BSOD needs help (Network Steve Forum)

BSOD needs help

I have been stuck with BSOD for a couple of days.

Can anyone help me out? The minidump and system info are achieved in the following:

http://1drv.ms/1HTVs2V

Appreciate any help!!

Fred Yang

March 15th, 2015 5:26am

These crashes were related to memory corruption (probably caused by a driver).

Please run these two tests to verify your memory and find which driver is causing the problem. Please run verifier first. You do not need to run memtest yet unless you want to.

If you are over-clocking anything reset to default before running these tests.
In other words STOP!!!

If you do not know what this means you probably are not

1-Driver verifier (for complete directions see our wiki here)
2-Memtest. (You can read more about running memtest here)

Free Windows Admin Tool Kit Click here and download it now

March 15th, 2015 6:46am

Hi Fred,

Please take ZigZag`s suggestions and upload the latest dmp files here.

Best regards

March 16th, 2015 10:26pm

I did memtest and no problem was found.

I did driverTest too and got dump files. In addition, I started to learn and did a rough WinDbg analysis and bugs are still not identified.

The minidump folder, event log, and results of WinDbg analysis are archieved in the following:

http://1drv.ms/1LrIgI6

Appreciate any help.

Free Windows Admin Tool Kit Click here and download it now

March 17th, 2015 10:36pm

Neither of those had verifier enabled. What were the results when you typed verifier /query?

March 18th, 2015 3:08am

Thank you guys for helping me.

I did the verifier checking again and finally got the dump files generated.

The attached is the minidump folder and checking results from WinDbg.

Link to the attached files is here: http://1drv.ms/1xeo0Ue

It seems that the trouble driver is Wdf01000.sys.

How shall I fix this?

TKS

Free Windows Admin Tool Kit Click here and download it now

March 18th, 2015 10:01am

Porbably something wrong with your CD-ROM:

STACK_COMMAND: kb

SYMBOL_STACK_INDEX: 8

SYMBOL_NAME: cdrom!RequestSend+b2

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: cdrom

IMAGE_NAME: cdrom.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 5215cfeb

IMAGE_VERSION: 6.3.9600.16384

BUCKET_ID_FUNC_OFFSET: b2

FAILURE_BUCKET_ID: 0xc9_23e_cdrom!RequestSend

BUCKET_ID: 0xc9_23e_cdrom!RequestSend

ANALYSIS_SOURCE: KM

FAILURE_ID_HASH_STRING: km:0xc9_23e_cdrom!requestsend

FAILURE_ID_HASH: {404afcb2-8548-3115-b967-6211baa2f917}

Followup: MachineOwner

March 18th, 2015 10:20am

Thank you guys for helping me.

I did the verifier checking again and finally got the dump files generated.

The attached is the minidump folder and checking results from WinDbg.

Link to the attached files is here: http://1drv.ms/1xeo0Ue

It seems that the trouble driver is Wdf01000.sys.

How shall I fix this?

TKS

Driver verified and related to cdrom.sys. Because this is an OS driver I would run a system file check & DISM to check the state of that driver

Please run a system file check (SFC) & DISM if you are on win 8 or higher
All instructions are in our Wiki article below...
Should you have any questions please ask us.

System file check (SFC) Scan and Repair System Files

Old drivers needing updating

npf.sys   10/20/2009 2:00:19 PM
ntk_PowerDVD_64.sys   8/3/2010 5:04:12 AM
MHIKEY10x64.sys   9/15/2010 4:46:12 AM
000.fcl   11/18/2010 8:53:28 PM
vmm.sys   12/28/2011 9:28:47 AM
dtsoftbus01.sys   1/13/2012 9:45:46 AM

Microsoft (R) Windows Debugger Version 6.3.9600.17298 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\Ken\Desktop\Minidump\031815-49921-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available


************* Symbol Path validation summary **************
Response                         Time (ms)     Location
Deferred                                       SRV*E:\Symbols*http://msdl.microsoft.com/download/symbols
Symbol search path is: SRV*E:\Symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 8 Kernel Version 9600 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 9600.17668.amd64fre.winblue_r8.150127-1500
Machine Name:
Kernel base = 0xfffff800`7bc8f000 PsLoadedModuleList = 0xfffff800`7bf68250
Debug session time: Wed Mar 18 09:08:32.847 2015 (UTC - 4:00)
System Uptime: 0 days 0:00:15.684
Loading Kernel Symbols
..

Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
Run !sym noisy before .reload to track down problems loading symbols.

.............................................................
..............................................................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck C9, {23e, ffffe001f009b2c0, ffffcf8114ee6ea0, 0}

Probably caused by : cdrom.sys ( cdrom!RequestSend+b2 )

Followup: MachineOwner
---------

6: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_VERIFIER_IOMANAGER_VIOLATION (c9)
The IO manager has caught a misbehaving driver.
Arguments:
Arg1: 000000000000023e, A driver has marked an IRP pending but didn't return STATUS_PENDING.
Arg2: ffffe001f009b2c0, The address in the driver's code where the error was detected.
Arg3: ffffcf8114ee6ea0, IRP address.
Arg4: 0000000000000000, Status code.

Debugging Details:
------------------


DUMP_FILE_ATTRIBUTES: 0x8
  Kernel Generated Triage Dump

BUGCHECK_STR:  0xc9_23e

DRIVER_VERIFIER_IO_VIOLATION_TYPE:  23e

FAULTING_IP: 
+50d06c3480
ffffe001`f009b2c0 4883ec48        sub     rsp,48h

FOLLOWUP_IP: 
cdrom!RequestSend+b2
fffff800`9eca1432 0fb6d8          movzx   ebx,al

IRP_ADDRESS: ffffcf8114ee6ea0

DEVICE_OBJECT: ffffe001f080f060

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT

PROCESS_NAME:  System

CURRENT_IRQL:  2

ANALYSIS_VERSION: 6.3.9600.17298 (debuggers(dbg).141024-1500) amd64fre

LOCK_ADDRESS:  fffff8007bf72be0 -- (!locks fffff8007bf72be0)

Resource @ nt!PiEngineLock (0xfffff8007bf72be0)    Available

WARNING: SystemResourcesList->Flink chain invalid. Resource may be corrupted, or already deleted.


WARNING: SystemResourcesList->Blink chain invalid. Resource may be corrupted, or already deleted.

1 total locks

PNP_TRIAGE: 
	Lock address  : 0xfffff8007bf72be0
	Thread Count  : 0
	Thread address: 0x0000000000000000
	Thread wait   : 0x0

