[SOLVED] 0xA IRQL_NOT_LESS_OR_EQUAL; Suspect: NIS?

[writhziden]

System Info:

Read More:

· OS - Vista/ Windows 7 ?

Windows 7 Home Premium​

· x86 (32-bit) or x64 ?

x64​

· What was original installed OS on system?

Windows 7 Home Premium (x64)​

· Is the OS an OEM version (came pre-installed on system) or full retail version (YOU purchased it from retailer)?

OEM​

· Age of system (hardware)

~7 months​

· Age of OS installation - have you re-installed the OS?

x64​

· CPU

Intel® Core™ i7-2670QM Quad Core 2.20GHz​

· Video Card

NVIDIA® GeForce® GT 520M (512MB dedicated)​

· MotherBoard

Sony Corporation VAIO​

· Power Supply - brand & wattage

N/A​

· System Manufacturer

Sony​

· Exact model number (if laptop, check label on bottom)

VPCF232FX/B​

My system crashed when booting after restarting the system through Start Menu -> Shut Down (>) -> Restart

The blue screen was a 0xA IRQL_NOT_LESS_OR_EQUAL crash. I suspect Norton Internet Security 2012 since I have not had any crashes in 7 months while running Microsoft Security Essentials (MSE). I would still appreciate confirmation since I have had some other performance issues with the laptop over the past few months and am concerned the crash may be hardware related.

Performance issues:

1. Occasional hangs where the system does not respond to a mouse action for 3-4 seconds. This is especially true the first time I carry out an action. For example, if I open a directory for the first time, it takes a few seconds to load the list of files or subdirectories within that directory. Opening that directory again later during that same login / system uptime yields instant loading of the list.
   
   
2. Once or twice a week: my mouse will also hang and will not move for a second or two.
   
   
3. Internet Explorer runs sluggishly in both x86 and x64 versions.
   • Sometimes, what I type in a username field will take a few seconds to catch up to my fingers. I type fast, but not that fast.
   • Pages sometimes take a while to load.
   • Clicking a link takes a couple seconds for the sound to register that I had clicked it.
   • I contacted Sony, and the representative reset all IE9 settings and then claimed he/she fixed the whole system. I still have the same problems, and the blue screen resulted shortly after the "help" fixing my system. Considering I had not changed any IE9 settings prior to getting help, I doubt the reset did anything.
   • When I contacted Sony, I showed the representative that my internet speed is 16 MBPS (it's faster via ethernet, but I use an old wireless router) and internet speed is plenty fast that it should not affect IE9 this way. I especially doubt the sounds for clicking on a link should be delayed internet or not.

Things I have tried:

1. Fresh install with this method: Clean Re-Install Windows 7.
   
   
2. Factory recovery image restore.
   
   
3. Removed my 8 GB of RAM that I used to upgrade the system and am now running with the original 4 GB Module.

I am good at helping people with multiple minidumps by spotting patterns, or I can provide good help if the problem is clear in a .dmp. I have no experience delving deep into a MEMORY.DMP file with all the information it can provide. I look at this as an opportunity for me to learn something new for analyzing .dmps so I can be a great help to other users. Perhaps this thread will also allow others to learn more advanced methods for debugging a crash.


Attached are my files for getting help with the problem. I also have the full MEMORY.DMP uploaded to my SkyDrive: https://skydrive.live.com/redir?resid=50663CB9E4C8946B!213

 

[writhziden]

niemiro's .dll revealed some interesting info:

¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``

Microsoft (R) Windows Debugger Version 6.11.0001.402 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\BSODAnalyst\Downloads\writhziden\outputDmps\2012_Sep_29_14_31\dmps\092912-29125-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: srv*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.17835.amd64fre.win7sp1_gdr.120503-2030
Machine Name:
Kernel base = 0xfffff800`02e62000 PsLoadedModuleList = 0xfffff800`030a6670
Debug session time: Sat Sep 29 14:02:10.321 2012 (GMT-6)
System Uptime: 0 days 0:00:15.383
Loading Kernel Symbols
...............................................................
................................................................
....................
Loading User Symbols
Loading unloaded module list
...
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck A, {0, 2, 0, fffff80002ef6174}

Probably caused by : ntkrnlmp.exe ( nt!KiPageFault+260 )

