Solved

Vista 64 SP2, Bugcode_usb_driver

Posted on 2009-07-14
11
906 Views
Last Modified: 2012-05-07
I have been having a problem with Vista 64bit SP2 BSOD with heavy use on the USB bus.  If I plug my USB video driver or iPhone in...most of the time the computer will BSOD within 30 minutes.  Other times it will run for days.  This is a fresh install of Vista and I have applied all the patches.

I have attached the latest Minidump file....suggestions are welcomed.  

Thanks in advance.
0
Comment
Question by:jchauncey60
  • 6
  • 5
11 Comments
 
LVL 12

Assisted Solution

by:John Griffith
John Griffith earned 500 total points
ID: 24857012
Hi -
The varying frequency of the BSODs is interesting and tells me that another force may be at work.  If you would not mind, please run the batch script found in the following post -- it will gather the BSOD mini kernel dumps along with system information that I find helpful during dbugging.  Attach the resulting zip file(s) to your next post.  I'll run the dumps and go thru the files and see what clues I can find.
 
Regards. . .
jcgriff2
0
 
LVL 12

Expert Comment

by:John Griffith
ID: 24857018
Apologies - NO WAY TO EDIT POST  -- Here is link again - http://www.techsupportforum.com/1871981-post2.html
0
 

Author Comment

by:jchauncey60
ID: 24858029
Thanks for your help.  I do not have access to the website in step #2, so I did what I could.  I ran Autoruns, gathered the perfmn data, and all the Minidump files.  I am not ruling out a hardware issue--this laptop has had the motherboard replaced 3x already.  The reason I think it is something to do with the USB bus and SP2...is prior to installing SP2, I did not have this problem and if I leave my heavy USB use items unplugged, it runs for days until I plug one in.

I am fairly knowledgable (a management type MCSE, CCNA, MCDBA, etc...), but this is beyond my pay grade.  Thanks again.
0
 
LVL 12

Expert Comment

by:John Griffith
ID: 24867948
Hi - Apologies about the access problem.  Would you mind running a few line commands, please?   It will allow me the minimum of reports that I like to start with.
If so, please create a sub-directory in your Documents folder named  Vistax64_Support - bring up an elevated admin cmd/DOS prompt and paste the 5 lines in 1 at a time.  Thanks... jcgriff2
 


 

driverquery /v > "%userprofile%\documents\Vistax64_Support\drivers1.txt"
 

wevtutil qe Application /c:70000 /rd:true /f:text > "%userprofile%\documents\Vistax64_Support\evtx_app.txt"
 

wevtutil qe System /c:70000 /rd:true /f:text > "%userprofile%\documents\Vistax64_Support\evtx_sys.txt"
 

dxdiag /whql:off /64bit /x %userprofile%\documents\Vistax64_Support\dxdiag.txt
 

msinfo32 /nfo "%userprofile%\documents\Vistax64_Support\msinfo32.nfo"

__________________________________________

- dxdiag needs ~ 15-25 secs to run, eventhough cmd/DOS prompt return immediately; if your user name contains spaces, dxdiag will not write output properly

- the 2nd EVTX command will take ~30-60 secs
 

Add the dumps and other file you gathered to the output folder, please.  Then zip up the directory and attach to post.  You may run into problems with zipped dumps; not sure about policies here

Open in new window

0
 

Author Comment

by:jchauncey60
ID: 24868342
No worries on the access issue...I am just thankful you are willing to give me a hand.  

I have added the files.  EE has fairly strict extenson names on what can be upload, so I had to add ".txt" to the end of many of them, so you might need to rename them before analysis.

Bytemobile driver is also a possibility of where the problem is coming from.  That driver is a WAN acceleration tool that is installed by AT&T for use within their cellular card.

Again, thanks so much.
crash.zip
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 12

Expert Comment

by:John Griffith
ID: 24875585
Hi -
I am going thru the files -(THANK YOU for the time to gather those).  Is there any chance that BARTPE was/ is installed on your system?  There are quite a few drivers that I have not seen before or its been a year (+ 10,000s dump files).  Have you had or thought you have had any viruses or malware?  I am not saying there is any, just asking.
Also - please execute AutoRuns (admin level), go to Sidebar -- what is in the settings.ini file?  I have never seen that file in that location  before (that I recall).
Go into services.msc - look at the 4 Roxio services -- are you familiar with them (i.e., are they legit) ?
Go to Sym...  - I can paste several screens with the problems that that firewall causes (not that particular one, any 3rd party firewall).  The only time I don't mention it is if the user has properly 100% configured it.  I do see 0xc0000005 exceptions in WERCON, which tells me there is a firewall blocking some Vista system services causing problems.  0xc0000005 = memory access violation - the system (NT AUTHORITY\USER, net, local) is being blocked while operating causing apphangs-->appcrashes and can lead to BSODs.
Back later. . .
jcgriff2
 
0
 

Author Comment

by:jchauncey60
ID: 24877576
Thanks agian...

BARTPE is not something I have installed...if it is there, it was installed one of the packages I installed.
I have considered virus/malware and anything is possible. I have the latest verions of Norton 360 with the latest edition of the definations (updated yesterday).  I do a few applications that are older in use.

I see 4 lines in the Sidebar->Settings.Ini (BTW, I have the Sidebar disabled)
1. Clock
2. Feed Headlines
3. Norton Gadget
4. Slide Show

Roxio, looks to be legit...like many software products they have bloated the software until it has become a pig.