LAST_CONTROL_TRANSFER:  from fffff8007c3146b0 to fffff8007bddf9a0

STACK_TEXT:  
ffffd000`a8ba12e8 fffff800`7c3146b0 : 00000000`000000c9 00000000`0000023e ffffe001`f009b2c0 ffffcf81`14ee6ea0 : nt!KeBugCheckEx
ffffd000`a8ba12f0 fffff800`7c317171 : fffff800`7c307470 ffffe001`f009b2c0 ffffcf81`14ee6ea0 00000000`00000000 : nt!VerifierBugCheckIfAppropriate+0x3c
ffffd000`a8ba1330 fffff800`7c30dbd2 : ffffe001`f05737f0 ffffd000`a8ba1490 ffffe001`f05fba10 00000000`00000000 : nt!ViErrorFinishReport+0x10d
ffffd000`a8ba1390 fffff800`7c313bd5 : ffffe001`f0139110 00000000`00000000 ffffe001`f05737f0 ffffd000`a8ba1bb0 : nt!IovpCallDriver2+0x33e
ffffd000`a8ba1760 fffff800`7c308928 : ffffcf81`14ee6ea0 00000000`00000002 ffffcf81`14ee6ea0 ffffd000`a8ba19a0 : nt!VfAfterCallDriver+0x289
ffffd000`a8ba17f0 fffff800`9e407711 : ffffe001`f0f3fa20 ffffd000`a8ba18d9 ffffe001`f08e19b0 ffffe001`f05737f0 : nt!IovCallDriver+0x3e4
ffffd000`a8ba1840 fffff800`9e407fe9 : ffffcf81`14ee6f00 ffffcf81`14ee6f90 00001ffe`0f0c0500 ffffd000`a8ba19a0 : Wdf01000!FxIoTarget::SubmitSync+0x191
ffffd000`a8ba1940 fffff800`9eca1432 : ffffe001`00000020 ffffe001`f0f3fa20 ffffe001`f08e19b0 00000000`00000000 : Wdf01000!imp_WdfRequestSend+0xe9
ffffd000`a8ba19a0 fffff800`9ecb77a2 : ffffd000`a8ba1b01 ffffcf81`14ee6ea0 ffffe001`f0f2d190 ffffe001`f0f3fbc0 : cdrom!RequestSend+0xb2
ffffd000`a8ba1a10 fffff800`9ecb7617 : ffffd000`a8ba1bb0 ffffd000`a8ba1be9 ffffe001`f0f33f40 ffffe001`f08ee901 : cdrom!DeviceSendRequestSynchronously+0x7e
ffffd000`a8ba1a50 fffff800`9ecbbf72 : 00001ffe`0f7119a8 ffffd000`a8ba1b00 00000000`00000000 ffffd000`00000024 : cdrom!DeviceSendSrbSynchronously+0x357
ffffd000`a8ba1b80 fffff800`9ecb8ee4 : ffffe001`00000002 ffffe001`f08ee940 00001ffe`0f7119a8 00000000`00000000 : cdrom!DeviceCacheDeviceInquiryData+0xaa
ffffd000`a8ba1c50 fffff800`9e4328c3 : 00000000`00000000 00000000`00000010 00000000`00000000 fffff800`9e4a13d0 : cdrom!DeviceEvtSelfManagedIoInit+0x100
ffffd000`a8ba1cd0 fffff800`9e426e49 : 00000000`00000002 00000000`0000000c fffff800`9e4a3c00 fffff800`9e4a3c00 : Wdf01000!FxSelfManagedIoMachine::Init+0x33
ffffd000`a8ba1d00 fffff800`9e4161fe : ffffe001`f08efa50 00000000`00000000 ffffd000`a8ba1ea0 fffff800`9e4a3c00 : Wdf01000!FxSelfManagedIoMachine::ProcessEvent+0x111
ffffd000`a8ba1d70 fffff800`9e412268 : 00000000`00000312 ffffd000`a8ba1ea0 fffff800`9e4a3be0 ffffd000`a8ba1de0 : Wdf01000!FxPkgPnp::PowerD0StartingStartSelfManagedIo+0x4f
ffffd000`a8ba1da0 fffff800`9e41265a : ffffe001`f08efc28 00000000`00000000 ffffe001`f08efa50 fffff800`9e4a39c0 : Wdf01000!FxPkgPnp::PowerEnterNewState+0x138
ffffd000`a8ba1ef0 fffff800`9e4123df : 00000000`00000000 ffffd000`a8ba1fe0 ffffe001`f08efc50 00000000`00000504 : Wdf01000!FxPkgPnp::PowerProcessEventInner+0xc6
ffffd000`a8ba1f70 fffff800`9e416062 : 00000000`00000000 ffffe001`f08efa50 00000000`00000501 ffffd000`a8ba21a0 : Wdf01000!FxPkgPnp::PowerProcessEvent+0xef
ffffd000`a8ba2010 fffff800`9e411c74 : ffffe001`f08efa50 ffffd000`a8ba20b0 00000000`00000500 ffffe001`f080f060 : Wdf01000!FxPkgPnp::NotPowerPolOwnerStarting+0xe
