BSOD: 0x8000000000000002

Tuche

New Member
Messages
5
Hello,

i have been getting BSOD almost every day. Sometimes during intensive gaming and sometimes when i wake up, i see the computer has restarted and after checking the log viewer, i can see there has been a BSOD crash. Sometimes, when i wake up, the PC has frozen during that BSOD crash log creation (the BSOD stuck at 100%, does not restart).

After searching these forums, i have already did some of the suggested solutions, like the video card stress test (90C without any problems) and this Windows suggestion here: http://www.eightforums.com/bsod-cra...nt-id-41-task-63-a-post370650.html#post370650

Then please run the following DISM commands to see if there's any problems with the system (from an elevated (Run as administrator) Command Prompt). Press Enter after each one:
Code:
Dism /Online /Cleanup-Image /ScanHealth
Code:
Dism /Online /Cleanup-Image /CheckHealth

If the problem is fixable, you can use this command to repair it (from an elevated (Run as administrator) Command Prompt). Press Enter after typing it:
Code:
Dism /Online /Cleanup-Image /RestoreHealth

From this article: Repair a Windows Image

You can also run sfc.exe /scannow from an elevated (Run as administrator) Command Prompt to check for further corruption.

And i am still geting the same BSOD.

I did also tracked the tempuratures during intensive gaming and all seem fine! (below 60C)

I was about to do a memtest, but i do not believe it is a bad memory issue, but more like a driver issue.

Therefor, i seek the help from you guys to help me find out what is wrong!

Thank you in advance!
 

My Computer

System One

  • OS
    Windows 8.1
Hi Tuche & Welcome to the forums ^_^,

I have analysed your dump files and below has been provided an analysis of the same for informative purposes -
Code:
**************************Thu Dec  4 07:52:21.610 2014 (UTC + 5:30)**************************
Loading Dump File [C:\SysnativeBSODApps\120414-11328-01.dmp]
 
Windows 8 Kernel Version 9600 MP (4 procs) Free x64
 
Built by: 9600.17085.amd64fre.winblue_gdr.140330-1035
 
System Uptime: 1 days 4:50:58.127
 
*** WARNING: Unable to verify timestamp for OGECPJU
 
*** ERROR: Module load completed but symbols could not be loaded for OGECPJU
 
Probably caused by : OGECPJU ( OGECPJU+5312 )
 
BugCheck 3B, {c0000005, 0, ffffd000286ee3e0, 0}
BugCheck Info: [url=http://www.carrona.org/bsodindx.html#0x0000003B]SYSTEM_SERVICE_EXCEPTION (3b)[/url]
 
Arguments: 
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: 0000000000000000, Address of the instruction which caused the bugcheck
Arg3: ffffd000286ee3e0, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
BUGCHECK_STR:  0x3B
 
DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
 
PROCESS_NAME:  WmiPrvSE.exe
 
FAILURE_BUCKET_ID:  0x3B_OGECPJU+5312
 
CPUID:        "Intel(R) Core(TM) i5-4570 CPU @ 3.20GHz"
 
MaxSpeed:     3200
 
CurrentSpeed: 3200
 
  BIOS Version                  F7
 
  BIOS Release Date             10/17/2014
 
  Manufacturer                  Gigabyte Technology Co., Ltd.
 
  Product Name                  Z97X-SLI
 
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Wed Dec  3 02:59:55.456 2014 (UTC + 5:30)**************************
Loading Dump File [C:\SysnativeBSODApps\120214-11125-01.dmp]
 
Windows 8 Kernel Version 9600 MP (4 procs) Free x64
 
Built by: 9600.17085.amd64fre.winblue_gdr.140330-1035
 
System Uptime: 0 days 19:01:20.224
 
*** WARNING: Unable to verify timestamp for OYIJRDNE
 
*** ERROR: Module load completed but symbols could not be loaded for OYIJRDNE
 
Probably caused by : OYIJRDNE ( OYIJRDNE+5312 )
 
BugCheck 3B, {c0000005, 0, ffffd00027e1a3e0, 0}
BugCheck Info: [url=http://www.carrona.org/bsodindx.html#0x0000003B]SYSTEM_SERVICE_EXCEPTION (3b)[/url]
 
