• Frozen pointer and BSOD

    Author
    Topic
    #504557

    Lately my pointer has been freezing mid-screen followed by BSOD stating: “Unexpected_Kernal_Mode_Trap” Bluescreenview shows the fault lies with ntoskrnl.exe and rtkhdaud.sys. Also noted in the BSOD and Bluescreenview are: Ox1000007F, Ox00000008 and OxF771fd70. I would appreciate any assistance in fixing this. Thank you.

    Viewing 31 reply threads
    Author
    Replies
    • #1552466

      Did you install any new drivers, any new or updated apps, or peripherals or internal equipment recently?

      If no: I would guess because of the stop 7 error with the 0x00000008 parameter error that it is a hardware issue on aging equipment. A recurring kernel mode error is a bad one. Both of those files are system files, one part of the kernel and the other allowing OS communication with hardware.

      If you run a LiveCD of Linux Mint, or Ubuntu on your system (note: this is not an install; run 100% in RAM) for a reasonable length of time in which you would expect the freeze/BSOD to occur, and do not experience the freeze/BSOD then you know it involves the OS/driver/startup app (or boot drive). I would back up your boot drive image, disconnect any secondary drives and then run sfc /scannow on the PC. Have your OS disk standing by.

      If it still has that issue then try a repair installation. If it still has the issue (and it really shouldn’t) try updating the BIOS to the final revision available as well as any firmware updates to drives (if any) and update all drivers to most recent available starting with the chipset and SATA drivers. If still an issue replace the boot drive.

      If you do get a freeze/BSOD running Linux then it is hardware caused. Disconnect all non-essential peripherals.

      Additionally you can boot and run memtest86+ on the system to test memory. 7 passes with zero errors or more before stopping = pass. Stop on any error. Replace RAM on error, lifetime warranty unless OEM system and the RAM maker knows it. Used RAM is cheap on eBay if old.

      You can download the boot drive test app from the drive maker’s support site and run it. May need a boot version if available. If fails replace drive (hopefully under warranty).

      A similar freeze/BSOD during either of these test apps (if booted up) again confirms a unknown hardware cause.

      I would also install HWMonitor and see what values it is giving for temps and voltages though it is not so much useful unless you saved a baseline when it was working well to compare it to.

      If both pass, I would try one stick of RAM and then the other. While in the cabinet I would sniff around for burnt smells and look for carbon deposits or other stains. Then clean out the case of dust (outside), especially in the heat sink(s). Inspect the motherboard and anywhere else for bulged or popped caps, stains, molten solder. Make sure fans are working including PSU fan.

      The last would be to strip components out of the case to run a minimal setup and see if it works, leaving one of the disconnected peripherals/parts guilty. If you have the resources to plug a replacement part in or plug the part into another PC to test do so. In the end you may be left with a few parts you cannot test without buying and replacing and you will have to decide if the system is worth it rather than putting the money towards replacing the PC.

      • #1552505

        Thank you, FN, for the very thorough explanation of how to troubleshoot/fix this sort of problem.

        Used RAM is cheap on eBay if old.

        So cheap, in fact, that you can afford the risk of buying used RAM, because if you happen to get a bad one, you lost very little money in the process.

        If you have the resources to plug a replacement part in or plug the part into another PC to test do so.

        I used to work in a school system where just about every computer was identical. So if I suspected that a part was bad in one computer, I could easily swap parts with another computer to see if, in fact, the part in question was bad.

        Group "L" (Linux Mint)
        with Windows 10 running on a separate hard drive
    • #1552507

      You can also use a log interpreter like BlueScreenView.

      cheers, Paul

      • #1552515

        You can also use a log interpreter like BlueScreenView.

        … Bluescreenview shows the fault lies with ntoskrnl.exe and rtkhdaud.sys. Also noted in the BSOD and Bluescreenview are: Ox1000007F, …

        STOP 0x0000007F: UNEXPECTED_KERNEL_MODE_TRAP (same as Ox1000007F)
        Usual causes: Memory corruption, Hardware (memory in particular), Overclocking failure, Installing a faulty or mismatched hardware (especially memory) or a failure after installing it, 3rd party firewall, Device drivers, SCSI/network/BIOS updates needed, Improperly seated cards, Incompatible storage devices, Overclocking, Virus scanner, Backup tool, Bad motherboard, Missing Service Pack

        Usual causes are listed in order of frequency.

        rtkhdaud.sys is your Realtek HD audio driver, see if you can find an updated version: http://www.realtek.com/downloads/downloadsCheck.aspx?Langid=1&PNid=24&PFid=24&Level=4&Conn=3&DownTypeID=3&GetDown=false or from your motherboard/PC maker.