ffffd000`a8ba2040 fffff800`9e412069 : ffffe001`f08efd00 00000000`00000000 ffffe001`f08efa50 00000000`00000001 : Wdf01000!FxPkgPnp::NotPowerPolicyOwnerEnterNewState+0xf4
ffffd000`a8ba20d0 fffff800`9e411dd8 : 00000000`00000000 ffffd000`a8ba21c0 ffffe001`f08efd28 fffff800`9e40bdc6 : Wdf01000!FxPkgPnp::PowerPolicyProcessEventInner+0x1df
ffffd000`a8ba2150 fffff800`9e418022 : 00000000`00000000 ffffe001`f08ef3a0 00000000`00000000 00000000`00000000 : Wdf01000!FxPkgPnp::PowerPolicyProcessEvent+0x10c
ffffd000`a8ba21f0 fffff800`9e410942 : 00000000`00000101 00000000`00000108 00000000`00000108 fffff800`7c3169ee : Wdf01000!FxPkgPnp::PnpEventHardwareAvailable+0x9e
ffffd000`a8ba2230 fffff800`9e410a5a : ffffe001`f08efba8 00000000`00000002 ffffe001`f08efa50 ffffe001`f08efb00 : Wdf01000!FxPkgPnp::PnpEnterNewState+0x102
ffffd000`a8ba22c0 fffff800`9e410bc4 : 00000000`00000000 ffffd000`a8ba23b0 ffffe001`f08efb80 00000000`00000000 : Wdf01000!FxPkgPnp::PnpProcessEventInner+0xc2
ffffd000`a8ba2340 fffff800`9e41727a : 00000000`00000000 ffffe001`f08efa50 00000000`00000000 ffffe001`f08efa50 : Wdf01000!FxPkgPnp::PnpProcessEvent+0xe4
ffffd000`a8ba23e0 fffff800`9e40b936 : ffffe001`f08efa50 ffffd000`a8ba2470 00000000`00000000 ffffe001`f01c2950 : Wdf01000!FxPkgPnp::_PnpStartDevice+0x1e
ffffd000`a8ba2410 fffff800`9e406a18 : ffffcf81`14efcdc0 ffffcf81`14efcdc0 00000000`0000001b ffffe001`f08ee650 : Wdf01000!FxPkgPnp::Dispatch+0xd2
ffffd000`a8ba2480 fffff800`7c308911 : ffffe001`f0573d70 00000000`00000002 ffffe001`f080f060 fffff800`7c314471 : Wdf01000!FxDevice::DispatchWithLock+0x7d8
ffffd000`a8ba2560 fffff800`7c0dee62 : ffffcf81`14efcdc0 ffffe001`f09fc330 ffffe001`f08ef3a0 ffffe001`f0573cd0 : nt!IovCallDriver+0x3cd
ffffd000`a8ba25b0 fffff800`7bd3db91 : ffffe001`f080f060 ffffd000`a8ba2659 00000000`00000000 fffff800`7c0d6288 : nt!PnpAsynchronousCall+0x102
ffffd000`a8ba25f0 fffff800`7c08b21b : ffffe001`f0854760 ffffe001`f0854760 ffffe001`f09fc330 00000000`00000001 : nt!PnpStartDevice+0xc5
ffffd000`a8ba26c0 fffff800`7c08b09b : ffffe001`f0854760 ffffe001`f0854760 00000000`00000000 ffffe001`f0854760 : nt!PnpStartDeviceNode+0x147
ffffd000`a8ba2790 fffff800`7c0d46ae : ffffe001`f0854760 00000000`00000001 00000000`00000001 ffffe001`ed0e9d30 : nt!PipProcessStartPhase1+0x53
ffffd000`a8ba27d0 fffff800`7c1aa2e3 : ffffe001`ed1be1a0 00000000`00000001 00000000`00000000 fffff800`7c0798ae : nt!PipProcessDevNodeTree+0x3ce
ffffd000`a8ba2a50 fffff800`7bd3e4a0 : 00000001`00000003 00000000`00000000 ffffe001`eebb6880 ffffe001`eebb69c0 : nt!PiProcessStartSystemDevices+0x87
ffffd000`a8ba2aa0 fffff800`7bd3a3ac : fffff800`7bd3e0e4 fffff800`7bf71600 ffffe001`eebb6880 fffff800`0000001a : nt!PnpDeviceActionWorker+0x3bc
ffffd000`a8ba2b50 fffff800`7bd67280 : ffffe001`ed186040 ffffe001`eebb6880 00000000`00000080 ffffe001`eebb6880 : nt!ExpWorkerThread+0x28c
ffffd000`a8ba2c00 fffff800`7bde5fc6 : ffffd000`a8528180 ffffe001`eebb6880 ffffe001`ed186040 000002f8`504d4554 : nt!PspSystemThreadStartup+0x58
ffffd000`a8ba2c60 00000000`00000000 : ffffd000`a8ba3000 ffffd000`a8b9d000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16