Arguments: 
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: 0000000000000000, Address of the instruction which caused the bugcheck
Arg3: ffffd00027e1a3e0, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
BUGCHECK_STR:  0x3B
 
DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
 
PROCESS_NAME:  SrTasks.exe
 
FAILURE_BUCKET_ID:  0x3B_OYIJRDNE+5312
 
CPUID:        "Intel(R) Core(TM) i5-4570 CPU @ 3.20GHz"
 
MaxSpeed:     3200
 
CurrentSpeed: 3200
 
  BIOS Version                  F7
 
  BIOS Release Date             10/17/2014
 
  Manufacturer                  Gigabyte Technology Co., Ltd.
 
  Product Name                  Z97X-SLI
 
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Tue Dec  2 07:55:56.067 2014 (UTC + 5:30)**************************
Loading Dump File [C:\SysnativeBSODApps\120214-11093-01.dmp]
 
Windows 8 Kernel Version 9600 MP (4 procs) Free x64
 
Built by: 9600.17085.amd64fre.winblue_gdr.140330-1035
 
System Uptime: 2 days 13:24:56.392
 
*** WARNING: Unable to verify timestamp for VRMKSFXPDT
 
*** ERROR: Module load completed but symbols could not be loaded for VRMKSFXPDT
 
Probably caused by : VRMKSFXPDT ( VRMKSFXPDT+5312 )
 
BugCheck 3B, {c0000005, fffff8007f5cc10f, ffffd000268953f0, 0}
BugCheck Info: [url=http://www.carrona.org/bsodindx.html#0x0000003B]SYSTEM_SERVICE_EXCEPTION (3b)[/url]
 
Arguments: 
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff8007f5cc10f, Address of the instruction which caused the bugcheck
Arg3: ffffd000268953f0, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
BUGCHECK_STR:  0x3B
 
DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
 
PROCESS_NAME:  WmiPrvSE.exe
 
FAILURE_BUCKET_ID:  0x3B_VRMKSFXPDT+5312
 
CPUID:        "Intel(R) Core(TM) i5-4570 CPU @ 3.20GHz"
 
MaxSpeed:     3200
 
CurrentSpeed: 3200
 
  BIOS Version                  F7
 
  BIOS Release Date             10/17/2014
 
  Manufacturer                  Gigabyte Technology Co., Ltd.
 
  Product Name                  Z97X-SLI
 
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Sat Nov 29 11:03:28.501 2014 (UTC + 5:30)**************************
Loading Dump File [C:\SysnativeBSODApps\112914-11500-01.dmp]
 
Windows 8 Kernel Version 9600 MP (4 procs) Free x64
 
Built by: 9600.17085.amd64fre.winblue_gdr.140330-1035
 
System Uptime: 0 days 20:08:08.648
 
*** WARNING: Unable to verify timestamp for KCCDGDHDNLQVODG
 
*** ERROR: Module load completed but symbols could not be loaded for KCCDGDHDNLQVODG
 
Probably caused by : KCCDGDHDNLQVODG ( KCCDGDHDNLQVODG+5312 )
 
BugCheck 50, {ffffc00013582088, 0, fffff800b3f6a0f3, 0}
BugCheck Info: [url=http://www.carrona.org/bsodindx.html#0x00000050]PAGE_FAULT_IN_NONPAGED_AREA (50)[/url]
 
Arguments: 
Arg1: ffffc00013582088, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff800b3f6a0f3, If non-zero, the instruction address which referenced the bad memory
 address.
Arg4: 0000000000000000, (reserved)
BUGCHECK_STR:  AV
 
DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
 
PROCESS_NAME:  System
 
FAILURE_BUCKET_ID:  AV_KCCDGDHDNLQVODG+5312
 
CPUID:        "Intel(R) Core(TM) i5-4570 CPU @ 3.20GHz"
 
MaxSpeed:     3200
 
CurrentSpeed: 3200
 
  BIOS Version                  F7
 
  BIOS Release Date             10/17/2014
 
  Manufacturer                  Gigabyte Technology Co., Ltd.
 
