Norton ISS 2014 causing me a problem of freezing?

OK, this has been going on since probably Win8.0, now on Win8.1 and the Tues. upgrade, and it randomly continues.

 

The problem is my computer will freeze on me. Totally random. Will happen for a few days in a row and then stop, and happen again. Always occurs within the first 15 minutes of being turned on in the morning. Manual power off and restart and NO problem after that.

 

I can't say for sure the cause, and in some cases I've taken actions to try and cure the problem. It always returns.

 

What I have tried so far:

 

  • Opened the case and cleaned it out in case it was heat related, which I doubted as it would happen again after rebooting after the freeze.
  • Checked the seating of ALL cables and RAM.
  • Replaced the video card, a 'legacy' ATI card supported under W8 but not W8.1 with a supported card.
  • Replaced the SSD the system was installed on with a back-up one that I had replaced by the vendor as it failed. I didn't think I was having the freeze problem when that SSD was used, but that didn't stop it.
  • Replaced or tried to replace all possible drivers, especially the chipset one.
  • Start removing old unnecessary programs.
  • Stopped auto-starting programs I could easily manually start.

None of the above has helped?

 

By process of elimination and seeing what might have changed on the computer I sort of noticed whenever there was an MS Update the next day the problem started. Note that 'solving' this normally would have me change something, running CHKDSK on the drives seemed to be a cure for awhile, but it always came back. Still the MS Update appeared to trigger this.

 

At first since it only happened ONCE a day on the first boot I thought it might be a Scheduled Task that ran once a day? Could not really find any.

 

A few times I did see other manisfestations of this problem. 2 times my speakers were buzzing, which is what lead me to suspect device drivers. These happened months apart, the last 2 days ago.

 

Yesterday I got my 5 or so BSOD where W8.1 says it had a problem with IRQL_LESS_THAN_OR_EQUAL or KERNEL_MODE_ERROR. Only problem is NOTHING gets written due to the freeze. The computer doesn't even re-boot like the screen says it will, but the dump supposedly went to 100%? I've done a DIR *.DMP /S /P and can't find ANY dump file for that time at all? Event Viewer has NO Critical Error for that time, not anything else in the Event Viewer with the approximate fail time.

 

I know it ONLY happens on the first boot of the day too. Yesterday the computer was turned on in the morning and locked up 12 minutes later. It was turned off at 11:30AM and then on again at 8:45PM when it didn't lock up. This morning, 8 minutes after boot it froze. 

 

It is possibly a program going out to check for an update (I assume these are done once a day, not on every boot)? Either that or some timing issue between programs looking for updates that locks the system?

 

Why am I posting here? Norton I know does try to update during boots.

 

I looked at the RECENT EVENTS. Attached is the one for today, circled in RED is the first boot. Above that the 2nd. Note a lot more has been done on the second. I'm wondering WHY it wasn't done on the first? Was this the root problem? Norton eventually timing out and then freezing the system with a hung resource????

 

I do have another computer, quite similar to this one and it doesn't have this problem?

 

Suggestions?

"

Why am I posting here? Norton I know does try to update during boots."

 

Wrong.

 

" It is possibly a program going out to check for an update (I assume these are done once a day, not on every boot)? Either that or some timing issue between programs looking for updates that locks the system?"

 


During boot, Windows and other programs just load.

When you get the Desktop screen, after some minutes, depending on your config, some programs may check for updates.

I believe, so far, that you have a HW issue, but I need more info.

You can also check the web for third party utilities that can capture info for BSOD's and give you details.

 

Regards,


Apostolos wrote:

"

Why am I posting here? Norton I know does try to update during boots."

 

Wrong.

 

" It is possibly a program going out to check for an update (I assume these are done once a day, not on every boot)? Either that or some timing issue between programs looking for updates that locks the system?"

 


During boot, Windows and other programs just load.

When you get the Desktop screen, after some minutes, depending on your config, some programs may check for updates.

I believe, so far, that you have a HW issue, but I need more info.

You can also check the web for third party utilities that can capture info for BSOD's and give you details.

 

Regards,


I too was thinking a h/w issue, but if I had one, why does it fail ONLY the first time I boot during that day and with over 8 hours of the machine off, if it was a 'cold' issue, why not yesterday?

 

Yes, I've tried MANY programs for BSOD's, like some from NirSoft and others. All look for DMP files in WINDOWS\MINIDUMP. Win8 computers do not have that folder and use a file called MEMORY.DMP in C:\ root.

 

I have done a DIR *.DMP /S /P after the freeze and have NEVER found any .DMP file? The freeze appears to stop the writing of that file. One of the reasons I thought it might have been the SSD and used another one I had.

