Saturday, August 10, 2013

Revised Canned Replies (always a work in progress)

These are my canned replies that were created over a span of time, nothing more. I have some misc. ones not on here, but these are mostly the major ones. You can refer to them if you want for diagnosing your own problem, but it's mainly for my own reference.

** Last edited 9/19/2014

-------------------------------------------------------------------------------------------------------------

BSOD Intro:

Hi,

In order to assist you, we will need the .DMP files to analyze what exactly occurred at the time of the crash, etc.

If you don't know where .DMP files are located, here's how to get to them:

1. Navigate to the %systemroot%\Minidump folder.

-- %systemroot% is the environment variable for your Windows directory. For example, C:\Windows.

2. Copy any and all .DMP files in the Minidump folder to your Desktop, create a new folder on the Desktop to put these .DMP files in, and then zip the folder. You can then either use a 3rd party tool such as 7-Zip/Winrar, or you can use Windows' default method of zipping folders.

Compress and uncompress files (zip files).

Please note that any "cleaner" programs such as TuneUpUtilities, CCleaner, etc, by default will delete .DMP files upon use. With this said, if you've run such software, and your Minidump folder is empty, you will need to allow the system to crash once again to generate a crash dump.

3. Upload the .ZIP containing the .DMP files to Onedrive or a hosting site of your choice and paste in your reply.

Preferred sites: Onedrive, Mediafire, Dropbox, etc. Nothing with wait-timers, download managers, etc.

4 (optional): The type of .DMP files located in the Minidump folder are known as Small Memory Dumps. In %systemroot% there will be what is known as a Kernel Memory Dump (if your system is set to generate). It is labeled MEMORY.DMP. The difference between Small Memory Dumps and Kernel Memory Dumps in the simplest definition is a Kernel Memory Dump contains much more information at the time of the crash, therefore allowing further debugging of your issue. If your upload speed permits it, and you aren't going against any strict bandwidth and/or usage caps, etc, the Kernel Memory Dump is the best choice. Do note that Kernel Memory Dumps are much larger in size due to containing much more info, which is why I mentioned upload speed, etc.

If you are going to use Onedrive but don't know how to upload to it, please visit the following:

Upload photos and files to Onedrive.

After doing that, to learn how to share the link to the file if you are unaware, please visit the following link - Share files and folders and change permissions and view 'Get a link'.

If your computer is not generating .DMP files, please do the following:

1. Start > type %systemroot% which should show the Windows folder, click on it. Once inside that folder, ensure there is a Minidump folder created. If not, CTRL-SHIFT-N to make a New Folder and name it Minidump.

2. Windows key + Pause key. This should bring up System. Click Advanced System Settings on the left > Advanced > Performance > Settings > Advanced > Ensure there's a check-mark for 'Automatically manage paging file size for all drives'.

3. Windows key + Pause key. This should bring up System. Click Advanced System Settings on the left > Advanced > Startup and Recovery > Settings > System Failure > ensure there is a check mark next to 'Write an event to the system log'.

Ensure Small Memory Dump is selected and ensure the path is %systemroot%\Minidump.

4. Double check that the WERS is ENABLED:

Start > Search > type services.msc > Under the name tab, find Windows Error Reporting Service > If the status of the service is not Started then right click it and select Start. Also ensure that under Startup Type it is set to Automatic rather than Manual. You can do this by right clicking it, selecting properties, and under General selecting startup type to 'Automatic', and then click Apply.

If you cannot get into normal mode to do any of this, please do this via Safe Mode.

Regards,

Patrick

-------------------------------------------------------------------------------------------------------------

Driver Verifier

Driver Verifier:

What is Driver Verifier?

Driver Verifier monitors Windows kernel-mode drivers, graphics drivers, and even 3rd party drivers to detect illegal function calls or actions that might corrupt the system. Driver Verifier can subject the Windows drivers to a variety of stresses and tests to find improper behavior.

Essentially, if there's a 3rd party driver believed to be causing the issues at hand, enabling Driver Verifier will help us see which specific driver is causing the problem.

Before enabling Driver Verifier, it is recommended to create a System Restore Point:

Vista - START | type rstrui - create a restore point
Windows 7 - START | type create | select "Create a Restore Point"
Windows 8/8.1 - http://www.eightforums.com/tutorials/4690-restore-point-create-windows-8-a.html

How to enable Driver Verifier:

Start > type "verifier" without the quotes > Select the following options -

1. Select - "Create custom settings (for code developers)"
2. Select - "Select individual settings from a full list"
3. Check the following boxes -
- Special Pool
- Pool Tracking
- Force IRQL Checking
- Deadlock Detection
- Security Checks (only on Windows 7 & 8/8.1)
- DDI compliance checking (only on Windows 8/8.1)
- Miscellaneous Checks
4. Select  - "Select driver names from a list"
5. Click on the "Provider" tab. This will sort all of the drivers by the provider.
6. Check EVERY box that is NOT provided by Microsoft / Microsoft Corporation.
7. Click on Finish.
8. Restart.

Important information regarding Driver Verifier:
 
- Perhaps the most important which I will now clarify as this has been misunderstood often, enabling Driver Verifier by itself is not! a solution, but instead a diagnostic utility. It will tell us if a driver is causing your issues, but again it will not outright solve your issues.

