Answered by:
Blue screen.

Question
-
Hello,
I have been getting an error lately when I start my computer. The computer starts up and stays on for a little while (about 5 minutes) then it crashes. But when I turn it back on an error window pops up. This is the message in the window.
Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7601.2.1.0.768.3
Locale ID: 1033
Additional information about the problem:
BCCode: d1
BCP1: 0000000000000000
BCP2: 0000000000000002
BCP3: 0000000000000000
BCP4: FFFFF8800310848C
OS Version: 6_1_7601
Service Pack: 1_0
Product: 768_1
Files that help describe the problem:
C:\Windows\Minidump\012815-60809-01.dmp
C:\Users\Max\AppData\Local\Temp\WER-115347-0.sysdata.xml
Thursday, January 29, 2015 1:41 AM
Answers
-
https://onedrive.live.com/redir?resid=ED5090FBDAD9BD88!107&authkey=!ACsIUpKBLF9XSME&ithint=file%2czip
Max
This was Related to IDSvia64.sys IDS Core Driver from Symantec Corporation. You have 3 malware apps. SYmantec, MBAM, and the bits of AVG. I would remove Symantec which IMHO is rubbish, and replace with Microsoft security essentials.
Symantec is a frequent cause of BSOD's.
I would remove and replace it with Microsoft Security Essentials AT LEAST TO TEST
http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834ENFor Norton 360 use thishttp://symantec.pcperformancetools.com/norton-360-how-to-uninstall.html
Microsoft (R) Windows Debugger Version 6.3.9600.17298 AMD64 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [C:\Users\Ken\Desktop\012815-60809-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available ************* Symbol Path validation summary ************** Response Time (ms) Location Deferred srv*E:\symbols Deferred *http://msdl.microsoft.com/download/symbols Symbol search path is: srv*E:\symbols;*http://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Personal Built by: 7601.18700.amd64fre.win7sp1_gdr.141211-1742 Machine Name: Kernel base = 0xfffff800`03206000 PsLoadedModuleList = 0xfffff800`03449890 Debug session time: Wed Jan 28 19:28:54.356 2015 (UTC - 5:00) System Uptime: 0 days 0:04:15.433 Loading Kernel Symbols ............................................................... ................................................................ .................................................... Loading User Symbols Loading unloaded module list ... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck D1, {0, 2, 0, fffff8800310848c} *** WARNING: Unable to verify timestamp for IDSvia64.sys *** ERROR: Module load completed but symbols could not be loaded for IDSvia64.sys Probably caused by : IDSvia64.sys ( IDSvia64+5648c ) Followup: MachineOwner --------- 3: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If kernel debugger is available get stack backtrace. Arguments: Arg1: 0000000000000000, memory referenced Arg2: 0000000000000002, IRQL Arg3: 0000000000000000, value 0 = read operation, 1 = write operation Arg4: fffff8800310848c, address which referenced memory Debugging Details: ------------------ READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800034b3100 GetUlongFromAddress: unable to read from fffff800034b31c0 0000000000000000 Nonpaged pool CURRENT_IRQL: 2 FAULTING_IP: IDSvia64+5648c fffff880`0310848c 4c8b01 mov r8,qword ptr [rcx] CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT BUGCHECK_STR: 0xD1 PROCESS_NAME: System ANALYSIS_VERSION: 6.3.9600.17298 (debuggers(dbg).141024-1500) amd64fre TRAP_FRAME: fffff880035b65b0 -- (.trap 0xfffff880035b65b0) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=fffffa8009aa4010 rbx=0000000000000000 rcx=0000000000000000 rdx=fffffa800968a6a8 rsi=0000000000000000 rdi=0000000000000000 rip=fffff8800310848c rsp=fffff880035b6748 rbp=0000000000000000 r8=fffffa800a480d00 r9=00000000000000a0 r10=fffff880033d3d60 r11=fffffa8009aa4460 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei pl zr na po nc IDSvia64+0x5648c: fffff880`0310848c 4c8b01 mov r8,qword ptr [rcx] ds:00000000`00000000=???????????????? Resetting default scope LAST_CONTROL_TRANSFER: from fffff8000327c429 to