Can anyone help me out? The minidump and system info are achieved in the following:
http://1drv.ms/1HTVs2V
Appreciate any help!!
Fred Yang
Please run these two tests to verify your memory and find which driver is causing the problem. Please run verifier first. You do not need to run memtest yet unless you want to.
If you are over-clocking anything reset to default before running these tests.
In other words STOP!!!
1-Driver verifier (for complete directions see our wiki here)
2-Memtest. (You can read more about running memtest here)
Hi Fred,
Please take ZigZag`s suggestions and upload the latest dmp files here.
Best regards
I did memtest and no problem was found.
I did driverTest too and got dump files. In addition, I started to learn and did a rough WinDbg analysis and bugs are still not identified.
The minidump folder, event log, and results of WinDbg analysis are archieved in the following:
Appreciate any help.FY
Neither of those had verifier enabled. What were the results when you typed verifier /query?
Thank you guys for helping me.
I did the verifier checking again and finally got the dump files generated.
The attached is the minidump folder and checking results from WinDbg.
Link to the attached files is here: http://1drv.ms/1xeo0Ue
It seems that the trouble driver is Wdf01000.sys.
How shall I fix this?
TKS
Porbably something wrong with your CD-ROM:
STACK_COMMAND: kbSYMBOL_STACK_INDEX: 8
SYMBOL_NAME: cdrom!RequestSend+b2
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: cdrom
IMAGE_NAME: cdrom.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 5215cfeb
IMAGE_VERSION: 6.3.9600.16384
BUCKET_ID_FUNC_OFFSET: b2
FAILURE_BUCKET_ID: 0xc9_23e_cdrom!RequestSend
BUCKET_ID: 0xc9_23e_cdrom!RequestSend
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0xc9_23e_cdrom!requestsend
FAILURE_ID_HASH: {404afcb2-8548-3115-b967-6211baa2f917}
Followup: MachineOwner
Thank you guys for helping me.
I did the verifier checking again and finally got the dump files generated.
The attached is the minidump folder and checking results from WinDbg.
Link to the attached files is here: http://1drv.ms/1xeo0Ue
It seems that the trouble driver is Wdf01000.sys.
How shall I fix this?
TKS
Driver verified and related to cdrom.sys. Because this is an OS driver I would run a system file check & DISM to check the state of that driver
Please run a system file check (SFC) & DISM if you are on win 8 or higher
All instructions are in our Wiki article below...
Should you have any questions please ask us.
System file check (SFC) Scan and Repair System Files
Old drivers needing updating
npf.sys 10/20/2009 2:00:19 PM
ntk_PowerDVD_64.sys 8/3/2010 5:04:12 AM
MHIKEY10x64.sys 9/15/2010 4:46:12 AM
000.fcl 11/18/2010 8:53:28 PM
vmm.sys 12/28/2011 9:28:47 AM
dtsoftbus01.sys 1/13/2012 9:45:46 AM
