Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

WMI-Activity, DLLHost, Windows, Microsoft Office errors, bad perf


  • Please log in to reply
6 replies to this topic

#1 75Racer

75Racer

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:47 PM

Posted 28 January 2018 - 10:58 AM

I have been trying to troubleshoot over the past two days but nothing has worked.  Windows 10, MalwareBytes Premium, Windows Defender/Firewall.  M4800 Dell Workstation Laptop.  Sounds like could be some sort of rootkit type infection..  But not sure.  Some of the errors in event viewer:

 

DLLHost.exe

Log Name:      Application
Source:        Application Error
Date:          1/28/2018 10:38:51 AM
Event ID:      1000
Task Category: (100)
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      M4800
Description:
Faulting application name: DllHost.exe, version: 10.0.16299.15, time stamp: 0x5e7a01e6
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00007ffaf2f2046e
Faulting process id: 0x4594
Faulting application start time: 0x01d3984e177ed538
Faulting application path: C:\WINDOWS\system32\DllHost.exe
Faulting module path: unknown
Report Id: 42522665-4b59-4246-9a4f-417f21da1a86
Faulting package full name: 
Faulting package-relative application ID: 
Event Xml:
  <System>
    <Provider Name="Application Error" />
    <EventID Qualifiers="0">1000</EventID>
    <Level>2</Level>
    <Task>100</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2018-01-28T15:38:51.111108600Z" />
    <EventRecordID>23639</EventRecordID>
    <Channel>Application</Channel>
    <Computer>M4800</Computer>
    <Security />
  </System>
  <EventData>
    <Data>DllHost.exe</Data>
    <Data>10.0.16299.15</Data>
    <Data>5e7a01e6</Data>
    <Data>unknown</Data>
    <Data>0.0.0.0</Data>
    <Data>00000000</Data>
    <Data>c0000005</Data>
    <Data>00007ffaf2f2046e</Data>
    <Data>4594</Data>
    <Data>01d3984e177ed538</Data>
    <Data>C:\WINDOWS\system32\DllHost.exe</Data>
    <Data>unknown</Data>
    <Data>42522665-4b59-4246-9a4f-417f21da1a86</Data>
    <Data>
    </Data>
    <Data>
    </Data>
  </EventData>
</Event>
 
WINWORD
Log Name:      Application
Source:        Application Hang
Date:          1/28/2018 10:28:16 AM
Event ID:      1002
Task Category: (101)
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      M4800
Description:
The program WINWORD.EXE version 16.0.8827.2148 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 Process ID: 2584
 Start Time: 01d3984b3628ac80
 Termination Time: 4294967295
 Application Path: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
 Report Id: 827994eb-179e-4b8e-90ee-2f326072cd8f
 Faulting package full name: 
 Faulting package-relative application ID: 
 
Event Xml:
  <System>
    <Provider Name="Application Hang" />
    <EventID Qualifiers="0">1002</EventID>
    <Level>2</Level>
    <Task>101</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2018-01-28T15:28:16.075410000Z" />
    <EventRecordID>23626</EventRecordID>
    <Channel>Application</Channel>
    <Computer>M4800</Computer>
    <Security />
  </System>
  <EventData>
    <Data>WINWORD.EXE</Data>
    <Data>16.0.8827.2148</Data>
    <Data>2584</Data>
    <Data>01d3984b3628ac80</Data>
    <Data>4294967295</Data>
    <Data>C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE</Data>
    <Data>827994eb-179e-4b8e-90ee-2f326072cd8f</Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Binary>54006F00700020006C006500760065006C002000770069006E0064006F0077002000690073002000690064006C00650000000000</Binary>
  </EventData>
</Event>
 
Bitsperf.dll
Log Name:      Application
Source:        Microsoft-Windows-Perflib
Date:          1/28/2018 9:41:27 AM
Event ID:      1008
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      M4800
Description:
The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Event Xml:
  <System>
    <Provider Name="Microsoft-Windows-Perflib" Guid="{13B197BD-7CEE-4B4E-8DD0-59314CE374CE}" EventSourceName="Perflib" />
    <EventID Qualifiers="49152">1008</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2018-01-28T14:41:27.482324000Z" />
    <EventRecordID>23588</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>M4800</Computer>
    <Security />
  </System>
  <UserData>
    <EventXML xmlns="Perflib">
      <param1>BITS</param1>
      <param2>C:\Windows\System32\bitsperf.dll</param2>
    </EventXML>
  </UserData>
</Event>
 