        If you can copy the minidump to your Desktop, zip and attach it, I’ll take a look at it. Better still, follow the instructions here and then attach the required zipped folders, it’ll give us a lot more to work with.

        • #1552553

          ….rtkhdaud.sys is your Realtek HD audio driver,…..

          Son of a b@#%$h!!!! When I did a search I did not see that pop up. That changes a lot. Indeed, update the driver from the Realtek site.

          If that fails to clear up the issue, try disabling audio in BIOS. And remove the audio driver. Hopefully that clears it up.

          Buy a replacement audio for your PC. I like this…cheap and works. Just plug in your speakers and plug it into a back USB2 port.

          http://www.newegg.com/Product/Product.aspx?Item=9SIA24G28M8615

          • #1553044

            Thank you, Fascist Nation, for your thoughtful and detailed response to my post. Please note that I have not installed any new drivers, any new or updated apps, or peripherals or internal equipment recently. Kindly note the following:

            1) I booted up again last night and got another BSOD and on the screen it said IRQL_NOT_LESS_OR_EQUAL; Ox0000000A (Ox80557444, Ox000000FF, Ox00000001, Ox804FA7DE)
            2) ran MemTest+ V5.01, froze at 00:01:25; I ended the test.
            3) ran MemTest V4.3.7, test 3 had 2044 errors; froze at 0:00:12; I ended test.
            4) re-ran MemTest+ V5.01 just to see what, if anything, would happen; test 5, screen was as red as a firetruck; “failing address” and the “Count” was spinning like a top with ever increasing numbers; I ended the test.
            5) re-ran MemTest V4.3.7 just to see what, if anything, would happen; froze at nine seconds; “unexpected interrupt – halting CPU1”. I ended the test.

            Next, I’m going to vacuum inside the box and, as you suggested, check that the fans are all working, check for bulged or popped caps, stains and then run the memory tests again. I have Everest, instead of HWMonitor. Is that all right?

            Thanks again, Fascist Nation. I will let you know what happens.

        • #1553073

          Thank you, satrow, for your reply. Looking at the link you graciously provided, I can download the following: ALC5621 (Datasheets), High Definition Audio Codecs (Software), AC’97 Audio Codecs (Software). Do you know which, if any, I should download? Also, before downloading the new driver, do I need to remove the old one? Thank you.

        • #1553187

          Here’s the minidump. Thanks. https://www.sendspace.com/file/w8vae8

        • #1553283

          Usual causes are listed in order of frequency.

          rtkhdaud.sys is your Realtek HD audio driver, see if you can find an updated version: http://www.realtek.com/downloads/downloadsCheck.aspx?Langid=1&PNid=24&PFid=24&Level=4&Conn=3&DownTypeID=3&GetDown=false or from your motherboard/PC maker.

          If you can copy the minidump to your Desktop, zip and attach it, I’ll take a look at it. Better still, follow the instructions here and then attach the required zipped folders, it’ll give us a lot more to work with.

          Here’s the minidump. Thanks. https://www.sendspace.com/file/w8vae8

    • #1553072
    • #1553080

      High Definition Audio Codecs (Software), an over the top install should suffice.

    • #1553293

      The text file wasn’t the dump, I’d like C:WINDOWSMinidumpMini022216-01.dmp, copy it to your Desktop, zip it and attach the zip file, please.

    • #1553390

      I downloaded the Realtek driver and after working on the computer for about 20 minutes, the pointer froze again, system made a constant, steady and low ripple noise but no BSOD. I re-booted, system came up and then BSOD. Attached are two minidump files, one from before the installation of the Realtek driver and one from right after. (Sorry. I thought the BlueScreenView was the same as the minidump file.) Thanks for your assistance.