  Product Name                  Z97X-SLI
 
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
Below is a list of 3rd party drivers present on your system -
Code:
**************************Thu Dec  4 07:52:21.610 2014 (UTC + 5:30)**************************
[COLOR=#FF0000][B][U]gdrv.sys                    Fri Mar 13 08:52:29 2009 (49B9D175)
[/U][/B][/COLOR][B][U]VMNET.SYS                   Mon Aug 10 17:34:50 2009 (4A800CE2)
vmnetadapter.sys            Mon Aug 10 17:34:53 2009 (4A800CE5)
vmnetbridge.sys             Mon Aug 10 17:35:58 2009 (4A800D26)
vstor2-ws60.sys             Fri Aug 20 01:58:39 2010 (4C6D93F7)
VMparport.sys               Sat Mar 26 09:36:22 2011 (4D8D663E)
vmci.sys                    Sat Mar 26 09:38:49 2011 (4D8D66D1)
hcmon.sys                   Sat Mar 26 10:10:38 2011 (4D8D6E46)
vmnetuserif.sys             Sat Mar 26 10:25:31 2011 (4D8D71C3)
VMkbd.sys                   Sat Mar 26 11:01:22 2011 (4D8D7A2A)
vmx86.sys                   Sat Mar 26 11:48:58 2011 (4D8D8552)
GEARAspiWDM.sys             Fri May  4 01:26:17 2012 (4FA2E2E1)
pfmfs_7DB.sys               Wed Dec 12 00:14:43 2012 (50C77F1B)
[/U][/B]rtwlane.sys                 Thu Jul 11 19:50:03 2013 (51DEBF13)
MpKsl50ee59ab.sys           Thu Aug 22 04:21:16 2013 (52154464)
MpKsl7144e650.sys           Thu Aug 22 04:21:16 2013 (52154464)
MpKsl84ad4fd3.sys           Thu Aug 22 04:21:16 2013 (52154464)
intelppm.sys                Thu Aug 22 14:16:35 2013 (5215CFEB)
tap0901.sys                 Thu Aug 22 18:10:01 2013 (521606A1)
e1d64x64.sys                Fri Aug 30 05:25:45 2013 (521FDF81)
dtscsidrv.SYS               Tue Sep 10 19:26:12 2013 (522F24FC)
sptd.sys                    Thu Oct 31 20:56:53 2013 (527276BD)
AMDACPKSL.SYS               Wed Mar 12 05:19:44 2014 (531FA118)
AtihdWB6.sys                Wed Mar 12 05:20:02 2014 (531FA12A)
TeeDriverx64.sys            Thu Mar 13 23:51:52 2014 (5321F740)
dump_iaStorA.sys            Fri Apr  4 04:30:05 2014 (533DE7F5)
iaStorA.sys                 Fri Apr  4 04:30:05 2014 (533DE7F5)
RTKVHD64.sys                Wed May 28 17:47:12 2014 (5385D3C8)
iwdbus.sys                  Wed Jun 18 03:24:22 2014 (53A0B90E)
atikmpag.sys                Tue Sep 16 03:29:06 2014 (5417612A)
atikmdag.sys                Tue Sep 16 03:51:08 2014 (54176654)
[COLOR=#0000FF][B][U]OGECPJU                     Sun Nov 23 19:05:30 2014 (5471E2A2)
[/U][/B][/COLOR]¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Wed Dec  3 02:59:55.456 2014 (UTC + 5:30)**************************
usbaapl64.sys               Tue Jul 15 23:00:23 2014 (53C5652F)
[COLOR=#0000FF][B][U]OYIJRDNE                    Sun Nov 23 19:05:30 2014 (5471E2A2)
