On this blog, you''ll find postmortem/live bug check (BSOD) debugging, malware analysis, and reverse engineering.
Sunday, December 29, 2013
Most Answers for the Week badge #3
I have received my 3rd badge for getting the Most Answers for the Week
in the Windows category of Answers. I received the last one on Dec. 8th. Onward and upward!
Saturday, December 28, 2013
[SOLVED] DRIVER_POWER_STATE_FAILURE
Link to solved thread - Help - Blue Screen of Death
What the issue was -
- Synaptic Touch Pad driver needed to be updated.
- AVG needed to be removed.
What the issue was -
- Synaptic Touch Pad driver needed to be updated.
- AVG needed to be removed.
Labels:
0x9F,
AVG,
MS Answers,
solved
[SOLVED] SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M / SYSTEM_SERVICE_EXCEPTION
Link to solved thread - BSOD stop: 0x0000003B Error
What the issue was - Wireless drivers needed to be updated.
What the issue was - Wireless drivers needed to be updated.
Labels:
0x1000007E,
0x3B,
MS Answers,
solved
[SOLVED] MEMORY_MANAGEMENT
Link to solved thread - BSOD with Memory_Management error when connecting external hard drive
What the issue was - USB drivers needed to be updated.
What the issue was - USB drivers needed to be updated.
Labels:
0x1A,
MS Answers,
solved
[SOLVED] UNEXPECTED_KERNEL_MODE_TRAP / REFERENCE_BY_POINTER
Link to solved thread - Unexpected kernel trap mode error
What the issue was -
- Video card drivers needed to be updated.
- cFosSpeed needed to be removed.
- Bitdefender needed to be removed.
What the issue was -
- Video card drivers needed to be updated.
- cFosSpeed needed to be removed.
- Bitdefender needed to be removed.
Labels:
0x19,
0x7F,
Bitdefender,
cFosSpeed,
MS Answers,
solved
[SOLVED] UNEXPECTED_KERNEL_MODE_TRAP
Link to solved thread - Unexpected Kernel mode Trap
What the issue was -
- cFosSpeed needed to be removed as it was causing conflicts with avast!.
What the issue was -
- cFosSpeed needed to be removed as it was causing conflicts with avast!.
Labels:
0x7F,
cFosSpeed,
MS Answers,
solved
[SOLVED] BAD_POOL_CALLER / A0000001
Link to solved thread - bad pool caller
What the issue was -
- Video card drivers needed to be updated.
- Norton needed to be removed.
What the issue was -
- Video card drivers needed to be updated.
- Norton needed to be removed.
Labels:
0xC2,
A0000001,
MS Answers,
Norton,
solved
[SOLVED] DRIVER_POWER_STATE_FAILURE
Link to solved thread - Windows 8.1 - Driver_Power_State_Failure
What the issue was - WinPCap was found to be the issue after troubleshooting, so it was updated.
What the issue was - WinPCap was found to be the issue after troubleshooting, so it was updated.
Labels:
0x9F,
MS Answers,
solved
[SOLVED] DRIVER_IRQL_NOT_LESS_OR_EQUAL
Link to solved thread - DRIVER_IRQL_NOT_LESS_OR_EQUAL (Windows 8)
What the issue was - Intel Graphics driver needed to be updated.
What the issue was - Intel Graphics driver needed to be updated.
Labels:
0xD1,
MS Answers,
solved
[SOLVED] DRIVER_IRQL_NOT_LESS_OR_EQUAL
Link to solved thread - League of Legends on Windows 8.1: ERROR: DRIVER_IRQL_NOT_LESS_OR_EQUAL
What the issue was -
- Intel Graphics driver needed to be updated.
- Norton needed to be removed.
What the issue was -
- Intel Graphics driver needed to be updated.
- Norton needed to be removed.
Labels:
0xD1,
MS Answers,
Norton,
solved
[SOLVED] DRIVER_IRQL_NOT_LESS_OR_EQUAL
Link to solved thread - Bluescreen IRQL_not_less_or_equal
What the issue was - Etron USB 3.0 Extensible Host Controller driver needed to be updated.
What the issue was - Etron USB 3.0 Extensible Host Controller driver needed to be updated.
Labels:
0xD1,
MS Answers,
solved
[SOLVED] CRITICAL_STRUCTURE_CORRUPTION
Link to solved thread - CRITICAL_STRUCTURE_CORRUPTION
What the issue was -
- Avira needed to be removed.
- AsRock App Charger software needed to be removed.
- cFosSpeed - The Internet Accelerator needed to be removed.
- sptd.sys needed to be removed.
What the issue was -
- Avira needed to be removed.
- AsRock App Charger software needed to be removed.
- cFosSpeed - The Internet Accelerator needed to be removed.
- sptd.sys needed to be removed.
[SOLVED] DRIVER_POWER_STATE_FAILURE
Link to solved thread - Blue Screen of Death because of ethernet problems How to tackle
What the issue was - avast! needed to be removed, and the network drivers needed to be updated.
What the issue was - avast! needed to be removed, and the network drivers needed to be updated.
Labels:
0x9F,
avast!,
MS Answers,
solved
[SOLVED] DRIVER_OVERRAN_STACK_BUFFER
Link to solved thread - driver_overran_stack_buffer
What the issue was - Folder Lock needed to be removed.
What the issue was - Folder Lock needed to be removed.
Labels:
0xF7,
MS Answers,
solved
[SOLVED] DRIVER_IRQL_NOT_LESS_OR_EQUAL
Link to solved thread - windows 8 error driver_irql_not_less_or_equal
What the issue was - QuickHeal needed to be removed.
What the issue was - QuickHeal needed to be removed.
Labels:
0xD1,
MS Answers,
QuickHeal,
solved
[SOLVED] SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M / MEMORY_MANAGEMENT
Link to solved thread - BSOD: BCCode: 1000007e
What the issue was -
- Asus AI Suite needed to be removed.
- Norton needed to be removed.
What the issue was -
- Asus AI Suite needed to be removed.
- Norton needed to be removed.
Labels:
0x1A,
0x3B,
Asus AI Suite,
MS Answers,
Norton,
solved
[SOLVED] SYSTEM_SERVICE_EXCEPTION
Link to solved thread - BSOD when waking up from sleep mode on my PC..
What the issue was - BitDefender needed to be removed.
What the issue was - BitDefender needed to be removed.
Labels:
0x3B,
Bitdefender,
MS Answers,
solved
[SOLVED] CRITICAL_STRUCTURE_CORRUPTION
Link to solved thread - Critical_Structure_Corruption Windows 8.1
What the issue was - Windows Updates needed to be installed.
What the issue was - Windows Updates needed to be installed.
Labels:
0x109,
MS Answers,
solved
[SOLVED] KERNAL_DATA_INPAGE_ERROR
Link to solved thread - KERNAL_DATA_INPAGE_ERROR
What the issue was - Hard disk was faulty and was replaced with a new one.
What the issue was - Hard disk was faulty and was replaced with a new one.
Labels:
0x7A,
MS Answers,
solved
[SOLVED] CRITICAL_STRUCTURE_CORRUPTION / DRIVER_VERIFIER_DETECTED_VIOLATION
Link to solved thread - Another BSOD caused by ntoskrnl.exe+75bc0
What the issue was - Hard disk was faulty, needed to be replaced by Dell.
What the issue was - Hard disk was faulty, needed to be replaced by Dell.
Labels:
0x109,
0xC4,
MS Answers,
solved
[SOLVED] DRIVER_POWER_STATE_FAILURE
Link to solved thread - I keep getting blue screens with the error "BSOD 0000009F nt!MmTrimAllSystemPagableMemory DRIVER_POWER_STATE_FAILURE".
What the issue was -
- Atheros drivers needed to be updated.
- Daemon Tools needed to be removed.
- ScreamingBee Audio voice changer software needed to be removed.
What the issue was -
- Atheros drivers needed to be updated.
- Daemon Tools needed to be removed.
- ScreamingBee Audio voice changer software needed to be removed.
Labels:
0x9F,
atheros,
daemon tools,
MS Answers,
solved
Wednesday, December 11, 2013
E-MU USB-Audio 1.0 fix released!
If you remember my post here, we know there was a bug in the emusba10.sys driver from Windows 8 and/or 8.1 systems. Well, as of today, a fix has been released! Rejoice! Anyone that was having this issue, you can find the fix here included in a monthly update.
Thank you to Eliyas for his continued updates in regards to this!
Thank you to Eliyas for his continued updates in regards to this!
Sunday, December 8, 2013
Most Answers for the Week badge #2
I have received my 2nd badge for getting the Most Answers for the Week in the Windows category of Answers. I received the last one on Nov. 24th. Onward and upward!
Wednesday, December 4, 2013
Microsoft Community - Community Moderator
Today I became a Community Moderator on Answers / Microsoft Community. I have had quite the wonderful past few weeks! As Jan said on Sysnative, this will be a Merry Christmas for sure!!
Sunday, December 1, 2013
Sysnative Moderator + BSOD Kernel Dump Expert
Today I became a Moderator on Sysnative. In addition to that, a few days ago I was also deemed a 'BSOD Kernel Dump Expert' by my fellow experts and analysts. Overall, I am incredibly ecstatic to have received such kind words and praise over the past very few days. I do it all for the love of blue screens and the communities I am active at!
Friday, November 29, 2013
[SOLVED] KERNEL_DATA_INPAGE_ERROR
Link to solved thread - Blue Screens!
What the issue was - SATA cables needed to be swapped because the original connected to the HDD was faulty.
What the issue was - SATA cables needed to be swapped because the original connected to the HDD was faulty.
Labels:
0x7A,
MS Answers,
solved
[SOLVED] SYSTEM_SERVICE_EXCEPTION
Link to solved thread - SYSTEM_SERVICE_EXCEPTION(win32.sys) BSOD
What the issue was - Video card drivers needed to be updated, Daemon Tools needed to be removed.
What the issue was - Video card drivers needed to be updated, Daemon Tools needed to be removed.
Labels:
0x3B,
daemon tools,
MS Answers,
solved
[SOLVED] WHEA_UNCORRECTABLE_ERROR
Labels:
0x124,
MS Answers,
solved
[SOLVED] DRIVER_POWER_STATE_FAILURE
Link to solved thread - DRIVER_POWER_STATE_FAILURE BSOD when running low on battery and coming out of hibernation
What the issue was - sptd.sys needed to be removed, and graphics drivers needed to be updated.
What the issue was - sptd.sys needed to be removed, and graphics drivers needed to be updated.
Labels:
0x9F,
MS Answers,
solved,
sptd.sys
[SOLVED] REFERENCE_BY_POINTER
Link to solved thread - shutdown causes crash
What the issue was - OP needed to speak to Secure Star to get an 8.1 updated version of DriveCrypt.
What the issue was - OP needed to speak to Secure Star to get an 8.1 updated version of DriveCrypt.
Labels:
0x18,
MS Answers,
solved
[SOLVED] DRIVER_IRQL_NOT_LESS_OR_EQUAL / DRIVER_VERIFIER_DETECTED_VIOLATION
Link to solved thread - Windows 8.1 BSOD on hcwPP2.sys - Hauppage WinTV-150
What the issue was - Hauppage card needed to be removed as there were no device drivers created yet for 8 / 8.1.
What the issue was - Hauppage card needed to be removed as there were no device drivers created yet for 8 / 8.1.
Labels:
0xC4,
0xD1,
MS Answers,
solved
[SOLVED] SYSTEM_SERVICE_EXCEPTION / DRIVER_IRQL_NOT_LESS_OR_EQUAL
Link to solved thread - Pls help with blue screens on my laptop
What the issue was - McAfee needed to be removed and replaced with Microsoft Security Essentials.
What the issue was - McAfee needed to be removed and replaced with Microsoft Security Essentials.
Labels:
0x3B,
0xD1,
McAfee,
MS Answers,
solved
[SOLVED] DRIVER_IRQL_NOT_LESS_OR_EQUAL
Link to solved thread - Windows 8.1 Error driver_irql_not_less_or_equal
What the issue was - McAfee needed to be removed and replaced with Windows Defender.
What the issue was - McAfee needed to be removed and replaced with Windows Defender.
Labels:
0xD1,
McAfee,
MS Answers,
solved
[SOLVED] DRIVER_IRQL_NOT_LESS_OR_EQUAL
Link to solved thread - DRIVER_IRQL_NOT_LESS_OR_EQUAL (igdkmd6464.SYS)
What the issue was - Intel Graphics driver needed to be updated.
What the issue was - Intel Graphics driver needed to be updated.
Labels:
0xD1,
MS Answers,
solved
[SOLVED] DRIVER_IRQL_NOT_LESS_OR_EQUAL
Link to solved thread - BSOD error when I turned off wireless
What the issue was - Atheros drivers needed to be updated.
What the issue was - Atheros drivers needed to be updated.
Labels:
0xD1,
MS Answers,
solved
[SOLVED] DRIVER_POWER_STATE_FAILURE
Link to solved thread - I'm facing DRIVER_POWER_STATE_FAILURE on my HP envy laptop
What the issue was - avast! needed to be removed and replaced with Windows Defender, Driver Agent needed to be removed as well.
What the issue was - avast! needed to be removed and replaced with Windows Defender, Driver Agent needed to be removed as well.
Labels:
0x9F,
avast!,
MS Answers,
solved
[SOLVED] Windows 8.1 restarting. CRITICAL_STRUCTURE_CORRUPTION
Link to solved thread - Windows 8.1 restarting. CRITICAL_STRUCTURE_CORRUPTION
What the issue was - Avira needed to be removed and replaced with Windows Defender, and sptd.sys needed to be removed as well.
What the issue was - Avira needed to be removed and replaced with Windows Defender, and sptd.sys needed to be removed as well.
Labels:
0x109,
Avira,
MS Answers,
solved,
sptd.sys
[SOLVED] DRIVER_POWER_STATE_FAILURE
Link to solved thread - win 8.1 = Driver Power State Failure Error (help needed)
What the issue was - Heatsink fan wasn't plugged in properly and CD-ROM Class Filter Driver by Gear Software needed to be removed.
What the issue was - Heatsink fan wasn't plugged in properly and CD-ROM Class Filter Driver by Gear Software needed to be removed.
Labels:
0x9F,
MS Answers,
solved
[SOLVED] DPC_WATCHDOG_VIOLATION
Link to solved thread - Unending DPC Watchdog Violation?
What the issue was - AVG needed to be removed and replaced with Windows Defender.
What the issue was - AVG needed to be removed and replaced with Windows Defender.
Labels:
0x133,
AVG,
MS Answers,
solved
[SOLVED] CRITICAL_STRUCTURE_CORRUPTION
Link to solved thread - Critical Structure Corruption after upgrading to windows 81.
What the issue was - Norton and avast! needed to be removed (two antiviruses creating conflict).
What the issue was - Norton and avast! needed to be removed (two antiviruses creating conflict).
Labels:
0x109,
avast!,
MS Answers,
Norton,
solved
[SOLVED] SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M
Link to solved thread - Blue screen of death and reported nonexistent solution
What the issue was - Video card drivers needed to be updated, Norton needed to be removed and replaced with Windows Defender.
What the issue was - Video card drivers needed to be updated, Norton needed to be removed and replaced with Windows Defender.
Labels:
0x1000007E,
MS Answers,
Norton,
solved
[SOLVED] DRIVER_POWER_STATE_FAILURE
Link to solved thread - Asus G750JH Blue screen Driver_Power_State_Failure
What the issue was - Asus Charger Driver needed to be removed, Keyspan serial adapter needed to be removed as well.
What the issue was - Asus Charger Driver needed to be removed, Keyspan serial adapter needed to be removed as well.
Labels:
0x9F,
MS Answers,
solved
[SOLVED] DRIVER_IRQL_NOT_LESS_OR_EQUAL
Link to solved thread - driver_irql_not_less_or_equal (Netio.sys) blue screen Windows 8.1
What the issue was - Xilinx microprocessor driver needed to be removed as it was too old for 8 / 8.1.
What the issue was - Xilinx microprocessor driver needed to be removed as it was too old for 8 / 8.1.
Labels:
0xD1,
MS Answers,
solved
[SOLVED] Critical Structure Corruption Windows 8.1
Link to solved thread - Critical Structure Corruption Windows 8.1
What the issue was - Norton and sptd.sys both needed to be removed.
What the issue was - Norton and sptd.sys both needed to be removed.
Labels:
0x109,
MS Answers,
Norton,
solved,
sptd.sys
[SOLVED] IRQL_UNEXPECTED_VALUE / DRIVER_VERIFIER_DETECTED_VIOLATION
Link to solved thread - automatically restarting saying that "Your PC ran into problem"
What the issue was - Atheros drivers needed to be updated / modem needed to be replaced as too old for 8 / 8.1.
What the issue was - Atheros drivers needed to be updated / modem needed to be replaced as too old for 8 / 8.1.
