Can't create memory.dmp files and can't find the root cause of the BSOD-Windows 7 x64

[bobcov]

Hi,

The laptop was purchased refurbished, Dell e6400 from Sept of 2009. Win 7
64 bit
Original OS Win7 Professional 64bit
I think it was OEM with the system
9/8/2009 ship date
computer was purchased refurbished. Don't know what date the OS was installed.


I am getting a c5 stop without any kind of pattern which I can detect c5,181A, 2, 0, ffff800037f6123.
Thank you very much for your help! I suspect it might be related to a windowsupdate. This started about two weeks ago, I think.
I was going to upload the belarc advisor report, but I'm not sure if others can download it. Let me know if you want that and if the board is configured so that other's can't get the uploaded files.
Thank you!
=B

 

[Jared]

re: Can't create memory.dmp files and can't find the root cause of the BSOD-Windows 7 x64

There are no dump files which isn't helpful.
I've looked through what limited resources there are to find a cause, but to no avail.
The most helpful thing is the type of bugcheck, which is a 0xC5; almost always caused by a bad driver corrupting a pool.
In order to find the bad driver, and hopefully create a dump file, we can enable Driver Verifier.

What is Driver Verifier?

Driver Verifier monitors Windows kernel-mode drivers, graphics drivers, and even 3rd party drivers to detect illegal function calls or actions that might corrupt the system. Driver Verifier can subject the Windows drivers to a variety of stresses and tests to find improper behavior.

Essentially, if there's a 3rd party driver believed to be causing the issues at hand, enabling Driver Verifier will help us see which specific driver is causing the problem.

Before enabling Driver Verifier, it is recommended to create a System Restore Point:

Vista - START | type rstrui - create a restore point
Windows 7 - START | type create | select "Create a Restore Point"

How to enable Driver Verifier:

Start > type "verifier" without the quotes > Select the following options -

1. Select - "Create custom settings (for code developers)"
2. Select - "Select individual settings from a full list"
3. Check the following boxes -
- Special Pool
- Pool Tracking
- Force IRQL Checking
- Deadlock Detection
- Security Checks (Windows 7 & 8/8.1)
- DDI compliance checking (Windows 8/8.1)
- Miscellaneous Checks
4. Select - "Select driver names from a list"
5. Click on the "Provider" tab. This will sort all of the drivers by the provider.
6. Check EVERY box that is NOT provided by Microsoft / Microsoft Corporation.
7. Click on Finish.
8. Restart.

Important information regarding Driver Verifier:

- If Driver Verifier finds a violation, the system will BSOD. To expand on this a bit more for the interested, specifically what Driver Verifier actually does is it looks for any driver making illegal function calls, causing memory leaks, etc. When and/if this happens, system corruption occurs if allowed to continue. When Driver Verifier is enabled per my instructions above, it is monitoring all 3rd party drivers (as we have it set that way) and when it catches a driver attempting to do this, it will quickly flag that driver as being a troublemaker, and bring down the system safely before any corruption can occur.

- After enabling Driver Verifier and restarting the system, depending on the culprit, if for example the driver is on start-up, you may not be able to get back into normal Windows because Driver Verifier will detect it in violation almost straight away, and as stated above, that will cause / force a BSOD.

If this happens, do not panic, do the following:

- Boot into Safe Mode by repeatedly tapping the F8 key during boot-up.

- Once in Safe Mode - Start > Search > type "cmd" without the quotes.

- To turn off Driver Verifier, type in cmd "verifier /reset" without the quotes.
Restart and boot into normal Windows.

If your OS became corrupt or you cannot boot into Windows after disabling verifier via Safe Mode:

- Boot into Safe Mode by repeatedly tapping the F8 key during boot-up.

- Once in Safe Mode - Start > type "system restore" without the quotes.

- Choose the restore point you created earlier.

-- Note that Safe Mode for Windows 8/8.1 is a bit different, and you may need to try different methods: 5 Ways to Boot into Safe Mode in Windows 8 & Windows 8.1

How long should I keep Driver Verifier enabled for?

I recommend keeping it enabled for at least 24 hours. If you don't BSOD by then, disable Driver Verifier. I will usually say whether or not I'd like for you to keep it enabled any longer.

My system BSOD'd with Driver Verifier enabled, where can I find the crash dumps?

- If you have the system set to generate Small Memory Dumps, they will be located in %systemroot%\Minidump.

- If you have the system set to generate Kernel-Memory Dumps, it will be located in %systemroot% and labeled MEMORY.DMP.

 

[bobcov]

re: Can't create memory.dmp files and can't find the root cause of the BSOD-Windows 7 x64

Unbelievably awesome advice and directives. Is there a way to donate without using Paypal? Let me know please.
I am suspicious about not being able to create memory dumps. My pagefile is big enough and I've even tried directing they be created in a different directory, but still no luck. Very odd. One thing I have noticed in event viewer is this repeating over and over., about every 15 minutes:
A service was installed in the system.

Service Name: Nal Service
Service File Name: C:\Windows\system32\Drivers\iqvw64e.sys
Service Type: kernel mode driver
Service Start Type: demand start
Service Account:

 

[Jared]

re: Can't create memory.dmp files and can't find the root cause of the BSOD-Windows 7 x64

I believe you have to use Paypal, I'll ask about that though.
Go through these instructions step-by-step.


1. Windows key + Pause key. This should bring up System. Click Advanced System Settings on the left > Advanced > Performance > Settings > Advanced > Ensure there's a check-mark for 'Automatically manage paging file size for all drives'.

2. Windows key + Pause key. This should bring up System. Click Advanced System Settings on the left > Advanced > Startup and Recovery > Settings > System Failure > ensure there is a check mark next to 'Write an event to the system log'.

Ensure Kernel Memory Dump is selected and ensure the path is %systemroot%\MEMORY.DMP.

3. Double check that the WERS is ENABLED:

Start > Search > type services.msc > Under the name tab, find Windows Error Reporting Service > If the status of the service is not Started then right click it and select Start. Also ensure that under Startup Type it is set to Automatic rather than Manual. You can do this by right clicking it, selecting properties, and under General selecting startup type to 'Automatic', and then click Apply.

iqvw64e.sys is the Intel Corporation Network Adapter Diagnostic driver, I suggest finding an update for your network driver here:

https://downloadcenter.intel.com/

Have you enabled Driver Verifier?

 

[bobcov]

Hi,
Yes, I activated driver verifier and rebooted. After that, I got your email and in checking through the steps, I found that WERS was not active. The latest Intel driver package hung at the end. I cancelled it, and tried to reinstall it and it said I already had the "best" driver, even though it is several revisions behind the revision level of the downloaded package. The package required uninstalling the previous version. On the attempted reinstall I opted out of the Intel extra features. The file iqvw64e.sys is not found scanning the drivers sub directory, so maybe it is gone. I also haven't bluescreened since these changes, but I also have not been working the computer hard, so I'll see what happens today as I use it.