Recent build has given me nothing but headaches - trouble shooting advice needed

[a]

Hello all, I just built a new machine a few months ago, I'm having 3
problems that I haven't been able to figure out a solution to. These
are the specs:

Biostar TZ68A+ mobo
Core i5 2500
2 x 4gb Mushkin Enhanced Silverline ram
EVGA GeForce GTX560
90gb Mushkin Chronos SSD
Windows 7 Home Premium x64


- I'm getting blue screens and I can't figure out the cause. I ran
Memtest on both sticks of RAM overnight - no errors. I took out the
SSD and replaced it with a brand new hard drive. I replaced the dvd
drive with a brand new one. I took out the video card and ran the
monitor off the cpu. I tried a different PSU. The drivers I have
installed are all up to date. I installed the most recent version of
Ubuntu and ran that for a couple weeks and didn't have any problems,
so it doesn't look like defective hardware is the problem. Every blue
screen I've had (more than 50 times), with no exceptions, happened
within 5-10 minutes after booting the machine. If I don't get a blue
screen within 5 or 10 minutes after booting then it doesn't happen.

- svchost.exe (LocalServiceNetworkRestricted) is showing 40-60% CPU
usage 100% of the time. I know the problem is LAN driver related
because it went down to 0% after uninstalling the LAN drivers. I
reverted back to the driver that shipped with the motherboard. That
didn't help. I tried an old Linksys network card I had laying around
and that does the same thing. I booted into safe mode with networking
and it didn't do this in safe mode. The CPU stays near 0%.

- I'm having problems with permissions. I installed Avira AV, tried
renaming the licence file so I could copy over the most recent one and
I'm being told that I need permission from Administrators to rename
the file. The account I'm using IS an administator account. So I
unlocked the hidden administrator account and logged into that and I
still get the same message. The most privileged user account you can
possibly use is being denied the right to rename files?? Yet I'm
allowed to install programs and make changes to the registry? This
makes no sense.


I've installed Windows 4 times since I built this machine. The blue
screen problem is the only constant. The other problems never happened
until this most recent time re-installing (a few days ago). If anyone
has any suggestions I would be grateful, I've run out of ideas.

Jon

 

[John Doe]

Biostar TZ68A+ mobo Core i5 2500 2 x 4gb Mushkin Enhanced
Silverline ram EVGA GeForce GTX560 90gb Mushkin Chronos SSD
Windows 7 Home Premium x64


- I'm getting blue screens and I can't figure out the cause. I
ran Memtest on both sticks of RAM overnight - no errors. I took
out the SSD and replaced it with a brand new hard drive. I
replaced the dvd drive with a brand new one. I took out the
video card and ran the monitor off the cpu. I tried a different
PSU. The drivers I have installed are all up to date. I
installed the most recent version of Ubuntu and ran that for a
couple weeks and didn't have any problems, so it doesn't look
like defective hardware is the problem. Every blue screen I've
had (more than 50 times), with no exceptions, happened within
5-10 minutes after booting the machine. If I don't get a blue
screen within 5 or 10 minutes after booting then it doesn't
happen.

- svchost.exe (LocalServiceNetworkRestricted) is showing 40-60%
CPU usage 100% of the time. I know the problem is LAN driver
related because it went down to 0% after uninstalling the LAN
drivers. I reverted back to the driver that shipped with the
motherboard. That didn't help. I tried an old Linksys network
card I had laying around and that does the same thing. I booted
into safe mode with networking and it didn't do this in safe
mode. The CPU stays near 0%.

I've installed Windows 4 times since I built this machine. The
blue screen problem is the only constant. The other problems
never happened until this most recent time re-installing (a few
days ago). If anyone has any suggestions I would be grateful,
I've run out of ideas.

This is another good reason to make incremental backups when
installing Windows, using Macrium Reflect. That way, you can
figure out when the problem started during the installation.
Without having to reinstall Windows.

--

 

[Mike Tomlinson]

- I'm getting blue screens and I can't figure out the cause.

No one can begin to help you until you give us the STOP 0xnn error that
comes with the blue screen.

 

[Man-wai Chang]

Biostar TZ68A+ mobo

Core i5 2500
...
- I'm getting blue screens and I can't figure out the cause. I ran
Memtest on both sticks of RAM overnight - no errors. I took out the
SSD and replaced it with a brand new hard drive. I replaced the dvd

No overclocking?
What if you used a regular spinning hard disk? Maybe it's the SSD!
Or maybe it's AHCI problem.
Are you using legitimate Windows?

--
@~@ Remain silent. Nothing from soldiers and magicians is real!
/ v \ Simplicity is Beauty! May the Force and farces be with you!
/( _ )\ (Fedora 17 i686) Linux 3.5.3-1.fc17.i686
^ ^ 00:54:01 up 2:17 0 users load average: 0.00 0.01 0.05
ä¸å€Ÿè²¸! ä¸è©é¨™! ä¸æ´äº¤! ä¸æ‰“交! ä¸æ‰“劫! ä¸è‡ªæ®º! è«‹è€ƒæ…®ç¶œæ´ (CSSA):
http://www.swd.gov.hk/tc/index/site_pubsvc/page_socsecu/sub_addressesa

 

[Flasherly]

Hello all, I just built a new machine a few months ago, I'm having 3
problems that I haven't been able to figure out a solution to. These
are the specs:

Biostar TZ68A+ mobo
Core i5 2500
2 x 4gb Mushkin Enhanced Silverline ram
EVGA GeForce GTX560
90gb Mushkin Chronos SSD
Windows 7 Home Premium x64

- I'm getting blue screens and I can't figure out the cause. I ran
Memtest on both sticks of RAM overnight - no errors. I took out the
SSD and replaced it with a brand new hard drive. I replaced the dvd
drive with a brand new one. I took out the video card and ran the
monitor off the cpu. I tried a different PSU. The drivers I have
installed are all up to date. I installed the most recent version of
Ubuntu and ran that for a couple weeks and didn't have any problems,
so it doesn't look like defective hardware is the problem. Every blue
screen I've had (more than 50 times), with no exceptions, happened
within 5-10 minutes after booting the machine. If I don't get a blue
screen within 5 or 10 minutes after booting then it doesn't happen.