- If Driver Verifier finds a violation, the system will BSOD. To expand on this a bit more for the interested, specifically what Driver Verifier actually does is it looks for any driver making illegal function calls, causing memory leaks, etc. When and/if this happens, system corruption occurs if allowed to continue. When Driver Verifier is enabled per my instructions above, it is monitoring all 3rd party drivers (as we have it set that way) and when it catches a driver attempting to do this, it will quickly flag that driver as being a troublemaker, and bring down the system safely before any corruption can occur.

- After enabling Driver Verifier and restarting the system, depending on the culprit, if for example the driver is on start-up, you may not be able to get back into normal Windows because Driver Verifier will detect it in violation almost straight away, and as stated above, that will cause / force a BSOD.

If this happens, do not panic, do the following:

- Boot into Safe Mode by repeatedly tapping the F8 key during boot-up.

- Once in Safe Mode - Start > Search > type "cmd" without the quotes.

- To turn off Driver Verifier, type in cmd "verifier /reset" without the quotes.

- Restart and boot into normal Windows.

If your OS became corrupt or you cannot boot into Windows after disabling verifier via Safe Mode:

- Boot into Safe Mode by repeatedly tapping the F8 key during boot-up.

- Once in Safe Mode - Start > type "system restore" without the quotes.

- Choose the restore point you created earlier.

-- Note that Safe Mode for Windows 8/8.1 is a bit different, and you may need to try different methods: 5 Ways to Boot into Safe Mode in Windows 8 & Windows 8.1

How long should I keep Driver Verifier enabled for?

I recommend keeping it enabled for at least 24 hours. If you don't BSOD by then, disable Driver Verifier. I will usually say whether or not I'd like for you to keep it enabled any longer.

My system BSOD'd with Driver Verifier enabled, where can I find the crash dumps?

- If you have the system set to generate Small Memory Dumps, they will be located in %systemroot%\Minidump.

- If you have the system set to generate Kernel Memory Dumps, it will be located in %systemroot% and labeled MEMORY.DMP.

Any other questions can most likely be answered by this article:

http://support.microsoft.com/kb/244617

-------------------------------------------------------------------------------------------------------------

Memtest86+

Memtest86+:

Download Memtest86+ here:

http://www.memtest.org/

Which should I download?

You can either download the pre-compiled .ISO that you would burn to a CD and then boot from the CD, or you can download the auto-installer for the USB key. What this will do is format your USB drive, make it a bootable device, and then install the necessary files. Both do the same job, it's just up to you which you choose, or which you have available (whether it's CD or USB).

Do note that some older generation motherboards do not support USB-based booting, therefore your only option is CD (or Floppy if you really wanted to).

How Memtest works (you don't need to read, it's only for those interested in the specifics):

Memtest uses algorithms (specifically two), namely moving inversion & what is deemed Modulo-X. Essentially, the first algorithm fills the memory with a pattern. Starting at the low address, it checks to see if the pattern was changed (it should not have been), writes the patterns complement, increments the address, and repeats. Starting at the highest address (as opposed to the lowest), it follows the same checklist.

The reason for the second algorithm is due to a few limitations, with the first being that not all adjacent cells are being tested for interaction due to modern chips being 4 to 16 bits wide regarding data storage. With that said, patterns are used to go ahead and ensure that all adjacent cells have at least been written with all possible one and zero combinations.

The second is that caching, buffering and out of order execution will interfere with the moving inversions algorithm. However, the second algorithm used is not affected by this. For starting offsets of 0-20, the algorithm will write every 20th location with a pattern, write all other locations with the patterns complement, repeat the previous one (or more) times, and then check every 20th location for the previously mentioned pattern.

Now that you know how Memtest actually works, it's important to know that the tests it goes through all mean something different. It goes from Test 0 through Test 12, many of which use either one or the other algorithm discussed above, among many other things.

Any other questions, they can most likely be answered by reading this great guide here:

http://forum.canardpc.com/threads/28864-FAQ-please-read-before-posting

-------------------------------------------------------------------------------------------------------------

Chkdsk:

Chkdsk (there are various ways to run Chkdsk):

Method 1:

Start > Search bar > Type cmd (right click run as admin to execute Elevated CMD)

Elevated CMD should now be opened, type the following:

chkdsk x: /r

x implies your drive letter, so if your hard drive in question is letter c, it would be:

chkdsk c: /r

Restart system and let chkdsk run.

Method 2:


    Open the "Computer" window
    Right-click on the drive in question
    Select the "Tools" tab
    In the Error-checking area, click <Check Now>.

If you'd like to get a log file that contains the chkdsk results, do the following:

Press Windows Key + R and type powershell.exe in the run box

Paste the following command and press enter afterwards:

get-winevent -FilterHashTable @{logname="Application"; id="1001"}| ?{$_.providername –match "wininit"} | fl timecreated, message | out-file Desktop\CHKDSKResults.txt

This will output a .txt file on your Desktop containing the results of the chkdsk.

If chkdsk turns out okay, run Seatools -

http://www.seagate.com/support/downloads/seatools/

You can run it via Windows or DOS. Do note that the only difference is simply the environment you're running it in. In Windows, if you are having what you believe to be driver related issues that may cause conflicts or a false positive, it may be a wise decision to choose the most minimal testing environment (DOS). I always recommend running Seatools in DOS if absolutely possible.

