Windows 8 and 8.1 Forums


Driver Power State Failure in sleep mode

  1. #1


    Posts : 8
    Windows 8.1

    Driver Power State Failure in sleep mode


    I am experiencing an issue with my laptop where I can't allow it to enter sleep mode or else it will restart/appear to have restarted the next time I wake it up. At first I thought it might be a power options issue, but I made sure that the computer was set to sleep and not restart when I close the lid. I've checked the bluescreen viewer and the cause of the restart seems to come from a driver power state failure coming from ntoskrnl.exe+1fcc1e, hal.dll+6a37, and storport.sys+33f0.

    I've already run sfc/scannow to check for damaged files and I was also able to replace them using a DISM command, so now scanning the computer doesn't run into any errors, but this driver error still persists.

    Sidenote: The driver errors mainly started after I reinstalled Kaspersky onto my computer to fix some issues that I had with it. Before that I was getting a couple of kernel data inpage errors, the latest of which occurred June 1.

      My System SpecsSystem Spec

  2. #2


    India
    Posts : 2,097
    Windows 8.1 Industry Pro B-)


    Hi M15 and welcome to the forums ^_^,

    I am in the process of analyzing your dump files further. Below has been provided analysis of your dump files for Informative purposes.
    Code:
    **************************Fri Jun  6 04:50:12.040 2014 (UTC + 5:30)**************************Probably caused by : storport.sys ( storport!RaSendIrpSynchronous+70 )
     
    BugCheck 9F, {4, 12c, ffffe0017919e880, ffffd00049969950}
    BugCheck Info: DRIVER_POWER_STATE_FAILURE (9f)
     
    BUGCHECK_STR:  0x9F
     
    DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
     
    PROCESS_NAME:  System
     
    FAILURE_BUCKET_ID:  0x9F_4_storport!RaSendIrpSynchronous
     
    MaxSpeed:     1800
     
    CurrentSpeed: 1796
     
      BIOS Version                  V2.20
     
      BIOS Release Date             02/18/2013
     
      Manufacturer                  Acer
     
      Product Name                  Aspire M5-481PT
     
    ииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииии``
    **************************Fri Jun  6 01:42:48.219 2014 (UTC + 5:30)**************************
    *** WARNING: Unable to verify timestamp for iaStorA.sys
     
    *** ERROR: Module load completed but symbols could not be loaded for iaStorA.sys
     
    Probably caused by : iaStorA.sys
     
    BugCheck 9F, {3, ffffe000d7f8e060, ffffd000ca5e9930, ffffe000da3955c0}
    BugCheck Info: DRIVER_POWER_STATE_FAILURE (9f)
     
    BUGCHECK_STR:  0x9F
     
    DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
     
    PROCESS_NAME:  System
     
    FAILURE_BUCKET_ID:  0x9F_3_POWER_DOWN_disk_IMAGE_iaStorA.sys
     
    MaxSpeed:     1800
     
    CurrentSpeed: 1796
     
      BIOS Version                  V2.20
     
      BIOS Release Date             02/18/2013
     
      Manufacturer                  Acer
     
      Product Name                  Aspire M5-481PT
     
    ииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииии``
    **************************Thu Jun  5 23:56:42.783 2014 (UTC + 5:30)**************************
    Probably caused by : pci.sys
     
    BugCheck 9F, {3, ffffe0012d189060, ffffd000617b7930, ffffe0012f57e200}
    BugCheck Info: DRIVER_POWER_STATE_FAILURE (9f)
     
    BUGCHECK_STR:  0x9F
     
    DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
     
    PROCESS_NAME:  System
     
    FAILURE_BUCKET_ID:  0x9F_3_POWER_DOWN_iaStorA_IMAGE_pci.sys
     
    MaxSpeed:     1800
     
    CurrentSpeed: 1796
     
      BIOS Version                  V2.20
     
      BIOS Release Date             02/18/2013
     
      Manufacturer                  Acer
     
      Product Name                  Aspire M5-481PT
     
    ииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииии``
    **************************Thu Jun  5 21:22:13.218 2014 (UTC + 5:30)**************************
    Probably caused by : storport.sys ( storport!RaSendIrpSynchronous+70 )
     
    BugCheck 9F, {4, 12c, ffffe0019ea47880, fffff802cf015950}
    BugCheck Info: DRIVER_POWER_STATE_FAILURE (9f)
     
    BUGCHECK_STR:  0x9F
     
    DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
     
    FAILURE_BUCKET_ID:  WRONG_SYMBOLS
     
    MaxSpeed:     1800
     
    CurrentSpeed: 1796
     
      BIOS Version                  V2.20
     
      BIOS Release Date             02/18/2013
     
      Manufacturer                  Acer
     
      Product Name                  Aspire M5-481PT
     
    ииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииии``
    **************************Thu Jun  5 05:58:46.248 2014 (UTC + 5:30)**************************
    Probably caused by : storport.sys ( storport!RaSendIrpSynchronous+70 )
     
    BugCheck 9F, {4, 12c, ffffe000e8130880, ffffd001c5d69950}
    BugCheck Info: DRIVER_POWER_STATE_FAILURE (9f)
     
    BUGCHECK_STR:  0x9F
     
    DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
     
    FAILURE_BUCKET_ID:  WRONG_SYMBOLS
     
    MaxSpeed:     1800
     
    CurrentSpeed: 1796
     
      BIOS Version                  V2.20
     
      BIOS Release Date             02/18/2013
     
      Manufacturer                  Acer
     
      Product Name                  Aspire M5-481PT
     
    ииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииии``
    **************************Thu Jun  5 04:36:25.248 2014 (UTC + 5:30)**************************
    Probably caused by : memory_corruption ( nt!MmTrimAllSystemPagableMemory+d706 )
     
    BugCheck 9F, {3, ffffe0016443f7f0, ffffd000f7bfb930, ffffe0016389e930}
    BugCheck Info: DRIVER_POWER_STATE_FAILURE (9f)
     
    BUGCHECK_STR:  0x9F
     
    DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
     
    FAILURE_BUCKET_ID:  WRONG_SYMBOLS
     
    MaxSpeed:     1800
     
    CurrentSpeed: 1796
     
      BIOS Version                  V2.20
     
      BIOS Release Date             02/18/2013
     
      Manufacturer                  Acer
     
      Product Name                  Aspire M5-481PT
     
    ииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииии``
    **************************Thu Jun  5 04:10:27.750 2014 (UTC + 5:30)**************************
    Probably caused by : ntkrnlmp.exe ( nt!KeSynchronizeExecution+2246 )
     
    BugCheck 9F, {4, 12c, ffffe001b68b7880, ffffd000945fb950}
    BugCheck Info: DRIVER_POWER_STATE_FAILURE (9f)
     
    BUGCHECK_STR:  0x9F
     
    DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
     
    FAILURE_BUCKET_ID:  WRONG_SYMBOLS
     
    MaxSpeed:     1800
     
    CurrentSpeed: 1796
     
      BIOS Version                  V2.20
     
      BIOS Release Date             02/18/2013
     
      Manufacturer                  Acer
     
      Product Name                  Aspire M5-481PT
     
    ииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииии``
    **************************Wed Jun  4 09:43:52.742 2014 (UTC + 5:30)**************************
    Probably caused by : storport.sys ( storport!RaSendIrpSynchronous+70 )
     
    BugCheck 9F, {4, 12c, ffffe001eea89040, ffffd000725bf950}
    BugCheck Info: DRIVER_POWER_STATE_FAILURE (9f)
     
    BUGCHECK_STR:  0x9F
     
    DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
     
    FAILURE_BUCKET_ID:  WRONG_SYMBOLS
     
    MaxSpeed:     1800
     
    CurrentSpeed: 1796
     
      BIOS Version                  V2.20
     
      BIOS Release Date             02/18/2013
     
      Manufacturer                  Acer
     
      Product Name                  Aspire M5-481PT
     
    ииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииии``
    **************************Wed Jun  4 03:58:06.504 2014 (UTC + 5:30)**************************
    Probably caused by : storport.sys ( storport!RaSendIrpSynchronous+70 )
     
    BugCheck 9F, {4, 12c, ffffe00184f76040, fffff8036fc1cca0}
    BugCheck Info: DRIVER_POWER_STATE_FAILURE (9f)
     
    BUGCHECK_STR:  0x9F
     
    DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
     
    FAILURE_BUCKET_ID:  WRONG_SYMBOLS
     
    MaxSpeed:     1800
     
    CurrentSpeed: 1796
     
      BIOS Version                  V2.20
     
      BIOS Release Date             02/18/2013
     
      Manufacturer                  Acer
     
      Product Name                  Aspire M5-481PT
     
    ииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииии``
    **************************Tue Jun  3 22:15:19.881 2014 (UTC + 5:30)**************************
    Probably caused by : storport.sys ( storport!RaSendIrpSynchronous+70 )
     
    BugCheck 9F, {4, 12c, ffffe001450a6880, fffff8019321c950}
    BugCheck Info: DRIVER_POWER_STATE_FAILURE (9f)
     