Labels:
0xC4,
0xC8,
MS Answers,
solved
[SOLVED] DRIVER_IRQL_NOT_LESS_OR_EQUAL
Link to solved thread - DRIVER_IRQL_NOT_LESS_OR_EQUAL(ndis.sys)
What the issue was - Kaspersky needed to be removed and replaced with Windows Defender.
What the issue was - Kaspersky needed to be removed and replaced with Windows Defender.
Labels:
0xD1,
MS Answers,
solved
[SOLVED] IRQL_NOT_LESS_OR_EQUAL
Link to solved thread - Windows 8 BSOD caused by ntoskrnl.exe
What the issue was - Realtek HiDefinition Audio driver needed to be updated.
What the issue was - Realtek HiDefinition Audio driver needed to be updated.
Labels:
0xA,
MS Answers,
solved
[SOLVED] BAD_POOL_CALLER
Link to solved thread - help with dump file
What the issue was - Beta video card driver needed to be installed.
What the issue was - Beta video card driver needed to be installed.
Labels:
0xC2,
MS Answers,
solved
Sunday, November 24, 2013
Most Answers for the Week badge
I got an email not too long ago that says the following:
Hello Patrick Barker,This is very exciting! I am so glad to be able to contribute so much.
Congratulations! You have just received the Most Answers for the Week badge on Microsoft Community.
You earned this badge because you had the most replies marked as answers by your fellow community members in the Windows category this week.
The Most Answers for the Week badge has been added to your profile page and cannot be lost. In fact, you are eligible to earn this badge multiple times.
Visit your profile page to see your new badge.
Thank you for contributing your time and energy to Microsoft Community!
Tuesday, November 5, 2013
[SOLVED] PAGE_FAULT_IN_NONPAGED_AREA
Labels:
0x50,
MS Answers,
solved
[SOLVED] SYSTEM_SERVICE_EXCEPTION / KERNEL_SECURITY_CHECK_FAILURE / DRIVER_VERIFIER_IOMANAGER_VIOLATION / IRQL_GT_ZERO_AT_SYSTEM_SERVICE /
Link to solved thread - BSOD ntoskernel.exe plus other things
What the issue was - RAM needed to be replaced.
What the issue was - RAM needed to be replaced.
[SOLVED] REFERENCE_BY_POINTER
Link to solved thread - physical memory dump blue screen of death
What the issue was - Video card drivers needed to be updated to latest version.
What the issue was - Video card drivers needed to be updated to latest version.
Labels:
0x18,
MS Answers,
solved
[SOLVED] VIDEO_TDR_ERROR
Link to solved thread - nVidia Driver Kernel Error Bluscreen Crashes
What the issue was - Video card needed to be replaced.
What the issue was - Video card needed to be replaced.
Labels:
0x116,
MS Answers,
solved
[SOLVED] CRITICAL_OBJECT_TERMINATION
Link to solved thread - Is there a story to be told regarding ntoskrnl.exe+75bc0?
What the issue was - SSD firmware needed to be updated to latest.
What the issue was - SSD firmware needed to be updated to latest.
Labels:
0xF4,
MS Answers,
solved,
SSD firmware
[SOLVED] CRITICAL_STRUCTURE_CORRUPTION
Link to solved thread - Critical_Structure_Corruption Windows 8.1 ntoskrnl.exe
What the issue was - Daemon Tools needed to be removed along with sptd.sys.
What the issue was - Daemon Tools needed to be removed along with sptd.sys.
Labels:
0x109,
daemon tools,
MS Answers,
solved,
sptd.sys
[SOLVED] DRIVER_POWER_STATE_FAILURE
Link to solved thread - Driver_power_state_failure after upgrade to Windows 8.1 x64
What the issue was - Broadcom driver needed to be updated to latest version.
What the issue was - Broadcom driver needed to be updated to latest version.
Labels:
0x9F,
MS Answers,
solved
[SOLVED] PFN_LIST_CORRUPT / PAGE_FAULT_IN_NONPAGED_AREA / BAD_POOL_HEADER / BAD_POOL_CALLER /
Link to solved thread - bsod issues All diagnosis info enclosed
What the issue was - Faulty RAM, needed to be replaced.
What the issue was - Faulty RAM, needed to be replaced.
[SOLVED] DRIVER_POWER_STATE_FAILURE
Link to solved thread - Driver Power State Failure (Windows 8.1 Pro 64-bit)
What the issue was - Intel Rapid Storage Technology needed to be uninstalled.
What the issue was - Intel Rapid Storage Technology needed to be uninstalled.
[SOLVED] MEMORY_MANAGEMENT
Link to solved thread - Windows Server 2012 - BSOD & MEMORY_MANAGEMENT
What the issue was - Server's RAM needed to be replaced.
What the issue was - Server's RAM needed to be replaced.
Labels:
0x1A,
MS Answers,
server,
solved
[SOLVED] SYSTEM_SERVICE_EXCEPTION
Link to solved thread - Help tracking down BSOD Windows 8.0 64 bit
What the issue was - nVidia video drivers needed to be rolled back to a previous version.
What the issue was - nVidia video drivers needed to be rolled back to a previous version.
Labels:
0x3B,
MS Answers,
solved
[SOLVED] DRIVER_POWER_STATE_FAILURE
Link to solved thread - DRIVER_POWER_STATE_FAILURE -- 0x0000009f -- ntoskrnl.exe
What the issue was - Intel® Wireless WiFi Link Adapter driver needed to be updated.
What the issue was - Intel® Wireless WiFi Link Adapter driver needed to be updated.
Labels:
0x9F,
MS Answers,
solved
[SOLVED] IRQL_NOT_LESS_OR_EQUAL / NTFS_FILE_SYSTEM
Labels:
0x24,
0xA,
MS Answers,
solved
[SOLVED] KMODE_EXCEPTION_NOT_HANDLED
Link to solved thread - Random BSOD showing "Caused By Driver : ntoskrnl.exe"
What the issue was - System was still severely infected with malware based off of my analysis and best course of action was to go through with a clean install.
What the issue was - System was still severely infected with malware based off of my analysis and best course of action was to go through with a clean install.
Labels:
0x1E,
MS Answers,
solved
Monday, October 21, 2013
My troubleshooting led to discovering a Windows 8.1 bug!
Upon analyzing a crash as usual, I came upon an 8.1 case in which the user was experiencing USBXHCI.SYS crashes. I took a quick look at the modules list and determined that the driver emusba10.sys (E-MU
USB-Audio 1.0 driver) was the probable cause as it was dated from 2010
and was all I had to go on in terms of USB related devices and or
software on this system.
Sure enough, a Microsoft engineer posted and eventually investigated the issue and determined:
With this said, if any BSOD analysts come across an 8.1 (or 8) based system with USBXHCI.SYS crashes, check the modules list for emusba10.sys and let them know it's a known bug.
Thread itself - BSOD with DRIVER_IRQL_NOT_LESS_OR_EQUAL in USBXHCI.SYS when watching - Microsoft Community
I am not sure if I am being overzealous, but it feels pretty cool being part of the reason a bug was discovered!
Sure enough, a Microsoft engineer posted and eventually investigated the issue and determined:
Based on my investigation, this appears to be a bug in emusba10.sys driver from Creative Labs . This driver is sending a malformed URB. Windows 8 validated the URB before processing. This validation was removed in Windows 8.1 as part of some optimization. Until we come up with resolution for this, please don't plug this device to USB 3.0 port / blue port. Sorry for the inconvenience.
With this said, if any BSOD analysts come across an 8.1 (or 8) based system with USBXHCI.SYS crashes, check the modules list for emusba10.sys and let them know it's a known bug.
Thread itself - BSOD with DRIVER_IRQL_NOT_LESS_OR_EQUAL in USBXHCI.SYS when watching - Microsoft Community
I am not sure if I am being overzealous, but it feels pretty cool being part of the reason a bug was discovered!
[SOLVED] KMODE_EXCEPTION_NOT_HANDLED / SYSTEM_SERVICE_EXCEPTION / MEMORY_MANAGEMENT / DRIVER_IRQL_NOT_LESS_OR_EQUAL / SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M
Link to solved thread - BSOD On My New Desktop Pc
What the issue was - GPU and RAM needed to be replaced.
What the issue was - GPU and RAM needed to be replaced.
[SOLVED] DRIVER_IRQL_NOT_LESS_OR_EQUAL / DRIVER_POWER_STATE_FAILURE / DRIVER_PAGE_FAULT_IN_FREED_SPECIAL_POOL /
Link to solved thread - BSOD ntoskrnl |Device Manager doesn't respond
What the issue was - Corruption to due constant video driver uninstalls and reinstalls.
What the issue was - Corruption to due constant video driver uninstalls and reinstalls.
[SOLVED] KERNEL_DATA_INPAGE_ERROR
Link to solved thread - Blue Screen Error KERNEL_DATA_INPAGE_ERROR Windows 7
What the issue was - Hard drive needed to be replaced. OP wasn't experienced enough so took it to a shop.
What the issue was - Hard drive needed to be replaced. OP wasn't experienced enough so took it to a shop.
Labels:
0x7A,
MS Answers,
solved
[SOLVED] SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M
Link to solved thread - Windows 7 BSOD SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
What the issue was - avast! and Daemon Tools needed to be removed.
What the issue was - avast! and Daemon Tools needed to be removed.
[SOLVED] VIDEO_TDR_ERROR
Link to solved thread - BSOD BugCheckCode 278 - on third video card
What the issue was - Video driver issue, drivers needed to be downgraded.
What the issue was - Video driver issue, drivers needed to be downgraded.
Labels:
0x116,
MS Answers,
solved
[SOLVED] KMODE_EXCEPTION_NOT_HANDLED / DRIVER_VERIFIER_IOMANAGER_VIOLATION
Link to solved thread - Windows 7 BSOD Errors
What the issue was - kdcom.dll was corrupt and needed to be repaired with SFC.
What the issue was - kdcom.dll was corrupt and needed to be repaired with SFC.
Labels:
0x1E,
0xC9,
kdcom.dll,
MS Answers,
solved
[SOLVED] CRITICAL_STRUCTURE_CORRUPTION
Link to solved thread - Critical Structure Corruption BSOD when installing Linux VM
What the issue was - BitLocker's full-drive encryption was causing issues + false positives with SFC. Drive needed to be decyrpted entirely.
What the issue was - BitLocker's full-drive encryption was causing issues + false positives with SFC. Drive needed to be decyrpted entirely.
Labels:
0x109,
MS Answers,
solved
[SOLVED] DRIVER_POWER_STATE_FAILURE
Link to solved thread - Driver Power State Failure - Windows 8.1
What the issue was - MotionJoy needed to be removed.
What the issue was - MotionJoy needed to be removed.
Labels:
0x9F,
MotionJoy,
MS Answers,
solved
[SOLVED] DRIVER_IRQL_NOT_LESS_OR_EQUAL / DRIVER_POWER_STATE_FAILURE
Link to solved thread - Windows 7: Bluescreen upon wakeup
What the issue was - Wireless drivers needed to be updated.
What the issue was - Wireless drivers needed to be updated.
Labels:
0x9F,
0xD1,
MS Answers,
solved
[SOLVED] DRIVER_IRQL_NOT_LESS_OR_EQUAL
Link to solved thread - Getting multiple BSoD since upgrading to Win 8.1
What the issue was - FortiClient needed to be removed.
What the issue was - FortiClient needed to be removed.
Labels:
0xD1,
FortiClient,
MS Answers,
solved
Friday, October 11, 2013
200 answers on MS Answers
I hit 200 answers on MS Answers yesterday! Glad I have provided answers to so many people. It feels wonderful to be part of a great community. I hit 100 on August 26th.
[SOLVED] SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M
Link to solved thread - Win7 blue screen error 0x0000007e (c0000005 .... )
What the issue was - Hotspot Shield needed to be removed.
What the issue was - Hotspot Shield needed to be removed.
[SOLVED] MULTIPLE_IRP_COMPLETE_REQUESTS / CRITICAL_OBJECT_TERMINATION / KMODE_EXCEPTION_NOT_HANDLED
Link to solved thread - ntoskrnl.exe BSOD Windows 7
What the issue was - SSD firmware needed to be updated.
What the issue was - SSD firmware needed to be updated.
Labels:
0x1E,
0x44,
0xF4,
MS Answers,
solved
[SOLVED] DRIVER_POWER_STATE_FAILURE
Link to solved thread - Windows 8 Blue Screen - DRIVER_POWER_STATE_FAILURE caused by ntoskrnl.exe
What the issue was - Bluetooth drivers needed to be updated.
What the issue was - Bluetooth drivers needed to be updated.
Labels:
0x9F,
MS Answers,
solved
[SOLVED] DRIVER_POWER_STATE_FAILURE
Link to solved thread - BSOD - ntkrpamp.exe DRIVER_POWER_STATE_FAILURE
What the issue was - Wireless drivers needed to be reinstalled.
What the issue was - Wireless drivers needed to be reinstalled.
[SOLVED] DRIVER_IRQL_NOT_LESS_OR_EQUAL
Labels:
0xD1,
daemon tools,
solved,
TSF
[SOLVED] VIDEO_TDR_ERROR
Link to solved thread - [BSOD] Another victim...
What the issue was - GPU fan failed, so it was replaced.
What the issue was - GPU fan failed, so it was replaced.
[SOLVED] DRIVER_POWER_STATE_FAILURE
Link to solved thread - Bsod every shutdows / sleep / hibernate
What the issue was - Realtek PCI/PCIe Adapter(s) disabled via Device Manager until 8.1 driver is developed.
What the issue was - Realtek PCI/PCIe Adapter(s) disabled via Device Manager until 8.1 driver is developed.
Friday, October 4, 2013
[SOLVED] VIDEO_TDR_TIMEOUT_DETECTED / SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M / DRIVER_POWER_STATE_FAILURE
Link to solved thread - BSOD - DRIVER POWER STATE FAILURE (ACPI.sys)
What the issue was - nVidia drivers updated to version 314.07, and Intel Graphics drivers updated to latest.
What the issue was - nVidia drivers updated to version 314.07, and Intel Graphics drivers updated to latest.
Labels:
0x1000007E,
0x117,
0x9F,
solved,
Sysnative
[SOLVED] POOL_CORRUPTION_IN_FILE_AREA / IRQL_NOT_LESS_OR_EQUAL
Link to solved thread - Windows 7 repeated BSOD's
What the issue was - New RAM needed to be run on the D.O.C.P profile supported by the board at the rated timings and speed.
What the issue was - New RAM needed to be run on the D.O.C.P profile supported by the board at the rated timings and speed.
[SOLVED] DRIVER_IRQL_NOT_LESS_OR_EQUAL
Link to solved thread - BSOD while gaming
What the issue was - Latest Realtek network drivers needed to be installed.
What the issue was - Latest Realtek network drivers needed to be installed.
[SOLVED] IRQL_GT_ZERO_AT_SYSTEM_SERVICE
Link to solved thread - Acer Aspire 5750 - problem event name: BlueScreen
What the issue was - Unknown, but user reported solved.
What the issue was - Unknown, but user reported solved.
[SOLVED] DRIVER_POWER_STATE_FAILURE
Link to solved thread - driver power state failure Blue screen
What the issue was -
Atheros drivers needed to be updated
avast! needed to be removed
What the issue was -
Atheros drivers needed to be updated
avast! needed to be removed
Labels:
0x9F,
avast!,
MS Answers,
solved
[SOLVED] DRIVER_POWER_STATE_FAILURE
Link to solved thread - BSOD and error message after shut-on.
What the issue was - USB drivers needed to be updated and AVG needed to be removed.
What the issue was - USB drivers needed to be updated and AVG needed to be removed.
Labels:
0x9F,
AVG,
MS Answers,
solved
[SOLVED] WHEA_UNCORRECTABLE_ERROR
Link to solved thread - Win7x64 HP Pavilion dv6 Blue Screen
What the issue was - Unknown, but marked solved.
What the issue was - Unknown, but marked solved.
Labels:
0x124,
MS Answers,
solved
[SOLVED] DPC_WATCHDOG_VIOLATION / DRIVER_POWER_STATE_FAILURE
Link to solved thread - DPC Watchdog Violation
What the issue was - nVidia drivers needed to be updated.
What the issue was - nVidia drivers needed to be updated.
Labels:
0x133,
0x9F,
MS Answers,
solved
Friday, September 27, 2013
[SOLVED] KMODE_EXCEPTION_NOT_HANDLED
Link to solved thread - KMODE_EXCEPTION_NOT_HANDLED (aswNdisFit.sys) windows 8
What the issue was - avast! needed to be removed and replaced with Windows 8's built-in Windows Defender.
What the issue was - avast! needed to be removed and replaced with Windows 8's built-in Windows Defender.
Labels:
0x1E,
avast!,
MS Answers,
solved
[SOLVED] VIDEO_TDR_TIMEOUT_DETECTED
Link to solved thread - MW3 + DayZ Black Screen's/Freezing
What the issue was - Clean install of Windows + latest driver installation. There was OS corruption and various driver conflicts.
