Page 1 of 2 12 Last
  1. #1

    Need help with random BSOD's (Packard Bell EasyNote ML61)

    Hello!

    I got help resolving an earlier issue with this laptop a while back (thanks tom982 and niemiro), so I thought i might aswell ask and see if there is a solution for the BSOD problems I've been having lately.

    So, I'm having trouble with random BSOD's. I can't see any pattern to them other than that they seem a lot more frequent after i "wake up" my laptop after it has been to sleep for a longer time.

    I have read the posting instructions at http://www.sysnative.com/forums/bsod...ows-vista.html. However, when i run Jcgriff2's program i get caught in an endless loop of "Waiting for SystemInfo" when it is close to the end. I will attach what the "griff report" has collected up to that point and the perfmon report.

    griff&perfmon.rar

    Below is the system information:OS: Windows 7 professional N, 64 bitOriginal
    OS: I believe it was Windows Vista
    Is the OS an OEM version? No, I got it from MSDNAA so it is full retail.
    Age of system? Not 100% sure, but I would say 5-6 years old.
    Age of OS installation? Roughly 1 year.

    CPU: AMD Athlon 64 X2 QL-60
    Video Card: ATI Mobility Radeon 3400

    System Manufacturer: Packard Bell
    Exact Model Number: EasyNote ML61

    I hope the information is conclusive.

    Best regards
    Fancypants

    PS. I did some research before i posted and saw you advice against using Iobit's software because it's a bit aggressive. I have had it running since the reinstallation of windows, just so you know. DS.


    • Ad Bot

      advertising
      Beep.

        
       

  2. #2
    x BlueRobot's Avatar
    Join Date
    May 2013
    Location
    Minkowski Space
    Posts
    1,590

    Re: Need help with random BSOD's (Packard Bell EasyNote ML61)

    Could you please upload the dump files manually? I would prefer Kernel Memory dumps, because we can gather much more information from them, Minidumps only reliably contains registers and a stack trace of the last saved context, which is usually right before the crash.

    They should be located in this directory:

    Code:
    C:\Windows\MEMORY.DMP
    Compress the files and then place into a zipped folder, and upload to a file sharing site such as Dropbox or Skydrive. Then post the URL to the files.

    Please remove IOBit, since it tends to cause problems. I've seen it cause a BSODs too.
    Machines Can Think

    I am currently studying again, and therefore may not be available very often.


  3. #3

    Re: Need help with random BSOD's (Packard Bell EasyNote ML61)

    Hey Bluerobot,

    Thank you for the quick reply.

    Sure thing! I zipped and uploaded the memory.dmp file and it is available at the link below.
    https://dl.dropboxusercontent.com/u/88512428/MEMORY.rar

    Also, i removed any IObit programs i had installed. I don't want to be cheeky, but do you have any recommendations on what program to use for cleaning the registry and scanning for malware, instead of IObit?

    Cheers
    /Fancypants

  4. #4

    Re: Need help with random BSOD's (Packard Bell EasyNote ML61)

    I'm downloading the dump now. It usually downloads rather fast as I have FiOS, although it appears to be taking a bit... ~25 minutes? Must be having server trouble over at DB. I'm sure BlueRobot will have a few additions aside from my analysis as well regardless.

    I don't want to be cheeky, but do you have any recommendations on what program to use for cleaning the registry and scanning for malware, instead of IObit?
    Don't clean the registry, period.

    First off, one big thing about registry cleaning is it is by no means and should not be a computer maintenance task. Clearing your browser's cache and cookies every week? Great, no harm there. Running your favorite registry cleaner every week? NOT GREAT.

    If we're being honest and straightforward here, cleaning the registry is an entirely unnecessary thing to do. So far, what I've said makes it sound like I despise registry cleaners. Do I? No, I don't despise them, but as I said, they are unnecessary and if used carelessly can render your Operating System a paperweight.