      43696-Mini022216-01-before-RealTek-driver-download
      43695-Mini022416-01-after-RealTek-driver-download

    • #1553408

      Both dumps are effectively identical 0x7F’s:

      STOP 0x0000007F: UNEXPECTED_KERNEL_MODE_TRAP
      Usual causes: Memory corruption, Hardware (memory in particular), Overclocking failure, Installing a faulty or mismatched hardware (especially memory) or a failure after installing it, 3rd party firewall, Device drivers, SCSI/network/BIOS updates needed, Improperly seated cards, Incompatible storage devices, Overclocking, Virus scanner, Backup tool, Bad motherboard, Missing Service Pack

      0x00000008, or Double Fault, indicates that an exception occurs during a call to the handler for a prior exception. Typically, the two exceptions are handled serially. However, there are several exceptions that cannot be handled serially, and in this situation the processor signals a double fault. There are two common causes of a double fault:

      A kernel stack overflow. This overflow occurs when a guard page is hit, and the kernel tries to push a trap frame. Because there is no stack left, a stack overflow results, causing the double fault. If you think this overview has occurred, use !thread to determine the stack limits, and then use kb (Display Stack Backtrace) with a large parameter (for example, kb 100) to display the full stack.
      A hardware problem.

      A double fault can occur when the kernel stack overflows. This overflow occurs if multiple drivers are attached to the same stack. For example, if two file system filter drivers are attached to the same stack and then the file system recurses back in, the stack overflows.

      Troubleshooting: If you recently added hardware to the computer, remove it to see if the error recurs. If existing hardware has failed, remove or replace the faulty component. Run hardware diagnostics that the system manufacturer supplies to determine which hardware component failed.

      The memory scanner is especially important. Faulty or mismatched memory can cause this bug check. For more informaiton about these procedures, see the owner’s manual for your computer. Check that all adapter cards in the computer are properly seated. Use an ink eraser or an electrical contact treatment, available at electronics supply stores, to ensure adapter card contacts are clean.

      If the error appears on a newly installed system, check the availability of updates for the BIOS, the SCSI controller, or network cards. These kind of updates are typically available on the Web site or BBS of the hardware manufacturer.

      Confirm that all hard disk drives, hard disk controllers, and SCSI adapters are listed in the Microsoft Windows Marketplace Tested Products List.

      If the error occurred after the installation of a new or updated device driver, you should remove or replace the driver. If, under this circumstance, the error occurs during the startup sequence and the system partition is formatted with NTFS, you might be able to use Safe Mode to rename or delete the faulty driver. If the driver is used as part of the system startup process in Safe Mode, you have to start the computer by using the Recovery Console in order to access the file.

      Also restart your computer, and then press F8 at the character-based menu that displays the operating system choices. At the Advanced Options menu, select the Last Known Good Configuration option. This option is most effective when you add only one driver or service at a time.

      Overclocking (setting the CPU to run at speeds above the rated specification) can cause this error. If you have overclocked the computer that is experiencing the error, return the CPU to the default clock speed setting.

      Check the System Log in Event Viewer for additional error messages that might help identify the device or driver that is causing the error. You can also disable memory caching of the BIOS to try to resolve the problem.

      If you encountered this error while upgrading to a new version of the Windows operating system, the error might be caused by a device driver, a system service, a virus scanner, or a backup tool that is incompatible with the new version. If possible, remove all third-party device drivers and system services and disable any virus scanners before you upgrade. Contact the software manufacturer to obtain updates of these tools. Also make sure that you have installed the latest Windows Service Pack.

      Finally, if all the above steps do not resolve the error, take the system motherboard to a repair facility for diagnostic testing. A crack, a scratched trace, or a defective component on the motherboard can also cause this error.

      Code:
      Built by: 2600.xpsp_sp3_qfe.130704-0421
      Debug session time: Wed Feb 24 17:30:40.515 2016 (UTC + 0:00)
      System Uptime: 0 days 0:02:45.218
      BugCheck 1000007F, {8, f771fd70, 0, 0}
      Probably caused by : ntkrnlmp.exe ( nt!KiTrap0E+23 )
      BUGCHECK_STR:  0x7f_8
      PROCESS_NAME: NOT FOUND
      ¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨“
      Built by: 2600.xpsp_sp3_qfe.130704-0421
      Debug session time: Mon Feb 22 08:17:31.082 2016 (UTC + 0:00)
      System Uptime: 0 days 0:04:02.972
      BugCheck 1000007F, {8, f771fd70, 0, 0}
      Probably caused by : memory_corruption ( nt!MiQueryAddressState+70 )
      BUGCHECK_STR:  0x7f_8
      PROCESS_NAME: NOT FOUND
      ¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨“