What the issue was - Clean install of Windows + latest driver installation. There was OS corruption and various driver conflicts.
Thursday, September 26, 2013
[SOLVED] KMODE_EXCEPTION_NOT_HANDLED / SYSTEM_SERVICE_EXCEPTION
Link to solved thread - BSOD - codes 3b, 1e. still persists after reinstall
What the issue was - avast! needed to be removed.
What the issue was - avast! needed to be removed.
[SOLVED] KERNEL_MODE_EXCEPTION_NOT_HANDLED_M
Link to solved thread - BSOD 0x8E Possibly driver?
What the issue was - Daemon Tools needed to be removed.
What the issue was - Daemon Tools needed to be removed.
Labels:
0x1000008E,
solved,
TSF
[SOLVED] DRIVER_IRQL_NOT_LESS_OR_EQUAL
Link to solved thread - 0x000000D1 ndis.sys
What the issue was - Symantec Endpoint Protection 11 firewall needed to be removed.
What the issue was - Symantec Endpoint Protection 11 firewall needed to be removed.
Labels:
0xD1,
MS Answers,
Norton,
solved,
Symantec
[SOLVED] DRIVER_POWER_STATE_FAILURE
Link to solved thread - DRIVER_POWER_STATE_FAILURE error
What the issue was -
Dell Wireless 5530 HSPA Mini-Card Network Adapter driver needed to be updated
Daemon Tools needed to be removed
What the issue was -
Dell Wireless 5530 HSPA Mini-Card Network Adapter driver needed to be updated
Daemon Tools needed to be removed
Labels:
0x9F,
MS Answers,
solved
[SOLVED] WHEA_UNCORRECTABLE_ERROR / CLOCK_WATCHDOG_TIMEOUT
Link to solved thread - clock_watchdog_timeout error!
What the issue was - BIOS needed to be updated.
What the issue was - BIOS needed to be updated.
Labels:
0x101,
0x124,
MS Answers,
solved
Sunday, September 22, 2013
[SOLVED] DRIVER_POWER_STATE_FAILURE
Link to solved thread - Driver power state Failure BSoD
What the issue was - ASMedia USB 3.0 Hub driver needed to be updated.
What the issue was - ASMedia USB 3.0 Hub driver needed to be updated.
[SOLVED] ATTEMPTED_WRITE_TO_READONLY_MEMORY / PAGE_FAULT_IN_NONPAGED_AREA / NTFS_FILE_SYSTEM / IRQL_NOT_LESS_OR_EQUAL / CACHE_MANAGER / WHEA_UNCORRECTABLE_ERROR
Link to solved thread - random BSOD
What the issue was - Motherboard needed to be replaced.
This is a thread that finished with 122 replies (yes, one hundred and twenty two). One of my more difficult BSOD cases. We essentially went through EVERYTHING. I'd say it's a good read :+)
What the issue was - Motherboard needed to be replaced.
This is a thread that finished with 122 replies (yes, one hundred and twenty two). One of my more difficult BSOD cases. We essentially went through EVERYTHING. I'd say it's a good read :+)
[SOLVED] SYSTEM_SERVICE_EXCEPTION / SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M / MEMORY_MANAGEMENT
Link to solved thread - Win8 random BSODs: SYSTEM_THREAD_EXCEPTION_NOT_HANDLED dxgmms1.sys
What the issue was -
BIOS was updated
CPU Frequency set to Auto
DRAM timings set to X.M.P
What the issue was -
BIOS was updated
CPU Frequency set to Auto
DRAM timings set to X.M.P
Labels:
0x1000007E,
0x1A,
0x3B,
MS Answers,
solved
[SOLVED] DRIVER_POWER_STATE_FAILURE
Link to solved thread - ‘DRIVER_POWER_STATE_FAILURE’ BSOD - Windows 7 Home Premium
What the issue was - NVIDIA Optimus from Lenovo needed to be uninstalled and reinstalled.
What the issue was - NVIDIA Optimus from Lenovo needed to be uninstalled and reinstalled.
Labels:
0x9F,
MS Answers,
solved
Tuesday, September 17, 2013
[SOLVED] KMODE_EXCEPTION_NOT_HANDLED / SYSTEM_SERVICE_EXCEPTION
Link to solved thread - BSOD when playing games
What the issue was - Faulty laptop motherboard, therefore rather than getting a laptop replacement, the user decided to build a brand new PC.
What the issue was - Faulty laptop motherboard, therefore rather than getting a laptop replacement, the user decided to build a brand new PC.
[SOLVED] SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
Link to solved thread - I have random BSOD at Windows start up
What the issue was -
Sierra Wireless USB Mass Storage Filter driver needed to be updated
What the issue was -
Sierra Wireless USB Mass Storage Filter driver needed to be updated
Labels:
0x7E,
MS Answers,
solved
[SOLVED] DRIVER_IRQL_NOT_LESS_OR_EQUAL
Link to solved thread - Error: DRIVER_IRQL_NOT_LESS_OR_EQUAL
What the issue was -
Video card drivers needed to be updated
Daemon Tools needed to be removed
Norton needed to be removed and replaced
What the issue was -
Video card drivers needed to be updated
Daemon Tools needed to be removed
Norton needed to be removed and replaced
Labels:
0xD1,
MS Answers,
Norton,
solved
[SOLVED] DRIVER_IRQL_NOT_LESS_OR_EQUAL
Link to solved thread - Blue Screen Local Id - 1033 , BCCode - d1
What the issue was - Atheros Extensible Wireless LAN driver for CB42/CB43/MB42/MB43 Network Adapter needed to be updated.
What the issue was - Atheros Extensible Wireless LAN driver for CB42/CB43/MB42/MB43 Network Adapter needed to be updated.
Labels:
0xD1,
MS Answers,
solved
[SOLVED] IRQL_NOT_LESS_OR_EQUAL / DRIVER_VERIFIER_DETECTED_VIOLATION
Link to solved thread - I have been receiving a lot of blue screens lately saying IRQ not less or equal
What the issue was - Paragon Image Mounter needed to be removed.
What the issue was - Paragon Image Mounter needed to be removed.
Labels:
0xA,
0xC4,
MS Answers,
solved
Friday, September 13, 2013
MCC: Content Creator on Answers
Yesterday I was made a MCC: Content Creator on MS Answers. Answers ultimately dropped the Community Star badge and transitioned it to MCC. The measurements required to earn an MCC badge was higher than that to earn a Community Star badge, but apparently I met the measurements which is exciting!
It is an honor to receive such a badge for doing what I love so much!
MCC badges can be seen across many Microsoft forum communities. The MCC badge is designed to thank those outstanding community members who volunteer their expertise to improve the experience of fellow Microsoft customers.
With an MCC badge, you will be recognized for providing great posts and answers, and for helping others find the best answers, discussions, and articles.
It is an honor to receive such a badge for doing what I love so much!
[SOLVED] PAGE_FAULT_IN_NONPAGED_AREA / DRIVER_VERIFIER_DETECTED_VIOLATION
Link to solved thread - Blue screen
What the issue was - AsRock XFastUSB package needed to be removed.
What the issue was - AsRock XFastUSB package needed to be removed.
Labels:
0x50,
0xC4,
avast!,
MS Answers,
solved
Tuesday, September 10, 2013
[SOLVED] DRIVER_IRQL_NOT_LESS_OR_EQUAL
Link to solved thread - Error: DRIVER_IRQL_NOT_LESS_OR_EQUAL
What the issue was - Norton needed to be removed and replaced with Windows 8's built-in Windows Defender.
What the issue was - Norton needed to be removed and replaced with Windows 8's built-in Windows Defender.
Labels:
0xD1,
MS Answers,
Norton,
solved
[SOLVED] DRIVER_IRQL_NOT_LESS_OR_EQUAL
Link to solved thread - Problem Event Name: BlueScreen
What the issue was - IObit Malware Fighter needed to be removed.
What the issue was - IObit Malware Fighter needed to be removed.
[SOLVED] DRIVER_IRQL_NOT_LESS_OR_EQUAL
Link to solved thread - BSOD Driver IRQL NOT LESS OR EQUAL tcpip.sys Windows 8 BSOD
What the issue was - AVG needed to be removed and replaced with Windows 8's built-in Windows Defender.
What the issue was - AVG needed to be removed and replaced with Windows 8's built-in Windows Defender.
Labels:
0xD1,
AVG,
MS Answers,
solved
100 blog posts! (well, 101 now that I've noticed) and some extras..
I just noticed I have hit 100 blog posts, making this #101. I've been getting emails about my blog being found through Google and then ultimately people requiring assistance. This is just wonderful! I am truly in awe that my blog and the information I funnel through it can be helpful, because that's my exact intention. It's what I always hoped for and more!
In other news, I have hit 100+ 'Most helpful replies' on Answers, and earned a new badge!
The Guardian badge
Onward and upward :+)
In other news, I have hit 100+ 'Most helpful replies' on Answers, and earned a new badge!
The Guardian badge
Every time you report legitimate abuse in the community, you get a vote toward your Guardian badge. When you have reported enough actual cases of abuse and accurately pointed out the type of abuse, you'll get your badge. Reporting content that is not actual abuse will not get you votes.
Benefits of being a Guardian:
This is an ongoing, dynamic process. Note that this badge can be lost if you don't accurately report enough actual cases of abuse.
- A Guardian badge will be added to your profile
- Content the Guardian reports as abusive is automatically hidden until moderated.
Onward and upward :+)
Sunday, September 8, 2013
[SOLVED] BUGCODE_USB_DRIVER
Link to solved thread - Recurring BSOD problem
What the issue was - Bluetooth drivers needed to be updated.
What the issue was - Bluetooth drivers needed to be updated.
Labels:
0xFE,
MS Answers,
solved
Saturday, September 7, 2013
[SOLVED] DPC_WATCHDOG_VIOLATION
Link to solved thread - DPC_Watchdog Violation When Using USB Hub/Extension Cable
What the issue was - PCAUSA NDIS 5.0 SPR Protocol software needed to be removed.
What the issue was - PCAUSA NDIS 5.0 SPR Protocol software needed to be removed.
Labels:
0x133,
MS Answers,
solved
[SOLVED] KERNEL_SECURITY_CHECK_FAILURE
Link to solved thread - BSOD KERNEL_SECURITY_CHECK_FAILURE?
What the issue was - Gigabyte Easy Tune needed to be removed.
What the issue was - Gigabyte Easy Tune needed to be removed.
Labels:
0x139,
MS Answers,
solved
[SOLVED] DRIVER_IRQL_NOT_LESS_OR_EQUAL
Link to solved thread - Windows 8 Blue Screen - IRQL_NOT_LESS_OR_EQUAL (tcpis.sys)
What the issue was - Business systems were using Symantec and it was conflicting, therefore the IT department needed to be notified to contact Symantec.
What the issue was - Business systems were using Symantec and it was conflicting, therefore the IT department needed to be notified to contact Symantec.
Labels:
0xD1,
MS Answers,
Norton,
solved
Wednesday, September 4, 2013
Bugcheck Flash Cards
I have created a set of flash cards dedicated to memorizing bugchecks and their basic definitions. Generally, the longer you analyze dump files, the more you tend to memorize bugchecks and their definitions just due to the sheer amount you'll see. However, it never hurts to actually study them!
Here's a link to the bugcheck flash cards for studying purposes.
Here's a link to the bugcheck flash cards for studying purposes.
Labels:
flash cards,
studying
[SOLVED] SYSTEM_SCAN_AT_RAISED_IRQL_CAUGHT_IMPROPER_DRIVER_UNLOAD
Link to solved thread - BSOD During Installation
What the issue was - HP Velocity NDIS 6 driver needed to be removed. It was included in the HP RGS remote desktop software, so that was uninstalled.
This was also my first 0xD4 bugcheck in over almost two years of analysis! Neat :~)
What the issue was - HP Velocity NDIS 6 driver needed to be removed. It was included in the HP RGS remote desktop software, so that was uninstalled.
This was also my first 0xD4 bugcheck in over almost two years of analysis! Neat :~)
Labels:
0xD4,
MS Answers,
solved
[SOLVED] WHEA_UNCORRECTABLE_ERROR
Link to solved thread - BSOD one to two times a day
What the issue was - Thermal paste needed to be reapplied.
What the issue was - Thermal paste needed to be reapplied.
Labels:
0x124,
MS Answers,
solved
Monday, September 2, 2013
[SOLVED] Unknown bugcheck
Link to solved thread - BSOD due to dxgkrnl.sys
What the issue was - Video card drivers needed to be updated.
What the issue was - Video card drivers needed to be updated.
[SOLVED] SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M
Link to solved thread - Blue screen after plugging in USB 3.0 device.
What the issue was - Renesas Electronics Corporation USB 3.0 Host Controller driver needed to be updated.
What the issue was - Renesas Electronics Corporation USB 3.0 Host Controller driver needed to be updated.
Labels:
0x1000007E,
MS Answers,
solved
Sunday, September 1, 2013
[SOLVED] DPC_WATCHDOG_VIOLATION
Link to solved thread - New system - Random BSOD
What the issue was - Video card needed to be replaced.
What the issue was - Video card needed to be replaced.
[SOLVED] KERNEL_MODE_EXCEPTION_NOT_HANDLED_M
Link to solved thread - BSOD 0x8E Possibly driver?
What the issue was -
Daemon Tools needed to be removed.
ATK Hotkey ATK0101 ACPI Utility Driver needed to be updated.
SP1 and updates needed to be installed.
What the issue was -
Daemon Tools needed to be removed.
ATK Hotkey ATK0101 ACPI Utility Driver needed to be updated.
SP1 and updates needed to be installed.
Labels:
0x1000008E,
solved,
TSF
[SOLVED] PAGE_FAULT_IN_NONPAGED_AREA
Link to solved thread - Blue Screen: PAGE_FAULT_IN_NONPAGED_AREA
What the issue was -
Toshiba Firmware Linkage service system driver needed to be updated.
Toshiba ODD Writing Driver (CD/DVD) needed to be updated.
+ any other drivers via Toshiba's website.
What the issue was -
Toshiba Firmware Linkage service system driver needed to be updated.
Toshiba ODD Writing Driver (CD/DVD) needed to be updated.
+ any other drivers via Toshiba's website.
Labels:
0x50,
MS Answers,
solved
Saturday, August 31, 2013
[SOLVED] DRIVER_POWER_STATE_FAILURE
Link to solved thread - Need help My sony vaio freezing on Shutting down screen
What the issue was - Huawei Technologies Co., Ltd. USB NDIS Miniport Driver needed to be updated / removed.
What the issue was - Huawei Technologies Co., Ltd. USB NDIS Miniport Driver needed to be updated / removed.
Labels:
0x9F,
MS Answers,
solved
Thursday, August 29, 2013
[SOLVED] DRIVER_IRQL_NOT_LESS_OR_EQUAL
Link to solved thread - Windows 8: DRIVER_IRQL_NOT_LESS_OR_EQUAL (athw8x.sys)
What the issue was -
avast! needed to be removed and replaced with Windows Defender.
Daemon Tools needed to be removed.
What the issue was -
avast! needed to be removed and replaced with Windows Defender.
Daemon Tools needed to be removed.
Labels:
0xD1,
avast!,
daemon tools,
MS Answers,
solved
[SOLVED] CACHE_MANAGER / SYSTEM_SERVICE_EXCEPTION / KMODE_EXCEPTION_NOT_HANDLED / BAD_POOL_HEADER
Link to solved thread - BSOD error 24
What the issue was -
Service Pack 1 needed to be installed.
avast! needed to be removed and replaced with Microsoft Security Essentials.
What the issue was -
Service Pack 1 needed to be installed.
avast! needed to be removed and replaced with Microsoft Security Essentials.
Wednesday, August 28, 2013
[SOLVED] INTERRUPT_EXCEPTION_NOT_HANDLED / UNEXPECTED_KERNEL_MODE_TRAP / DRIVER_IRQL_NOT_LESS_OR_EQUAL / IRQL_NOT_LESS_OR_EQUAL
Link to solved thread - Windows 8 Has Been Crashing
What the issue was - Latest tablet drivers needed to be installed.
What the issue was - Latest tablet drivers needed to be installed.
Microsoft Answers Community Star: Content Creator
I woke up today (it's funny to see that most of my posts start out like that) to see that I had received the Content Creator badge on MS Answers:
Community Star: The Content Creator badgeI am beyond honored to receive such a badge. I do what I do because I love helping people, and to be awarded for it is a warm and fuzzy feeling.
Each time one of your question and answer posts is marked as helpful or as an answer, you get a vote toward your Content Creator badge. When you have a high enough percentage of posts marked as "helpful" or "answers," you'll get your badge.
Benefits of being a Content Creator:
This is an ongoing, dynamic process. Note that this badge can be lost if enough of your posts are not voted as helpful or marked as answers.
