Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Occasional BSOD in Vista


  • Please log in to reply
33 replies to this topic

#1 jl3008

jl3008

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:27 PM

Posted 28 February 2017 - 10:04 AM

Hello,

 

The story so far....

 

Like many Vista users, I'm now unable to install Windows updates. I've been trying to follow the instructions on the MS Community forum here. Unfortunately, each update I try to install manually fails with the message "the update does not apply to your system". I created a new topic about this problem on the forum (here), and it's been suggested that I should investigate a sporadic BSOD I've been getting. I mention all this because I suspect the perfmon report will show Windows Update is disabled. This is intentional, as it's one of the steps involved in trying to manually install the WIndows updates.

 

The BSOD only ever happens on start up (just after logging in). I'll get the BSOD every few weeks. I do a hard reboot, and everything is fine thereafter. I don't recall getting a BSOD at any other time, only ever at the point when I've just logged in. The symbolic name is usually (but not always) BAD_POOL_HEADER, and the stop code usually (but not always) 0x19.

 

I've run a memory diagnostic, and it returned a clean bill of health. I've set my virus checker (Norton) to run an aggressive boot time scan, but it finds nothing wrong, nor does a full scan with WIndows launched in safe mode. According to Device Manager, all drivers are up to date.

 

Any help gratefully received.

 

Many thanks.

 

· OS - Windows 8.1, 8, 7, Vista ?
      Vista
· x86 (32-bit) or x64 ?
      x86
· What was original installed OS on system?
      Vista
· Is the OS an OEM version (came pre-installed on system) or full retail version (YOU purchased it from retailer)?
      OEM
· Age of system (hardware)
      10 years
· Age of OS installation - have you re-installed the OS?
      10 years (OEM)
· CPU
       AMD Athlon T64 X2 5000+
· Video Card
       NVidia GeForce GT610 (installed about 3 years ago)
· MotherBoard - (if NOT a laptop)
       ASUS M2V-MX
· Power Supply - brand & wattage (skip if laptop)
       Corsair CS650M (installed about 3 years ago)
· System Manufacturer
       Mesh
· Exact model number (if laptop, check label on bottom)
       Matrix A5000+
· Laptop or Desktop?
       Desktop

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 bwv848

bwv848

    Bleepin' Owl


  • BSOD Kernel Dump Expert
  • 3,011 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:92.96 million miles away from the sun
  • Local time:02:27 PM

Posted 01 March 2017 - 11:19 PM

Greetings,

The very first thing you need to do is free up disk space. Drive C: only has 8% free space, but Windows prefer to have at least 15% free space for behind-the-scenes operations.

I'd like you to perform a CHKDSK:

:step1: Check Disk

WARNING: It is recommended that you backup ALL your files. If CHKDSK finds and repairs a corrupted sector, you may lose your data.
 
• Open Start, and in the Search programs and files box, type cmd.
• Right-click on cmd, select Run as administrator, and accept any User Account Control prompts.
• In the Elevated Command Prompt type:

chkdsk /R
• You should see this message:
The type of the file system is NTFS.
Cannot lock current drive.

Chkdsk cannot run because the volume is in use by another
process.  Would you like to schedule this volume to be
checked the next time the system restarts? (Y/N)
• Type Y and hit Enter on your keyboard.
• Restart your computer and CHKDSK will run.
 
Once CHKDSK is compete, we need the log, please follow this guide so you can copy/paste the CHKDSK log in your next reply:

https://www.sevenforums.com/tutorials/96938-check-disk-chkdsk-read-event-viewer-log.html

If I do not reply in three days, please message me.
 
BC BSOD Posting Instructions | Carrona BSOD Index | Driver Reference Table (DRT)


#3 jl3008

jl3008
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:27 PM

Posted 02 March 2017 - 03:40 PM

Hello again,

 

I've cleared a bit of space, so we're up to around 18% free now.

 

A couple of things I forgot to mention. Firstly, I ran chkdsk a few weeks ago, and it found and repaired errors in the volume bitmap. I ran it again the following day to make sure everything was OK, and it returned a clean bill of health. I've had the BSOD since then, so this obviously didn't solve the problem.

 

Secondly, I can't run SFC. It returns the error "Windows Resource Protection could not perform the requested operation", even when I boot up in safe mode.

 

Not sure if these are relevant.

 

Anyway, the attached report is from today's run of chkdsk.