      3rd party driver list (note: 4 oddities, ?_unavailable, Unknown_Module_b6970000, Unknown_Module_bd13f000 and not_a):

      Code:
      ?_unavailable                           (00000000) (00000000) 2008 (00000000) 2008 (00000000)
      ASACPI.sys                              Fri Aug 13 03:52:52 2004 (411C2D04)
      BrPar.sys                               Mon Jul 24 19:18:46 2000 (397C8886)
      RtkHDAud.sys                            Tue Dec 10 12:17:13 2013 (52A70649)
      SI3132.sys                              Wed Oct  3 19:41:04 2007 (4703E240)
      SiRemFil.sys                            Wed Jun 20 21:06:09 2007 (467988B1)
      Unknown_Module_b6970000                 Sun Apr 13 19:39:46 2008 (48025372)
      Unknown_Module_bd13f000                 Fri Nov 16 19:50:09 2012 (50A698F1)
      afw.sys                                 Tue Oct 16 13:12:39 2012 (507D4F37)
      afwcore.sys                             Thu Jun 26 07:59:27 2014 (53ABC4CF)
      ati2cqag.dll                            Fri Nov 16 19:39:03 2012 (50A69657)
      ati2dvag.dll                            Fri Nov 16 20:24:31 2012 (50A6A0FF)
      ati2mtag.sys                            Fri Nov 16 20:24:05 2012 (50A6A0E5)
      ati3duag.dll                            Fri Nov 16 20:23:40 2012 (50A6A0CC)
      atikvmag.dll                            Fri Nov 16 19:50:09 2012 (50A698F1)
      atiok3x2.dll                            Fri Nov 16 19:46:23 2012 (50A6980F)
      ativvaxx.dll                            Fri Nov 16 19:58:46 2012 (50A69AF6)
      eamonm.sys                              Mon Jul  6 15:32:58 2015 (559A919A)
      ehdrv.sys                               Mon Jul  6 15:33:30 2015 (559A91BA)
      epfwtdir.sys                            Mon Jul  6 15:34:09 2015 (559A91E1)
      intelppm.sys                            Sun Apr 13 19:31:31 2008 (48025183)
      iteatapi.sys                            Fri Feb 29 09:07:26 2008 (47C7CB4E)
      mbam.sys                                Tue Aug 11 18:35:14 2015 (55CA3252)
      not_a                                   valid store 2008 store 2008 store
      

      In the windbg output, we can see that both the HIDPARSE (HID = human interface device) and the USBStor drivers are to some extent overlapping with the floppy disk driver whilst in memory!

      Code:
      Loading Dump File [E:Downloads22316-3338-01Mini022216-01.dmp]
      Mini Kernel Dump File: Only registers and stack trace are available
      
      WARNING: Whitespace at start of path element
      WARNING: Whitespace at start of path element
      
      ************* Symbol Path validation summary **************
      Response                         Time (ms)     Location
      Deferred                                       SRV*d:symbols*http://msdl.microsoft.com/download/symbols
      Symbol search path is: SRV*d:symbols*http://msdl.microsoft.com/download/symbols; SRV*c:Vistasymbols*http://msdl.microsoft.com/download/symbols; SRV*c:XPsymbols*http://msdl.microsoft.com/download/symbols
      Executable search path is: 
      Windows XP Kernel Version 2600 (Service Pack 3) MP (2 procs) Free x86 compatible
      Product: WinNt
      Built by: 2600.xpsp_sp3_qfe.130704-0421
      Machine Name:
      Kernel base = 0x804d7000 PsLoadedModuleList = 0x805634c0
      Debug session time: Mon Feb 22 08:17:31.082 2016 (UTC + 0:00)
      System Uptime: 0 days 0:04:02.972
      Loading Kernel Symbols
      .
      
      Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
      Run !sym noisy before .reload to track down problems loading symbols.
      
      [B][COLOR="#FF0000"]..............................................................
      .................WARNING: HIDPARSE overlaps flpydisk
      ...............................................
      ....WARNING: USBSTOR overlaps flpydisk[/COLOR][/B]
      ...
      Loading User Symbols
      *******************************************************************************
      *                                                                             *
      *                        Bugcheck Analysis                                    *
      *                                                                             *
      *******************************************************************************
      
      Use !analyze -v to get detailed debugging information.
      