- Your profile will be featured in the Top Contributors rotator
- You'll be awarded space for 5 additional links in your profile
- A Content Creator badge is added to your profile
Tuesday, August 27, 2013
[SOLVED] BAD_POOL_CALLER
Link to solved thread - Blue Screen With Bad Pool Caller
What the issue was - Hotspot Shield needed to be removed.
What the issue was - Hotspot Shield needed to be removed.
Labels:
0xC2,
Hotspot shield,
MS Answers,
solved
[SOLVED] CRITICAL_OBJECT_TERMINATION
Link to solved thread - Loud buzzing sound and then BSOD
What the issue was - Power Supply needed to be replaced.
What the issue was - Power Supply needed to be replaced.
[SOLVED] PAGE_FAULT_IN_NONPAGED_AREA / SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M / BUGCODE_USB_DRIVER
Link to solved thread - BSOD Page Dump in Nonpaged Area?
What the issue was - Hotfix needed to be installed, and SP2 needed to be installed.
What the issue was - Hotfix needed to be installed, and SP2 needed to be installed.
Labels:
0x1000007E,
0x50,
0xFE,
solved,
TSF
[SOLVED] KMODE_EXCEPTION_NOT_HANDLED / IRQL_NOT_LESS_OR_EQUAL / SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
Link to solved thread - BSOD - Netio.sys
What the issue was - Network drivers needed to be removed, the update utility needed to be run via CMD, and then the latest network drivers needed to be installed.
What the issue was - Network drivers needed to be removed, the update utility needed to be run via CMD, and then the latest network drivers needed to be installed.
Labels:
0x1000007E,
0x1E,
0xA,
solved,
TSF
Monday, August 26, 2013
100 answers on MS Answers
I woke up today and noticed I've reached 100 answers on MS Answers. I hit 50 answers on July 30th, so I seem to be providing answers at a fairly decent basis. This is wonderful, I like the way MS Answers works in regards to answers. It lets you know how many people you've helped with their issues. It's a good feeling to know you are helping someone, it truly is.
Labels:
100 answers,
MS Answers,
solved
[SOLVED] BAD_POOL_CALLER
Link to solved thread - Bad_Pool_Caller Windows 8 HELP PLEASE?
What the issue was - Video card drivers needed to be updated.
What the issue was - Video card drivers needed to be updated.
Labels:
0xC2,
MS Answers,
solved
Friday, August 23, 2013
[SOLVED] DPC_WATCHDOG_VIOLATION
Link to solved thread - DPC Watchdog Violation
What the issue was - Blackberry Link application needed to be removed.
What the issue was - Blackberry Link application needed to be removed.
Labels:
0x133,
MS Answers,
solved
Tuesday, August 20, 2013
[SOLVED] WHEA_UNCORRECTABLE_ERROR / DRIVER_VERIFIER_DETECTED_VIOLATION
Link to solved thread - BSODs again
What the issue was -
AI Suite II needed to be removed.
MagicDisk needed to be removed.
What the issue was -
AI Suite II needed to be removed.
MagicDisk needed to be removed.
[SOLVED] DRIVER_IRQL_NOT_LESS_OR_EQUAL / MULTIPLE_IRP_COMPLETE_REQUESTS
Link to solved thread - BSOD Due to Driver Issues
What the issue was - NEC drivers listed for HP 8540p laptop replaced with Renesas drivers.
What the issue was - NEC drivers listed for HP 8540p laptop replaced with Renesas drivers.
Monday, August 19, 2013
[SOLVED] PFN_LIST_CORRUPT
Link to solved thread - Blue Screen Error
What the issue was - Chip-creep, the RAM needed to be re-seated.
What the issue was - Chip-creep, the RAM needed to be re-seated.
Labels:
0x4E,
MS Answers,
solved
[SOLVED] DRIVER_IRQL_NOT_LESS_OR_EQUAL
Link to solved thread - BSOD - IRQL NOT LESS EQUAL - NETIO.SYS
What the issue was - NIC needed to be replaced.
What the issue was - NIC needed to be replaced.
[SOLVED] DRIVER_IRQL_NOT_LESS_OR_EQUAL
Link to solved thread - System Freeze Started Happening Again
What the issue was - Western Digital's Device Management driver needed to be blocked from auto-installing via its hardware ID.
What the issue was - Western Digital's Device Management driver needed to be blocked from auto-installing via its hardware ID.
[SOLVED] PFN_LIST_CORRUPT
Link to solved thread - PFN_LIST_CORRUPT
What the issue was - Norton needed to be removed and replaced with Microsoft Security Essentials.
What the issue was - Norton needed to be removed and replaced with Microsoft Security Essentials.
[SOLVED] SYSTEM_SERVICE_EXCEPTION / DRIVER_POWER_STATE_FAILURE / IRQL_NOT_LESS_OR_EQUAL
Link to solved thread - BSOD IRQL_NOT_LESS_OR_EQUAL WIndows8
What the issue was - avast! needed to be removed and replaced with Microsoft Security Essentials.
What the issue was - avast! needed to be removed and replaced with Microsoft Security Essentials.
Thursday, August 15, 2013
TSF Microsoft Section Moderator
Today when I woke up I was promoted to a Microsoft Section Moderator on Tech Support Forum. It was quite the honor to be promoted, and I look forward to continue to provide as much assistance as possible.
[SOLVED] DPC_WATCHDOG_VIOLATION / DRIVER_OVERRAN_STACK_BUFFER / WHEA_UNCORRECTABLE_ERROR
Link to solved thread - Getting BSOD Win 8 Pro 64 Bit New Computer
What the issue was - CPU needed to be replaced.
What the issue was - CPU needed to be replaced.
[SOLVED] IRQL_NOT_LESS_OR_EQUAL / SYSTEM_SERVICE_EXCEPTION / MEMORY_MANAGEMENT
Link to solved thread - Random Blue Screen Error in Windows 7 ultimate 64 bit
What the issue was - I can only imagine Memtest was run and the memory was faulty.
What the issue was - I can only imagine Memtest was run and the memory was faulty.
Labels:
0x1A,
0x3B,
0xA,
MS Answers,
solved
Saturday, August 10, 2013
[SOLVED] WHEA_UNCORRECTABLE_ERROR
Link to solved thread - Computer keeps on bsoding / gpu failing.
What the issue was - CPU needed to be replaced.
What the issue was - CPU needed to be replaced.
Labels:
0x124,
MS Answers,
solved
Revised Canned Replies (always a work in progress)
These are my canned replies that were created over a span of time, nothing more. I have some misc. ones not on here, but these are mostly the major ones. You can refer to them if you want for diagnosing your own problem, but it's mainly for my own reference.
** Last edited 9/19/2014
-------------------------------------------------------------------------------------------------------------
BSOD Intro:
Hi,
In order to assist you, we will need the .DMP files to analyze what exactly occurred at the time of the crash, etc.
If you don't know where .DMP files are located, here's how to get to them:
1. Navigate to the %systemroot%\Minidump folder.
-- %systemroot% is the environment variable for your Windows directory. For example, C:\Windows.
2. Copy any and all .DMP files in the Minidump folder to your Desktop, create a new folder on the Desktop to put these .DMP files in, and then zip the folder. You can then either use a 3rd party tool such as 7-Zip/Winrar, or you can use Windows' default method of zipping folders.
Compress and uncompress files (zip files).
Please note that any "cleaner" programs such as TuneUpUtilities, CCleaner, etc, by default will delete .DMP files upon use. With this said, if you've run such software, and your Minidump folder is empty, you will need to allow the system to crash once again to generate a crash dump.
3. Upload the .ZIP containing the .DMP files to Onedrive or a hosting site of your choice and paste in your reply.
Preferred sites: Onedrive, Mediafire, Dropbox, etc. Nothing with wait-timers, download managers, etc.
4 (optional): The type of .DMP files located in the Minidump folder are known as Small Memory Dumps. In %systemroot% there will be what is known as a Kernel Memory Dump (if your system is set to generate). It is labeled MEMORY.DMP. The difference between Small Memory Dumps and Kernel Memory Dumps in the simplest definition is a Kernel Memory Dump contains much more information at the time of the crash, therefore allowing further debugging of your issue. If your upload speed permits it, and you aren't going against any strict bandwidth and/or usage caps, etc, the Kernel Memory Dump is the best choice. Do note that Kernel Memory Dumps are much larger in size due to containing much more info, which is why I mentioned upload speed, etc.
If you are going to use Onedrive but don't know how to upload to it, please visit the following:
Upload photos and files to Onedrive.
After doing that, to learn how to share the link to the file if you are unaware, please visit the following link - Share files and folders and change permissions and view 'Get a link'.
If your computer is not generating .DMP files, please do the following:
1. Start > type %systemroot% which should show the Windows folder, click on it. Once inside that folder, ensure there is a Minidump folder created. If not, CTRL-SHIFT-N to make a New Folder and name it Minidump.
2. Windows key + Pause key. This should bring up System. Click Advanced System Settings on the left > Advanced > Performance > Settings > Advanced > Ensure there's a check-mark for 'Automatically manage paging file size for all drives'.
3. Windows key + Pause key. This should bring up System. Click Advanced System Settings on the left > Advanced > Startup and Recovery > Settings > System Failure > ensure there is a check mark next to 'Write an event to the system log'.
Ensure Small Memory Dump is selected and ensure the path is %systemroot%\Minidump.
4. Double check that the WERS is ENABLED:
Start > Search > type services.msc > Under the name tab, find Windows Error Reporting Service > If the status of the service is not Started then right click it and select Start. Also ensure that under Startup Type it is set to Automatic rather than Manual. You can do this by right clicking it, selecting properties, and under General selecting startup type to 'Automatic', and then click Apply.
If you cannot get into normal mode to do any of this, please do this via Safe Mode.
Regards,
Patrick
-------------------------------------------------------------------------------------------------------------
Driver Verifier
Driver Verifier:
What is Driver Verifier?
Driver Verifier monitors Windows kernel-mode drivers, graphics drivers, and even 3rd party drivers to detect illegal function calls or actions that might corrupt the system. Driver Verifier can subject the Windows drivers to a variety of stresses and tests to find improper behavior.
Essentially, if there's a 3rd party driver believed to be causing the issues at hand, enabling Driver Verifier will help us see which specific driver is causing the problem.
Before enabling Driver Verifier, it is recommended to create a System Restore Point:
Vista - START | type rstrui - create a restore point
Windows 7 - START | type create | select "Create a Restore Point"
Windows 8/8.1 - http://www.eightforums.com/tutorials/4690-restore-point-create-windows-8-a.html
How to enable Driver Verifier:
Start > type "verifier" without the quotes > Select the following options -
1. Select - "Create custom settings (for code developers)"
2. Select - "Select individual settings from a full list"
3. Check the following boxes -
- Special Pool
- Pool Tracking
- Force IRQL Checking
- Deadlock Detection
- Security Checks (only on Windows 7 & 8/8.1)
- DDI compliance checking (only on Windows 8/8.1)
- Miscellaneous Checks
4. Select - "Select driver names from a list"
5. Click on the "Provider" tab. This will sort all of the drivers by the provider.
6. Check EVERY box that is NOT provided by Microsoft / Microsoft Corporation.
7. Click on Finish.
8. Restart.
Important information regarding Driver Verifier:
- Perhaps the most important which I will now clarify as this has been misunderstood often, enabling Driver Verifier by itself is not! a solution, but instead a diagnostic utility. It will tell us if a driver is causing your issues, but again it will not outright solve your issues.
- If Driver Verifier finds a violation, the system will BSOD. To expand on this a bit more for the interested, specifically what Driver Verifier actually does is it looks for any driver making illegal function calls, causing memory leaks, etc. When and/if this happens, system corruption occurs if allowed to continue. When Driver Verifier is enabled per my instructions above, it is monitoring all 3rd party drivers (as we have it set that way) and when it catches a driver attempting to do this, it will quickly flag that driver as being a troublemaker, and bring down the system safely before any corruption can occur.
- After enabling Driver Verifier and restarting the system, depending on the culprit, if for example the driver is on start-up, you may not be able to get back into normal Windows because Driver Verifier will detect it in violation almost straight away, and as stated above, that will cause / force a BSOD.
If this happens, do not panic, do the following:
- Boot into Safe Mode by repeatedly tapping the F8 key during boot-up.
- Once in Safe Mode - Start > Search > type "cmd" without the quotes.
- To turn off Driver Verifier, type in cmd "verifier /reset" without the quotes.
- Restart and boot into normal Windows.
If your OS became corrupt or you cannot boot into Windows after disabling verifier via Safe Mode:
- Boot into Safe Mode by repeatedly tapping the F8 key during boot-up.
- Once in Safe Mode - Start > type "system restore" without the quotes.
- Choose the restore point you created earlier.
-- Note that Safe Mode for Windows 8/8.1 is a bit different, and you may need to try different methods: 5 Ways to Boot into Safe Mode in Windows 8 & Windows 8.1
How long should I keep Driver Verifier enabled for?
I recommend keeping it enabled for at least 24 hours. If you don't BSOD by then, disable Driver Verifier. I will usually say whether or not I'd like for you to keep it enabled any longer.
My system BSOD'd with Driver Verifier enabled, where can I find the crash dumps?
- If you have the system set to generate Small Memory Dumps, they will be located in %systemroot%\Minidump.
- If you have the system set to generate Kernel Memory Dumps, it will be located in %systemroot% and labeled MEMORY.DMP.
Any other questions can most likely be answered by this article:
http://support.microsoft.com/kb/244617
-------------------------------------------------------------------------------------------------------------
Memtest86+
Memtest86+:
Download Memtest86+ here:
http://www.memtest.org/
Which should I download?
You can either download the pre-compiled .ISO that you would burn to a CD and then boot from the CD, or you can download the auto-installer for the USB key. What this will do is format your USB drive, make it a bootable device, and then install the necessary files. Both do the same job, it's just up to you which you choose, or which you have available (whether it's CD or USB).
Do note that some older generation motherboards do not support USB-based booting, therefore your only option is CD (or Floppy if you really wanted to).
How Memtest works (you don't need to read, it's only for those interested in the specifics):
Memtest uses algorithms (specifically two), namely moving inversion & what is deemed Modulo-X. Essentially, the first algorithm fills the memory with a pattern. Starting at the low address, it checks to see if the pattern was changed (it should not have been), writes the patterns complement, increments the address, and repeats. Starting at the highest address (as opposed to the lowest), it follows the same checklist.
The reason for the second algorithm is due to a few limitations, with the first being that not all adjacent cells are being tested for interaction due to modern chips being 4 to 16 bits wide regarding data storage. With that said, patterns are used to go ahead and ensure that all adjacent cells have at least been written with all possible one and zero combinations.
The second is that caching, buffering and out of order execution will interfere with the moving inversions algorithm. However, the second algorithm used is not affected by this. For starting offsets of 0-20, the algorithm will write every 20th location with a pattern, write all other locations with the patterns complement, repeat the previous one (or more) times, and then check every 20th location for the previously mentioned pattern.
Now that you know how Memtest actually works, it's important to know that the tests it goes through all mean something different. It goes from Test 0 through Test 12, many of which use either one or the other algorithm discussed above, among many other things.
Any other questions, they can most likely be answered by reading this great guide here:
http://forum.canardpc.com/threads/28864-FAQ-please-read-before-posting
-------------------------------------------------------------------------------------------------------------
Chkdsk:
Chkdsk (there are various ways to run Chkdsk):
Method 1:
Start > Search bar > Type cmd (right click run as admin to execute Elevated CMD)
Elevated CMD should now be opened, type the following:
chkdsk x: /r
x implies your drive letter, so if your hard drive in question is letter c, it would be:
chkdsk c: /r
Restart system and let chkdsk run.
Method 2:
Open the "Computer" window
Right-click on the drive in question
Select the "Tools" tab
In the Error-checking area, click <Check Now>.
If you'd like to get a log file that contains the chkdsk results, do the following:
Press Windows Key + R and type powershell.exe in the run box
Paste the following command and press enter afterwards:
get-winevent -FilterHashTable @{logname="Application"; id="1001"}| ?{$_.providername –match "wininit"} | fl timecreated, message | out-file Desktop\CHKDSKResults.txt
This will output a .txt file on your Desktop containing the results of the chkdsk.
If chkdsk turns out okay, run Seatools -
http://www.seagate.com/support/downloads/seatools/
You can run it via Windows or DOS. Do note that the only difference is simply the environment you're running it in. In Windows, if you are having what you believe to be driver related issues that may cause conflicts or a false positive, it may be a wise decision to choose the most minimal testing environment (DOS). I always recommend running Seatools in DOS if absolutely possible.
-- Run all tests EXCEPT: Fix All and anything Advanced.
