Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Updates and the blue screen of death?


  • Please log in to reply
8 replies to this topic

#1 LadyDomino

LadyDomino

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 17 January 2015 - 05:14 PM

Like many, I let my laptop do its windows updates and install them - but I think one of its latest updates is causing the blue screen of death, which occurs roughly 5 minutes after booting up.  The blue screen lasts for only a matter of 10 seconds, and the only words I managed to notice was "cache dump", then the laptop reboots.

 

This performace only started after the latest updates were installed.  When I set the laptop to a restore point prior to the update, everything was fine, UNTIL windows decided to download and install the updates again (despite me changeing the settings to let me decide which updates to install).

 

I don't understand the codes, but these are the updates....

 

KB3023266

KB3022777

KB3021674

KB3020388

KB3019215

 

Am I jumping to conclusions in beleiving that these updates are causing my problems?

 

Any suggestions for the bewildered welcomed



BC AdBot (Login to Remove)

 


#2 sflatechguy

sflatechguy

  • BC Advisor
  • 2,266 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:46 AM

Posted 17 January 2015 - 07:13 PM

It's possible, but a look at the minidump file might provide a clearer answer. If it created a dump file, it will be located in the C:\Windows\Minidump folder. If that folder doesn't exist, and you can get your computer to run long enough, make sure it's set to create a minidump file the next time it blue screens:

 

Go to Control Panel, System and Security, click System, then click Advanced system settings. Click the Advanced tab in the window that opens, and Inside the Startup and recovery section, click the Settings button. In the Startup and recovery window that opens, in the Write debugging information section, select the Small memory dump and click OK.

 

If there is a minidump file in that folder already, or if you can get it to create one, copy the file to the desktop and then upload it here:

http://www.osronline.com/page.cfm?name=analyze

 

Copy and paste the report generated in your next post.



#3 Triple20

Triple20

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 18 January 2015 - 06:03 AM

Hi there,

 

I am having trouble with downloading the first four updates you mention. My laptop locks when I try to update. I guess something is wrong with these updates. I try to find some answers on the internet, but they are rare.



#4 sflatechguy

sflatechguy

  • BC Advisor
  • 2,266 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:46 AM

Posted 18 January 2015 - 01:05 PM

@Triple20

Please start a new thread. That will ensure your issue gets the attention it needs and will eliminate any confusion.

 

Thanks.



#5 LadyDomino

LadyDomino
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 18 January 2015 - 05:16 PM

Hi sflatechguy,

 

Managed to find the minidump file, and then laptop decided to do the blue screen thingy again.

 

So when got back into the file - had 2 of the reports

 

First One (17/1/2015)

 

 

Crash Dump Analysis provided by OSR Open Systems Resources, Inc. (http://www.osr.com)
Online Crash Dump Analysis Service
See http://www.osronline.com for more information
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.18700.amd64fre.win7sp1_gdr.141211-1742
Machine Name:
Kernel base = 0xfffff800`0364e000 PsLoadedModuleList = 0xfffff800`03891890
Debug session time: Sat Jan 17 16:31:45.733 2015 (UTC - 5:00)
System Uptime: 0 days 0:07:31.872
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 0000000000000000, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
Arg4: fffff880031a248c, address which referenced memory

Debugging Details:
------------------

TRIAGER: Could not open triage file : e:\dump_analysis\program\triage\modclass.ini, error 2

READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800038fb100
GetUlongFromAddress: unable to read from fffff800038fb1c0
0000000000000000 Nonpaged pool

CURRENT_IRQL: 2

FAULTING_IP:
IDSvia64+5648c
fffff880`031a248c 4c8b01 mov r8,qword ptr [rcx]

