Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7x64 Machine. BSOD, Crashes, and other frequent problems.


  • Please log in to reply
5 replies to this topic

#1 Ace0fSpades

Ace0fSpades

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:41 AM

Posted 15 January 2016 - 03:39 PM

Good Afternoon,

I'm posting this to see if anyone can help me. Iv'e been searching for solutions to my computer's frequent crash events as of late and I decided it was time to ask for help. So far no solutions I've found have fixed any problems. Actually my computer seems to have degraded further. I have no idea what is causing the crashes. I recently ran numerous antivirus scans and each found a few questionable adware programs and 1 or 2 viruses. I'm by no means skilled with computers so I've been saving logs and backups pending this inevitable day. Any help would be appreciated. I can post further information when needed. Thanks.

 

Some Specs:

Model: Gateway FX6831

Intel I7 860@2.8GHZ

16GB RAM (System states only 7.96 are usable?)

Windows 7 Home Premium 64 bit

Graphics: ASUS GTX 760 DCUII

About a year ago I transferred windows to a 250GB SSD for faster booting. The old 1.5TB is still attached with the majority of my computers files and programs stored there. Additionally there is a 500GB empty drive connected.

 

Edit: Many of the BSOD messages refer to sql errors, system mem, or missing page files. Event viewer now shows many Peer networking and peer name resolution errors (around 15).


Edited by Ace0fSpades, 15 January 2016 - 06:17 PM.


BC AdBot (Login to Remove)

 


#2 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:07:41 AM

Posted 17 January 2016 - 05:25 PM

Sorry for the delay in responding - life got in the way of my posting :0)

 

Please run this report collecting tool so that we can provide a complete analysis:  http://omgdebugging.com/bsod-inspector/
When done a Notepad document will open with the name of the file and it's location.
By default it'll be a .zip file located on your Desktop
Simply upload the .zip file with your next post and we'll move on from there.

 


My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#3 Ace0fSpades

Ace0fSpades
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:41 AM

Posted 20 January 2016 - 03:54 PM

I've been moving for the past few days and I barely got connected to the internet again today. Sorry I took so long. Here are the results to the scan you requested.

Attached File  PC_1_20_2016_11_51_56_AM.zip   6.34MB   3 downloads



#4 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:07:41 AM

Posted 21 January 2016 - 04:48 PM

Your UEFI/BIOS (version P01-A2) dates from 2009.  Please check at the manufacturer's website to see if there are any UEFI/BIOS updates available for your system.  If you are able to install the update through Windows (without booting from an external drive), then go ahead and update it.  WARNING - if the computer might shut down during this procedure, please don't do it, as this may physically damage the computer and prevent it from booting.

Although you appear to have a reasonable number of Windows Update hotfixes for this version of your OS, please double check for any new Windows Updates.  It only takes one update to cause a problem, so it's essential that you have all of them.  The WER section of the MSINFO32 report shows Windows Update failures - this makes it essential that you be sure that you have ALL available updates.  If you can't get it working properly, post back for advice on how to start fixing it.

You have 3 hard drives.  What is the make/model/wattage and age of your Power Supply?

These devices have problems in Device Manager:

 

Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC    PCI\VEN_10EC&DEV_8176&SUBSYS_817610EC&REV_01\4&46F860C&0&00E2    This device is disabled.
Standard PS/2 Keyboard    ACPI\PNP0303\4&F457971&0    This device is not present, is not working properly, or does not have all its drivers installed.
MAC Bridge Miniport    ROOT\MS_BRIDGEMP\0000    This device is disabled.
Microsoft Teredo Tunneling Adapter    ROOT\*TEREDO\0000    This device cannot start.
VirtualBox Host-Only Ethernet Adapter    ROOT\NET\0000    This device is disabled.
Microsoft PS/2 Mouse    ACPI\PNP0F03\4&F457971&0    This device is not present, is not working properly, or does not have all its drivers installed.

Why is the Realtek Wireless Lan device disabled?