Followup: MachineOwner
---------

7: kd> kd: Reading initial command '!niemiro.rawstack; q'
dps fffff88005c72000 fffff88005c72ff8
fffff880`05c72000  00000000`00000000
fffff880`05c72008  00000000`00000000
fffff880`05c72010  00000000`00000000
fffff880`05c72018  00000000`00000000
fffff880`05c72020  00000000`00020000
fffff880`05c72028  fffff880`0467cab8[COLOR="#FF0000"][B]Unable to load image \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for EraserUtilRebootDrv.sys
*** ERROR: Module load completed but symbols could not be loaded for EraserUtilRebootDrv.sys
 EraserUtilRebootDrv+0x2ab8[/B][/COLOR]
fffff880`05c72030  00000000`00000000
fffff880`05c72038  00000000`00000000
fffff880`05c72040  00000000`00000000
fffff880`05c72048  00000000`00000000
fffff880`05c72050  00000000`00000000
fffff880`05c72058  00000000`00000000
fffff880`05c72060  00000000`00000000
fffff880`05c72068  00000000`00000000
fffff880`05c72070  00000000`00000000
fffff880`05c72078  00000000`00000000
fffff880`05c72080  00000000`00000000
fffff880`05c72088  00000000`00000000
fffff880`05c72090  00000000`00000000
fffff880`05c72098  00000000`00000000
fffff880`05c720a0  00000000`00000000
fffff880`05c720a8  00000000`00000000
fffff880`05c720b0  00000000`00000000
fffff880`05c720b8  00000000`00000000
fffff880`05c720c0  00000000`00000000
fffff880`05c720c8  00000000`00000000
fffff880`05c720d0  00000000`00000000
fffff880`05c720d8  00000000`00000000
fffff880`05c720e0  00000000`00000000
fffff880`05c720e8  00000000`00000000
fffff880`05c720f0  00000000`00000000
fffff880`05c720f8  00000000`00000000
fffff880`05c72100  00000000`00000000
fffff880`05c72108  00000000`00000000
fffff880`05c72110  00000000`00000000
fffff880`05c72118  00000000`00000000
fffff880`05c72120  00000000`00000000
fffff880`05c72128  00000000`00000000
fffff880`05c72130  00000000`00000000
fffff880`05c72138  00000000`00000000
fffff880`05c72140  00000000`00000000
fffff880`05c72148  00000000`00000000
fffff880`05c72150  00000000`00000000
fffff880`05c72158  00000000`00000000
fffff880`05c72160  00000000`00000000
fffff880`05c72168  00000000`00000000
fffff880`05c72170  00000000`00000000
fffff880`05c72178  00000000`00000000
fffff880`05c72180  00000000`00000000
fffff880`05c72188  00000000`00000000
fffff880`05c72190  00000000`00000000
fffff880`05c72198  00000000`00000000
fffff880`05c721a0  00000000`00000000
fffff880`05c721a8  00000000`00000000
fffff880`05c721b0  00000000`00000000
fffff880`05c721b8  00000000`00000000
fffff880`05c721c0  00000000`00000000
fffff880`05c721c8  00000000`00000000
fffff880`05c721d0  00000000`00000000
fffff880`05c721d8  00000000`00000000
fffff880`05c721e0  00000000`00000000
fffff880`05c721e8  00000000`00000000
fffff880`05c721f0  00000000`00000000
fffff880`05c721f8  00000000`00000000
fffff880`05c72200  00000000`00000000
fffff880`05c72208  00000000`00000000
fffff880`05c72210  00000000`00000000
fffff880`05c72218  00000000`00000000
fffff880`05c72220  00000000`00000000
fffff880`05c72228  00000000`00000000
fffff880`05c72230  00000000`00000000
fffff880`05c72238  00000000`00000000
fffff880`05c72240  00000000`00000000
fffff880`05c72248  00000000`00000000
fffff880`05c72250  00000000`00000000
fffff880`05c72258  00000000`00000000
fffff880`05c72260  00000000`00000000
fffff880`05c72268  00000000`00000000
fffff880`05c72270  00000000`00000000
fffff880`05c72278  00000000`00000000
fffff880`05c72280  00000000`00000000
fffff880`05c72288  00000000`00000000
fffff880`05c72290  00000000`00000000
fffff880`05c72298  00000000`00000000
fffff880`05c722a0  00000000`00000000
fffff880`05c722a8  00000000`00000000
fffff880`05c722b0  00000000`00000000
fffff880`05c722b8  00000000`00000000
fffff880`05c722c0  00000000`00000000
fffff880`05c722c8  00000000`00000000
fffff880`05c722d0  00000000`00000000
fffff880`05c722d8  00000000`00000000
fffff880`05c722e0  00000000`00000000
fffff880`05c722e8  00000000`00000000
fffff880`05c722f0  00000000`00000000
fffff880`05c722f8  00000000`00000000
fffff880`05c72300  00000000`00000000
fffff880`05c72308  00000000`00000000
fffff880`05c72310  00000000`00000000
fffff880`05c72318  00000000`00000000
fffff880`05c72320  00000000`00000000
fffff880`05c72328  00000000`00000000
fffff880`05c72330  00000000`00000000
fffff880`05c72338  00000000`00000000
fffff880`05c72340  00000000`00000000
fffff880`05c72348  00000000`00000000
fffff880`05c72350  00000000`00000000
fffff880`05c72358  fffff880`02f5a2e0[COLOR="#FF0000"][B]Unable to load image \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20120919.001\BHDrvx64.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for BHDrvx64.sys
*** ERROR: Module load completed but symbols could not be loaded for BHDrvx64.sys[/B][/COLOR]
 BHDrvx64+0x1372e0
fffff880`05c72360  fffff880`05c723b8
fffff880`05c72368  fffffa80`04d3cc00
fffff880`05c72370  fffff880`05c72430
fffff880`05c72378  fffff880`05c72380
fffff880`05c72380  00000000`00000000
fffff880`05c72388  fffff880`02e4fe99 BHDrvx64+0x2ce99
fffff880`05c72390  fffff8a0`027c32d0
fffff880`05c72398  00000000`00000000
fffff880`05c723a0  00000000`00000224
fffff880`05c723a8  fffff800`02ee7f8f nt!KeWaitForSingleObject+0x19f