WMI-Activity - LOTS of These
Log Name:      Microsoft-Windows-WMI-Activity/Operational
Source:        Microsoft-Windows-WMI-Activity
Date:          1/28/2018 10:41:33 AM
Event ID:      5858
Task Category: None
Level:         Error
Keywords:      
User:          SYSTEM
Computer:      M4800
Description:
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = M4800; User = NT AUTHORITY\SYSTEM; ClientProcessId = 22812; Component = Unknown; Operation = Start IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive; ResultCode = 0x80041032; PossibleCause = Unknown
Event Xml:
  <System>
    <Provider Name="Microsoft-Windows-WMI-Activity" Guid="{1418EF04-B0B4-4623-BF7E-D74AB47BBDAA}" />
    <EventID>5858</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x4000000000000000</Keywords>
    <TimeCreated SystemTime="2018-01-28T15:41:33.162047400Z" />
    <EventRecordID>29808</EventRecordID>
    <Correlation />
    <Execution ProcessID="2144" ThreadID="18808" />
    <Channel>Microsoft-Windows-WMI-Activity/Operational</Channel>
    <Computer>M4800</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <UserData>
    <Operation_ClientFailure xmlns="http://manifests.microsoft.com/win/2006/windows/WMI">
      <Id>{00000000-0000-0000-0000-000000000000}</Id>
      <ClientMachine>M4800</ClientMachine>
      <User>NT AUTHORITY\SYSTEM</User>
      <ClientProcessId>22812</ClientProcessId>
      <Component>Unknown</Component>
      <Operation>Start IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive</Operation>
      <ResultCode>0x80041032</ResultCode>
      <PossibleCause>Unknown</PossibleCause>
    </Operation_ClientFailure>
  </UserData>
</Event>
 
 
Log Name:      Microsoft-Windows-WMI-Activity/Operational
Source:        Microsoft-Windows-WMI-Activity
Date:          1/28/2018 10:41:36 AM
Event ID:      5858
Task Category: None
Level:         Error
Keywords:      
User:          SYSTEM
Computer:      M4800
Description:
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = M4800; User = NT AUTHORITY\SYSTEM; ClientProcessId = 22812; Component = Unknown; Operation = Start IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive where DeviceID="\\\\.\\PHYSICALDRIVE2"; ResultCode = 0x80041032; PossibleCause = Unknown
Event Xml:
  <System>
    <Provider Name="Microsoft-Windows-WMI-Activity" Guid="{1418EF04-B0B4-4623-BF7E-D74AB47BBDAA}" />
    <EventID>5858</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x4000000000000000</Keywords>
    <TimeCreated SystemTime="2018-01-28T15:41:36.174348600Z" />
    <EventRecordID>29810</EventRecordID>
    <Correlation />
    <Execution ProcessID="2144" ThreadID="17028" />
    <Channel>Microsoft-Windows-WMI-Activity/Operational</Channel>
    <Computer>M4800</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <UserData>
    <Operation_ClientFailure xmlns="http://manifests.microsoft.com/win/2006/windows/WMI">
      <Id>{00000000-0000-0000-0000-000000000000}</Id>
      <ClientMachine>M4800</ClientMachine>
      <User>NT AUTHORITY\SYSTEM</User>
      <ClientProcessId>22812</ClientProcessId>
      <Component>Unknown</Component>
      <Operation>Start IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive where DeviceID="\\\\.\\PHYSICALDRIVE2"</Operation>
      <ResultCode>0x80041032</ResultCode>
      <PossibleCause>Unknown</PossibleCause>
    </Operation_ClientFailure>
  </UserData>
</Event>
 