-- Run all tests EXCEPT: Fix All and anything Advanced.

-------------------------------------------------------------------------------------------------------------

Trusted Installer / Permission issues:

Hi,

Please try the following:

1.
Right click on the file or directory that is giving you permission issues.

2. Right click and select 'Properties'.

3. Once inside Properties, select the 'Security' tab.

4.
Once inside the Security tab, select the 'Advanced' option at the bottom.

5. Once at the 'Advanced Security Dialog' window, click on the 'Owner' tab.

6. This is where you can see the current owner (Trusted Installer).

7. If you'd like to take ownership of said file or directory, click 'Edit'. UAC will ask you for permission, say yes. Afterwards, highlight the username in the 'Change owner' window that you'd like to assign as the new owner for said file or directory. Click 'OK' to finish.

8. Afterwards, in the 'Advanced Security Settings' window, you now see that the owner has changed to whomever you specified. Click 'OK' to exit this window, and then select 'OK' once more to finish.

9. Follow step 1 through 4 again to open the 'Properties' window for the file or directory once again.

10. Once inside the 'Properties' window once again, click the 'Edit' button and say yes to UAC.

11. Highlight the Administrators in the 'Group or user names' box. If the user ID or group that you want to manage the permissions for said file or directory does not exist, click 'Add' and type in the user name that you'd like to have full control in regards to the file or directory.

12. Once inside the Permissions for Administrators (or the user name you chose), select 'Full Control' under the 'Allow' column. Click 'OK' to finish.

Regards,

Patrick

-------------------------------------------------------------------------------------------------------------

Antivirus Removal:

avast! Windows Vista & 7:

Remove and replace avast! with Microsoft Security Essentials for temporary troubleshooting purposes:

avast! removal - http://www.avast.com/uninstall-utility

MSE -  http://windows.microsoft.com/en-us/windows/security-essentials-download

avast! Windows 8:

Remove and replace avast! with Windows 8's built-in Windows Defender for temporary troubleshooting purposes:

avast! removal - http://www.avast.com/uninstall-utility

Windows Defender (how to turn on after removal)

A. Navigate to Control Panel (with icons). You can do this by hitting Start > Search > Control Panel. Once in Control Panel, change the drop-down from Category to Large and/or Small icons.

B. Among the list of icons, find and click Action Center.

C. Assuming the removal of your prior antivirus software went properly, you will notice for both Spyware and unwated software protection (important) and Virus protection (important), it'll have a button labeled Turn on now. Click this button (it doesn't matter which, as Windows Defender serves as both in Windows 8/8.1).

Norton Windows Vista & 7:

Remove and replace Norton with Microsoft Security Essentials for temporary troubleshooting purposes:

Norton removal - https://support.norton.com/sp/en/us/home/current/solutions/kb20080710133834EN_EndUserProfile_en_us;jsessionid=841A6D40BA6872C47697C6C6B19C8E11.4?entsrc=redirect_pubweb&pvid=f-home

MSE -  http://windows.microsoft.com/en-us/windows/security-essentials-download

Norton Windows 8:

Remove and replace Norton with Windows 8's built-in Windows Defender for temporary troubleshooting purposes:

Norton removal - https://support.norton.com/sp/en/us/home/current/solutions/kb20080710133834EN_EndUserProfile_en_us;jsessionid=841A6D40BA6872C47697C6C6B19C8E11.4?entsrc=redirect_pubweb&pvid=f-home

Windows Defender (how to turn on after removal)

A. Navigate to Control Panel (with icons). You can do this by hitting Start > Search > Control Panel. Once in Control Panel, change the drop-down from Category to Large and/or Small icons.

B. Among the list of icons, find and click Action Center.

C. Assuming the removal of your prior antivirus software went properly, you will notice for both Spyware and unwated software protection (important) and Virus protection (important), it'll have a button labeled Turn on now. Click this button (it doesn't matter which, as Windows Defender serves as both in Windows 8/8.1).

AVG Windows Vista & 7:

Remove and replace AVG with Microsoft Security Essentials for temporary troubleshooting purposes:

AVG removal - http://www.avg.com/us-en/utilities

MSE -  http://windows.microsoft.com/en-us/windows/security-essentials-download

AVG Windows 8:

Remove and replace AVG with Windows 8's built-in Windows Defender for temporary troubleshooting purposes:

AVG removal - http://www.avg.com/us-en/utilities

Windows Defender (how to turn on after removal)

A. Navigate to Control Panel (with icons). You can do this by hitting Start > Search > Control Panel. Once in Control Panel, change the drop-down from Category to Large and/or Small icons.

B. Among the list of icons, find and click Action Center.

C. Assuming the removal of your prior antivirus software went properly, you will notice for both Spyware and unwated software protection (important) and Virus protection (important), it'll have a button labeled Turn on now. Click this button (it doesn't matter which, as Windows Defender serves as both in Windows 8/8.1).


Kaspersky Windows Vista & 7:

Remove and replace Kaspersky with Microsoft Security Essentials for temporary troubleshooting purposes:

Kaspersky removal - http://support.kaspersky.com/common/service.aspx?el=1464

MSE -  http://windows.microsoft.com/en-us/windows/security-essentials-download

Kaspersky Windows 8:

Remove and replace Kaspersky with Windows 8's built-in Windows Defender for temporary troubleshooting purposes:

Kaspersky removal - http://support.kaspersky.com/common/service.aspx?el=1464

Windows Defender (how to turn on after removal)

A. Navigate to Control Panel (with icons). You can do this by hitting Start > Search > Control Panel. Once in Control Panel, change the drop-down from Category to Large and/or Small icons.