Hi,

 

Change the setting from inside Windows,(Control Panel), instead of having a 64Kb minidump, to have a full dumb and also uncheck the option to automatically restart the pc.

That way during next BSOD, the pc won't reboot and the BSOD screen will remain visible so you can collect/write full info.

Post back.

 

Regards,


Apostolos wrote:

Hi,

 

Change the setting from inside Windows,(Control Panel), instead of having a 64Kb minidump, to have a full dumb and also uncheck the option to automatically restart the pc.

That way during next BSOD, the pc won't reboot and the BSOD screen will remain visible so you can collect/write full info.

Post back.

 

Regards,


I did have it set NOT to RESTART already and it was set to AUTOMATIC MEMORY DUMP. Location is %SystemRoot%\Memory.dmp but I think I'll move it to another drive in case it is SSD related?

" I think I'll move it to another drive in case it is SSD related?"

 

Hi,

 

You can always try and see if it helps, however I'm not sure.

Let us know how it goes.

 

Regards,

 

 


Apostolos wrote:

" I think I'll move it to another drive in case it is SSD related?"

 

Hi,

 

You can always try and see if it helps, however I'm not sure.

Let us know how it goes.

 

Regards,

 

 


First of all I want to THANK YOU for the help on this thread and my IE one, it is appreciated.

 

In making the above changes I did get a 'warning message' I never saw before? I've got 8GB's of RAM, and I as far as I can tell have NEVER even swapped. The message said I needed 8440 as the minimum setting and I had 4096, and that because of this I'd not be able to save valuable information. Maybe that is why I didn't get the dump? So I enlarged it and I still got the message. DUMB W8 I guess? I have 3 physical drives and moved the swapfile to my large 'scratch' drive, more so to save writing, no matter how small, to the SSD. Once I put the swapfile back on the SSD and set it min. to 8440 the message no longer appeared.

 

Maybe I'll finally get a DUMP file that has some meaningful data in it!

 

I'll post back here if I get anything in the next few days.

Hi,ispalten. This tool is very handy for troubleshooting BSOD issues.

 

http://www.nirsoft.net/utils/blue_screen_view.html


F4E wrote:

Hi,ispalten. This tool is very handy for troubleshooting BSOD issues.

 

http://www.nirsoft.net/utils/blue_screen_view.html


Yes, one of the ones I have. Problem was the DMP file was not being written, my swap file was too small. That is fixed now and I do have a dmp file (see next message).

 

Thanks.


Apostolos wrote:

" I think I'll move it to another drive in case it is SSD related?"

 

Hi,

 

You can always try and see if it helps, however I'm not sure.

Let us know how it goes.

 

Regards,

 

 


OK, got a DUMP this morning and a BSOD...

 

BSOD is NOT one I've seen before, SYSTEM_SERVICE_EXCEPTION (CI.DLL).

 

That file is it seems part of Google Updater I think?

 

Anyway, BLUE SCREEN VIEW now works too as there is a WINDOWS\MINIDUMP folder and I also got on another drive a MEMORY.DMP file.

 

From the DUMPCHK output (attached) are these lines :

 

BugCheck 3B, {c0000005, fffff801589b5059, ffffd001573e59e0, 0}

.

.

.

Probably caused by : CI.dll ( CI!Ordinal3+2dec5 )

 

In the EVENT LOG:

 

=============

Log Name:      System
Source:        Microsoft-Windows-WER-SystemErrorReporting
Date:          04/12/14 7:34:56 AM
Event ID:      1001
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      Irv-XPS435
Description:
The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff801589b5059, 0xffffd001573e59e0, 0x0000000000000000). A dump was saved in: l:\Memory.dmp. Report Id: 041214-32093-01.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-WER-SystemErrorReporting" Guid="{ABCE23E7-DE45-4366-8631-84FA6C525952}" EventSourceName="BugCheck" />
    <EventID Qualifiers="16384">1001</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2014-04-12T11:34:56.000000000Z" />
    <EventRecordID>1142800</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>System</Channel>
    <Computer>Irv-XPS435</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="param1">0x0000003b (0x00000000c0000005, 0xfffff801589b5059, 0xffffd001573e59e0, 0x0000000000000000)</Data>
    <Data Name="param2">l:\Memory.dmp</Data>
    <Data Name="param3">041214-32093-01</Data>
  </EventData>
</Event>

============

 

Which gives the same info.