-------------------------------------------------------------------------------------------------------------
Trusted Installer / Permission issues:
Hi,
Please try the following:
1. Right click on the file or directory that is giving you permission issues.
2. Right click and select 'Properties'.
3. Once inside Properties, select the 'Security' tab.
4. Once inside the Security tab, select the 'Advanced' option at the bottom.
5. Once at the 'Advanced Security Dialog' window, click on the 'Owner' tab.
6. This is where you can see the current owner (Trusted Installer).
7. If you'd like to take ownership of said file or directory, click 'Edit'. UAC will ask you for permission, say yes. Afterwards, highlight the username in the 'Change owner' window that you'd like to assign as the new owner for said file or directory. Click 'OK' to finish.
8. Afterwards, in the 'Advanced Security Settings' window, you now see that the owner has changed to whomever you specified. Click 'OK' to exit this window, and then select 'OK' once more to finish.
9. Follow step 1 through 4 again to open the 'Properties' window for the file or directory once again.
10. Once inside the 'Properties' window once again, click the 'Edit' button and say yes to UAC.
11. Highlight the Administrators in the 'Group or user names' box. If the user ID or group that you want to manage the permissions for said file or directory does not exist, click 'Add' and type in the user name that you'd like to have full control in regards to the file or directory.
12. Once inside the Permissions for Administrators (or the user name you chose), select 'Full Control' under the 'Allow' column. Click 'OK' to finish.
Regards,
Patrick
-------------------------------------------------------------------------------------------------------------
Antivirus Removal:
avast! Windows Vista & 7:
Remove and replace avast! with Microsoft Security Essentials for temporary troubleshooting purposes:
avast! removal - http://www.avast.com/uninstall-utility
MSE - http://windows.microsoft.com/en-us/windows/security-essentials-download
avast! Windows 8:
Remove and replace avast! with Windows 8's built-in Windows Defender for temporary troubleshooting purposes:
avast! removal - http://www.avast.com/uninstall-utility
Windows Defender (how to turn on after removal)
A. Navigate to Control Panel (with icons). You can do this by hitting Start > Search > Control Panel. Once in Control Panel, change the drop-down from Category to Large and/or Small icons.
B. Among the list of icons, find and click Action Center.
C. Assuming the removal of your prior antivirus software went properly, you will notice for both Spyware and unwated software protection (important) and Virus protection (important), it'll have a button labeled Turn on now. Click this button (it doesn't matter which, as Windows Defender serves as both in Windows 8/8.1).
Norton Windows Vista & 7:
Remove and replace Norton with Microsoft Security Essentials for temporary troubleshooting purposes:
Norton removal - https://support.norton.com/sp/en/us/home/current/solutions/kb20080710133834EN_EndUserProfile_en_us;jsessionid=841A6D40BA6872C47697C6C6B19C8E11.4?entsrc=redirect_pubweb&pvid=f-home
MSE - http://windows.microsoft.com/en-us/windows/security-essentials-download
Norton Windows 8:
Remove and replace Norton with Windows 8's built-in Windows Defender for temporary troubleshooting purposes:
Norton removal - https://support.norton.com/sp/en/us/home/current/solutions/kb20080710133834EN_EndUserProfile_en_us;jsessionid=841A6D40BA6872C47697C6C6B19C8E11.4?entsrc=redirect_pubweb&pvid=f-home
Windows Defender (how to turn on after removal)
A. Navigate to Control Panel (with icons). You can do this by hitting Start > Search > Control Panel. Once in Control Panel, change the drop-down from Category to Large and/or Small icons.
B. Among the list of icons, find and click Action Center.
C. Assuming the removal of your prior antivirus software went properly, you will notice for both Spyware and unwated software protection (important) and Virus protection (important), it'll have a button labeled Turn on now. Click this button (it doesn't matter which, as Windows Defender serves as both in Windows 8/8.1).
AVG Windows Vista & 7:
Remove and replace AVG with Microsoft Security Essentials for temporary troubleshooting purposes:
AVG removal - http://www.avg.com/us-en/utilities
MSE - http://windows.microsoft.com/en-us/windows/security-essentials-download
AVG Windows 8:
Remove and replace AVG with Windows 8's built-in Windows Defender for temporary troubleshooting purposes:
AVG removal - http://www.avg.com/us-en/utilities
Windows Defender (how to turn on after removal)
A. Navigate to Control Panel (with icons). You can do this by hitting Start > Search > Control Panel. Once in Control Panel, change the drop-down from Category to Large and/or Small icons.
B. Among the list of icons, find and click Action Center.
C. Assuming the removal of your prior antivirus software went properly, you will notice for both Spyware and unwated software protection (important) and Virus protection (important), it'll have a button labeled Turn on now. Click this button (it doesn't matter which, as Windows Defender serves as both in Windows 8/8.1).
Kaspersky Windows Vista & 7:
Remove and replace Kaspersky with Microsoft Security Essentials for temporary troubleshooting purposes:
Kaspersky removal - http://support.kaspersky.com/common/service.aspx?el=1464
MSE - http://windows.microsoft.com/en-us/windows/security-essentials-download
Kaspersky Windows 8:
Remove and replace Kaspersky with Windows 8's built-in Windows Defender for temporary troubleshooting purposes:
Kaspersky removal - http://support.kaspersky.com/common/service.aspx?el=1464
Windows Defender (how to turn on after removal)
A. Navigate to Control Panel (with icons). You can do this by hitting Start > Search > Control Panel. Once in Control Panel, change the drop-down from Category to Large and/or Small icons.
B. Among the list of icons, find and click Action Center.
C. Assuming the removal of your prior antivirus software went properly, you will notice for both Spyware and unwated software protection (important) and Virus protection (important), it'll have a button labeled Turn on now. Click this button (it doesn't matter which, as Windows Defender serves as both in Windows 8/8.1).
BitDefender Windows Vista & 7:
Remove and replace BitDefender with Microsoft Security Essentials for temporary troubleshooting purposes:
BitDefender removal - http://www.bitdefender.com/support/how-to-uninstall-bitdefender-333.html
MSE - http://windows.microsoft.com/en-us/windows/security-essentials-download
BitDefender Windows 8:
Remove and replace BitDefender with Windows 8's built-in Windows Defender for temporary troubleshooting purposes:
BitDefender removal - http://www.bitdefender.com/support/how-to-uninstall-bitdefender-333.html
Windows Defender (how to turn on after removal)
A. Navigate to Control Panel (with icons). You can do this by hitting Start > Search > Control Panel. Once in Control Panel, change the drop-down from Category to Large and/or Small icons.
B. Among the list of icons, find and click Action Center.
C. Assuming the removal of your prior antivirus software went properly, you will notice for both Spyware and unwated software protection (important) and Virus protection (important), it'll have a button labeled Turn on now. Click this button (it doesn't matter which, as Windows Defender serves as both in Windows 8/8.1).
Avira Windows Vista & 7:
Remove and replace Avira with Microsoft Security Essentials for temporary troubleshooting purposes:
Avira removal - http://www.avira.com/en/support-for-home-knowledgebase-detail/kbid/88
MSE - http://windows.microsoft.com/en-us/windows/security-essentials-download
Avira Windows 8:
Remove and replace Avira with Windows 8's built-in Windows Defender for temporary troubleshooting purposes:
Avira removal - http://www.avira.com/en/support-for-home-knowledgebase-detail/kbid/88
Windows Defender (how to turn on after removal)
A. Navigate to Control Panel (with icons). You can do this by hitting Start > Search > Control Panel. Once in Control Panel, change the drop-down from Category to Large and/or Small icons.
B. Among the list of icons, find and click Action Center.
C. Assuming the removal of your prior antivirus software went properly, you will notice for both Spyware and unwated software protection (important) and Virus protection (important), it'll have a button labeled Turn on now. Click this button (it doesn't matter which, as Windows Defender serves as both in Windows 8/8.1).
McAfee Windows Vista & 7:
Remove and replace McAfee with Microsoft Security Essentials for temporary troubleshooting purposes:
McAfee removal - http://service.mcafee.com/FAQDocument.aspx?id=TS101331
MSE - http://windows.microsoft.com/en-us/windows/security-essentials-download
McAfee Windows 8:
Remove and replace McAfee with Windows 8's built-in Windows Defender for temporary troubleshooting purposes:
McAfee removal - http://service.mcafee.com/FAQDocument.aspx?id=TS101331
Windows Defender (how to turn on after removal)
A. Navigate to Control Panel (with icons). You can do this by hitting Start > Search > Control Panel. Once in Control Panel, change the drop-down from Category to Large and/or Small icons.
B. Among the list of icons, find and click Action Center.
C. Assuming the removal of your prior antivirus software went properly, you will notice for both Spyware and unwated software protection (important) and Virus protection (important), it'll have a button labeled Turn on now. Click this button (it doesn't matter which, as Windows Defender serves as both in Windows 8/8.1).
Windows Defender (turn on) Windows 8:
1. Navigate to Control Panel (with icons). You can do this by hitting Start > Search > Control Panel. Once in Control Panel, change the drop-down from Category to Large and/or Small icons.
2. Among the list of icons, find and click Windows Defender.
3. Once the Windows Defender window pops up, select the Settings tab. As soon as you're in Settings, on the left-hand side, select Administrator (below MAPS), and then un-check Turn on this app. If UAC (User Account Control) notes this is an administrative privilege and requires you to prompt it, select yes.
-------------------------------------------------------------------------------------------------------------
Bugchecks (slowly adding over time):
**These are not all of the bug checks, but actually just the ones that I run into the most that I get tired of typing. Could I just visit the MSDN pages? Sure, but it's easier this way for me.
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
This indicates that a kernel-mode driver attempted to access pageable memory at a process IRQL that was too high.
A driver tried to access an address that is pageable (or that is completely invalid) while the IRQL was too high. This bug check is usually caused by drivers that have used improper addresses.
IRQL_NOT_LESS_OR_EQUAL (a)
This indicates that Microsoft Windows or a kernel-mode driver accessed paged memory at DISPATCH_LEVEL or above.
This bug check is issued if paged memory (or invalid memory) is accessed when the IRQL is too high. The error that generates this bug check usually occurs after the installation of a faulty device driver, system service, or BIOS.
CRITICAL_STRUCTURE_CORRUPTION (109)
This indicates that the kernel has detected critical kernel code or data corruption.
There are generally two causes for this bug check:
This indicates that invalid system memory has been referenced.
Bug check 0x50 usually occurs after the installation of faulty hardware or in the event of failure of installed hardware (usually related to defective RAM, be it main memory, L2 RAM cache, or video RAM).
Another common cause is the installation of a faulty system service.
Antivirus software can also trigger this error, as can a corrupted NTFS volume.
DRIVER_POWER_STATE_FAILURE (9f)
This bug check indicates that the driver is in an inconsistent or invalid power state.
IRQL_GT_ZERO_AT_SYSTEM_SERVICE (4a)
This indicates that a thread is returning to user mode from a system call when its IRQL is still above PASSIVE_LEVEL.
KMODE_EXCEPTION_NOT_HANDLED (1e)
This indicates that a kernel-mode program generated an exception which the error handler did not catch.
SYSTEM_SERVICE_EXCEPTION (3b)
This indicates that an exception happened while executing a routine that transitions from non-privileged code to privileged code.
This error has been linked to excessive paged pool usage and may occur due to user-mode graphics drivers crossing over and passing bad data to the kernel code.
QUOTA_UNDERFLOW (21)
This indicates that quota charges have been mishandled by returning more quota to a particular block than was previously charged.
CACHE_MANAGER (34)
This indicates that a problem occurred in the file system's cache manager.
One possible cause of this bug check is depletion of nonpaged pool memory. If the nonpaged pool memory is completely depleted, this error can stop the system. However, during the indexing process, if the amount of available nonpaged pool memory is very low, another kernel-mode driver requiring nonpaged pool memory can also trigger this error.
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This indicates that a system thread generated an exception which the error handler did not catch.
BAD_POOL_HEADER (19)
This indicates that a pool header is corrupt.
PROCESS_HAS_LOCKED_PAGES (76)
This bug check indicates that a driver failed to release locked pages after an I/O operation, or that it attempted to unlock pages that were already unlocked.
The driver either failed to unlock pages that it locked (parameter 1 value is 0x0), or the driver is attempting to unlock pages that have not been locked or that have already been unlocked (parameter 1 value is 0x1).
KERNEL_DATA_INPAGE_ERROR (7a)
This bug check indicates that the requested page of kernel data from the paging file could not be read into memory.
CRITICAL_PROCESS_DIED (ef)
This indicates that a critical system process died.
DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
This is the general bug check code for fatal errors found by Driver Verifier.
CRITICAL_OBJECT_TERMINATION (f4)
This indicates that a process or thread crucial to system operation has unexpectedly exited or been terminated.
UNEXPECTED_KERNEL_MODE_TRAP (7f)
This bug check indicates that the Intel CPU generated a trap and the kernel failed to catch this trap.
CLOCK_WATCHDOG_TIMEOUT (101)
This indicates that an expected clock interrupt on a secondary processor, in a multi-processor system, was not received within the allocated interval.
DRIVER_CORRUPTED_EXPOOL (c5)
This indicates that the system attempted to access invalid memory at a process IRQL that was too high.
DPC_WATCHDOG_VIOLATION (133)
This bug check indicates that the DPC watchdog executed, either because it detected a single long-running deferred procedure call (DPC), or because the system spent a prolonged time at an interrupt request level (IRQL) of DISPATCH_LEVEL or above.
MEMORY_MANAGEMENT (1a)
This indicates that a severe memory management error occurred.
**put bug check string here**
- The 1st parameter of the bug check is 403 which indicates the page table and PFNs are out of sync . This is probably a hardware error, especially if parameters 3 & 4 differ by only a single bit.
- The 1st parameter of the bug check is 411 which indicates a page table entry (PTE) has been corrupted.
- The 1st parameter of the bug check is 5003 which indicates the working set free list is corrupt. This is probably a hardware error.
- The 1st parameter of the bug check is 41284 which indicates a PTE or the working set list is corrupted.
- The 1st parameter of the bug check is 41785 which indicates the working set list is corrupted.
- The 1st parameter of the bug check is 41287 which indicates an illegal page fault occurred while holding working set synchronization.
- The 1st parameter of the bug check is 41790 which indicates a page table page has been corrupted.
- The 1st parameter of the bug check is 41792 which indicates a corrupted PTE has been detected.
- The 1st parameter of the bug check is OTHER which indicates an unknown memory management error occurred.
VIDEO_DXGKRNL_FATAL_ERROR (113)
This indicates that the Microsoft DirectX graphics kernel subsystem has detected a violation.
PFN_LIST_CORRUPT (4e)
This indicates that the page frame number (PFN) list is corrupted.
This error is typically caused by a driver passing a bad memory descriptor list. For example, the driver might have called MmUnlockPages twice with the same list.
APC_INDEX_MISMATCH (1)
This indicates that there has been a mismatch in the APC state index.
The most common cause of this bug check is when a file system or driver has a mismatched sequence of calls to disable and re-enable APCs.
REFERENCE_BY_POINTER (18)
This indicates that the reference count of an object is illegal for the current state of the object.
The reference count of an object is illegal for the current state of the object. Each time a driver uses a pointer to an object, the driver calls a kernel routine to increase the reference count of the object by one. When the driver is done with the pointer, the driver calls another kernel routine to decrease the reference count by one.
Drivers must match calls to the routines that increase (reference) and decrease (dereference) the reference count. This bug check is caused by an inconsistency in the object's reference count. Typically, the inconsistency is caused by a driver that decreases the reference count of an object too many times, making extra calls that dereference the object. This bug check can occur because an object's reference count goes to zero while there are still open handles to the object. It might also occur when the object's reference count drops below zero, whether or not there are open handles to the object.
QUOTA_UNDERFLOW (21)
This indicates that quota charges have been mishandled by returning more quota to a particular block than was previously charged.
NTFS_FILE_SYSTEM (24)
This indicates a problem occurred in ntfs.sys, the driver file that allows the system to read and write to NTFS drives.
One possible cause of this bug check is disk corruption. Corruption in the NTFS file system or bad blocks (sectors) on the hard disk can induce this error. Corrupted SCSI and IDE drivers can also adversely affect the system's ability to read and write to disk, thus causing the error.
Another possible cause is depletion of nonpaged pool memory. If the nonpaged pool memory is completely depleted, this error can stop the system. However, during the indexing process, if the amount of available nonpaged pool memory is very low, another kernel-mode driver requiring nonpaged pool memory can also trigger this error.
CACHE_MANAGER (34)
This indicates that a problem occurred in the file system's cache manager.
One possible cause of this bug check is depletion of nonpaged pool memory. If the nonpaged pool memory is completely depleted, this error can stop the system. However, during the indexing process, if the amount of available nonpaged pool memory is very low, another kernel-mode driver requiring nonpaged pool memory can also trigger this error.
NO_MORE_IRP_STACK_LOCATIONS (35)
This bug check occurs when the IoCallDriver packet has no more stack locations remaining.
