locked
Windows 7 Blue Screen RRS feed

  • Question

  • Not really sure when this started happening but if I would click or load some websites, they would crash the computer. Sometimes the links will work but most of the time they don't - applies for almost all google links so far, but doesn't occur too often.

    Problem signature:
      Problem Event Name:    BlueScreen
      OS Version:                    6.1.7601.2.1.0.768.3
      Locale ID:                       4105

    Additional information about the problem:
      BCCode:    a
      BCP1:             0000000000000010
      BCP2:             0000000000000002
      BCP3:             0000000000000001
      BCP4:             FFFFF80002EEC065
      OS Version:    6_1_7601
      Service Pack:  1_0
      Product:         768_1

    Files that help describe the problem:
      C:\Windows\Minidump\071614-72415-01.dmp
      C:\Users\Owner\AppData\Local\Temp\WER-132351-0.sysdata.xml

    Thursday, July 17, 2014 2:43 AM

Answers

  • Thanks very much for the dumps!

    They are all of the IRQL_NOT_LESS_OR_EQUAL (a) bug check.

    This indicates that Microsoft Windows or a kernel-mode driver accessed paged memory at DISPATCH_LEVEL or above.

    This bug check is issued if paged memory (or invalid memory) is accessed when the IRQL is too high. The error that generates this bug check usually occurs after the installation of a faulty device driver, system service, or BIOS.

    2: kd> k
    Child-SP          RetAddr           Call Site
    fffff880`02dd9358 fffff800`02ee2569 nt!KeBugCheckEx
    fffff880`02dd9360 fffff800`02ee11e0 nt!KiBugCheckDispatch+0x69
    fffff880`02dd94a0 fffff800`02eec065 nt!KiPageFault+0x260
    fffff880`02dd9630 fffff880`07027ed1 nt!KeAcquireSpinLockRaiseToDpc+0x55
    fffff880`02dd9680 00000000`0000055c SYMNETS+0x27ed1
    fffff880`02dd9688 00000000`00000000 0x55c
    

    SYMNETS.sys (Symantec/ Norton NIS/ N360 driver) is attempting to acquire a spinlock so it can synchronize access to shared data in a multiprocessor-safe way by raising IRQL. It attempted to do this at the improper IRQL, therefore the box bug checked.

    2: kd> !irql
    Debugger saved IRQL for processor 0x2 -- 2 (DISPATCH_LEVEL)
    

    ------------------------------

    1. Normally Norton should not do this under normal circumstances, so I took a look in your modules list, and immediately saw the problem, which is you have AVG, Norton, and Malwarebytes Pro installed and loaded at the same time. This is beyond way too much security, and massive conflicts are occurring.

    FWIW, I would 100% recommend removing and replacing both AVG and Norton with MSE as they are both troublesome, and are certainly going to conflict with MWB Pro even if there's just one and not both.

    AVG removal - http://www.avg.com/us-en/utilities


    Norton removal - https://support.norton.com/sp/en/us/home/current/solutions/kb20080710133834EN_EndUserProfile_en_us;jsessionid=841A6D40BA6872C47697C6C6B19C8E11.4?entsrc=redirect_pubweb&pvid=f-home

    MSE -  http://windows.microsoft.com/en-us/windows/security-essentials-download

    To further expand if interested - One of the biggest problems as far as antivirus suites go in terms of conflicts, is if there is more than one antivirus or anti-malware suite installed on the system. In the most basic example, I will use AVG and Norton. Let's say you have both installed and running, this is not a good scenario at all. Why? Most/if not all modern day antivirus suites are allowed direct access (come and go, whenever they want) to the kernel because an antivirus installs interceptors of system events within the kernel code, which passes intercepted data to the antivirus engine for analysis. This data is network packets, files, and other various critical data.

    2. In your loaded drivers list, dtsoftbus01.sys is listed which is the Daemon Tools driver. Daemon Tools is a very popular cause of BSOD's in 7/8 based systems. Please uninstall Daemon Tools. Alternative imaging programs are: MagicISO, Power ISO, etc.

    Regards,

    Patrick

    “Be kind whenever possible. It is always possible.” - Dalai Lama

    Thursday, July 17, 2014 6:08 PM

All replies

  • Hi,

    In order to assist you, we will need the .DMP files to analyze what exactly occurred at the time of the crash, etc.

    If you don't know where .DMP files are located, here's how to get to them:

    1. Navigate to the %systemroot%\Minidump folder.

    2. Copy any and all DMP files in the Minidump folder to your Desktop and then zip up these files.

    3. Upload the zip containing the .DMP files to Onedrive or a hosting site of your choice and paste in your reply. Preferred sites: Onedrive, Mediafire, Dropbox, etc. Nothing with wait-timers, download managers, etc.

    4 (optional): The type of .DMP files located in the Minidump folder are known as Small Memory Dumps. In %systemroot% there will be what is known as a Kernel-Dump (if your system is set to generate). It is labeled MEMORY.DMP. The difference between Small Memory Dumps and Kernel-Dumps in the simplest definition is a Kernel-Dump contains much more information at the time of the crash, therefore allowing further debugging of your issue. If your upload speed permits it, and you aren't going against any strict bandwidth and/or usage caps, etc, the Kernel-Dump is the best choice. Do note that Kernel-Dumps are much larger in size due to containing much more info, which is why I mentioned upload speed, etc.