B. Among the list of icons, find and click Action Center.

C. Assuming the removal of your prior antivirus software went properly, you will notice for both Spyware and unwated software protection (important) and Virus protection (important), it'll have a button labeled Turn on now. Click this button (it doesn't matter which, as Windows Defender serves as both in Windows 8/8.1).

BitDefender Windows Vista & 7:

Remove and replace BitDefender with Microsoft Security Essentials for temporary troubleshooting purposes:

BitDefender removal - http://www.bitdefender.com/support/how-to-uninstall-bitdefender-333.html

MSE -  http://windows.microsoft.com/en-us/windows/security-essentials-download

BitDefender Windows 8:

Remove and replace BitDefender with Windows 8's built-in Windows Defender for temporary troubleshooting purposes:

BitDefender removal - http://www.bitdefender.com/support/how-to-uninstall-bitdefender-333.html

Windows Defender (how to turn on after removal)

A. Navigate to Control Panel (with icons). You can do this by hitting Start > Search > Control Panel. Once in Control Panel, change the drop-down from Category to Large and/or Small icons.

B. Among the list of icons, find and click Action Center.

C. Assuming the removal of your prior antivirus software went properly, you will notice for both Spyware and unwated software protection (important) and Virus protection (important), it'll have a button labeled Turn on now. Click this button (it doesn't matter which, as Windows Defender serves as both in Windows 8/8.1).

Avira Windows Vista & 7:

Remove and replace Avira with Microsoft Security Essentials for temporary troubleshooting purposes:

Avira removal - http://www.avira.com/en/support-for-home-knowledgebase-detail/kbid/88

MSE -  http://windows.microsoft.com/en-us/windows/security-essentials-download

Avira Windows 8:

Remove and replace Avira with Windows 8's built-in Windows Defender for temporary troubleshooting purposes:

Avira removal - http://www.avira.com/en/support-for-home-knowledgebase-detail/kbid/88

Windows Defender (how to turn on after removal)

A. Navigate to Control Panel (with icons). You can do this by hitting Start > Search > Control Panel. Once in Control Panel, change the drop-down from Category to Large and/or Small icons.

B. Among the list of icons, find and click Action Center.

C. Assuming the removal of your prior antivirus software went properly, you will notice for both Spyware and unwated software protection (important) and Virus protection (important), it'll have a button labeled Turn on now. Click this button (it doesn't matter which, as Windows Defender serves as both in Windows 8/8.1).

McAfee Windows Vista & 7:

Remove and replace McAfee with Microsoft Security Essentials for temporary troubleshooting purposes:

McAfee removal - http://service.mcafee.com/FAQDocument.aspx?id=TS101331

MSE -  http://windows.microsoft.com/en-us/windows/security-essentials-download

McAfee Windows 8:

Remove and replace McAfee with Windows 8's built-in Windows Defender for temporary troubleshooting purposes:

McAfee removal - http://service.mcafee.com/FAQDocument.aspx?id=TS101331

Windows Defender (how to turn on after removal)

A. Navigate to Control Panel (with icons). You can do this by hitting Start > Search > Control Panel. Once in Control Panel, change the drop-down from Category to Large and/or Small icons.

B. Among the list of icons, find and click Action Center.

C. Assuming the removal of your prior antivirus software went properly, you will notice for both Spyware and unwated software protection (important) and Virus protection (important), it'll have a button labeled Turn on now. Click this button (it doesn't matter which, as Windows Defender serves as both in Windows 8/8.1).

Windows Defender (turn on) Windows 8:

1. Navigate to Control Panel (with icons). You can do this by hitting Start > Search > Control Panel. Once in Control Panel, change the drop-down from Category to Large and/or Small icons.


2. Among the list of icons, find and click Windows Defender.


3. Once the Windows Defender window pops up, select the Settings tab. As soon as you're in Settings, on the left-hand side, select Administrator (below MAPS), and then un-check Turn on this app. If UAC (User Account Control) notes this is an administrative privilege and requires you to prompt it, select yes.

-------------------------------------------------------------------------------------------------------------

Bugchecks (slowly adding over time):

**These are not all of the bug checks, but actually just the ones that I run into the most that I get tired of typing. Could I just visit the MSDN pages? Sure, but it's easier this way for me.

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)

This indicates that a kernel-mode driver attempted to access pageable memory at a process IRQL that was too high.

A driver tried to access an address that is pageable (or that is completely invalid) while the IRQL was too high. This bug check is usually caused by drivers that have used improper addresses.

IRQL_NOT_LESS_OR_EQUAL (a)

This indicates that Microsoft Windows or a kernel-mode driver accessed paged memory at DISPATCH_LEVEL or above.

This bug check is issued if paged memory (or invalid memory) is accessed when the IRQL is too high. The error that generates this bug check usually occurs after the installation of a faulty device driver, system service, or BIOS.

CRITICAL_STRUCTURE_CORRUPTION (109)

This indicates that the kernel has detected critical kernel code or data corruption.