[/U][/B][/COLOR]¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Tue Dec  2 07:55:56.067 2014 (UTC + 5:30)**************************
[COLOR=#0000FF][B][U]VRMKSFXPDT                  Sun Nov 23 19:05:30 2014 (5471E2A2)
[/U][/B][/COLOR]¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Sat Nov 29 11:03:28.501 2014 (UTC + 5:30)**************************
[COLOR=#0000FF][B][U]KCCDGDHDNLQVODG             Sun Nov 23 19:05:30 2014 (5471E2A2)
[/U][/B][/COLOR]
http://www.carrona.org/drivers/driver.php?id=gdrv.sys
http://www.carrona.org/drivers/driver.php?id=VMNET.SYS
http://www.carrona.org/drivers/driver.php?id=vmnetadapter.sys
http://www.carrona.org/drivers/driver.php?id=vmnetbridge.sys
http://www.carrona.org/drivers/driver.php?id=vstor2-ws60.sys
http://www.carrona.org/drivers/driver.php?id=VMparport.sys
http://www.carrona.org/drivers/driver.php?id=vmci.sys
http://www.carrona.org/drivers/driver.php?id=hcmon.sys
http://www.carrona.org/drivers/driver.php?id=vmnetuserif.sys
http://www.carrona.org/drivers/driver.php?id=VMkbd.sys
http://www.carrona.org/drivers/driver.php?id=vmx86.sys
http://www.carrona.org/drivers/driver.php?id=GEARAspiWDM.sys
http://www.carrona.org/drivers/driver.php?id=pfmfs_7DB.sys
http://www.carrona.org/drivers/driver.php?id=rtwlane.sys
MpKsl50ee59ab.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
MpKsl7144e650.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
MpKsl84ad4fd3.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
http://www.carrona.org/drivers/driver.php?id=intelppm.sys
http://www.carrona.org/drivers/driver.php?id=tap0901.sys
http://www.carrona.org/drivers/driver.php?id=e1d64x64.sys
http://www.carrona.org/drivers/driver.php?id=dtscsidrv.SYS
http://www.carrona.org/drivers/driver.php?id=sptd.sys
http://www.carrona.org/drivers/driver.php?id=AMDACPKSL.SYS
http://www.carrona.org/drivers/driver.php?id=AtihdWB6.sys
http://www.carrona.org/drivers/driver.php?id=TeeDriverx64.sys
http://www.carrona.org/drivers/driver.php?id=dump_iaStorA.sys
http://www.carrona.org/drivers/driver.php?id=iaStorA.sys
http://www.carrona.org/drivers/driver.php?id=RTKVHD64.sys
http://www.carrona.org/drivers/driver.php?id=iwdbus.sys
http://www.carrona.org/drivers/driver.php?id=atikmpag.sys
http://www.carrona.org/drivers/driver.php?id=atikmdag.sys
OGECPJU - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
http://www.carrona.org/drivers/driver.php?id=usbaapl64.sys
OYIJRDNE - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
VRMKSFXPDT - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
KCCDGDHDNLQVODG - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.