- svchost.exe (LocalServiceNetworkRestricted) is showing 40-60% CPU
usage 100% of the time. I know the problem is LAN driver related
because it went down to 0% after uninstalling the LAN drivers. I
reverted back to the driver that shipped with the motherboard. That
didn't help. I tried an old Linksys network card I had laying around
and that does the same thing. I booted into safe mode with networking
and it didn't do this in safe mode. The CPU stays near 0%.

- I'm having problems with permissions. I installed Avira AV, tried
renaming the licence file so I could copy over the most recent one and
I'm being told that I need permission from Administrators to rename
the file. The account I'm using IS an administator account. So I
unlocked the hidden administrator account and logged into that and I
still get the same message. The most privileged user account you can
possibly use is being denied the right to rename files?? Yet I'm
allowed to install programs and make changes to the registry? This
makes no sense.

I've installed Windows 4 times since I built this machine. The blue
screen problem is the only constant. The other problems never happened
until this most recent time re-installing (a few days ago). If anyone
has any suggestions I would be grateful, I've run out of ideas.

Jon

I don't know about W7, except its sort of XP and sort of works sort of
more often than not with sorts of new programs [that don't, sort of,
when they see XP]. Other than that, they're identical, but of course.

What I do, as well, know about is the two BIOSTAR MBs I've owned. Not
in your league, though, one goes way back and the newer experience, of
late, was questionable to begin with -- luckily, easily diagnosed for
latter obvious hardware faults (funny that, how retailers
thereuponwith haven't a clue, lose everything, after telling them
exactly WTF's wrong at exactly the time it comes to giving someone
their money back). Suffice to say biostar isn't my first choice these
days. Or, I'd rather be dipped in tar, baby, for feathering.

Somebody already mentioned backups. Realize that as you continue with
and along the lines of things bad, making them badder gets totally
assed until the whole OS system conceivably is buggered into junk.
Time for another OS install. Hence&with.

Onwards to Pain In The Ass. Royal. You'll have to take the
installation down to its simplest terms for W7. Preferably w/o the
fancy graphics, SS hard drive. Reason: to verify either of the two
former are not culprits to Microsoft instability;- the ram modules may
also need optionally checking (try just one), double check your CPU
seating (I'm sure is good) - ALL your hardware <> BIOS settings/
voltages/speeds and therewithinall potential options as related to
FAILSAFE setting, Defaults for a touch, or AssForward WarpSpeed
Overclocking for BigTime Gamers.

Once stable, start adding back stuff until the problems occur.
Continuing, hobbled, if you can fix it at some compromised below-BSOD
level.

Or, if you can swing it from, apparently, people like Newegg -- pay
shipping back, perhaps restocking for, I dunno, Quanto -- and join
their Happy Club of Reviewers for placing Your Opinion among the 1200
others, or thereabouts, about BioStar, that it's a total piece of crap
and you wished you'd bought a real motherboard from rapidly
diminishing Quality Control, perhaps, while extant.

You can now go back disregard everything above in the case I'm utterly
wrong about virtually everything. Have a happy day anyway, y'hear.

 

[Paul]

Hello all, I just built a new machine a few months ago, I'm having 3
problems that I haven't been able to figure out a solution to. These
are the specs:

Biostar TZ68A+ mobo
Core i5 2500
2 x 4gb Mushkin Enhanced Silverline ram
EVGA GeForce GTX560
90gb Mushkin Chronos SSD
Windows 7 Home Premium x64


- I'm getting blue screens and I can't figure out the cause. I ran
Memtest on both sticks of RAM overnight - no errors. I took out the
SSD and replaced it with a brand new hard drive. I replaced the dvd
drive with a brand new one. I took out the video card and ran the
monitor off the cpu. I tried a different PSU. The drivers I have
installed are all up to date. I installed the most recent version of
Ubuntu and ran that for a couple weeks and didn't have any problems,
so it doesn't look like defective hardware is the problem. Every blue
screen I've had (more than 50 times), with no exceptions, happened
within 5-10 minutes after booting the machine. If I don't get a blue
screen within 5 or 10 minutes after booting then it doesn't happen.

- svchost.exe (LocalServiceNetworkRestricted) is showing 40-60% CPU
usage 100% of the time. I know the problem is LAN driver related
because it went down to 0% after uninstalling the LAN drivers. I
reverted back to the driver that shipped with the motherboard. That
didn't help. I tried an old Linksys network card I had laying around
and that does the same thing. I booted into safe mode with networking
and it didn't do this in safe mode. The CPU stays near 0%.

- I'm having problems with permissions. I installed Avira AV, tried
renaming the licence file so I could copy over the most recent one and
I'm being told that I need permission from Administrators to rename
the file. The account I'm using IS an administator account. So I
unlocked the hidden administrator account and logged into that and I
still get the same message. The most privileged user account you can
possibly use is being denied the right to rename files?? Yet I'm
allowed to install programs and make changes to the registry? This
makes no sense.


I've installed Windows 4 times since I built this machine. The blue
screen problem is the only constant. The other problems never happened
until this most recent time re-installing (a few days ago). If anyone
has any suggestions I would be grateful, I've run out of ideas.

