# win32k.sys Blue Screen crashes - Norton Security and/or hardware?



## robdrums (May 1, 2009)

Hi there

I have been having persistent crashing problems with my around-2-month old Dell Studio 540 PC where it will almost daily just randomly crash, sometimes with a BSOD, sometimes just freeze.

Spec:

2.66ghz Intel Quad Core processor
4gb RAM
750gb hard drive
Windows Vista Home Premium

When it freezes, the windows in use (IE, Windows Live Mail etc., nothing out of the ordinary) will remain visible and the mouse and everything will lock up. The music that's on (I use WMP most of the time) will freeze and continue coming out of the speakers as if a scratched record. The only thing to do then is to press the power button to reboot it. It will stay like this, frozen, until I do.

Dell are being typically useless and can't help as the Boot Utitlity and BIOS tests return no errors (is there not more to IT support than running tests? Apparently not.) They can't even decide if it's a hardware or software issue. Chocolate kettles.

When it does return a BSOD, the code I got tonight is:

STOP: 0x0000008e (0xc0000005, 0x95F53174, 0x8D0E2C68, 0x00000000)
win32k.sys - Address 95F53174 base at 95E80000, Datestamp 498F9E96)

Now, the only major thing I have changed or installed since it was new is Norton Internet Security 2009, which is patched and up to date, but the only thing different about what runs in the background. The PC came with McAfee preinstalled which I removed as I used to find it hideously slow on my old XP machine. What are the chances of this having anything to do with it? I am tempted to try removing Norton and see if the problem persists, as to be fair, it seemed to work fine when I first got the computer, and when it does work I am happy with it.

I would rather not reinstall the OS or anything, as I think it is a hardware problem, but what do you guys think?

Thanks in advance for any advice.

Rob


----------



## robdrums (May 1, 2009)

Hi,

Can anyone please please help me with this? Does the fact that whether I get a BSOD or just a lockup, the mouse freezing indicates a hardware problem?

Is it worth uninstalling Norton and seeing if it becomes more stable?

Somewhere I saw an option to restore the PC to Dell factory defaults. Is this worth doing, and installing a different AV product?

Thanks in advance

Rob


----------



## Dracia (Mar 19, 2008)

Hi,

Bugcheck STOP: 0x0000008e: *KERNEL_MODE_EXCEPTION_NOT_HANDLED* with exception code *0xc0000005*: memory access violation.

Norton Internet Security is known to cause BSODs on Windows Vista. This is because it blocks local ports which prevent system services from working properly.

When you uninstalled McAfee, did you use the McAfee removal tool?

You'll need the Norton Removal Tool to get rid of Norton. It can be found here: http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039

Choose the one that applies to your Norton product. Save the file and Run as Administrator. Reboot after it completes.

There are many good AV programs out there: basic free security such as AVG, Avast, Avira... and also paid subscription ones such as NOD32. You can download a free 30 day trial of that. Only use the antivirus and not the whole package.

You should also set Windows Firewall back to its default settings.


----------



## jcgriff2 (Sep 30, 2007)

Hi - 

My #1 candidate for BSODs = NIS, KIS, MIS

Run both NIS & McAfee Removal Tools. 

D/Load to desktop, right-click, select run as admin - run 1 to completion, then re-boot. Run the other, re-boot.

http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe

ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe

Reset the Windows Firewall to its default settings - 
START | type FirewallSettings.exe into the start search box | click on FirewallSettings.exe above | select the Advanced Tab | click on "Restore Defaults" | Click Apply, OK

Need anti-virus - use AVG 8 for now -
http://free.avg.com/download-avg-anti-virus-free-edition

Go to your manufacturer's web site and make sure all drivers are updated.

Regards. . .

jcgriff2

.

*EDIT: * Hi Dracia - got me again. I was writing and came in 2 min behind you. Your post looks great - thank you!

`


----------



## Dracia (Mar 19, 2008)

Hi JC

No probs with your post, it backs up what mine said :smile:


----------



## robdrums (May 1, 2009)

Hi

Thanks for the replies. One thing though, 90% of my lock-ups are just that, where the whole PC, pointer and all locks up, but whatever screen I had up remains static on the screen til I press the main power switch. I have actually only had a BSOD a handful of times, compared to sometimes three lock-ups a day. 

Is this still possibly software related? A friend told me that if the mouse is locking up too, then it would most likely be hardware.

I did use the McAfee remover I think, yes. I'm going to give removing both a go anyway, see if it stops the crashes. If it doesn't then I will have to try harder with Dell.

Rob


----------



## robdrums (May 1, 2009)

UPDATE: I ran the McAfee tool first and it seemed to detect and remove a few things. Is it worth seeing if that stops the problem, in case it was conflicting with NIS?

Rob


----------



## jcgriff2 (Sep 30, 2007)

McAfee, NIS, KIS, etc... they all have firewalls which block local ports and prevent some system services from running. I would remove it -

Download the Norton Removal Tool (NRT); save to desktop. Then go to desktop, RIGHT-click on the NRT icon and select Run as Administrator. When complete - re-boot.