 

Thanks

 

 

Log Name:      Application
Source:        Microsoft-Windows-Wininit
Date:          02/03/2017 19:26:16
Event ID:      1001
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      John-PC
Description:


Checking file system on C:
The type of the file system is NTFS.
Volume label is OS_Install.

A disk check has been scheduled.
Windows will now check the disk.                        
  493376 file records processed.                                 

  2086 large file records processed.                           

  0 bad file records processed.                             

  0 EA records processed.                                   

  47 reparse records processed.                              

  610670 index entries processed.                                

  0 unindexed files processed.                              

  493376 security descriptors processed.                         

Cleaning up 170 unused index entries from index $SII of file 0x9.
Cleaning up 170 unused index entries from index $SDH of file 0x9.
Cleaning up 170 unused security descriptors.
  58648 data files processed.                                   

CHKDSK is verifying Usn Journal...
  34511408 USN bytes processed.                                    

Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
  493360 files processed.                                        

File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
  13957139 free clusters processed.                                

Free space verification is complete.
Windows has checked the file system and found no problems.

 309901882 KB total disk space.
 253269948 KB in 412355 files.
    191532 KB in 58649 indexes.
         0 KB in bad sectors.
    611846 KB in use by the system.
     65536 KB occupied by the log file.
  55828556 KB available on disk.

      4096 bytes in each allocation unit.
  77475470 total allocation units on disk.
  13957139 allocation units available on disk.

Internal Info:
40 87 07 00 e8 2f 07 00 35 30 0c 00 00 00 00 00  @..../..50......
2c 11 00 00 2f 00 00 00 00 00 00 00 00 00 00 00  ,.../...........
42 00 00 00 a2 74 63 77 b0 89 1e 00 b0 81 1e 00  B....tcw........

Windows has finished checking your disk.
Please wait while your computer restarts.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
    <EventID Qualifiers="16384">1001</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2017-03-02T19:26:16.000Z" />
    <EventRecordID>229972</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>John-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data>

Checking file system on C:
The type of the file system is NTFS.
Volume label is OS_Install.

A disk check has been scheduled.
Windows will now check the disk.                        
  493376 file records processed.                                 

  2086 large file records processed.                           

  0 bad file records processed.                             

  0 EA records processed.                                   

  47 reparse records processed.                              

  610670 index entries processed.                                

  0 unindexed files processed.                              

  493376 security descriptors processed.                         

Cleaning up 170 unused index entries from index $SII of file 0x9.
Cleaning up 170 unused index entries from index $SDH of file 0x9.
Cleaning up 170 unused security descriptors.
  58648 data files processed.                                   

CHKDSK is verifying Usn Journal...
  34511408 USN bytes processed.                                    

Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
  493360 files processed.                                        

File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
  13957139 free clusters processed.                                

Free space verification is complete.
Windows has checked the file system and found no problems.

 309901882 KB total disk space.
 253269948 KB in 412355 files.
    191532 KB in 58649 indexes.
         0 KB in bad sectors.
    611846 KB in use by the system.
     65536 KB occupied by the log file.
  55828556 KB available on disk.

      4096 bytes in each allocation unit.
  77475470 total allocation units on disk.
  13957139 allocation units available on disk.

Internal Info:
40 87 07 00 e8 2f 07 00 35 30 0c 00 00 00 00 00  @..../..50......
2c 11 00 00 2f 00 00 00 00 00 00 00 00 00 00 00  ,.../...........
42 00 00 00 a2 74 63 77 b0 89 1e 00 b0 81 1e 00  B....tcw........

Windows has finished checking your disk.
Please wait while your computer restarts.
</Data>
  </EventData>
</Event>

 

 

 


#4 bwv848

bwv848

    Bleepin' Owl


  • BSOD Kernel Dump Expert
  • 3,011 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:92.96 million miles away from the sun
  • Local time:02:27 PM

Posted 02 March 2017 - 04:00 PM

This is interesting... therefore I'd like to inspect MEMORY.DMP:

 

:step1: Upload MEMORY.DMP

• Press and hold the Windows Key + R on your keyboard at the same time.
• In the Run box, type in %WinDir% and hit Enter on your keyboard.
• Find the file MEMORY.DMP and copy/paste it on to your Desktop.
• Zip up MEMORY.DMP (use .ZIP please!!!) and upload it to a trustworthy file-sharing service.

 

Thanks!


If I do not reply in three days, please message me.
 