fffff880`05c723b0  00000000`00000003
fffff880`05c723b8  fffff880`010269f0[COLOR="#FF0000"][B]Unable to load image \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS, Win32 error 0n2
*** WARNING: Unable to verify timestamp for SYMEVENT64x86.SYS
*** ERROR: Module load completed but symbols could not be loaded for SYMEVENT64x86.SYS[/B][/COLOR]
 SYMEVENT64x86+0x269f0
fffff880`05c723c0  fffff8a0`00c97620
fffff880`05c723c8  fffffa80`07ea4c18
fffff880`05c723d0  fffff880`05c72538
fffff880`05c723d8  fffff880`03386180
fffff880`05c723e0  fffffa80`04d3cb50
fffff880`05c723e8  00000000`00000000
fffff880`05c723f0  fffff880`05c71810
fffff880`05c723f8  00000000`00000000
fffff880`05c72400  00000000`00000000
fffff880`05c72408  fffff880`05c72620
fffff880`05c72410  fffffa80`07cd7c60
fffff880`05c72418  fffff800`02ee12c4 nt!KeBugCheckEx+0x104
fffff880`05c72420  fffff8a0`00c97620
fffff880`05c72428  00000000`00000001
fffff880`05c72430  fffff8a0`00ce5dc0
fffff880`05c72438  fffff800`02e87a30 nt! ?? ::FNODOBFM::`string'+0x43804
fffff880`05c72440  fffff800`02ef6174 nt!IopCompleteRequest+0xc64
fffff880`05c72448  00000000`00000000
fffff880`05c72450  00000000`00000286
fffff880`05c72458  fffff800`02ee0769 nt!KiBugCheckDispatch+0x69
fffff880`05c72460  00000000`0000000a
fffff880`05c72468  00000000`00000000
fffff880`05c72470  00000000`00000002
fffff880`05c72478  00000000`00000000
fffff880`05c72480  fffff800`02ef6174 nt!IopCompleteRequest+0xc64
fffff880`05c72488  fffff880`05c72500
fffff880`05c72490  00000000`00000000
fffff880`05c72498  00000000`00000000
fffff880`05c724a0  00000000`00000000
fffff880`05c724a8  00000000`00000000
fffff880`05c724b0  00000000`00000000
fffff880`05c724b8  00000000`00000000
fffff880`05c724c0  00000000`00000000
fffff880`05c724c8  00000000`00000000
fffff880`05c724d0  00000000`00000000
fffff880`05c724d8  00000000`00000000
fffff880`05c724e0  00000000`00000000
fffff880`05c724e8  00000000`00000000
fffff880`05c724f0  00000000`00000000
fffff880`05c724f8  00000000`00000000
fffff880`05c72500  00000000`00000000
fffff880`05c72508  00000000`00000000
fffff880`05c72510  00000000`00000000
fffff880`05c72518  00000000`00000000
fffff880`05c72520  00000000`00000000
fffff880`05c72528  00000000`00000000
fffff880`05c72530  fffff8a0`00ca1700
fffff880`05c72538  fffffa80`0672f220
fffff880`05c72540  fffff8a0`00c97620
fffff880`05c72548  00000980`00000000
fffff880`05c72550  0000007f`fffffff8
fffff880`05c72558  fffff8a0`00c97620
fffff880`05c72560  fffffa80`07cd7c60
fffff880`05c72568  00000000`00000000
fffff880`05c72570  00000000`00000000
fffff880`05c72578  fffff880`05c71810
fffff880`05c72580  00000000`00000000
fffff880`05c72588  fffffa80`04d3cb50
fffff880`05c72590  fffff880`03386180
fffff880`05c72598  fffff800`02edf3e0 nt!KiPageFault+0x260
fffff880`05c725a0  00000000`00000200
fffff880`05c725a8  fffff880`05c72858
fffff880`05c725b0  fffffa80`07cd8f78
fffff880`05c725b8  fffffa80`07cd7c60
fffff880`05c725c0  fffff880`05c72858
fffff880`05c725c8  00001f80`01008f78
fffff880`05c725d0  fffff880`05c71818
fffff880`05c725d8  00000000`00000000
fffff880`05c725e0  00000000`00000000
fffff880`05c725e8  00000000`00004740
fffff880`05c725f0  00000000`00000080
fffff880`05c725f8  00000000`00000002
fffff880`05c72600  00000000`000001c8
fffff880`05c72608  fffff880`05c72858
fffff880`05c72610  00000000`00020000
fffff880`05c72618  fffff880`0467cab8 EraserUtilRebootDrv+0x2ab8
fffff880`05c72620  00000000`00000000
fffff880`05c72628  00000000`00000000
fffff880`05c72630  00000000`00000000
fffff880`05c72638  00000000`00000000
fffff880`05c72640  00000000`00000000
fffff880`05c72648  00000000`00000000
fffff880`05c72650  00000000`00000000
fffff880`05c72658  00000000`00000000
fffff880`05c72660  00000000`00000000
fffff880`05c72668  00000000`00000000
fffff880`05c72670  00000000`00000000
fffff880`05c72678  fffff880`01021fd8 SYMEVENT64x86+0x21fd8
fffff880`05c72680  fffff8a0`00660066
fffff880`05c72688  fffff8a0`028c51c0
fffff880`05c72690  000007fe`fd4e0000
fffff880`05c72698  00000000`00013000
fffff880`05c726a0  0000f310`00000224
fffff880`05c726a8  00000000`4ea7975d
fffff880`05c726b0  fffffa80`07f6bec0
fffff880`05c726b8  00000000`00000080
fffff880`05c726c0  000007fe`fd4e0000
fffff880`05c726c8  00000000`000007ff
fffff880`05c726d0  ffff0000`04c54693
fffff880`05c726d8  00000000`00000006
fffff880`05c726e0  00000000`00000000
fffff880`05c726e8  fffff8a0`00bf4080
fffff880`05c726f0  fffff880`05c72ae0
fffff880`05c726f8  00000000`00000000
fffff880`05c72700  00000000`00000000
fffff880`05c72708  fffff800`02ef6174 nt!IopCompleteRequest+0xc64
fffff880`05c72710  00000000`00000010
fffff880`05c72718  00000000`00010217
fffff880`05c72720  fffff880`05c72730
fffff880`05c72728  00000000`00000018
fffff880`05c72730  00000000`00000001
fffff880`05c72738  00000000`00000000
fffff880`05c72740  fffff880`20206f49
fffff880`05c72748  fffff880`05c72a18
fffff880`05c72750  fffffa80`04d3c060
fffff880`05c72758  fffff800`031fa0b2 nt!MiMapViewOfImageSection+0x9b2
fffff880`05c72760  fffffa80`07cd8f20
fffff880`05c72768  fffffa80`04d3c278
fffff880`05c72770  00000000`00000001
fffff880`05c72778  fffffa80`04d3cb50
fffff880`05c72780  fffffa80`07cd7c60