    BUGCHECK_STR:  0x9F
     
    DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
     
    FAILURE_BUCKET_ID:  WRONG_SYMBOLS
     
    MaxSpeed:     1800
     
    CurrentSpeed: 1796
     
      BIOS Version                  V2.20
     
      BIOS Release Date             02/18/2013
     
      Manufacturer                  Acer
     
      Product Name                  Aspire M5-481PT
     
    ииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииии``
    **************************Tue Jun  3 20:07:58.439 2014 (UTC + 5:30)**************************
    Probably caused by : storport.sys ( storport!RaSendIrpSynchronous+70 )
     
    BugCheck 9F, {4, 12c, ffffe00012689040, ffffd00193dbf950}
    BugCheck Info: DRIVER_POWER_STATE_FAILURE (9f)
     
    BUGCHECK_STR:  0x9F
     
    DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
     
    FAILURE_BUCKET_ID:  WRONG_SYMBOLS
     
    MaxSpeed:     1800
     
    CurrentSpeed: 1796
     
      BIOS Version                  V2.20
     
      BIOS Release Date             02/18/2013
     
      Manufacturer                  Acer
     
      Product Name                  Aspire M5-481PT
     
    ииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииии``
    **************************Tue Jun  3 00:46:43.646 2014 (UTC + 5:30)**************************
    Probably caused by : storport.sys ( storport!RaSendIrpSynchronous+70 )
     
    BugCheck 9F, {4, 12c, ffffe001531e2880, fffff801a7c23ca0}
    BugCheck Info: DRIVER_POWER_STATE_FAILURE (9f)
     
    BUGCHECK_STR:  0x9F
     
    DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
     
    FAILURE_BUCKET_ID:  WRONG_SYMBOLS
     
    MaxSpeed:     1800
     
    CurrentSpeed: 1796
     
      BIOS Version                  V2.20
     
      BIOS Release Date             02/18/2013
     
      Manufacturer                  Acer
     
      Product Name                  Aspire M5-481PT
     
    ииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииии``
    **************************Mon Jun  2 12:24:01.197 2014 (UTC + 5:30)**************************
    Probably caused by : storport.sys ( storport!RaSendIrpSynchronous+70 )
     
    BugCheck 9F, {4, 12c, ffffe0016968c880, ffffd001109fb950}
    BugCheck Info: DRIVER_POWER_STATE_FAILURE (9f)
     
    BUGCHECK_STR:  0x9F
     
    DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
     
    FAILURE_BUCKET_ID:  WRONG_SYMBOLS
     
    MaxSpeed:     1800
     
    CurrentSpeed: 1796
     
      BIOS Version                  V2.20
     
      BIOS Release Date             02/18/2013
     
      Manufacturer                  Acer
     
      Product Name                  Aspire M5-481PT
     
    ииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииии``
    **************************Mon Jun  2 01:18:00.177 2014 (UTC + 5:30)**************************
    Probably caused by : ntkrnlmp.exe ( nt!CcTestControl+21f61 )
     
    BugCheck 7A, {fffff6e00083ba10, ffffffffc0000185, 1c413d880, ffffc00107742496}
    BugCheck Info: KERNEL_DATA_INPAGE_ERROR (7a)
     
    DISK_HARDWARE_ERROR: There was error with disk hardware
     
    BUGCHECK_STR:  0x7a_c0000185
     
    FAILURE_BUCKET_ID:  WRONG_SYMBOLS
     
    MaxSpeed:     1800
     
    CurrentSpeed: 1796
     
      BIOS Version                  V2.20
     
      BIOS Release Date             02/18/2013
     
      Manufacturer                  Acer
     
      Product Name                  Aspire M5-481PT
     
    ииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииии``
    **************************Sun Jun  1 12:21:38.435 2014 (UTC + 5:30)**************************
    Probably caused by : storport.sys ( storport!RaSendIrpSynchronous+70 )
     
    BugCheck 9F, {4, 12c, ffffe0009cd49880, ffffd000a41bf950}
    BugCheck Info: DRIVER_POWER_STATE_FAILURE (9f)
     
    BUGCHECK_STR:  0x9F
     
    DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
     
    FAILURE_BUCKET_ID:  WRONG_SYMBOLS
     
    MaxSpeed:     1800
     
    CurrentSpeed: 1796
     
      BIOS Version                  V2.20
     
      BIOS Release Date             02/18/2013
     
      Manufacturer                  Acer
     
      Product Name                  Aspire M5-481PT
     
    ииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииии``
    **************************Sun Jun  1 09:14:54.947 2014 (UTC + 5:30)**************************
    Probably caused by : memory_corruption ( nt!MmTrimAllSystemPagableMemory+d706 )
     
    BugCheck 9F, {3, ffffe000ce364060, fffff8038861c930, ffffe000d39b7d40}
    BugCheck Info: DRIVER_POWER_STATE_FAILURE (9f)
     
    BUGCHECK_STR:  0x9F
     
    DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
     
    FAILURE_BUCKET_ID:  WRONG_SYMBOLS
     
    MaxSpeed:     1800
     
    CurrentSpeed: 1796
     
      BIOS Version                  V2.20
     
      BIOS Release Date             02/18/2013
     
      Manufacturer                  Acer
     
      Product Name                  Aspire M5-481PT
     
    ииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииии``
    **************************Sun Jun  1 00:54:21.541 2014 (UTC + 5:30)**************************
    Probably caused by : storport.sys ( storport!RaSendIrpSynchronous+70 )
     
    BugCheck 9F, {4, 12c, ffffe0003078b880, ffffd0008fbfb950}
    BugCheck Info: DRIVER_POWER_STATE_FAILURE (9f)
     
    BUGCHECK_STR:  0x9F
     
    DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
     
    FAILURE_BUCKET_ID:  WRONG_SYMBOLS
     
    MaxSpeed:     1800
     
    CurrentSpeed: 1796
     
      BIOS Version                  V2.20
     
      BIOS Release Date             02/18/2013
     
      Manufacturer                  Acer
     
      Product Name                  Aspire M5-481PT
     
    ииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииии``
    **************************Sat May 31 10:44:54.062 2014 (UTC + 5:30)**************************
    Probably caused by : memory_corruption ( nt!MmTrimAllSystemPagableMemory+d706 )
     
    BugCheck 9F, {3, ffffe001d1d757f0, fffff8004061c930, ffffe001d63fe400}
    BugCheck Info: DRIVER_POWER_STATE_FAILURE (9f)
     
    BUGCHECK_STR:  0x9F
     
    DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
     
    FAILURE_BUCKET_ID:  WRONG_SYMBOLS
     
    MaxSpeed:     1800
     
    CurrentSpeed: 1796
     
      BIOS Version                  V2.20
     
      BIOS Release Date             02/18/2013
     
      Manufacturer                  Acer
     
      Product Name                  Aspire M5-481PT
     
    ииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииии``
    **************************Sat May 31 09:11:58.959 2014 (UTC + 5:30)**************************
    *** WARNING: Unable to verify timestamp for win32k.sys
     
    *** ERROR: Module load completed but symbols could not be loaded for win32k.sys
     
    Probably caused by : memory_corruption
     
    BugCheck 7A, {fffff6fc005970a8, ffffffffc0000185, 12ed85860, fffff800b2e15000}
    BugCheck Info: KERNEL_DATA_INPAGE_ERROR (7a)
     
    DISK_HARDWARE_ERROR: There was error with disk hardware
     
    BUGCHECK_STR:  0x7a_c0000185
     
    FAILURE_BUCKET_ID:  MEMORY_CORRUPTION_LARGE_4096
     
    MaxSpeed:     1800
     
    CurrentSpeed: 1796
     
      BIOS Version                  V2.20
     
      BIOS Release Date             02/18/2013
     
      Manufacturer                  Acer
     
      Product Name                  Aspire M5-481PT
     
    ииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииии``
    **************************Sat May 31 08:24:09.843 2014 (UTC + 5:30)**************************
    Probably caused by : storport.sys ( storport!RaSendIrpSynchronous+70 )
     
    BugCheck 9F, {4, 12c, ffffe000af9e2380, ffffd000c9ffb950}
    BugCheck Info: DRIVER_POWER_STATE_FAILURE (9f)
     
    BUGCHECK_STR:  0x9F
     
    DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
     
    FAILURE_BUCKET_ID:  WRONG_SYMBOLS
     
    MaxSpeed:     1800
     
    CurrentSpeed: 1796
     
      BIOS Version                  V2.20
     
      BIOS Release Date             02/18/2013
     
      Manufacturer                  Acer
     
      Product Name                  Aspire M5-481PT
     
    ииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииии``
    **************************Sat May 31 07:34:32.859 2014 (UTC + 5:30)**************************
    Probably caused by : storport.sys ( storport!RaSendIrpSynchronous+70 )
     
    BugCheck 9F, {4, 12c, ffffe000f9ef1040, ffffd0003c969950}
    BugCheck Info: DRIVER_POWER_STATE_FAILURE (9f)
     
    BUGCHECK_STR:  0x9F
     
    DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
     
    FAILURE_BUCKET_ID:  WRONG_SYMBOLS
     
    MaxSpeed:     1800
     
    CurrentSpeed: 1796
     
      BIOS Version                  V2.20
     
      BIOS Release Date             02/18/2013
     
      Manufacturer                  Acer
     
      Product Name                  Aspire M5-481PT
     
    ииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииии``
    **************************Sat May 31 03:26:28.126 2014 (UTC + 5:30)**************************
    Probably caused by : storport.sys ( storport!RaSendIrpSynchronous+70 )
     
