Been getting BSOD's the past couple of weeks related to ex64.sys. This same thing was happening in the past when I had 360. Uninstalled and went to another product and life was good for over a year. Came back to Norton and now, after several troublefree months, things are starting over again. Below is a cut and past from WhoCrashed.
Any suggestions?
On Wed 1/22/2014 5:22:47 PM GMT your computer crashed crash dump file: C:\Windows\Minidump\012214-15272-01.dmp This was probably caused by the following module: ex64.sys (EX64+0xAB3E5) Bugcheck code: 0x1000007E (0xFFFFFFFFC0000005, 0xFFFFF88007CAB3E5, 0xFFFFF88008CAAE48, 0xFFFFF88008CAA6A0) Error: SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M file path: C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140122.003\EX64.SYS product: Symantec Antivirus Engine company: Symantec Corporation description: AV Engine Bug check description: This indicates that a system thread generated an exception which the error handler did not catch. This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: ex64.sys (AV Engine, Symantec Corporation). Google query: Symantec Corporation SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M
Been getting BSOD's the past couple of weeks related to ex64.sys. This same thing was happening in the past when I had 360. Uninstalled and went to another product and life was good for over a year. Came back to Norton and now, after several troublefree months, things are starting over again. Below is a cut and past from WhoCrashed.
Any suggestions?
On Wed 1/22/2014 5:22:47 PM GMT your computer crashed crash dump file: C:\Windows\Minidump\012214-15272-01.dmp This was probably caused by the following module: ex64.sys (EX64+0xAB3E5) Bugcheck code: 0x1000007E (0xFFFFFFFFC0000005, 0xFFFFF88007CAB3E5, 0xFFFFF88008CAAE48, 0xFFFFF88008CAA6A0) Error: SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M file path: C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140122.003\EX64.SYS product: Symantec Antivirus Engine company: Symantec Corporation description: AV Engine Bug check description: This indicates that a system thread generated an exception which the error handler did not catch. This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: ex64.sys (AV Engine, Symantec Corporation). Google query: Symantec Corporation SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M
I uninstalled NIS a couple days ago using NPE, rebooted a few times and then reinstalled with no change. Still randomly crashes.
I only have my logitech mouse and itunes load at startup. I've built my last few computers myself. The only anti virus programs I've had on the computer are 360, Security Essentials and now NIS (in that order). Had the same thing eventually happen with 360 and thats when I gave up and went to MSIE for a year with no issues. Been running Norton products for 20 years.
I do run registry cleaner occasionally and it has found no stray entries related to past installs of 360 or MSIE.
I uninstalled NIS a couple days ago using NPE, rebooted a few times and then reinstalled with no change. Still randomly crashes...I do run registry cleaner occasionally and it has found no stray entries related to past installs of 360 or MSIE.
Hi danohall:
If you mean that you ran the Norton Power Eraser (NPE) and not the Norton Removal Tool (NRT), please note that NPE is intended to be used as a rescue tool if your system has been infected with hidden malware like rootkits or bootkits that cannot be detected by a regular Norton antivirus scan when your system becomes unstable / unbootable. To quote from the NPE home page here, "Be aware that, because Norton Power Eraser is an aggressive scan that looks for deeply embedded threats, it may quarantine a legitimate program." There are several examples in the forum where a user damaged their Windows OS after running NPE (see one example here) and NPE will sometimes even flag legitimate Norton files as possible malware (see one example here).
Are you certain that all your recent crashes were caused by ex64.sys? If not, you can follow the instructions here to post a diagnostic log your recent BSOD minidumps using NirSoft's BlueScreenViewthat should provide us with details about other processes that are causing the BSODs.
Could you also provide further details about how you re-installed NIS. For example, did you uninstall NIS from the control panel and then run the offline standalone installer from www.norton.com/latestnis? Did you run the Norton Remove and Reinstall (NRnR) tool? Or did you use some other method?
------------ MS Windows Vista Home Premium 32-bit SP2 * Firefox 26.0 * IE 9.0 * NIS 2013 v. 20.4.0.40 HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400M GS
Sorry...meant the Norton remove and reinstall tool. I have used NPE a couple times but it didn't find anything. Not all the recent crashes have been just ex64.sys. Below are two more crash results. Another one from a file related to Norton and then a ntoskrnl.exe crash.
