jchauncey60
asked on
Vista 64 SP2, Bugcode_usb_driver
I have been having a problem with Vista 64bit SP2 BSOD with heavy use on the USB bus. If I plug my USB video driver or iPhone in...most of the time the computer will BSOD within 30 minutes. Other times it will run for days. This is a fresh install of Vista and I have applied all the patches.
I have attached the latest Minidump file....suggestions are welcomed.
Thanks in advance.
I have attached the latest Minidump file....suggestions are welcomed.
Thanks in advance.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Apologies - NO WAY TO EDIT POST -- Here is link again - http://www.techsupportforu m.com/1871 981-post2. html
ASKER
Thanks for your help. I do not have access to the website in step #2, so I did what I could. I ran Autoruns, gathered the perfmn data, and all the Minidump files. I am not ruling out a hardware issue--this laptop has had the motherboard replaced 3x already. The reason I think it is something to do with the USB bus and SP2...is prior to installing SP2, I did not have this problem and if I leave my heavy USB use items unplugged, it runs for days until I plug one in.
I am fairly knowledgable (a management type MCSE, CCNA, MCDBA, etc...), but this is beyond my pay grade. Thanks again.
I am fairly knowledgable (a management type MCSE, CCNA, MCDBA, etc...), but this is beyond my pay grade. Thanks again.
Hi - Apologies about the access problem. Would you mind running a few line commands, please? It will allow me the minimum of reports that I like to start with.
If so, please create a sub-directory in your Documents folder named Vistax64_Support - bring up an elevated admin cmd/DOS prompt and paste the 5 lines in 1 at a time. Thanks... jcgriff2
If so, please create a sub-directory in your Documents folder named Vistax64_Support - bring up an elevated admin cmd/DOS prompt and paste the 5 lines in 1 at a time. Thanks... jcgriff2
driverquery /v > "%userprofile%\documents\Vistax64_Support\drivers1.txt"
wevtutil qe Application /c:70000 /rd:true /f:text > "%userprofile%\documents\Vistax64_Support\evtx_app.txt"
wevtutil qe System /c:70000 /rd:true /f:text > "%userprofile%\documents\Vistax64_Support\evtx_sys.txt"
dxdiag /whql:off /64bit /x %userprofile%\documents\Vistax64_Support\dxdiag.txt
msinfo32 /nfo "%userprofile%\documents\Vistax64_Support\msinfo32.nfo"
__________________________________________
- dxdiag needs ~ 15-25 secs to run, eventhough cmd/DOS prompt return immediately; if your user name contains spaces, dxdiag will not write output properly
- the 2nd EVTX command will take ~30-60 secs
Add the dumps and other file you gathered to the output folder, please. Then zip up the directory and attach to post. You may run into problems with zipped dumps; not sure about policies here
ASKER
No worries on the access issue...I am just thankful you are willing to give me a hand.
I have added the files. EE has fairly strict extenson names on what can be upload, so I had to add ".txt" to the end of many of them, so you might need to rename them before analysis.
Bytemobile driver is also a possibility of where the problem is coming from. That driver is a WAN acceleration tool that is installed by AT&T for use within their cellular card.
Again, thanks so much.
crash.zip
I have added the files. EE has fairly strict extenson names on what can be upload, so I had to add ".txt" to the end of many of them, so you might need to rename them before analysis.
Bytemobile driver is also a possibility of where the problem is coming from. That driver is a WAN acceleration tool that is installed by AT&T for use within their cellular card.
Again, thanks so much.
crash.zip
Hi -
I am going thru the files -(THANK YOU for the time to gather those). Is there any chance that BARTPE was/ is installed on your system? There are quite a few drivers that I have not seen before or its been a year (+ 10,000s dump files). Have you had or thought you have had any viruses or malware? I am not saying there is any, just asking.
Also - please execute AutoRuns (admin level), go to Sidebar -- what is in the settings.ini file? I have never seen that file in that location before (that I recall).
Go into services.msc - look at the 4 Roxio services -- are you familiar with them (i.e., are they legit) ?
Go to Sym... - I can paste several screens with the problems that that firewall causes (not that particular one, any 3rd party firewall). The only time I don't mention it is if the user has properly 100% configured it. I do see 0xc0000005 exceptions in WERCON, which tells me there is a firewall blocking some Vista system services causing problems. 0xc0000005 = memory access violation - the system (NT AUTHORITY\USER, net, local) is being blocked while operating causing apphangs-->appcrashes and can lead to BSODs.
Back later. . .
jcgriff2
I am going thru the files -(THANK YOU for the time to gather those). Is there any chance that BARTPE was/ is installed on your system? There are quite a few drivers that I have not seen before or its been a year (+ 10,000s dump files). Have you had or thought you have had any viruses or malware? I am not saying there is any, just asking.
Also - please execute AutoRuns (admin level), go to Sidebar -- what is in the settings.ini file? I have never seen that file in that location before (that I recall).
Go into services.msc - look at the 4 Roxio services -- are you familiar with them (i.e., are they legit) ?