fffff880`05c72788  fffffa80`039e9890
fffff880`05c72790  00000000`00000000
fffff880`05c72798  fffff800`031c6ed7 nt!ObInsertObjectEx+0x137
fffff880`05c727a0  00000000`00000000
fffff880`05c727a8  fffffa80`07f0fdf0
fffff880`05c727b0  fffffa80`00000000
fffff880`05c727b8  00000000`00000000
fffff880`05c727c0  fffff880`05c72ae0
fffff880`05c727c8  fffffa80`04d3c060
fffff880`05c727d0  fffff880`05c72a00
fffff880`05c727d8  00000000`00000001
fffff880`05c727e0  00000000`00000000
fffff880`05c727e8  fffffa80`04d3cba0
fffff880`05c727f0  fffffa80`04d3cb50
fffff880`05c727f8  fffff800`02ed3bd7 nt!KiDeliverApc+0x1c7
fffff880`05c72800  00000000`00000000
fffff880`05c72808  00000000`00000000
fffff880`05c72810  00000000`00000000
fffff880`05c72818  fffff8a0`00000000
fffff880`05c72820  fffff880`05c72898
fffff880`05c72828  fffffa80`07f33250
fffff880`05c72830  00000000`00000000
fffff880`05c72838  00000000`00000000
fffff880`05c72840  00000000`0030eba8
fffff880`05c72848  00000000`00000000
fffff880`05c72850  fffff880`05c72a10
fffff880`05c72858  fffff880`05c72a18
fffff880`05c72860  00000000`00000000
fffff880`05c72868  00000000`00000000
fffff880`05c72870  fffff880`05c72b60
fffff880`05c72878  fffff800`02e8aa85 nt!KiCheckForKernelApcDelivery+0x25
fffff880`05c72880  00000000`00000000
fffff880`05c72888  00000000`00000000
fffff880`05c72890  00000000`00000000
fffff880`05c72898  00000000`00000000
fffff880`05c728a0  fffffa80`04d3cb50
fffff880`05c728a8  fffff800`0312c96a nt! ?? ::NNGAKEGL::`string'+0x2a53a
fffff880`05c728b0  fffffa80`07f331d0
fffff880`05c728b8  fffffa80`04d3c060
fffff880`05c728c0  fffff880`05c72a10
fffff880`05c728c8  fffff880`05c72a08
fffff880`05c728d0  fffff880`05c72a18
fffff880`05c728d8  fffff8a0`028cc140
fffff880`05c728e0  00000000`00000001
fffff880`05c728e8  00000000`00000000
fffff880`05c728f0  00000000`00000000
fffff880`05c728f8  00000000`00000005
fffff880`05c72900  00000000`00000014
fffff880`05c72908  00000000`00000000
fffff880`05c72910  00000000`00000000
fffff880`05c72918  00000000`00000000
fffff880`05c72920  00000000`00000000
fffff880`05c72928  00000000`00000000
fffff880`05c72930  00000000`00000000
fffff880`05c72938  00000000`00000000
fffff880`05c72940  00000000`00000000
fffff880`05c72948  00000000`00000000
fffff880`05c72950  00000000`00000000
fffff880`05c72958  00000000`0030eba8
fffff880`05c72960  00000000`0030eb40
fffff880`05c72968  00000000`00000000
fffff880`05c72970  00000000`00000000
fffff880`05c72978  00000000`00000000
fffff880`05c72980  fffff880`05c72b60
fffff880`05c72988  fffff8a0`028cc140
fffff880`05c72990  00000000`00000000
fffff880`05c72998  fffff800`031f642e nt!NtMapViewOfSection+0x2bd
fffff880`05c729a0  fffffa80`00000004
fffff880`05c729a8  fffffa80`04d3c060
fffff880`05c729b0  fffff880`05c72a10
fffff880`05c729b8  00000000`00000000
fffff880`05c729c0  00000000`00000000
fffff880`05c729c8  fffff880`05c72a08
fffff880`05c729d0  fffff880`05c72a18
fffff880`05c729d8  fffff880`00000001
fffff880`05c729e0  fffffa80`00000000
fffff880`05c729e8  fffff800`00000004
fffff880`05c729f0  fffffa80`00000002
fffff880`05c729f8  00000000`00000000
fffff880`05c72a00  fffffa80`00000002
fffff880`05c72a08  00000000`00000000
fffff880`05c72a10  000007fe`fd4e0000
fffff880`05c72a18  00000000`00013000
fffff880`05c72a20  fffffa80`04d3c060
fffff880`05c72a28  fffff8a0`028cc140
fffff880`05c72a30  00000000`00000000
fffff880`05c72a38  00000000`00000000
fffff880`05c72a40  00000000`20000000
fffff880`05c72a48  00000000`00000000
fffff880`05c72a50  00000000`0030eb40
fffff880`05c72a58  00000000`00000014
fffff880`05c72a60  fffff880`05c72a88
fffff880`05c72a68  fffff800`02ee0453 nt!KiSystemServiceCopyEnd+0x13
fffff880`05c72a70  00000000`00000014
fffff880`05c72a78  fffffa80`04d3cb50
fffff880`05c72a80  00000000`0030ea68
fffff880`05c72a88  00000000`0030ec01
fffff880`05c72a90  00000000`00000000
fffff880`05c72a98  00000000`00000000
fffff880`05c72aa0  00000000`0030eba8
fffff880`05c72aa8  00000000`00000001
fffff880`05c72ab0  00000000`00000000
fffff880`05c72ab8  00000000`00000004
fffff880`05c72ac0  00000000`0030ecc8
fffff880`05c72ac8  00000000`00000000
fffff880`05c72ad0  00000000`00000000
fffff880`05c72ad8  fffff800`02ee0453 nt!KiSystemServiceCopyEnd+0x13
fffff880`05c72ae0  00000000`00000008
fffff880`05c72ae8  00000000`7704a691
fffff880`05c72af0  fffffa80`04d3cb50
fffff880`05c72af8  00000000`0030eb60
fffff880`05c72b00  00000000`00000000
fffff880`05c72b08  00001f80`02080000
fffff880`05c72b10  00000000`c0000034
fffff880`05c72b18  00000000`7705168a
fffff880`05c72b20  00000000`00000000
fffff880`05c72b28  00000000`0030ea68
fffff880`05c72b30  00000000`77132520
fffff880`05c72b38  00000000`00000000
fffff880`05c72b40  00000000`00000202
fffff880`05c72b48  000007ff`fffde000
fffff880`05c72b50  00000000`00000000
fffff880`05c72b58  00000000`00000000
fffff880`05c72b60  00000000`00000000
fffff880`05c72b68  00000000`00000000
fffff880`05c72b70  00000000`00000000
fffff880`05c72b78  00000000`00000000
fffff880`05c72b80  00000000`00000000
fffff880`05c72b88  00000000`00000000
fffff880`05c72b90  00000000`00000000
fffff880`05c72b98  00000000`00000000
fffff880`05c72ba0  00000000`00000000
fffff880`05c72ba8  00000000`00000000