Jon

Blue screen errors, include an error number, and sometimes, the name
of a driver file (if it's a driver file causing the problem). The Stop
codes, are documented here. If the blue screen isn't standing still,
you may be able to disable "automatic restart", so that you can read
the screen. Event Viewer, won't necessary have a copy of the event,
if the crash happens when it can't log stuff.

http://aumha.org/a/stop.htm

SVCHosts running in the OS, can host more than one thing at a time.
So when a SVCHost goes to 100% on one core, you don't know what's doing it.
You have options, like perhaps Process Explorer from Sysinternals -

http://technet.microsoft.com/en-us/sysinternals/bb896653

It's also possible, at least on the older OSes, to move things
in SVCHosts, such that there is one thing per SVCHost. Then,
when a SVCHost goes nuts, you know what caused it. On WinXP,
I can have 15 things hiding in one SVCHost. And with 15 commands
of the type below, I could give each a private SVCHost to use.

http://blogs.msdn.com/b/spatdsg/archive/2007/09/17/debugging-services.aspx

You can split it out into its own service by running:

“sc config <service> type= own”

And revert it via

“sc config <service> type= share”

But to begin with, I'd work on the Blue Screen information. Look
for a .dmp file or the like. Those sorts of things. It's possible
the answer is in the blue screen, saving some work.

Paul

 

[larrymoencurly]

I'm having 3 problems that I haven't been able to figure
out a solution to. These are the specs:

Biostar TZ68A+ mobo
Core i5 2500
2 x 4gb Mushkin Enhanced Silverline ram
EVGA GeForce GTX560
90gb Mushkin Chronos SSD
Windows 7 Home Premium x64

I'm getting blue screens and I can't figure out the
cause. I ran Memtest on both sticks of RAM overnight -
no errors. I took out the SSD and replaced it with a
brand new hard drive. I replaced the dvd drive with a
brand new one. I took out the video card and ran the
monitor off the cpu. I tried a different PSU. The
drivers I have installed are all up to date. I installed
the most recent version of Ubuntu and ran that for a
couple weeks and didn't have any problems, so it doesn't
look like defective hardware is the problem.

While it could be a Windows driver program problem, it could still be bad hardware because Linux and Windows don't put exactly the same information inthe RAM. Also Memtest is lousy because it's a Windows program (unless youpay $15 for the self-booting version) that can't test all the memory, so instead try MemTest86, MemTest86+ (they often give different results, despite being based on the same test methods), and Gold Memory. No one memory diagnostic will find all errors, and I've seen one of those programs report errors when the others did not. In one person's case, it took almost 10 hours for a different diagnostic to find 1 bad bit that other diagnostics missed in days of testing. Also consider testing with known good memory, that is, modules made from chips marked with the logo or part number of a real chip maker, like Samsung, Hynix, Micron, Nanya, Elpida, PowerChip, or ProMOS, and where those markings are easy to read (i.e., no heatsinks covering them).

 

[a]

(e-mail address removed) wrote:
removed



Blue screen errors, include an error number, and sometimes, the name
of a driver file (if it's a driver file causing the problem). The Stop
codes, are documented here. If the blue screen isn't standing still,
you may be able to disable "automatic restart", so that you can read
the screen. Event Viewer, won't necessary have a copy of the event,
if the crash happens when it can't log stuff.

http://aumha.org/a/stop.htm

SVCHosts running in the OS, can host more than one thing at a time.
So when a SVCHost goes to 100% on one core, you don't know what's doing it.
You have options, like perhaps Process Explorer from Sysinternals -

http://technet.microsoft.com/en-us/sysinternals/bb896653

It's also possible, at least on the older OSes, to move things
in SVCHosts, such that there is one thing per SVCHost. Then,
when a SVCHost goes nuts, you know what caused it. On WinXP,
I can have 15 things hiding in one SVCHost. And with 15 commands
of the type below, I could give each a private SVCHost to use.

http://blogs.msdn.com/b/spatdsg/archive/2007/09/17/debugging-services.aspx

You can split it out into its own service by running:

“sc config <service> type= own”

And revert it via

“sc config <service> type= share”

But to begin with, I'd work on the Blue Screen information. Look
for a .dmp file or the like. Those sorts of things. It's possible
the answer is in the blue screen, saving some work.

Paul

There are four services hosted by svchost:

DHCP Client
TCP/IP NetBios Helper
Windows Event Log
Windows Audio

svchost right now says 50% CPU usage, DHCP client is hovering around
15% constantly, the other 3 all say 0%. I would have thought that the
combined usage of these four services would be equal to that of
svchost.

---------------------------------------

According to WhoCrashed:


C:\Windows\Minidump\091912-5304-01.dmp
This was probably caused by the following module: ntoskrnl.exe
(nt+0x7F1C0)
Bugcheck code: 0x3B (0xC0000005, 0xFFFFF80002E8B0C5,
0xFFFFF88005BD3AC0, 0x0)
Error: SYSTEM_SERVICE_EXCEPTION
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that an exception happened while
executing a routine that transitions from non-privileged code to
privileged code.
This appears to be a typical software driver bug and is not likely to
be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is
caused by another driver which cannot be identified at this time.


C:\Windows\Minidump\091812-7098-01.dmp
This was probably caused by the following module: ntoskrnl.exe
(nt+0x7F1C0)
Bugcheck code: 0x50 (0xFFFFFA000BEF9580, 0x0, 0xFFFFF80002F00E1A, 0x7)
Error: PAGE_FAULT_IN_NONPAGED_AREA
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that invalid system memory has
been referenced.
This appears to be a typical software driver bug and is not likely to
be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is
caused by another driver which cannot be identified at this time.