Go to Sym... - I can paste several screens with the problems that that firewall causes (not that particular one, any 3rd party firewall). The only time I don't mention it is if the user has properly 100% configured it. I do see 0xc0000005 exceptions in WERCON, which tells me there is a firewall blocking some Vista system services causing problems. 0xc0000005 = memory access violation - the system (NT AUTHORITY\USER, net, local) is being blocked while operating causing apphangs-->appcrashes and can lead to BSODs.
Back later. . .
jcgriff2
ASKER
Thanks agian...
BARTPE is not something I have installed...if it is there, it was installed one of the packages I installed.
I have considered virus/malware and anything is possible. I have the latest verions of Norton 360 with the latest edition of the definations (updated yesterday). I do a few applications that are older in use.
I see 4 lines in the Sidebar->Settings.Ini (BTW, I have the Sidebar disabled)
1. Clock
2. Feed Headlines
3. Norton Gadget
4. Slide Show
Roxio, looks to be legit...like many software products they have bloated the software until it has become a pig.
Interesting with the FW. I use the Norton FW from the 360 package. I did a heavy update of my iPhone yesterday (after doing the Norton 360 upgrade to 3.0) without a problem. Perhaps I need to try my USB video and iPhone a little more today and see if update helped the problem.
BARTPE is not something I have installed...if it is there, it was installed one of the packages I installed.
I have considered virus/malware and anything is possible. I have the latest verions of Norton 360 with the latest edition of the definations (updated yesterday). I do a few applications that are older in use.
I see 4 lines in the Sidebar->Settings.Ini (BTW, I have the Sidebar disabled)
1. Clock
2. Feed Headlines
3. Norton Gadget
4. Slide Show
Roxio, looks to be legit...like many software products they have bloated the software until it has become a pig.
Interesting with the FW. I use the Norton FW from the 360 package. I did a heavy update of my iPhone yesterday (after doing the Norton 360 upgrade to 3.0) without a problem. Perhaps I need to try my USB video and iPhone a little more today and see if update helped the problem.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks so much for your assistance, I've just got home and need to digest the information tomorrow. The USB Video is a Tritton SSE2.
Thanks again...I am thankful you like a challenge!
Thanks again...I am thankful you like a challenge!
ASKER
After working with Microsoft, it appears we have found the problem. The Authentec Fingerprint driver has a problem with SP2. We renamed ATSwpDrv.sys and rebooted and so far the laptop has been rock solid.
Now I get to convience HP they have a problem!
Now I get to convience HP they have a problem!
Hi -
Glad to hear the news. The Authentec driver was named in the 0x9f BSODs as the probable cause - of all 3. Here is the driver in your system -
0: kd> lmvm ATSwpDrv
start end module name
fffffa60`05d79000 fffffa60`05dac600 ATSwpDrv T (no symbols)
Loaded symbol image file: ATSwpDrv.sys
Image path: \SystemRoot\system32\DRIVE RS\ATSwpDr v.sys
Image name: ATSwpDrv.sys
Timestamp: Tue Aug 28 12:46:42 2007 (46D47BA2)
Note the last line - 2007 driver date
On to the HP Support site for what I believe to be your system.. they have an updated ATSwpDrv.sys -
http://h10025.www1.hp.com/ ewfrf/wc/s oftwareLis t?os=2100& lc=en&dlc= en&cc=us&p roduct=318 5028
I would suggest that you check the other drivers while there.
I came upon these manuals for your system, should you want any of them - http://h10025.www1.hp.com/ ewfrf/wc/m anualCateg ory?lc=en& cc=us&dlc= en&product =3185028
Are you still running N360? If so, have you checked WERCON lately?
I worked on another very interesting 0xc0000005 exception case involving IE downloading prpoblems -
http://www.techsupportforu m.com/micr osoft-supp ort/window s-vista-wi ndows-7-su pport/3993 90-downloa d-stops-wo rking-wind ows7-inter net-downlo ad-manager -everywher e.html#pos t2264205
It has been a pleasure working with you.
JC
Glad to hear the news. The Authentec driver was named in the 0x9f BSODs as the probable cause - of all 3. Here is the driver in your system -
0: kd> lmvm ATSwpDrv
start end module name
fffffa60`05d79000 fffffa60`05dac600 ATSwpDrv T (no symbols)
Loaded symbol image file: ATSwpDrv.sys
Image path: \SystemRoot\system32\DRIVE
Image name: ATSwpDrv.sys
Timestamp: Tue Aug 28 12:46:42 2007 (46D47BA2)
Note the last line - 2007 driver date
On to the HP Support site for what I believe to be your system.. they have an updated ATSwpDrv.sys -
http://h10025.www1.hp.com/
I would suggest that you check the other drivers while there.
I came upon these manuals for your system, should you want any of them - http://h10025.www1.hp.com/
Are you still running N360? If so, have you checked WERCON lately?
I worked on another very interesting 0xc0000005 exception case involving IE downloading prpoblems -
http://www.techsupportforu
It has been a pleasure working with you.
JC