    BugCheck 9F, {4, 12c, ffffe00159448040, ffffd00053369950}
    BugCheck Info: DRIVER_POWER_STATE_FAILURE (9f)
     
    BUGCHECK_STR:  0x9F
     
    DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
     
    FAILURE_BUCKET_ID:  WRONG_SYMBOLS
     
    MaxSpeed:     1800
     
    CurrentSpeed: 1796
     
      BIOS Version                  V2.20
     
      BIOS Release Date             02/18/2013
     
      Manufacturer                  Acer
     
      Product Name                  Aspire M5-481PT
     
    ииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииии``
    **************************Sat May 31 01:06:40.251 2014 (UTC + 5:30)**************************
    Probably caused by : storport.sys ( storport!RaSendIrpSynchronous+70 )
     
    BugCheck 9F, {4, 12c, ffffe000ef6c34c0, fffff8006941c950}
    BugCheck Info: DRIVER_POWER_STATE_FAILURE (9f)
     
    BUGCHECK_STR:  0x9F
     
    DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
     
    FAILURE_BUCKET_ID:  WRONG_SYMBOLS
     
    MaxSpeed:     1800
     
    CurrentSpeed: 1796
     
      BIOS Version                  V2.20
     
      BIOS Release Date             02/18/2013
     
      Manufacturer                  Acer
     
      Product Name                  Aspire M5-481PT
     
    ииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииии``
    **************************Fri May 30 09:09:09.093 2014 (UTC + 5:30)**************************
    Probably caused by : storport.sys ( storport!RaSendIrpSynchronous+70 )
     
    BugCheck 9F, {4, 12c, ffffe001e9feb040, fffff800c581c950}
    BugCheck Info: DRIVER_POWER_STATE_FAILURE (9f)
     
    BUGCHECK_STR:  0x9F
     
    DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
     
    FAILURE_BUCKET_ID:  WRONG_SYMBOLS
     
    MaxSpeed:     1800
     
    CurrentSpeed: 1796
     
      BIOS Version                  V2.20
     
      BIOS Release Date             02/18/2013
     
      Manufacturer                  Acer
     
      Product Name                  Aspire M5-481PT
     
    ииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииии``
    **************************Fri May 30 08:13:31.932 2014 (UTC + 5:30)**************************
    *** WARNING: Unable to verify timestamp for iaStorA.sys
     
    *** ERROR: Module load completed but symbols could not be loaded for iaStorA.sys
     
    Probably caused by : iaStorA.sys ( iaStorA+73b82 )
     
    BugCheck 133, {0, 501, 500, 0}
    BugCheck Info: DPC_WATCHDOG_VIOLATION (133)
     
    BUGCHECK_STR:  0x133
     
    DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
     
    FAILURE_BUCKET_ID:  WRONG_SYMBOLS
     
    MaxSpeed:     1800
     
    CurrentSpeed: 1796
     
      BIOS Version                  V2.20
     
      BIOS Release Date             02/18/2013
     
      Manufacturer                  Acer
     
      Product Name                  Aspire M5-481PT
     
    ииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииии``
    **************************Fri May 30 04:25:29.803 2014 (UTC + 5:30)**************************
    Probably caused by : storport.sys ( storport!RaSendIrpSynchronous+70 )
     
    BugCheck 9F, {4, 12c, ffffe00159005500, ffffd00021dfb950}
    BugCheck Info: DRIVER_POWER_STATE_FAILURE (9f)
     
    BUGCHECK_STR:  0x9F
     
    DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
     
    FAILURE_BUCKET_ID:  WRONG_SYMBOLS
     
    MaxSpeed:     1800
     
    CurrentSpeed: 1796
     
      BIOS Version                  V2.20
     
      BIOS Release Date             02/18/2013
     
      Manufacturer                  Acer
     
      Product Name                  Aspire M5-481PT
     
    ииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииии``
    **************************Fri May 30 01:43:15.478 2014 (UTC + 5:30)**************************
    Probably caused by : storport.sys ( storport!RaSendIrpSynchronous+70 )
     
    BugCheck 9F, {4, 12c, ffffe00169ffe880, ffffd00112369950}
    BugCheck Info: DRIVER_POWER_STATE_FAILURE (9f)
     
    BUGCHECK_STR:  0x9F
     
    DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
     
    FAILURE_BUCKET_ID:  WRONG_SYMBOLS
     
    MaxSpeed:     1800
     
    CurrentSpeed: 1796
     
      BIOS Version                  V2.20
     
      BIOS Release Date             02/18/2013
     
      Manufacturer                  Acer
     
      Product Name                  Aspire M5-481PT
     
    ииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииии``
    **************************Thu May 29 11:55:56.458 2014 (UTC + 5:30)**************************
    Probably caused by : storport.sys ( storport!RaSendIrpSynchronous+70 )
     
    BugCheck 9F, {4, 12c, ffffe001bbf2a880, ffffd00180dfb950}
    BugCheck Info: DRIVER_POWER_STATE_FAILURE (9f)
     
    BUGCHECK_STR:  0x9F
     
    DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
     
    FAILURE_BUCKET_ID:  WRONG_SYMBOLS
     
    MaxSpeed:     1800
     
    CurrentSpeed: 1796
     
      BIOS Version                  V2.20
     
      BIOS Release Date             02/18/2013
     
      Manufacturer                  Acer
     
      Product Name                  Aspire M5-481PT
    Below is a list of drivers which you must update immediately and see if the issue gets resolved or not. I am further analyzing your dump files and will post back soon.
    Code:
    **************************Fri Jun  6 04:50:12.040 2014 (UTC + 5:30)**************************
    NTIDrvr.sys                 Tue Apr 20 07:07:59 2010 (4BCD0577)
    UBHelper.sys                Tue Jul  6 09:49:26 2010 (4C32AECE)
    94766073.sys                Fri Mar  4 14:50:03 2011 (4D70AEC3)
    mwlPSDFilter.sys            Fri Mar 25 12:42:11 2011 (4D8C404B)
    mwlPSDNServ.sys             Fri Mar 25 12:42:13 2011 (4D8C404D)
    mwlPSDVDisk.sys             Fri Mar 25 12:42:23 2011 (4D8C4057)
    GEARAspiWDM.sys             Fri May  4 01:26:17 2012 (4FA2E2E1)
    RTKVHD64.sys                Tue Jun 12 15:32:32 2012 (4FD713B8)
    IntcDAud.sys                Tue Jun 19 20:10:51 2012 (4FE08F73)
    btath_hcrp.sys              Thu Jun 21 10:53:29 2012 (4FE2AFD1)
    HECIx64.sys                 Tue Jul  3 03:44:58 2012 (4FF21D62)
    irstrtdv.sys                Fri Jul 13 05:28:02 2012 (4FFF648A)
    iaStorA.sys                 Fri Aug 17 02:02:56 2012 (502D58F8)
    dump_iaStorA.sys            Fri Aug 17 02:02:56 2012 (502D58F8)
    excsd.sys                   Sat Aug 18 05:37:27 2012 (502EDCBF)
    excfs.sys                   Sat Aug 18 05:37:50 2012 (502EDCD6)
    btath_rcp.sys               Fri Aug 24 20:57:40 2012 (50379D6C)
    aPs2Kb2Hid.sys              Thu Aug 30 09:10:57 2012 (503EE0C9)
    ETD.sys                     Wed Jan 16 12:26:37 2013 (50F64F25)
    athw8x.sys                  Thu Jan 17 14:45:39 2013 (50F7C13B)
    k57nd60a.sys                Wed Jan 30 06:18:55 2013 (51086DF7)
    klpd.sys                    Fri Apr 12 17:04:45 2013 (5167F155)
    klim6.sys                   Thu Jul 11 13:23:56 2013 (51DE6494)
    klmouflt.sys                Thu Aug  8 18:39:08 2013 (52039874)
    intelppm.sys                Thu Aug 22 14:16:35 2013 (5215CFEB)
    iwdbus.sys                  Fri Sep 27 03:08:04 2013 (5244A93C)
    igdkmd64.sys                Tue Oct  1 22:36:57 2013 (524B0131)
    kl1.sys                     Fri Oct 18 14:48:22 2013 (5260FCDE)
    btfilter.sys                Wed Oct 30 12:39:06 2013 (5270B092)
    kneps.sys                   Thu Oct 31 19:15:52 2013 (52725F10)
    klkbdflt.sys                Fri Dec 27 19:05:56 2013 (52BD823C)
    klwfp.sys                   Wed Feb  5 19:03:44 2014 (52F23DB8)
    klflt.sys                   Sun Mar  2 04:32:12 2014 (531266F4)
    klif.sys                    Thu Mar  6 22:08:02 2014 (5318A46A)
    ииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииии``
    **************************Fri Jun  6 01:42:48.219 2014 (UTC + 5:30)**************************
    hiber_iaStorA.sys           Fri Aug 17 02:02:56 2012 (502D58F8)
    http://www.carrona.org/drivers/driver.php?id=NTIDrvr.sys
    http://www.carrona.org/drivers/driver.php?id=UBHelper.sys
    94766073.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
    http://www.carrona.org/drivers/driver.php?id=mwlPSDFilter.sys
    http://www.carrona.org/drivers/driver.php?id=mwlPSDNServ.sys
    http://www.carrona.org/drivers/driver.php?id=mwlPSDVDisk.sys
    http://www.carrona.org/drivers/driver.php?id=GEARAspiWDM.sys
    http://www.carrona.org/drivers/driver.php?id=RTKVHD64.sys
    http://www.carrona.org/drivers/driver.php?id=IntcDAud.sys
    http://www.carrona.org/drivers/driver.php?id=btath_hcrp.sys
    http://www.carrona.org/drivers/driver.php?id=HECIx64.sys
    http://www.carrona.org/drivers/driver.php?id=irstrtdv.sys
    http://www.carrona.org/drivers/driver.php?id=iaStorA.sys
    http://www.carrona.org/drivers/driver.php?id=dump_iaStorA.sys
    http://www.carrona.org/drivers/driver.php?id=excsd.sys
    http://www.carrona.org/drivers/driver.php?id=excfs.sys
    http://www.carrona.org/drivers/driver.php?id=btath_rcp.sys
    aPs2Kb2Hid.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
    http://www.carrona.org/drivers/driver.php?id=ETD.sys
    http://www.carrona.org/drivers/driver.php?id=athw8x.sys
    http://www.carrona.org/drivers/driver.php?id=k57nd60a.sys
    http://www.carrona.org/drivers/driver.php?id=klpd.sys
    http://www.carrona.org/drivers/driver.php?id=klim6.sys
    http://www.carrona.org/drivers/driver.php?id=klmouflt.sys
    http://www.carrona.org/drivers/driver.php?id=intelppm.sys
    http://www.carrona.org/drivers/driver.php?id=iwdbus.sys
    http://www.carrona.org/drivers/driver.php?id=igdkmd64.sys
    http://www.carrona.org/drivers/driver.php?id=kl1.sys
    http://www.carrona.org/drivers/driver.php?id=btfilter.sys
    http://www.carrona.org/drivers/driver.php?id=kneps.sys
    http://www.carrona.org/drivers/driver.php?id=klkbdflt.sys
    http://www.carrona.org/drivers/driver.php?id=klwfp.sys
    http://www.carrona.org/drivers/driver.php?id=klflt.sys
    http://www.carrona.org/drivers/driver.php?id=klif.sys
    http://www.carrona.org/drivers/driver.php?id=hiber_iaStorA.sys
      My System SpecsSystem Spec