BC BSOD Posting Instructions | Carrona BSOD Index | Driver Reference Table (DRT)


#5 jl3008

jl3008
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:27 PM

Posted 05 March 2017 - 09:15 AM

Hello again,

 

The zipped up dump file.

 

Thanks



#6 bwv848

bwv848

    Bleepin' Owl


  • BSOD Kernel Dump Expert
  • 3,011 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:92.96 million miles away from the sun
  • Local time:02:27 PM

Posted 05 March 2017 - 04:42 PM

STOP 0x00000019: BAD_POOL_HEADER bugcheck:
0: kd> .bugcheck
Bugcheck code 00000019
Arguments 00000020 abc4b558 abc4b5c0 0a0d020f
Stack trace:
0: kd> kv
ChildEBP RetAddr  Args to Child              
8c14fa3c 82738184 00000019 00000020 abc4b558 nt!KeBugCheckEx+0x1e
8c14fab0 827399c0 abc4b560 00000000 8c14facc nt!ExFreePoolWithTag+0x17f
8c14fac0 807aeab8 abc4b560 8c14fae4 807aebb9 nt!ExFreePool+0xf
8c14facc 807aebb9 8513e588 abc4b560 8513e578 fltmgr!ExFreeToNPagedLookasideList+0x1e (FPO: [Non-Fpo])
8c14fae4 807af217 abc4b560 893e2190 abc4b560 fltmgr!DoFreeContextMemory+0x59 (FPO: [Non-Fpo])
8c14fafc 807af3de abc4b560 abc4b560 8c14fb20 fltmgr!DoFreeContext+0x5d (FPO: [Non-Fpo])
8c14fb0c 807bf69d abc4b560 893e2168 abc4b274 fltmgr!DoReleaseContext+0x42 (FPO: [Non-Fpo])
8c14fb20 807cc199 893e2194 893cd434 ffffffff fltmgr!FltpDeleteContextList+0x125 (FPO: [Non-Fpo])
8c14fb40 807cc3ba 893e2168 abc4b240 00000000 fltmgr!CleanupStreamListCtrl+0x1b (FPO: [Non-Fpo])
8c14fb54 82891c34 893e216c 21678942 00000000 fltmgr!DeleteStreamListCtrlCallback+0x5a (FPO: [Non-Fpo])
8c14fb94 8b4a52b1 abc4b240 abc4b150 abc4b240 nt!FsRtlTeardownPerStreamContexts+0x135
8c14fbb0 8b49eb75 00000705 abc4b178 abc4b150 Ntfs!NtfsDeleteScb+0x1f4 (FPO: [Non-Fpo])
8c14fbc8 8b4180ed 88166e40 abc4b240 00000000 Ntfs!NtfsRemoveScb+0xc0 (FPO: [Non-Fpo])
8c14fbe4 8b49e95e 88166e40 abc4b150 00000000 Ntfs!NtfsPrepareFcbForRemoval+0x59 (FPO: [Non-Fpo])
8c14fc28 8b4171c7 88166e40 abc4b240 abc4b3e0 Ntfs!NtfsTeardownStructures+0x62 (FPO: [Non-Fpo])
8c14fc50 8b490e24 88166e40 abc4b240 abc4b3e0 Ntfs!NtfsDecrementCloseCounts+0xad (FPO: [Non-Fpo])
8c14fcb0 8b4a4a5b 88166e40 abc4b240 abc4b150 Ntfs!NtfsCommonClose+0x4da (FPO: [Non-Fpo])
8c14fd44 826f0d2a 00000000 00000000 84d43ad0 Ntfs!NtfsFspClose+0x117 (FPO: [Non-Fpo])
8c14fd7c 82821152 00000000 21678f16 00000000 nt!ExpWorkerThread+0xfd
8c14fdc0 82689eee 826f0c2d 00000000 00000000 nt!PspSystemThreadStartup+0x9d
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
1: kd> .trap a9492d64
ErrCode = 00000000
eax=01093000 ebx=00008005 ecx=01092fe8 edx=00001000 esi=00000000 edi=00173f50
eip=77915dd4 esp=013defdc ebp=013df040 iopl=0         nv up ei pl nz na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000202
001b:77915dd4 ??              ???
A few third-party drivers turning up in the raw stack:
0: kd> dps 8c14d000 8c150000 
8c14f0c8  987d0d2d*** ERROR: Module load completed but symbols could not be loaded for dump_nvstor32.sys
 dump_nvstor32+0x2d2d
8c14eaa8  97f8e963*** ERROR: Module load completed but symbols could not be loaded for BHDrvx86.sys
 BHDrvx86+0xf2963
One's a NVIDIA driver:
0: kd> lmvm nvstor32
start    end        module name
8078f000 807ac000   nvstor32   (deferred)             
    Image path: \SystemRoot\system32\DRIVERS\nvstor32.sys
    Image name: nvstor32.sys
    Timestamp:        Thu Aug 09 14:11:36 2007 (46BB58D8)
    CheckSum:         00026A43
    ImageSize:        0001D000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
The other's a Norton driver:
0: kd> lmvm  BHDrvx86
start    end        module name
97e9c000 97fe3000   BHDrvx86   (deferred)             
    Image path: \??\C:\Program Files\Norton Security with Backup\NortonData\22.8.1.14\Definitions\BASHDefs\20170216.005\BHDrvx86.sys
    Image name: BHDrvx86.sys
    Timestamp:        Fri Feb 10 04:33:18 2017 (589D88DE)
    CheckSum:         00152F6B
    ImageSize:        00147000
    File version:     11.1.0.203
    Product version:  11.1.0.203
    File flags:       8 (Mask 3F) Private
    File OS:          40004 NT Win32
    File type:        3.7 Driver
    File date:        00000000.00000000
    Translations:     0409.04b0
    CompanyName:      Symantec Corporation
    ProductName:      BASH
    InternalName:     BashDriver
    OriginalFilename: BHDrvx86.sys
    ProductVersion:   11.1.0.203
    FileVersion:      11.1.0.203
    FileDescription:  BASH Driver
    LegalCopyright:   Copyright (C) 2004 - 2017 Symantec Corporation. All rights reserved.
Uninstall Norton, run their cleaning tool and replace it with Microsoft Security Essentials. Then, reinstall your NVIDIA driver... I believe it's a "storage" driver...

