Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win 10 Pro BSOD. Dump and system info attached.


  • Please log in to reply
6 replies to this topic

#1 BoroRob

BoroRob

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:22 AM

Posted 16 May 2017 - 03:28 PM

Hi All,

 

I'm having an issue with a Windows 10 Pro SSD machine. For reason's unknown it keeps blue screening. I thought it would be a quick fix so I have installed a brand new SSD and installed Windows 10 from scratch. And was going to get the original one replaced under warranty..

 

However, it's still blue screening. I've attached dump files and system info if someone could please take a look i'd really appreciate it.

 

Error message on the BSOD was IRQL NOT LESS OR EQUAL.

 

It can happen at various different times once it crashed just after boot and sat at the desktop another was when Max Backup software was running. The two dumps are from the new drive/new installation. If you need previous dumps I can send them also

 

 

Thanks

Rob

 

https://1drv.ms/u/s!AnCqkMimtZsEgUk_DyIfo15A7Atp

 



BC AdBot (Login to Remove)

 


#2 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:08:22 PM

Posted 17 May 2017 - 06:15 AM

Your UEFI/BIOS (version 02.08) dates from 2016.  Please check at the manufacturer's website to see if there are any UEFI/BIOS updates available for your system.  This is just in case there has been a more recent update.
FYI - W8 and W10 communicate more with the UEFI/BIOS than previous versions of Windows, so it's important to ensure that the UEFI/BIOS is kept up to date (and that outdated UEFI/BIOS' may be the cause of some compatibility issues).

As I can't tell the number of Windows Update hotfixes that are installed on your system, I can't tell if your system appears to be up to date or not.  Please double check for any new Windows Updates.  It only takes one update to cause a problem, so it's essential that you have all of them.  The actual number is not important.  Rather it's important that you checked manually, installed any available updates, and didn't experience any errors when checking or updating.

Don't know how old the installation of Windows is (but I'm guessing it's only a couple of days).  There's very few entries in the WER section of the MSINFO32 report.

Probably not a big deal, as this seems most likely to be a hardware issue.  The reason I mention it is because sometimes things that seem to be hardware can actually be a compatibility issue or even a problem with a low-level driver.

 

The WER section of the MSINFO32 report shows 2 BSOD's from 15 and 16 May 2017.

Both are STOP 0x4e - PFN_LIST_CORRUPT errors (more info on that error here:  http://www.carrona.org/bsodindx.html#0x0000004E )
These are the same errors that the dump files show.

 

LogMeIn driver dates from 2007.  Please uninstall it.  If it's needed, please download and install a fresh copy of the latest, W10 compatible version.

 

Start with these free hardware diagnostics:  http://www.carrona.org/hwdiag.html

If you can run the HP diagnostics, run them also (they're required for HP warranty repair).
Let us know the results of the diagnostics and we can move on from there.

 

If the system is still under warranty with HP, it may be worthwhile to open a case with them now.

That may cut back on the time required for them to process a repair/exchange.

 

Good luck!

 

Analysis:
The following is for information purposes only. The following information contains the relevant information from the blue screen analysis:
**************************Tue May 16 04:04:38.199 2017 (UTC - 4:00)**************************
Loading Dump File [C:\Users\john\SysnativeBSODApps\051617-3140-01.dmp]
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Windows 10 Kernel Version 15063 MP (4 procs) Free x64
Built by: 15063.0.amd64fre.rs2_release.170317-1834
System Uptime:0 days 10:55:38.856
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Probably caused by :ntoskrnl.wrong.symbols.exe ( nt_wrong_symbols!5902843E889000 )
BugCheck 4E, {99, 179dd, 2, 410004186c9}
BugCheck Info: PFN_LIST_CORRUPT (4e)
Arguments:
Arg1: 0000000000000099, A PTE or PFN is corrupt
Arg2: 00000000000179dd, page frame number
Arg3: 0000000000000002, current page state
Arg4: 00000410004186c9, 0
BUGCHECK_STR:  5902843E
PROCESS_NAME:  ntoskrnl.wrong.symbols.exe
FAILURE_BUCKET_ID: WRONG_SYMBOLS_X64_15063.0.amd64fre.rs2_release.170317-1834_TIMESTAMP_170427-235230_5902843E_nt_wrong_symbols!5902843E889000
CPUID:        "Intel® Core™ i5-6500 CPU @ 3.20GHz"
MaxSpeed:     3200
CurrentSpeed: 3192
  BIOS Version                  N03 Ver. 02.08
  BIOS Release Date             08/08/2016
  Manufacturer                  HP
  Product Name                  HP ProDesk 400 G3 SFF
  Baseboard Product             8062
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Mon May 15 10:32:56.500 2017 (UTC - 4:00)**************************
Loading Dump File [C:\Users\john\SysnativeBSODApps\051517-2593-01.dmp]
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Windows 10 Kernel Version 15063 MP (4 procs) Free x64
Built by: 15063.0.amd64fre.rs2_release.170317-1834
System Uptime:0 days 0:25:52.153
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Probably caused by :ntoskrnl.wrong.symbols.exe ( nt_wrong_symbols!5902843E889000 )
BugCheck 4E, {99, 17183, 2, 1c0001c8c82}
BugCheck Info: PFN_LIST_CORRUPT (4e)
Arguments:
Arg1: 0000000000000099, A PTE or PFN is corrupt
Arg2: 0000000000017183, page frame number
Arg3: 0000000000000002, current page state
Arg4: 000001c0001c8c82, 0
BUGCHECK_STR:  5902843E
PROCESS_NAME:  ntoskrnl.wrong.symbols.exe
FAILURE_BUCKET_ID: WRONG_SYMBOLS_X64_15063.0.amd64fre.rs2_release.170317-1834_TIMESTAMP_170427-235230_5902843E_nt_wrong_symbols!5902843E889000
CPUID:        "Intel® Core™ i5-6500 CPU @ 3.20GHz"
MaxSpeed:     3200
CurrentSpeed: 3192
  BIOS Version                  N03 Ver. 02.08
  BIOS Release Date             08/08/2016
  Manufacturer                  HP
  Product Name                  HP ProDesk 400 G3 SFF
  Baseboard Product             8062
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``