STACK_COMMAND:  kb

SYMBOL_STACK_INDEX:  8

SYMBOL_NAME:  cdrom!RequestSend+b2

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: cdrom

IMAGE_NAME:  cdrom.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  5215cfeb

IMAGE_VERSION:  6.3.9600.16384

BUCKET_ID_FUNC_OFFSET:  b2

FAILURE_BUCKET_ID:  0xc9_23e_cdrom!RequestSend

BUCKET_ID:  0xc9_23e_cdrom!RequestSend

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:0xc9_23e_cdrom!requestsend

FAILURE_ID_HASH:  {404afcb2-8548-3115-b967-6211baa2f917}

Followup: MachineOwner
---------

Free Windows Admin Tool Kit Click here and download it now

March 18th, 2015 10:31am

You need to first rid your system of drivers that are known to cause BSOD's, and leftover or corrupt drivers that could potentially be in conflict with other drivers.

The two drivers below are components of Sophos Anti-virus and as far as i can determine, your your MBAM installation is, the pro version. This is likely a problem. To avoid that possibility, remove any and all remnants of Sophos, then uninstall and reinstall MBAM.

swi_callout.sys Mon Jul 28 10:26:00 2014 (53D65D78)<== Sophos Web Intelligence
savonaccess.sys Tue Feb 18 11:02:49 2014 (53038429): http://sysnative.com/drivers/driver.php?id=savonaccess.sys

How to remove Sophos Endpoint Security and Control from client computers.
http://www.sophos.com/en-us/support/knowledgebase/12360.aspx

If the steps in the link are unworkable, Download "autoruns" and use it to locate and delete the driver, after making certain that all Microsoft entries have been hidden, to eliminate the possibility of a mistake.(instructions in the youtube video link below.)

Autoruns for Windows
v13.01

This utility, which has the most comprehensive knowledge of auto-starting locations of any startup monitor, shows you what programs are configured to run during system bootup or login, and shows you the entries in the order Windows processes them. These programs include ones in your startup folder, Run, RunOnce, and other Registry keys. You can configure Autoruns to show other locations, including Explorer shell extensions, toolbars, browser helper objects, Winlogon notifications, auto-start services, and much more. Autoruns goes way beyond the MSConfig utility bundled with Windows Me and XP.
Autoruns' Hide Signed Microsoft Entries option helps you to zoom in on third-party auto-starting images that have been added to your system and it has support for looking at the auto-starting images configured for other accounts configured on a system
https://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
How to use Autoruns.
https://www.youtube.com/watch?v=HhtSDsQYi28

You can also use autoruns to locate and delete qkqhvnr.sys. There is very little information about it, which leads me to believe that it is probably Malware related.

qkqhvnr.sys Mon Aug 05 18:33:54 2013 (52002852)
Note: Just to be safe, you can create a restore point, before deleting the drivers.

Use Autoruns to Manually Clean an Infected PC
http://www.howtogeek.com/howto/12837/use-autoruns-to-manually-clean-an-infected-pc/

Uninstall both drivers below

sptd.sys Thu Dec 11 09:52:44 2014 (5489AFBC): http://sysnative.com/drivers/driver.php?id=sptd.sys
dtsoftbus01.sys Fri Jan 13 08:45:46 2012 (4F10358A): http://sysnative.com/drivers/driver.php?id=dtsoftbus01.sys

After taking the steps above, monitor the system and if the BSOD reoccurs, upload and share a link to the new file.