 
Log Name:      Microsoft-Windows-WMI-Activity/Operational
Source:        Microsoft-Windows-WMI-Activity
Date:          1/28/2018 10:46:40 AM
Event ID:      5858
Task Category: None
Level:         Error
Keywords:      
User:          SYSTEM
Computer:      M4800
Description:
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = M4800; User = NT AUTHORITY\SYSTEM; ClientProcessId = 22812; Component = Unknown; Operation = Start IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PerfFormattedData_PerfDisk_PhysicalDisk; ResultCode = 0x80041032; PossibleCause = Throttling Idle Tasks, refer to CIMOM regkey: ArbTaskMaxIdle
Event Xml:
  <System>
    <Provider Name="Microsoft-Windows-WMI-Activity" Guid="{1418EF04-B0B4-4623-BF7E-D74AB47BBDAA}" />
    <EventID>5858</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x4000000000000000</Keywords>
    <TimeCreated SystemTime="2018-01-28T15:46:40.236290100Z" />
    <EventRecordID>29812</EventRecordID>
    <Correlation />
    <Execution ProcessID="2144" ThreadID="10348" />
    <Channel>Microsoft-Windows-WMI-Activity/Operational</Channel>
    <Computer>M4800</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <UserData>
    <Operation_ClientFailure xmlns="http://manifests.microsoft.com/win/2006/windows/WMI">
      <Id>{00000000-0000-0000-0000-000000000000}</Id>
      <ClientMachine>M4800</ClientMachine>
      <User>NT AUTHORITY\SYSTEM</User>
      <ClientProcessId>22812</ClientProcessId>
      <Component>Unknown</Component>
      <Operation>Start IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PerfFormattedData_PerfDisk_PhysicalDisk</Operation>
      <ResultCode>0x80041032</ResultCode>
      <PossibleCause>Throttling Idle Tasks, refer to CIMOM regkey: ArbTaskMaxIdle</PossibleCause>
    </Operation_ClientFailure>
  </UserData>
</Event>
 

 

Log Name:      Microsoft-Windows-WMI-Activity/Operational
Source:        Microsoft-Windows-WMI-Activity
Date:          1/28/2018 10:46:40 AM
Event ID:      5858
Task Category: None
Level:         Error
Keywords:      
User:          SYSTEM
Computer:      M4800
Description:
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = M4800; User = NT AUTHORITY\SYSTEM; ClientProcessId = 22812; Component = Unknown; Operation = Start IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PerfFormattedData_PerfOS_Processor; ResultCode = 0x80041032; PossibleCause = Throttling Idle Tasks, refer to CIMOM regkey: ArbTaskMaxIdle
Event Xml:
  <System>
    <Provider Name="Microsoft-Windows-WMI-Activity" Guid="{1418EF04-B0B4-4623-BF7E-D74AB47BBDAA}" />
    <EventID>5858</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x4000000000000000</Keywords>
    <TimeCreated SystemTime="2018-01-28T15:46:40.236324300Z" />
    <EventRecordID>29813</EventRecordID>
    <Correlation />
    <Execution ProcessID="2144" ThreadID="10348" />
    <Channel>Microsoft-Windows-WMI-Activity/Operational</Channel>
    <Computer>M4800</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <UserData>
    <Operation_ClientFailure xmlns="http://manifests.microsoft.com/win/2006/windows/WMI">
      <Id>{00000000-0000-0000-0000-000000000000}</Id>
      <ClientMachine>M4800</ClientMachine>
      <User>NT AUTHORITY\SYSTEM</User>
      <ClientProcessId>22812</ClientProcessId>
      <Component>Unknown</Component>
      <Operation>Start IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PerfFormattedData_PerfOS_Processor</Operation>
      <ResultCode>0x80041032</ResultCode>
      <PossibleCause>Throttling Idle Tasks, refer to CIMOM regkey: ArbTaskMaxIdle</PossibleCause>
    </Operation_ClientFailure>
  </UserData>
</Event>
 
 
Thanks in advance.


BC AdBot (Login to Remove)

 


#2 75Racer

75Racer
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:47 PM

Posted 28 January 2018 - 12:54 PM

Well, to make the post more appropriate to the thread... just got a BSOD.  Checked Reliability Report and attached is the list of issues. 

 

The BSOD details from the report:

Problem signature
Problem Event Name: BlueScreen
Code: 4e
Parameter 1: 99
Parameter 2: 4545d
Parameter 3: 1
Parameter 4: 0
OS version: 10_0_16299
Service Pack: 0_0
Product: 256_1
OS Version: 10.0.16299.2.0.0.256.48
Locale ID: 1033
 

The critical even before it:

Description
The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000004e (0x0000000000000099, 0x000000000004545d, 0x0000000000000001, 0x0000000000000000). A dump was saved in: C:\WINDOWS\Minidump\012818-15843-01.dmp. Report Id: 993cdaf4-baa3-462a-b059-76228c2f8207.
 
Minidump File also now attached.
 

 


Edited by 75Racer, 28 January 2018 - 12:56 PM.


