Blue screen.

All replies

• 

  

  0

  Sign in to vote

  what happens if you delete that file??

  Thursday, January 29, 2015 3:30 AM
• 

  

  0

  Sign in to vote

  We do need the actual log files (called a DMP files) as they contain the only record of the sequence of events leading up to the crash, what drivers were loaded, and what was responsible.  

  
  

  
  

  Please follow our instructions for finding and uploading the files we need to help you fix your computer. They can be found here

  ---

  Arnav Sharma | http://arnavsharma.net/ Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

  Thursday, January 29, 2015 3:39 AM
• 

  

  0

  Sign in to vote

  Hello,

  I have been getting an error lately when I start my computer. The computer starts up and stays on for a little while (about 5 minutes) then it crashes. But when I turn it back on an error window pops up. This is the message in the window.

  Problem signature:

  
  

    Problem Event Name: BlueScreen

    OS Version: 6.1.7601.2.1.0.768.3

    Locale ID: 1033

  
  
  

  Additional information about the problem:

  
  

    BCCode: d1

    BCP1: 0000000000000000

    BCP2: 0000000000000002

    BCP3: 0000000000000000

    BCP4: FFFFF8800310848C

    OS Version: 6_1_7601

    Service Pack: 1_0

    Product: 768_1

  
  
  

  Files that help describe the problem:

  
  

    C:\Windows\Minidump\012815-60809-01.dmp

    C:\Users\Max\AppData\Local\Temp\WER-115347-0.sysdata.xml

   We do need the actual log files (called a DMP files) as they contain the only record of the sequence of events leading up to the crash, what drivers were loaded, and what was responsible.  

  
  

  
  

  Please follow our instructions for finding and uploading the files we need to help you fix your computer. They can be found here

  If you have any questions about the procedure please ask

  
  

  
  

  ---

  Wanikiya and Dyami--Team Zigzag

  Thursday, January 29, 2015 4:13 AM
• 

  

  0

  Sign in to vote

  https://onedrive.live.com/redir?resid=ED5090FBDAD9BD88!107&authkey=!ACsIUpKBLF9XSME&ithint=file%2czip

  Thursday, January 29, 2015 5:01 AM
• 

  

  0

  Sign in to vote

  I'm having trouble with posting a reply with the links on it. I keep getting a message that says I can't post a image or link until my profile has been verified. I don't know what to do about this.

  Thursday, January 29, 2015 5:16 AM
• 

  

  0

  Sign in to vote

  You have installed Symentec products in your PC.

  Remove the Symentec product and restart the PC.

  Otherwise disable the symentec drivers by using Autoruns.

  ---

  Mark as Answer if it's worked. Thanks. Balamurugan_Subramaniyan

  Thursday, January 29, 2015 6:01 AM
• 

  

  0

  Sign in to vote

  https://onedrive.live.com/redir?resid=ED5090FBDAD9BD88!107&authkey=!ACsIUpKBLF9XSME&ithint=file%2czip

  Max

  This was Related to IDSvia64.sys IDS Core Driver from Symantec Corporation.  You have 3 malware apps.  SYmantec, MBAM, and the bits of AVG.  I would remove Symantec which IMHO is rubbish, and replace with Microsoft security essentials.

  Symantec  is a frequent cause of BSOD's.  

  
  

  I would remove and replace it with Microsoft Security Essentials AT LEAST TO TEST
  http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN

  http://www.microsoft.com/security_essentials/

  For Norton 360 use thishttp://symantec.pcperformancetools.com/norton-360-how-to-uninstall.html

  Microsoft (R) Windows Debugger Version 6.3.9600.17298 AMD64
  Copyright (c) Microsoft Corporation. All rights reserved.
  