March 18th, 2015 7:40pm

You need to first rid your system of drivers that are known to cause BSOD's, and leftover or corrupt drivers that could potentially be in conflict with other drivers.

swi_callout.sys Mon Jul 28 10:26:00 2014 (53D65D78)<== Sophos Web Intelligence
savonaccess.sys Tue Feb 18 11:02:49 2014 (53038429): http://sysnative.com/drivers/driver.php?id=savonaccess.sys

How to remove Sophos Endpoint Security and Control from client computers.
http://www.sophos.com/en-us/support/knowledgebase/12360.aspx

Autoruns for Windows
v13.01

You can also use autoruns to locate and delete qkqhvnr.sys. There is very little information about it, which leads me to believe that it is probably Malware related.

qkqhvnr.sys Mon Aug 05 18:33:54 2013 (52002852)
Note: Just to be safe, you can create a restore point, before deleting the drivers.

Use Autoruns to Manually Clean an Infected PC
http://www.howtogeek.com/howto/12837/use-autoruns-to-manually-clean-an-infected-pc/

Uninstall both drivers below

After taking the steps above, monitor the system and if the BSOD reoccurs, upload and share a link to the new file.

Marked as answer by ZigZag3143xMVP, Moderator 15 hours 21 minutes ago

Free Windows Admin Tool Kit Click here and download it now

March 18th, 2015 11:38pm

You need to first rid your system of drivers that are known to cause BSOD's, and leftover or corrupt drivers that could potentially be in conflict with other drivers.

swi_callout.sys Mon Jul 28 10:26:00 2014 (53D65D78)<== Sophos Web Intelligence
savonaccess.sys Tue Feb 18 11:02:49 2014 (53038429): http://sysnative.com/drivers/driver.php?id=savonaccess.sys

How to remove Sophos Endpoint Security and Control from client computers.
http://www.sophos.com/en-us/support/knowledgebase/12360.aspx

Autoruns for Windows
v13.01

You can also use autoruns to locate and delete qkqhvnr.sys. There is very little information about it, which leads me to believe that it is probably Malware related.

qkqhvnr.sys Mon Aug 05 18:33:54 2013 (52002852)
Note: Just to be safe, you can create a restore point, before deleting the drivers.

Use Autoruns to Manually Clean an Infected PC
http://www.howtogeek.com/howto/12837/use-autoruns-to-manually-clean-an-infected-pc/

Uninstall both drivers below

After taking the steps above, monitor the system and if the BSOD reoccurs, upload and share a link to the new file.

Marked as answer by ZigZag3143xMVP, Moderator Friday, March 20, 2015 3:58 PM

March 18th, 2015 11:38pm

Thank you for your excellent guidance; I did learn a lot.

I did try using AutoRuns to remove several drivers mentioned in your last message.

I even disconnected my CD-ROM and I repeatedly run verifier with/without hiding MS drivers and resulted in several crashes.

The dump files are here:

http://1drv.ms/1O8zZHP

Getting tired of these frustrations and start thinking about reinstall everything.

However, did learn a lot from you guys. TKS.

Free Windows Admin Tool Kit Click here and download it now

March 19th, 2015 5:56am

Please update or uninstall ntk_PowerDVD_64.sys

ntk_PowerDVD_64.sys: http://sysnative.com/drivers/driver.php?id=ntk_PowerDVD_64.sys

BUGCHECK_STR: 0xc4_62

IMAGE_NAME: ntk_PowerDVD_64.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4c57db8c

MODULE_NAME: ntk_PowerDVD_64

FAULTING_MODULE: fffff8018a400000 ntk_PowerDVD_64

VERIFIER_DRIVER_ENTRY: dt nt!_MI_VERIFIER_DRIVER_ENTRY ffffe0000877f010
Symbol nt!_MI_VERIFIER_DRIVER_ENTRY not found.

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

PROCESS_NAME: services.exe

CURRENT_IRQL: 2

LAST_CONTROL_TRANSFER: from fffff800f6ef86b0 to fffff800f69c39a0

STACK_TEXT:
ffffd000`293fd2c8 fffff800`f6ef86b0 : 00000000`000000c4 00000000`00000062 ffffe000`09204a78 ffffe000`0877f010 : nt!KeBugCheckEx
ffffd000`293fd2d0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!VerifierBugCheckIfAppropriate+0x3c