3rd Party Drivers:
The following is for information purposes only. My recommendations were given above. The drivers that follow belong to software or devices that were not developed by Microsoft.  You can find links to the driver information and where to update the drivers in the section after the code box:

**************************Tue May 16 04:04:38.199 2017 (UTC - 4:00)**************************
lmimirr.sys                 Tue Apr 10 18:32:45 2007 (461C108D)
ChangeTracker.sys           Wed Sep 23 13:31:55 2015 (5602E20B)
rt640x64.sys                Thu Oct  1 06:34:33 2015 (560D0C39)
em015_64.dat                Tue Feb 23 04:07:44 2016 (56CC2160)
eamonm.sys                  Mon May 16 10:27:19 2016 (5739D8C7)
ehdrv.sys                   Mon May 16 10:27:54 2016 (5739D8EA)
epfwwfpr.sys                Mon May 16 10:28:53 2016 (5739D925)
TeeDriverW8x64.sys          Thu Jul  7 17:27:40 2016 (577EC94C)
IntcDAud.sys                Tue Oct  4 23:09:30 2016 (57F46EEA)
RTKVHD64.sys                Thu Nov  3 04:24:45 2016 (581AF44D)
igdkmd64.sys                Fri Nov 18 12:46:39 2016 (582F3E7F)
LMIRfsDriver.sys            Mon Jan  9 11:14:48 2017 (5873B6F8)
LMIInfo.sys                 Tue Jan 10 11:30:08 2017 (58750C10)
em018_64.dat                Wed Jan 18 10:13:50 2017 (587F862E)
em006_64.dat                Thu Apr 13 10:39:07 2017 (58EF8D8B)
CAD.sys                     Sun Dec  3 04:31:49 2017 (5A23C485)
intelppm.sys                ***** Invalid 2007 Invalid 2007 Invalid
SleepStudyHelper.sys        ***** Invalid 2023 Invalid 2023 Invalid


http://www.carrona.org/drivers/driver.php?id=lmimirr.sys
ChangeTracker.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
http://www.carrona.org/drivers/driver.php?id=rt640x64.sys
http://www.carrona.org/drivers/driver.php?id=em015_64.dat
http://www.carrona.org/drivers/driver.php?id=eamonm.sys
http://www.carrona.org/drivers/driver.php?id=ehdrv.sys
http://www.carrona.org/drivers/driver.php?id=epfwwfpr.sys
http://www.carrona.org/drivers/driver.php?id=TeeDriverW8x64.sys
http://www.carrona.org/drivers/driver.php?id=IntcDAud.sys
http://www.carrona.org/drivers/driver.php?id=RTKVHD64.sys
http://www.carrona.org/drivers/driver.php?id=igdkmd64.sys
http://www.carrona.org/drivers/driver.php?id=LMIRfsDriver.sys
LMIInfo.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
http://www.carrona.org/drivers/driver.php?id=em018_64.dat
http://www.carrona.org/drivers/driver.php?id=em006_64.dat
CAD.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
http://www.carrona.org/drivers/driver.php?id=intelppm.sys
SleepStudyHelper.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
 
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#3 BoroRob

BoroRob
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:22 AM

Posted 18 May 2017 - 05:10 PM

I have ran all HP diagnostics. Memtest, Removed AV, LogMeIn, Then decided to run driver verifier.