Kindly uninstall Gigabyte Easy Saver since it is known to cause problems. The driver is highlighted in RED for the Gigabyte Easy Saver Utility.

The crashes occurred because of drivers with no extensions residing in the Temporary Folder of the Windows. The drivers are highlighted in Dark Blue. I tried finding on Google as well but there are no results for such strings.
Could you please search these files and upload them (Copy them in one folder and ZIP that folder and upload here)so that I could take a look at them?

At this point of time, I would suggest you to run Antivirus Scan using Antivirus like ESET, AVG, Avast etc.
Let me know how it goes ^_^
 

My Computer

System One

  • OS
    Windows 8.1 Industry Pro B-)
    Computer type
    Laptop
    System Manufacturer/Model
    Toshiba
    CPU
    Core I5 2430M @ 2.4GHz
    Memory
    8 GB DDR3 @ 1600MHz Dual Channel ^_^
    Graphics Card(s)
    Intel HD 3000 B-)
    Screen Resolution
    1366x768
    Hard Drives
    Toshiba 500 GB
    Browser
    Google Chrome
    Antivirus
    Windows Defender & Common Sense!
Thank you for taking time in analyzing my log files. I ll check these files you marked and will be back here shortly.
 

My Computer

System One

  • OS
    Windows 8.1
The latest one is in C:\Windows\TEMP\
 

My Computer

System One

  • OS
    Win8.1Pro - Finally!!!
    Computer type
    Laptop
    System Manufacturer/Model
    Samsung/NP780
    CPU
    Came with the laptop (i7 of some sort)
    Motherboard
    Pretty sure that it has one, but haven't checked inside the case!
    Memory
    upgraded to 12 gB from 8 gB
    Graphics Card(s)
    has switchable - Intel/ATI - Used wrong drivers, now ATI card is inop :( Will have to fix it soon!
    Sound Card
    I'm nearly deaf, so this isn't used often
    Monitor(s) Displays
    Touchscreen on laptop/32" Toshiba on HDMI (laid the Sharp TV on a mouse and cracked the screen!)
    Screen Resolution
    800x600
    Hard Drives
    One Samsung 1tB drive - 5400 rpm. Gonna switch to a 7200/10000 rpm or an SSD (if I can find $500 for a 1tB SSD!)
    - Switched to 500 gB Samsung 840 series SSD - WOW!!!
    PSU
    Why do we ask this for laptops?
    Case
    Silver with a neat Samsung logo
    Cooling
    sub-par, gotta get around to working on it soon Worked on it - still sub-par! :(
    Keyboard
    Microsoft Natural - the same one I've used since it orignally came out around 1995
    Mouse
    no Mouse - Trackball!!!!
    Internet Speed
    too slow when I'm waiting for a download to finish
    Browser
    Yes, I use this (Firefox mostly, w/IE next most)
    Antivirus
    Windows Defender and Windows Firewall
    Other Info
    I'm handsome and a snappy dresser :0)
Hello again,

i am back.

I ran MS Essentials and AVG and nothing was found.

I did not know that i had this Gigabyte Easy Saver, neither i could find it in my programs, but i maybe was bundled-installed? Therefor i uninstalled anything Gigabyte related.

Today, i got another BSOD (dpc_watchdog_violation).

Here are the refreshed logs from today: https://dl.dropboxusercontent.com/u/425150/LIPEPC-06_12_2014_212623,30.zip

Here are the requested blue files (most of them i found, a lot of them were VMWare related if i am not mistaken): https://dl.dropboxusercontent.com/u/425150/CRASH.zip


Thank you again for your time.
 

My Computer

System One

  • OS
    Windows 8.1
Hi Tuche ^_^,

I will analyse those dump files soon. But, I wanted to point that you uploaded the wrong folder :(
Like usasma said, you need to check the TEMP Folder located at - "C:\Windows\Temp" for the BLUE Files or similar files.

Let me know if you are able to find anything there :)
 

My Computer

System One

  • OS
    Windows 8.1 Industry Pro B-)
    Computer type
    Laptop
    System Manufacturer/Model
    Toshiba
    CPU
    Core I5 2430M @ 2.4GHz
    Memory
    8 GB DDR3 @ 1600MHz Dual Channel ^_^
    Graphics Card(s)
    Intel HD 3000 B-)
    Screen Resolution
    1366x768
    Hard Drives
    Toshiba 500 GB
    Browser
    Google Chrome
    Antivirus
    Windows Defender & Common Sense!
Oh sorry for that, i misunderstood you.

I ll try to get them upload till weekened, sorry for the delay!
 

My Computer

System One

  • OS
    Windows 8.1
Oh sorry for that, i misunderstood you.

I ll try to get them upload till weekened, sorry for the delay!

Sure thing.

Let us know how it goes ^_^.

-Pranav
 

My Computer

System One

  • OS
    Windows 8.1 Industry Pro B-)
    Computer type
    Laptop
    System Manufacturer/Model
    Toshiba
    CPU
    Core I5 2430M @ 2.4GHz
    Memory
    8 GB DDR3 @ 1600MHz Dual Channel ^_^
    Graphics Card(s)
    Intel HD 3000 B-)
    Screen Resolution
    1366x768
    Hard Drives
    Toshiba 500 GB
    Browser
    Google Chrome
    Antivirus
    Windows Defender & Common Sense!
Hello again blueelvis and thank you on getting back on my issue and helping out!

Ok, i checked the temp folder and i couldn't find any of the dark blue files there. I basically entered the "C:\Windows\Temp" folder and for each file, i copied its name and pasted in the search box (so that the file would only be searched inside the temp folder) and really none was found.

I conducted another search in the temp folder, for sys files (*.sys) and again none were found.