If using a USB keyboard and mouse, it's safe to ignore the PS/2 Keyboard and Mouse errors

Why is the MAC Bridge Miniport disabled?

Please right click on the Teredo device and select "Uninstall".  When you reboot, check to be sure that it doesn't come back with a problem.

Why ist eh VirtualBox Ethernet Adapter disabled?  If not using it, please uninstall Virtual Box.

 

Lot's of Live Kernel Events in the WER section of the MSINFO32 report.

Please do the following:
- open Event Viewer (run eventvwr.msc from the "Run" dialog)
- expand the Custom Views category (left click on the > next to the words "Custom Views")
- right click on the "Administrative Events" heading
- select "Save all Events in Custom View as..."
- save the file as Admin.evtx
- zip up the file (right click on it, select "Send to", select "Compressed (zipped) folder")
- upload it with your next post (if it's too big, then upload it to a free file-hosting service and post a link here).

FYI - If we're looking for Event ID 41 errors (unexplained shutdowns), there's more info on that here:  http://support.microsoft.com/kb/2028504

While waiting for a reply, please monitor your temps with this free utility:  http://www.cpuid.com/softwares/hwmonitor.html

Please run these free hardware diagnostics:  http://www.carrona.org/hwdiag.html

Please start with the memory diagnostics.

 

Please update these older drivers. Links are included to assist in looking up the source of the drivers. If unable to find an update, please remove (un-install) the program responsible for that driver. DO NOT manually delete/rename the driver as it may make the system unbootable! :

AmdTools64.sys              Mon Apr 28 13:03:39 2008 (4816036B)
Related to AmdTools64.sys Special Tools Driver from Special Tools Driver}http://support.amd.com/us/gpudownload/windows/Pages/auto_detect.aspx
http://www.carrona.org/drivers/driver.php?id=AmdTools64.sys
 
NTIDrvr.sys                 Tue Mar 24 23:09:39 2009 (49C9A073)
NTI CD-ROM Filter Driver by NewTech Infosystems (likely a part of Acer Empowering Technology)}OEM none at http://www.ntius.com/en/us/support/oem_resources.asp#
http://www.carrona.org/drivers/driver.php?id=NTIDrvr.sys
 
UBHelper.sys                Mon Apr 27 04:48:19 2009 (49F57153)
NTI CD &DVD-Maker or NTI Backup NOW! or NTI CD-Maker by NewTech Infosystems (usually in Acer Empowering Technology)}OEM = none at http://www.ntius.com/en/us/support/oem_resources.asp#
http://www.carrona.org/drivers/driver.php?id=UBHelper.sys
 
If all of this doesn't stop the BSOD's, please run Driver Verifier according to these instructions:  http://www.carrona.org/verifier.html



Analysis:
The following is for informational purposes only.

**************************Fri Jan 15 15:12:18.749 2016 (UTC - 5:00)**************************
Loading Dump File [C:\Users\John\SysnativeBSODApps\011516-33477-01.dmp]
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Built by: 7601.19110.amd64fre.win7sp1_gdr.151230-0600
System Uptime: 0 days 0:10:06.249
Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+33854 )
BugCheck 1A, {41790, fffffa800ad90580, ffff, 0}
BugCheck Info: MEMORY_MANAGEMENT (1a)
Arguments:
Arg1: 0000000000041790, A page table page has been corrupted. On a 64 bit OS, parameter 2
    contains the address of the PFN for the corrupted page table page.
    On a 32 bit OS, parameter 2 contains a pointer to the number of used
    PTEs, and parameter 3 contains the number of used PTEs.
Arg2: fffffa800ad90580
Arg3: 000000000000ffff
Arg4: 0000000000000000
BUGCHECK_STR:  0x1a_41790
PROCESS_NAME:  dllhost.exe
FAILURE_BUCKET_ID:  X64_0x1a_41790_nt!_??_::FNODOBFM::_string_+33854
CPUID:        "Intel® Core™ i7 CPU         860  @ 2.80GHz"
MaxSpeed:     2800
CurrentSpeed: 2793
  BIOS Version                  P01-A2
  BIOS Release Date             12/14/2009
  Manufacturer                  Gateway
  Product Name                  FX6831
  Baseboard Product             H57M01
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``



3rd Party Drivers:
The following is for information purposes only.