Microsoft (R) Windows Debugger Version 6.3.9600.17298 AMD64 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [C:\Users\Ken\Desktop\Minidump\031815-49921-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available ************* Symbol Path validation summary ************** Response Time (ms) Location Deferred SRV*E:\Symbols*http://msdl.microsoft.com/download/symbols Symbol search path is: SRV*E:\Symbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows 8 Kernel Version 9600 MP (8 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Built by: 9600.17668.amd64fre.winblue_r8.150127-1500 Machine Name: Kernel base = 0xfffff800`7bc8f000 PsLoadedModuleList = 0xfffff800`7bf68250 Debug session time: Wed Mar 18 09:08:32.847 2015 (UTC - 4:00) System Uptime: 0 days 0:00:15.684 Loading Kernel Symbols .. Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long. Run !sym noisy before .reload to track down problems loading symbols. ............................................................. .............................................................. Loading User Symbols Loading unloaded module list .... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck C9, {23e, ffffe001f009b2c0, ffffcf8114ee6ea0, 0} Probably caused by : cdrom.sys ( cdrom!RequestSend+b2 ) Followup: MachineOwner --------- 6: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* DRIVER_VERIFIER_IOMANAGER_VIOLATION (c9) The IO manager has caught a misbehaving driver. Arguments: Arg1: 000000000000023e, A driver has marked an IRP pending but didn't return STATUS_PENDING. Arg2: ffffe001f009b2c0, The address in the driver's code where the error was detected. Arg3: ffffcf8114ee6ea0, IRP address. Arg4: 0000000000000000, Status code. Debugging Details: ------------------ DUMP_FILE_ATTRIBUTES: 0x8 Kernel Generated Triage Dump BUGCHECK_STR: 0xc9_23e DRIVER_VERIFIER_IO_VIOLATION_TYPE: 23e FAULTING_IP: +50d06c3480 ffffe001`f009b2c0 4883ec48 sub rsp,48h FOLLOWUP_IP: cdrom!RequestSend+b2 fffff800`9eca1432 0fb6d8 movzx ebx,al IRP_ADDRESS: ffffcf8114ee6ea0 DEVICE_OBJECT: ffffe001f080f060 CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT PROCESS_NAME: System CURRENT_IRQL: 2 ANALYSIS_VERSION: 6.3.9600.17298 (debuggers(dbg).141024-1500) amd64fre LOCK_ADDRESS: fffff8007bf72be0 -- (!locks fffff8007bf72be0) Resource @ nt!PiEngineLock (0xfffff8007bf72be0) Available WARNING: SystemResourcesList->Flink chain invalid. Resource may be corrupted, or already deleted. WARNING: SystemResourcesList->Blink chain invalid. Resource may be corrupted, or already deleted. 1 total locks PNP_TRIAGE: Lock address : 0xfffff8007bf72be0 Thread Count : 0 Thread address: 0x0000000000000000 Thread wait : 0x0 LAST_CONTROL_TRANSFER: from fffff8007c3146b0 to fffff8007bddf9a0 STACK_TEXT: ffffd000`a8ba12e8 fffff800`7c3146b0 : 00000000`000000c9 00000000`0000023e ffffe001`f009b2c0 ffffcf81`14ee6ea0 : nt!KeBugCheckEx ffffd000`a8ba12f0 fffff800`7c317171 : fffff800`7c307470 ffffe001`f009b2c0 ffffcf81`14ee6ea0 00000000`00000000 : nt!VerifierBugCheckIfAppropriate+0x3c ffffd000`a8ba1330 fffff800`7c30dbd2 : ffffe001`f05737f0 ffffd000`a8ba1490 ffffe001`f05fba10 00000000`00000000 : nt!ViErrorFinishReport+0x10d