  3. #3


    India
    Posts : 2,097
    Windows 8.1 Industry Pro B-)


    Hi M15,

    Could you please download the GMER exe from this LINK and post back the results?
      My System SpecsSystem Spec

  4. #4


    Posts : 8
    Windows 8.1


    I downloaded the GMER.exe from the site and ran it, but it ran into a couple of errors.

    C:Windows\system32\config\system: The process cannot access the file because it is being used by another process.

    C:\Users\Matt Q\ntuser.dat: The process cannot access the file because it is being used by another process

    At the end of the scan, I also saw that there was an unkown MBR code, but it didn't show it as a threat.
    Disk \Device\Harddisk0\DR0 unknown MBR Code

    After this, a BSOD occured saying Critical_Structure_Corruption. And now, I'm running GMER again, and apparently it can't access C:Windows\system32\config\software.


    Update: I'm running a full virus scan right now, and it seems to have stopped at audiodg.exe\ntdll.dll which is apparently prone to infections. I'm also attaching the newer SF files so that it may help locate the exact problem.
    Last edited by M15; 09 Jun 2014 at 11:02.
      My System SpecsSystem Spec

  5. #5


    Posts : 8
    Windows 8.1


    Running a full virus scan again, hopefully it doesn't get stuck this time, and to avoid the issue of it going into sleep mode overnight, I'm just going to set the power options so that it never goes to sleep while plugged in, and let the virus scan keep going.

    GMER is still running into accessibility issues, so I might need to use a different rootkit detector. Any advice on trustworthy ones to use?

    Attachment 44743
      My System SpecsSystem Spec

  6. #6


    India
    Posts : 2,097
    Windows 8.1 Industry Pro B-)


    Hi M15,

    Sorry for not replying lately as I was out of town. Nice Gif :P

    I have analyzed your recent dump files as well but they are giving me the same error that is the Driver_verifier_Power_State_Failure. Below has been provided an analysis of your most recent dump file :-
    Code:
    2: kd> !analyze -v*******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    
    DRIVER_POWER_STATE_FAILURE (9f)
    A driver has failed to complete a power IRP within a specific time.
    Arguments:
    Arg1: 0000000000000004, The power transition timed out waiting to synchronize with the Pnp
    	subsystem.
    Arg2: 000000000000012c, Timeout in seconds.
    Arg3: ffffe0002080f040, The thread currently holding on to the Pnp lock.
    Arg4: ffffd000a7be9950, nt!TRIAGE_9F_PNP on Win7 and higher
    
    
    Debugging Details:
    ------------------
    
    
    Implicit thread is now ffffe000`2080f040
    
    
    DRVPOWERSTATE_SUBCODE:  4
    
    
    FAULTING_THREAD:  ffffe0002080f040
    
    
    CUSTOMER_CRASH_COUNT:  1
    
    
    DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
    
    
    BUGCHECK_STR:  0x9F
    
    
    PROCESS_NAME:  System
    
    
    CURRENT_IRQL:  2
    
    
    ANALYSIS_VERSION: 6.3.9600.16384 (debuggers(dbg).130821-1623) amd64fre
    
    
    LOCK_ADDRESS:  fffff800e52d5cc0 -- (!locks fffff800e52d5cc0)
    
    
    Resource @ nt!PiEngineLock (0xfffff800e52d5cc0)    Available
    
    
    WARNING: SystemResourcesList->Flink chain invalid. Resource may be corrupted, or already deleted.
    
    
    
    
    WARNING: SystemResourcesList->Blink chain invalid. Resource may be corrupted, or already deleted.
    
    
    1 total locks
    
    
    PNP_TRIAGE: 
    	Lock address  : 0xfffff800e52d5cc0
    	Thread Count  : 0
    	Thread address: 0x0000000000000000
    	Thread wait   : 0x0
    
    
    LAST_CONTROL_TRANSFER:  from fffff800e5057d1e to fffff800e5157e36
    
    
    STACK_TEXT:  
    ffffd000`abf0cb10 fffff800`e5057d1e : ffffd000`a7bc0180 ffffe000`2080f040 00000000`fffffffe 00000000`fffffffe : nt!KiSwapContext+0x76
    ffffd000`abf0cc50 fffff800`e5057779 : 00000000`00000002 00000000`00000000 00000000`00000000 ffffe000`19dc22d0 : nt!KiSwapThread+0x14e
    ffffd000`abf0ccf0 fffff800`e5067dfa : ffff521f`b4312861 00000000`00000000 ffffd000`abf0d100 ffffd000`abf0d101 : nt!KiCommitThreadWait+0x129
    ffffd000`abf0cd70 fffff800`89f7d22c : ffffd000`abf0ce30 ffffd000`00000000 ffffe000`1fde3000 ffffd000`00000000 : nt!KeWaitForSingleObject+0x22a
    ffffd000`abf0ce00 fffff800`89f81dd5 : ffffe000`1f8ff1d0 ffffe000`1fde3000 00000000`00000000 00000000`00000001 : storport!RaSendIrpSynchronous+0x70
    ffffd000`abf0ce60 fffff800`89f83d50 : ffffd000`abf0d3f0 ffffd000`000000a0 ffffd000`abf0d430 fffff800`00000002 : storport!RaidBusEnumeratorIssueSynchronousRequest+0x191
    ffffd000`abf0d090 fffff800`89f83a69 : ffffe000`1fde30e0 fffff800`00000001 ffffd000`abf0d290 00000000`00000001 : storport!RaidBusEnumeratorIssueReportLuns+0x68
    ffffd000`abf0d0f0 fffff800`89f8370e : ffffe000`19de2268 fffff800`00000001 00000000`00000001 ffffd000`abf0d1f9 : storport!RaidBusEnumeratorGetLunListFromTarget+0x59
    ffffd000`abf0d170 fffff800`89f818d4 : 00000000`00fe0200 0000b65c`00000001 00000000`00000001 00000000`00000000 : storport!RaidBusEnumeratorGetLunList+0x7e
    ffffd000`abf0d260 fffff800`89f82ce7 : 00000000`00000000 ffffd000`abf0d500 00000000`00000000 00000000`00000000 : storport!RaidAdapterEnumerateBus+0x94
    ffffd000`abf0d3d0 fffff800`89f828d6 : ffffe000`19de21a0 ffffd000`abf0d530 00000000`00000000 fffff800`e52a4200 : storport!RaidAdapterRescanBus+0xb7
    ffffd000`abf0d4b0 fffff800`89f7cccd : 00000000`00000000 fffff800`8c493c65 ffffe000`2084c920 fffff800`8c493eed : storport!RaidAdapterQueryDeviceRelationsIrp+0xa6
    ffffd000`abf0d570 fffff800`89f76dd1 : fffff800`e504c180 ffffd000`abf0d6c0 ffffe000`2084c920 ffffe000`19de2050 : storport!RaidAdapterPnpIrp+0x18d
    ffffd000`abf0d610 fffff800`e53a6efa : ffffe000`2084c920 ffffe000`20804ef0 ffffe000`19de2050 00000000`00000003 : storport!RaDriverPnpIrp+0x8d
    ffffd000`abf0d650 fffff800`e53a6dac : 00000000`00000000 ffffd000`abf0d6e9 fffff800`e504c180 fffff800`e5295d33 : nt!PnpAsynchronousCall+0x102
    ffffd000`abf0d690 fffff800`e53a6c1d : ffffe000`20804ef0 ffffe000`20804ef0 ffffe000`192ac1a0 00000000`00000000 : nt!PnpQueryDeviceRelations+0x88
    ffffd000`abf0d750 fffff800`e53b5a94 : ffffe000`19d6cd30 ffffe000`19d6cd30 00000000`00000002 00000000`00000000 : nt!PipEnumerateDevice+0xe9
    ffffd000`abf0d7d0 fffff800`e54860a5 : ffffe000`1f6ee510 00000000`00000001 00000000`00000000 fffff800`e53c1f06 : nt!PipProcessDevNodeTree+0x17c
    ffffd000`abf0da50 fffff800`e50f782c : 00000001`00000003 00000000`00000000 00000000`00000000 00000000`00000000 : nt!PiProcessReenumeration+0x91
    ffffd000`abf0daa0 fffff800`e5054adb : fffff800`e50f76c4 ffffd000`abf0dbd0 00000000`00000000 ffffe000`1df67130 : nt!PnpDeviceActionWorker+0x168
    ffffd000`abf0db50 fffff800`e50d0794 : ffffe000`20813880 ffffe000`2080f040 ffffe000`2080f040 ffffe000`1910c040 : nt!ExpWorkerThread+0x293
    ffffd000`abf0dc00 fffff800`e515b5c6 : ffffd000`a958e180 ffffe000`2080f040 ffffe000`20813880 00000000`00000108 : nt!PspSystemThreadStartup+0x58
    ffffd000`abf0dc60 00000000`00000000 : ffffd000`abf0e000 ffffd000`abf08000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16
    