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT

BUGCHECK_STR: 0xD1

PROCESS_NAME: System

TRAP_FRAME: fffff8800636c5b0 -- (.trap 0xfffff8800636c5b0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffffa80055fd4a0 rbx=0000000000000000 rcx=0000000000000000
rdx=fffffa80055b2548 rsi=0000000000000000 rdi=0000000000000000
rip=fffff880031a248c rsp=fffff8800636c748 rbp=0000000000000000
r8=fffffa8005d107a0 r9=00000000000000a0 r10=fffff88003364d60
r11=fffffa80055fd8f0 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
IDSvia64+0x5648c:
fffff880`031a248c 4c8b01 mov r8,qword ptr [rcx] ds:00000000`00000000=????????????????
Resetting default scope

LAST_CONTROL_TRANSFER: from fffff800036c4429 to fffff800036c4e80

STACK_TEXT:
fffff880`0636c468 fffff800`036c4429 : 00000000`0000000a 00000000`00000000 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff880`0636c470 fffff800`036c30a0 : fffff880`0636c5b0 fffff880`0636c5b0 fffff8a0`10118e20 fffffa80`0ab90ac8 : nt!KiBugCheckDispatch+0x69
fffff880`0636c5b0 fffff880`031a248c : fffff880`031cf4b6 fffff880`031e36d8 00000000`000007ff 00000000`00000000 : nt!KiPageFault+0x260
fffff880`0636c748 fffff880`031cf4b6 : fffff880`031e36d8 00000000`000007ff 00000000`00000000 fffffa80`0555f750 : IDSvia64+0x5648c
fffff880`0636c750 fffff880`031e36d8 : 00000000`000007ff 00000000`00000000 fffffa80`0555f750 00000000`00000001 : IDSvia64+0x834b6
fffff880`0636c758 00000000`000007ff : 00000000`00000000 fffffa80`0555f750 00000000`00000001 fffff880`031cf359 : IDSvia64+0x976d8
fffff880`0636c760 00000000`00000000 : fffffa80`0555f750 00000000`00000001 fffff880`031cf359 fffffa80`00000000 : 0x7ff


STACK_COMMAND: kb

FOLLOWUP_IP:
IDSvia64+5648c
fffff880`031a248c 4c8b01 mov r8,qword ptr [rcx]

SYMBOL_STACK_INDEX: 3

SYMBOL_NAME: IDSvia64+5648c

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: IDSvia64

IMAGE_NAME: IDSvia64.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 54935c2d

FAILURE_BUCKET_ID: X64_0xD1_IDSvia64+5648c

BUCKET_ID: X64_0xD1_IDSvia64+5648c

Followup: MachineOwner

 

 

 

 

 

 

Second One (18/01/2015)

 

collapse.gifPrimary Analysis

Crash Dump Analysis provided by OSR Open Systems Resources, Inc. (http://www.osr.com)
Online Crash Dump Analysis Service
See http://www.osronline.com for more information
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.18700.amd64fre.win7sp1_gdr.141211-1742
Machine Name:
Kernel base = 0xfffff800`0364a000 PsLoadedModuleList = 0xfffff800`0388d890
Debug session time: Sun Jan 18 17:04:52.363 2015 (UTC - 5:00)
System Uptime: 0 days 0:07:04.877
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 0000000000000000, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
Arg4: fffff8800305648c, address which referenced memory

Debugging Details:
------------------

TRIAGER: Could not open triage file : e:\dump_analysis\program\triage\modclass.ini, error 2

READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800038f7100
GetUlongFromAddress: unable to read from fffff800038f71c0
0000000000000000 Nonpaged pool

CURRENT_IRQL: 2

FAULTING_IP:
IDSvia64+5648c
fffff880`0305648c 4c8b01 mov r8,qword ptr [rcx]