ffffd000`a8ba1390 fffff800`7c313bd5 : ffffe001`f0139110 00000000`00000000 ffffe001`f05737f0 ffffd000`a8ba1bb0 : nt!IovpCallDriver2+0x33e ffffd000`a8ba1760 fffff800`7c308928 : ffffcf81`14ee6ea0 00000000`00000002 ffffcf81`14ee6ea0 ffffd000`a8ba19a0 : nt!VfAfterCallDriver+0x289 ffffd000`a8ba17f0 fffff800`9e407711 : ffffe001`f0f3fa20 ffffd000`a8ba18d9 ffffe001`f08e19b0 ffffe001`f05737f0 : nt!IovCallDriver+0x3e4 ffffd000`a8ba1840 fffff800`9e407fe9 : ffffcf81`14ee6f00 ffffcf81`14ee6f90 00001ffe`0f0c0500 ffffd000`a8ba19a0 : Wdf01000!FxIoTarget::SubmitSync+0x191 ffffd000`a8ba1940 fffff800`9eca1432 : ffffe001`00000020 ffffe001`f0f3fa20 ffffe001`f08e19b0 00000000`00000000 : Wdf01000!imp_WdfRequestSend+0xe9 ffffd000`a8ba19a0 fffff800`9ecb77a2 : ffffd000`a8ba1b01 ffffcf81`14ee6ea0 ffffe001`f0f2d190 ffffe001`f0f3fbc0 : cdrom!RequestSend+0xb2 ffffd000`a8ba1a10 fffff800`9ecb7617 : ffffd000`a8ba1bb0 ffffd000`a8ba1be9 ffffe001`f0f33f40 ffffe001`f08ee901 : cdrom!DeviceSendRequestSynchronously+0x7e ffffd000`a8ba1a50 fffff800`9ecbbf72 : 00001ffe`0f7119a8 ffffd000`a8ba1b00 00000000`00000000 ffffd000`00000024 : cdrom!DeviceSendSrbSynchronously+0x357 ffffd000`a8ba1b80 fffff800`9ecb8ee4 : ffffe001`00000002 ffffe001`f08ee940 00001ffe`0f7119a8 00000000`00000000 : cdrom!DeviceCacheDeviceInquiryData+0xaa ffffd000`a8ba1c50 fffff800`9e4328c3 : 00000000`00000000 00000000`00000010 00000000`00000000 fffff800`9e4a13d0 : cdrom!DeviceEvtSelfManagedIoInit+0x100 ffffd000`a8ba1cd0 fffff800`9e426e49 : 00000000`00000002 00000000`0000000c fffff800`9e4a3c00 fffff800`9e4a3c00 : Wdf01000!FxSelfManagedIoMachine::Init+0x33 ffffd000`a8ba1d00 fffff800`9e4161fe : ffffe001`f08efa50 00000000`00000000 ffffd000`a8ba1ea0 fffff800`9e4a3c00 : Wdf01000!FxSelfManagedIoMachine::ProcessEvent+0x111 ffffd000`a8ba1d70 fffff800`9e412268 : 00000000`00000312 ffffd000`a8ba1ea0 fffff800`9e4a3be0 ffffd000`a8ba1de0 : Wdf01000!FxPkgPnp::PowerD0StartingStartSelfManagedIo+0x4f ffffd000`a8ba1da0 fffff800`9e41265a : ffffe001`f08efc28 00000000`00000000 ffffe001`f08efa50 fffff800`9e4a39c0 : Wdf01000!FxPkgPnp::PowerEnterNewState+0x138 ffffd000`a8ba1ef0 fffff800`9e4123df : 00000000`00000000 ffffd000`a8ba1fe0 ffffe001`f08efc50 00000000`00000504 : Wdf01000!FxPkgPnp::PowerProcessEventInner+0xc6 ffffd000`a8ba1f70 fffff800`9e416062 : 00000000`00000000 ffffe001`f08efa50 00000000`00000501 ffffd000`a8ba21a0 : Wdf01000!FxPkgPnp::PowerProcessEvent+0xef ffffd000`a8ba2010 fffff800`9e411c74 : ffffe001`f08efa50 ffffd000`a8ba20b0 00000000`00000500 ffffe001`f080f060 : Wdf01000!FxPkgPnp::NotPowerPolOwnerStarting+0xe ffffd000`a8ba2040 fffff800`9e412069 : ffffe001`f08efd00 00000000`00000000 ffffe001`f08efa50 00000000`00000001 : Wdf01000!FxPkgPnp::NotPowerPolicyOwnerEnterNewState+0xf4 ffffd000`a8ba20d0 fffff800`9e411dd8 : 00000000`00000000 ffffd000`a8ba21c0 ffffe001`f08efd28 fffff800`9e40bdc6 : Wdf01000!FxPkgPnp::PowerPolicyProcessEventInner+0x1df ffffd000`a8ba2150 fffff800`9e418022 : 00000000`00000000 ffffe001`f08ef3a0 00000000`00000000 