`02d0e4fd : fffff880`00dd1000 fffff880`00dcadec fffff880`00db3000 fffff880`0337e568 : fltmgr!_GSHandlerCheck+0x13
fffff880`0337d680 fffff800`02d0d2d5 : fffff880`00dcc1b4 fffff880`0337d6f8 fffff880`0337e568 fffff880`00db3000 : nt!RtlpExecuteHandlerForException+0xd
fffff880`0337d6b0 fffff800`02d1e361 : fffff880`0337e568 fffff880`0337ddc0 fffff880`00000000 00000000`00000000 : nt!RtlDispatchException+0x415
fffff880`0337dd90 fffff800`02ce22c2 : fffff880`0337e568 00000000`00000001 fffff880`0337e610 fffff8a0`0149d8f0 : nt!KiDispatchException+0x135
fffff880`0337e430 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiExceptionDispatch+0xc2


STACK_COMMAND:  kb

FOLLOWUP_IP: 
fltmgr!_report_gsfailure+26
fffff880`00dbc3d6 cc              int     3

SYMBOL_STACK_INDEX:  1

SYMBOL_NAME:  fltmgr!_report_gsfailure+26

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: fltmgr

IMAGE_NAME:  fltmgr.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4ce7929c

FAILURE_BUCKET_ID:  X64_0xF7_MISSING_GSFRAME_fltmgr!_report_gsfailure+26

BUCKET_ID:  X64_0xF7_MISSING_GSFRAME_fltmgr!_report_gsfailure+26

Followup: MachineOwner

Additionally if you have any reason to believe that your machine has actually been infected by any malicious software (virus / malware) you may want to get some free help from these resources.
Malware, Malicious Software Removal Tool, Protect Your Computer
Microsoft Safety Scanner - Antivirus | Remove Spyware, Malware, Viruses Free
http://www.superantispyware.com/download.html
Sorry for the delay, real life busy.
Regards
Randy

 

[nkwablahii]

hi Randy
So i run the anti virus software programs and used the avg proprietary uninstall tool. I realized the laptop stays on for about 4 hours and then a bsod . once again i have attached an associated dmp file.

thank you once again for your help. i apologize for the continuous many posts

 

[Trouble]

Greetings. Looks like you've managed to rid you PC of the other issues we had been discussing and now your latest dump file has gone in a completely new direction and the current issues seems to be related to more of a power configuration issue, possibly related to sleep or some other hybrid power saving state.
Please take some time a have a look at these two links to see what might be going on with your present power settings.
Using PowerCfg to Evaluate System Energy Efficiency (download the .docx, if you don't have word 2010 installed the office word viewer application is available through the same link).
How Do I: Use PowerCfg in Windows 7? (video walkthough of how to use the powercfg command from an elevated command prompt)
Keep in mind that some older legacy hardware may have issues with the Windows 7 power saving APIs and some laptop manufacturer's include there own power saving utility which may conflict. You may need to check with your laptop manufacturer for driver updates specific for your installed hardware, paying particular attention to any power related applications, as well as possible Chipset, Video, Audio, LAN (wireless and wired), as well as possible BIOS updates.
DUMP FILES:

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0000000000000001, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, bitfield :
    bit 0 : value 0 = read operation, 1 = write operation
    bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff80002c98c0e, address which referenced memory

Debugging Details:
------------------


WORKER_ROUTINE: 
+6465363863633935
00000000`00000001 ??              ???

WORK_ITEM:  fffff80002c98c0e

CURRENT_IRQL:  2

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0xA

PROCESS_NAME:  System

TRAP_FRAME:  fffff880033a0bf0 -- (.trap 0xfffff880033a0bf0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000001 rbx=0000000000000000 rcx=0000000000000000
rdx=fffffa80070ebac0 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002c98c0e rsp=fffff880033a0d80 rbp=0000000000000000
 r8=0000000000000000  r9=0000000000000000 r10=0000000000000000
r11=fffff880031d5180 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei ng nz na po cy
nt!KiSignalSynchronizationObject+0x4e:
fffff800`02c98c0e 488908          mov     qword ptr [rax],rcx ds:00000000`00000001=????????????????
Resetting default scope

LOCK_ADDRESS:  fffff80002e90b80 -- (!locks fffff80002e90b80)

Resource @ nt!PiEngineLock (0xfffff80002e90b80)    Available

WARNING: SystemResourcesList->Flink chain invalid. Resource may be corrupted, or already deleted.


WARNING: SystemResourcesList->Blink chain invalid. Resource may be corrupted, or already deleted.