NRT - ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe

Reset the Windows Firewall to its default settings - 
START | type FirewallSettings.exe into the start search box | click on FirewallSettings.exe above | select the Advanced Tab | click on "Restore Defaults" | Click Apply, OK

Use AVG for a/v if you wish - http://free.avg.com/download-avg-anti-virus-free-edition

Download SPeedFan 4.38 to check on temps - RIGHT-click, select run as admin
http://www.almico.com/sfdownload.php

Regards. . .

JC

.


----------



## robdrums (May 1, 2009)

Well, Norton is gone. Updated Windows and added AVG Free. 

Unfortunately it crashed twice the same day. Not blue screens, just random lock ups, including music and mouse pointer. 

Any more suggestions? This is surely a hardware problem?

When you press F8 on the Dell boot up screen there is an option to restore the PC to factory 'flash'. Dell have already tried to reinstall the latest BIOS, which didn't work. Would restoring it to factory maybe help? Maybe?

Cheers

Rob


----------



## Dracia (Mar 19, 2008)

Ok, to rule out your hard drive, you should run *chkdsk /r*. If you need instructions on how to run a chkdsk please do ask.

The /r extension repairs problems on the hard drive that the chkdsk finds.

If the crashes still happen, run a diagnostic utility on the hard drive. Most hard drive manufacturers provide utilities for their products, except for Toshiba, in which case it is fine to use Maxtor or Hitachi diagnostics for their products.

If the diagnostics find problems then it could mean that your hard drive is causing these issues and should be replaced.

*Edit*: I don't know if you have said this already, but do these problems occur in safe mode? Because if they don't, then it must be a software problem. If they do, it's most likely hardware. Try this test before anything else I have said in this post.


----------



## robdrums (May 1, 2009)

OK, thanks, I will give that a go later today.

In the meantime, I have tried running JC's TSF Support program, and the results are attached, if that is any use or can provide any info.

Cheers

Rob


----------



## jcgriff2 (Sep 30, 2007)

Hi -

There were 2 mini dumps - from March and May 1. Bugchecks -

```
BugCheck 1000008E, {c0000005, 95f53174, 8d0e2c68, 0}
Probably caused by : win32k.sys ( win32k!TimersProc+75 )

BugCheck A, {37f0c, 2, 0, 81c75482}
Probably caused by : memory_corruption ( nt!MiIdentify[COLOR=Red]Pfn[/COLOR]+64f )
```
*0x8e (0xc0000005,,,)* = kernel threw a 0xc..5 exception - memory access violation

*0xa* - invalid memory referenced

The sys event log showed 6 BSODs total; only 2 dumps produced. The other 4 brought the system down so fast it could not produce dumps. This along with the Pfn (Page Frame Number) in the above code box and the 0xa bugcheck tells me this is hardware failure. The 0x8e is usually caused by 3rd party firewall like NIS & McAfee, but rarely do I see win32k.sys as the probable cause. The event logs do show repeated Internet connection failures and NIS itself failing.

Check temps w/ Speedfan - http://www.almico.com/sfdownload.php
Run at admin level (RIGHT-click, run as admin)

Run memtest86+ http://www.memtest.org/
Create bootable ISO w/ product like ImgBurn - http://www.imgburn.com/index.php?act=download

HDD Diagnostics - http://www.techsupportforum.com/f234/hard-drive-diagnostic-utilities-302602.html

Your Windows Updates and driver updates appear to me to be current. The dump logs are attached.

Regards. . .

jcgriff2

.


----------



## robdrums (May 1, 2009)

Hi

Thanks for the reply and info. What part of the hardware is most likely to be failing, do you think? What's my best course of action, as I feel Dell are just going to insist that anything their own diagnostics tests don't pick up is software related. And furthermore I don't think they will understand if I send them this log (but I will anyway, with the comments)

I have the PC on in safe mode at the moment, to see if it crashes (but of course being an intermittent fault, this doesn't really prove anything)

I ran chkdsk and it ran for a long time and completed, but crashed again later that day.

I ran Speedfan and the only thing that showed as out of the ordinary was the GPU which was 59 degrees, but having done some research online, it seems this isn't actually that high for a graphics processor. I don't think overheating should be a problem.

Regards

Rob


----------



## jcgriff2 (Sep 30, 2007)

Hi Rob. . .

Unfortunately, the information contained in the dumps does not tell us or point us in the direction of the failing hardware. You're right about Dell Support. They will blame it on Microsoft and vice-versa. You will be left in the middle. I see this all too often.

If this were my system - #1 priority - re-install Vista. This will be the first thing that Dell tells you to do - so get it out of the way. However, I strongly urge you after re-install, Windows Updates and Dell driver updates are in to remove NIS. I know it must be a trusted friend to you, but just search this forum and you will find 100's - maybe 1000's threads where NIS, KIS, McAfee, etc... wreaked absolute havoc in Vista systems.