There are generally two causes for this bug check:
  1. A driver has inadvertently, or deliberately, modified critical kernel code or data. Microsoft Windows Server 2003 with Service Pack 1 (SP1) and later versions of Windows for x64-based computers do not allow the kernel to be patched except through authorized Microsoft-originated hot patches. For more information, see Patching Policy for x64-based Systems.
  2. A hardware corruption occurred. For example, the kernel code or data could have been stored in memory that failed.
PAGE_FAULT_IN_NONPAGED_AREA (50)

This indicates that invalid system memory has been referenced.

Bug check 0x50 usually occurs after the installation of faulty hardware or in the event of failure of installed hardware (usually related to defective RAM, be it main memory, L2 RAM cache, or video RAM).

Another common cause is the installation of a faulty system service.

Antivirus software can also trigger this error, as can a corrupted NTFS volume.

DRIVER_POWER_STATE_FAILURE (9f)

This bug check indicates that the driver is in an inconsistent or invalid power state.

IRQL_GT_ZERO_AT_SYSTEM_SERVICE (4a)

This indicates that a thread is returning to user mode from a system call when its IRQL is still above PASSIVE_LEVEL.

KMODE_EXCEPTION_NOT_HANDLED (1e)

This indicates that a kernel-mode program generated an exception which the error handler did not catch.

SYSTEM_SERVICE_EXCEPTION (3b)

This indicates that an exception happened while executing a routine that transitions from non-privileged code to privileged code.

This error has been linked to excessive paged pool usage and may occur due to user-mode graphics drivers crossing over and passing bad data to the kernel code.

QUOTA_UNDERFLOW (21)

This indicates that quota charges have been mishandled by returning more quota to a particular block than was previously charged.  


 CACHE_MANAGER (34)

This indicates that a problem occurred in the file system's cache manager.

One possible cause of this bug check is depletion of nonpaged pool memory. If the nonpaged pool memory is completely depleted, this error can stop the system. However, during the indexing process, if the amount of available nonpaged pool memory is very low, another kernel-mode driver requiring nonpaged pool memory can also trigger this error.

SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)

This indicates that a system thread generated an exception which the error handler did not catch.

BAD_POOL_HEADER (19)

This indicates that a pool header is corrupt.

PROCESS_HAS_LOCKED_PAGES (76)

This bug check indicates that a driver failed to release locked pages after an I/O operation, or that it attempted to unlock pages that were already unlocked.

The driver either failed to unlock pages that it locked (parameter 1 value is 0x0), or the driver is attempting to unlock pages that have not been locked or that have already been unlocked (parameter 1 value is 0x1).

KERNEL_DATA_INPAGE_ERROR (7a)

This bug check indicates that the requested page of kernel data from the paging file could not be read into memory.

CRITICAL_PROCESS_DIED (ef)

This indicates that a critical system process died.


DRIVER_VERIFIER_DETECTED_VIOLATION (c4)

This is the general bug check code for fatal errors found by Driver Verifier.

CRITICAL_OBJECT_TERMINATION (f4)

This indicates that a process or thread crucial to system operation has unexpectedly exited or been terminated.

UNEXPECTED_KERNEL_MODE_TRAP (7f)

This bug check indicates that the Intel CPU generated a trap and the kernel failed to catch this trap.

CLOCK_WATCHDOG_TIMEOUT (101)

This indicates that an expected clock interrupt on a secondary processor, in a multi-processor system, was not received within the allocated interval.

DRIVER_CORRUPTED_EXPOOL (c5)

This indicates that the system attempted to access invalid memory at a process IRQL that was too high.

DPC_WATCHDOG_VIOLATION (133)

This bug check indicates that the DPC watchdog executed, either because it detected a single long-running deferred procedure call (DPC), or because the system spent a prolonged time at an interrupt request level (IRQL) of DISPATCH_LEVEL or above.

MEMORY_MANAGEMENT (1a)

This indicates that a severe memory management error occurred.

**put bug check string here**

- The 1st parameter of the bug check is 403 which indicates the page table and PFNs are out of sync . This is probably a hardware error, especially if parameters 3 & 4 differ by only a single bit.

- The 1st parameter of the bug check is 411 which indicates a page table entry (PTE) has been corrupted.

- The 1st parameter of the bug check is 5003 which indicates the working set free list is corrupt. This is probably a hardware error.

- The 1st parameter of the bug check is 41284 which indicates a PTE or the working set list is corrupted.

- The 1st parameter of the bug check is 41785 which indicates the working set list is corrupted.

- The 1st parameter of the bug check is 41287 which indicates an illegal page fault occurred while holding working set synchronization. 

- The 1st parameter of the bug check is 41790 which indicates a page table page has been corrupted. 

- The 1st parameter of the bug check is 41792 which indicates a corrupted PTE has been detected.

- The 1st parameter of the bug check is OTHER which indicates an unknown memory management error occurred. 

VIDEO_DXGKRNL_FATAL_ERROR (113)

This indicates that the Microsoft DirectX graphics kernel subsystem has detected a violation.

PFN_LIST_CORRUPT (4e)

This indicates that the page frame number (PFN) list is corrupted.

This error is typically caused by a driver passing a bad memory descriptor list. For example, the driver might have called MmUnlockPages twice with the same list.

APC_INDEX_MISMATCH (1)

This indicates that there has been a mismatch in the APC state index.