1 total locks

PNP_TRIAGE: 
    Lock address  : 0xfffff80002e90b80
    Thread Count  : 0
    Thread address: 0x0000000000000000
    Thread wait   : 0x0

LAST_CONTROL_TRANSFER:  from fffff80002c911e9 to fffff80002c91c40

STACK_TEXT:  
fffff880`033a0aa8 fffff800`02c911e9 : 00000000`0000000a 00000000`00000001 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
fffff880`033a0ab0 fffff800`02c8fe60 : 00000000`00000000 00000000`00000000 00000000`00000000 fffffa80`070ebac8 : nt!KiBugCheckDispatch+0x69
fffff880`033a0bf0 fffff800`02c98c0e : 00000000`00000000 00000000`00000000 00000000`00000000 fffff800`02f66384 : nt!KiPageFault+0x260
fffff880`033a0d80 fffff800`02c95ca6 : 00000000`00000000 00000000`00000801 00000000`00000000 00000000`00000000 : nt!KiSignalSynchronizationObject+0x4e
fffff880`033a0dd0 fffff880`00effb8c : 00000000`00000000 00000000`00000000 fffff880`031d5100 fffff880`00ea68e9 : nt!KeSetEvent+0x106
fffff880`033a0e40 fffff880`00eff74e : fffff8a0`00641000 00000000`00000030 00000000`0000000f fffff880`033a0f28 : Wdf01000!FxWaitLockTransactionedList::ReleaseLock+0x18
fffff880`033a0e70 fffff880`00f11b88 : 00000000`00000008 00000000`00000000 00000000`00000004 fffff880`033a0f40 : Wdf01000!FxTransactionedList::LockForEnum+0x2e
fffff880`033a0ea0 fffff880`00f10b53 : 00000000`00000000 00000000`00000000 fffff880`00f25600 fffffa80`072a8b60 : Wdf01000!FxPkgPnp::PowerDmaEnableAndScan+0xb4
fffff880`033a0ed0 fffff880`00f106eb : 00000000`00000311 00000000`00000000 fffff880`00f255e0 00000000`00000000 : Wdf01000!FxPkgPnp::PowerD0StartingDmaEnable+0xb
fffff880`033a0f00 fffff880`00f1038e : fffffa80`072a8b60 00000000`00000040 fffff880`00f253e0 00000000`00000040 : Wdf01000!FxPkgPnp::PowerEnterNewState+0x1db
fffff880`033a1030 fffff880`00f1006c : 00000000`00000000 00000000`00000040 fffff880`00f22da0 fffffa80`072a8b60 : Wdf01000!FxPkgPnp::PowerProcessEventInner+0x13e
fffff880`033a10a0 fffff880`00f19c34 : 00000000`00000000 00000000`00000000 fffffa80`072a8b60 fffff880`00f22da0 : Wdf01000!FxPkgPnp::PowerProcessEvent+0x1d4
fffff880`033a1130 fffff880`00f19b37 : 00000000`00000000 00000000`00000000 fffff880`00f22da0 fffff880`00f1415c : Wdf01000!FxPkgPnp::PowerPolStarting+0x50
fffff880`033a1160 fffff880`00f19691 : fffffa80`072a8b60 00000000`00000001 fffff880`00f22d80 00000000`00000001 : Wdf01000!FxPkgPnp::PowerPolicyEnterNewState+0x1db
fffff880`033a1290 fffff880`00f19372 : 00000000`00000000 00000000`00000001 00000000`00000000 00000000`00000000 : Wdf01000!FxPkgPnp::PowerPolicyProcessEventInner+0x139
fffff880`033a1300 fffff880`00f15a45 : 00000000`00000000 00000000`00000000 00000000`00000108 00000000`00000000 : Wdf01000!FxPkgPnp::PowerPolicyProcessEvent+0x1e2
fffff880`033a1390 fffff880`00f15841 : 00000000`00000101 00000000`00000108 00000000`00000108 fffff800`02c50400 : Wdf01000!FxPkgPnp::PnpEventHardwareAvailable+0x111
fffff880`033a13d0 fffff880`00f154fe : fffffa80`072a8b60 fffff880`033a1500 00000000`00000004 fffff880`00f24390 : Wdf01000!FxPkgPnp::PnpEnterNewState+0x1a5
fffff880`033a1440 fffff880`00f15201 : 00000000`00000000 00000000`00000002 00000000`00000000 fffffa80`072a8b60 : Wdf01000!FxPkgPnp::PnpProcessEventInner+0x122
fffff880`033a14b0 fffff880`00f0cd9c : 00000000`00000000 fffffa80`072a8b60 fffffa80`0764b010 00000000`00000000 : Wdf01000!FxPkgPnp::PnpProcessEvent+0x1b1
fffff880`033a1540 fffff880`00f0bdd6 : fffffa80`0729ee70 fffffa80`0764b010 00000000`00000000 fffffa80`072a8b60 : Wdf01000!FxPkgPnp::_PnpStartDevice+0x20
fffff880`033a1570 fffff880`00edb245 : fffffa80`077d39a0 fffffa80`077d39a0 fffffa80`072a8400 fffff800`02d8bfa0 : Wdf01000!FxPkgPnp::Dispatch+0x1b2
fffff880`033a15e0 fffff880`00edb14b : 00000000`00000003 fffffa80`077d39a0 fffffa80`0764b010 fffffa80`072a8400 : Wdf01000!FxDevice::Dispatch+0xa9
fffff880`033a1610 fffff800`0304ad6e : fffffa80`077d39a0 fffffa80`0764b010 fffffa80`072a8400 fffff880`03164180 : Wdf01000!FxDevice::DispatchWithLock+0x93
fffff880`033a1650 fffff800`02d8287d : fffffa80`049a0e40 fffffa80`0764b010 fffff800`02d8bfa0 00000000`00000000 : nt!PnpAsynchronousCall+0xce
fffff880`033a1690 fffff800`0305a0b6 : fffff800`02e90940 fffffa80`04994d90 fffffa80`0764b010 fffffa80`04994f38 : nt!PnpStartDevice+0x11d
fffff880`033a1750 fffff800`0305a354 : fffffa80`04994d90 fffffa80`03ff0062 fffffa80`03ffe710 00000000`00000001 : nt!PnpStartDeviceNode+0x156
fffff880`033a17e0 fffff800`0307da86 : fffffa80`04994d90 fffffa80`03ffe710 00000000`00000001 00000000`00000103 : nt!PipProcessStartPhase1+0x74
fffff880`033a1810 fffff800`0307df3c : fffff800`02e8e500 00000000`00000000 00000000`00000000 00000000`00000000 : nt!PipProcessDevNodeTree+0x296
fffff880`033a1a80 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!PiProcessStartSystemDevices+0x7c