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT

BUGCHECK_STR: 0xD1

PROCESS_NAME: System

TRAP_FRAME: fffff880035b65b0 -- (.trap 0xfffff880035b65b0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffffa80065dc5f0 rbx=0000000000000000 rcx=0000000000000000
rdx=fffffa800659c018 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8800305648c rsp=fffff880035b6748 rbp=0000000000000000
r8=fffffa8005adacf0 r9=00000000000000a0 r10=fffff88003364d60
r11=fffffa80065dca40 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
IDSvia64+0x5648c:
fffff880`0305648c 4c8b01 mov r8,qword ptr [rcx] ds:00000000`00000000=????????????????
Resetting default scope

LAST_CONTROL_TRANSFER: from fffff800036c0429 to fffff800036c0e80

STACK_TEXT:
fffff880`035b6468 fffff800`036c0429 : 00000000`0000000a 00000000`00000000 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff880`035b6470 fffff800`036bf0a0 : fffff880`035b65b0 fffff880`035b65b0 fffff8a0`1480e9e0 fffffa80`09fbd758 : nt!KiBugCheckDispatch+0x69
fffff880`035b65b0 fffff880`0305648c : fffff880`030834b6 fffff880`030976d8 00000000`000007ff 00000000`00000000 : nt!KiPageFault+0x260
fffff880`035b6748 fffff880`030834b6 : fffff880`030976d8 00000000`000007ff 00000000`00000000 fffffa80`060f8de0 : IDSvia64+0x5648c
fffff880`035b6750 fffff880`030976d8 : 00000000`000007ff 00000000`00000000 fffffa80`060f8de0 00000000`00000001 : IDSvia64+0x834b6
fffff880`035b6758 00000000`000007ff : 00000000`00000000 fffffa80`060f8de0 00000000`00000001 fffff880`03083359 : IDSvia64+0x976d8
fffff880`035b6760 00000000`00000000 : fffffa80`060f8de0 00000000`00000001 fffff880`03083359 fffffa80`00000000 : 0x7ff


STACK_COMMAND: kb

FOLLOWUP_IP:
IDSvia64+5648c
fffff880`0305648c 4c8b01 mov r8,qword ptr [rcx]

SYMBOL_STACK_INDEX: 3

SYMBOL_NAME: IDSvia64+5648c

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: IDSvia64

IMAGE_NAME: IDSvia64.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 54935c2d

FAILURE_BUCKET_ID: X64_0xD1_IDSvia64+5648c

BUCKET_ID: X64_0xD1_IDSvia64+5648c

Followup: MachineOwner

 

 

 

I hope this makes some sense to you, as it seems like a foreign language to me.

 

Thanks for your time

 

Emma



#6 sflatechguy

sflatechguy

  • BC Advisor
  • 2,266 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:46 AM

Posted 18 January 2015 - 05:29 PM

The computer is blue screening on IDSvia64.sys, which part of your Norton antivirus. It may be that Norton is interferring with the updates.

Check to see if there is a newer version of Norton you can update to. If not, uninstall Norton, install the Windows updates, then reinstall Norton, or switch to a different antivirus software.

#7 LadyDomino

LadyDomino
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 18 January 2015 - 06:26 PM

Thank you, Thank You, Thank You

 

You've confirmed what I have suspected..........that Norton is **********!!!! (in my opinion)

 

I've had nothing but problems since I installed Norton.......but had persevered with because I didn't want to admit I had wasted my money.

 

Norton will be in the bin tomorrow.

 

Thank you again



#8 sflatechguy

sflatechguy

  • BC Advisor
  • 2,266 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:46 AM

Posted 18 January 2015 - 07:30 PM

If you are looking for a suitable replacement, I would recommend Malwarebytes or Avast. Do some research; others may chime in here with suggestions as well.

#9 hamluis

hamluis

    Moderator


  • Moderator
  • 56,562 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:04:46 AM

Posted 19 January 2015 - 10:34 AM

Malwarebytes is NOT an AV program.

 

BC has a forum for AV/AM Software, http://www.bleepingcomputer.com/forums/f/25/anti-virus-and-anti-malware-software/ , if you want suggestions.

 

Louis






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users