00000000`00000000 : Wdf01000!FxPkgPnp::PowerPolicyProcessEvent+0x10c ffffd000`a8ba21f0 fffff800`9e410942 : 00000000`00000101 00000000`00000108 00000000`00000108 fffff800`7c3169ee : Wdf01000!FxPkgPnp::PnpEventHardwareAvailable+0x9e ffffd000`a8ba2230 fffff800`9e410a5a : ffffe001`f08efba8 00000000`00000002 ffffe001`f08efa50 ffffe001`f08efb00 : Wdf01000!FxPkgPnp::PnpEnterNewState+0x102 ffffd000`a8ba22c0 fffff800`9e410bc4 : 00000000`00000000 ffffd000`a8ba23b0 ffffe001`f08efb80 00000000`00000000 : Wdf01000!FxPkgPnp::PnpProcessEventInner+0xc2 ffffd000`a8ba2340 fffff800`9e41727a : 00000000`00000000 ffffe001`f08efa50 00000000`00000000 ffffe001`f08efa50 : Wdf01000!FxPkgPnp::PnpProcessEvent+0xe4 ffffd000`a8ba23e0 fffff800`9e40b936 : ffffe001`f08efa50 ffffd000`a8ba2470 00000000`00000000 ffffe001`f01c2950 : Wdf01000!FxPkgPnp::_PnpStartDevice+0x1e ffffd000`a8ba2410 fffff800`9e406a18 : ffffcf81`14efcdc0 ffffcf81`14efcdc0 00000000`0000001b ffffe001`f08ee650 : Wdf01000!FxPkgPnp::Dispatch+0xd2 ffffd000`a8ba2480 fffff800`7c308911 : ffffe001`f0573d70 00000000`00000002 ffffe001`f080f060 fffff800`7c314471 : Wdf01000!FxDevice::DispatchWithLock+0x7d8 ffffd000`a8ba2560 fffff800`7c0dee62 : ffffcf81`14efcdc0 ffffe001`f09fc330 ffffe001`f08ef3a0 ffffe001`f0573cd0 : nt!IovCallDriver+0x3cd ffffd000`a8ba25b0 fffff800`7bd3db91 : ffffe001`f080f060 ffffd000`a8ba2659 00000000`00000000 fffff800`7c0d6288 : nt!PnpAsynchronousCall+0x102 ffffd000`a8ba25f0 fffff800`7c08b21b : ffffe001`f0854760 ffffe001`f0854760 ffffe001`f09fc330 00000000`00000001 : nt!PnpStartDevice+0xc5 ffffd000`a8ba26c0 fffff800`7c08b09b : ffffe001`f0854760 ffffe001`f0854760 00000000`00000000 ffffe001`f0854760 : nt!PnpStartDeviceNode+0x147 ffffd000`a8ba2790 fffff800`7c0d46ae : ffffe001`f0854760 00000000`00000001 00000000`00000001 ffffe001`ed0e9d30 : nt!PipProcessStartPhase1+0x53 ffffd000`a8ba27d0 fffff800`7c1aa2e3 : ffffe001`ed1be1a0 00000000`00000001 00000000`00000000 fffff800`7c0798ae : nt!PipProcessDevNodeTree+0x3ce ffffd000`a8ba2a50 fffff800`7bd3e4a0 : 00000001`00000003 00000000`00000000 ffffe001`eebb6880 ffffe001`eebb69c0 : nt!PiProcessStartSystemDevices+0x87 ffffd000`a8ba2aa0 fffff800`7bd3a3ac : fffff800`7bd3e0e4 fffff800`7bf71600 ffffe001`eebb6880 fffff800`0000001a : nt!PnpDeviceActionWorker+0x3bc ffffd000`a8ba2b50 fffff800`7bd67280 : ffffe001`ed186040 ffffe001`eebb6880 00000000`00000080 ffffe001`eebb6880 : nt!ExpWorkerThread+0x28c ffffd000`a8ba2c00 fffff800`7bde5fc6 : ffffd000`a8528180 ffffe001`eebb6880 ffffe001`ed186040 000002f8`504d4554 : nt!PspSystemThreadStartup+0x58 ffffd000`a8ba2c60 00000000`00000000 : ffffd000`a8ba3000 ffffd000`a8b9d000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 STACK_COMMAND: kb SYMBOL_STACK_INDEX: 8 SYMBOL_NAME: cdrom!RequestSend+b2 FOLLOWUP_NAME: MachineOwner MODULE_NAME: cdrom IMAGE_NAME: cdrom.sys DEBUG_FLR_IMAGE_TIMESTAMP: 5215cfeb IMAGE_VERSION: 6.3.9600.16384 BUCKET_ID_FUNC_OFFSET: b2 FAILURE_BUCKET_ID: 0xc9_23e_cdrom!RequestSend BUCKET_ID: 0xc9_23e_cdrom!RequestSend ANALYSIS_SOURCE: KM FAILURE_ID_HASH_STRING: km:0xc9_23e_cdrom!requestsend FAILURE_ID_HASH: {404afcb2-8548-3115-b967-6211baa2f917} Followup: MachineOwner ---------