If the re-install fails or takes more than 2-3 hours, it is a hardware problem.

If you need help or have additional questions, simply post or send PM.

Regards. . .

jcgriff2

.


----------



## robdrums (May 1, 2009)

Hi JC

I am emailing them now with the logs and your comments (about the hardware failure) to see what they have to say. 

Norton is already gone, replaced with AVG, but still having the problems.

I don't mind reinstalling Windows, but I just think it is the problem.

Is there any guides out there for doing this safely, and should I back up the hard drive to my external HD first?

Regards

Rob


----------



## jcgriff2 (Sep 30, 2007)

Hi Rob,

There is no safety factor here. The only files that you can take with you are user profile folders/files - Documents, music, pics, etc... All programs will have to be re-installed.

I just checked your files and see that you do have a recovery partition - drive d:.

After you copy out whatever files you want to keep, re-boot and press F-10 during boot-up. That should get you to the recovery menu. Select restore to factory defaults/ factory image, or similar. Even with the large HDD you have it should not take more than 2-3 hours of system time (no babysitting). I do re-installs on my systems (usually the ones the kiddies get a hold of) several times a month. There is nothing like a re-install of Vista. I just hope it helps you here.

I can honestly tell you that it is not Vista causing these problems. Vista SP2 is now out and will be released via Windows Updates in the near future. Vista is an extremely stable OS. 

JC

.


----------



## robdrums (May 1, 2009)

Hi JC

Thanks for all your help. I will give the reinstall a go at some point, though let's see what Dell say first.

Almost immediately after sending the email to them, I got another Blue Screen. Details as follows (different to previous one)

MEMORY_MANAGEMENT

STOP: 0x0000001A (0x00003452, 0x7FFD9000, 0xC0802EFC, 0x900DCC66)

Does this point to a RAM issue or something?

Rob


----------



## robdrums (May 1, 2009)

Well, Windows is now successflly reinstalled. 

No prizes for guessing what happened twice within an hour of doing so.

Based on the above BSOD though, it's memory failure isn't it?

Rob


----------



## usasma (Apr 11, 2009)

With a fresh install of Vista a Memory Management error is (most likely) either a problem with your memory or a problem with your motherboard.

Run the built in Memory Diagnostic in order to test your memory ( http://www.bleepingcomputer.com/tutorials/tutorial146.html )


----------



## McNinja (Jun 22, 2008)

Run Memtest 86 with 1 stick of ram installed at a time.
http://www.memtest86.com/

When running Memtest86 let it do around 3 passes for each stick installed 

It'll run before windows starts, You'll need to create a bootable CD. The software you'll need is:
*Deep Burner*
http://www.filehippo.com/download_deepburner/

Create a ISO image to CD or DVD


----------



## robdrums (May 1, 2009)

Well, it's back! Completely naked install of Windows Vista when it came back, no software, no drivers, nothing. So now I have updated it, reinstalled Office and set it up to my settings again, it's running none of Dell's rubbish any more, which is potentially good.

They changed out the RAM & the hard drive. Said on the docket that they'd changed it for 2x2gb instead of 4x1gb sticks so I could upgrade in the future, etc. However, on interrogating the system (well, it told me on the Welcome page), it said the installed memory was 3gb. On querying this with Dell, it turns out they mistakenly put in 1x 1gb and 1x2gb. So they're sending me another 1gb stick to install myself.

So far no crashes, so hopefully once this is done the problem will be solved and I can finally start to enjoy the PC I spent £900 on.

So with that spare slot, if I put in another 2gb stick, in theory I would have 6gb of RAM - is it that simple? I wanted them to send me the 2gb stick they said I had, and beef it to 5gb, but they wouldn't. 

Thanks for all the support and answers. Hoefully this will be case closed! 

Rob


----------



## Dracia (Mar 19, 2008)

Hi,

Since you got the 0x1A bugcheck, it indicated a severe memory problem. And since you got the RAM changed out, hopefully like you say it should be fixed.

Do you have 64 bit Vista? Sorry if you said you did before, but if it isn't 64 bit then it won't read the full 4+ gigs of RAM. More like 3.5 gigs after it accounts for the graphics card and other things that share the memory. 32 bit processors can't handle anything over 2^32, which equals 4294967296, or 4 gigs.


----------



## robdrums (May 1, 2009)

Yeah, it is 32 bit, I discovered that >4gb would be pointless by reading some other sections on this forum. I have been recommended by a friend to push them to give me a 2gb stick though, and to change out the 1gb stick, as mixing & matching is a bad idea compared to parallel memory like 4x1gb or 2x2gb. Any thoughts?

Thanks

Rob


----------



## McNinja (Jun 22, 2008)

Having matching Ram is easier on the system. 

Its seems like the problem is fixed, congrats!


----------