  
  Loading Dump File [C:\Users\Ken\Desktop\012815-60809-01.dmp]
  Mini Kernel Dump File: Only registers and stack trace are available
  
  
  ************* Symbol Path validation summary **************
  Response                         Time (ms)     Location
  Deferred                                       srv*E:\symbols
  Deferred                                       *http://msdl.microsoft.com/download/symbols
  Symbol search path is: srv*E:\symbols;*http://msdl.microsoft.com/download/symbols
  Executable search path is: 
  Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
  Product: WinNt, suite: TerminalServer SingleUserTS Personal
  Built by: 7601.18700.amd64fre.win7sp1_gdr.141211-1742
  Machine Name:
  Kernel base = 0xfffff800`03206000 PsLoadedModuleList = 0xfffff800`03449890
  Debug session time: Wed Jan 28 19:28:54.356 2015 (UTC - 5:00)
  System Uptime: 0 days 0:04:15.433
  Loading Kernel Symbols
  ...............................................................
  ................................................................
  ....................................................
  Loading User Symbols
  Loading unloaded module list
  ...
  *******************************************************************************
  *                                                                             *
  *                        Bugcheck Analysis                                    *
  *                                                                             *
  *******************************************************************************
  
  Use !analyze -v to get detailed debugging information.
  
  BugCheck D1, {0, 2, 0, fffff8800310848c}
  
  *** WARNING: Unable to verify timestamp for IDSvia64.sys
  *** ERROR: Module load completed but symbols could not be loaded for IDSvia64.sys
  Probably caused by : IDSvia64.sys ( IDSvia64+5648c )
  
  Followup: MachineOwner
  ---------
  
  3: kd> !analyze -v
  *******************************************************************************
  *                                                                             *
  *                        Bugcheck Analysis                                    *
  *                                                                             *
  *******************************************************************************
  
  DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
  An attempt was made to access a pageable (or completely invalid) address at an
  interrupt request level (IRQL) that is too high.  This is usually
  caused by drivers using improper addresses.
  If kernel debugger is available get stack backtrace.
  Arguments:
  Arg1: 0000000000000000, memory referenced
  Arg2: 0000000000000002, IRQL
  Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
  Arg4: fffff8800310848c, address which referenced memory
  
  Debugging Details:
  ------------------
  
  
  READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800034b3100
  GetUlongFromAddress: unable to read from fffff800034b31c0
   0000000000000000 Nonpaged pool
  
  CURRENT_IRQL:  2
  
  FAULTING_IP: 
  IDSvia64+5648c
  fffff880`0310848c 4c8b01          mov     r8,qword ptr [rcx]
  
  CUSTOMER_CRASH_COUNT:  1
  
  DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT
  
  BUGCHECK_STR:  0xD1
  
  PROCESS_NAME:  System
  
  ANALYSIS_VERSION: 6.3.9600.17298 (debuggers(dbg).141024-1500) amd64fre
  
  TRAP_FRAME:  fffff880035b65b0 -- (.trap 0xfffff880035b65b0)
  NOTE: The trap frame does not contain all registers.
  Some register values may be zeroed or incorrect.
  rax=fffffa8009aa4010 rbx=0000000000000000 rcx=0000000000000000
  rdx=fffffa800968a6a8 rsi=0000000000000000 rdi=0000000000000000
  rip=fffff8800310848c rsp=fffff880035b6748 rbp=0000000000000000
   r8=fffffa800a480d00  r9=00000000000000a0 r10=fffff880033d3d60
  r11=fffffa8009aa4460 r12=0000000000000000 r13=0000000000000000
  r14=0000000000000000 r15=0000000000000000
  iopl=0         nv up ei pl zr na po nc
  IDSvia64+0x5648c:
  fffff880`0310848c 4c8b01          mov     r8,qword ptr [rcx] ds:00000000`00000000=????????????????
  Resetting default scope
  