You need to first rid your system of drivers that are known to cause BSOD's, and leftover or corrupt drivers that could potentially be in conflict with other drivers.
The two drivers below are components of Sophos Anti-virus and as far as i can determine, your your MBAM installation is, the pro version. This is likely a problem. To avoid that possibility, remove any and all remnants of Sophos, then uninstall and reinstall MBAM.
swi_callout.sys Mon Jul 28 10:26:00 2014 (53D65D78)<== Sophos Web Intelligence
savonaccess.sys Tue Feb 18 11:02:49 2014 (53038429):
http://sysnative.com/drivers/driver.php?id=savonaccess.sys
How to remove Sophos Endpoint Security and Control from client computers.
http://www.sophos.com/en-us/support/knowledgebase/12360.aspx
If the steps in the link are unworkable, Download "autoruns" and use it to locate and delete the driver, after making certain that all Microsoft entries have been hidden, to eliminate the possibility of a mistake.(instructions in the youtube video link below.)
Autoruns for Windows
v13.01
This utility, which has the most comprehensive knowledge of auto-starting locations of any startup monitor, shows you what programs are configured to run during system bootup or login, and shows you the entries in the order Windows processes them. These
programs include ones in your startup folder, Run, RunOnce, and other Registry keys. You can configure Autoruns to show other locations, including Explorer shell extensions, toolbars, browser helper objects, Winlogon notifications, auto-start services, and
much more. Autoruns goes way beyond the MSConfig utility bundled with Windows Me and XP.
Autoruns' Hide Signed Microsoft Entries option helps you to zoom in on third-party auto-starting images that have been added to your system and it has support for looking at the auto-starting images configured for other accounts configured on a system
https://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
How to use Autoruns.
https://www.youtube.com/watch?v=HhtSDsQYi28
You can also use autoruns to locate and delete qkqhvnr.sys. There is very little information about it, which leads me to believe that it is probably Malware related.
qkqhvnr.sys Mon Aug 05 18:33:54 2013 (52002852)
Note: Just to be safe, you can create a restore point, before deleting the drivers.
Use Autoruns to Manually Clean an Infected PC
http://www.howtogeek.com/howto/12837/use-autoruns-to-manually-clean-an-infected-pc/
Uninstall both drivers below
sptd.sys Thu Dec 11 09:52:44 2014 (5489AFBC):
http://sysnative.com/drivers/driver.php?id=sptd.sys
dtsoftbus01.sys Fri Jan 13 08:45:46 2012 (4F10358A):
http://sysnative.com/drivers/driver.php?id=dtsoftbus01.sys
After taking the steps above, monitor the system and if the BSOD reoccurs, upload and share a link to the new file.