A higher-level driver has attempted to call a lower-level driver through the IoCallDriver interface, but there are no more stack locations in the packet. This will prevent the lower-level driver from accessing its parameters.
This is a disastrous situation, since the higher level driver is proceeding as if it has filled in the parameters for the lower level driver (as required). But since there is no stack location for the latter driver, the former has actually written off the end of the packet. This means that some other memory has been corrupted as well.
INTERRUPT_EXCEPTION_NOT_HANDLED (3D)
This bug check appears very infrequently.
MULTIPLE_IRP_COMPLETE_REQUESTS (44)
This indicates that a driver has tried to request an IRP be completed that is already complete.
IRQL_GT_ZERO_AT_SYSTEM_SERVICE (4A)
This indicates that a thread is returning to user mode from a system call when its IRQL is still above PASSIVE_LEVEL.
REGISTRY_ERROR (51)
This indicates that a severe registry error has occurred.
This error may indicate that the registry encountered an I/O error while trying to read one of its files. This can be caused by hardware problems or file system corruption.
It may also occur due to a failure in a refresh operation, which is used only in by the security system, and then only when resource limits are encountered.
PROCESS_HAS_LOCKED_PAGES (76)
This bug check indicates that a driver failed to release locked pages after an I/O operation, or that it attempted to unlock pages that were already unlocked.
MACHINE_CHECK_EXCEPTION (9C)
This bug check indicates that a fatal machine check exception has occurred.
INTERNAL_POWER_ERROR (A0)
This bug check indicates that the power policy manager experienced a fatal error.
DRIVER_VERIFIER_IOMANAGER_VIOLATION (C9)
This is the bug check code for all Driver Verifier I/O Verification violations.
DRIVER_PAGE_FAULT_IN_FREED_SPECIAL_POOL (D5)
This indicates that a driver has referenced memory which was earlier freed.
DRIVER_PAGE_FAULT_BEYOND_END_OF_ALLOCATION (D6)
This indicates the driver accessed memory beyond the end of its pool allocation.
The driver allocated n bytes of memory and then referenced more than n bytes. The Driver Verifier Special Pool option detected this violation.
CRITICAL_PROCESS_DIED (EF)
This indicates that a critical system process died.
DRIVER_OVERRAN_STACK_BUFFER (F7)
This indicates that a driver has overrun a stack-based buffer.
A driver overran a stack-based buffer (or local variable) in a way that would have overwritten the function's return address and jumped back to an arbitrary address when the function returned.
ATTEMPTED_EXECUTE_OF_NOEXECUTE_MEMORY (FC)
This indicates that an attempt was made to execute non-executable memory.
BUGCODE_USB_DRIVER (FE)
This indicates that an error has occurred in a universal serial bus (USB) driver.
IRQL_UNEXPECTED_VALUE (C8)
This indicates that the processor's IRQL is not what it should be at this time.
This error is usually caused by a device driver or another lower-level program that changed the IRQL for some period and did not restore the original IRQL at the end of that period. For example, the routine may have acquired a spin lock and failed to release it.
ATTEMPTED_WRITE_TO_READONLY_MEMORY (BE)
This is issued if a driver attempts to write to a read-only memory segment.
WDF_VIOLATION (10D)
This indicates that Kernel-Mode Driver Framework (KMDF) detected that Windows found an error in a framework-based driver.
VIDEO_DXGKRNL_FATAL_ERROR (113)
This indicates that the Microsoft DirectX graphics kernel subsystem has detected a violation.
This bug check appears very infrequently.
VIDEO_TDR_FAILURE (116)
Attempt to reset the display driver and recover from timeout failed.
The DirectX MMS video scheduler scheduled a worker thread, submitted a queue command, submitted a render command, sent the render command to the execution queue with a wait timer, waited for complete preemption, waited for the completion event, was reported that the display driver is hanging.
At this point, the DirectX Kernel then came in and noted that Timeout Detection Recovery is required (TDR) to reset the display driver, but it then failed to recover in the allotted recovery period, so the box bug checked.
VIDEO_SCHEDULER_INTERNAL_ERROR (119)
This indicates that the video scheduler has detected a fatal violation.
THREAD_STUCK_IN_DEVICE_DRIVER_M (100000EA)
This indicates that a thread in a device driver is endlessly spinning.
WHEA_UNCORRECTABLE_ERROR (124)
A fatal hardware error has occurred. This fatal error displays data from the Windows Hardware Error Architecture (WHEA).
If we run an !errrec on the 2nd parameter of the bug check (address of the WER structure) we get the following:
KERNEL_SECURITY_CHECK_FAILURE (139)
This bug check indicates that the kernel has detected the corruption of a critical data structure.
- The first argument is 2 which indicates a stack cookie instrumentation code detected a stack-based buffer overrun.
- The first argument is 3 which indicates a LIST_ENTRY was corrupted.
-------------------------------------------------------------------------------------------------------------
Registry Cleaners:
First off, one big thing about registry cleaning is it is by no means and should not be a computer maintenance task. Clearing your browser's cache and cookies every week? Great, no harm there. Running your favorite registry cleaner every week? NOT GREAT.
If we're being honest and straightforward here, cleaning the registry is an entirely unnecessary thing to do. So far, what I've said makes it sound like I despise registry cleaners. Do I? No, I don't despise them, but as I said, they are unnecessary and if used carelessly can render your Operating System a paperweight.
So why would you even use a registry cleaner in the first place? Well, they have to do something right or they wouldn't even be allowed to be sold (if paid for) or if they were free (CCleaner for example) there would be a huge backlash, more than what there already is in IT with regards to opinions based on registry cleaners.
Registry cleaning software is useful mainly for one thing, and it can be done very well depending on the algorithm the cleaner software itself is using, and that's removing remnants of old uninstalled software or entries with now invalid path names. At times, it can also possibly be useful for removing traces of malware that may have been stored in the registry that was not successfully removed after running a virus scan, etc.
Other than that, it's not going to do anything. It will not increase your system's performance by any means whatsoever. Nothing noticeable. A 'smaller registry' in theory would have one assume that things load faster, etc, but in reality there is no performance difference whatsoever.
For reference, take a look at this:
Mark Russinovich (Author of the "Bible", Windows Internals, co-founder of Winternals and Sysinternals, and since both companies were bought by Microsoft, now a senior Microsoft employee) was asked:
Q: Will using a registry cleaner increase the speed and/or performance of my system?
A: No.
----
Q: Why would I even use a registry cleaner then?
A: I personally wouldn't use one whatsoever and would find the problem you're specifically having and take care of it manually. That is much safer. However, the main use of registry cleaners is to again as stated above, remove remnants of old uninstalled software or entries with now invalid path names. At times, it can also possibly be useful for removing traces of malware that may have been stored in the registry that was not successfully removed after running a virus scan, etc.
----
Q: What is the true danger of using a registry cleaner?
A: You have to remember what you're using is an automated tool that is not perfect by any means. You are putting your trust in an automated tool to be absolutely sure every key it is about to delete is 100% unnecessary. At times, and I have seen it personally myself PLENTY, it can delete a very important key that is necessary to the functionality of your Operating System in some form or another.
----
Q: What if my registry is corrupt, will running a registry cleaner help?
A: Absolutely not.
-------------------------------------------------------------------------------------------------------------
sptd.sys:
sptd.sys is listed and loaded in your modules list; SCSI Pass Through Direct Host - Daemon Tools (known BSOD issues). Please remove it ASAP with the uninstaller tool - http://www.duplexsecure.com/en/downloads
-------------------------------------------------------------------------------------------------------------
Hardware Acceleration problems/green screen:
Chrome - http://www.sevenforums.com/tutorials/271264-chrome-gpu-hardware-acceleration-turn-off.html
Regards,
Patrick
-------------------------------------------------------------------------------------------------------------
General BSOD:
AiCharger.sys
AiCharger.sys is listed and loaded in the modules list which is the Asus Charger driver. It's included in many Asus bloatware, which you appear to have installed. Please go ahead and uninstall any and all Asus software as it's unnecessary bloatware.
Video card drivers
Ensure you have the latest video card drivers via the manufacturers website. If you are already on the latest video card drivers, uninstall and install a version or a few versions behind the latest to ensure it's not a latest driver only issue. If you have already experimented with the latest video card driver and many previous versions, please give the beta driver for your video card a try.
dtsoftbus01.sys
** Last edited 9/19/2014
-------------------------------------------------------------------------------------------------------------
BSOD Intro:
Hi,
In order to assist you, we will need the .DMP files to analyze what exactly occurred at the time of the crash, etc.
If you don't know where .DMP files are located, here's how to get to them:
1. Navigate to the %systemroot%\Minidump folder.
-- %systemroot% is the environment variable for your Windows directory. For example, C:\Windows.
2. Copy any and all .DMP files in the Minidump folder to your Desktop, create a new folder on the Desktop to put these .DMP files in, and then zip the folder. You can then either use a 3rd party tool such as 7-Zip/Winrar, or you can use Windows' default method of zipping folders.
Compress and uncompress files (zip files).
Please note that any "cleaner" programs such as TuneUpUtilities, CCleaner, etc, by default will delete .DMP files upon use. With this said, if you've run such software, and your Minidump folder is empty, you will need to allow the system to crash once again to generate a crash dump.
3. Upload the .ZIP containing the .DMP files to Onedrive or a hosting site of your choice and paste in your reply.
Preferred sites: Onedrive, Mediafire, Dropbox, etc. Nothing with wait-timers, download managers, etc.
4 (optional): The type of .DMP files located in the Minidump folder are known as Small Memory Dumps. In %systemroot% there will be what is known as a Kernel Memory Dump (if your system is set to generate). It is labeled MEMORY.DMP. The difference between Small Memory Dumps and Kernel Memory Dumps in the simplest definition is a Kernel Memory Dump contains much more information at the time of the crash, therefore allowing further debugging of your issue. If your upload speed permits it, and you aren't going against any strict bandwidth and/or usage caps, etc, the Kernel Memory Dump is the best choice. Do note that Kernel Memory Dumps are much larger in size due to containing much more info, which is why I mentioned upload speed, etc.
If you are going to use Onedrive but don't know how to upload to it, please visit the following:
Upload photos and files to Onedrive.
After doing that, to learn how to share the link to the file if you are unaware, please visit the following link - Share files and folders and change permissions and view 'Get a link'.
If your computer is not generating .DMP files, please do the following:
1. Start > type %systemroot% which should show the Windows folder, click on it. Once inside that folder, ensure there is a Minidump folder created. If not, CTRL-SHIFT-N to make a New Folder and name it Minidump.
2. Windows key + Pause key. This should bring up System. Click Advanced System Settings on the left > Advanced > Performance > Settings > Advanced > Ensure there's a check-mark for 'Automatically manage paging file size for all drives'.
3. Windows key + Pause key. This should bring up System. Click Advanced System Settings on the left > Advanced > Startup and Recovery > Settings > System Failure > ensure there is a check mark next to 'Write an event to the system log'.
Ensure Small Memory Dump is selected and ensure the path is %systemroot%\Minidump.
4. Double check that the WERS is ENABLED:
Start > Search > type services.msc > Under the name tab, find Windows Error Reporting Service > If the status of the service is not Started then right click it and select Start. Also ensure that under Startup Type it is set to Automatic rather than Manual. You can do this by right clicking it, selecting properties, and under General selecting startup type to 'Automatic', and then click Apply.
If you cannot get into normal mode to do any of this, please do this via Safe Mode.
Regards,
Patrick
-------------------------------------------------------------------------------------------------------------
Driver Verifier
Driver Verifier:
What is Driver Verifier?
Driver Verifier monitors Windows kernel-mode drivers, graphics drivers, and even 3rd party drivers to detect illegal function calls or actions that might corrupt the system. Driver Verifier can subject the Windows drivers to a variety of stresses and tests to find improper behavior.
Essentially, if there's a 3rd party driver believed to be causing the issues at hand, enabling Driver Verifier will help us see which specific driver is causing the problem.
Before enabling Driver Verifier, it is recommended to create a System Restore Point:
Vista - START | type rstrui - create a restore point
Windows 7 - START | type create | select "Create a Restore Point"
Windows 8/8.1 - http://www.eightforums.com/tutorials/4690-restore-point-create-windows-8-a.html
How to enable Driver Verifier:
Start > type "verifier" without the quotes > Select the following options -
1. Select - "Create custom settings (for code developers)"
2. Select - "Select individual settings from a full list"
3. Check the following boxes -
- Special Pool
- Pool Tracking
- Force IRQL Checking
- Deadlock Detection
- Security Checks (only on Windows 7 & 8/8.1)
- DDI compliance checking (only on Windows 8/8.1)
- Miscellaneous Checks
4. Select - "Select driver names from a list"
5. Click on the "Provider" tab. This will sort all of the drivers by the provider.
6. Check EVERY box that is NOT provided by Microsoft / Microsoft Corporation.
7. Click on Finish.
8. Restart.
Important information regarding Driver Verifier:
- Perhaps the most important which I will now clarify as this has been misunderstood often, enabling Driver Verifier by itself is not! a solution, but instead a diagnostic utility. It will tell us if a driver is causing your issues, but again it will not outright solve your issues.
- If Driver Verifier finds a violation, the system will BSOD. To expand on this a bit more for the interested, specifically what Driver Verifier actually does is it looks for any driver making illegal function calls, causing memory leaks, etc. When and/if this happens, system corruption occurs if allowed to continue. When Driver Verifier is enabled per my instructions above, it is monitoring all 3rd party drivers (as we have it set that way) and when it catches a driver attempting to do this, it will quickly flag that driver as being a troublemaker, and bring down the system safely before any corruption can occur.
- After enabling Driver Verifier and restarting the system, depending on the culprit, if for example the driver is on start-up, you may not be able to get back into normal Windows because Driver Verifier will detect it in violation almost straight away, and as stated above, that will cause / force a BSOD.
If this happens, do not panic, do the following:
- Boot into Safe Mode by repeatedly tapping the F8 key during boot-up.
- Once in Safe Mode - Start > Search > type "cmd" without the quotes.
- To turn off Driver Verifier, type in cmd "verifier /reset" without the quotes.
- Restart and boot into normal Windows.
If your OS became corrupt or you cannot boot into Windows after disabling verifier via Safe Mode:
- Boot into Safe Mode by repeatedly tapping the F8 key during boot-up.
- Once in Safe Mode - Start > type "system restore" without the quotes.
- Choose the restore point you created earlier.
-- Note that Safe Mode for Windows 8/8.1 is a bit different, and you may need to try different methods: 5 Ways to Boot into Safe Mode in Windows 8 & Windows 8.1
How long should I keep Driver Verifier enabled for?
I recommend keeping it enabled for at least 24 hours. If you don't BSOD by then, disable Driver Verifier. I will usually say whether or not I'd like for you to keep it enabled any longer.
My system BSOD'd with Driver Verifier enabled, where can I find the crash dumps?
- If you have the system set to generate Small Memory Dumps, they will be located in %systemroot%\Minidump.
- If you have the system set to generate Kernel Memory Dumps, it will be located in %systemroot% and labeled MEMORY.DMP.
Any other questions can most likely be answered by this article:
http://support.microsoft.com/kb/244617
-------------------------------------------------------------------------------------------------------------
Memtest86+
Memtest86+:
Download Memtest86+ here:
http://www.memtest.org/
Which should I download?
You can either download the pre-compiled .ISO that you would burn to a CD and then boot from the CD, or you can download the auto-installer for the USB key. What this will do is format your USB drive, make it a bootable device, and then install the necessary files. Both do the same job, it's just up to you which you choose, or which you have available (whether it's CD or USB).
Do note that some older generation motherboards do not support USB-based booting, therefore your only option is CD (or Floppy if you really wanted to).
How Memtest works (you don't need to read, it's only for those interested in the specifics):
Memtest uses algorithms (specifically two), namely moving inversion & what is deemed Modulo-X. Essentially, the first algorithm fills the memory with a pattern. Starting at the low address, it checks to see if the pattern was changed (it should not have been), writes the patterns complement, increments the address, and repeats. Starting at the highest address (as opposed to the lowest), it follows the same checklist.
The reason for the second algorithm is due to a few limitations, with the first being that not all adjacent cells are being tested for interaction due to modern chips being 4 to 16 bits wide regarding data storage. With that said, patterns are used to go ahead and ensure that all adjacent cells have at least been written with all possible one and zero combinations.
The second is that caching, buffering and out of order execution will interfere with the moving inversions algorithm. However, the second algorithm used is not affected by this. For starting offsets of 0-20, the algorithm will write every 20th location with a pattern, write all other locations with the patterns complement, repeat the previous one (or more) times, and then check every 20th location for the previously mentioned pattern.
Now that you know how Memtest actually works, it's important to know that the tests it goes through all mean something different. It goes from Test 0 through Test 12, many of which use either one or the other algorithm discussed above, among many other things.