The most common cause of this bug check is when a file system or driver has a mismatched sequence of calls to disable and re-enable APCs.

REFERENCE_BY_POINTER (18)

This indicates that the reference count of an object is illegal for the current state of the object.

The reference count of an object is illegal for the current state of the object. Each time a driver uses a pointer to an object, the driver calls a kernel routine to increase the reference count of the object by one. When the driver is done with the pointer, the driver calls another kernel routine to decrease the reference count by one.

Drivers must match calls to the routines that increase (reference) and decrease (dereference) the reference count. This bug check is caused by an inconsistency in the object's reference count. Typically, the inconsistency is caused by a driver that decreases the reference count of an object too many times, making extra calls that dereference the object. This bug check can occur because an object's reference count goes to zero while there are still open handles to the object. It might also occur when the object's reference count drops below zero, whether or not there are open handles to the object.

QUOTA_UNDERFLOW (21)

This indicates that quota charges have been mishandled by returning more quota to a particular block than was previously charged.

NTFS_FILE_SYSTEM (24)

This indicates a problem occurred in ntfs.sys, the driver file that allows the system to read and write to NTFS drives.

One possible cause of this bug check is disk corruption. Corruption in the NTFS file system or bad blocks (sectors) on the hard disk can induce this error. Corrupted SCSI and IDE drivers can also adversely affect the system's ability to read and write to disk, thus causing the error.

Another possible cause is depletion of nonpaged pool memory. If the nonpaged pool memory is completely depleted, this error can stop the system. However, during the indexing process, if the amount of available nonpaged pool memory is very low, another kernel-mode driver requiring nonpaged pool memory can also trigger this error.

CACHE_MANAGER (34)

This indicates that a problem occurred in the file system's cache manager.

One possible cause of this bug check is depletion of nonpaged pool memory. If the nonpaged pool memory is completely depleted, this error can stop the system. However, during the indexing process, if the amount of available nonpaged pool memory is very low, another kernel-mode driver requiring nonpaged pool memory can also trigger this error.

NO_MORE_IRP_STACK_LOCATIONS (35)

This bug check occurs when the IoCallDriver packet has no more stack locations remaining.

A higher-level driver has attempted to call a lower-level driver through the IoCallDriver interface, but there are no more stack locations in the packet. This will prevent the lower-level driver from accessing its parameters.

This is a disastrous situation, since the higher level driver is proceeding as if it has filled in the parameters for the lower level driver (as required). But since there is no stack location for the latter driver, the former has actually written off the end of the packet. This means that some other memory has been corrupted as well.

INTERRUPT_EXCEPTION_NOT_HANDLED (3D)

This bug check appears very infrequently.

MULTIPLE_IRP_COMPLETE_REQUESTS (44)

This indicates that a driver has tried to request an IRP be completed that is already complete.

IRQL_GT_ZERO_AT_SYSTEM_SERVICE (4A)

This indicates that a thread is returning to user mode from a system call when its IRQL is still above PASSIVE_LEVEL.

REGISTRY_ERROR (51)

This indicates that a severe registry error has occurred.

This error may indicate that the registry encountered an I/O error while trying to read one of its files. This can be caused by hardware problems or file system corruption.

It may also occur due to a failure in a refresh operation, which is used only in by the security system, and then only when resource limits are encountered.

PROCESS_HAS_LOCKED_PAGES (76)

This bug check indicates that a driver failed to release locked pages after an I/O operation, or that it attempted to unlock pages that were already unlocked.

MACHINE_CHECK_EXCEPTION (9C)

This bug check indicates that a fatal machine check exception has occurred.

INTERNAL_POWER_ERROR (A0)

This bug check indicates that the power policy manager experienced a fatal error.

DRIVER_VERIFIER_IOMANAGER_VIOLATION (C9)

This is the bug check code for all Driver Verifier I/O Verification violations.

DRIVER_PAGE_FAULT_IN_FREED_SPECIAL_POOL (D5)

This indicates that a driver has referenced memory which was earlier freed.

DRIVER_PAGE_FAULT_BEYOND_END_OF_ALLOCATION (D6)

This indicates the driver accessed memory beyond the end of its pool allocation.

The driver allocated n bytes of memory and then referenced more than n bytes. The Driver Verifier Special Pool option detected this violation.

CRITICAL_PROCESS_DIED (EF)

This indicates that a critical system process died.

DRIVER_OVERRAN_STACK_BUFFER (F7)

This indicates that a driver has overrun a stack-based buffer.

A driver overran a stack-based buffer (or local variable) in a way that would have overwritten the function's return address and jumped back to an arbitrary address when the function returned.

ATTEMPTED_EXECUTE_OF_NOEXECUTE_MEMORY (FC)

This indicates that an attempt was made to execute non-executable memory.

BUGCODE_USB_DRIVER (FE)

This indicates that an error has occurred in a universal serial bus (USB) driver.

IRQL_UNEXPECTED_VALUE (C8)

This indicates that the processor's IRQL is not what it should be at this time.

This error is usually caused by a device driver or another lower-level program that changed the IRQL for some period and did not restore the original IRQL at the end of that period. For example, the routine may have acquired a spin lock and failed to release it.

ATTEMPTED_WRITE_TO_READONLY_MEMORY (BE)

This is issued if a driver attempts to write to a read-only memory segment.