C:\Windows\Minidump\091812-5428-01.dmp
This was probably caused by the following module: ntoskrnl.exe
(nt+0x7F1C0)
Bugcheck code: 0x3B (0xC0000005, 0xFFFFF80002E99168,
0xFFFFF88009E61900, 0x0)
Error: SYSTEM_SERVICE_EXCEPTION
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that an exception happened while
executing a routine that transitions from non-privileged code to
privileged code.
This appears to be a typical software driver bug and is not likely to
be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is
caused by another driver which cannot be identified at this time.


C:\Windows\Minidump\091812-6973-01.dmp
This was probably caused by the following module: ntoskrnl.exe
(nt+0x7F1C0)
Bugcheck code: 0xDE (0x2, 0xFFFFF8A0003A5B30, 0xFFFBF8A0003A5B31,
0x1F9DAB8C0)
Error: POOL_CORRUPTION_IN_FILE_AREA
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that a driver has corrupted pool
memory that is used for holding pages destined for disk.
The crash took place in the Windows kernel. Possibly this problem is
caused by another driver which cannot be identified at this time.


C:\Windows\Minidump\091812-13774-01.dmp
This was probably caused by the following module: ntfs.sys
(Ntfs+0x21D5)
Bugcheck code: 0x24 (0xC08A5, 0x0, 0x0, 0x0)
Error: NTFS_FILE_SYSTEM
file path: C:\Windows\system32\drivers\ntfs.sys
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT File System Driver
Bug check description: This indicates a problem occurred in the NTFS
file system.
The crash took place in a standard Microsoft module. Your system
configuration may be incorrect. Possibly this problem is caused by
another driver on your system which cannot be identified at this time.

C:\Windows\Minidump\091812-4711-01.dmp
This was probably caused by the following module: ntoskrnl.exe
(nt+0xA48C0)
Bugcheck code: 0x1000007E (0xFFFFFFFFC0000005, 0xFFFFF80002EFF8C0,
0xFFFFF8800417C488, 0xFFFFF8800417BCE0)
Error: SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that a system thread generated
an exception which the error handler did not catch.
This appears to be a typical software driver bug and is not likely to
be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is
caused by another driver which cannot be identified at this time.


C:\Windows\Minidump\091812-7144-01.dmp
This was probably caused by the following module: ntoskrnl.exe
(nt+0xA4830)
Bugcheck code: 0x1000007E (0xFFFFFFFFC0000005, 0xFFFFF80002F08830,
0xFFFFF88003F7C488, 0xFFFFF88003F7BCE0)
Error: SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that a system thread generated
an exception which the error handler did not catch.
This appears to be a typical software driver bug and is not likely to
be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is
caused by another driver which cannot be identified at this time.


C:\Windows\Minidump\091812-5023-01.dmp
This was probably caused by the following module: ntoskrnl.exe
(nt+0x7F1C0)
Bugcheck code: 0x3B (0xC0000005, 0xFFFFF80002EE5959,
0xFFFFF88003A8BC60, 0x0)
Error: SYSTEM_SERVICE_EXCEPTION
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that an exception happened while
executing a routine that transitions from non-privileged code to
privileged code.
This appears to be a typical software driver bug and is not likely to
be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is
caused by another driver which cannot be identified at this time.


C:\Windows\Minidump\091812-5350-01.dmp
This was probably caused by the following module: ntoskrnl.exe
(nt+0x8FB5E)
Bugcheck code: 0x1000007E (0xFFFFFFFFC0000005, 0xFFFFF80002E9BB5E,
0xFFFFF8800350F758, 0xFFFFF8800350EFB0)
Error: SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that a system thread generated
an exception which the error handler did not catch.
This appears to be a typical software driver bug and is not likely to
be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is
caused by another driver which cannot be identified at this time.


C:\Windows\Minidump\091712-5475-01.dmp
This was probably caused by the following module: ntoskrnl.exe
(nt+0x7F1C0)
Bugcheck code: 0x3B (0xC0000005, 0xFFFFF80002FAC9BC,
0xFFFFF88007697E30, 0x0)
Error: SYSTEM_SERVICE_EXCEPTION
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that an exception happened while
executing a routine that transitions from non-privileged code to
privileged code.
This appears to be a typical software driver bug and is not likely to
be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is
caused by another driver which cannot be identified at this time.


C:\Windows\Minidump\091712-5413-01.dmp
This was probably caused by the following module: ntoskrnl.exe
(nt+0x7F1C0)
Bugcheck code: 0xF4 (0x3, 0xFFFFFA800AF1E060, 0xFFFFFA800AF1E340,
0xFFFFF800031E6510)
Error: CRITICAL_OBJECT_TERMINATION
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that a process or thread crucial
to system operation has unexpectedly exited or been terminated.
This appears to be a typical software driver bug and is not likely to
be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is
caused by another driver which cannot be identified at this time.


C:\Windows\Minidump\091712-3900-01.dmp
This was probably caused by the following module: ntoskrnl.exe
(nt+0x7F1C0)
Bugcheck code: 0x1E (0xFFFFFFFFC0000005, 0xFFFFF80002EB6EDE, 0x0,
0xFFFFFFFFFFFFFFFF)
Error: KMODE_EXCEPTION_NOT_HANDLED
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that a kernel-mode program
generated an exception which the error handler did not catch.
This appears to be a typical software driver bug and is not likely to
be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is
caused by another driver which cannot be identified at this time.


C:\Windows\Minidump\091612-4648-01.dmp
This was probably caused by the following module: ntoskrnl.exe
(nt+0x7F1C0)
Bugcheck code: 0x3B (0xC0000005, 0xFFFFF80002EAC830,
0xFFFFF88003EA4100, 0x0)
Error: SYSTEM_SERVICE_EXCEPTION
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that an exception happened while
executing a routine that transitions from non-privileged code to
privileged code.
This appears to be a typical software driver bug and is not likely to
be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is
caused by another driver which cannot be identified at this time.