    
    
    
    STACK_COMMAND:  .thread 0xffffe0002080f040 ; kb
    
    
    FOLLOWUP_IP: 
    storport!RaSendIrpSynchronous+70
    fffff800`89f7d22c 8bc3            mov     eax,ebx
    
    
    SYMBOL_STACK_INDEX:  4
    
    
    SYMBOL_NAME:  storport!RaSendIrpSynchronous+70
    
    
    FOLLOWUP_NAME:  MachineOwner
    
    
    MODULE_NAME: storport
    
    
    IMAGE_NAME:  storport.sys
    
    
    DEBUG_FLR_IMAGE_TIMESTAMP:  53415ff7
    
    
    IMAGE_VERSION:  6.3.9600.17090
    
    
    BUCKET_ID_FUNC_OFFSET:  70
    
    
    FAILURE_BUCKET_ID:  0x9F_4_storport!RaSendIrpSynchronous
    
    
    BUCKET_ID:  0x9F_4_storport!RaSendIrpSynchronous
    
    
    ANALYSIS_SOURCE:  KM
    
    
    FAILURE_ID_HASH_STRING:  km:0x9f_4_storport!rasendirpsynchronous
    
    
    FAILURE_ID_HASH:  {6c47e918-387f-a799-2bb3-a7c5408fae49}
    
    
    Followup: MachineOwner
    ---------
    There are a few problem devices found in your MSINFO32 report stating that Motherboard resources are in conflict. Could you please run Memtest from THIS website for atleast an overnight?

    Also, before running memtest, please run aswMBR from this LINK. Also, please paste your log files of both GMER and aswMBR in your next post.
      My System SpecsSystem Spec

  7. #7


    Posts : 8
    Windows 8.1


    GMER Log
    Code:
    GMER 2.1.19357 - http://www.gmer.net
    Rootkit scan 2014-06-10 17:50:36
    Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\0000002d WDC_WD5000LPVX-22V0TT0 rev.01.01A01 465.76GB
    Running: b1cses3j.exe; Driver: C:\Users\MATTQ~1\AppData\Local\Temp\uwlorkog.sys
    
    
    ---- Kernel code sections - GMER 2.1 ----
    
    .text    C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 1                                                                                                                                                 fffff960000c4201 7 bytes [20, 0A, 02, 00, F0, 70, 01]
    .text    C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 9                                                                                                                                                 fffff960000c4209 6 bytes [88, B0, FF, 01, 23, DC]
    