On Thu 1/9/2014 5:25:18 AM GMT your computer crashed crash dump file: C:\Windows\Minidump\010814-14336-01.dmp This was probably caused by the following module: symefa64.sys (SYMEFA64+0x115302) Bugcheck code: 0x3B (0xC0000005, 0xFFFFF88001719302, 0xFFFFF8800A730C90, 0x0) Error: SYSTEM_SERVICE_EXCEPTION file path: C:\Windows\system32\drivers\NISx64\1501000.012\SYMEFA64.SYS product: EFA company: Symantec Corporation description: Symantec Extended File Attributes Bug check description: This indicates that an exception happened while executing a routine that transitions from non-privileged code to privileged code. This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: symefa64.sys (Symantec Extended File Attributes, Symantec Corporation). Google query: Symantec Corporation SYSTEM_SERVICE_EXCEPTION
On Tue 1/21/2014 7:15:45 AM GMT your computer crashed crash dump file: C:\Windows\Minidump\012014-11200-01.dmp This was probably caused by the following module: ntoskrnl.exe (nt+0x75BC0) Bugcheck code: 0x1A (0x41790, 0xFFFFFA8012AB78F0, 0xFFFF, 0x0) Error: MEMORY_MANAGEMENT file path: C:\Windows\system32\ntoskrnl.exe product: Microsoft® Windows® Operating System company: Microsoft Corporation description: NT Kernel & System Bug check description: This indicates that a severe memory management error occurred. This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules. The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.
Sorry...meant the Norton remove and reinstall tool. I have used NPE a couple times but it didn't find anything. Not all the recent crashes have been just ex64.sys. Below are two more crash results. Another one from a file related to Norton and then a ntoskrnl.exe crash.
Hi danohall:
I read through your 2012 post here and it sounds like the N360 BSODs were also caused by a Symantec file (ccsetx64.sys) and started when you upgraded from N360 v. 5.x to v. 6.x. Given that you said you've been running Norton products for over 20 years, it might be time to perform a clean reinstall of NIS following Phil_D's instructions here. In your case, you would be re-installing NIS 21.x instead of downgrading to NIS 20.x, so you would download the NIS.21.x offline installer from www.norton.com/latestnis in step two of his instructions. Before reinstalling NIS 21.x, I would also advise that you run the Norton Removal Tool (NRT) an additional two or three times (with a re-boot after each NRT wipe) for good measure. Please note that Phil_D's instructions ask you to select "Please remove all user data ..." when you uninstall NIS from the Control Panel to provide the best wipe of your current NIS installation off your system. If you use the Identity Safe feature to store login passwords in a local vault (i.e., on your hard drive instead of in the cloud on Symantec's online server) please let us know before you try a clean reinstall, since we will have to provide special instructions to ensure you retain your local vault. Also be aware that the Norton Removal Tool will remove a wide range of Norton products, including Norton SystemWorks and Norton Utilities, so if you have any Norton products on your system other than NIS you should uninstall them from the Control Panel and then reinstall them after you run the NRT.
There is a remote possibility that you have some malware trying to disrupt NIS when it loads at boot-up, so before you try the clean reinstall I would suggest that you load NIS early in the boot-up process by changing your Boot Time Protection to Aggressive (Settings | Computer | Real Time Protection | Enable Boot Time Protection) if you haven't already done so and re-boot your computer to see if it catches anything. I also noticed in one of your previous posts you mentioned that you have Malwarebytes Anti-Malware, so it would also be advisable to start your computer in Safe Mode and then run full scans with both NIS and MBAM before attempting the clean reinstall to see if they can detect any malware from Safe Mode. If you would like a malware removal expert to assist you in running some further diagnotics before you proceed with the clean reinstall just post back and we can recommend some reputable sites that will provide this service for free.
I'm also a bit concerned about yesterday's BSOD with ntoskrnl.exe, so if the clean reinstall of NIS doesn't solve the problem, try running Window's System File Checker (SFC) utility from an elevated command prompt (i.e, with Administrator rights) as described here just in case your Windows system files have been damaged.
------------ MS Windows Vista Home Premium 32-bit SP2 * Firefox 26.0 * IE 9.0 * NIS 2013 v. 20.4.0.40 HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400M GS
Thanks for the info. When I say I've been running Norton products for over 20 years, that meant I've been a long time user...not that I've had the same system with the same hard drive for 20 years. This system is about a year old, built from scratch with an SSD.
I just enabled boot time protection to agressive.
I have ran System File Checker and it found nothing. (just did it again with nothing found)
I'll uninstall using NRT per your suggestions and report back. May take a couple days.
Thanks for the update. I'll keep my fingers crossed.
I doubt it's relevant since you built your own PC, but if you have an AMD Radeon graphics card and notice a BSOD related to the igdpmd64.sys graphics driver then please see sven74's thread here about BSODs caused by the Windows Update KB2670838 on certain models of Win 7 computers with hybrid (switchable) graphics cards.
------------ MS Windows Vista Home Premium 32-bit SP2 * Firefox 26.0 * IE 9.0 * NIS 2013 v. 20.4.0.40 HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400M GS