C:\Windows\memory.dmp
This was probably caused by the following module: ntkrnlmp.exe
(nt!KeBugCheckEx+0x0)
Bugcheck code: 0x3B (0xC0000005, 0xFFFFF80002EAC830,
0xFFFFF88003EA4100, 0x0)
Error: SYSTEM_SERVICE_EXCEPTION
Bug check description: This indicates that an exception happened while
executing a routine that transitions from non-privileged code to
privileged code.
This appears to be a typical software driver bug and is not likely to
be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is
caused by another driver which cannot be identified at this time.




Got lots more but this is getting kinda long.


Jon

 

[a]

No overclocking?
No

What if you used a regular spinning hard disk? Maybe it's the SSD!

I said in my original post I took out the SSD and put in a new hard
drive. I don't know if I mentioed but yes it was a disk drive.

Or maybe it's AHCI problem.

If you mean switching to AHCI mode in the BIOS I did that, if not then
I'm not sure what you mean by "AHCI problem".

Are you using legitimate Windows?

Bought and paid for.


thanks for answering

 

[Paul]

There are four services hosted by svchost:

DHCP Client
TCP/IP NetBios Helper
Windows Event Log
Windows Audio

svchost right now says 50% CPU usage, DHCP client is hovering around
15% constantly, the other 3 all say 0%. I would have thought that the
combined usage of these four services would be equal to that of
svchost.

---------------------------------------

According to WhoCrashed:


C:\Windows\Minidump\091912-5304-01.dmp
This was probably caused by the following module: ntoskrnl.exe
(nt+0x7F1C0)
Bugcheck code: 0x3B (0xC0000005, 0xFFFFF80002E8B0C5,
0xFFFFF88005BD3AC0, 0x0)
Error: SYSTEM_SERVICE_EXCEPTION
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that an exception happened while
executing a routine that transitions from non-privileged code to
privileged code.
This appears to be a typical software driver bug and is not likely to
be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is
caused by another driver which cannot be identified at this time.


C:\Windows\Minidump\091812-7098-01.dmp
This was probably caused by the following module: ntoskrnl.exe
(nt+0x7F1C0)
Bugcheck code: 0x50 (0xFFFFFA000BEF9580, 0x0, 0xFFFFF80002F00E1A, 0x7)
Error: PAGE_FAULT_IN_NONPAGED_AREA
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that invalid system memory has
been referenced.
This appears to be a typical software driver bug and is not likely to
be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is
caused by another driver which cannot be identified at this time.


C:\Windows\Minidump\091812-5428-01.dmp
This was probably caused by the following module: ntoskrnl.exe
(nt+0x7F1C0)
Bugcheck code: 0x3B (0xC0000005, 0xFFFFF80002E99168,
0xFFFFF88009E61900, 0x0)
Error: SYSTEM_SERVICE_EXCEPTION
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that an exception happened while
executing a routine that transitions from non-privileged code to
privileged code.
This appears to be a typical software driver bug and is not likely to
be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is
caused by another driver which cannot be identified at this time.


C:\Windows\Minidump\091812-6973-01.dmp
This was probably caused by the following module: ntoskrnl.exe
(nt+0x7F1C0)
Bugcheck code: 0xDE (0x2, 0xFFFFF8A0003A5B30, 0xFFFBF8A0003A5B31,
0x1F9DAB8C0)
Error: POOL_CORRUPTION_IN_FILE_AREA
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that a driver has corrupted pool
memory that is used for holding pages destined for disk.
The crash took place in the Windows kernel. Possibly this problem is
caused by another driver which cannot be identified at this time.


C:\Windows\Minidump\091812-13774-01.dmp
This was probably caused by the following module: ntfs.sys
(Ntfs+0x21D5)
Bugcheck code: 0x24 (0xC08A5, 0x0, 0x0, 0x0)
Error: NTFS_FILE_SYSTEM
file path: C:\Windows\system32\drivers\ntfs.sys
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT File System Driver
Bug check description: This indicates a problem occurred in the NTFS
file system.
The crash took place in a standard Microsoft module. Your system
configuration may be incorrect. Possibly this problem is caused by
another driver on your system which cannot be identified at this time.

C:\Windows\Minidump\091812-4711-01.dmp
This was probably caused by the following module: ntoskrnl.exe
(nt+0xA48C0)
Bugcheck code: 0x1000007E (0xFFFFFFFFC0000005, 0xFFFFF80002EFF8C0,
0xFFFFF8800417C488, 0xFFFFF8800417BCE0)
Error: SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that a system thread generated
an exception which the error handler did not catch.
This appears to be a typical software driver bug and is not likely to
be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is
caused by another driver which cannot be identified at this time.


C:\Windows\Minidump\091812-7144-01.dmp
This was probably caused by the following module: ntoskrnl.exe
(nt+0xA4830)
Bugcheck code: 0x1000007E (0xFFFFFFFFC0000005, 0xFFFFF80002F08830,
0xFFFFF88003F7C488, 0xFFFFF88003F7BCE0)
Error: SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that a system thread generated
an exception which the error handler did not catch.
This appears to be a typical software driver bug and is not likely to
be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is
caused by another driver which cannot be identified at this time.


C:\Windows\Minidump\091812-5023-01.dmp
This was probably caused by the following module: ntoskrnl.exe
(nt+0x7F1C0)
Bugcheck code: 0x3B (0xC0000005, 0xFFFFF80002EE5959,
0xFFFFF88003A8BC60, 0x0)
Error: SYSTEM_SERVICE_EXCEPTION
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that an exception happened while
executing a routine that transitions from non-privileged code to
privileged code.
This appears to be a typical software driver bug and is not likely to
be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is
caused by another driver which cannot be identified at this time.