    So why would you even use a registry cleaner in the first place? Well, they have to do something right or they wouldn't even be allowed to be sold (if paid for) or if they were free (CCleaner for example) there would be a huge backlash, more than what there already is in IT with regards to opinions based on registry cleaners.
    Registry cleaning software is useful mainly for one thing, and it can be done very well depending on the algorithm the cleaner software itself is using, and that's removing remnants of old uninstalled software or entries with now invalid path names. At times, it can also possibly be useful for removing traces of malware that may have been stored in the registry that was not successfully removed after running a virus scan, etc.

    Other than that, it's not going to do anything. It will not increase your system's performance by any means whatsoever. Nothing noticeable. A 'smaller registry' in theory would have one assume that things load faster, etc, but in reality there is no performance difference whatsoever.

    For reference, take a look at this:

    Mark Russinovich (Author of the "Bible", Windows Internals, co-founder of Winternals and Sysinternals, and since both companies were bought by Microsoft, now a senior Microsoft employee) was asked:

    Hi Mark, do you really think that Registry junk left by uninstalled programs could severely slow down the computer? I would like to 'hear' your opinion.
    No, even if the registry was massively bloated there would be little impact on the performance of anything other than exhaustive searches.

    On Win2K Terminal Server systems, however, there is a limit on the total amount of Registry data that can be loaded and so large profile hives can limit the number of users that can be logged on simultaneously.

    I haven't and never will implement a Registry cleaner since it's of little practical use on anything other than Win2K terminal servers and developing one that's both safe and effective requires a huge amount of application-specific knowledge.
    So, to sum all of this up:

    Q: Will using a registry cleaner increase the speed and/or performance of my system?

    A: No.

    ----

    Q: Why would I even use a registry cleaner then?

    A: I personally wouldn't use one whatsoever and would find the problem you're specifically having and take care of it manually. That is much safer. However, the main use of registry cleaners is to again as stated above, remove remnants of old uninstalled software or entries with now invalid path names. At times, it can also possibly be useful for removing traces of malware that may have been stored in the registry that was not successfully removed after running a virus scan, etc.

    ----

    Q: What is the true danger of using a registry cleaner?

    A: You have to remember what you're using is an automated tool that is not perfect by any means. You are putting your trust in an automated tool to be absolutely sure every key it is about to delete is 100% unnecessary. At times, and I have seen it personally myself PLENTY, it can delete a very important key that is necessary to the functionality of your Operating System in some form or another.

    ----

    Q: What if my registry is corrupt, will running a registry cleaner help?

    A: Absolutely not.

    ------------------------------------------------------------------

    As for malware, use a secondary scanner such as Malwarebytes - Malwarebytes : Thank You!

    Be sure to uncheck the 'Pro-Trial' during install.

    Regards,

    Patrick

  5. #5

    Re: Need help with random BSOD's (Packard Bell EasyNote ML61)

    Well, no more registry cleaners from now on then.
    I've just used it because i've been told its good for "maintenance" and it made me feel like a responsible person. Now i know better... Thanks

    /Fancypants

    PS. I gotta go to bed, but I'll check in tomorrow again. I really appreciate the help. DS.

  6. #6

    Re: Need help with random BSOD's (Packard Bell EasyNote ML61)

    No problem! The MEMORY.dmp is all finished.

    It's of the MEMORY_MANAGEMENT (1a) bug check.

    This indicates that a severe memory management error occurred.

    BugCheck 1A, {411, fffff680001700a0, c001fad2, fffff68000002099}

    The 1st parameter of the bug check is 411 which indicates that a page table entry (PTE) has been corrupted. If we view the data structure for the PFN database:

    Code:
    1: kd> dt nt!_MMPFN fffff680001700a0
       +0x000 u1               : <unnamed-tag>
       +0x008 u2               : <unnamed-tag>
       +0x010 PteAddress       : (null) 
       +0x010 VolatilePteAddress : (null) 
       +0x010 Lock             : 0n0
       +0x010 PteLong          : 0
       +0x018 u3               : <unnamed-tag>
       +0x01c UsedPageTableEntries : 0
    We can see that UsedPageTableEntries has dropped to 0. We are likely with this said dealing with a device driver issue and may need the use of Driver Verifier with Special Pool to further analyze this. Before doing so however, let's tackle some things:

    1. Remove and replace avast! with Microsoft Security Essentials for temporary troubleshooting purposes:

    avast! removal tool - avast! Uninstall Utility | Download aswClear for avast! Removal

    MSE - Microsoft Security Essentials - Microsoft Windows

    2. In your loaded drivers list, dtsoftbus01.sys is listed which is the Daemon Tools driver. Daemon Tools is a very popular cause of BSOD's in 7/8 based systems. Please uninstall Daemon Tools. Alternative imaging programs are: MagicISO, Power ISO, etc.

    3. regfilter.sys is still listed and loaded in your modules list at the time of this crash. This is a component of IObit (the registry part, of course). Was this a crash BEFORE you removed IObit? If so, no worries. If not however, this may still be problematic given you've removed Iobit and this is loaded. If this is the case, navigate to C:\Windows\System32\Drivers. Once there, find and rename regfilter.sys to regfilter.old and restart the system.

    -- Also, I am going to note now that BlueRobot likely detected the issue at hand with his IObit removal recommendation. IObit was likely conflicting with avast! and causing corruption.

    Regards,

    Patrick

  7. #7
    x BlueRobot's Avatar
    Join Date
    May 2013
    Location
    Minkowski Space
    Posts
    1,590

    Re: Need help with random BSOD's (Packard Bell EasyNote ML61)

    Code:
    BugCheck 1A, {411, fffff680001700a0, c001fad2, fffff68000002099}
    
    Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+6071 )
    As Patrick has said, the bugcheck indicates a corrupted PTE. Parameter 2 contains the address of the corrupt PTE.

    Code:
    1: kd> !pte fffff680001700a0
                                               VA 000000002e014000
    PXE at FFFFF6FB7DBED000    PPE at FFFFF6FB7DA00000    PDE at FFFFF6FB40000B80    PTE at FFFFF680001700A0
    contains 63700000803C0867  contains 35D000008350B867  contains 16A000001F4A1867  contains 00000000C001FAD2
    pfn 803c0     ---DA--UWEV  pfn 8350b     ---DA--UWEV  pfn 1f4a1     ---DA--UWEV  not valid
                                                                                      Transition: c001f
                                                                                      Protect: 16 - ReadWriteExecute G
    The PTE not being valid, indicates it doesn't have a corresponding physical page resident in memory. The page protection flags indicate that the page is writable, readable and executable, and as a result no access violations should apply to this page. The PTE Protection Bit G, indicates that the page is Global, and can be accessed by all processes, meaning that any page translation would apply to all the processes using that page. I believe the page is either on a Standby or a Modified list, hence the reason for the Transition.

    Code:
    1: kd> knL
     # Child-SP          RetAddr           Call Site
    00 fffff880`0be00238 fffff800`02c60c4d nt!KeBugCheckEx
    01 fffff880`0be00240 fffff800`02c79b4d nt! ?? ::FNODOBFM::`string'+0x6071
    02 fffff880`0be00290 fffff800`02c71142 nt!MiDecommitPages+0x36d
    03 fffff880`0be00b20 fffff800`02c83e53 nt!NtFreeVirtualMemory+0x382
    04 fffff880`0be00c20 00000000`76f2149a nt!KiSystemServiceCopyEnd+0x13
    05 00000000`03cdf308 00000000`00000000 0x76f2149a
    I believe the crash occured at Stack Frame 3, since the a page has been decommitted from a virtual address space of a space, even though it wasn't committed to begin with.