You need to first rid your system of drivers that are known to cause BSOD's, and leftover or corrupt drivers that could potentially be in conflict with other drivers.
The two drivers below are components of Sophos Anti-virus and as far as i can determine, your your MBAM installation is, the pro version. This is likely a problem. To avoid that possibility, remove any and all remnants of Sophos, then uninstall and reinstall MBAM.
swi_callout.sys Mon Jul 28 10:26:00 2014 (53D65D78)<== Sophos Web Intelligence
savonaccess.sys Tue Feb 18 11:02:49 2014 (53038429):
http://sysnative.com/drivers/driver.php?id=savonaccess.sys
How to remove Sophos Endpoint Security and Control from client computers.
http://www.sophos.com/en-us/support/knowledgebase/12360.aspx
If the steps in the link are unworkable, Download "autoruns" and use it to locate and delete the driver, after making certain that all Microsoft entries have been hidden, to eliminate the possibility of a mistake.(instructions in the youtube video link below.)
Autoruns for Windows
v13.01
This utility, which has the most comprehensive knowledge of auto-starting locations of any startup monitor, shows you what programs are configured to run during system bootup or login, and shows you the entries in the order Windows processes them. These
programs include ones in your startup folder, Run, RunOnce, and other Registry keys. You can configure Autoruns to show other locations, including Explorer shell extensions, toolbars, browser helper objects, Winlogon notifications, auto-start services, and
much more. Autoruns goes way beyond the MSConfig utility bundled with Windows Me and XP.
Autoruns' Hide Signed Microsoft Entries option helps you to zoom in on third-party auto-starting images that have been added to your system and it has support for looking at the auto-starting images configured for other accounts configured on a system
https://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
How to use Autoruns.
https://www.youtube.com/watch?v=HhtSDsQYi28
You can also use autoruns to locate and delete qkqhvnr.sys. There is very little information about it, which leads me to believe that it is probably Malware related.
qkqhvnr.sys Mon Aug 05 18:33:54 2013 (52002852)
Note: Just to be safe, you can create a restore point, before deleting the drivers.
Use Autoruns to Manually Clean an Infected PC
http://www.howtogeek.com/howto/12837/use-autoruns-to-manually-clean-an-infected-pc/
Uninstall both drivers below
sptd.sys Thu Dec 11 09:52:44 2014 (5489AFBC):
http://sysnative.com/drivers/driver.php?id=sptd.sys
dtsoftbus01.sys Fri Jan 13 08:45:46 2012 (4F10358A):
http://sysnative.com/drivers/driver.php?id=dtsoftbus01.sys
After taking the steps above, monitor the system and if the BSOD reoccurs, upload and share a link to the new file.
- Marked as answer by ZigZag3143xMVP, Moderator 15 hours 21 minutes ago
You need to first rid your system of drivers that are known to cause BSOD's, and leftover or corrupt drivers that could potentially be in conflict with other drivers.
The two drivers below are components of Sophos Anti-virus and as far as i can determine, your your MBAM installation is, the pro version. This is likely a problem. To avoid that possibility, remove any and all remnants of Sophos, then uninstall and reinstall MBAM.
swi_callout.sys Mon Jul 28 10:26:00 2014 (53D65D78)<== Sophos Web Intelligence
savonaccess.sys Tue Feb 18 11:02:49 2014 (53038429):
http://sysnative.com/drivers/driver.php?id=savonaccess.sys
How to remove Sophos Endpoint Security and Control from client computers.
http://www.sophos.com/en-us/support/knowledgebase/12360.aspx
If the steps in the link are unworkable, Download "autoruns" and use it to locate and delete the driver, after making certain that all Microsoft entries have been hidden, to eliminate the possibility of a mistake.(instructions in the youtube video link below.)