STACK_COMMAND: kb

FOLLOWUP_NAME: MachineOwner

FAILURE_BUCKET_ID: X64_0xc4_62_LEAKED_POOL_IMAGE_ntk_PowerDVD_64.sys

BUCKET_ID: X64_0xc4_62_LEAKED_POOL_IMAGE_ntk_PowerDVD_64.sys

Followup: MachineOwner
---------

March 19th, 2015 6:46am

Please update or uninstall ntk_PowerDVD_64.sys

ntk_PowerDVD_64.sys: http://sysnative.com/drivers/driver.php?id=ntk_PowerDVD_64.sys

BUGCHECK_STR: 0xc4_62

IMAGE_NAME: ntk_PowerDVD_64.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4c57db8c

MODULE_NAME: ntk_PowerDVD_64

FAULTING_MODULE: fffff8018a400000 ntk_PowerDVD_64

VERIFIER_DRIVER_ENTRY: dt nt!_MI_VERIFIER_DRIVER_ENTRY ffffe0000877f010
Symbol nt!_MI_VERIFIER_DRIVER_ENTRY not found.

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

PROCESS_NAME: services.exe

CURRENT_IRQL: 2

LAST_CONTROL_TRANSFER: from fffff800f6ef86b0 to fffff800f69c39a0

STACK_COMMAND: kb

FOLLOWUP_NAME: MachineOwner

FAILURE_BUCKET_ID: X64_0xc4_62_LEAKED_POOL_IMAGE_ntk_PowerDVD_64.sys

BUCKET_ID: X64_0xc4_62_LEAKED_POOL_IMAGE_ntk_PowerDVD_64.sys

Followup: MachineOwner
---------

Marked as answer by ZigZag3143xMVP, Moderator 15 hours 21 minutes ago

Free Windows Admin Tool Kit Click here and download it now

March 19th, 2015 10:44am

Please update or uninstall ntk_PowerDVD_64.sys

ntk_PowerDVD_64.sys: http://sysnative.com/drivers/driver.php?id=ntk_PowerDVD_64.sys

BUGCHECK_STR: 0xc4_62

IMAGE_NAME: ntk_PowerDVD_64.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4c57db8c

MODULE_NAME: ntk_PowerDVD_64

FAULTING_MODULE: fffff8018a400000 ntk_PowerDVD_64

VERIFIER_DRIVER_ENTRY: dt nt!_MI_VERIFIER_DRIVER_ENTRY ffffe0000877f010
Symbol nt!_MI_VERIFIER_DRIVER_ENTRY not found.

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

PROCESS_NAME: services.exe

CURRENT_IRQL: 2

LAST_CONTROL_TRANSFER: from fffff800f6ef86b0 to fffff800f69c39a0

STACK_COMMAND: kb

FOLLOWUP_NAME: MachineOwner

FAILURE_BUCKET_ID: X64_0xc4_62_LEAKED_POOL_IMAGE_ntk_PowerDVD_64.sys

BUCKET_ID: X64_0xc4_62_LEAKED_POOL_IMAGE_ntk_PowerDVD_64.sys

Followup: MachineOwner
---------

Marked as answer by ZigZag3143xMVP, Moderator Friday, March 20, 2015 3:58 PM

March 19th, 2015 10:44am

1. I have uninstalled PowerDVD and run SFC /scannow. Two corrupt system files found which are unable to repair: WebServer.Events.xml and CNBJ2530.DPB.

2. I copy a good WebServer.Events.xml from another health desktop to replace the corrupt one. However, the same trick did not work for CNBJ2530.DPB.

2. Then, SFCFIX was executed and the DISM repaired Amd64\CNBJ2530.DPB.

3. Currently, my desktop has survived for 16 hours. I hope the blue screen will not popup again.

My problem might start from a vicious malware and thank you experts for guiding and supporting me through all of this.

Regards

Fred Yang

Free Windows Admin Tool Kit Click here and download it now

March 19th, 2015 10:59pm

You are welcome!

Marked as answer by Fred Yang 4 hours 21 minutes ago

March 20th, 2015 11:42am

You are welcome!

Marked as answer by Fred Yang Saturday, March 21, 2015 2:58 AM

Free Windows Admin Tool Kit Click here and download it now

March 20th, 2015 3:40pm

This topic is archived. No further replies will be accepted.