fffff880`05c72bb0  00000000`7704a691
fffff880`05c72bb8  00000000`00000000
fffff880`05c72bc0  00000000`00000000
fffff880`05c72bc8  00000000`00000000
fffff880`05c72bd0  00000000`00000000
fffff880`05c72bd8  00000000`00000000
fffff880`05c72be0  00000000`00000000
fffff880`05c72be8  00000000`00000000
fffff880`05c72bf0  00000000`00000000
fffff880`05c72bf8  00000000`00000000
fffff880`05c72c00  00000000`00000000
fffff880`05c72c08  00000000`00000000
fffff880`05c72c10  00000000`00000000
fffff880`05c72c18  00000000`00000000
fffff880`05c72c20  00000000`00000000
fffff880`05c72c28  000007ff`fffde000
fffff880`05c72c30  00000000`00413740
fffff880`05c72c38  00000000`00000000
fffff880`05c72c40  00000000`00000014
fffff880`05c72c48  00000000`7705159a
fffff880`05c72c50  00000000`00000033
fffff880`05c72c58  00000000`00000286
fffff880`05c72c60  00000000`0030ea48
fffff880`05c72c68  00000000`0000002b
fffff880`05c72c70  fffff880`05c73000
fffff880`05c72c78  fffff880`05c6d000
fffff880`05c72c80  fffff880`05c71890
fffff880`05c72c88  00000000`00000000
fffff880`05c72c90  fffff880`05c6d000
fffff880`05c72c98  00000000`00000000
fffff880`05c72ca0  00000000`00000000
fffff880`05c72ca8  00000000`00000000
fffff880`05c72cb0  00000000`00000000
fffff880`05c72cb8  00000000`00000000
fffff880`05c72cc0  00000000`0000027f
fffff880`05c72cc8  00000000`00000000
fffff880`05c72cd0  00000000`00000000
fffff880`05c72cd8  0000ffff`00001f80
fffff880`05c72ce0  00000000`00000000
fffff880`05c72ce8  00000000`00000000
fffff880`05c72cf0  00000000`00000000
fffff880`05c72cf8  00000000`00000000
fffff880`05c72d00  00000000`00000000
fffff880`05c72d08  00000000`00000000
fffff880`05c72d10  00000000`00000000
fffff880`05c72d18  00000000`00000000
fffff880`05c72d20  00000000`00000000
fffff880`05c72d28  00000000`00000000
fffff880`05c72d30  00000000`00000000
fffff880`05c72d38  00000000`00000000
fffff880`05c72d40  00000000`00000000
fffff880`05c72d48  00000000`00000000
fffff880`05c72d50  00000000`00000000
fffff880`05c72d58  00000000`00000000
fffff880`05c72d60  00000000`00000000
fffff880`05c72d68  00000000`00000000
fffff880`05c72d70  00000000`00000000
fffff880`05c72d78  00000000`00000000
fffff880`05c72d80  00000000`00000000
fffff880`05c72d88  00000000`00000000
fffff880`05c72d90  00000000`00000000
fffff880`05c72d98  00000000`00000000
fffff880`05c72da0  00000000`00000000
fffff880`05c72da8  00000000`00000000
fffff880`05c72db0  00000000`00000000
fffff880`05c72db8  00000000`00000000
fffff880`05c72dc0  00000000`00000000
fffff880`05c72dc8  00000000`00000000
fffff880`05c72dd0  00000000`00000000
fffff880`05c72dd8  00000000`00000000
fffff880`05c72de0  00000000`00000000
fffff880`05c72de8  00000000`00000000
fffff880`05c72df0  00000000`00000000
fffff880`05c72df8  00000000`00000000
fffff880`05c72e00  00000000`00000000
fffff880`05c72e08  00000000`00000000
fffff880`05c72e10  00000000`00000000
fffff880`05c72e18  00000000`00000000
fffff880`05c72e20  00000000`00000000
fffff880`05c72e28  00000000`00000000
fffff880`05c72e30  00000000`00000000
fffff880`05c72e38  00000000`00000000
fffff880`05c72e40  00000000`00000000
fffff880`05c72e48  00000000`00000000
fffff880`05c72e50  00000000`00000000
fffff880`05c72e58  00000000`00000000
fffff880`05c72e60  00000000`00000000
fffff880`05c72e68  00000000`00000000
fffff880`05c72e70  00000000`00000000
fffff880`05c72e78  00000000`00000000
fffff880`05c72e80  00000000`00000000
fffff880`05c72e88  00000000`00000000
fffff880`05c72e90  00000000`00000000
fffff880`05c72e98  00000000`00000000
fffff880`05c72ea0  00000000`00000000
fffff880`05c72ea8  00000000`00000000
fffff880`05c72eb0  00000000`00000000
fffff880`05c72eb8  00000000`00000000
fffff880`05c72ec0  00000000`00000001
fffff880`05c72ec8  00000000`00000000
fffff880`05c72ed0  00000000`00000000
fffff880`05c72ed8  00000000`00000000
fffff880`05c72ee0  00000000`00000000
fffff880`05c72ee8  00000000`00000000
fffff880`05c72ef0  00000000`00000000
fffff880`05c72ef8  00000000`00000000
fffff880`05c72f00  00000000`00000000
fffff880`05c72f08  00000000`00000000
fffff880`05c72f10  00000000`00000000
fffff880`05c72f18  00000000`00000000
fffff880`05c72f20  00000000`00000000
fffff880`05c72f28  00000000`00000000
fffff880`05c72f30  00000000`00000000
fffff880`05c72f38  00000000`00000000
fffff880`05c72f40  00000000`00000000
fffff880`05c72f48  00000000`00000000
fffff880`05c72f50  00000000`00000000
fffff880`05c72f58  00000000`00000000
fffff880`05c72f60  00000000`00000000
fffff880`05c72f68  00000000`00000000
fffff880`05c72f70  00000000`00000000
fffff880`05c72f78  00000000`00000000
fffff880`05c72f80  00000000`00000000
fffff880`05c72f88  00000000`00000000
fffff880`05c72f90  00000000`00000000
fffff880`05c72f98  00000000`00000000
fffff880`05c72fa0  00000000`00000000
fffff880`05c72fa8  00000000`00000000
fffff880`05c72fb0  00000000`00000000
fffff880`05c72fb8  00000000`00000000
fffff880`05c72fc0  00000000`00000000
fffff880`05c72fc8  00000000`00000000
fffff880`05c72fd0  00000000`00000000
fffff880`05c72fd8  00000000`00000000
fffff880`05c72fe0  00000000`00000000
fffff880`05c72fe8  00000000`00000000
fffff880`05c72ff0  00000000`00000000
fffff880`05c72ff8  00000000`00000000
quit:

The red highlights in the code box show that Norton was a likely culprit to the crash. Guess my first suspect is starting to look like the likely cause. A second opinion would be great, though.


http://www.carrona.org/drivers/driver.php?id=EraserUtilRebootDrv.sys
http://www.carrona.org/drivers/driver.php?id=BHDrvx64.sys
http://www.carrona.org/drivers/driver.php?id=SYMEVENT64x86.SYS

 

[Tekno Venus]

Very similar to this thread - https://www.sysnative.com/forums/showthread.php/3837-Looking-for-a-BSOD-solution-for-ntoskrnl-exe

Not in any position to analyse it at the mo, will try and look tomorrow and see what I find.

Stephen

 

[writhziden]

Thanks Stephen. Appreciate the find!


Something else that I found enlightening: That user also had it occur during startup. Check out the System Uptime.

0:00:32.309

My Uptime:

0:00:15.383

 

[jcgriff2]

There is no absolute confirmation as you know.

I've run everything I know on on the full kernel. Nothing points directly to Norton, rather everything points toward it.

Norton removal would be my #1 priority for anyone with BSODs.

When did you install it? I don't remember seeing it when I went through your files 2 days ago.

 

[writhziden]

It was pre-installed on the factory image I restored. I figured I'd leave it for the 30 day trial while I tested out the system. Performance seemed better for a while, but as I installed more Windows updates, things slowed down. May just be a coincidence with the Windows updates, though. The system seems to go through periods when it runs faster and then others when it seems like a ten year old system. The strange thing is that it is only explorer.exe and iexplore.exe that suffer. My graphics based applications all fly no matter what I do.

I may have to revert back to the original image again to see whether performance improves without installing updates for a time and then install updates one at a time to see if one causes performance issues. I may do that at some point when I have a bit more time and feel like looking into it more. I'm going to leave this thread open for a few days to make sure crashes are gone with MSE in place of NIS.

 

[jcgriff2]

Have you gone through this before?

i.e., you have re-loaded (for lack of a better term) this "light" OEM version that you created from the OEM recovery partition before; all seems well at 1st, then the system steadily degrades and the process is repeated?

I would definitely use the FULL Toshiba OEM recovery disk(s) and re-install Windows 7.

I would also suggest that you wipe the HDD with KillDisk and install Windows 7 Enterprise 90-day Trial version -

http://technet.microsoft.com/en-us/evalcenter/cc442495.aspx

I would go with the trial version 1st - it is full retail with embedded keycode.