    If you are going to use Onedrive but don't know how to upload to it, please visit the following:

    Upload photos and files to Onedrive.

    After doing that, to learn how to share the link to the file if you are unaware, please visit the following link - Share files and folders and change permissions and view 'Get a link'.

    Please note that any "cleaner" programs such as TuneUpUtilities, CCleaner, etc, by default will delete .DMP files upon use. With this said, if you've run such software, you will need to allow the system to crash once again to generate a crash dump.

    If your computer is not generating .DMP files, please do the following:

    1. Start > type %systemroot% which should show the Windows folder, click on it. Once inside that folder, ensure there is a Minidump folder created. If not, CTRL-SHIFT-N to make a New Folder and name it Minidump.

    2. Windows key + Pause key. This should bring up System. Click Advanced System Settings on the left > Advanced > Performance > Settings > Advanced > Ensure there's a check-mark for 'Automatically manage paging file size for all drives'.

    3. Windows key + Pause key. This should bring up System. Click Advanced System Settings on the left > Advanced > Startup and Recovery > Settings > System Failure > ensure there is a check mark next to 'Write an event to the system log'.

    Ensure Small Memory Dump is selected and ensure the path is %systemroot%\Minidump.

    4. Double check that the WERS is ENABLED:

    Start > Search > type services.msc > Under the name tab, find Windows Error Reporting Service > If the status of the service is not Started then right click it and select Start. Also ensure that under Startup Type it is set to Automatic rather than Manual. You can do this by right clicking it, selecting properties, and under General selecting startup type to 'Automatic', and then click Apply.

    If you cannot get into normal mode to do any of this, please do this via Safe Mode.

    Regards,

    Patrick

    “Be kind whenever possible. It is always possible.” - Dalai Lama

    Thursday, July 17, 2014 3:34 PM
  • At the time of the crash I was loading a website.

    https://onedrive.live.com/redir?resid=9BBF72513A7A1F8D%21355

    Thursday, July 17, 2014 5:49 PM
  • Thanks very much for the dumps!

    They are all of the IRQL_NOT_LESS_OR_EQUAL (a) bug check.

    This indicates that Microsoft Windows or a kernel-mode driver accessed paged memory at DISPATCH_LEVEL or above.

    This bug check is issued if paged memory (or invalid memory) is accessed when the IRQL is too high. The error that generates this bug check usually occurs after the installation of a faulty device driver, system service, or BIOS.

    2: kd> k
    Child-SP          RetAddr           Call Site
    fffff880`02dd9358 fffff800`02ee2569 nt!KeBugCheckEx
    fffff880`02dd9360 fffff800`02ee11e0 nt!KiBugCheckDispatch+0x69
    fffff880`02dd94a0 fffff800`02eec065 nt!KiPageFault+0x260
    fffff880`02dd9630 fffff880`07027ed1 nt!KeAcquireSpinLockRaiseToDpc+0x55
    fffff880`02dd9680 00000000`0000055c SYMNETS+0x27ed1
    fffff880`02dd9688 00000000`00000000 0x55c
    

    SYMNETS.sys (Symantec/ Norton NIS/ N360 driver) is attempting to acquire a spinlock so it can synchronize access to shared data in a multiprocessor-safe way by raising IRQL. It attempted to do this at the improper IRQL, therefore the box bug checked.

    2: kd> !irql
    Debugger saved IRQL for processor 0x2 -- 2 (DISPATCH_LEVEL)
    

    ------------------------------

    1. Normally Norton should not do this under normal circumstances, so I took a look in your modules list, and immediately saw the problem, which is you have AVG, Norton, and Malwarebytes Pro installed and loaded at the same time. This is beyond way too much security, and massive conflicts are occurring.

    FWIW, I would 100% recommend removing and replacing both AVG and Norton with MSE as they are both troublesome, and are certainly going to conflict with MWB Pro even if there's just one and not both.

    AVG removal - http://www.avg.com/us-en/utilities


    Norton removal - https://support.norton.com/sp/en/us/home/current/solutions/kb20080710133834EN_EndUserProfile_en_us;jsessionid=841A6D40BA6872C47697C6C6B19C8E11.4?entsrc=redirect_pubweb&pvid=f-home

    MSE -  http://windows.microsoft.com/en-us/windows/security-essentials-download

    To further expand if interested - One of the biggest problems as far as antivirus suites go in terms of conflicts, is if there is more than one antivirus or anti-malware suite installed on the system. In the most basic example, I will use AVG and Norton. Let's say you have both installed and running, this is not a good scenario at all. Why? Most/if not all modern day antivirus suites are allowed direct access (come and go, whenever they want) to the kernel because an antivirus installs interceptors of system events within the kernel code, which passes intercepted data to the antivirus engine for analysis. This data is network packets, files, and other various critical data.

    2. In your loaded drivers list, dtsoftbus01.sys is listed which is the Daemon Tools driver. Daemon Tools is a very popular cause of BSOD's in 7/8 based systems. Please uninstall Daemon Tools. Alternative imaging programs are: MagicISO, Power ISO, etc.

    Regards,

    Patrick

    “Be kind whenever possible. It is always possible.” - Dalai Lama

    Thursday, July 17, 2014 6:08 PM