Autoruns for Windows
v13.01
This utility, which has the most comprehensive knowledge of auto-starting locations of any startup monitor, shows you what programs are configured to run during system bootup or login, and shows you the entries in the order Windows processes them. These
programs include ones in your startup folder, Run, RunOnce, and other Registry keys. You can configure Autoruns to show other locations, including Explorer shell extensions, toolbars, browser helper objects, Winlogon notifications, auto-start services, and
much more. Autoruns goes way beyond the MSConfig utility bundled with Windows Me and XP.
Autoruns' Hide Signed Microsoft Entries option helps you to zoom in on third-party auto-starting images that have been added to your system and it has support for looking at the auto-starting images configured for other accounts configured on a system
https://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
How to use Autoruns.
https://www.youtube.com/watch?v=HhtSDsQYi28
You can also use autoruns to locate and delete qkqhvnr.sys. There is very little information about it, which leads me to believe that it is probably Malware related.
qkqhvnr.sys Mon Aug 05 18:33:54 2013 (52002852)
Note: Just to be safe, you can create a restore point, before deleting the drivers.
Use Autoruns to Manually Clean an Infected PC
http://www.howtogeek.com/howto/12837/use-autoruns-to-manually-clean-an-infected-pc/
Uninstall both drivers below
sptd.sys Thu Dec 11 09:52:44 2014 (5489AFBC):
http://sysnative.com/drivers/driver.php?id=sptd.sys
dtsoftbus01.sys Fri Jan 13 08:45:46 2012 (4F10358A):
http://sysnative.com/drivers/driver.php?id=dtsoftbus01.sys
After taking the steps above, monitor the system and if the BSOD reoccurs, upload and share a link to the new file.
- Marked as answer by ZigZag3143xMVP, Moderator Friday, March 20, 2015 3:58 PM
Thank you for your excellent guidance; I did learn a lot.
I did try using AutoRuns to remove several drivers mentioned in your last message.
I even disconnected my CD-ROM and I repeatedly run verifier with/without hiding MS drivers and resulted in several crashes.
The dump files are here:
http://1drv.ms/1O8zZHP
Getting tired of these frustrations and start thinking about reinstall everything.
However, did learn a lot from you guys. TKS.
Please update or uninstall ntk_PowerDVD_64.sys
ntk_PowerDVD_64.sys: http://sysnative.com/drivers/driver.php?id=ntk_PowerDVD_64.sys
BUGCHECK_STR: 0xc4_62
IMAGE_NAME: ntk_PowerDVD_64.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4c57db8c
MODULE_NAME: ntk_PowerDVD_64
FAULTING_MODULE: fffff8018a400000 ntk_PowerDVD_64
VERIFIER_DRIVER_ENTRY: dt nt!_MI_VERIFIER_DRIVER_ENTRY ffffe0000877f010
Symbol nt!_MI_VERIFIER_DRIVER_ENTRY not found.
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: services.exe
CURRENT_IRQL: 2
LAST_CONTROL_TRANSFER: from fffff800f6ef86b0 to fffff800f69c39a0
STACK_TEXT:
ffffd000`293fd2c8 fffff800`f6ef86b0 : 00000000`000000c4 00000000`00000062 ffffe000`09204a78 ffffe000`0877f010 : nt!KeBugCheckEx
ffffd000`293fd2d0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!VerifierBugCheckIfAppropriate+0x3c
STACK_COMMAND: kb
FOLLOWUP_NAME: MachineOwner
FAILURE_BUCKET_ID: X64_0xc4_62_LEAKED_POOL_IMAGE_ntk_PowerDVD_64.sys
BUCKET_ID: X64_0xc4_62_LEAKED_POOL_IMAGE_ntk_PowerDVD_64.sys
Followup: MachineOwner
---------
Please update or uninstall ntk_PowerDVD_64.sys
ntk_PowerDVD_64.sys: http://sysnative.com/drivers/driver.php?id=ntk_PowerDVD_64.sys
BUGCHECK_STR: 0xc4_62
IMAGE_NAME: ntk_PowerDVD_64.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4c57db8c
MODULE_NAME: ntk_PowerDVD_64
FAULTING_MODULE: fffff8018a400000 ntk_PowerDVD_64
VERIFIER_DRIVER_ENTRY: dt nt!_MI_VERIFIER_DRIVER_ENTRY ffffe0000877f010
Symbol nt!_MI_VERIFIER_DRIVER_ENTRY not found.
