[SOLVED] BSOD on W7 upgrade to W10 & in driver verifier, no dumps. FIX: FEW drivers (and devices) removed; TPKD was the last one which blocked the upgrade.

MingoMongo

MingoMongo

Well-known member
Joined
Oct 2, 2020
Posts
146
Location
UK
Stats:

Windows 7 64bit SP1, ASUS P8Z68 Deluxe/Gen3, Intel Core i5-2500K, Corsair Vengeance 8GB Dual Channel DDR3 Memory Kit (CMZ8GX3M2A1866C9), Asus Nvidia GeForce GTX 960, Samsung SSD 860 EVO 500GB (Windows drive), WDC WD1002FAEX, Seagate ST2000DM006, Corsair Gold AX1200 (1200 Watts)

Disclaimer: I posted about this a while ago on the Windows Upgrade board but there's no responses. Since I've now found other BSODs, I'm thinking it might be a wider issue than just Windows updating.

In any case, upgrading to Windows 10 was giving me a "SYSTEM THREAD EXCEPTION NOT HANDLED" BSOD saying: "0xC1900101 - 0x40017, The installation failed in the SECOND_BOOT phase with an error during BOOT operation". This would happen and produce no dump files. sfc /scannow in cmd comes up with no issues, CheckSUR has no issues after I removed some old Avast registries, and Windows Memory Diagnostic finds no issues. Additionally, I have found that after using driver verifier, booting fine then resetting it in command prompt, I get a BSOD when I restart my PC and it begins shutting down. There's no message, but there's a code of "STOP 0x0000007E (0xFFFFFFFF80000003, 0xFFFFF80004AF3700, 0xFFFFF8800D067688, 0xFFFFF8800D066EF0)", again no crash logs.

I saw on forums switching OS to a SSD can cause problems with dump file generation, could that be happening? It's still set on "Kernel memory dump" at "%SystemRoot%\MEMORY.DMP".
 

Attachments

Ok installed both successfully, ran verifier after a restart and got a new BSOD after leaving it for a while pointing to HIDCLASS.SYS. When resetting verifier I again got the message-less BSOD when shutting down. Still no new logs even though the blue screen says it's dumping the memory.
 
0xC1900101 - 0x40017 is often a rollback due to drivers, AV software, or drive encryption software

Please list any of these software:
a) antivirus
b) firewall
c) drive encryption

Can you uninstall the drive encryption software.

1) Open administrative command prompt (ACP) and type or copy and paste:
2) sfc /scannow
3) verifier /querysettings

4) When these have completed > right click on the top bar or title bar of the administrative command prompt box > left click on edit then select all > right click on the top bar again > left click on edit then copy > paste into the thread

5) Post an image disk management:
Disk Management - Post a Screen Capture Image - Windows 7 Help Forums

6) Consider making a free backup image:
Imaging with free Macrium - Windows 7 Help Forums
 
MingoMongo said:
Ok installed both successfully, ran verifier after a restart and got a new BSOD after leaving it for a while pointing to HIDCLASS.SYS. When resetting verifier I again got the message-less BSOD when shutting down. Still no new logs even though the blue screen says it's dumping the memory.
Click to expand...

I.e., no minidumps?
 
zbook said:
0xC1900101 - 0x40017 is often a rollback due to drivers, AV software, or drive encryption software

Please list any of these software:
a) antivirus
b) firewall
c) drive encryption

Can you uninstall the drive encryption software.

1) Open administrative command prompt (ACP) and type or copy and paste:
2) sfc /scannow
3) verifier /querysettings

4) When these have completed > right click on the top bar or title bar of the administrative command prompt box > left click on edit then select all > right click on the top bar again > left click on edit then copy > paste into the thread

5) Post an image disk management:
Disk Management - Post a Screen Capture Image - Windows 7 Help Forums

6) Consider making a free backup image:
Imaging with free Macrium - Windows 7 Help Forums
Click to expand...

I'm not running any antivirus, unless malwarebytes counts?
For firewall I'm only using Windows Firewall
I don't think I'm using any drive encryption software by my knowledge. I have Samsung Magician but the bitlocker encryption is disabled?

I'll look into making a backup image

Command Prompt log:

Code: 
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Windows\System32>sfc /scannow

Beginning system scan.  This process will take some time.

Beginning verification phase of system scan.
Verification 100% complete.

Windows Resource Protection did not find any integrity violations.

C:\Windows\System32>verifier /querysettings
Special pool: Disabled
Pool tracking: Disabled
Force IRQL checking: Disabled
I/O verification: Disabled
Deadlock detection: Disabled
DMA checking: Disabled
Security checks: Disabled
Force pending I/O requests: Disabled
Low resources simulation: Disabled
IRP Logging: Disabled
Miscellaneous checks: Disabled

Verified drivers:

None

C:\Windows\System32>
 

Attachments

  • DriveManagement.png
    DriveManagement.png
    32.8 KB · Views: 3
Uninstall reasonsecurity reason essential.
If you already did it, you can reinstall then uninstall it with revo uninstaller.
There's a persistent error in your logs:
The following boot-start or system-start driver(s) failed to load:
rsKernelEngine
Click to expand...
It could be there are some remnants in your windows services on in the c:\windows\system32\drivers directory.

Also virtual clone drive gave problems in the past (xp days...).
 
Last edited:
xilolee said:
Uninstall reasonsecurity reason essential.
If you already did it, you can reinstall then uninstall it with revo uninstaller.
There's a persistent error in your logs:
It could be there's some remnants in your windows services on in the c:\windows\system32\drivers directory.