Any other questions, they can most likely be answered by reading this great guide here:
http://forum.canardpc.com/threads/28864-FAQ-please-read-before-posting
-------------------------------------------------------------------------------------------------------------
Chkdsk:
Chkdsk (there are various ways to run Chkdsk):
Method 1:
Start > Search bar > Type cmd (right click run as admin to execute Elevated CMD)
Elevated CMD should now be opened, type the following:
chkdsk x: /r
x implies your drive letter, so if your hard drive in question is letter c, it would be:
chkdsk c: /r
Restart system and let chkdsk run.
Method 2:
Open the "Computer" window
Right-click on the drive in question
Select the "Tools" tab
In the Error-checking area, click <Check Now>.
If you'd like to get a log file that contains the chkdsk results, do the following:
Press Windows Key + R and type powershell.exe in the run box
Paste the following command and press enter afterwards:
get-winevent -FilterHashTable @{logname="Application"; id="1001"}| ?{$_.providername –match "wininit"} | fl timecreated, message | out-file Desktop\CHKDSKResults.txt
This will output a .txt file on your Desktop containing the results of the chkdsk.
If chkdsk turns out okay, run Seatools -
http://www.seagate.com/support/downloads/seatools/
You can run it via Windows or DOS. Do note that the only difference is simply the environment you're running it in. In Windows, if you are having what you believe to be driver related issues that may cause conflicts or a false positive, it may be a wise decision to choose the most minimal testing environment (DOS). I always recommend running Seatools in DOS if absolutely possible.
-- Run all tests EXCEPT: Fix All and anything Advanced.
-------------------------------------------------------------------------------------------------------------
Trusted Installer / Permission issues:
Hi,
Please try the following:
1. Right click on the file or directory that is giving you permission issues.
2. Right click and select 'Properties'.
3. Once inside Properties, select the 'Security' tab.
4. Once inside the Security tab, select the 'Advanced' option at the bottom.
5. Once at the 'Advanced Security Dialog' window, click on the 'Owner' tab.
6. This is where you can see the current owner (Trusted Installer).
7. If you'd like to take ownership of said file or directory, click 'Edit'. UAC will ask you for permission, say yes. Afterwards, highlight the username in the 'Change owner' window that you'd like to assign as the new owner for said file or directory. Click 'OK' to finish.
8. Afterwards, in the 'Advanced Security Settings' window, you now see that the owner has changed to whomever you specified. Click 'OK' to exit this window, and then select 'OK' once more to finish.
9. Follow step 1 through 4 again to open the 'Properties' window for the file or directory once again.
10. Once inside the 'Properties' window once again, click the 'Edit' button and say yes to UAC.
11. Highlight the Administrators in the 'Group or user names' box. If the user ID or group that you want to manage the permissions for said file or directory does not exist, click 'Add' and type in the user name that you'd like to have full control in regards to the file or directory.
12. Once inside the Permissions for Administrators (or the user name you chose), select 'Full Control' under the 'Allow' column. Click 'OK' to finish.
Regards,
Patrick
-------------------------------------------------------------------------------------------------------------
Antivirus Removal:
avast! Windows Vista & 7:
Remove and replace avast! with Microsoft Security Essentials for temporary troubleshooting purposes:
avast! removal - http://www.avast.com/uninstall-utility
MSE - http://windows.microsoft.com/en-us/windows/security-essentials-download
avast! Windows 8:
Remove and replace avast! with Windows 8's built-in Windows Defender for temporary troubleshooting purposes:
avast! removal - http://www.avast.com/uninstall-utility
Windows Defender (how to turn on after removal)
A. Navigate to Control Panel (with icons). You can do this by hitting Start > Search > Control Panel. Once in Control Panel, change the drop-down from Category to Large and/or Small icons.
B. Among the list of icons, find and click Action Center.
C. Assuming the removal of your prior antivirus software went properly, you will notice for both Spyware and unwated software protection (important) and Virus protection (important), it'll have a button labeled Turn on now. Click this button (it doesn't matter which, as Windows Defender serves as both in Windows 8/8.1).
Norton Windows Vista & 7:
Remove and replace Norton with Microsoft Security Essentials for temporary troubleshooting purposes:
Norton removal - https://support.norton.com/sp/en/us/home/current/solutions/kb20080710133834EN_EndUserProfile_en_us;jsessionid=841A6D40BA6872C47697C6C6B19C8E11.4?entsrc=redirect_pubweb&pvid=f-home
MSE - http://windows.microsoft.com/en-us/windows/security-essentials-download
Norton Windows 8:
Remove and replace Norton with Windows 8's built-in Windows Defender for temporary troubleshooting purposes:
Norton removal - https://support.norton.com/sp/en/us/home/current/solutions/kb20080710133834EN_EndUserProfile_en_us;jsessionid=841A6D40BA6872C47697C6C6B19C8E11.4?entsrc=redirect_pubweb&pvid=f-home
Windows Defender (how to turn on after removal)
A. Navigate to Control Panel (with icons). You can do this by hitting Start > Search > Control Panel. Once in Control Panel, change the drop-down from Category to Large and/or Small icons.
B. Among the list of icons, find and click Action Center.
C. Assuming the removal of your prior antivirus software went properly, you will notice for both Spyware and unwated software protection (important) and Virus protection (important), it'll have a button labeled Turn on now. Click this button (it doesn't matter which, as Windows Defender serves as both in Windows 8/8.1).
AVG Windows Vista & 7:
Remove and replace AVG with Microsoft Security Essentials for temporary troubleshooting purposes:
AVG removal - http://www.avg.com/us-en/utilities
MSE - http://windows.microsoft.com/en-us/windows/security-essentials-download
AVG Windows 8:
Remove and replace AVG with Windows 8's built-in Windows Defender for temporary troubleshooting purposes:
AVG removal - http://www.avg.com/us-en/utilities
Windows Defender (how to turn on after removal)
A. Navigate to Control Panel (with icons). You can do this by hitting Start > Search > Control Panel. Once in Control Panel, change the drop-down from Category to Large and/or Small icons.
B. Among the list of icons, find and click Action Center.
C. Assuming the removal of your prior antivirus software went properly, you will notice for both Spyware and unwated software protection (important) and Virus protection (important), it'll have a button labeled Turn on now. Click this button (it doesn't matter which, as Windows Defender serves as both in Windows 8/8.1).
Kaspersky Windows Vista & 7:
Remove and replace Kaspersky with Microsoft Security Essentials for temporary troubleshooting purposes:
Kaspersky removal - http://support.kaspersky.com/common/service.aspx?el=1464
MSE - http://windows.microsoft.com/en-us/windows/security-essentials-download
Kaspersky Windows 8:
Remove and replace Kaspersky with Windows 8's built-in Windows Defender for temporary troubleshooting purposes:
Kaspersky removal - http://support.kaspersky.com/common/service.aspx?el=1464
Windows Defender (how to turn on after removal)
A. Navigate to Control Panel (with icons). You can do this by hitting Start > Search > Control Panel. Once in Control Panel, change the drop-down from Category to Large and/or Small icons.
B. Among the list of icons, find and click Action Center.
C. Assuming the removal of your prior antivirus software went properly, you will notice for both Spyware and unwated software protection (important) and Virus protection (important), it'll have a button labeled Turn on now. Click this button (it doesn't matter which, as Windows Defender serves as both in Windows 8/8.1).
BitDefender Windows Vista & 7:
Remove and replace BitDefender with Microsoft Security Essentials for temporary troubleshooting purposes:
BitDefender removal - http://www.bitdefender.com/support/how-to-uninstall-bitdefender-333.html
MSE - http://windows.microsoft.com/en-us/windows/security-essentials-download
BitDefender Windows 8:
Remove and replace BitDefender with Windows 8's built-in Windows Defender for temporary troubleshooting purposes:
BitDefender removal - http://www.bitdefender.com/support/how-to-uninstall-bitdefender-333.html
Windows Defender (how to turn on after removal)
A. Navigate to Control Panel (with icons). You can do this by hitting Start > Search > Control Panel. Once in Control Panel, change the drop-down from Category to Large and/or Small icons.
B. Among the list of icons, find and click Action Center.
C. Assuming the removal of your prior antivirus software went properly, you will notice for both Spyware and unwated software protection (important) and Virus protection (important), it'll have a button labeled Turn on now. Click this button (it doesn't matter which, as Windows Defender serves as both in Windows 8/8.1).
Avira Windows Vista & 7:
Remove and replace Avira with Microsoft Security Essentials for temporary troubleshooting purposes:
Avira removal - http://www.avira.com/en/support-for-home-knowledgebase-detail/kbid/88
MSE - http://windows.microsoft.com/en-us/windows/security-essentials-download
Avira Windows 8:
Remove and replace Avira with Windows 8's built-in Windows Defender for temporary troubleshooting purposes:
Avira removal - http://www.avira.com/en/support-for-home-knowledgebase-detail/kbid/88
Windows Defender (how to turn on after removal)
A. Navigate to Control Panel (with icons). You can do this by hitting Start > Search > Control Panel. Once in Control Panel, change the drop-down from Category to Large and/or Small icons.
B. Among the list of icons, find and click Action Center.
C. Assuming the removal of your prior antivirus software went properly, you will notice for both Spyware and unwated software protection (important) and Virus protection (important), it'll have a button labeled Turn on now. Click this button (it doesn't matter which, as Windows Defender serves as both in Windows 8/8.1).
McAfee Windows Vista & 7:
Remove and replace McAfee with Microsoft Security Essentials for temporary troubleshooting purposes:
McAfee removal - http://service.mcafee.com/FAQDocument.aspx?id=TS101331
MSE - http://windows.microsoft.com/en-us/windows/security-essentials-download
McAfee Windows 8:
Remove and replace McAfee with Windows 8's built-in Windows Defender for temporary troubleshooting purposes:
McAfee removal - http://service.mcafee.com/FAQDocument.aspx?id=TS101331
Windows Defender (how to turn on after removal)
A. Navigate to Control Panel (with icons). You can do this by hitting Start > Search > Control Panel. Once in Control Panel, change the drop-down from Category to Large and/or Small icons.
B. Among the list of icons, find and click Action Center.
C. Assuming the removal of your prior antivirus software went properly, you will notice for both Spyware and unwated software protection (important) and Virus protection (important), it'll have a button labeled Turn on now. Click this button (it doesn't matter which, as Windows Defender serves as both in Windows 8/8.1).
Windows Defender (turn on) Windows 8:
1. Navigate to Control Panel (with icons). You can do this by hitting Start > Search > Control Panel. Once in Control Panel, change the drop-down from Category to Large and/or Small icons.
2. Among the list of icons, find and click Windows Defender.
3. Once the Windows Defender window pops up, select the Settings tab. As soon as you're in Settings, on the left-hand side, select Administrator (below MAPS), and then un-check Turn on this app. If UAC (User Account Control) notes this is an administrative privilege and requires you to prompt it, select yes.
-------------------------------------------------------------------------------------------------------------
Bugchecks (slowly adding over time):
**These are not all of the bug checks, but actually just the ones that I run into the most that I get tired of typing. Could I just visit the MSDN pages? Sure, but it's easier this way for me.
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
This indicates that a kernel-mode driver attempted to access pageable memory at a process IRQL that was too high.
A driver tried to access an address that is pageable (or that is completely invalid) while the IRQL was too high. This bug check is usually caused by drivers that have used improper addresses.
IRQL_NOT_LESS_OR_EQUAL (a)
This indicates that Microsoft Windows or a kernel-mode driver accessed paged memory at DISPATCH_LEVEL or above.
This bug check is issued if paged memory (or invalid memory) is accessed when the IRQL is too high. The error that generates this bug check usually occurs after the installation of a faulty device driver, system service, or BIOS.
CRITICAL_STRUCTURE_CORRUPTION (109)
This indicates that the kernel has detected critical kernel code or data corruption.
There are generally two causes for this bug check:
-
A driver has inadvertently, or deliberately, modified critical kernel
code or data. Microsoft Windows Server 2003 with Service Pack 1 (SP1)
and later versions of Windows for x64-based computers do not allow the
kernel to be patched except through authorized
Microsoft-originated hot patches. For more information, see
Patching Policy for x64-based Systems.
-
A hardware corruption occurred. For example, the kernel code or data could have been stored in memory that failed.
This indicates that invalid system memory has been referenced.
Bug check 0x50 usually occurs after the installation of faulty hardware or in the event of failure of installed hardware (usually related to defective RAM, be it main memory, L2 RAM cache, or video RAM).
Another common cause is the installation of a faulty system service.
Antivirus software can also trigger this error, as can a corrupted NTFS volume.
DRIVER_POWER_STATE_FAILURE (9f)
This bug check indicates that the driver is in an inconsistent or invalid power state.
IRQL_GT_ZERO_AT_SYSTEM_SERVICE (4a)
This indicates that a thread is returning to user mode from a system call when its IRQL is still above PASSIVE_LEVEL.
KMODE_EXCEPTION_NOT_HANDLED (1e)
This indicates that a kernel-mode program generated an exception which the error handler did not catch.
SYSTEM_SERVICE_EXCEPTION (3b)
This indicates that an exception happened while executing a routine that transitions from non-privileged code to privileged code.
This error has been linked to excessive paged pool usage and may occur due to user-mode graphics drivers crossing over and passing bad data to the kernel code.
QUOTA_UNDERFLOW (21)
This indicates that quota charges have been mishandled by returning more quota to a particular block than was previously charged.
CACHE_MANAGER (34)
This indicates that a problem occurred in the file system's cache manager.
One possible cause of this bug check is depletion of nonpaged pool memory. If the nonpaged pool memory is completely depleted, this error can stop the system. However, during the indexing process, if the amount of available nonpaged pool memory is very low, another kernel-mode driver requiring nonpaged pool memory can also trigger this error.
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This indicates that a system thread generated an exception which the error handler did not catch.
BAD_POOL_HEADER (19)
This indicates that a pool header is corrupt.
PROCESS_HAS_LOCKED_PAGES (76)
This bug check indicates that a driver failed to release locked pages after an I/O operation, or that it attempted to unlock pages that were already unlocked.
The driver either failed to unlock pages that it locked (parameter 1 value is 0x0), or the driver is attempting to unlock pages that have not been locked or that have already been unlocked (parameter 1 value is 0x1).
KERNEL_DATA_INPAGE_ERROR (7a)
This bug check indicates that the requested page of kernel data from the paging file could not be read into memory.
CRITICAL_PROCESS_DIED (ef)
This indicates that a critical system process died.
DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
This is the general bug check code for fatal errors found by Driver Verifier.
CRITICAL_OBJECT_TERMINATION (f4)
This indicates that a process or thread crucial to system operation has unexpectedly exited or been terminated.
UNEXPECTED_KERNEL_MODE_TRAP (7f)
This bug check indicates that the Intel CPU generated a trap and the kernel failed to catch this trap.
CLOCK_WATCHDOG_TIMEOUT (101)
This indicates that an expected clock interrupt on a secondary processor, in a multi-processor system, was not received within the allocated interval.
DRIVER_CORRUPTED_EXPOOL (c5)
This indicates that the system attempted to access invalid memory at a process IRQL that was too high.
DPC_WATCHDOG_VIOLATION (133)
This bug check indicates that the DPC watchdog executed, either because it detected a single long-running deferred procedure call (DPC), or because the system spent a prolonged time at an interrupt request level (IRQL) of DISPATCH_LEVEL or above.
MEMORY_MANAGEMENT (1a)
This indicates that a severe memory management error occurred.
**put bug check string here**
- The 1st parameter of the bug check is 403 which indicates the page table and PFNs are out of sync . This is probably a hardware error, especially if parameters 3 & 4 differ by only a single bit.
- The 1st parameter of the bug check is 411 which indicates a page table entry (PTE) has been corrupted.
- The 1st parameter of the bug check is 5003 which indicates the working set free list is corrupt. This is probably a hardware error.
- The 1st parameter of the bug check is 41284 which indicates a PTE or the working set list is corrupted.
- The 1st parameter of the bug check is 41785 which indicates the working set list is corrupted.
- The 1st parameter of the bug check is 41287 which indicates an illegal page fault occurred while holding working set synchronization.
- The 1st parameter of the bug check is 41790 which indicates a page table page has been corrupted.
- The 1st parameter of the bug check is 41792 which indicates a corrupted PTE has been detected.
- The 1st parameter of the bug check is OTHER which indicates an unknown memory management error occurred.
VIDEO_DXGKRNL_FATAL_ERROR (113)
This indicates that the Microsoft DirectX graphics kernel subsystem has detected a violation.
PFN_LIST_CORRUPT (4e)
This indicates that the page frame number (PFN) list is corrupted.
This error is typically caused by a driver passing a bad memory descriptor list. For example, the driver might have called MmUnlockPages twice with the same list.
APC_INDEX_MISMATCH (1)
This indicates that there has been a mismatch in the APC state index.
The most common cause of this bug check is when a file system or driver has a mismatched sequence of calls to disable and re-enable APCs.