 

I've got a couple of CI.DLL's,

 

===============

C:\>dir ci.dll /s
 Volume in drive C is OS
 Volume Serial Number is 1C5C-DD5E

 Directory of C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652

09/11/11  10:13 AM         1,210,936 ci.dll
               1 File(s)      1,210,936 bytes

 Directory of C:\Windows\System32

02/22/14  12:15 PM           531,128 ci.dll
               1 File(s)        531,128 bytes

 Directory of C:\Windows\WinSxS\amd64_microsoft-windows-codeintegrity_31bf3856ad
364e35_6.3.9600.16408_none_9190d3b6d8726db5

04/08/14  06:30 PM            27,736 ci.dll
               1 File(s)         27,736 bytes

 Directory of C:\Windows\WinSxS\amd64_microsoft-windows-codeintegrity_31bf3856ad
364e35_6.3.9600.17031_none_9169438cd891352c

02/22/14  12:15 PM           531,128 ci.dll
               1 File(s)        531,128 bytes

     Total Files Listed:
               4 File(s)      2,300,928 bytes
               0 Dir(s)  31,829,020,672 bytes free
==================

 

Assume the one in SYSTEM32 is being used so it isn't Google doing me in?

 

Not sure where to go from here? Web searches don't seem to help?

 

Like I said, this is the first time I got this specific BSOD?

 

 

I have another 'data point', results from WHOCRASHED program. See PDF, but it basically doesn't think it is a h/w problem but a s/w driver?

 

Now how do I detect which one?

 

I do NOT trust ANY program that sort of looks for updates to drivers. They all either get it wrong, the driver update isn't for my system or h/w, or the driver is a beta or worse, causes new problems. If you know of a sure fire one that works, let me know please.

Hi,

 

Uninstall anything related to Google from Programs & Features, and IE add-ons.(Disable or remove).

Open Services, and if there is a leftover service called gupdate, open an elevated cmd, (Run as admin), and type: sc delete gupdate

Also, delete any remnant Google folders. Use the search function in My Computer.

Reboot.

After reboot, open again an elevated cmd and type: sfc /verifyonly

See if any integrity violations are found.


Post back the results.

 

Regards,


Apostolos wrote:

Hi,

 

Uninstall anything related to Google from Programs & Features, and IE add-ons.(Disable or remove).

Open Services, and if there is a leftover service called gupdate, open an elevated cmd, (Run as admin), and type: sc delete gupdate

Also, delete any remnant Google folders. Use the search function in My Computer.

Reboot.

After reboot, open again an elevated cmd and type: sfc /verifyonly

See if any integrity violations are found.


Post back the results.

 

Regards,


OK, There were a few Google programs. Took them out. Interestingly enough when I took out Google Update I got a dialog box that this had 'compatibility issues'? Hmm... also, under Services it was AUTOMATIC (DELAY)... sort of fits the bill of not happening immediately?

 

Tried to remove the SERVICES (I set them to DISABLED, 2 were manual and 1 the Automatic (delay) via an elevated command prompt, got this :

 

===========

C:\WINDOWS\system32>sc delete gupdate
[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.
===========

 

I think I need to use the FULL exact name?

 

Yeah, that is it...

 

============

C:\WINDOWS\system32>sc delete gupdate1c9ded8821f12dd
[SC] DeleteService SUCCESS

C:\WINDOWS\system32>
===============

 

All out...

 

I've run SFC before without any errors, but I'll reboot and try it again.

Hi,

 

Usually the BSOD message you get:

IRQL_NOT_LESS_OR_EQUAL  indicates that Microsoft Windows or a kernel-mode driver accessed paged memory at DISPATCH_LEVEL or above.

This bug check is issued if paged memory (or invalid memory) is accessed when the IRQL is too high. The error that generates this bug check usually occurs after the installation of a faulty device driver, system service, or BIOS.
Can you open device manager and see if everything is ok there??

Also, do you have a desktop or laptop, please provide some brief info.

When you swap HDD & SSD do you enter the BIOS and select Exit & Save changes??

Is also the 8GB of RAM correctly recognized in the BIOS and inside Windows??

Do you run hybrid graphics??

Thanks for posting back.

 

Regards,

 

 

Hi,

 

You also mentionned changing your ATI GPU.

Do you have a W8.1 compatible driver??

How did you install it and from where??

Can you try a previous ATI/AMD driver??

 

Regards,


Apostolos wrote:

Hi,

 

Usually the BSOD message you get:

IRQL_NOT_LESS_OR_EQUAL  indicates that Microsoft Windows or a kernel-mode driver accessed paged memory at DISPATCH_LEVEL or above.