    ---- User code sections - GMER 2.1 ----
    
    .text    C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5500] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 381                                                                                       000000007729137d 16 bytes {JMP 0xffffffffffffffd3}
    .text    C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5500] C:\WINDOWS\system32\wow64cpu.dll!CpuGetContext + 386                                                                                       0000000077291512 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
    .text    C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5500] C:\WINDOWS\system32\wow64cpu.dll!CpuSetInstructionPointer + 49                                                                             0000000077291551 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
    .text    C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5500] C:\WINDOWS\system32\wow64cpu.dll!CpuSetStackPointer + 23                                                                                   0000000077291577 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
    .text    C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5500] C:\WINDOWS\system32\wow64cpu.dll!CpuResetToConsistentState + 516                                                                           0000000077291784 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
    .text    C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5500] C:\WINDOWS\system32\wow64cpu.dll!CpuThreadInit + 50                                                                                        00000000772917c2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
    .text    C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5500] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23                                                                                   00000000772917e7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
    .text    C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5500] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 68                                                                                       0000000077291834 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
    .text    C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5500] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 1                                                                               0000000077291841 24 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
    .text    C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5500] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 513                                                                             0000000077291a41 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
    .text    ...                                                                                                                                                                                                 * 2
    .text    C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5500] C:\WINDOWS\system32\wow64cpu.dll!CpuFlushInstructionCache + 16                                                                             0000000077292ae0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
    .text    C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5500] C:\WINDOWS\system32\wow64cpu.dll!CpuInitializeStartupContext + 308                                                                         0000000077292c1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
    .text    C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5500] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessDebugEvent + 3                                                                                  0000000077292c43 8 bytes [7C, 68, 16, FF, 00, 00, 00, ...]
    .text    C:\Users\Matt Q\Desktop\aswmbr.exe[5440] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 381                                                                                                       000000007729137d 16 bytes {JMP 0xffffffffffffffd3}
    .text    C:\Users\Matt Q\Desktop\aswmbr.exe[5440] C:\WINDOWS\system32\wow64cpu.dll!CpuGetContext + 386                                                                                                       0000000077291512 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
    .text    C:\Users\Matt Q\Desktop\aswmbr.exe[5440] C:\WINDOWS\system32\wow64cpu.dll!CpuSetInstructionPointer + 49                                                                                             0000000077291551 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
    .text    C:\Users\Matt Q\Desktop\aswmbr.exe[5440] C:\WINDOWS\system32\wow64cpu.dll!CpuSetStackPointer + 23                                                                                                   0000000077291577 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
    .text    C:\Users\Matt Q\Desktop\aswmbr.exe[5440] C:\WINDOWS\system32\wow64cpu.dll!CpuResetToConsistentState + 516                                                                                           0000000077291784 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
    .text    C:\Users\Matt Q\Desktop\aswmbr.exe[5440] C:\WINDOWS\system32\wow64cpu.dll!CpuThreadInit + 50                                                                                                        00000000772917c2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
    .text    C:\Users\Matt Q\Desktop\aswmbr.exe[5440] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23                                                                                                   00000000772917e7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
    .text    C:\Users\Matt Q\Desktop\aswmbr.exe[5440] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 68                                                                                                       0000000077291834 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
    .text    C:\Users\Matt Q\Desktop\aswmbr.exe[5440] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 1                                                                                               0000000077291841 24 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
    .text    C:\Users\Matt Q\Desktop\aswmbr.exe[5440] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 513                                                                                             0000000077291a41 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
    .text    ...                                                                                                                                                                                                 * 2
    .text    C:\Users\Matt Q\Desktop\aswmbr.exe[5440] C:\WINDOWS\system32\wow64cpu.dll!CpuFlushInstructionCache + 16                                                                                             0000000077292ae0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
    .text    C:\Users\Matt Q\Desktop\aswmbr.exe[5440] C:\WINDOWS\system32\wow64cpu.dll!CpuInitializeStartupContext + 308                                                                                         0000000077292c1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
    .text    C:\Users\Matt Q\Desktop\aswmbr.exe[5440] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessDebugEvent + 3                                                                                                  0000000077292c43 8 bytes [7C, 68, 4F, 7F, 00, 00, 00, ...]
    .text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDefaultNpAcl + 772                                                                                                    00007fffea55293c 8 bytes {JMP 0xffffffffffffff8c}
    .text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!WinSqmAddToAverageDWORD + 21                                                                                             00007fffea552959 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
    .text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!WinSqmSetIfMaxDWORD + 95                                                                                                 00007fffea5529c7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
    .text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!EtwEventWriteEndScenario + 220                                                                                           00007fffea552aac 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
    .text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!WinSqmEndSession + 272                                                                                                   00007fffea552bc4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
    .text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!WinSqmStartSession + 8                                                                                                   00007fffea553018 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
    .text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!WinSqmStartSession + 940                                                                                                 00007fffea5533bc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
    .text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!EtwEventWriteFull + 64                                                                                                   00007fffea553404 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
    .text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!EtwEventWriteFull + 503                                                                                                  00007fffea5535bb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
    .text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!WinSqmIsSessionDisabled + 792                                                                                            00007fffea553fe0 8 bytes {JMP 0xffffffffffffffa9}
    .text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlVerifyVersionInfo + 835                                                                                               00007fffea554933 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
    .text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!SbSelectProcedure + 336                                                                                                  00007fffea554bac 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
    .text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!SbSelectProcedure + 472                                                                                                  00007fffea554c34 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
    .text    ...                                                                                                                                                                                                 * 2
    .text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetNtProductType + 567                                                                                                00007fffea55543f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
    .text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!WinSqmAddToStream + 592                                                                                                  00007fffea5556b4 8 bytes {JMP 0xffffffffffffffa9}
    .text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!WinSqmAddToStreamEx + 875                                                                                                00007fffea555a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
    .text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!WinSqmEventEnabled + 139                                                                                                 00007fffea555f8b 8 bytes {JMP 0xffffffffffffffd1}
    .text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!WinSqmEventEnabled + 224                                                                                                 00007fffea555fe0 16 bytes {JMP 0xffffffffffffffcf}
    .text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!WinSqmEventWrite + 119                                                                                                   00007fffea5560df 8 bytes {JMP 0xffffffffffffffac}
    .text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!EtwEventWrite + 43                                                                                                       00007fffea556113 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
    .text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!EtwEventWrite + 628                                                                                                      00007fffea55635c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
    .text    ...                                                                                                                                                                                                 * 3
    .text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlCreateBoundaryDescriptor + 584                                                                                        00007fffea556658 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
    .text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlAddSIDToBoundaryDescriptor + 8                                                                                        00007fffea556668 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
    .text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlAddSIDToBoundaryDescriptor + 519                                                                                      00007fffea556867 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
    .text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDeleteBoundaryDescriptor + 23                                                                                         00007fffea556887 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
    .text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!A_SHAFinal + 300                                                                                                         00007fffea556bf0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
    .text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!A_SHAInit + 44                                                                                                           00007fffea556c24 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
    .text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlCreateServiceSid + 292                                                                                                00007fffea559188 8 bytes {JMP 0xffffffffffffffdc}
    .text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLengthRequiredSid + 20                                                                                                00007fffea5591a4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
    .text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLengthRequiredSid + 352                                                                                               00007fffea5592f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
    .text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlInitializeSid + 35                                                                                                    00007fffea55931b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
    .text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlAddAce + 339                                                                                                          00007fffea55950b 8 bytes {JMP 0xffffffffffffffdc}
    .text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlNewSecurityObjectEx + 99                                                                                              00007fffea559577 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
    .text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlIsValidProcessTrustLabelSid + 103                                                                                     00007fffea5595e7 8 bytes {JMP 0xffffffffffffffe6}
    .text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlIsValidProcessTrustLabelSid + 751                                                                                     00007fffea55986f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
    .text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlSidDominatesForTrust + 135                                                                                            00007fffea559a67 8 bytes {JMP 0xffffffffffffffaa}
    .text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlCreateSecurityDescriptor + 43                                                                                         00007fffea55a7bf 8 bytes {JMP 0xfffffffffffffff5}
    .text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlSetDaclSecurityDescriptor + 104                                                                                       00007fffea55a8e8 8 bytes {JMP 0xffffffffffffffe5}
    .text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlAddMandatoryAce + 356                                                                                                 00007fffea55aa78 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
    .text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlMapGenericMask + 64                                                                                                   00007fffea55d270 8 bytes {JMP 0xffffffffffffffd0}
    .text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlOpenCurrentUser + 208                                                                                                 00007fffea55d39c 8 bytes {JMP 0xffffffffffffffa3}
    .text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlCheckTokenCapability + 952                                                                                            00007fffea55d75c 8 bytes [F0, 69, F8, 7F, 00, 00, 00, ...]
    .text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlAppendUnicodeToString + 167                                                                                           00007fffea55e56b 8 bytes [D0, 69, F8, 7F, 00, 00, 00, ...]
    .text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLengthSidAsUnicodeString + 84                                                                                         00007fffea55e5c8 8 bytes {JMP 0xffffffffffffffdc}
    .text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlValidSecurityDescriptor + 243                                                                                         00007fffea55e6c3 8 bytes [B0, 69, F8, 7F, 00, 00, 00, ...]
    .text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlAddAccessAllowedAce + 379                                                                                             00007fffea55e847 8 bytes [A0, 69, F8, 7F, 00, 00, 00, ...]
    .text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                                                   00007fffea5dac50 8 bytes {JMP QWORD [RIP-0x7c8ac]}
    .text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                                                 00007fffea5dadd0 8 bytes {JMP QWORD [RIP-0x7c86b]}
    .text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                       00007fffea5dae00 8 bytes {JMP QWORD [RIP-0x7db96]}
    .text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                     00007fffea5daf20 8 bytes {JMP QWORD [RIP-0x7d7ca]}
    .text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                         00007fffea5dafd0 8 bytes {JMP QWORD [RIP-0x7dc3a]}
    .text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                         00007fffea5db690 8 bytes {JMP QWORD [RIP-0x7ce4f]}
    .text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread                                                                                                       00007fffea5db990 8 bytes {JMP QWORD [RIP-0x7d2d3]}
    .text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                       00007fffea5dc210 8 bytes {JMP QWORD [RIP-0x7dc4e]}
    .text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 381                                                                                                   000000007729137d 16 bytes {JMP 0xffffffffffffffd3}
    .text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\system32\wow64cpu.dll!CpuGetContext + 386                                                                                                   0000000077291512 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
    .text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\system32\wow64cpu.dll!CpuSetInstructionPointer + 49                                                                                         0000000077291551 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
    .text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\system32\wow64cpu.dll!CpuSetStackPointer + 23                                                                                               0000000077291577 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
    .text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\system32\wow64cpu.dll!CpuResetToConsistentState + 516                                                                                       0000000077291784 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
    .text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\system32\wow64cpu.dll!CpuThreadInit + 50                                                                                                    00000000772917c2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
    .text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23                                                                                               00000000772917e7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
    .text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 68                                                                                                   0000000077291834 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
    .text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 1                                                                                           0000000077291841 24 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
    .text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 513                                                                                         0000000077291a41 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
    .text    ...                                                                                                                                                                                                 * 2
    .text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\system32\wow64cpu.dll!CpuFlushInstructionCache + 16                                                                                         0000000077292ae0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
    .text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\system32\wow64cpu.dll!CpuInitializeStartupContext + 308                                                                                     0000000077292c1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
    .text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessDebugEvent + 3                                                                                              0000000077292c43 8 bytes [7C, 68, F8, 7F, 00, 00, 00, ...]
    
    ---- User IAT/EAT - GMER 2.1 ----
    
    IAT      C:\WINDOWS\Explorer.EXE[2616] @ C:\WINDOWS\system32\RPCRT4.dll[ntdll.dll!NtAlpcConnectPortEx]                                                                                                       [52d41250] 
    