REFERENCE_BY_POINTER (18)
This indicates that the reference count of an object is illegal for the current state of the object.
The reference count of an object is illegal for the current state of the object. Each time a driver uses a pointer to an object, the driver calls a kernel routine to increase the reference count of the object by one. When the driver is done with the pointer, the driver calls another kernel routine to decrease the reference count by one.
Drivers must match calls to the routines that increase (reference) and decrease (dereference) the reference count. This bug check is caused by an inconsistency in the object's reference count. Typically, the inconsistency is caused by a driver that decreases the reference count of an object too many times, making extra calls that dereference the object. This bug check can occur because an object's reference count goes to zero while there are still open handles to the object. It might also occur when the object's reference count drops below zero, whether or not there are open handles to the object.
QUOTA_UNDERFLOW (21)
This indicates that quota charges have been mishandled by returning more quota to a particular block than was previously charged.
NTFS_FILE_SYSTEM (24)
This indicates a problem occurred in ntfs.sys, the driver file that allows the system to read and write to NTFS drives.
One possible cause of this bug check is disk corruption. Corruption in the NTFS file system or bad blocks (sectors) on the hard disk can induce this error. Corrupted SCSI and IDE drivers can also adversely affect the system's ability to read and write to disk, thus causing the error.
Another possible cause is depletion of nonpaged pool memory. If the nonpaged pool memory is completely depleted, this error can stop the system. However, during the indexing process, if the amount of available nonpaged pool memory is very low, another kernel-mode driver requiring nonpaged pool memory can also trigger this error.
CACHE_MANAGER (34)
This indicates that a problem occurred in the file system's cache manager.
One possible cause of this bug check is depletion of nonpaged pool memory. If the nonpaged pool memory is completely depleted, this error can stop the system. However, during the indexing process, if the amount of available nonpaged pool memory is very low, another kernel-mode driver requiring nonpaged pool memory can also trigger this error.
NO_MORE_IRP_STACK_LOCATIONS (35)
This bug check occurs when the IoCallDriver packet has no more stack locations remaining.
A higher-level driver has attempted to call a lower-level driver through the IoCallDriver interface, but there are no more stack locations in the packet. This will prevent the lower-level driver from accessing its parameters.
This is a disastrous situation, since the higher level driver is proceeding as if it has filled in the parameters for the lower level driver (as required). But since there is no stack location for the latter driver, the former has actually written off the end of the packet. This means that some other memory has been corrupted as well.
INTERRUPT_EXCEPTION_NOT_HANDLED (3D)
This bug check appears very infrequently.
MULTIPLE_IRP_COMPLETE_REQUESTS (44)
This indicates that a driver has tried to request an IRP be completed that is already complete.
IRQL_GT_ZERO_AT_SYSTEM_SERVICE (4A)
This indicates that a thread is returning to user mode from a system call when its IRQL is still above PASSIVE_LEVEL.
REGISTRY_ERROR (51)
This indicates that a severe registry error has occurred.
This error may indicate that the registry encountered an I/O error while trying to read one of its files. This can be caused by hardware problems or file system corruption.
It may also occur due to a failure in a refresh operation, which is used only in by the security system, and then only when resource limits are encountered.
PROCESS_HAS_LOCKED_PAGES (76)
This bug check indicates that a driver failed to release locked pages after an I/O operation, or that it attempted to unlock pages that were already unlocked.
MACHINE_CHECK_EXCEPTION (9C)
This bug check indicates that a fatal machine check exception has occurred.
INTERNAL_POWER_ERROR (A0)
This bug check indicates that the power policy manager experienced a fatal error.
DRIVER_VERIFIER_IOMANAGER_VIOLATION (C9)
This is the bug check code for all Driver Verifier I/O Verification violations.
DRIVER_PAGE_FAULT_IN_FREED_SPECIAL_POOL (D5)
This indicates that a driver has referenced memory which was earlier freed.
DRIVER_PAGE_FAULT_BEYOND_END_OF_ALLOCATION (D6)
This indicates the driver accessed memory beyond the end of its pool allocation.
The driver allocated n bytes of memory and then referenced more than n bytes. The Driver Verifier Special Pool option detected this violation.
CRITICAL_PROCESS_DIED (EF)
This indicates that a critical system process died.
DRIVER_OVERRAN_STACK_BUFFER (F7)
This indicates that a driver has overrun a stack-based buffer.
A driver overran a stack-based buffer (or local variable) in a way that would have overwritten the function's return address and jumped back to an arbitrary address when the function returned.
ATTEMPTED_EXECUTE_OF_NOEXECUTE_MEMORY (FC)
This indicates that an attempt was made to execute non-executable memory.
BUGCODE_USB_DRIVER (FE)
This indicates that an error has occurred in a universal serial bus (USB) driver.
IRQL_UNEXPECTED_VALUE (C8)
This indicates that the processor's IRQL is not what it should be at this time.
This error is usually caused by a device driver or another lower-level program that changed the IRQL for some period and did not restore the original IRQL at the end of that period. For example, the routine may have acquired a spin lock and failed to release it.
ATTEMPTED_WRITE_TO_READONLY_MEMORY (BE)
This is issued if a driver attempts to write to a read-only memory segment.
WDF_VIOLATION (10D)
This indicates that Kernel-Mode Driver Framework (KMDF) detected that Windows found an error in a framework-based driver.
VIDEO_DXGKRNL_FATAL_ERROR (113)
This indicates that the Microsoft DirectX graphics kernel subsystem has detected a violation.
This bug check appears very infrequently.
VIDEO_TDR_FAILURE (116)
Attempt to reset the display driver and recover from timeout failed.
0: kd> k
Child-SP RetAddr Call Site
fffff880`06bf3618 fffff880`06f56140 nt!KeBugCheckEx
fffff880`06bf3620 fffff880`06f55ec7 dxgkrnl!TdrBugcheckOnTimeout+0xec
fffff880`06bf3660 fffff880`06e0ff13 dxgkrnl!TdrIsRecoveryRequired+0x21f
fffff880`06bf3690 fffff880`06e3ded6 dxgmms1!VidSchiReportHwHang+0x40b
fffff880`06bf3770 fffff880`06e39e21 dxgmms1!VidSchWaitForCompletionEvent+0x196
fffff880`06bf37b0 fffff880`06e39fd9 dxgmms1!VidSchiWaitForCompletePreemption+0x7d
fffff880`06bf38a0 fffff880`06e38eb8 dxgmms1!VidSchiSendToExecutionQueueWithWait+0x171
fffff880`06bf39a0 fffff880`06e38514 dxgmms1!VidSchiSubmitRenderCommand+0x920
fffff880`06bf3b90 fffff880`06e38012 dxgmms1!VidSchiSubmitQueueCommand+0x50
fffff880`06bf3bc0 fffff800`0312973a dxgmms1!VidSchiWorkerThread+0xd6
fffff880`06bf3c00 fffff800`02e7e8e6 nt!PspSystemThreadStartup+0x5a
fffff880`06bf3c40 00000000`00000000 nt!KxStartSystemThread+0x16
The DirectX MMS video scheduler scheduled a worker thread, submitted a queue command, submitted a render command, sent the render command to the execution queue with a wait timer, waited for complete preemption, waited for the completion event, was reported that the display driver is hanging.
At this point, the DirectX Kernel then came in and noted that Timeout Detection Recovery is required (TDR) to reset the display driver, but it then failed to recover in the allotted recovery period, so the box bug checked.
VIDEO_SCHEDULER_INTERNAL_ERROR (119)
This indicates that the video scheduler has detected a fatal violation.
THREAD_STUCK_IN_DEVICE_DRIVER_M (100000EA)
This indicates that a thread in a device driver is endlessly spinning.
WHEA_UNCORRECTABLE_ERROR (124)
A fatal hardware error has occurred. This fatal error displays data from the Windows Hardware Error Architecture (WHEA).
If we run an !errrec on the 2nd parameter of the bug check (address of the WER structure) we get the following:
KERNEL_SECURITY_CHECK_FAILURE (139)
This bug check indicates that the kernel has detected the corruption of a critical data structure.
- The first argument is 2 which indicates a stack cookie instrumentation code detected a stack-based buffer overrun.
- The first argument is 3 which indicates a LIST_ENTRY was corrupted.
-------------------------------------------------------------------------------------------------------------
Registry Cleaners:
First off, one big thing about registry cleaning is it is by no means and should not be a computer maintenance task. Clearing your browser's cache and cookies every week? Great, no harm there. Running your favorite registry cleaner every week? NOT GREAT.
If we're being honest and straightforward here, cleaning the registry is an entirely unnecessary thing to do. So far, what I've said makes it sound like I despise registry cleaners. Do I? No, I don't despise them, but as I said, they are unnecessary and if used carelessly can render your Operating System a paperweight.
So why would you even use a registry cleaner in the first place? Well, they have to do something right or they wouldn't even be allowed to be sold (if paid for) or if they were free (CCleaner for example) there would be a huge backlash, more than what there already is in IT with regards to opinions based on registry cleaners.
Registry cleaning software is useful mainly for one thing, and it can be done very well depending on the algorithm the cleaner software itself is using, and that's removing remnants of old uninstalled software or entries with now invalid path names. At times, it can also possibly be useful for removing traces of malware that may have been stored in the registry that was not successfully removed after running a virus scan, etc.
Other than that, it's not going to do anything. It will not increase your system's performance by any means whatsoever. Nothing noticeable. A 'smaller registry' in theory would have one assume that things load faster, etc, but in reality there is no performance difference whatsoever.
For reference, take a look at this:
Mark Russinovich (Author of the "Bible", Windows Internals, co-founder of Winternals and Sysinternals, and since both companies were bought by Microsoft, now a senior Microsoft employee) was asked:
Hi Mark, do you really think that Registry junk left by uninstalled programs could severely slow down the computer? I would like to 'hear' your opinion.
So, to sum all of this up:No, even if the registry was massively bloated there would be little impact on the performance of anything other than exhaustive searches.
On Win2K Terminal Server systems, however, there is a limit on the total amount of Registry data that can be loaded and so large profile hives can limit the number of users that can be logged on simultaneously.
I haven't and never will implement a Registry cleaner since it's of little practical use on anything other than Win2K terminal servers and developing one that's both safe and effective requires a huge amount of application-specific knowledge.
Q: Will using a registry cleaner increase the speed and/or performance of my system?
A: No.
----
Q: Why would I even use a registry cleaner then?
A: I personally wouldn't use one whatsoever and would find the problem you're specifically having and take care of it manually. That is much safer. However, the main use of registry cleaners is to again as stated above, remove remnants of old uninstalled software or entries with now invalid path names. At times, it can also possibly be useful for removing traces of malware that may have been stored in the registry that was not successfully removed after running a virus scan, etc.
----
Q: What is the true danger of using a registry cleaner?
A: You have to remember what you're using is an automated tool that is not perfect by any means. You are putting your trust in an automated tool to be absolutely sure every key it is about to delete is 100% unnecessary. At times, and I have seen it personally myself PLENTY, it can delete a very important key that is necessary to the functionality of your Operating System in some form or another.
----
Q: What if my registry is corrupt, will running a registry cleaner help?
A: Absolutely not.
-------------------------------------------------------------------------------------------------------------
sptd.sys:
sptd.sys is listed and loaded in your modules list; SCSI Pass Through Direct Host - Daemon Tools (known BSOD issues). Please remove it ASAP with the uninstaller tool - http://www.duplexsecure.com/en/downloads
-------------------------------------------------------------------------------------------------------------
Hardware Acceleration problems/green screen:
Most commonly, this is caused by requiring to do one of two things (or both):
1. Ensure you have the latest video card drivers. If you are already on the latest video card drivers, uninstall and install a version or a few versions behind the latest to ensure it's not a latest driver only issue. If you have already experimented with the latest video card driver and many previous versions, please give the beta driver for your card a try.
2. Disable Hardware Acceleration within your browser:
Firefox -
IE - http://www.sevenforums.com/tutorials/149063-internet-explorer-gpu-hardware-acceleration-turn-off.html
1. Ensure you have the latest video card drivers. If you are already on the latest video card drivers, uninstall and install a version or a few versions behind the latest to ensure it's not a latest driver only issue. If you have already experimented with the latest video card driver and many previous versions, please give the beta driver for your card a try.
2. Disable Hardware Acceleration within your browser:
Firefox -
- Click the orange Firefox button at the top left, then select the "Options" button, or, if there is no Firefox button at the top, go to Tools > Options.
- In the Firefox options window click the Advanced tab, then select "General".
- In the settings list, you should find the Use hardware acceleration when available checkbox. Uncheck this checkbox.
- Now, restart Firefox and see if the problems persist.
IE - http://www.sevenforums.com/tutorials/149063-internet-explorer-gpu-hardware-acceleration-turn-off.html
Chrome - http://www.sevenforums.com/tutorials/271264-chrome-gpu-hardware-acceleration-turn-off.html
Regards,
Patrick
-------------------------------------------------------------------------------------------------------------
General BSOD:
AiCharger.sys
AiCharger.sys is listed and loaded in the modules list which is the Asus Charger driver. It's included in many Asus bloatware, which you appear to have installed. Please go ahead and uninstall any and all Asus software as it's unnecessary bloatware.
Video card drivers
Ensure you have the latest video card drivers via the manufacturers website. If you are already on the latest video card drivers, uninstall and install a version or a few versions behind the latest to ensure it's not a latest driver only issue. If you have already experimented with the latest video card driver and many previous versions, please give the beta driver for your video card a try.
dtsoftbus01.sys
In your loaded drivers list, dtsoftbus01.sys
is listed which is the Daemon Tools driver. Daemon Tools is a very
popular cause of BSOD's in 7/8 based systems. Please uninstall Daemon
Tools. Alternative imaging programs are: MagicISO, Power ISO, etc.
wdcsam64.sys
wdcsam64.sys is listed and loaded which is the Western Digital SES (SCSI Enclosure Services) driver. Please remove this software ASAP as it's very troublesome and is also not necessary to the functionality of your system.
RTCore64.sys
RTCore64.sys is listed and loaded which is RivaTuner/EVGA Precision/MSI Afterburner (known BSOD issues w/Windows 7, 8, and 8.1). Please uninstall ASAP!
ASACPI.sys
ASACPI.sys is listed and loaded which is the Asus ATK0110 ACPI Utility (a known BSOD maker in Win 7 and Win 8). Also a part of many Asus utilities. Uninstall ASAP.
AppleCharger.sys
AppleCharger.sys is listed and loaded which is the GIGABYTE On/Off Charge driver. See here for details - http://www.gigabyte.us/MicroSite/185/on-off-charge.htm
Very troublesome software, so please uninstall ASAP!
Very troublesome software, so please uninstall ASAP!
AODDriver2.sys
AODDriver2.sys is listed and loaded in your modules list which is AMD Overdrive; also in EasyTune6 for Gigabyte motherboard. Known BSOD issues in Win7 & 8.
Please uninstall either software ASAP! If you cannot find either software to uninstall, or it's not installed, please navigate to the following filepath:
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys and rename AODDriver2.sys to AODDriver.2old and then Restart.
-------------------------------------------------------------------------------------------------------------
Service Pack 1 (7):
Service Pack 1 isn't installed, please install it ASAP - http://windows.microsoft.com/en-us/windows7/install-windows-7-service-pack-1
Be sure you also have all important Windows Updates installed, it's imperative.
-------------------------------------------------------------------------------------------------------------
More than one antivirus:
One of the biggest problems as far as antiviruses go in terms of conflicts, is if there is more than one antivirus or anti-malware software installed on the system. In the most basic example, I will use AVG and Norton. Let's say you have both installed and running, this is not a good scenario at all. Why? Most/if not all modern day antivirus software are allowed direct access (come and go, whenever they want) to the kernel because an antivirus installs interceptors of system events within the kernel code, which passes intercepted data to the antivirus engine for analysis. This data is network packets, files, and other various critical data.
Please uninstall either software ASAP! If you cannot find either software to uninstall, or it's not installed, please navigate to the following filepath:
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys and rename AODDriver2.sys to AODDriver.2old and then Restart.
-------------------------------------------------------------------------------------------------------------
Service Pack 1 (7):
Service Pack 1 isn't installed, please install it ASAP - http://windows.microsoft.com/en-us/windows7/install-windows-7-service-pack-1
Be sure you also have all important Windows Updates installed, it's imperative.
-------------------------------------------------------------------------------------------------------------
More than one antivirus:
One of the biggest problems as far as antiviruses go in terms of conflicts, is if there is more than one antivirus or anti-malware software installed on the system. In the most basic example, I will use AVG and Norton. Let's say you have both installed and running, this is not a good scenario at all. Why? Most/if not all modern day antivirus software are allowed direct access (come and go, whenever they want) to the kernel because an antivirus installs interceptors of system events within the kernel code, which passes intercepted data to the antivirus engine for analysis. This data is network packets, files, and other various critical data.
Subscribe to:
Posts (Atom)