 

I ran I/O verification, Force pending I/O requests and IRP logging. And ran it on all drivers. (After creating a system restore point)

 

PC will now not boot due to iorate.sys - Not only that it will not restore to the restore point I made previously.

 

Also, verifier /bootmode resetonbootfail wont work and neither does Disabling driver signature enforcement.

 

Need to get the thing to Boot back into Windows now :(


Edited by BoroRob, 18 May 2017 - 05:12 PM.


#4 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:08:22 PM

Posted 19 May 2017 - 06:32 AM

Can you boot to SafeMode?  That's the easiest way for this sort of problem.

Here's a link on how to do it:  http://www.digitalcitizen.life/4-ways-boot-safe-mode-windows-10

Once in SafeMode you can run verifier.exe and tell it to "Delete existing settings", then click on "Finish" and reboot for the changes to take effect.

 

Try to boot to Last Known Good Configuration.

https://neosmart.net/wiki/booting-into-last-known-good-configuration/

 

How do you know that it's iorate.sys that causes the boot to fail?  Was it on the BSOD?

There's other things that we can try here, but it depends on where/how you found that iorate.sys was to blame.
Unfortunately, as this is a Windows driver, it's likely that this is a critical driver that needs to be loaded at boot

 

We can try disabling Driver Verifier through the registry, but first you'll have to mount the registry hives in a recovery session and then edit/save the registry entries there.

This is a bit complicated, but once you do it it's actually kind of easy to grasp the concept (so if you ever need it again, it won't be so intimidating).

Here's a link to my Driver Verifier page that contains info needed for this method (and some more discussion about Driver Verifier):  http://www.carrona.org/verifier.html

 

But, as I recall, the installation is only a few days old so you may want to try some more aggressive "fixes" that will be easier/quicker to recover with:

1 - RESET using the "Keep My Files" option (W8 calls this a REFRESH; W7 and earlier doesn't have this function)

2 - Repair install of the OS (Thanks to FreeBooter!):
   

"How To Perform a Repair Installation For Windows 8, 8.1 and 10"
    https://www.winhelp.us/non-destructive-reinstall-of-windows-8-and-8-1.html

    "How to Do a Repair Install to Fix Windows 7"
    http://www.sevenforums.com/tutorials/3413-repair-install.html

    "How To Perform a Repair Installation For Vista"
    http://www.vistax64.com/tutorials/88236-repair-install-vista.html

    "Non-destructive reinstall of Windows XP"
    https://www.winhelp.us/non-destructive-reinstall-of-windows-xp.html



3 - RESET using the "Remove Everything" option (W8 calls this a RESET; W7 and earlier doesn't have this function)

If using W7 or earlier, this can be accomplished by resetting the system by use of the recovery partition/recovery disks/recovery drive.
If you don't have them, you can usually order them from the OEM manufacturer of your system ( US points of contact here:  http://www.carrona.org/recdisc.html )

4 - Wipe and reinstall from the Recovery Partition (if so equipped)

5 - Wipe and reinstall from Recovery Media - to include deleting all partitions.
If you don't have them, you can usually order them from the OEM manufacturer of your system ( US points of contact here:  http://www.carrona.org/recdisc.html )

My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#5 BoroRob

BoroRob
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:22 AM

Posted 21 May 2017 - 03:20 AM

Ok, I managed to disable Verifier through Safe mode. It was definitely iorate.sys as it Win10 and said you Computer failed to start due to iorate.sys



#6 BoroRob

BoroRob
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:22 AM

Posted 21 May 2017 - 10:12 AM

Further tests it looks like ESET av could be to blame



#7 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:08:22 PM

Posted 22 May 2017 - 04:41 PM

Just FYI - although Windows says it was iorate.sys, that doesn't mean it was due to that.

What it means is that Windows crashed, and when it crashed it was performing operations involving iorate.sys (among other things).

Most often when this happens, it's because a 3rd party

 

Backup Manager driver dates from just after W10 was released (changetracker.sys)

It's possible that it isn't compatible w/1703 (Creator's Update/build 15063)

Try uninstalling it temporarily to see if that helps

 

Also, while ESET is also a possibility, we haven't seen a bunch of BSOD's on ESET installed systems - so I have to wonder about that.
It could be that your copy is corrupted, or it could be that there's something on the system interfering with it.

The test here is to uninstall it and see what happens.  Ensure that Windows Defender and the Windows firewall are activated when you uninstall ESET for testing.

 

If you uninstall both at once, then you won't be able to tell which it was.
BUT, you can then download and install the latest W10 compatible version of ESET and test with that installed.

If it doesn't BSOD (usually takes a week or two in order to be sure), then try to download/install the latest W10 compatible version of Backup Manager and see what that does.

Good luck!


My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users