#3 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,089 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:06:47 PM

Posted 28 January 2018 - 02:56 PM

Please run this report collecting tool so that we can provide a complete analysis: (from the pinned topic at the top of the forum)   http://www.bleepingcomputer.com/forums/t/576314/blue-screen-of-death-bsod-posting-instructions-windows-10-81-8-7-vista/
NOTE:  On problem systems it can take up to 20 minutes for the log files to complete.  Please be patient and let it run.

If you still have problems with it running, there's an alternate tool here (direct download link):  https://github.com/blueelvis/BSOD-Inspector/releases/download/1.0.5/BSODInspector-1.0.5.exe

NOTE:
Please zip up the (.ZIP) files - do not use .RAR, .7z or other compression utilities. 
.ZIP is the type file that can be uploaded to the forums.

 


My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#4 75Racer

75Racer
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:47 PM

Posted 28 January 2018 - 05:08 PM

Thanks for the response usasma.

 

http://speccy.piriform.com/results/YMHleXngINZZ00RJcctGYi6

 

 

 

 

 

Attached Files



#5 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,089 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:06:47 PM

Posted 29 January 2018 - 03:09 PM

Please monitor your temps with one of these free utilities and let us know if any of the temps exceed 70ºC (and how far above it they get)

SpeedFan:  http://www.almico.com/sfdownload.php
HWMonitor:  https://www.cpuid.com/softwares/hwmonitor.html
HWInfo:  https://www.hwinfo.com/download.php

Your UEFI/BIOS (version A21) dates from December of 2017.  Please check at the manufacturer's website to see if there are any UEFI/BIOS updates available for your system.  This is just in case there has been a more recent update.
FYI - W8 and W10 communicate more with the UEFI/BIOS than previous versions of Windows, so it's important to ensure that the UEFI/BIOS is kept up to date (and that outdated UEFI/BIOS' may be the cause of some compatibility issues).

Although you appear to have a reasonable number of Windows Update hotfixes for this version of your OS, please double check for any new Windows Updates.  It only takes one update to cause a problem, so it's essential that you have all of them.  The actual number is not important.  Rather it's important that you checked manually, installed any available updates, and didn't experience any errors when checking or updating.

Ensure that your copy of MalwareBytes is fully updated (there was a glitch a couple of days ago).

 

There are plenty of errors in the WER section of the MSINFO32 report, but not much in the way of BSOD's.
The lone memory dump shows a BSOD of STOP 0x4E and it blames the driver for the file system on your hard drive.

As such, it can be either hardware or software that is to blame.

 

Please update these older drivers.  Links are provided in order to assist you with looking up the source of the drivers.  
If unable to find an update, please uninstall the program that is responsible for that driver.  

DO NOT manually delete/rename the driver as it may make the system unbootable!!!:
 

DellRbtn.sys                Fri Aug  3 17:32:54 2012 (501C4386)
OSR Open Systems Resources Airplane Mode Switch Driver (as the driver name states this may be available from Dell)
http://www.carrona.org/drivers/driver.php?id=DellRbtn.sys
 
ATSwpWDF.sys                Thu Oct 11 05:14:13 2012 (50768DE5)
Swipe Fingerprint Sensor USB Driver AuthenTec, Inc. OEM - none at http://www.authentec.com/default.cfm
http://www.carrona.org/drivers/driver.php?id=ATSwpWDF.sys
 
O2FJ2x64.sys                Thu May  7 23:40:55 2015 (554C3047)
 BayHubTech/O2Micro - likely a device such as a card reader on your laptop.  Look for drivers of this sort at the Dell support website for your model
O2FJ2x64.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
 
iaStorA.sys                 Wed Jun  3 05:38:57 2015 (556ECB31)
Intel RST (Rapid Storage Technology) driver  http://downloadcenter.intel.com/Default.aspx XP
http://www.carrona.org/drivers/driver.php?id=iaStorA.sys
 
iwdbus.sys                  Mon Jun  8 18:12:39 2015 (55761357)
Intel WIDI Bus Enumerator driver[br]Related to Intel Widi - Wireless Display http://downloadcenter.intel.com/SearchResult.aspx?lang=eng&keyword=%22widi%22
http://www.carrona.org/drivers/driver.php?id=iwdbus.sys
 
e1d65x64.sys                Thu Jun 18 12:37:56 2015 (5582F3E4)
Intel Pro/1000 Network Adapter driver https://downloadcenter.intel.com/
http://www.carrona.org/drivers/driver.php?id=e1d65x64.sys
 
Netwbw02.sys                Sun Aug 23 07:07:35 2015 (55D9A977)
Intel® Wireless WiFi Link Driver - Intel® Wireless WiFi Link Adapter https://downloadcenter.intel.com/default.aspx
http://www.carrona.org/drivers/driver.php?id=Netwbw02.sys

 

 

 

First, please run the Dell Diagnostics by rapidly tapping F12 when you first power up the system.