I have the impression my PC is somewhat more stable. Before posting here, i would usually get almost every day a BSOD. Since my first post and after doing some cleaning, like uninstalling anything Gigabyte related and a bluetooth dongle driver, now i get like 1-2 BSOD's in the week, maybe it is just a luck streak . . . who knows :D

Yesterday, after like 5 days without any BSOD's, i got another one. Thou this one had a different, something with pagefile and out of bounds, if i am not mistaken . . .

So here it is the latest log dump i have: https://dl.dropboxusercontent.com/u/425150/LIPEPC-12_12_2014_115521,40.zip

Please, let me know if you need anything else!
 

My Computer

System One

  • OS
    Windows 8.1
Hi Tuche ^_^,

That is very strange that the files are not there. Seems like someone is creating them and then deleting as well. Your latest Dump file also blames a random file in the TEMP Directory without any file extension. At this point, I would suggest you to run GMER (Just to be sure that a rootkit is not there) -
GMER - Rootkit Detector and Remover

See if it finds any Rootkit or suspicious activity. If you are not able to run the EXE, try their randomized EXE.

I have analysed your dump files and below has been provided an analysis of the same for informative purposes :-
Code:
1: kd> k
  *** Stack trace for last set context - .thread/.cxr resets it
Child-SP          RetAddr           Call Site
ffffd000`239d8e00 fffff800`59679c39 nt! ?? ::NNGAKEGL::`string'+0x20183
ffffd000`239d9130 fffff800`59677a63 nt!ObpLookupObjectName+0x6b9
ffffd000`239d92b0 fffff801`c547f33a nt!ObOpenObjectByName+0x1e3
ffffd000`239d93e0 ffffe001`00000001 J[U][B]IUMSLYRBO+[/B][/U]0x533a
ffffd000`239d93e8 ffffc000`fac88000 0xffffe001`00000001
ffffd000`239d93f0 00000000`00000000 0xffffc000`fac88000
Below is a list of 3rd party drivers present on your system -
Code:
**************************Fri Dec 12 03:39:21.535 2014 (UTC + 5:30)**************************
VMNET.SYS                   Mon Aug 10 17:34:50 2009 (4A800CE2)
vmnetadapter.sys            Mon Aug 10 17:34:53 2009 (4A800CE5)
vmnetbridge.sys             Mon Aug 10 17:35:58 2009 (4A800D26)
vstor2-ws60.sys             Fri Aug 20 01:58:39 2010 (4C6D93F7)
VMparport.sys               Sat Mar 26 09:36:22 2011 (4D8D663E)
vmci.sys                    Sat Mar 26 09:38:49 2011 (4D8D66D1)
hcmon.sys                   Sat Mar 26 10:10:38 2011 (4D8D6E46)
vmnetuserif.sys             Sat Mar 26 10:25:31 2011 (4D8D71C3)
VMkbd.sys                   Sat Mar 26 11:01:22 2011 (4D8D7A2A)
vmx86.sys                   Sat Mar 26 11:48:58 2011 (4D8D8552)
GEARAspiWDM.sys             Fri May  4 01:26:17 2012 (4FA2E2E1)
rtwlane.sys                 Thu Jul 11 19:50:03 2013 (51DEBF13)
intelppm.sys                Thu Aug 22 14:16:35 2013 (5215CFEB)
tap0901.sys                 Thu Aug 22 18:10:01 2013 (521606A1)
e1d64x64.sys                Fri Aug 30 05:25:45 2013 (521FDF81)
[B][U]dtscsidrv.SYS               Tue Sep 10 19:26:12 2013 (522F24FC)
sptd.sys                    Thu Oct 31 20:56:53 2013 (527276BD)
[/U][/B]AMDACPKSL.SYS               Wed Mar 12 05:19:44 2014 (531FA118)
AtihdWB6.sys                Wed Mar 12 05:20:02 2014 (531FA12A)
TeeDriverx64.sys            Thu Mar 13 23:51:52 2014 (5321F740)