**************************Fri Jan 15 15:12:18.749 2016 (UTC - 5:00)**************************
AmdTools64.sys              Mon Apr 28 13:03:39 2008 (4816036B)
NTIDrvr.sys                 Tue Mar 24 23:09:39 2009 (49C9A073)
UBHelper.sys                Mon Apr 27 04:48:19 2009 (49F57153)
HECIx64.sys                 Thu Sep 17 15:54:16 2009 (4AB293E8)
e1k62x64.sys                Wed Sep 23 20:11:00 2009 (4ABAB914)
jraid.sys                   Thu Oct 29 04:14:20 2009 (4AE94EDC)
iaStor.sys                  Thu Dec 17 13:41:59 2009 (4B2A7B77)
amdxata.sys                 Fri Mar 19 12:18:18 2010 (4BA3A3CA)
busenum.sys                 Fri Feb 18 01:16:20 2011 (4D5E0EB4)
GEARAspiWDM.sys             Thu May  3 15:56:17 2012 (4FA2E2E1)
VClone.sys                  Wed Jul 24 11:02:55 2013 (51EFEC9F)
VBoxNetFlt.sys              Wed Dec 18 11:13:29 2013 (52B1C9A9)
MBAMSwissArmy.sys           Wed Jul 29 00:26:01 2015 (55B855D9)
http://www.carrona.org/drivers/driver.php?id=AmdTools64.sys
http://www.carrona.org/drivers/driver.php?id=NTIDrvr.sys
http://www.carrona.org/drivers/driver.php?id=UBHelper.sys
http://www.carrona.org/drivers/driver.php?id=HECIx64.sys
http://www.carrona.org/drivers/driver.php?id=e1k62x64.sys
http://www.carrona.org/drivers/driver.php?id=jraid.sys
http://www.carrona.org/drivers/driver.php?id=iaStor.sys
http://www.carrona.org/drivers/driver.php?id=amdxata.sys
http://www.carrona.org/drivers/driver.php?id=busenum.sys
http://www.carrona.org/drivers/driver.php?id=GEARAspiWDM.sys
http://www.carrona.org/drivers/driver.php?id=VClone.sys
http://www.carrona.org/drivers/driver.php?id=VBoxNetFlt.sys
http://www.carrona.org/drivers/driver.php?id=MBAMSwissArmy.sys
 


My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#5 Ace0fSpades

Ace0fSpades
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:41 AM

Posted 23 January 2016 - 12:16 AM

Thanks for the response! I'm thoroughly impressed by the amount of information you provided.

           I've tried to go through as many steps as possible before replying and I've attached the event logs. The computer seemed to stabilize itself as it hasn't crashed since the day prior to my last reply. I'd like to continue investigating though since it was crashing 3-4 times in a row after every restart. I initially forgot to mention that detail just in case that hints at the problem. As of late I've been trying to clean up adware and unwanted programs that have installed over the years. I'm afraid there may be issues in the registry due to CCleaner, some antivirus programs, and tweaking.com's windows repair. All those programs were intent upon editing and deleting registry entries relating to viruses and PUP's. I don't know if that activity could be causing problems however I do have all the backups.

 

Attached File  Admin.zip   554.32KB   1 downloads

I restarted the computer a few times to show which errors were recurring. I caused quite a few while deleting programs prior to generating the report as you'll see but they didn't return after a restart. 

 

I updated everything I could as you suggested and even located a BIOS version B1 update from the manufacturer. (I will go learn how to update the bios after this post.) Many of the bundled Gateway/Acer programs are old, fairly useless, and say they are up to date. I believe those NTI driver are from Gateway's bundled My Backup software which says it is up to date. 