    Code:
    1: kd> lmvm atikmdag
    
    start             end                 module name
    fffff880`0724a000 fffff880`07dfd000   atikmdag   (no symbols)           
        Loaded symbol image file: atikmdag.sys
        Image path: \SystemRoot\system32\DRIVERS\atikmdag.sys
        Image name: atikmdag.sys
        Timestamp:        Fri Nov 16 20:18:02 2012 (50A69F7A)
        CheckSum:         00B65E3C
        ImageSize:        00BB3000
        File version:     8.1.1.1248
        Product version:  8.1.1.1248
        File flags:       8 (Mask 3F) Private
        File OS:          40004 NT Win32
        File type:        3.4 Driver
        File date:        00000000.00000000
        Translations:     0409.04b0
        CompanyName:      Advanced Micro Devices, Inc.
        ProductName:      ATI Radeon Family
        InternalName:     atikmdag.sys
        OriginalFilename: atikmdag.sys
        ProductVersion:   8.01.01.1248
        FileVersion:      8.01.01.1248
        FileDescription:  ATI Radeon Kernel Mode Driver
        LegalCopyright:   Copyright (C) 1998-2011 Advanced Micro Devices, Inc.
    Please update your AMD graphics card driver to the latest WHQL (November 18th - 13.10) version from here - Download
    Machines Can Think

    I am currently studying again, and therefore may not be available very often.


  8. #8

    Re: Need help with random BSOD's (Packard Bell EasyNote ML61)

    Wow. Memory management and page table entries is not even part of my vocabulary, so i'll just nod and be quiet to avoid looking like a fool.

    The last BSOD occured before i removed the IObit programs.

    I've gone through these steps so far:
    Avast removed - check
    MSE installed - check
    Daemon Tools removed - check
    IObit programs removed - check

    About the AMD drivers though. I can't get the 13.10 version from Novemeber 18th, 2013. The latest version I can get for my video card from the AMD page, is the 13.9 legacy drivers from November 15th, 2013.
    Another question about installing drivers - do i simply install it "over" the old one, or do i remove the old one and install it in safe mode?

    /Fancypants

  9. #9

    Re: Need help with random BSOD's (Packard Bell EasyNote ML61)

    I went ahead and just installed the AMD drivers without doing any fancy removal stuff beforehand.

    Got 2 installation errors in the process. First one was the AMD Drag and Drop Transcoding module, the second was the AMD Media Foundation Decoders module. I dont know if this has any significance at all for what we are doing, but i'll attach the installation log below if you should want to take a look at it.

    Catalyst.pdf

    /Fancy

  10. #10

    Join Date
    Apr 2013
    Posts
    30

    Re: Need help with random BSOD's (Packard Bell EasyNote ML61)

    It seems that the reason of the crash is that the PteAddress member of the PFN entry (FFFFF68000002098 with the lowest two bits cleared) is not equal to the PTE address FFFFF680001700A0. Someone has overwritten the low dword of the PteAddress variable.

    Code:
    1: kd> .bugcheck
    Bugcheck code 0000001A
    Arguments 00000000`00000411 fffff680`001700a0 00000000`c001fad2 fffff680`00002099
    Code:
    1: kd> r
    rax=fffff68000002098 rbx=00000000c001fad2 rcx=000000000000001a
    rdx=0000000000000411 rsi=fffff680001700a0 rdi=fffffa80024005d0
    rip=fffff80002c84bc0 rsp=fffff8800be00238 rbp=fffff680001700a0
     r8=fffff680001700a0  r9=00000000c001fad2 r10=ffffffffffffffff
    r11=0000000000000011 r12=fffff8800be00b20 r13=0000000000000000
    r14=fffffa8006689060 r15=fffff680001b7378
    iopl=0         nv up ei ng nz na pe cy
    cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00000283
    nt!KeBugCheckEx:
    fffff800`02c84bc0 48894c2408      mov     qword ptr [rsp+8],rcx ss:0018:fffff880`0be00240=1a00000000000000
    Code:
    nt!MiLockTransitionLeafPage+0x91:
    fffff800`02cb5879 45882c24        mov     byte ptr [r12],r13b
    fffff800`02cb587d 488b06          mov     rax,qword ptr [rsi]
    fffff800`02cb5880 483bc3          cmp     rax,rbx
    fffff800`02cb5883 0f8587b3faff    jne     nt! ?? ::FNODOBFM::`string'+0x6034 (fffff800`02c60c10)
    