Edited by bwv848, 05 March 2017 - 04:47 PM.

If I do not reply in three days, please message me.
 
BC BSOD Posting Instructions | Carrona BSOD Index | Driver Reference Table (DRT)


#7 jl3008

jl3008
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:27 PM

Posted 07 March 2017 - 02:10 PM

Hello again,

 

OK. I've deinstalled Norton and installed Security Essentials in its place, and I've resinstalled the nVidia driver. Can we be sure they were the cause of the BSOD, or is it now a matter of waiting and seeing?

 

Thanks



#8 bwv848

bwv848

    Bleepin' Owl


  • BSOD Kernel Dump Expert
  • 3,011 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:92.96 million miles away from the sun
  • Local time:02:27 PM

Posted 07 March 2017 - 02:56 PM

Unfortunately, there really is no way to tell except for waiting it out. BSODs can be extremely unpredictable and strange. If after two weeks you are BSOD-free, then you could install Norton again and monitor for further BSODs (eventually Microsoft Security Essentials for Vista will no longer be supported).


If I do not reply in three days, please message me.
 
BC BSOD Posting Instructions | Carrona BSOD Index | Driver Reference Table (DRT)


#9 jl3008

jl3008
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:27 PM

Posted 08 March 2017 - 12:18 PM

Hello again,

 

Well, we didn't have to wait long! I've had a BSOD today as it was booting up after a restart. BAD_POOL_HEADER and 0x19, as previously.

 

I've zipped up the dump file and uploaded it here.

 

I'm sure this part isn't relevant, but it hasn't cured the initial problem (not being able to install Windows updates) either.

 

Many thanks



#10 bwv848

bwv848

    Bleepin' Owl


  • BSOD Kernel Dump Expert
  • 3,011 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:92.96 million miles away from the sun
  • Local time:02:27 PM

Posted 08 March 2017 - 04:09 PM

The Windows Update problem, a well-known issue with Vista and Windows7, is not related to your BSODs.