  LAST_CONTROL_TRANSFER:  from fffff8000327c429 to fffff8000327ce80
  
  STACK_TEXT:  
  fffff880`035b6468 fffff800`0327c429 : 00000000`0000000a 00000000`00000000 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
  fffff880`035b6470 fffff800`0327b0a0 : fffffa80`08f45f50 fffff800`033af30d fffffa80`03941bc0 fffffa80`0973e018 : nt!KiBugCheckDispatch+0x69
  fffff880`035b65b0 fffff880`0310848c : fffff880`031354b6 fffffa80`08f525b0 00000000`00000040 fffff880`031496d8 : nt!KiPageFault+0x260
  fffff880`035b6748 fffff880`031354b6 : fffffa80`08f525b0 00000000`00000040 fffff880`031496d8 00000000`000007ff : IDSvia64+0x5648c
  fffff880`035b6750 fffffa80`08f525b0 : 00000000`00000040 fffff880`031496d8 00000000`000007ff 00000000`00000001 : IDSvia64+0x834b6
  fffff880`035b6758 00000000`00000040 : fffff880`031496d8 00000000`000007ff 00000000`00000001 fffff880`03135359 : 0xfffffa80`08f525b0
  fffff880`035b6760 fffff880`031496d8 : 00000000`000007ff 00000000`00000001 fffff880`03135359 fffffa80`00000000 : 0x40
  fffff880`035b6768 00000000`000007ff : 00000000`00000001 fffff880`03135359 fffffa80`00000000 fffff800`033af30d : IDSvia64+0x976d8
  fffff880`035b6770 00000000`00000001 : fffff880`03135359 fffffa80`00000000 fffff800`033af30d fffffa80`0973e018 : 0x7ff
  fffff880`035b6778 fffff880`03135359 : fffffa80`00000000 fffff800`033af30d fffffa80`0973e018 00000000`00000000 : 0x1
  fffff880`035b6780 fffffa80`00000000 : fffff800`033af30d fffffa80`0973e018 00000000`00000000 00000000`00000002 : IDSvia64+0x83359
  fffff880`035b6788 fffff800`033af30d : fffffa80`0973e018 00000000`00000000 00000000`00000002 fffffa80`08f52588 : 0xfffffa80`00000000
  fffff880`035b6790 ffffffff`fffffcf8 : ffffffff`fffffff8 fffffa80`0a262528 fffff880`031496d8 fffff880`031097a1 : nt!ExFreePoolWithTag+0x22d
  fffff880`035b6840 ffffffff`fffffff8 : fffffa80`0a262528 fffff880`031496d8 fffff880`031097a1 00000000`00000000 : 0xffffffff`fffffcf8
  fffff880`035b6848 fffffa80`0a262528 : fffff880`031496d8 fffff880`031097a1 00000000`00000000 ffffffff`fffffcf8 : 0xffffffff`fffffff8
  fffff880`035b6850 fffff880`031496d8 : fffff880`031097a1 00000000`00000000 ffffffff`fffffcf8 ffffffff`fffffff8 : 0xfffffa80`0a262528
  fffff880`035b6858 fffff880`031097a1 : 00000000`00000000 ffffffff`fffffcf8 ffffffff`fffffff8 fffffa80`0968aab0 : IDSvia64+0x976d8
  fffff880`035b6860 00000000`00000000 : ffffffff`fffffcf8 ffffffff`fffffff8 fffffa80`0968aab0 fffffa80`0968aab0 : IDSvia64+0x577a1
  
  
  STACK_COMMAND:  kb
  
  FOLLOWUP_IP: 
  IDSvia64+5648c
  fffff880`0310848c 4c8b01          mov     r8,qword ptr [rcx]
  
  SYMBOL_STACK_INDEX:  3
  
  SYMBOL_NAME:  IDSvia64+5648c
  
  FOLLOWUP_NAME:  MachineOwner
  
  MODULE_NAME: IDSvia64
  
  IMAGE_NAME:  IDSvia64.sys
  
  DEBUG_FLR_IMAGE_TIMESTAMP:  54935c2d
  
  FAILURE_BUCKET_ID:  X64_0xD1_IDSvia64+5648c
  
  BUCKET_ID:  X64_0xD1_IDSvia64+5648c
  
  ANALYSIS_SOURCE:  KM
  
  FAILURE_ID_HASH_STRING:  km:x64_0xd1_idsvia64+5648c
  
  FAILURE_ID_HASH:  {a1a24b00-cb24-f053-7046-406d42e1e220}
  
  Followup: MachineOwner
  ---------
  
  

  
  

   

  ---

  Wanikiya and Dyami--Team Zigzag

  • Marked as answer by ZigZag3143x Friday, January 30, 2015 1:47 AM

  Thursday, January 29, 2015 1:20 PM
• 

  

  0

  Sign in to vote

  So if I turn my Norton off and just use windows security tools, just to see if it works I should just not use Norton?

  Also do you think I should remove the malwarebytes program as well?

  Friday, January 30, 2015 1:32 AM
• 

  

  0

  Sign in to vote

  Give it a try and disable Norton and check if that fixes your problem. 

  You can use MSE if Norton is the culprit. :)

  ---

  Arnav Sharma | http://arnavsharma.net/ Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

  • Marked as answer by Max90St Friday, January 30, 2015 1:36 AM

  Friday, January 30, 2015 1:34 AM