    nt!MiLockTransitionLeafPage+0xa1:
    fffff800`02cb5889 488b4f10        mov     rcx,qword ptr [rdi+10h]
    fffff800`02cb588d 488bc1          mov     rax,rcx
    fffff800`02cb5890 4883e0fc        and     rax,0FFFFFFFFFFFFFFFCh // clear two lowest bits
    fffff800`02cb5894 483bc6          cmp     rax,rsi
    fffff800`02cb5897 0f8596b3faff    jne     nt! ?? ::FNODOBFM::`string'+0x6057 (fffff800`02c60c33) // jump to the crash if not equal
    
    nt! ?? ::FNODOBFM::`string'+0x6057:
    fffff800`02c60c33 48894c2420      mov     qword ptr [rsp+20h],rcx // bugcheck parameter 4
    fffff800`02c60c38 4c8bcb          mov     r9,rbx // bugcheck parameter 3
    fffff800`02c60c3b 4c8bc6          mov     r8,rsi // bugcheck parameter 2
    fffff800`02c60c3e b91a000000      mov     ecx,1Ah  // bugcheck code MEMORY_MANAGEMENT
    fffff800`02c60c43 ba11040000      mov     edx,411h // bugcheck parameter 1
    fffff800`02c60c48 e8733f0200      call    nt!KeBugCheckEx (fffff800`02c84bc0)
    fffff800`02c60c4d cc              int     3
    RSI is the PTE address (the documented bugcheck parameter 2).
    Code:
    1: kd> !pte @rsi
                                               VA 000000002e014000
    PXE at FFFFF6FB7DBED000    PPE at FFFFF6FB7DA00000    PDE at FFFFF6FB40000B80    PTE at FFFFF680001700A0
    contains 63700000803C0867  contains 35D000008350B867  contains 16A000001F4A1867  contains 00000000C001FAD2
    pfn 803c0     ---DA--UWEV  pfn 8350b     ---DA--UWEV  pfn 1f4a1     ---DA--UWEV  not valid
                                                                                      Transition: c001f
                                                                                      Protect: 16 - ReadWriteExecute G
    RDI is the corresponding PFN entry address, and RDI+10h is the PteAddress member (the undocumented bugcheck parameter 4). RAX is the PteAddress with the two lowest bits cleared.
    Code:
    1: kd> !pfn @rdi
        PFN 000C001F at address FFFFFA80024005D0
        flink       00001D42  blink / share count 00000001  pteaddress FFFFF68000002099
        reference count 0001    used entry count  0000      Cached    color 0   Priority 3
        restore pte 2B21500000080  containing page        0C6377  Active             
                       
    1: kd> dt nt!_MMPFN @rdi
       +0x000 u1               : <unnamed-tag>
       +0x008 u2               : <unnamed-tag>
       +0x010 PteAddress       : 0xfffff680`00002099 _MMPTE
       +0x010 VolatilePteAddress : 0xfffff680`00002099 Void
       +0x010 Lock             : 0n8345
       +0x010 PteLong          : 0xfffff680`00002099
       +0x018 u3               : <unnamed-tag>
       +0x01c UsedPageTableEntries : 0
       +0x01e VaType           : 0 ''
       +0x01f ViewCount        : 0 ''
       +0x020 OriginalPte      : _MMPTE
       +0x020 AweReferenceCount : 0n128
       +0x028 u4               : <unnamed-tag>
    x BlueRobot says thanks for this.

  11. #11
    x BlueRobot's Avatar
    Join Date
    May 2013
    Location
    Minkowski Space
    Posts
    1,590

    Re: Need help with random BSOD's (Packard Bell EasyNote ML61)

    Remove the old drivers in Safe Mode, and then reboot into Windows normally. A generic Windows display driver should be installed, during the installation of the AMD graphics card driver, you should have the option to install only the driver.
    Machines Can Think

    I am currently studying again, and therefore may not be available very often.