WDF_VIOLATION (10D)

This indicates that Kernel-Mode Driver Framework (KMDF) detected that Windows found an error in a framework-based driver.

VIDEO_DXGKRNL_FATAL_ERROR (113)

This indicates that the Microsoft DirectX graphics kernel subsystem has detected a violation. 

This bug check appears very infrequently.

VIDEO_TDR_FAILURE (116)

Attempt to reset the display driver and recover from timeout failed.

 0: kd> k  
 Child-SP     RetAddr      Call Site  
 fffff880`06bf3618 fffff880`06f56140 nt!KeBugCheckEx  
 fffff880`06bf3620 fffff880`06f55ec7 dxgkrnl!TdrBugcheckOnTimeout+0xec  
 fffff880`06bf3660 fffff880`06e0ff13 dxgkrnl!TdrIsRecoveryRequired+0x21f  
 fffff880`06bf3690 fffff880`06e3ded6 dxgmms1!VidSchiReportHwHang+0x40b  
 fffff880`06bf3770 fffff880`06e39e21 dxgmms1!VidSchWaitForCompletionEvent+0x196  
 fffff880`06bf37b0 fffff880`06e39fd9 dxgmms1!VidSchiWaitForCompletePreemption+0x7d  
 fffff880`06bf38a0 fffff880`06e38eb8 dxgmms1!VidSchiSendToExecutionQueueWithWait+0x171  
 fffff880`06bf39a0 fffff880`06e38514 dxgmms1!VidSchiSubmitRenderCommand+0x920  
 fffff880`06bf3b90 fffff880`06e38012 dxgmms1!VidSchiSubmitQueueCommand+0x50  
 fffff880`06bf3bc0 fffff800`0312973a dxgmms1!VidSchiWorkerThread+0xd6  
 fffff880`06bf3c00 fffff800`02e7e8e6 nt!PspSystemThreadStartup+0x5a  
 fffff880`06bf3c40 00000000`00000000 nt!KxStartSystemThread+0x16  

The DirectX MMS video scheduler scheduled a worker thread, submitted a queue command, submitted a render command, sent the render command to the execution queue with a wait timer, waited for complete preemption, waited for the completion event, was reported that the display driver is hanging.

At this point, the DirectX Kernel then came in and noted that Timeout Detection Recovery is required (TDR) to reset the display driver, but it then failed to recover in the allotted recovery period, so the box bug checked.

VIDEO_SCHEDULER_INTERNAL_ERROR (119)

This indicates that the video scheduler has detected a fatal violation.

THREAD_STUCK_IN_DEVICE_DRIVER_M (100000EA)

This indicates that a thread in a device driver is endlessly spinning.

WHEA_UNCORRECTABLE_ERROR (124)

A fatal hardware error has occurred. This fatal error displays data from the Windows Hardware Error Architecture (WHEA).

If we run an !errrec on the 2nd parameter of the bug check (address of the WER structure) we get the following:

KERNEL_SECURITY_CHECK_FAILURE (139)

This bug check indicates that the kernel has detected the corruption of a critical data structure.

- The first argument is 2 which indicates a stack cookie instrumentation code detected a stack-based buffer overrun.

- The first argument is 3 which indicates a LIST_ENTRY was corrupted.

-------------------------------------------------------------------------------------------------------------

Registry Cleaners: 

First off, one big thing about registry cleaning is it is by no means and should not be a computer maintenance task. Clearing your browser's cache and cookies every week? Great, no harm there. Running your favorite registry cleaner every week? NOT GREAT.

If we're being honest and straightforward here, cleaning the registry is an entirely unnecessary thing to do. So far, what I've said makes it sound like I despise registry cleaners. Do I? No, I don't despise them, but as I said, they are unnecessary and if used carelessly can render your Operating System a paperweight.

So why would you even use a registry cleaner in the first place? Well, they have to do something right or they wouldn't even be allowed to be sold (if paid for) or if they were free (CCleaner for example) there would be a huge backlash, more than what there already is in IT with regards to opinions based on registry cleaners.

Registry cleaning software is useful mainly for one thing, and it can be done very well depending on the algorithm the cleaner software itself is using, and that's removing remnants of old uninstalled software or entries with now invalid path names. At times, it can also possibly be useful for removing traces of malware that may have been stored in the registry that was not successfully removed after running a virus scan, etc.

Other than that, it's not going to do anything. It will not increase your system's performance by any means whatsoever. Nothing noticeable. A 'smaller registry' in theory would have one assume that things load faster, etc, but in reality there is no performance difference whatsoever.

For reference, take a look at this:

Mark Russinovich (Author of the "Bible", Windows Internals, co-founder of Winternals and Sysinternals, and since both companies were bought by Microsoft, now a senior Microsoft employee) was asked:



Hi Mark, do you really think that Registry junk left by uninstalled programs could severely slow down the computer? I would like to 'hear' your opinion.

No, even if the registry was massively bloated there would be little impact on the performance of anything other than exhaustive searches.

On Win2K Terminal Server systems, however, there is a limit on the total amount of Registry data that can be loaded and so large profile hives can limit the number of users that can be logged on simultaneously.

I haven't and never will implement a Registry cleaner since it's of little practical use on anything other than Win2K terminal servers and developing one that's both safe and effective requires a huge amount of application-specific knowledge.
So, to sum all of this up:

Q: Will using a registry cleaner increase the speed and/or performance of my system?