9fa33978  8fa5ec08*** ERROR: Symbol file could not be found.  Defaulted to export symbols for nvlddmkm.sys -
 nvlddmkm!nvDumpConfig+0x355a8
803840c8  91e56d2d*** ERROR: Module load completed but symbols could not be loaded for dump_nvstor32.sys
 dump_nvstor32+0x2d2d
1: kd> lmvm nvlddmkm; lmvm nvstor32
start    end        module name
8f405000 8fe84000   nvlddmkm   (export symbols)       nvlddmkm.sys
    Loaded symbol image file: nvlddmkm.sys
    Image path: \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    Image name: nvlddmkm.sys
    Timestamp:        Mon May 09 19:25:43 2016 (57311C77)
    CheckSum:         00A48E0B
    ImageSize:        00A7F000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
start    end        module name
80785000 807a2000   nvstor32   (deferred)             
    Image path: \SystemRoot\system32\DRIVERS\nvstor32.sys
    Image name: nvstor32.sys
    Timestamp:        Thu Aug 09 14:11:36 2007 (46BB58D8)
    CheckSum:         00026A43
    ImageSize:        0001D000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
Your NVIDIA drivers are still being mentioned in the "raw stack". Did you really update them? Because of the age of your PC, I am concerned about the integrity of the hardware. Please run these basic hardware diagnostics.

Let me know whether if you have any questions.

If I do not reply in three days, please message me.
 
BC BSOD Posting Instructions | Carrona BSOD Index | Driver Reference Table (DRT)


#11 jl3008

jl3008
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:27 PM

Posted 10 March 2017 - 12:05 PM

Hello again,

 

I couldn't find a more recent version of nvstor32, so deinstalled and reinstalled the same version in the hope it might have some effect. Unfortunately, it didn't!

 

I'd like to pursue the driver angle a bit more if we can rather than the hardware. Given the age of the PC and the fact the BSOD only happens sporadically on start up, it's always been my suspicion that it's a hardware fault, and if that's the case, then I'd be happy to leave things as they are. It really isn't too much of a problem and I don't want to take up more of your time than necessary. However, I started this thread because of a problem I'm having with Windows Updates, one which goes beyond the problem that all Vista and Win7 users are experiencing. There is a (partial) workaround for the updates problem which involves using the standalone installer to install some significant updates. My problem is that even using this workaround, none of them will install - I get the error "the update does not apply to your system", even on seemingly innocuous ones like security updates to IE9. In pursuing this over on the MS Community, I mentioned the periodic BSODs, and it was suggested I should try to find the cause of them, as it might hold clues as to why the updates won't install. If it's a hardware fault causing the BSODs, then I can't see why that would cause the updates to fail (does that sound like a reasonable assumption?), which is why I suspect it's better to pursue the software.

 

So, that was just a long winded way of asking what can I do about nvstor32!

 

Many thanks.



#12 jl3008

jl3008
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:27 PM

Posted 06 April 2017 - 05:47 AM

Hello again,

 

I finally managed to find and install a newer version of nvstor32.sys. Unfortunately, it hasn't fixed the problem and I had another BSOD this morning. Does this mean we've exhausted all possibilities with regards software?

 

Thanks



#13 bwv848

bwv848

    Bleepin' Owl


  • BSOD Kernel Dump Expert
  • 3,011 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:92.96 million miles away from the sun
  • Local time:02:27 PM

Posted 06 April 2017 - 08:49 AM

Can you run the Sysnative File Collection App again?


If I do not reply in three days, please message me.
 
BC BSOD Posting Instructions | Carrona BSOD Index | Driver Reference Table (DRT)


#14 jl3008

jl3008
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:27 PM

Posted 14 April 2017 - 07:34 AM

Hello again,

 

I can't attach the sysnative output because I appear to have only 2.53 MB of available space left for attachments (is there anything I can do about this?). So, I've put it up on a file sharing service instead. The link is here.

 

I had a BSOD when I logged in this morning before running sysnative app. This BSOD was of a type that I don't get as often as the BAD_POOL_HEADER ones, but is one that I have experienced before. There's no error text with this one and, unlike with the pool header ones, the computer reboots itself as soon as the dump is completed. I don't know if this makes any difference.

 

Thanks



#15 bwv848

bwv848

    Bleepin' Owl


  • BSOD Kernel Dump Expert
  • 3,011 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:92.96 million miles away from the sun
  • Local time:02:27 PM

Posted 14 April 2017 - 04:18 PM

Latest dump file indicated a 0x24 bugcheck... I am leaning towards a faulty hard drive. Anyway.... will you please run MemTest86 for a minimum of eight passes? Here's a good guide if you need help. Also, please run Seagate SeaTools for Windows. Be sure to test all your drives with the S.M.A.R.T. and Long Generic tests.


If I do not reply in three days, please message me.
 
BC BSOD Posting Instructions | Carrona BSOD Index | Driver Reference Table (DRT)





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users