BSOD: IRQL_... caused by ntkrnlpa.exe

[davidbaldwin]

Thanks again. Ok, I buy your experience and logic about Norton. I know it's a resource hog, and I know the recent update to ver 6 is not as stable as I might have thought. Webroot analyzer says it has a possible handle leak. The report shows almost twice as many handles for Norton's engine as the next highest - a Windows svchost file which is tied to about 20 services. Plus Norton had an extreme amount of page faults listed as well. Perhaps these are ongoingNorton360 issues; perhaps it's just my installation(s) - I don't know. Ok I'm considering temporarily at least, uninstalling Norton360 on at least the one computer that is still blue-screening - my son's. A zip file is uploaded here with the last 3 crashes' minidumps. If you would be so kind as to take a look inside and see what the problem is likely to be? Referring to the the first post #1, if it simply shows the kernal is at fault - that's what the basic summary showed but obviously that's too broad a target to identify what's not working.

 

[Tmagic650]

SYMEFA.sys is being flagged as a problem... No surprise it is part of Norton. All the others flagged just show general Windows instability. Things like ntkrnlpa.exe, KERNEL_MODE_EXCEPTION_NOT_HANDLED, HAL.dll, UNEXPECTED_KERNEL_MODE_TRAP, DRIVER_NOT_LESS_OR_EQUAL AND TCPIP.SYS are all signs of NORTON caused instability. If SYMEFA.sys or any other Symantec driver was not present here, we could look at memory or hard drive issues more closely. You have already ruled these out haven't you, and we're pointing to software. Norton is software. Are we making more sense now?

 

[davidbaldwin]

Yes thank you for reading the minidumps for me. The strange thing is, the file Properties page for SYMEFA.SYS shows it has not been accessed since June 2012. I searched the entire computer - including hidden files and non-indexed locations. Just the one instance of that file. Oh well, I'll uninstall Norton and see what happens. The blue screens are random, sometimes even booting into safe mode is a challenge; other times it runs in normal mode for an hour or so. I may have to wait awhile for a BSOD. In the meantime, I'll post the minidump from the last crash today - perhaps you could say if it is consistent, or different?

 

[Tmagic650]

Uninstall Norton and run the temp file cleaner I suggested. This minidump references Memory Management. OS instability can show up anything at any time...old or new

 

[davidbaldwin]

Tmagic and Route44,
Well, my son's computer is no better off after uninstalling Norton and installing MSE. I have a little more info, and have attached a recent minidump. It appears it likes to blue screen after awakening from sleep. I have again run a slew of hardware tests using Windows Memory Diagnostics Tool, Memtest+, WD hard drive tests, Spinrite, HP diagnostics, and everything passes 100%.
I have seen it restart instead of the BSOD halt. When it last blue-screened after awakening, it blue-screened in safe mode as well, and a couple of times when trying to start Windows normally. Then on another try, here I am typing away. I have seen drivers mentioned on the blue screens. acpi.sys ecache.sys CLFS.sys . I've seen IRQ not lesss or equal and DRIVER_IRQ not less or equal. I have seen the machine stop when booting the BIOS before it detects boot devices (just after memory testing OK).
Yes this is Vista. Yes it seems like software issues, although the BIOS halts could be valid or it could be a video adapter problem (nVidia video on the motherboard). I'm at the end of the rope on this now, about to reformat C: and load Windows 7. Appreciate any last ideas, and perhaps a last read of the minidump attached. Thanks

 

[Tmagic650]

Ecash.sys... is this a payment system driver? Seems like you could both benefit from a fresh OS re-install

 

[davidbaldwin]

You're joking right? ecache.sys is a Windows driver located here: C:\Windows\System32\drivers
Sorry I'm not in the mood for humour. This is taking way too much time to solve.
I can still read your recommendation between the lines. Out with Vista, in with 7 or 8.
The process of rebuilding is always daunting ... never easy enough.

 

[davidbaldwin]

Route44,
Besides the last minidump from my son's computer attached in post #30, I have attached one minidump from my machine here. It occurred when I accidentally unplugged my HP Officejet printer. Is that to be expected? Otherwise this main machine hasn't blue-screened since I upgraded the video drivers. Thanks

 

[Tmagic650]

"The process of rebuilding is always daunting ... never easy enough"... Unless you are prepared to do it. With today's external hard drives, flash drives and blue-ray disks there is really no excuse to have everything important to you backed up and always at your fingertips. The Windows updates are a pain to re-install, but that's about it. Windows 8 can be modified to use on a desktop without a touch screen. I like it, but I'm not ready to use it full time yet... Vista should go the way of the Dinosaurs!

 

[davidbaldwin]

never easy enough ...
I would rather perform 3 hours of Windows Updates. They're easy. No forethought or planning required. Almost automatic. You can click Update and walk away. But, name me a perfect back-up and restore solution and I'll buy it. Yes I have back-ups, but nothing I have researched or used is easy or perfect enough. "Windows Easy Transfer" is not perfect. User data is spread in various directories - sometimes so deep the average user cannot remember where. iTunes has it's location, photo programs tend to keep their photos everywhere except in the Pictures folder. Moving from one OS to another results in different folder names, libraries, etc. Unless you are restoring a drive image, or transferring from and to identical set-ups, it takes time and patience and exactitude to ensure the system you rebuilt has everything in the same and proper place as it was. I've seen pro tech support shops screw up people's back-ups to the point where there's no recognizing the files. If the pros haven't perfected the process, neither will average Joe. Further, on my son's "mis-diagnosed" computer, I still have no idea what is causing the faults, although software "seems" to be the culprit. Therefore I need to first install a basic OS and test it, step by step to ensure hardware, such as a video adapter, or NIC, or mobo, or power supply is not truly at fault. Time, patience, more time, more patience, and more time... not to mention reloading all of the programs. I know, it's necessary to clean house and start from scratch, usually when upgrading the OS. But I wouldn't trust anyone to do it right but myself. And that takes ... well ... time.

 

[Tmagic650]

The last minidump points to DRIVER_VERIFIER_DETECTED_VIOLATION
DOT4.SYS, NTKRNLPA, and HAL.DLL
You've had so many varied minidumps where do we go from here? if I saw this for the first time, I would say hard drive. The title of this thread "BSOD: IRQL_... caused by ntkrnlpa.exe" is not correct. The BSOD is NOT caused by ntkrnlpa.exe, ntkrnlpa.exe is a symptom not a cause

 

[davidbaldwin]

True, and thank you for looking at that minidump. BlueScreenView was the program I initially used in this OLD thread, and it always comes up with ntkrnlpa. Even the Windows Debugger focuses first on that file, which is of course misleading.
Part of the confusion here is I have referred to two computers, both having had recent blue screens, some the same, some different. The DOT4 cause I now understand. I would like to focus on the minidump in post #30 if you could assist. That computer is blue-screening every time it comes out of sleep, then multiple times as it reboots, finally it starts in normal mode again, only to rinse and repeat. Post #28 contained the previous minidump posted from that machine. The HDD physically tests perfect, including sfc and chkdsk results. Norton was uninstalled. The only AV is MSE as you recommended. Thanks

 

[Tmagic650]

The minidump contents of post #30 are:
DRIVER_IRQL_NOT_LESS_OR_EQUAL, CLASSPNP.SYS, ECASH.SYS, NTKRNLPA.EXE AND STORPORT.SYS
The minidump contents in post #28 are:
MEMORY_MANAGEMENT, HAL.DLL, and NTKRNLPA.EXE