Interesting with the FW. I use the Norton FW from the 360 package.  I did a heavy update of my iPhone yesterday (after doing the Norton 360 upgrade to 3.0) without a problem. Perhaps I need to try my USB video and iPhone a little more today and see if update helped the problem.
0
 
LVL 12

Accepted Solution

by:
John Griffith earned 500 total points
ID: 24883470
Hi -
The 3rd party firewalls can wreak havoc in Vista and Windows 7.   You can see some for yourself -- go to the link, scroll down to the bottom & you'll see a code box.  Those are the few events that WERCON lets us see.  There are usually many more that go directly to MS that we don't get to see.  
http://www.techsupportforum.com/2110308-post3.html
Look for the RED "TYPE 5" & "0xc0000005" (scroll to the right to see these).  The lines in BLUE are the BSODs.  My apologies for posting in such an unconventional manner, but the code box you will see is the way that I present my "case".  I myself need to see something to be able to better understand it.  The code box will be removed over the weekend.
This MS KB came out years ago for those with Server 2003 that were experiencing BSODs.  Your system has this same driver - the Symantec/ Norton driver symsnap.sys - timestamp =  Wed Dec 12 11:38:11 2007 (476038A3)
http://support.microsoft.com/default.aspx?scid=kb;en-us;959212&sd=rss&spid=3198
Personally, I would remove N360 - at least until the BSODs are gone.
I am going through the last of the dumps now.  What USB graphics device do you have?
Do you use BlueTooth?  If not, go into Device Manager and disable all of them.  Then run SysInternals AutoRuns at an admin level, go through and un-check the boxes next to BlueTooth under the Drivers tab.
I placed the bugcheck summary in the codebox below.  I will have additional details later tonight.  The 3rd party drivers mentioned = fingerprint scanner,
Regards. . .
jcgriff2
 


 

BugCheck FE, {8, 6, 1, fffffa8006ffd000}

Probably caused by : usbhub.sys ( usbhub!UsbhHubProcessChangeWorker+eb )

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

BugCheck 9F, {3, fffffa80082e8060, fffffa800830ca30, fffffa8009fb0010}

Probably caused by : ATSwpDrv.sys

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

BugCheck 9F, {3, fffffa80063d3060, fffffa80063cfa30, fffffa80059c9690}

Probably caused by : ATSwpDrv.sys

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

BugCheck 9F, {3, fffffa80078c5060, fffffa8008379060, fffffa8004ef1230}

Probably caused by : ATSwpDrv.sys

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

BugCheck 19, {21, fffffa8009eac000, 1b40, 4b000000640}

Probably caused by : mctdviextv5064.dll ( mctdviextv5064+340e )

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

BugCheck 9F, {3, fffffa80077ea060, fffffa80078f6a30, fffffa800474ebd0}

Probably caused by : ATSwpDrv.sys

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

BugCheck FE, {8, 6, 1, fffffa800740d000}

Probably caused by : usbhub.sys ( usbhub!UsbhHubProcessChangeWorker+eb )

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Open in new window

0
 

Author Comment

by:jchauncey60
ID: 24884554
Thanks so much for your assistance, I've just got home and need to digest the information tomorrow.  The USB Video is a Tritton SSE2.

Thanks again...I am thankful you like a challenge!
0
 

Author Comment

by:jchauncey60
ID: 24943043
After working with Microsoft, it appears we have found the problem.  The Authentec Fingerprint driver has a problem with SP2.  We renamed ATSwpDrv.sys and rebooted and so far the laptop has been rock solid.

Now I get to convience HP they have a problem!
0
 
LVL 12

Expert Comment

by:John Griffith
ID: 25002012
Hi -
Glad to hear the news.  The Authentec driver was named in the 0x9f BSODs as the probable cause - of all 3. Here is the driver in your system -
0: kd> lmvm ATSwpDrv
start             end                 module name
fffffa60`05d79000 fffffa60`05dac600   ATSwpDrv T (no symbols)          
    Loaded symbol image file: ATSwpDrv.sys
    Image path: \SystemRoot\system32\DRIVERS\ATSwpDrv.sys
    Image name: ATSwpDrv.sys
    Timestamp:        Tue Aug 28 12:46:42 2007 (46D47BA2)
Note the last line - 2007 driver date
On to the HP Support site for what I believe to be your system.. they have an updated ATSwpDrv.sys -
http://h10025.www1.hp.com/ewfrf/wc/softwareList?os=2100&lc=en&dlc=en&cc=us&product=3185028
   
I would suggest that you check the other drivers while there.
I came upon these manuals for your system, should you want any of them  - http://h10025.www1.hp.com/ewfrf/wc/manualCategory?lc=en&cc=us&dlc=en&product=3185028
Are you still running N360?  If so, have you checked WERCON lately?
I worked on another very interesting 0xc0000005 exception case involving IE downloading prpoblems -
http://www.techsupportforum.com/microsoft-support/windows-vista-windows-7-support/399390-download-stops-working-windows7-internet-download-manager-everywhere.html#post2264205
It has been a pleasure working with you.
JC
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Hi All Just a quick one for everybody. I was recently looking into setting the default User Account Picture for all my vista clients within the network but on closer inspection the group policy setting only allows you to set the default pictur…
I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now