dump_iaStorA.sys            Fri Apr  4 04:30:05 2014 (533DE7F5)
iaStorA.sys                 Fri Apr  4 04:30:05 2014 (533DE7F5)
RTKVHD64.sys                Wed May 28 17:47:12 2014 (5385D3C8)
iwdbus.sys                  Wed Jun 18 03:24:22 2014 (53A0B90E)
avgrkx64.sys                Thu Jun 19 00:33:17 2014 (53A1E275)
avgdiska.sys                Thu Jun 19 00:33:29 2014 (53A1E281)
avgidsha.sys                Thu Jun 19 00:33:31 2014 (53A1E283)
avgloga.sys                 Fri Jul 18 19:23:20 2014 (53C926D0)
avgldx64.sys                Fri Aug 29 01:17:21 2014 (53FF8749)
atikmpag.sys                Tue Sep 16 03:29:06 2014 (5417612A)
atikmdag.sys                Tue Sep 16 03:51:08 2014 (54176654)
avgwfpa.sys                 Thu Sep 25 00:33:37 2014 (54231589)
avgmfx64.sys                Mon Oct  6 01:11:36 2014 (54319EF0)
avgidsdrivera.sys           Thu Oct 30 02:05:10 2014 (54514F7E)
[COLOR=#FF0000][B][U]JIUMSLYRBO                  Wed Dec 10 19:55:59 2014 (548857F7)
[/U][/B][/COLOR]
http://www.carrona.org/drivers/driver.php?id=VMNET.SYS
http://www.carrona.org/drivers/driver.php?id=vmnetadapter.sys
http://www.carrona.org/drivers/driver.php?id=vmnetbridge.sys
http://www.carrona.org/drivers/driver.php?id=vstor2-ws60.sys
http://www.carrona.org/drivers/driver.php?id=VMparport.sys
http://www.carrona.org/drivers/driver.php?id=vmci.sys
http://www.carrona.org/drivers/driver.php?id=hcmon.sys
http://www.carrona.org/drivers/driver.php?id=vmnetuserif.sys
http://www.carrona.org/drivers/driver.php?id=VMkbd.sys
http://www.carrona.org/drivers/driver.php?id=vmx86.sys
http://www.carrona.org/drivers/driver.php?id=GEARAspiWDM.sys
http://www.carrona.org/drivers/driver.php?id=rtwlane.sys
http://www.carrona.org/drivers/driver.php?id=intelppm.sys
http://www.carrona.org/drivers/driver.php?id=tap0901.sys
http://www.carrona.org/drivers/driver.php?id=e1d64x64.sys
http://www.carrona.org/drivers/driver.php?id=dtscsidrv.SYS
http://www.carrona.org/drivers/driver.php?id=sptd.sys
http://www.carrona.org/drivers/driver.php?id=AMDACPKSL.SYS
http://www.carrona.org/drivers/driver.php?id=AtihdWB6.sys
http://www.carrona.org/drivers/driver.php?id=TeeDriverx64.sys
http://www.carrona.org/drivers/driver.php?id=dump_iaStorA.sys
http://www.carrona.org/drivers/driver.php?id=iaStorA.sys
http://www.carrona.org/drivers/driver.php?id=RTKVHD64.sys
http://www.carrona.org/drivers/driver.php?id=iwdbus.sys
http://www.carrona.org/drivers/driver.php?id=avgrkx64.sys
http://www.carrona.org/drivers/driver.php?id=avgdiska.sys
http://www.carrona.org/drivers/driver.php?id=avgidsha.sys
http://www.carrona.org/drivers/driver.php?id=avgloga.sys
http://www.carrona.org/drivers/driver.php?id=avgldx64.sys
http://www.carrona.org/drivers/driver.php?id=atikmpag.sys
http://www.carrona.org/drivers/driver.php?id=atikmdag.sys
http://www.carrona.org/drivers/driver.php?id=avgwfpa.sys
http://www.carrona.org/drivers/driver.php?id=avgmfx64.sys
http://www.carrona.org/drivers/driver.php?id=avgidsdrivera.sys
JIUMSLYRBO - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.

Firstly, I would suggest you to remove both the Daemon Tools and the SPTD (Check for uninstallation instructions FAQ). Both of them are known to cause problems.
Kindly remove your VMWare till the time we are troubleshooting since it is very old.