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: services.exe
CURRENT_IRQL: 2
LAST_CONTROL_TRANSFER: from fffff800f6ef86b0 to fffff800f69c39a0
STACK_TEXT:
ffffd000`293fd2c8 fffff800`f6ef86b0 : 00000000`000000c4 00000000`00000062 ffffe000`09204a78 ffffe000`0877f010 : nt!KeBugCheckEx
ffffd000`293fd2d0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!VerifierBugCheckIfAppropriate+0x3c
STACK_COMMAND: kb
FOLLOWUP_NAME: MachineOwner
FAILURE_BUCKET_ID: X64_0xc4_62_LEAKED_POOL_IMAGE_ntk_PowerDVD_64.sys
BUCKET_ID: X64_0xc4_62_LEAKED_POOL_IMAGE_ntk_PowerDVD_64.sys
Followup: MachineOwner
---------
- Marked as answer by ZigZag3143xMVP, Moderator 15 hours 21 minutes ago
Please update or uninstall ntk_PowerDVD_64.sys
ntk_PowerDVD_64.sys: http://sysnative.com/drivers/driver.php?id=ntk_PowerDVD_64.sys
BUGCHECK_STR: 0xc4_62
IMAGE_NAME: ntk_PowerDVD_64.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4c57db8c
MODULE_NAME: ntk_PowerDVD_64
FAULTING_MODULE: fffff8018a400000 ntk_PowerDVD_64
VERIFIER_DRIVER_ENTRY: dt nt!_MI_VERIFIER_DRIVER_ENTRY ffffe0000877f010
Symbol nt!_MI_VERIFIER_DRIVER_ENTRY not found.
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: services.exe
CURRENT_IRQL: 2
LAST_CONTROL_TRANSFER: from fffff800f6ef86b0 to fffff800f69c39a0
STACK_TEXT:
ffffd000`293fd2c8 fffff800`f6ef86b0 : 00000000`000000c4 00000000`00000062 ffffe000`09204a78 ffffe000`0877f010 : nt!KeBugCheckEx
ffffd000`293fd2d0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!VerifierBugCheckIfAppropriate+0x3c
STACK_COMMAND: kb
FOLLOWUP_NAME: MachineOwner
FAILURE_BUCKET_ID: X64_0xc4_62_LEAKED_POOL_IMAGE_ntk_PowerDVD_64.sys
BUCKET_ID: X64_0xc4_62_LEAKED_POOL_IMAGE_ntk_PowerDVD_64.sys
Followup: MachineOwner
---------
- Marked as answer by ZigZag3143xMVP, Moderator Friday, March 20, 2015 3:58 PM
1. I have uninstalled PowerDVD and run SFC /scannow. Two corrupt system files found which are unable to repair: WebServer.Events.xml and CNBJ2530.DPB.
2. I copy a good WebServer.Events.xml from another health desktop to replace the corrupt one. However, the same trick did not work for CNBJ2530.DPB.
2. Then, SFCFIX was executed and the DISM repaired Amd64\CNBJ2530.DPB.
3. Currently, my desktop has survived for 16 hours. I hope the blue screen will not popup again.
My problem might start from a vicious malware and thank you experts for guiding and supporting me through all of this.
Regards
Fred Yang
- Marked as answer by Fred Yang Saturday, March 21, 2015 2:58 AM