    ---- Threads - GMER 2.1 ----
    
    Thread   C:\WINDOWS\system32\csrss.exe [720:912]                                                                                                                                                             fffff96000944b90
    Thread   C:\WINDOWS\system32\svchost.exe [904:360]                                                                                                                                                           00007fffe6591b40
    Thread   C:\WINDOWS\System32\svchost.exe [456:1088]                                                                                                                                                          00007fffe34b1400
    Thread   C:\WINDOWS\System32\svchost.exe [456:1144]                                                                                                                                                          00007fffe3441ed0
    Thread   C:\WINDOWS\System32\svchost.exe [456:1204]                                                                                                                                                          00007fffe30ee054
    Thread   C:\WINDOWS\System32\svchost.exe [456:1212]                                                                                                                                                          00007fffe333e840
    Thread   C:\WINDOWS\System32\svchost.exe [456:1256]                                                                                                                                                          00007fffe2c1ed08
    Thread   C:\WINDOWS\System32\svchost.exe [456:1296]                                                                                                                                                          00007fffe314482c
    Thread   C:\WINDOWS\System32\svchost.exe [456:3848]                                                                                                                                                          00007fffdc196dd0
    Thread   C:\WINDOWS\System32\svchost.exe [456:3856]                                                                                                                                                          00007fffdc194f30
    Thread   C:\WINDOWS\system32\svchost.exe [616:1308]                                                                                                                                                          00007fffe1261ee0
    Thread   C:\WINDOWS\system32\svchost.exe [616:2368]                                                                                                                                                          00007fffde2dcbc0
    Thread   C:\WINDOWS\system32\svchost.exe [616:2412]                                                                                                                                                          00007fffdf401b40
    Thread   C:\WINDOWS\system32\svchost.exe [616:3004]                                                                                                                                                          00007fffdc5b79a0
    Thread   C:\WINDOWS\system32\svchost.exe [616:3008]                                                                                                                                                          00007fffdc5b73e0
    Thread   C:\WINDOWS\system32\svchost.exe [616:3012]                                                                                                                                                          00007fffdc614e0c
    Thread   C:\WINDOWS\system32\svchost.exe [616:2608]                                                                                                                                                          00007fffdc3b2b48
    Thread   C:\WINDOWS\system32\svchost.exe [616:2604]                                                                                                                                                          00007fffdc45130c
    Thread   C:\WINDOWS\system32\svchost.exe [616:2700]                                                                                                                                                          00007fffdc45130c
    Thread   C:\WINDOWS\system32\svchost.exe [616:1340]                                                                                                                                                          00007fffdc614e0c
    Thread   C:\WINDOWS\system32\svchost.exe [616:6412]                                                                                                                                                          00007fffde9d5340
    Thread   C:\WINDOWS\system32\svchost.exe [616:6652]                                                                                                                                                          00007fffdcd710e0
    Thread   C:\WINDOWS\system32\svchost.exe [616:3636]                                                                                                                                                          00007fffc40438e0
    Thread   C:\WINDOWS\system32\svchost.exe [724:2636]                                                                                                                                                          00007fffddf10b50
    Thread   C:\WINDOWS\system32\svchost.exe [724:2680]                                                                                                                                                          00007fffddf0c574
    Thread   C:\WINDOWS\system32\svchost.exe [724:2684]                                                                                                                                                          00007fffddf0f55c
    Thread   C:\WINDOWS\system32\svchost.exe [724:2688]                                                                                                                                                          00007fffddf11674
    Thread   C:\WINDOWS\system32\svchost.exe [724:2692]                                                                                                                                                          00007fffddf07490
    Thread   C:\WINDOWS\system32\svchost.exe [724:2760]                                                                                                                                                          00007fffddb74b04
    Thread   C:\WINDOWS\system32\svchost.exe [724:1564]                                                                                                                                                          00007fffddf0d5a0
    Thread   C:\WINDOWS\system32\svchost.exe [724:5776]                                                                                                                                                          00007fffc40c6c08
    Thread   C:\WINDOWS\system32\svchost.exe [724:4760]                                                                                                                                                          00007fffc40c6800
    Thread   C:\WINDOWS\system32\svchost.exe [1128:1116]                                                                                                                                                         00007fffdf7e4b30
    Thread   C:\WINDOWS\system32\svchost.exe [1128:2056]                                                                                                                                                         00007fffdeb2dff0
    Thread   C:\WINDOWS\system32\svchost.exe [1128:2668]                                                                                                                                                         00007fffddc73584
    Thread   C:\WINDOWS\system32\svchost.exe [1128:2672]                                                                                                                                                         00007fffddc73560
    Thread   C:\WINDOWS\system32\svchost.exe [1128:2676]                                                                                                                                                         00007fffddc86738
    Thread   C:\WINDOWS\system32\svchost.exe [1128:2828]                                                                                                                                                         00007fffdd541ef8
    Thread   C:\WINDOWS\system32\svchost.exe [1128:2836]                                                                                                                                                         00007fffdd5335f4
    Thread   C:\WINDOWS\system32\svchost.exe [1128:2844]                                                                                                                                                         00007fffdd5335f4
    Thread   C:\WINDOWS\system32\svchost.exe [1128:2848]                                                                                                                                                         00007fffdd5335f4
    Thread   C:\WINDOWS\system32\svchost.exe [1128:2852]                                                                                                                                                         00007fffdd5335f4
    Thread   C:\WINDOWS\system32\svchost.exe [1128:2856]                                                                                                                                                         00007fffdd5335f4
    Thread   C:\WINDOWS\system32\svchost.exe [1128:3624]                                                                                                                                                         00007fffde9d5340
    Thread   C:\WINDOWS\system32\svchost.exe [1128:3464]                                                                                                                                                         00007fffdfb514f0
    Thread   C:\WINDOWS\system32\svchost.exe [1360:1800]                                                                                                                                                         00007fffdfb22b90
    Thread   C:\WINDOWS\system32\svchost.exe [1360:2620]                                                                                                                                                         00007fffdfb267bc
    Thread   C:\WINDOWS\system32\svchost.exe [1360:2816]                                                                                                                                                         00007fffdd092110
    Thread   C:\WINDOWS\system32\svchost.exe [1360:2820]                                                                                                                                                         00007fffdd061584
    Thread   C:\WINDOWS\system32\svchost.exe [1360:2868]                                                                                                                                                         00007fffdcfd1b40
    Thread   C:\WINDOWS\system32\svchost.exe [1360:992]                                                                                                                                                          00007fffe35a1040
    Thread   C:\WINDOWS\system32\svchost.exe [1360:76]                                                                                                                                                           00007fffe35a4608
    Thread   C:\WINDOWS\SYSTEM32\ntdll.dll [1636:1640]                                                                                                                                                           0000000000c2301f
    Thread   C:\WINDOWS\SYSTEM32\ntdll.dll [1636:1728]                                                                                                                                                           00000000711e6c50
    Thread   C:\WINDOWS\SYSTEM32\ntdll.dll [1636:3088]                                                                                                                                                           000000006f721120
    Thread   C:\WINDOWS\SYSTEM32\ntdll.dll [1636:3180]                                                                                                                                                           00000000713257fe
    Thread   C:\WINDOWS\SYSTEM32\ntdll.dll [1636:3208]                                                                                                                                                           000000006f4df6c8
    Thread   C:\WINDOWS\SYSTEM32\ntdll.dll [1636:3212]                                                                                                                                                           000000006f4df6c8
    Thread   C:\WINDOWS\SYSTEM32\ntdll.dll [1636:3344]                                                                                                                                                           000000006cd3b503
    Thread   C:\WINDOWS\SYSTEM32\ntdll.dll [1636:3356]                                                                                                                                                           000000006cd3b503
    Thread   C:\WINDOWS\SYSTEM32\ntdll.dll [1636:3360]                                                                                                                                                           000000006cd3b503
    Thread   C:\WINDOWS\SYSTEM32\ntdll.dll [1636:3376]                                                                                                                                                           000000006c2b6b60
    Thread   C:\WINDOWS\SYSTEM32\ntdll.dll [1636:3380]                                                                                                                                                           000000006c2b6b60
    Thread   C:\WINDOWS\SYSTEM32\ntdll.dll [1636:3388]                                                                                                                                                           000000006c300320
    Thread   C:\WINDOWS\SYSTEM32\ntdll.dll [1636:3396]                                                                                                                                                           000000006c6f975d
    Thread   C:\WINDOWS\SYSTEM32\ntdll.dll [1636:3460]                                                                                                                                                           000000006f4df6c8
    Thread   C:\WINDOWS\SYSTEM32\ntdll.dll [1636:3472]                                                                                                                                                           000000006cbb8730
    Thread   C:\WINDOWS\SYSTEM32\ntdll.dll [1636:2552]                                                                                                                                                           0000000055c01b6e
    Thread   C:\WINDOWS\SYSTEM32\ntdll.dll [1636:5920]                                                                                                                                                           000000007325a4c5
    Thread   C:\WINDOWS\SYSTEM32\ntdll.dll [2120:2124]                                                                                                                                                           000000000040f0bc
    Thread   C:\WINDOWS\system32\taskhostex.exe [2072:3232]                                                                                                                                                      00007fffdd7d2310
    Thread   C:\WINDOWS\system32\taskhostex.exe [2072:1312]                                                                                                                                                      00007fffdd9022a0
    Thread   C:\WINDOWS\system32\taskhostex.exe [2072:1460]                                                                                                                                                      00007fffea01bc40
    Thread   C:\WINDOWS\system32\taskhostex.exe [2072:344]                                                                                                                                                       00007fffe1011120
    Thread   C:\WINDOWS\system32\taskhostex.exe [2072:3568]                                                                                                                                                      00007fffdf7e4b30
    Thread   C:\WINDOWS\Explorer.EXE [2616:1216]                                                                                                                                                                 00007fffd41157a4
    Thread   C:\WINDOWS\Explorer.EXE [2616:3288]                                                                                                                                                                 00007fffd233e780
    Thread   C:\WINDOWS\Explorer.EXE [2616:1588]                                                                                                                                                                 00007fffe2c1ed08
    Thread   C:\WINDOWS\Explorer.EXE [2616:1584]                                                                                                                                                                 00007fffe2c1ed08
    Thread   C:\WINDOWS\Explorer.EXE [2616:3456]                                                                                                                                                                 00007fffd216a760
    Thread   C:\WINDOWS\Explorer.EXE [2616:1220]                                                                                                                                                                 00007fffe2c1ed08
    Thread   C:\WINDOWS\Explorer.EXE [2616:2396]                                                                                                                                                                 00007fffdfc71e40
    Thread   C:\WINDOWS\Explorer.EXE [2616:1528]                                                                                                                                                                 00007fffdd318c54
    Thread   C:\WINDOWS\Explorer.EXE [2616:5428]                                                                                                                                                                 00007fffd40076cc
    Thread   C:\WINDOWS\Explorer.EXE [2616:5724]                                                                                                                                                                 00007fffd40076cc
    Thread   C:\WINDOWS\Explorer.EXE [2616:5548]                                                                                                                                                                 00007fffd40076cc
    Thread   C:\WINDOWS\Explorer.EXE [2616:3096]                                                                                                                                                                 00007fffd40076cc
    Thread   C:\WINDOWS\Explorer.EXE [2616:6576]                                                                                                                                                                 00007fffdd31d6bc
    Thread   C:\WINDOWS\Explorer.EXE [2616:4888]                                                                                                                                                                 00007fffdd31d6bc
    Thread   C:\WINDOWS\Explorer.EXE [2616:1196]                                                                                                                                                                 00007fffdd31d6bc
    Thread   C:\WINDOWS\Explorer.EXE [2616:2912]                                                                                                                                                                 00007fffdd31d6bc
    Thread   C:\WINDOWS\Explorer.EXE [2616:1576]                                                                                                                                                                 00007fffdd31d6bc
    Thread   C:\WINDOWS\Explorer.EXE [2616:5528]                                                                                                                                                                 00007fffe04c2774
    Thread   C:\WINDOWS\Explorer.EXE [2616:3488]                                                                                                                                                                 00007fffdd31d6bc
    Thread   C:\WINDOWS\Explorer.EXE [2616:7100]                                                                                                                                                                 00007fffe1f71e70
    Thread   C:\WINDOWS\Explorer.EXE [2616:5948]                                                                                                                                                                 00007fffe1f71c00
    Thread   C:\WINDOWS\Explorer.EXE [2616:5652]                                                                                                                                                                 00007fffdd31d6bc
    Thread   C:\WINDOWS\Explorer.EXE [2616:4528]                                                                                                                                                                 00007fffdd31d6bc
    Thread   C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [3820:1096]                                                                                                                           00007fffe04c2774
    Thread   C:\WINDOWS\System32\Taskmgr.exe [5180:3052]                                                                                                                                                         00007fffe04c2774
    ---- Processes - GMER 2.1 ----
    