Install trial version via USB in case DVD drive has some issue like mine did. It took me ~18 months and at least that many re-installs to figure that one out. USB install did the trick for me in <20 minutes.

You last reinstalled <4 days ago, so you should know within a few days if the new re-install goes the same way this one did or not/

 

[writhziden]

Alright, no more crashes have occurred.

Did another fresh install, this time after writing zeros to all sectors. Still had the same slowness. That pretty much rules out a virus...

Restored my factory image for the second time in three days. NIS is gone and MSE is in its place. System is still slow and hangs for a few seconds when opening directories, opening IE9, etc.

I installed Ubuntu on another partition. I then installed my retail Windows 7 on VirtualBox in Ubuntu. All is fast as can be in Ubuntu and in the virtual environment. No hangs in Windows virtually, but lots of hangs when running Windows directly. Both are 64-bit. Both are Windows 7 Home Premium with all updates installed. :confused2:


Should I mark the thread solved given that the blue screens are a thing of the past, or would someone like to help me with my performance issues?

 

[writhziden]

Alright, I may have tracked down the problem. There are 50+ sectors that have been remapped due to being bad. While remapping bad sectors is not uncommon on hard drives, that seems like a fairly high number to me. Ubuntu has it in the WARNING status due to the number. I know that a full format will remap the drive to provide better allocation around those sectors, but I do not know if it is worth the effort.

I plan to contact Sony in the morning to see what they advise about the hard drive. I would prefer it if they would just let me ship the drive so I can use one of my smaller spares in the meantime, but they will probably want the whole system through the warranty... I wonder if I can contact Toshiba directly about it and see if they can cover their warranty. I may try that, as well.

The reason I started looking into the hard drive is the one key difference I could think of between a virtual environment and running Windows directly. From what I have experienced, I am inclined to think that the virtual environment actually runs part of the Windows hard disk within memory. That explains the faster load and shutdown times I have always seen in Virtual Windows compared to regularly installed Windows. If that is the case, then the slowness I experience running normally could be due to the hard drive cache being used more on a normal installation than the RAM cache.

 

[jcgriff2]

There are 50+ sectors that have been remapped due to being bad.

What HDD diagnostic test showed bad sectors?

Your App Event Log shows chkdsk ran on 9/27 - 0 KB in bad sectors -

Event[2831]:
  Log Name: Application
  Source: Microsoft-Windows-Wininit
  Date: 2012-09-27T06:25:56.000
  Event ID: 1001
  Description: 

Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.                         

CHKDSK is verifying files (stage 1 of 3)...
  139776 file records processed.                                         

File verification completed.
  143 large file records processed.                                   

  0 bad file records processed.                                     

  0 EA records processed.                                           

  77 reparse records processed.                                      

CHKDSK is verifying indexes (stage 2 of 3)...
  188922 index entries processed.                                        

Index verification completed.
  0 unindexed files scanned.                                        

  0 unindexed files recovered.                                      

CHKDSK is verifying security descriptors (stage 3 of 3)...
  139776 file SDs/SIDs processed.                                        

Cleaning up 402 unused index entries from index $SII of file 0x9.
Cleaning up 402 unused index entries from index $SDH of file 0x9.
Cleaning up 402 unused security descriptors.
Security descriptor verification completed.
  24574 data files processed.                                           

CHKDSK is verifying Usn Journal...
  34581008 USN bytes processed.                                            

Usn Journal verification completed.
Windows has checked the file system and found no problems.

 112931839 KB total disk space.
  58464924 KB in 114538 files.
     67360 KB in 24575 indexes.
       [COLOR="#FF0000"]  0 KB in bad sectors.[/COLOR]
    243863 KB in use by the system.
     65536 KB occupied by the log file.
  54155692 KB available on disk.

      4096 bytes in each allocation unit.
  28232959 total allocation units on disk.
  13538923 allocation units available on disk.

Internal Info:
00 22 02 00 75 1f 02 00 86 eb 03 00 00 00 00 00  ."..u...........
a7 01 00 00 4d 00 00 00 00 00 00 00 00 00 00 00  ....M...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

Windows has finished checking your disk.
Please wait while your computer restarts.

While remapping bad sectors is not uncommon on hard drives, that seems like a fairly high number to me. Ubuntu has it in the WARNING status due to the number. I know that a full format will remap the drive to provide better allocation around those sectors, but I do not know if it is worth the effort.

I thought you did a low-level format yesterday. Did it hang?

 

[writhziden]

Diskpart clean all isn't the same as a low level format. It just removes any chance of a virus being on the drive. That doesn't mean the system is free of infection since some infections can target the BIOS, but those are rare from what I've read.

I hadn't done the low level or full format yet as I did not want to do too many steps at once and then have no idea what the cause of my issue was if it suddenly vanished. If it is the hard drive as I suspect, the low level format may help. The best test would be to swap it out with my drive from my five year old system (the drive was brand new, bought two years ago and barely used) to see if that provides better performance.

Basically, I wanted to see if it was a hardware or software (virus) issue. If it is hardware based, as all tests so far indicate, then I have a greater concern for the system than if it had been a virus. It's unfortunate the clean all did not resolve it.

 

[jcgriff2]

Drive d:

Event[2849]:
  Log Name: Application
  Source: Chkdsk
  Date: 2012-09-27T06:17:20.000

Checking file system on D:
Volume label is Data.

CHKDSK is verifying files (stage 1 of 3)...
  13568 file records processed.                                         

File verification completed.
  0 large file records processed.                                   

  0 bad file records processed.                                     

  0 EA records processed.                                           

  0 reparse records processed.                                      

CHKDSK is verifying indexes (stage 2 of 3)...
  16778 index entries processed.                                        

Index verification completed.