Run the Full/Long/Intensive diagnostics and let us know the results.

 

Next, try running Driver Verifier to see if we can force it to name a 3rd party driver.

Please follow these instructions:  http://www.carrona.org/verifier.html

 

If all of that doesn't work, then I'll suggest this process to rule out hardware issues:

 

My suggested way to diagnose a hardware problem (3 steps):

Step #1)  Please run these free hardware diagnostics:  http://www.carrona.org/hwdiag.html
    Please run ALL of the tests and let us know the results.  (If you can't run all the tests, then at least run these free, bootable diagnostics:  http://www.carrona.org/initdiag.html )
    FYI - These are the tests and what we usually see for the reports:

        1 - Antivirus/antimalware scans:  In short, if there are Trojans or other serious malware - start over in the Am I Infected forums
        2 - Memory diagnostics:  Run MemTest86+ for at least 3 passes.  If booting from UEFI, run MemTest86 instead.  Let us know if there were any errors reported
        3 - Hard Drive diagnostics:  Don't sweat the details here.  In short, run the Seagate Seatools Long/Extended test from a bootable disk.  If unable to run it from a bootable disk (UEFI and some others), then run the Seagate Seatools for Windows from within Windows.  There are no diagnostics for SSD's, just run the Crystal Mark tests and let us know if there were any failures
        4 - Furmark:  run the test until the temperature stabilizes.  Don't let it get much over 90ºC.  Let us know the temp it stabilizes at and if there were any problems running the test (other than slowness).
        5 - Prime95:  run the Blend test for 24 hours (this may not be possible, but run it as long as you can.  Look for errors in the output, or for problems running the test (freezes/crashes)
        6 - Video 2 (other video tests):  there's several tests here.  Run all of them.  I'm especially interested in the Video Memory Test.  Let us know the results of the test(s)
          - A - simtek.org memtest
          - B - Video memory stress test
          - C - Artifact Locator
          - D - OCCT - 4 built in tests for CPU, GPU, PSU
          - E - Video Memory Stress Test
        7 - CPU tests:  run at least one test on your CPU and let us know the result.


Step #2)  If all the tests pass, then try to perform a clean install of Windows:

A clean install is:
        - Windows is installed to a freshly partitioned hard drive with legitimate installation media (W10:  https://www.microsoft.com/en-us/software-download/windows10 ).
        - The installation media is only a copy of Windows, not the OEM recovery disks that you can make on some systems.
        - Windows is fully updated after it's installed.  That's ALL updates - none excepted.
        - NO 3rd party software is installed.
        - There are no errors in Device Manager (if you find any, post back for suggestions).
         - The BIOS/UEFI is updated to the latest available version (this presumes that the system is compatible w/Windows 10 also).

        This will wipe everything off of the computer, so it's advisable to backup your stuff first.
        Also, it will wipe out all the special software that the OEM added to the system, so if you rely on any of that - let us know what it is so we can figure out a way to save/download it (the easiest way is to create/obtain the OEM;s recovery media)

        If unable to find recovery media that has the software (or if you suspect that this is a hardware problem), you can make an image of your system that'll preserve everything in the state that it was in when you made the image.  You can also do this if you don't want to try another hard drive - yet you want to be able to return to the current system state.
        One drawback to this is that you're making an image of a malfunctioning system - so, if there are errors in the system software, you'll have a nice copy of them [:(]
        Another drawback is that the image of the system will be very large - so you'll most likely need a large external drive to store it on.
        But, this will allow you to save everything on the hard drive (although you'll need an image viewer to get things out of the image).
        The point here is that, if it's a hardware problem, then you can restore the system to the point it was when you made the image - after you repair the hardware problem.
        You can obtain more info on imaging in the Backup/Imaging/DiskMgmt forums located here:  http://www.bleepingcomputer.com/forums/f/238/backup-imaging-and-disk-management-software/

        The point of doing this (the clean install) is to:
        - rule out Windows as a problem (if the problem continues, it's not a Windows problem as you completely replaced Windows
        - rule out 3rd party software (if the problem continues, it's not a 3rd party software problem as you didn't install any 3rd party software)
        - so, if the problem continues, it must be a hardware problem.

