Hi, I'm getting multiple BSODs on my new Windows7 Ultimate x64 machine. The first application I installed was Norton 360 Premier v4.0 and it's been faulting ever since. Windows debugger suggests the cause is SRTSP64.sys and this seems to be supported by multiple blogs on the net - I've attached 6 samples below, all suggesting I should uninstall Nortons. I'm reluctant to do this as I'm a long-time user, but there doesn't seem to be an alternative unless someone can help me overcome this problem?
http://www.techspot.com/vb/all/windows/t-138515-System_service_exception-amp-srtsp64-bsods.html
http://forums.techguy.org/windows-vista/834027-bdos-hell.html
http://www.sevenforums.com/crashes-debugging/64703-random-bsod.html
Below is the Windows Debugger output:
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\Minidump\042910-14586-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: C:\WinDDK_Symbols;srv*
Executable search path is:
Windows 7 Kernel Version 7600 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16539.amd64fre.win7_gdr.100226-1909
Machine Name:
Kernel base = 0xfffff800`02a1d000 PsLoadedModuleList = 0xfffff800`02c5ae50
Debug session time: Thu Apr 29 15:02:26.425 2010 (UTC + 10:00)
System Uptime: 2 days 23:53:55.455
Loading Kernel Symbols
...............................................................
................................................................
.........................................
Loading User Symbols
Loading unloaded module list
...................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 50, {fffff8200e40cd6d, 0, fffff80002a68ae3, 5}
Unable to load image \SystemRoot\system32\drivers\N360x64\0401000.020\SRTSP64.SYS, Win32 error 0n2
*** WARNING: Unable to verify timestamp for SRTSP64.SYS
*** ERROR: Module load completed but symbols could not be loaded for SRTSP64.SYS
Could not read faulting driver name
Probably caused by : SRTSP64.SYS ( SRTSP64+294f4 )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: fffff8200e40cd6d, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff80002a68ae3, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000005, (reserved)
Debugging Details:
------------------
Could not read faulting driver name
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002cc50e0
fffff8200e40cd6d
FAULTING_IP:
nt!RtlSidHashInitialize+67
fffff800`02a68ae3 0fb64101 movzx eax,byte ptr [rcx+1]
MM_INTERNAL_CODE: 5
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x50
PROCESS_NAME: System
CURRENT_IRQL: 0
TRAP_FRAME: fffff88006c4bea0 -- (.trap 0xfffff88006c4bea0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000002 rbx=0000000000000000 rcx=fffff8200e40cd6c
rdx=000000000000002c rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002a68ae3 rsp=fffff88006c4c030 rbp=0000000000000048
r8=0000000040000000 r9=0000000000000003 r10=003c000200000012
r11=fffffa800a1c84e0 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po nc
nt!RtlSidHashInitialize+0x67:
fffff800`02a68ae3 0fb64101 movzx eax,byte ptr [rcx+1] ds:e1c0:fffff820`0e40cd6d=??
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002b0c801 to fffff80002a8d600
STACK_TEXT:
fffff880`06c4bd38 fffff800`02b0c801 : 00000000`00000050 fffff820`0e40cd6d 00000000`00000000 fffff880`06c4bea0 : nt!KeBugCheckEx
fffff880`06c4bd40 fffff800`02a8b6ee : 00000000`00000000 fffff8a0`0e40c610 00000000`00000000 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x40ecb
fffff880`06c4bea0 fffff800`02a68ae3 : 00000000`00000000 fffff8a0`0e40c5a8 00000000`00000000 00000000`00482070 : nt!KiPageFault+0x16e
fffff880`06c4c030 fffff800`02d62c72 : fffff8a0`0e40c530 00000000`00482070 fffff8a0`0e40c530 00000000`000007ff : nt!RtlSidHashInitialize+0x67
fffff880`06c4c060 fffff800`02d63ad5 : fffff880`06c4c480 fffff8a0`0e418910 fffff8a0`0dfb1530 fffffa80`0a1c84e0 : nt!SepDuplicateToken+0x3d2
fffff880`06c4c100 fffff800`02a8c853 : fffffa80`0a1c84e0 00000000`00000008 fffffa80`0b516901 fffff880`06c4c448 : nt!NtOpenThreadTokenEx+0x405
fffff880`06c4c220 fffff800`02a88df0 : fffff880`0697a4f4 00000000`00000001 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
fffff880`06c4c428 fffff880`0697a4f4 : 00000000`00000001 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiServiceLinkage
fffff880`06c4c430 00000000`00000001 : 00000000`00000000 00000000`00000000 00000000`00000000 fffff880`06c4c480 : SRTSP64+0x294f4
fffff880`06c4c438 00000000`00000000 : 00000000`00000000 00000000`00000000 fffff880`06c4c480 fffff880`0113da77 : 0x1
STACK_COMMAND: kb
FOLLOWUP_IP:
SRTSP64+294f4
fffff880`0697a4f4 ?? ???
SYMBOL_STACK_INDEX: 8
SYMBOL_NAME: SRTSP64+294f4
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: SRTSP64
IMAGE_NAME: SRTSP64.SYS
DEBUG_FLR_IMAGE_TIMESTAMP: 4b85bd61
FAILURE_BUCKET_ID: X64_0x50_SRTSP64+294f4
BUCKET_ID: X64_0x50_SRTSP64+294f4
Followup: MachineOwner
---------
A full dump is attached. Please help!