C:\Windows\Minidump\091812-5350-01.dmp
This was probably caused by the following module: ntoskrnl.exe
(nt+0x8FB5E)
Bugcheck code: 0x1000007E (0xFFFFFFFFC0000005, 0xFFFFF80002E9BB5E,
0xFFFFF8800350F758, 0xFFFFF8800350EFB0)
Error: SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that a system thread generated
an exception which the error handler did not catch.
This appears to be a typical software driver bug and is not likely to
be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is
caused by another driver which cannot be identified at this time.


C:\Windows\Minidump\091712-5475-01.dmp
This was probably caused by the following module: ntoskrnl.exe
(nt+0x7F1C0)
Bugcheck code: 0x3B (0xC0000005, 0xFFFFF80002FAC9BC,
0xFFFFF88007697E30, 0x0)
Error: SYSTEM_SERVICE_EXCEPTION
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that an exception happened while
executing a routine that transitions from non-privileged code to
privileged code.
This appears to be a typical software driver bug and is not likely to
be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is
caused by another driver which cannot be identified at this time.


C:\Windows\Minidump\091712-5413-01.dmp
This was probably caused by the following module: ntoskrnl.exe
(nt+0x7F1C0)
Bugcheck code: 0xF4 (0x3, 0xFFFFFA800AF1E060, 0xFFFFFA800AF1E340,
0xFFFFF800031E6510)
Error: CRITICAL_OBJECT_TERMINATION
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that a process or thread crucial
to system operation has unexpectedly exited or been terminated.
This appears to be a typical software driver bug and is not likely to
be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is
caused by another driver which cannot be identified at this time.


C:\Windows\Minidump\091712-3900-01.dmp
This was probably caused by the following module: ntoskrnl.exe
(nt+0x7F1C0)
Bugcheck code: 0x1E (0xFFFFFFFFC0000005, 0xFFFFF80002EB6EDE, 0x0,
0xFFFFFFFFFFFFFFFF)
Error: KMODE_EXCEPTION_NOT_HANDLED
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that a kernel-mode program
generated an exception which the error handler did not catch.
This appears to be a typical software driver bug and is not likely to
be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is
caused by another driver which cannot be identified at this time.


C:\Windows\Minidump\091612-4648-01.dmp
This was probably caused by the following module: ntoskrnl.exe
(nt+0x7F1C0)
Bugcheck code: 0x3B (0xC0000005, 0xFFFFF80002EAC830,
0xFFFFF88003EA4100, 0x0)
Error: SYSTEM_SERVICE_EXCEPTION
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that an exception happened while
executing a routine that transitions from non-privileged code to
privileged code.
This appears to be a typical software driver bug and is not likely to
be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is
caused by another driver which cannot be identified at this time.


C:\Windows\memory.dmp
This was probably caused by the following module: ntkrnlmp.exe
(nt!KeBugCheckEx+0x0)
Bugcheck code: 0x3B (0xC0000005, 0xFFFFF80002EAC830,
0xFFFFF88003EA4100, 0x0)
Error: SYSTEM_SERVICE_EXCEPTION
Bug check description: This indicates that an exception happened while
executing a routine that transitions from non-privileged code to
privileged code.
This appears to be a typical software driver bug and is not likely to
be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is
caused by another driver which cannot be identified at this time.




Got lots more but this is getting kinda long.


Jon

Well, the kernel seems to be involved with a lot of them. And I like
how the bottom two, are a pair of faults happening at the same time.
I've never seen that before. Two different code modules, reporting
a problem and having their own private memory dump. They're both
OS executables, but different ones. The "MP" on one of them, implies
multi-processor.

Wed 9/19/2012 4:59:52 AM
Bugcheck code: 0x3B (0xC0000005 SYSTEM_SERVICE_EXCEPTION ntoskrnl.exe
....linked to excessive paged pool usage

Tue 9/18/2012 11:12:24 AM
Bugcheck code: 0x50 (0xFFFFFA000BEF9580, 0x0, 0xFFFFF80002F00E1A, 0x7)
Error: PAGE_FAULT_IN_NONPAGED_AREA ntoskrnl.exe

Tue 9/18/2012 11:11:39 AM
Bugcheck code: 0x3B (0xC0000005 SYSTEM_SERVICE_EXCEPTION ntoskrnl.exe

Tue 9/18/2012 11:06:25 AM
Bugcheck code: 0xDE (0x2 POOL_CORRUPTION_IN_FILE_AREA ntoskrnl.exe
....driver has corrupted pool memory

Tue 9/18/2012 11:02:01 AM
Bugcheck code: 0x24 (0xC08A5, NTFS_FILE_SYSTEM ntfs.sys

Tue 9/18/2012 4:39:28 AM
Bugcheck code: 0x1000007E (C0000005,
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M ntoskrnl.exe

Tue 9/18/2012 4:38:47 AM
Bugcheck code: 0x1000007E (C0000005,
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M ntoskrnl.exe

Tue 9/18/2012 4:29:19 AM
Bugcheck code: 0x3B (0xC0000005 SYSTEM_SERVICE_EXCEPTION ntoskrnl.exe

Tue 9/18/2012 4:18:28 AM
Bugcheck code: 0x1000007E (C0000005,
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M ntoskrnl.exe

Tue 9/18/2012 3:13:22 AM
Bugcheck code: 0x3B (0xC0000005 SYSTEM_SERVICE_EXCEPTION ntoskrnl.exe

Mon 9/17/2012 9:36:09 AM
Bugcheck code: 0xF4 (0x3, CRITICAL_OBJECT_TERMINATION ntoskrnl.exe

Mon 9/17/2012 9:26:57 AM
Bugcheck code: 0x1E (0xC0000005 KMODE_EXCEPTION_NOT_HANDLED ntoskrnl.exe

Mon 9/17/2012 1:17:29 AM
Bugcheck code: 0x3B (0xC0000005 SYSTEM_SERVICE_EXCEPTION ntoskrnl.exe

Mon 9/17/2012 1:17:29 AM
Bugcheck code: 0x3B (0xC0000005 SYSTEM_SERVICE_EXCEPTION ntkrnlmp.exe

*******

It's time to dig out that memtest86+ test media. Your errors
have processor and memory as a common ingredient, and the easiest
test to do is for bad memory.

http://www.memtest.org

Scroll down half way on the page, to get to the downloads.