CHKDSK is verifying security descriptors (stage 3 of 3)...
  13568 file SDs/SIDs processed.                                        

Cleaning up 14 unused index entries from index $SII of file 0x9.
Cleaning up 14 unused index entries from index $SDH of file 0x9.
Cleaning up 14 unused security descriptors.
Security descriptor verification completed.
  1606 data files processed.                                           

CHKDSK is verifying Usn Journal...
  1108856 USN bytes processed.                                            

Usn Journal verification completed.
Windows has checked the file system and found no problems.

 260092927 KB total disk space.
  37538400 KB in 11481 files.
      4984 KB in 1607 indexes.
     88547 KB in use by the system.
     65536 KB occupied by the log file.
 222460996 KB available on disk.

      4096 bytes in each allocation unit.
  65023231 total allocation units on disk.
  55615249 allocation units available on disk.

 

[jcgriff2]

Diskpart clean all isn't the same as a low level format. It just removes any chance of a virus being on the drive. That doesn't mean the system is free of infection since some infections can target the BIOS, but those are rare from what I've read.

I hadn't done the low level or full format yet as I did not want to do too many steps at once and then have no idea what the cause of my issue was if it suddenly vanished. If it is the hard drive as I suspect, the low level format may help. The best test would be to swap it out with my drive from my five year old system (the drive was brand new, bought two years ago and barely used) to see if that provides better performance.

Basically, I wanted to see if it was a hardware or software (virus) issue. If it is hardware based, and all tests so far indicate, then I have a greater concern for the system than if it had been a virus. It's unfortunate the clean all did not resolve it.

But..... what told you there are bad sectors on the HDD?

Did you run SeaTools for DOS?

http://www.seagate.com/support/inte...-electronics/ld25-series/seatools-dos-master/

Burn ISO to CD-R; run SeaTools LONG test.

 

[writhziden]

SeaTools passes fine. The Ubuntu disk checks pass fine, as well. They also provide a warning that even though the SMART test passes, the number of bad sectors could pose a problem in the future if they continue to accumulate.

 

[jcgriff2]

Is that just a general warning or did it actually say that your HDD has bad sectors?

I'm not familiar with Ubuntu disk check, but it said HDD OK, yet "...the number of bad sectors could pose a problem in the future if they continue to accumulate. "?

I did find a few of these in System log -

Event[5598]:
  Log Name: System
  Source: Disk
  Date: 2012-09-25T20:28:35.904
  Event ID: 11
  Task: N/A
  Description: 
The driver detected a controller error on \Device\Harddisk1\DR1.

Is that your TOSHIBA MK5061GSY 500 GB SATA HDD?

I also saw several events recorded for USB drivers loading for Cruser, Kingston USB sticks/drives.

Were any of those plugged in when Ubuntu gave sector warning?

Did perfmon /report show dirty bit?

Toshiba diagnostics all seem to refer to "...Fujitsu Branded Toshiba hard drive.." -

http://storage.toshiba.com/storage-services-support/warranty-support/software-utilities#diagnostic

I don't see anything for Toshiba HDDs.

I'm still not sold on HDD being THE sole issue, given the PASS results of SeaTools, chkdsk, Ubuntu disk check.

 

[writhziden]

Not sure whether Harddisk1\DR1 is the Toshiba. If the problem comes back, I'll check the registry for which Harddisk number the Toshiba is: http://support.microsoft.com/kb/159865

The USB drives were not in the system when the errors occurred. The errors are associated with my 465 GB drive, which is definitely the Toshiba since it is the only drive of that size I have ever used on the laptop.

Forgot to run perfmon /report. :thud: My apologies. I'll run it if problems persist.

Yes, the only diagnostics provided for Toshiba drives are typically supplied by the PC vendor, which in my case is Sony. The scan and repair did not remove the bad sectors. I'll provide a screenshot of the warning I am given when Windows is finished installing and I can run the Ubuntu disc and select the Try Ubuntu option (so it is not installed to the hard drive).

I am not sold on the HDD being the sole issue either, but right now, it is the only possible hardware that is currently dancing around yelling "Hey, look at me!" so I'm looking at it. I'd like to rule it out before I start worrying about hardware that I cannot test with simple remove and replace methods. Anything that involves taking the system completely apart is going to be left for Sony's technicians via my warranty. I've already ruled out the RAM as the issue. The hard drive and optical drive are the only two items left that I can physically get my hands on to test. I don't plan on testing the optical drive since I highly doubt it would cause this much trouble, but you understand what I mean.

 

[jcgriff2]

A good friend and Mod suggested HDTune - http://www.hdtune.com/download.html

Download the Pro trial version and run a surface scan.

Can't hurt!

 

[writhziden]

Sounds like a good plan. Recovering... is nearly complete. Should be able to start on things tomorrow morning a bit. I'll let you know how all goes.

 

[jcgriff2]

Good luck, my friend.

 

[usasma]

Bad HDD can cause the exact symptoms that you describe. It's the OS looking on the hard drive for stuff - and having to re-check repeatedly in order to verify that the data is good. In Task Manager monitor I/O Reads and I/O Other (to enable, select View...Select Columns...and then select both I/O Reads and I/O Other) - you may note excessively high numbers that don't correspond to just one image name.

I didn't see, but did you use the Norton Removal Tool? Older versions of Norton would tend to leave bits and pieces laying around that could cause problems.

Also, when contacting Sony - ask for a set of recovery disks (in order to test to see if the recovery partition was affected by those bad sectors). I've seen Sony send out recovery disks for free in similar circumstances.