        OTOH, if the problem stops, then it was either a Windows or 3rd party software problem.  If the problem doesn't come back, then you've fixed it.  Then all that remains is setting the computer back up the way that you'd like it and importing your data from the backup you made.


Step #3)  Then, if the clean install confirms the hardware problem, try this procedure to isolate the problem device(s):  http://www.carrona.org/strpdown.html

 

Analysis:
The following is for information purposes only.
The following information contains the relevant information from the blue screen analysis:
**************************Sun Jan 28 12:35:10.641 2018 (UTC - 5:00)**************************
Loading Dump File [C:\Users\john\SysnativeBSODApps\012818-15843-01.dmp]
Windows 10 Kernel Version 16299 MP (8 procs) Free x64
System Uptime:0 days 21:59:29.965
*** ERROR: Module load completed but symbols could not be loaded for NTFS.sys
*** ERROR: Module load completed but symbols could not be loaded for luafv.sys
*** ERROR: Module load completed but symbols could not be loaded for wcifs.sys
*** WARNING: Unable to verify timestamp for farflt.sys
*** ERROR: Module load completed but symbols could not be loaded for farflt.sys
Probably caused by :memory_corruption ( nt!MiDecrementShareCount+f5854 )
BugCheck 4E, {99, 4545d, 1, 0}
BugCheck Info: PFN_LIST_CORRUPT (4e)
Arguments:
Arg1: 0000000000000099, A PTE or PFN is corrupt
Arg2: 000000000004545d, page frame number
Arg3: 0000000000000001, current page state
Arg4: 0000000000000000, 0
BUGCHECK_STR:  0x4E_99
PROCESS_NAME:  CNMNSUT.EXE
FAILURE_BUCKET_ID: 0x4E_99_nt!MiDecrementShareCount
CPUID:        "Intel® Core™ i7-4940MX CPU @ 3.10GHz"
MaxSpeed:     3100
CurrentSpeed: 3292
 
Processor may be overclocked!
Expected Frequency:   3100
Actual Frequency:     3292
Overclock Ratio:      1.06194
 
  BIOS Version                  A21
  BIOS Release Date             12/15/2017
  Manufacturer                  Dell Inc.
  Product Name                  Precision M4800
  Baseboard Product             0T3YTY
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``


3rd Party Drivers:
The following is for information purposes only.
My recommendations were given above. The drivers that follow belong to software or devices that were not developed by Microsoft.  You can find links to the driver information and where to update the drivers in the section after the code box:

**************************Sun Jan 28 12:35:10.641 2018 (UTC - 5:00)**************************
MpKsla73ac04d.sys           Mon Feb 27 20:54:41 1989 (2409FBE1)
intelppm.sys                Thu Sep 22 06:43:11 2011 (4E7B113F)
DellRbtn.sys                Fri Aug  3 17:32:54 2012 (501C4386)
ATSwpWDF.sys                Thu Oct 11 05:14:13 2012 (50768DE5)
O2FJ2x64.sys                Thu May  7 23:40:55 2015 (554C3047)
iaStorA.sys                 Wed Jun  3 05:38:57 2015 (556ECB31)
iwdbus.sys                  Mon Jun  8 18:12:39 2015 (55761357)
e1d65x64.sys                Thu Jun 18 12:37:56 2015 (5582F3E4)
Netwbw02.sys                Sun Aug 23 07:07:35 2015 (55D9A977)
RTDVHD64.sys                Tue Dec  8 07:04:57 2015 (5666C769)
0patchDriver64.sys          Fri Apr 29 06:10:09 2016 (57233301)
ST_Accel.sys                Tue Jul  5 04:09:59 2016 (577B6B57)
cvusbdrv.sys                Mon Jul 18 17:14:33 2016 (578D46B9)
zam64.sys                   Wed Aug 17 13:06:53 2016 (57B499AD)
zamguard64.sys              Wed Aug 17 13:06:53 2016 (57B499AD)
stdcfltn.sys                Tue Oct  4 04:07:01 2016 (57F36325)
Apfiltr.sys                 Mon Oct 17 23:29:19 2016 (5805970F)
DDDriver64Dcsa.sys          Wed Jan 11 10:28:26 2017 (58764F1A)
mbae64.sys                  Wed Jan 11 12:08:00 2017 (58766670)
tapexpressvpn.sys           Mon Mar  6 04:22:37 2017 (58BD2A5D)
DellProf.sys                Mon Apr  3 14:48:04 2017 (58E298E4)
TeeDriverW8x64.sys          Tue Jun 20 12:35:20 2017 (59494EC8)
farflt.sys                  Tue Sep  5 19:44:07 2017 (59AF36C7)
mwac.sys                    Thu Sep  7 12:04:14 2017 (59B16DFE)
nvhda64v.sys                Thu Sep 14 05:55:42 2017 (59BA521E)
nvpciflt.sys                Mon Oct  9 18:36:31 2017 (59DBF9EF)
nvlddmkm.sys                Mon Oct  9 18:46:05 2017 (59DBFC2D)
mbam.sys                    Thu Oct 12 11:23:13 2017 (59DF88E1)
mbamswissarmy.sys           Fri Oct 13 14:58:51 2017 (59E10CEB)
igdkmd64.sys                Mon Oct 16 14:17:12 2017 (59E4F7A8)
MbamChameleon.sys           Tue Nov 28 23:17:27 2017 (5A1E34D7)