  12. #12
    x BlueRobot's Avatar
    Join Date
    May 2013
    Location
    Minkowski Space
    Posts
    1,590

    Re: Need help with random BSOD's (Packard Bell EasyNote ML61)

    muhahaa, where did you disassemble from?
    Machines Can Think

    I am currently studying again, and therefore may not be available very often.


  13. #13

    Re: Need help with random BSOD's (Packard Bell EasyNote ML61)

    Sorry!
    Busy night. Rebooting and fixing drivers asaap.

  14. #14

    Re: Need help with random BSOD's (Packard Bell EasyNote ML61)

    Disaster and misery

    I can't even uninstall the AMD drivers, not in safe mode nor regular mode. I can click "repair" though, but that does nothing.

    Does this have to do with me installing the drivers the wrong way or with the BSOD problem?

    /Fancy

  15. #15

    Re: Need help with random BSOD's (Packard Bell EasyNote ML61)

    Sorry, i was too rash. This seems normal for AMD drivers. Brb!

  16. #16
    x BlueRobot's Avatar
    Join Date
    May 2013
    Location
    Minkowski Space
    Posts
    1,590

    Re: Need help with random BSOD's (Packard Bell EasyNote ML61)

    Why can't you uninstall the drivers? Do you get any error messages?

    Open up Device Manager, and then go to the Display Adapters tab, expand it when clicking the small triangle, and then right-click the name of your graphics card. Do you have the same options as me?

    Need help with random BSOD's (Packard Bell EasyNote ML61)-remove-jpg
    Machines Can Think

    I am currently studying again, and therefore may not be available very often.


  17. #17

    Re: Need help with random BSOD's (Packard Bell EasyNote ML61)

    Well. You cant uninstall it the regular way from the control panel. Instead you need to press "change", then uninstall from there. However, that does not work in safe mode.
    I tried what you showed me above, but the amd drivers are still in the list of installed programs. Ill try and reboot to see what happens.

  18. #18

    Re: Need help with random BSOD's (Packard Bell EasyNote ML61)

    Allright. I believe the AMD drivers are sorted now. No installation failures this time.

    Whats your next order of business?

  19. #19

    Re: Need help with random BSOD's (Packard Bell EasyNote ML61)

    If the AMD drivers are sorted in addition to my suggestions, we are set for now and now is just a waiting game.

    Regards,

    Patrick
    Last edited by Patrick; 12-02-2013 at 09:43 PM.

  20. #20

    Re: Need help with random BSOD's (Packard Bell EasyNote ML61)

    Great :) I shall be vigilant.

    Then I want to say thank you for the time, help and support. You guys are superstars.
    Also, just for safety, if we don't meet again this year you get an early happy holidays/merry christmas!
    Patrick and x BlueRobot say thanks for this.

Page 1 of 2 12 Last

Similar Threads

  1. [SOLVED] random BSOD
    By keristhename in forum BSOD, Crashes, Kernel Debugging
    Replies: 121
    Last Post: 09-20-2013, 03:46 PM
  2. very random BSOD
    By narc2304 in forum BSOD, Crashes, Kernel Debugging
    Replies: 8
    Last Post: 05-27-2013, 02:49 AM
  3. [SOLVED] Hi, need help with random BSOD
    By boniest in forum BSOD, Crashes, Kernel Debugging
    Replies: 3
    Last Post: 12-04-2012, 09:46 PM
  4. random BSOD help needed please.
    By fredphoesh in forum BSOD, Crashes, Kernel Debugging
    Replies: 17
    Last Post: 08-07-2012, 02:12 PM
  5. Random BSOD + Verifier triggers BSOD on startup
    By eyeland in forum BSOD, Crashes, Kernel Debugging
    Replies: 3
    Last Post: 06-10-2012, 08:23 AM

Log in

Log in