STACK_COMMAND:  kb

FOLLOWUP_IP: 
Wdf01000!FxWaitLockTransactionedList::ReleaseLock+18
fffff880`00effb8c 4883c428        add     rsp,28h

SYMBOL_STACK_INDEX:  5

SYMBOL_NAME:  Wdf01000!FxWaitLockTransactionedList::ReleaseLock+18

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: Wdf01000

IMAGE_NAME:  Wdf01000.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4a5bc19f

FAILURE_BUCKET_ID:  X64_0xA_Wdf01000!FxWaitLockTransactionedList::ReleaseLock+18

BUCKET_ID:  X64_0xA_Wdf01000!FxWaitLockTransactionedList::ReleaseLock+18

Followup: MachineOwner

 

[nkwablahii]

Hi Randy,
I have run the powercfg and there was a problem with power management with the sleep function. specifically: 'Platform Power Management CapabilitiesCI Express Active-State Power Management (ASPM) Disabled: PCI Express Active-State Power Management (ASPM) has been disabled due to a known incompatibility with the hardware in this computer.' The text provided does not give specific resolution except checking with my manufacturer, a search online shows its a problem out there with no real solution (please correct me if I am wrong). I updated BIOS and display driver as shown as needed. My wireless driver shows as out-of-date, i searched and got intel utility to install and check the driver, it was cleared but still shows as that. after all this i restarted my laptop and before shutdown I got another bsod. I will include the dmp file along with others prior just to know if this power problem is a common feature.

Thank you so much. I am learning a lot aswell.

Nathan.

 

[Trouble]

First, have you taken the time to run all of the scanners that I linked to in this post http://windows7forums.com/blue-screen-death-bsod/73357-bsod-still-going.html#post239477
The only thing that seems to be consistent regarding your dump files, is that there is no apparent consistency.
The most recent ones seem to be indicating some issues with
readyboost.sys, usbd.sys (maybe associated if you're using a thumbdrive or other readyboost device) and something called "spsys" (which may be related to the other two or could possibly be a virus, no spsys.sys in your loaded drivers so I'm not sure what it is).
I think it's time to get some more relative information from you regarding your system specs. Please read this http://windows7forums.com/windows-7-support/72212-help-us-help-you-filling-your-system-specs.html
Additionally read the first post here http://windows7forums.com/blue-screen-death-bsod/38837-how-ask-help-bsod-problem.html#post140678 . Accumulate the information requested, from CPUz (All slots under the SPD tab) export the html report from RAMMon, download and run (right click the executable and choose run as administrator) the Captain's W7 Diagnostic Tool, put everything in a folder on your desktop, zip it up and attach it to your next post.
Thanks
Randy

 

[nkwablahii]

HI Randy thank you. I have filled in the specs sheet to the best of my ability. The only portion i could not ill out was my Power supply unit info.

I have attached the zip containing the information gathered from the various programs you recommended.

I must add though in the past 20hours of using my pc (active usage 13 hours) i have not had a bsod as yet. There was only one spontaneous shut down with no blue screen error seen. However i will still like to get to the bottom of this just incase it returns

thank you
Nathan.