The program will test the memory, in mapped chunks. The only
part of memory it cannot test, is a reserved area used by the
BIOS, down in low memory. Your kernel problems should be
higher up in memory (i.e. not in the BIOS area), and be detectable
by memtest86+.

The other possibility, is the processor itself is bad. Or, the
BIOS settings are not adjusted right for the processor. (Like,
somehow, the VCore is set wrong, clock frequency is too high,
that sort of thing.)

But given the restricted spectrum of problems (your list above),
at the moment I'm guessing there's some bad memory. If the processor
was bad, I'd expect an even wider spectrum of errors.

To get memtest86+ to test all the memory, there's a special
test setup. Normally, you'd stuff the two DIMMs in two
different channels. That would be, to take advantage of dual
channel operation.

If you wish to test all the memory, you stuff two DIMMs into the
same channel. That operates the DIMMs in single channel mode.
One DIMM becomes the "low memory DIMM", the other DIMM becomes
the "high memory DIMM". The low memory area, memtest86+ can't
test all the way to the bottom. But, the high memory DIMM, is
completely tested. Now, you shut down, and swap the two DIMMs
in each other's slots. Now the high DIMM is the low DIMM, and
the low DIMM is the high DIMM. On this test session, the
memory untested in the first test, gets covered off. Now,
both DIMMs are fully tested.

It's only occasionally there is bad RAM down in the BIOS area.
My motherboard only reserves perhaps 400KB of RAM down there,
and that is how much memtest86+ can't test, unless I swap the
DIMMs. And the above test procedure uses "single channel mode"
insertion, not "dual channel mode". If you use dual channel
mode when testing, it's up to you to translate a faulting
address and byte number, into "which DIMM did it". That's
because dual channel mode, "interleaves" memory locations,
and when memtest86+ prints an error on the screen,
it's rather hard to figure out which DIMM did it.

Since you bought the Mushkin as a kit of two DIMMs, identifying
just one bad DIMM probably isn't necessary. When a kit fails,
they usually make you return the whole kit.

You only need to run memtest86+ for one complete pass. Test #5
seems to be good at identifying bad memory. But you can just
let the test run, until the pass number increments by one, and
then you know it's tried all the (normal) tests. On my 4GB machine,
it would take about twenty minutes for one test pass. And I don't
think memtest is multithreaded - it doesn't have an operating
system, there's no task scheduler, so it would be a bit
difficult to arrange I would think.

The neat thing about memtest, is it uses the BIOS boot support, to
launch a single executing code module. Just that code module
is present during the test. And the code is clever enough,
to copy itself out of the way, and test where the copy of the
program was sitting. Really rather clever, and shows what
the computer can do, when there's no OS in the way. The
only area it can't test, is the reserved area, and you
can cover off the lack of test there, by swapping DIMMs in
single channel mode.

If memtest86+ does not fail, that does not mean the memory
is good. It just means memtest86+ is not a "violent"
enough test case. You can switch to a Linux LiveCD and
run a copy of Prime95 from there, as another means to test.
Linux is a bit resistant to memory errors - I've watched
an unstable computer, have icons disappear from the
Linux desktop, one by one, as stuff failed, and eventually,
the kernel died. But it "took a few bullets" to stop it
completely The only other purpose of using a Linux LiveCD
in this case, is if you believed it wasn't a hardware problem.
If Linux also dies, then that points more at the hardware.

Paul

 

[a]

Did you download the program I gave you the link for?

Yea, ntoskrnl.exe was the cause of the crash almost half of the time.
It shows up in the crash stack every time but once. A little more than
half the tme it was the only file given. The other times there were
one or two other files, but it's not the same ones over and over.
There doesn't seem to be a pattern. There was one thing I noticed: the
time string for quite a few files have same date, 11/20/2010 -

hal.dll
NDProxy.SYS
HTTP.sys
pacer.sys
netbt.sys
fltmgr.sys
Ntfs.sys
termdd.sys

Don't know if that means anyting but that's the closest thing to a
pattern that I can see.

 

[Mike Tomlinson]

Yea, ntoskrnl.exe was the cause of the crash almost half of the time.

Again, if you could be bothered to tell us the STOP code it would
identify the problem.

 

[a]

Again, if you could be bothered to tell us the STOP code it would
identify the problem.

These don't show the STOP code? Sorry I don't know all the
terminology mate I didn't major in computer science.

 

[Paul]

These don't show the STOP code? Sorry I don't know all the
terminology mate I didn't major in computer science.

AFAIK Bugcheck = STOP.

Memtest86+ is easy to do, and should be done on a computer
at least once in any case. Even pre-built computers can ship
with bad memory - memtest86+ doesn't detect every kind
of memory problem, and mainly helps with "stuck-at" problems
(structural flaw, rather than signal integrity - error in
same location every time).

Once you dismiss the easy explanation, then it's off to
debugging SVCHost or potentially driver errors related
to memory pool. Which is a lot harder. Mark Russinovich
has at least one article on looking for pool tags and the
like.