MpKsla73ac04d.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
http://www.carrona.org/drivers/driver.php?id=intelppm.sys
http://www.carrona.org/drivers/driver.php?id=DellRbtn.sys
http://www.carrona.org/drivers/driver.php?id=ATSwpWDF.sys
O2FJ2x64.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
http://www.carrona.org/drivers/driver.php?id=iaStorA.sys
http://www.carrona.org/drivers/driver.php?id=iwdbus.sys
http://www.carrona.org/drivers/driver.php?id=e1d65x64.sys
http://www.carrona.org/drivers/driver.php?id=Netwbw02.sys
http://www.carrona.org/drivers/driver.php?id=RTDVHD64.sys
0patchDriver64.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
http://www.carrona.org/drivers/driver.php?id=ST_Accel.sys
http://www.carrona.org/drivers/driver.php?id=cvusbdrv.sys
http://www.carrona.org/drivers/driver.php?id=zam64.sys
http://www.carrona.org/drivers/driver.php?id=zamguard64.sys
http://www.carrona.org/drivers/driver.php?id=stdcfltn.sys
http://www.carrona.org/drivers/driver.php?id=Apfiltr.sys
http://www.carrona.org/drivers/driver.php?id=DDDriver64Dcsa.sys
http://www.carrona.org/drivers/driver.php?id=mbae64.sys
tapexpressvpn.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
http://www.carrona.org/drivers/driver.php?id=DellProf.sys
http://www.carrona.org/drivers/driver.php?id=TeeDriverW8x64.sys
http://www.carrona.org/drivers/driver.php?id=farflt.sys
http://www.carrona.org/drivers/driver.php?id=mwac.sys
http://www.carrona.org/drivers/driver.php?id=nvhda64v.sys
http://www.carrona.org/drivers/driver.php?id=nvpciflt.sys
http://www.carrona.org/drivers/driver.php?id=nvlddmkm.sys
http://www.carrona.org/drivers/driver.php?id=mbam.sys
http://www.carrona.org/drivers/driver.php?id=mbamswissarmy.sys
http://www.carrona.org/drivers/driver.php?id=igdkmd64.sys
http://www.carrona.org/drivers/driver.php?id=MbamChameleon.sys
 
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#6 75Racer

75Racer
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:47 PM

Posted 29 January 2018 - 07:20 PM

Thank you again.  See below:

 

- Attached is a pic of temps.  One key thing here is that when I installed it earlier this afternoon, almost every temp reading was above 80.  With at least one above 90.  So i shut down, disassembled the back, pulled out both fans and cleaned all the accumulated dust/etc from all the fins and in/out sections.  There was significant obstruction.  But not egregious.  Maybe this was part of the problem.  Now they are all running under 70 but the system is not doing much...

 

- BIOS is the lates available from Dell.

 

- All Updates have been installed.  No errors.  I am fairly disciplined about this.

 

- MBAM Premium is the latest and greatest.  The glitched was very much detected and I actually chatted with them about it to make sure there was nothing wrong.  After that, I ended up doing a clean install of MBAM using the Tools on Saturday after they fixed the issue.

 

- Drivers: 1st and 3rd I have no idea how to get updated drivers.  After some research, I strongly doubt the issue is with these.  No issues with fingerprint reader.  Ran Intel diagnostics and updated Bluetooth and Wireless drivers, none of which are used in this laptop very often.