This bug check is issued if paged memory (or invalid memory) is accessed when the IRQL is too high. The error that generates this bug check usually occurs after the installation of a faulty device driver, system service, or BIOS.
Can you open device manager and see if everything is ok there??

Also, do you have a desktop or laptop, please provide some brief info.

When you swap HDD & SSD do you enter the BIOS and select Exit & Save changes??

Is also the 8GB of RAM correctly recognized in the BIOS and inside Windows??

Do you run hybrid graphics??

Thanks for posting back.

 

Regards,

 

 


I've only had that BSOD twice I think? Like I said, usually just a freeze, no more than 7 BSOD's over time.

 

I swapped an SSD (ScanDisk 128GB) for another SSD (Corsair 115GB). The ScanDisk had replaced the Corsair prior to this and I used Symantec System Restore to make the ScanDisk partition be the same size as the Corsair, so there was no problem doing a swap out.

 

Everything appears correctly in the BIOS (RAM is matched, 5 year old Dell XPS Studio One). RAM is the same as was installed initially and heavily tested already with MEMTEST86, one of the first things I did. All shows in DM with no UNKNOWN devices.

 

It initally had an ATI Radeon HD4870. That video card is no longer supported. In W8 it was a Legacy driver, basically the W7 one. Once this freezing started I replaced it with an ATI Radeon HD7770. Problems continued. Old driver was completely cleaned out. I even ran the HD4870 with the DEFAULT MS Driver and that seemed to help, but I still had problems, just less, which is what lead me to get the HD47770. Problem sitll happens with the MS default driver so I went back to the ATI driver and I need the CCC app.

 

 

 


Apostolos wrote:

Hi,

 

You also mentionned changing your ATI GPU.

Do you have a W8.1 compatible driver??

How did you install it and from where??

Can you try a previous ATI/AMD driver??

 

Regards,


See prior messae but it is the latest ATI driver.


Apostolos wrote:

Hi,

 

Uninstall anything related to Google from Programs & Features, and IE add-ons.(Disable or remove).

Open Services, and if there is a leftover service called gupdate, open an elevated cmd, (Run as admin), and type: sc delete gupdate

Also, delete any remnant Google folders. Use the search function in My Computer.

Reboot.

After reboot, open again an elevated cmd and type: sfc /verifyonly

See if any integrity violations are found.


Post back the results.

 

Regards,


SFC ran OK, as expected...

 

===========

C:\WINDOWS\system32>sfc /scannow

Beginning system scan.  This process will take some time.

Beginning verification phase of system scan.
Verification 100% complete.

Windows Resource Protection did not find any integrity violations.

C:\WINDOWS\system32>

===========

 

Interestingly I DID find someone with the same problem I have?

 

Same Problem

 

In that forum I looked at many that mentioned BSOD and FREEZE or LOCKUP. In many of those there is mention of Norton products and comments to remove it and also that they can cause problems???? I've used Norton ISS's for years and have not seen this. Matter of fact my wife's machine also running Win8.1 (not updated to the latest 8.1 yet) is also running SSR and NIS2014 and doesn't exhibit any of my problems. H/W is not exactly the same though, different SSD, different hard drive MFG's, different video card, keyboard/mouse, web cam, network adapter, RAM, CPU, etc. About the only thing the same is the name Dell on the box and some installed programs.

 

We'll see tomorrow if Google was at fault or not?

Hi,

 

Do not use the MS driver use one W8 compatible fro the ATI/AMD website.

Also, did the latest driver was digitally signed?

If not you need to disable the Driver Signature Enforcement in W8:

Disable driver signature enforcement in Windows 8

Select Settings (right bar)/More PC Settings (at bottom)
Then go General/Advanced Startup/Restart Now/Troubleshoot/Advanced Options/Windows Startup Settings/Restart
As your PC is starting up be pressing F8 to get to the menu where you can choose to
Disable driver signature enforcement.

Post back.

 

Regards,


Apostolos wrote:

Hi,

 

Do not use the MS driver use one W8 compatible fro the ATI/AMD website.

Also, did the latest driver was digitally signed?

If not you need to disable the Driver Signature Enforcement in W8:

Disable driver signature enforcement in Windows 8

Select Settings (right bar)/More PC Settings (at bottom)
Then go General/Advanced Startup/Restart Now/Troubleshoot/Advanced Options/Windows Startup Settings/Restart
As your PC is starting up be pressing F8 to get to the menu where you can choose to
Disable driver signature enforcement.

Post back.

 

Regards,


I am using the latest ATI driver, http://support.amd.com/en-us/download/desktop?os=Windows%208.1%20-%2064, I just checked to be sure. Yes, it is signed.