Also virtual clone drive gave problems in the past (xp days...).
Click to expand...

Will install then uninstall reason, might be worth noting that the old crash logs are from when I was last posting about driver issues and they were all resolved, it's possible those errors aren't valid if you're looking at old logs.
 
MingoMongo said:
Will install then uninstall reason, might be worth noting that the old crash logs are from when I was last posting about driver issues and they were all resolved, it's possible those errors aren't valid if you're looking at old logs.
Click to expand...
They (elaborate bites virtual clonedrive, rskernelengine, Apache2.4 service <-- what's this?) are still present in your windows system logs.
 
Last edited:
xilolee said:
They (elaborate bites virtual clonedrive and rskernelengine) are still present in windows system logs.
Click to expand...
Ok just had to make sure. I installed reason then uninstalled with revo, said it didn't find any leftover files so I'm not sure how that turned out. Uninstalled virtual clone drive to be safe. Apache is a server thing I never used and never really understood lol, will gladly remove any drivers left over.
 
The windows encryption service service is enabled.

Are Microsoft Security Essentials and defender installed or uninstalled?


Code: 
Event[73]:
  Log Name: System
  Source: Service Control Manager
  Date: 2020-12-07T12:45:15.183
  Event ID: 7036
  Task: N/A
  Level: Information
  Opcode: N/A
  Keyword: Classic
  User: N/A
  User Name: N/A
  Computer: Jay-PCSecurity
  Description:
The Encrypting File System (EFS) service entered the running state.

Disable The EFS Service on Windows 7 - CCM


Please restart WDV selecting all non-Microsoft drivers then post results for verifier /querysettings.

Run setupdiag > post a share link using one drive, drop box, or google drive
SetupDiag - Windows Deployment | Microsoft Docs
 
You get also an error in the application log, at least since August 2020:
Read More:
You can solve it with this file: View attachment Win7SP1-optional-remove-Event-ID-10-error-Microsoft-Windows-WMI.zip
After you downloaded and unzipped it (on your desktop), open a "command prompt (admin)" and run it:
Code: 
"%userprofile%\desktop\Win7SP1-optional-remove-Event-ID-10-error-Microsoft-Windows-WMI.vbs"



File content:
Read More:


Source: Event ID 10 is logged in Application log - Windows Client
 
Last edited:
Ok so, Microsoft Security Essentials is not installed, Windows Defender is. I've disabled EFS and Apache2.4 while I'm at it (I do remember removing it though when I looked up how to uninstall it). Used the optional-remove file sent by xilolee too. Safe mode stopped the BSOD when shutting down.

Here's the SetupDiag stuff.
verifier /querysettings stuff below:

Code: 
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Windows\System32>verifier /querysettings
Special pool: Enabled
Pool tracking: Enabled
Force IRQL checking: Enabled
I/O verification: Enabled
Deadlock detection: Enabled
DMA checking: Enabled
Security checks: Enabled
Force pending I/O requests: Disabled
Low resources simulation: Disabled
IRP Logging: Disabled
Miscellaneous checks: Enabled

Verified drivers:

jraid.sys
scsiport.sys
mvs91xx.sys
mvxxmm.sys
iastora.sys
amdxata.sys
tpkd.sys
iastorf.sys
hwinfo64a.sys
nvlddmkm.sys
igdkmd64.sys
hecix64.sys
e1c62x64.sys
ndis.sys
nusb3xhc.sys
mv91cons.sys
rt64win7.sys
focusriteusbswroot.sys
tapwindscribe0901.sys
btath_bus.sys
nvvad64v.sys
nvmoduletracker.sys
nvvhci.sys
vhhcd.sys
nusb3hub.sys
nvhda64v.sys
rtkvhd64.sys
vhhub.sys
dump_diskdump.sys
dump_iastora.sys
dump_dumpfve.sys
lvuvc64.sys
lvrs64.sys
focusriteusb.sys
btfilter.sys
focusriteusbaudio.sys
atmfd.dll
btath_rcp.sys
btath_a2dp.sys
btath_hcrp.sys
btath_flt.sys
btath_lwflt.sys
elbycdio.sys

C:\Windows\System32>
 
xilolee said:
It could be the minidump or the memory.dmp are not created because you could have unticked the option to "automatically manage paging file size for all drives".
Click to expand...
Unfortunately not
 

Attachments

  • ss+(2020-12-07+at+06.04.24).png
    ss+(2020-12-07+at+06.04.24).png
    30.4 KB · Views: 4
By some miracle we have a log. I unticked "Automatically restart" and ticked "Overwrite any existing file" (which had seemed to replace it anyway before) on Startup and Recovery, ran verifier and we're back.

The dumps:
 

Attachments

Elbycdio still present.
Check in control panel if you can uninstall Bazis wincdemu and elby programs.

If you already removed elbycdio, try this command (command prompt as admin):
Code: 
sc stop elbycdio && sc config elbycdio start= disabled && sc delete elbycdio
 
Last edited:
xilolee said:
Elbycdio still present.
Check in control panel if you can uninstall Bazis wincdemu and elby programs.

If you already removed elbycdio, try this command (command prompt as admin):
Code: 
sc stop elbycdio && sc config elbycdio start= disabled && sc delete elbycdio
Click to expand...

Removed, could not find wincdemu so I must of "uninstalled" it. Is it still lurking around somewhere? Here's a BSOD from verifier after removing Elbycdio
 

Attachments

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top