Now, let's come on to finding these files. Firstly, we can see that the Driver (I mean the driver highlighted in RED) which caused the crash was compiled/installed on 10th December which is a day before the crash if my maths is correct ;) . I think that we might see something in the Event Logs as to what was happening in the system when the driver/file was being compiled/installed on the system. Do you remember what were you doing this Wednesday around 19:55 ?
Now, I would need the EVTX files of both the Application and System Logs. Kindly follow the below instructions -

  1. Kindly open up Event Viewer. Search for "Event Log" on the Start Screen.
  2. You would be presented with the "View Event Logs" icon. Click on it. The Event Viewer would open up.
  3. In the top left (below Menu Bar) , you would see a dropdown "Windows Logs". Click on the small arrow to expand it.
  4. It may take some time to load.
  5. Now, right click on "Application" and then click on "Save All Events As". Save the application log.
  6. Do this similarly for the "System" log as well.
  7. Now, you would have two EVTX files. Kindly ZIP (Make sure) them up and then attach the ZIP file here so that it could be analysed.

Also, let's see what files are in the TEMP folder. Kindly follow the below steps -
  1. Open up a Command Prompt with Administrator Privileges.
  2. Type in
    Code:
    cd C:\Windows\Temp
  3. Press Enter
  4. Type in
    Code:
    dir > List.txt
  5. Now, open up the Temp Folder located at "C:\Windows\Temp"
  6. Find a file named List.txt.
  7. Upload this file.

Once you are done doing this (Make sure you don't skip any step above), let's run Driver Verifier. Kindly follow the below guide and make sure that you let the DV crash the system a few times -
http://www.sevenforums.com/tutorials/101379-driver-verifier-enable-disable.html

Then, once it has crashed for say 4-5 times, re-run the Diagnostic Tool and upload a freshly generated Diagnostic ZIP File.

Let me know how it goes ^_^

@usasma - Any other way we could identify this random driver?
 

My Computer

System One

  • OS
    Windows 8.1 Industry Pro B-)
    Computer type
    Laptop
    System Manufacturer/Model
    Toshiba
    CPU
    Core I5 2430M @ 2.4GHz
    Memory
    8 GB DDR3 @ 1600MHz Dual Channel ^_^
    Graphics Card(s)
    Intel HD 3000 B-)
    Screen Resolution
    1366x768
    Hard Drives
    Toshiba 500 GB
    Browser
    Google Chrome
    Antivirus
    Windows Defender & Common Sense!
AFAIK, the only way to catch this thing would be by live debugging.
Not real practical to do on the online forums.

Maybe check the installation history to see what was installed on 23 Nov 2014?
 

My Computer

System One

  • OS
    Win8.1Pro - Finally!!!
    Computer type
    Laptop
    System Manufacturer/Model
    Samsung/NP780
    CPU
    Came with the laptop (i7 of some sort)
    Motherboard
    Pretty sure that it has one, but haven't checked inside the case!
    Memory
    upgraded to 12 gB from 8 gB
    Graphics Card(s)
    has switchable - Intel/ATI - Used wrong drivers, now ATI card is inop :( Will have to fix it soon!
    Sound Card
    I'm nearly deaf, so this isn't used often
    Monitor(s) Displays
    Touchscreen on laptop/32" Toshiba on HDMI (laid the Sharp TV on a mouse and cracked the screen!)
    Screen Resolution
    800x600
    Hard Drives
    One Samsung 1tB drive - 5400 rpm. Gonna switch to a 7200/10000 rpm or an SSD (if I can find $500 for a 1tB SSD!)
    - Switched to 500 gB Samsung 840 series SSD - WOW!!!
    PSU
    Why do we ask this for laptops?
    Case
    Silver with a neat Samsung logo
    Cooling
    sub-par, gotta get around to working on it soon Worked on it - still sub-par! :(
    Keyboard
    Microsoft Natural - the same one I've used since it orignally came out around 1995
    Mouse
    no Mouse - Trackball!!!!
    Internet Speed
    too slow when I'm waiting for a download to finish
    Browser
    Yes, I use this (Firefox mostly, w/IE next most)
    Antivirus
    Windows Defender and Windows Firewall
    Other Info
    I'm handsome and a snappy dresser :0)
Back
Top