 

I enabled the deactivated devices and I am using a USB keyboard and mouse. I disabled those devices awhile back when my Ethernet and WiFi were battling to be the primary internet device. (WiFi won but,it was slow I presumed the rest to be useless at the time.) 

 

My PS is the original 750 Watt that came with the computer back in 2010. It is an FSP Group Inc. FSP750-80APG.

 

Finally, the fact that I replaced my original AMD graphics card with a newer NVidia one could be causing issues. That change also occurred a year ago. I could not get all of the AMD GPU related programs and services uninstalled. Judging by that .sys file they're still lurking somewhere. Can you provide any advice on where to find that driver? I can't find it through any HDD searches.

 

I've listed everything I can think of. I'm running diagnostics now. I'll add edits if the blue screens continue or I remember something else.

 

Thanks again for the great reply!



#6 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:07:41 AM

Posted 23 January 2016 - 08:15 AM

If there's nothing installed that you can uninstall to remove the AmdTools64.sys driver, then try this:

 

1)   Create a Restore Point using System Restore
2)   Create a Repair disc (Recovery Drive in Win8.1/10):
Win 7 - Go to Start...All Programs...Maintenance...Create a System Repair Disc
Win 8 - Press "WIN" and "R" to open the Run dialog...type "RECDISC" (without the quotes) and press ENTER
Win 8.1 - Go to the Start Screen and type in "recoverydrive" (one word, without the quotes).  That will start the recovery drive process.  You will need a USB drive of at least 512 mB - and all data will be erased off of it.  If copying the recovery partition the drive size will be much, much larger (16 - 32 gB drive required).
Win 10 - Go to Start (press the "Win" key) and type in "recoverydrive" (one word, without the quotes).  That will start the recovery drive process.  You will need a USB drive of at least 512 mB - and all data will be erased off of it.  If copying the recovery partition the drive size will be much, much larger (16 - 32 gB drive required).
3)   Test the System Repair disc/Recovery Drive to make sure that you can get to the System Restore entry when you boot from the disk/drive (you may also want to try actually using System Restore to make sure that it works)
4)   Download this free program (http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx) and use it to disable any instances of AmdTools64.sys that are starting (DO NOT DELETE - only disable by removing the checkmark in the left hand column)
5)   Check in Device Manager (to include showing hidden devices from the View menu item) and ensure that any instances of AmdTools64.sys are "Uninstalled" (DO NOT DISABLE THESE).
6)   Check in the Services applet (services.msc) to be sure any instances of AmdTools64.sys are disabled.
7)   EXPERIMENTAL STEP (only try if you're certain of your abilities - I have not tried this step myself).  Search the registry (use regedit.exe) to locate any entries that have the driver name (AmdTools64.sys).  Delete these keys (it's advisable to back them up first - but you've also backed up the entire registry when creating a System Restore point in step 1.  Alternatively, you can set the values in these keys to DISABLED (but the "how" of this is beyond the scope of this guide).
8)   Go to C:\Windows\System32\drivers and rename the AmdTools64.sys driver to hssdrv6.BAD (The memory dump states that this is where it's located).
9)   Test to be sure that the device is working OK and that any BSOD's/errors have stopped.


In the event that the system doesn't boot:

1)   Boot from the System Repair disc/Recovery Drive and use the Command Prompt option to rename AmdTools64.BAD to AmdTools64.sys

ren C:\Windows\System32\drivers\AmdTools64.BAD C:\Windows\System32\drivers\AmdTools64.sys
2)   Boot from the System Repair disc/Recovery Drive and use the System Restore option to restore the system to a point before the changes were made.

Good luck!

 

I'm not as concerned with the NTI drivers - so let's leave them alone for now.

 

I'm wondering about an infection here.  In the Admin logfile there's VSS errors that refer to Sid S-1-5-21-1763091844-3926878885-2868805120-1007.bak

At work we find that this is a sign that the user profile is having problems (and that the .bak copy is actually the good one).

BUT, this is usually accompanied by not being able to login to the computer - so I'm a bit unsure here.

I'd post over in the Am I Infected forum to see what they have to say:    http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/


My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users