 

- Ran Dell Diagnostics.  Passes with no issues.

 

- Also Ran Dell Support Assist for updates and Drivers on their end and no issues or new requirements there.  All up to date.

 

- Ran memdiag.  Passed with no errors after 90 minutes of testing

 

- Ran hddiag with no issues either.

 

I cant afford to have the system down, or dedicate time to extensive migrations at this time so Step #2 (Clean Install) is not an option.

 

It has not BSOD again...  BUT, one curious things is that file explorer is ultra sluggish.  Same with programs such as excel and word (Office365 Enterprise).  I actually did a clean install of this but it did not fix it.  Another peculiar issue is that when using multiple monitors, and I move (for example) an excel workbook from the laptop monitor to the Dell (U2515HX-4), the monitors flicker, and excel leaves a "blank" program page behind...  Totally weird.  Never seen that before.  I ran display driver update checks and nothing seems to be wrong there.  But unsure as to why file explorer is also ultra sluggish....  Perhaps your Knack (LOL) can point me on the right direction...

 

Thanks again.

 

 

Attached Files



#7 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,089 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:06:47 PM

Posted 01 February 2018 - 01:37 PM

If you can't afford the time to do a clean install, then we can't rule out hardware as the cause.
That being said, the step after that (hardware stripdown) may be able to be done - depending on what time you can afford.

 

Another option is to make an image of the hard drive.  That way you can re-image the hard drive after doing a clean install (but that will also take a couple of hours - plus any time for testing).

You can find more info on that in the Backup forums:  http://www.bleepingcomputer.com/forums/f/238/backup-imaging-and-disk-management-software/

 

Another option is to get another hard drive and install a fresh copy of Windows onto that (don't activate it, as that can mess with your current copy - but you'll still have 30 days on the fresh copy before it must be activated).  Then you can switch between hard drives when you have time to test.

 

Updating drivers is easy with OEM systems - you go to the support website for your model to download and install the package that's available there.
You may notice that there may be updated packages that aren't found by the Dell Update tool (to include the UEFI/BIOS) - so that's why I suggest the manual update.

IMO it's best to uninstall the current version (if possible) and then install the downloaded version.  This will remove as much of the driver package as possible (as sometimes the installer will just check to see if files are there so it doesn't have to copy - but it may not check for corrupted files).

 

I rarely work with multiple monitors, and the problems with Excel sound like user space issues (which I'm also not familiar with).
I would suggest a clean install of your video drivers (in case there's a corruption that the update didn't fix):

 

Please uninstall your video drivers and all the nVidia/AMD/Intel VIDEO (not chipset) software from your system (Settings...Apps - or appwiz.cpl)
- If uninstalling the AMD video drivers, you may also want to run the AMD Clean Uninstall utility (free from here:  http://support.amd.com/en-us/kb-articles/Pages/AMD-Clean-Uninstall-Utility.aspx )
Then use this free tool to remove any traces of the drivers:  http://www.guru3d.com/files-details/display-driver-uninstaller-download.html

Then reboot and check Windows Update (allow it to install video drivers):  https://support.microsoft.com/en-us/help/15054/windows-7-automatically-get-recommended-drivers-updates-hardware

Test to see if this helps and post back with the results.

Then, if that works and you need the nVidia drivers - feel free to download and install the latest, W10 compatible video drivers from http://www.nvidia.com/Download/index.aspx
Then, if that works and you need the AMD drivers - feel free to download and install the latest, W10 compatible video drivers from http://support.amd.com/en-us/download
Then, if that works and you need the Intel drivers - feel free to download and install the latest, W10 compatible video drivers from http://downloadcenter.intel.com (you can also usually download these drivers from the manufacturer's website)

 

When diagnosing BSOD's, we generally ignore the process that the crash happened it - as it's not usual for that to be to blame.
But as we have no other alternatives - I'd suggest uninstalling your Canon software.  If it's needed you can download and install a fresh copy from the Canon website.

 

Drivers load at startup and sit there doing whatever they do while the system is running.  Even drivers that aren't being used can be problematic.  In the past I have found that disabled drivers (those disabled in Device Manager) can also cause issues in a BSOD memory dump.  Just because you can't see a problem with a device doesn't mean that the driver is functioning properly.

 

Have you run the rest of the hardware diagnostics that I suggested?  If so, what were the results?

Have you run Driver Verifier as I requested?  If so, could you please upload the resulting memory dumps?


My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users