Paul

 

[Mike Tomlinson]

These don't show the STOP code? Sorry I don't know all the
terminology mate I didn't major in computer science.

You don't need a computer science degree to use Google.

When Windows crashes, it puts up a blue screen with a STOP code. This
is invaluable in trying to find out what the problem is. The software
you're using calls it a bugcheck, it's the same thing.

Your memory is ****ed. Run Memtest86+ like Paul suggested.

 

[a]

AFAIK Bugcheck = STOP.

Memtest86+ is easy to do, and should be done on a computer
at least once in any case. Even pre-built computers can ship
with bad memory - memtest86+ doesn't detect every kind
of memory problem, and mainly helps with "stuck-at" problems
(structural flaw, rather than signal integrity - error in
same location every time).

Once you dismiss the easy explanation, then it's off to
debugging SVCHost or potentially driver errors related
to memory pool. Which is a lot harder. Mark Russinovich
has at least one article on looking for pool tags and the
like.

Paul

I did run Memtest86+ in the way that you decribed and it didn't find
any errors.

 

[Paul]

I did run Memtest86+ in the way that you decribed and it didn't find
any errors.

If you want to separate the SVCHosts, to find the high runner,
either that can be seen in Process Explorer, or you can use this
approach.

http://blogs.msdn.com/b/spatdsg/archive/2007/09/17/debugging-services.aspx

"Debugging an instance of svchost with 10 other dependant services in it,
well it’s not always acceptable to put them all on hold

You can split it out into its own service by running:

sc config <service> type= own

And revert it via

sc config <service> type= share
"

That would be, if you wanted to trace down the SVCHost with the
high utilization. Maybe, the SVCHost with the high utilization,
is also the thing damaging the pool memory structures.

*******

In this article, the utility "Poolmon" is used to track a leek
in the pool. But then, that assumes there are symptoms of a pool
leak in the first place. And all we have at the moment is crashes.

http://blogs.technet.com/b/markrussinovich/archive/2009/03/26/3211216.aspx

So maybe the best hope at this point, is looking at all the drivers
involved. And guessing which drivers are "out of the ordinary"
or something. If you could see a driver name in a crash, then
it would be a lot easier to trace down.

Paul

 

[Loren Pechtel]

Memtest86+ is easy to do, and should be done on a computer
at least once in any case. Even pre-built computers can ship
with bad memory - memtest86+ doesn't detect every kind
of memory problem, and mainly helps with "stuck-at" problems
(structural flaw, rather than signal integrity - error in
same location every time).

Yup. I consider it a burn-in test for a new machine.

 

[a]

If you want to separate the SVCHosts, to find the high runner,
either that can be seen in Process Explorer, or you can use this
approach.

http://blogs.msdn.com/b/spatdsg/archive/2007/09/17/debugging-services.aspx

"Debugging an instance of svchost with 10 other dependant services in it,
well it’s not always acceptable to put them all on hold

You can split it out into its own service by running:

sc config <service> type= own

And revert it via

sc config <service> type= share
"

That would be, if you wanted to trace down the SVCHost with the
high utilization. Maybe, the SVCHost with the high utilization,
is also the thing damaging the pool memory structures.

*******

In this article, the utility "Poolmon" is used to track a leek
in the pool. But then, that assumes there are symptoms of a pool
leak in the first place. And all we have at the moment is crashes.

http://blogs.technet.com/b/markrussinovich/archive/2009/03/26/3211216.aspx

So maybe the best hope at this point, is looking at all the drivers
involved. And guessing which drivers are "out of the ordinary"
or something. If you could see a driver name in a crash, then
it would be a lot easier to trace down.

Paul

Actually I posted a few days ago, the svchost in question is hosting
these services:

DHCP Client [Dhcp]
TCP/IP NetBIOS Helper [lmhosts]
Windows Event Log [eventlog]
Windows Audio [AudioSrv]

Looks like it's Dhcp causing the trouble.

 

[Paul]

If you want to separate the SVCHosts, to find the high runner,
either that can be seen in Process Explorer, or you can use this
approach.

http://blogs.msdn.com/b/spatdsg/archive/2007/09/17/debugging-services.aspx

"Debugging an instance of svchost with 10 other dependant services in it,
well it’s not always acceptable to put them all on hold

You can split it out into its own service by running:

sc config <service> type= own

And revert it via

sc config <service> type= share
"

That would be, if you wanted to trace down the SVCHost with the
high utilization. Maybe, the SVCHost with the high utilization,
is also the thing damaging the pool memory structures.

*******

In this article, the utility "Poolmon" is used to track a leek
in the pool. But then, that assumes there are symptoms of a pool
leak in the first place. And all we have at the moment is crashes.

http://blogs.technet.com/b/markrussinovich/archive/2009/03/26/3211216.aspx

So maybe the best hope at this point, is looking at all the drivers
involved. And guessing which drivers are "out of the ordinary"
or something. If you could see a driver name in a crash, then
it would be a lot easier to trace down.

Paul

Actually I posted a few days ago, the svchost in question is hosting
these services:

DHCP Client [Dhcp]
TCP/IP NetBIOS Helper [lmhosts]
Windows Event Log [eventlog]
Windows Audio [AudioSrv]

Looks like it's Dhcp causing the trouble.

Examples of tracing down the problem, here. In the second link,
one factor seems to be chipset (and by implication, driver package
provided with it and feature set). NVidia added some functions
to their network implementation, so their network components
have some "differences". If you were an owner of some of the
boards from that era, a lot of people disabled the additional
networking features.

"100% CPU"
http://forum.sysinternals.com/100-cpu_topic11899_page1.html

"Excessive CPU usage-SVCHOST: 650i chipset"
http://forum.sysinternals.com/topic12039_page1.html

Paul