A: No.

----

Q: Why would I even use a registry cleaner then?

A: I personally wouldn't use one whatsoever and would find the problem you're specifically having and take care of it manually. That is much safer. However, the main use of registry cleaners is to again as stated above, remove remnants of old uninstalled software or entries with now invalid path names. At times, it can also possibly be useful for removing traces of malware that may have been stored in the registry that was not successfully removed after running a virus scan, etc.

----

Q: What is the true danger of using a registry cleaner?

A: You have to remember what you're using is an automated tool that is not perfect by any means. You are putting your trust in an automated tool to be absolutely sure every key it is about to delete is 100% unnecessary. At times, and I have seen it personally myself PLENTY, it can delete a very important key that is necessary to the functionality of your Operating System in some form or another.

----

Q: What if my registry is corrupt, will running a registry cleaner help?

A: Absolutely not.

-------------------------------------------------------------------------------------------------------------

sptd.sys:

sptd.sys is listed and loaded in your modules list; SCSI Pass Through Direct Host - Daemon Tools (known BSOD issues). Please remove it ASAP with the uninstaller tool - http://www.duplexsecure.com/en/downloads

-------------------------------------------------------------------------------------------------------------

Hardware Acceleration problems/green screen:

Most commonly, this is caused by requiring to do one of two things (or both):

1. Ensure you have the latest video card drivers. If you are already on the latest video card drivers, uninstall and install a version or a few versions behind the latest to ensure it's not a latest driver only issue. If you have already experimented with the latest video card driver and many previous versions, please give the beta driver for your card a try.

2. Disable Hardware Acceleration within your browser:

Firefox -
  • Click the orange Firefox button at the top left, then select the "Options" button, or, if there is no Firefox button at the top, go to Tools > Options.
  • In the Firefox options window click the Advanced tab, then select "General".
  • In the settings list, you should find the Use hardware acceleration when available checkbox. Uncheck this checkbox.
  • Now, restart Firefox and see if the problems persist. 

IE - http://www.sevenforums.com/tutorials/149063-internet-explorer-gpu-hardware-acceleration-turn-off.html

Chrome - http://www.sevenforums.com/tutorials/271264-chrome-gpu-hardware-acceleration-turn-off.html

Regards,

Patrick

-------------------------------------------------------------------------------------------------------------

General BSOD:

AiCharger.sys

AiCharger.sys is listed and loaded in the modules list which is the Asus Charger driver. It's included in many Asus bloatware, which you appear to have installed. Please go ahead and uninstall any and all Asus software as it's unnecessary bloatware.

Video card drivers

Ensure you have the latest video card drivers via the manufacturers website. If you are already on the latest video card drivers, uninstall and install a version or a few versions behind the latest to ensure it's not a latest driver only issue. If you have already experimented with the latest video card driver and many previous versions, please give the beta driver for your video card a try.

dtsoftbus01.sys

In your loaded drivers list, dtsoftbus01.sys is listed which is the Daemon Tools driver. Daemon Tools is a very popular cause of BSOD's in 7/8 based systems. Please uninstall Daemon Tools. Alternative imaging programs are: MagicISO, Power ISO, etc.
wdcsam64.sys

wdcsam64.sys is listed and loaded which is the Western Digital SES (SCSI Enclosure Services) driver. Please remove this software ASAP as it's very troublesome and is also not necessary to the functionality of your system.

RTCore64.sys 

RTCore64.sys is listed and loaded which is RivaTuner/EVGA Precision/MSI Afterburner (known BSOD issues w/Windows 7, 8, and 8.1). Please uninstall ASAP!

ASACPI.sys 

ASACPI.sys is listed and loaded which is the Asus ATK0110 ACPI Utility (a known BSOD maker in Win 7 and Win 8). Also a part of many Asus utilities. Uninstall ASAP.

AppleCharger.sys 

AppleCharger.sys is listed and loaded which is the GIGABYTE On/Off Charge driver. See here for details - http://www.gigabyte.us/MicroSite/185/on-off-charge.htm

Very troublesome software, so please uninstall ASAP!

AODDriver2.sys 

AODDriver2.sys is listed and loaded in your modules list which is AMD Overdrive; also in EasyTune6 for Gigabyte motherboard. Known BSOD issues in Win7 & 8.

Please uninstall either software ASAP! If you cannot find either software to uninstall, or it's not installed, please navigate to the following filepath:

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys and rename AODDriver2.sys to AODDriver.2old and then Restart.


-------------------------------------------------------------------------------------------------------------

Service Pack 1 (7):

Service Pack 1 isn't installed, please install it ASAP - http://windows.microsoft.com/en-us/windows7/install-windows-7-service-pack-1

Be sure you also have all important Windows Updates installed, it's imperative.

-------------------------------------------------------------------------------------------------------------

More than one antivirus:

One of the biggest problems as far as antiviruses go in terms of conflicts, is if there is more than one antivirus or anti-malware software installed on the system. In the most basic example, I will use AVG and Norton. Let's say you have both installed and running, this is not a good scenario at all. Why? Most/if not all modern day antivirus software are allowed direct access (come and go, whenever they want) to the kernel because an antivirus installs interceptors of system events within the kernel code, which passes intercepted data to the antivirus engine for analysis. This data is network packets, files, and other various critical data.

No comments:

Post a Comment