    Library  C:\Users\MATTQ~1\AppData\Local\Temp\_av4_\aswEngin.dll (*** suspicious ***) @ C:\Users\Matt Q\Desktop\aswmbr.exe [5440] (High level antivirus engine/ALWIL Software)(2014-06-11 00:38:44)           0000000064280000
    Library  C:\Users\MATTQ~1\AppData\Local\Temp\_av4_\aswScan.dll (*** suspicious ***) @ C:\Users\Matt Q\Desktop\aswmbr.exe [5440] (Low level antivirus engine/ALWIL Software)(2014-06-11 00:38:44)             0000000064200000
    Library  C:\Users\MATTQ~1\AppData\Local\Temp\_av4_\MSVCP71.dll (*** suspicious ***) @ C:\Users\Matt Q\Desktop\aswmbr.exe [5440] (Microsoftо C++ Runtime Library/Microsoft Corporation)(2014-06-11 00:38:44)  000000007c3a0000
    Library  C:\Users\MATTQ~1\AppData\Local\Temp\_av4_\aswCmnOS.dll (*** suspicious ***) @ C:\Users\Matt Q\Desktop\aswmbr.exe [5440] (Antivirus HW dependent library/ALWIL Software)(2014-06-11 00:38:44)        0000000064000000
    Library  C:\Users\MATTQ~1\AppData\Local\Temp\_av4_\aswCmnB.dll (*** suspicious ***) @ C:\Users\Matt Q\Desktop\aswmbr.exe [5440] (High level portable functions/ALWIL Software)(2014-06-11 00:38:44)          0000000064080000
    Library  C:\Users\MATTQ~1\AppData\Local\Temp\_av4_\aswCmnS.dll (*** suspicious ***) @ C:\Users\Matt Q\Desktop\aswmbr.exe [5440] (Common non-portable functions/ALWIL Software)(2014-06-11 00:38:44)          0000000064100000
    Library  C:\Users\MATTQ~1\AppData\Local\Temp\_av4_\MSVCR71.dll (*** suspicious ***) @ C:\Users\Matt Q\Desktop\aswmbr.exe [5440] (Microsoftо C Runtime Library/Microsoft Corporation)(2014-06-11 00:38:44)    000000007c340000
    
    ---- Disk sectors - GMER 2.1 ----
    
    Disk     \Device\Harddisk0\DR0                                                                                                                                                                               unknown MBR code
    
    ---- EOF - GMER 2.1 ----
    aswMBR Log
    Code:
    aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
    Run date: 2014-06-10 17:38:44
    -----------------------------
    17:38:44.810    OS Version: Windows x64 6.2.9200 
    17:38:44.810    Number of processors: 4 586 0x3A09
    17:38:44.811    ComputerName: THEBLACKSAX  UserName: Matt Q
    17:38:44.859    Initialze error 1 
    17:39:12.388    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000002d
    17:39:12.390    Disk 0 Vendor: WDC_WD5000LPVX-22V0TT0 01.01A01 Size: 476940MB BusType: 11
    17:39:12.395    Disk 0 MBR read successfully
    17:39:12.396    Disk 0 MBR scan
    17:39:12.399    Disk 0 unknown MBR code
    17:39:12.417    Disk 0 Partition 1 00     EE          GPT           2097151 MB offset 1
    17:39:12.419    Disk 0 scanning C:\WINDOWS\system32\drivers
    17:39:12.421    Service scanning
    17:39:12.937    Modules scanning
    17:39:12.940    Disk 0 trace - called modules:
    17:39:12.944    ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll iaStorA.sys 
    17:39:12.948    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe000c9def4e0]
    17:39:12.951    3 CLASSPNP.SYS[fffff80184b9927b] -> nt!IofCallDriver -> \Device\0000002d[0xffffe000c79b54a0]
    17:39:12.954    Scan finished successfully
    17:39:50.177    Disk 0 MBR has been saved successfully to "C:\Users\Matt Q\Desktop\MBR.dat"
    17:39:50.193    The log file has been saved successfully to "C:\Users\Matt Q\Desktop\aswMBR log June 10 2014.txt"
    Haven't run the Memtest86 yet as the computer doesn't seem to recognize the USB or the D: drive, so I can't install the program onto either in order to run it. I'll probably have to restart the computer and try it then.
      My System SpecsSystem Spec

  8. #8


    Posts : 8
    Windows 8.1


    Ran Memtest86 and it didn't find any errors I believe.
      My System SpecsSystem Spec

  9. #9


    India
    Posts : 2,097
    Windows 8.1 Industry Pro B-)


    Hi M15,

    I am not able to pin point the cause in these dump files so I am asking my expert friends. Will post back here soon of what they say.
      My System SpecsSystem Spec

  10. #10


    Posts : 8
    Windows 8.1


    Thanks for the help so far.

    As another update, the computer seems to be able to start up once and go to sleep once without restarting, and once the computer wakes up from this initial sleep, I get a notification saying:

    Intel Rapid Storage Technology
    SATA Disk on Controller 0, Port 1: Detected

    Now after this notification if I put the computer to sleep, it will restart, probably experiencing the error. So, I let the computer restart again and watched the Intel application and it doesn't seem to have one of the internal ports connected on initial startup, but as soon as I put it to sleep and wake it up again, it connects to the SSD inside and later disconnects leaving an empty internal port. It seems that somewhere between waking up the computer, connecting to the SSD and later disconnecting causes the error to occur when the computer goes to sleep.
      My System SpecsSystem Spec

Page 1 of 2 12 LastLast
Driver Power State Failure in sleep mode
Related Threads
I am using lenovo G580-20150. I know this problem have been opened a tread but the problem i dont' think it's same so i woud like to ask for some solution after listening to my problem. I have been user of windows 8 and 8.1 for quite some time. everything works fine for me for the windows that...
Hey, I got some BSOD problems. Do you got time & experience to help me? :) I got Windows 8 at the moment, I will install 8.1 shortly. Had 8.1 before i re-installed OS when the first BSOD showed up, so I doubt that 8.1 will fix things completely. My problems ATM! - Driver Power State...
I have been using my asus laptop but recently started blue screening. When trying to shut it down the screen will go black, but the system lights remain on and it remains running, however irresponsive. It also began showing a blue screen with the warning "Driver power state failure". Even after...
I'm having a BSOD problem. After walking computer from sleep mode, within 1-2 minutes it will get a BSOD with the "driver power state failure" error and restart, but interestingly I never get the error the moment I wake up the computer. I'm using a Lenovo IdeaPad Y510P with Windows 8.1 64-bit. I...
Driver Power State Failure on wake from sleep in BSOD Crashes and Debugging
Hi, I've been getting persistent BSOD's when attempting to wake up my computer (Lenovo Twist u230) from sleep. I am also sporadically getting Kernal Data Inpage Error BSOD while using my computer. My machine is Windows 8, installed from factory with a recent refresh done. SFC /SCANNOW and DISM...
New build i7 asrock motherboard W8 Pro. when waking from sleep everytime I get driver_power_state_failure BSOD. Looking for some help on where to start. Updated the bios and everything else works great. Thanks for any advice 14584
My Toshiba laptop gives the above BSOD screen 9 out of 10 times when going to sleep. I have installed the latest Win 8 video drivers but that was no help. I have attached a couple of the minidump files.
Eight Forums Android App Eight Forums IOS App Follow us on Facebook