fffff8000327ce80 STACK_TEXT: fffff880`035b6468 fffff800`0327c429 : 00000000`0000000a 00000000`00000000 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx fffff880`035b6470 fffff800`0327b0a0 : fffffa80`08f45f50 fffff800`033af30d fffffa80`03941bc0 fffffa80`0973e018 : nt!KiBugCheckDispatch+0x69 fffff880`035b65b0 fffff880`0310848c : fffff880`031354b6 fffffa80`08f525b0 00000000`00000040 fffff880`031496d8 : nt!KiPageFault+0x260 fffff880`035b6748 fffff880`031354b6 : fffffa80`08f525b0 00000000`00000040 fffff880`031496d8 00000000`000007ff : IDSvia64+0x5648c fffff880`035b6750 fffffa80`08f525b0 : 00000000`00000040 fffff880`031496d8 00000000`000007ff 00000000`00000001 : IDSvia64+0x834b6 fffff880`035b6758 00000000`00000040 : fffff880`031496d8 00000000`000007ff 00000000`00000001 fffff880`03135359 : 0xfffffa80`08f525b0 fffff880`035b6760 fffff880`031496d8 : 00000000`000007ff 00000000`00000001 fffff880`03135359 fffffa80`00000000 : 0x40 fffff880`035b6768 00000000`000007ff : 00000000`00000001 fffff880`03135359 fffffa80`00000000 fffff800`033af30d : IDSvia64+0x976d8 fffff880`035b6770 00000000`00000001 : fffff880`03135359 fffffa80`00000000 fffff800`033af30d fffffa80`0973e018 : 0x7ff fffff880`035b6778 fffff880`03135359 : fffffa80`00000000 fffff800`033af30d fffffa80`0973e018 00000000`00000000 : 0x1 fffff880`035b6780 fffffa80`00000000 : fffff800`033af30d fffffa80`0973e018 00000000`00000000 00000000`00000002 : IDSvia64+0x83359 fffff880`035b6788 fffff800`033af30d : fffffa80`0973e018 00000000`00000000 00000000`00000002 fffffa80`08f52588 : 0xfffffa80`00000000 fffff880`035b6790 ffffffff`fffffcf8 : ffffffff`fffffff8 fffffa80`0a262528 fffff880`031496d8 fffff880`031097a1 : nt!ExFreePoolWithTag+0x22d fffff880`035b6840 ffffffff`fffffff8 : fffffa80`0a262528 fffff880`031496d8 fffff880`031097a1 00000000`00000000 : 0xffffffff`fffffcf8 fffff880`035b6848 fffffa80`0a262528 : fffff880`031496d8 fffff880`031097a1 00000000`00000000 ffffffff`fffffcf8 : 0xffffffff`fffffff8 fffff880`035b6850 fffff880`031496d8 : fffff880`031097a1 00000000`00000000 ffffffff`fffffcf8 ffffffff`fffffff8 : 0xfffffa80`0a262528 fffff880`035b6858 fffff880`031097a1 : 00000000`00000000 ffffffff`fffffcf8 ffffffff`fffffff8 fffffa80`0968aab0 : IDSvia64+0x976d8 fffff880`035b6860 00000000`00000000 : ffffffff`fffffcf8 ffffffff`fffffff8 fffffa80`0968aab0 fffffa80`0968aab0 : IDSvia64+0x577a1 STACK_COMMAND: kb FOLLOWUP_IP: IDSvia64+5648c fffff880`0310848c 4c8b01 mov r8,qword ptr [rcx] SYMBOL_STACK_INDEX: 3 SYMBOL_NAME: IDSvia64+5648c FOLLOWUP_NAME: MachineOwner MODULE_NAME: IDSvia64 IMAGE_NAME: IDSvia64.sys DEBUG_FLR_IMAGE_TIMESTAMP: 54935c2d FAILURE_BUCKET_ID: X64_0xD1_IDSvia64+5648c BUCKET_ID: X64_0xD1_IDSvia64+5648c ANALYSIS_SOURCE: KM FAILURE_ID_HASH_STRING: km:x64_0xd1_idsvia64+5648c FAILURE_ID_HASH: {a1a24b00-cb24-f053-7046-406d42e1e220} Followup: MachineOwner ---------
Wanikiya and Dyami--Team Zigzag
- Marked as answer by ZigZag3143x Friday, January 30, 2015 1:47 AM
Thursday, January 29, 2015 1:20 PM -
Give it a try and disable Norton and check if that fixes your problem.
You can use MSE if Norton is the culprit. :)
Arnav Sharma | http://arnavsharma.net/ Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
- Marked as answer by Max90St Friday, January 30, 2015 1:36 AM
Friday, January 30, 2015 1:34 AM
All replies
-
what happens if you delete that file??
Thursday, January 29, 2015 3:30 AM -
We do need the actual log files (called a DMP files) as they contain the only record of the sequence of events leading up to the crash, what drivers were loaded, and what was responsible.
Please follow our instructions for finding and uploading the files we need to help you fix your computer. They can be found hereArnav Sharma | http://arnavsharma.net/ Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Thursday, January 29, 2015 3:39 AM -
Hello,
I have been getting an error lately when I start my computer. The computer starts up and stays on for a little while (about 5 minutes) then it crashes. But when I turn it back on an error window pops up. This is the message in the window.
Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7601.2.1.0.768.3
Locale ID: 1033
Additional information about the problem:
BCCode: d1
BCP1: 0000000000000000
BCP2: 0000000000000002
BCP3: 0000000000000000
BCP4: FFFFF8800310848C
OS Version: 6_1_7601
Service Pack: 1_0
Product: 768_1
Files that help describe the problem:
C:\Windows\Minidump\012815-60809-01.dmp
C:\Users\Max\AppData\Local\Temp\WER-115347-0.sysdata.xml
We do need the actual log files (called a DMP files) as they contain the only record of the sequence of events leading up to the crash, what drivers were loaded, and what was responsible.
Please follow our instructions for finding and uploading the files we need to help you fix your computer. They can be found hereIf you have any questions about the procedure please ask
Wanikiya and Dyami--Team Zigzag
Thursday, January 29, 2015 4:13 AM -
https://onedrive.live.com/redir?resid=ED5090FBDAD9BD88!107&authkey=!ACsIUpKBLF9XSME&ithint=file%2czipThursday, January 29, 2015 5:01 AM
-
I'm having trouble with posting a reply with the links on it. I keep getting a message that says I can't post a image or link until my profile has been verified. I don't know what to do about this.Thursday, January 29, 2015 5:16 AM
-
You have installed Symentec products in your PC.
Remove the Symentec product and restart the PC.
Otherwise disable the symentec drivers by using Autoruns.
Mark as Answer if it's worked. Thanks. Balamurugan_Subramaniyan
Thursday, January 29, 2015 6:01 AM -
https://onedrive.live.com/redir?resid=ED5090FBDAD9BD88!107&authkey=!ACsIUpKBLF9XSME&ithint=file%2czip
Max
This was Related to IDSvia64.sys IDS Core Driver from Symantec Corporation. You have 3 malware apps. SYmantec, MBAM, and the bits of AVG. I would remove Symantec which IMHO is rubbish, and replace with Microsoft security essentials.
Symantec is a frequent cause of BSOD's.
I would remove and replace it with Microsoft Security Essentials AT LEAST TO TEST
http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834ENFor Norton 360 use thishttp://symantec.pcperformancetools.com/norton-360-how-to-uninstall.html
Microsoft (R) Windows Debugger Version 6.3.9600.17298 AMD64 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [C:\Users\Ken\Desktop\012815-60809-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available ************* Symbol Path validation summary ************** Response Time (ms) Location Deferred srv*E:\symbols Deferred *http://msdl.microsoft.com/download/symbols Symbol search path is: srv*E:\symbols;*http://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Personal Built by: 7601.18700.amd64fre.win7sp1_gdr.141211-1742 Machine Name: Kernel base = 0xfffff800`03206000 PsLoadedModuleList = 0xfffff800`03449890 Debug session time: Wed Jan 28 19:28:54.356 2015 (UTC - 5:00) System Uptime: 0 days 0:04:15.433 Loading Kernel Symbols ............................................................... ................................................................ .................................................... Loading User Symbols Loading unloaded module list ... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck D1, {0, 2, 0, fffff8800310848c} *** WARNING: Unable to verify timestamp for IDSvia64.sys *** ERROR: Module load completed but symbols could not be loaded for IDSvia64.sys Probably caused by : IDSvia64.sys ( IDSvia64+5648c ) Followup: MachineOwner --------- 3: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If kernel debugger is available get stack backtrace. Arguments: Arg1: 0000000000000000, memory referenced Arg2: 0000000000000002, IRQL Arg3: 0000000000000000, value 0 = read operation, 1 = write operation Arg4: fffff8800310848c, address which referenced memory Debugging Details: ------------------ READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800034b3100 GetUlongFromAddress: unable to read from fffff800034b31c0 0000000000000000 Nonpaged pool CURRENT_IRQL: 2 FAULTING_IP: IDSvia64+5648c fffff880`0310848c 4c8b01 mov r8,qword ptr [rcx] CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT BUGCHECK_STR: 0xD1 PROCESS_NAME: System ANALYSIS_VERSION: 6.3.9600.17298 (debuggers(dbg).141024-1500) amd64fre TRAP_FRAME: fffff880035b65b0 -- (.trap 0xfffff880035b65b0) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=fffffa8009aa4010 rbx=0000000000000000 rcx=0000000000000000 rdx=fffffa800968a6a8 rsi=0000000000000000 rdi=0000000000000000 rip=fffff8800310848c rsp=fffff880035b6748 rbp=0000000000000000 r8=fffffa800a480d00 r9=00000000000000a0 r10=fffff880033d3d60 r11=fffffa8009aa4460 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei pl zr na po nc IDSvia64+0x5648c: fffff880`0310848c 4c8b01 mov r8,qword ptr [rcx] ds:00000000`00000000=???????????????? Resetting default scope LAST_CONTROL_TRANSFER: from fffff8000327c429 to fffff8000327ce80 STACK_TEXT: fffff880`035b6468 fffff800`0327c429 : 00000000`0000000a 00000000`00000000 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx fffff880`035b6470 fffff800`0327b0a0 : fffffa80`08f45f50 fffff800`033af30d fffffa80`03941bc0 fffffa80`0973e018 : nt!KiBugCheckDispatch+0x69 fffff880`035b65b0 fffff880`0310848c : fffff880`031354b6 fffffa80`08f525b0 00000000`00000040 fffff880`031496d8 : nt!KiPageFault+0x260 fffff880`035b6748 fffff880`031354b6 : fffffa80`08f525b0 00000000`00000040 fffff880`031496d8 00000000`000007ff : IDSvia64+0x5648c fffff880`035b6750 fffffa80`08f525b0 : 00000000`00000040 fffff880`031496d8 00000000`000007ff 00000000`00000001 : IDSvia64+0x834b6 fffff880`035b6758 00000000`00000040 : fffff880`031496d8 00000000`000007ff 00000000`00000001 fffff880`03135359 : 0xfffffa80`08f525b0 fffff880`035b6760 fffff880`031496d8 : 00000000`000007ff 00000000`00000001 fffff880`03135359 fffffa80`00000000 : 0x40 fffff880`035b6768 00000000`000007ff : 00000000`00000001 fffff880`03135359 fffffa80`00000000 fffff800`033af30d : IDSvia64+0x976d8 fffff880`035b6770 00000000`00000001 : fffff880`03135359 fffffa80`00000000 fffff800`033af30d fffffa80`0973e018 : 0x7ff fffff880`035b6778 fffff880`03135359 : fffffa80`00000000 fffff800`033af30d fffffa80`0973e018 00000000`00000000 : 0x1 fffff880`035b6780 fffffa80`00000000 : fffff800`033af30d fffffa80`0973e018 00000000`00000000 00000000`00000002 : IDSvia64+0x83359 fffff880`035b6788 fffff800`033af30d : fffffa80`0973e018 00000000`00000000 00000000`00000002 fffffa80`08f52588 : 0xfffffa80`00000000 fffff880`035b6790 ffffffff`fffffcf8 : ffffffff`fffffff8 fffffa80`0a262528 fffff880`031496d8 fffff880`031097a1 : nt!ExFreePoolWithTag+0x22d fffff880`035b6840 ffffffff`fffffff8 : fffffa80`0a262528 fffff880`031496d8 fffff880`031097a1 00000000`00000000 : 0xffffffff`fffffcf8 fffff880`035b6848 fffffa80`0a262528 : fffff880`031496d8 fffff880`031097a1 00000000`00000000 ffffffff`fffffcf8 : 0xffffffff`fffffff8 fffff880`035b6850 fffff880`031496d8 : fffff880`031097a1 00000000`00000000 ffffffff`fffffcf8 ffffffff`fffffff8 : 0xfffffa80`0a262528 fffff880`035b6858 fffff880`031097a1 : 00000000`00000000 ffffffff`fffffcf8 ffffffff`fffffff8 fffffa80`0968aab0 : IDSvia64+0x976d8 fffff880`035b6860 00000000`00000000 : ffffffff`fffffcf8 ffffffff`fffffff8 fffffa80`0968aab0 fffffa80`0968aab0 : IDSvia64+0x577a1 STACK_COMMAND: kb FOLLOWUP_IP: IDSvia64+5648c fffff880`0310848c 4c8b01 mov r8,qword ptr [rcx] SYMBOL_STACK_INDEX: 3 SYMBOL_NAME: IDSvia64+5648c FOLLOWUP_NAME: MachineOwner MODULE_NAME: IDSvia64 IMAGE_NAME: IDSvia64.sys DEBUG_FLR_IMAGE_TIMESTAMP: 54935c2d FAILURE_BUCKET_ID: X64_0xD1_IDSvia64+5648c BUCKET_ID: X64_0xD1_IDSvia64+5648c ANALYSIS_SOURCE: KM FAILURE_ID_HASH_STRING: km:x64_0xd1_idsvia64+5648c FAILURE_ID_HASH: {a1a24b00-cb24-f053-7046-406d42e1e220} Followup: MachineOwner ---------
Wanikiya and Dyami--Team Zigzag
- Marked as answer by ZigZag3143x Friday, January 30, 2015 1:47 AM
Thursday, January 29, 2015 1:20 PM -
So if I turn my Norton off and just use windows security tools, just to see if it works I should just not use Norton?
Also do you think I should remove the malwarebytes program as well?
Friday, January 30, 2015 1:32 AM -
Give it a try and disable Norton and check if that fixes your problem.
You can use MSE if Norton is the culprit. :)
Arnav Sharma | http://arnavsharma.net/ Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
- Marked as answer by Max90St Friday, January 30, 2015 1:36 AM
Friday, January 30, 2015 1:34 AM