      BugCheck 1000007F, {8, f771fd70, 0, 0}
      
      Probably caused by : memory_corruption ( nt!MiQueryAddressState+70 )
      
      Followup:     MachineOwner
      ---------
      
      1: kd> !analyze -v
      *******************************************************************************
      *                                                                             *
      *                        Bugcheck Analysis                                    *
      *                                                                             *
      *******************************************************************************
      
      UNEXPECTED_KERNEL_MODE_TRAP_M (1000007f)
      This means a trap occurred in kernel mode, and it's a trap of a kind
      that the kernel isn't allowed to have/catch (bound trap) or that
      is always instant death (double fault).  The first number in the
      bugcheck params is the number of the trap (8 = double fault, etc)
      Consult an Intel x86 family manual to learn more about what these
      traps are. Here is a *portion* of those codes:
      If kv shows a taskGate
              use .tss on the part before the colon, then kv.
      Else if kv shows a trapframe
              use .trap on that value
      Else
              .trap on the appropriate frame will show where the trap was taken
              (on x86, this will be the ebp that goes with the procedure KiTrap)
      Endif
      kb will then show the corrected stack.
      Arguments:
      Arg1: 00000008, EXCEPTION_DOUBLE_FAULT
      Arg2: f771fd70
      Arg3: 00000000
      Arg4: 00000000
      
      Debugging Details:
      ------------------
      
      
      DUMP_CLASS: 1
      
      DUMP_QUALIFIER: 400
      
      BUILD_VERSION_STRING:  2600.xpsp_sp3_qfe.130704-0421
      
      DUMP_TYPE:  2
      
      BUGCHECK_P1: 8
      
      BUGCHECK_P2: fffffffff771fd70
      
      BUGCHECK_P3: 0
      
      BUGCHECK_P4: 0
      
      BUGCHECK_STR:  0x7f_8
      
      CPU_COUNT: 2
      
      CPU_MHZ: bc2
      
      CPU_VENDOR:  GenuineIntel
      
      CPU_FAMILY: f
      
      CPU_MODEL: 6
      
      CPU_STEPPING: 2
      
      CPU_MICROCODE: f,6,2,0 (F,M,S,R)  SIG: D'00000000 (cache) 0'00000000 (init)
      
      CUSTOMER_CRASH_COUNT:  1
      
      DEFAULT_BUCKET_ID:  DRIVER_FAULT
      
      ANALYSIS_SESSION_HOST:  BETENOIR
      
      ANALYSIS_SESSION_TIME:  02-24-2016 23:00:50.0842
      
      ANALYSIS_VERSION: 10.0.10586.567 amd64fre
      
      LAST_CONTROL_TRANSFER:  from 00000000 to 8057cf4b
      
      STACK_TEXT:  
      a6559c88 00000000 00000000 00000000 00000000 nt!MiQueryAddressState+0x70
      
      
      STACK_COMMAND:  kb
      
      THREAD_SHA1_HASH_MOD_FUNC:  1b05fcdb98f02efb1acfc99463988d524c83bf04
      
      THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  f0510c91ffe5580b58b5fac8e874dfc6f9c2faff
      
      THREAD_SHA1_HASH_MOD:  76cd06466d098060a9eb26e5fd2a25cb1f3fe0a3
      
      FOLLOWUP_IP: 
      nt!MiQueryAddressState+70
      8057cf4b e87042ffff      call    nt!MiIsPteDecommittedPage (805711c0)
      
      FAULT_INSTR_CODE:  ff4270e8
      
      SYMBOL_STACK_INDEX:  0
      
      SYMBOL_NAME:  nt!MiQueryAddressState+70
      
      FOLLOWUP_NAME:  MachineOwner
      
      MODULE_NAME: nt
      
      DEBUG_FLR_IMAGE_TIMESTAMP:  51d4e5ec
      
      IMAGE_VERSION:  5.1.2600.6419
      
      IMAGE_NAME:  memory_corruption
      
      FAILURE_BUCKET_ID:  0x7f_8_nt!MiQueryAddressState+70
      
      BUCKET_ID:  0x7f_8_nt!MiQueryAddressState+70
      
      PRIMARY_PROBLEM_CLASS:  0x7f_8_nt!MiQueryAddressState+70
      
      TARGET_TIME:  2016-02-22T08:17:31.000Z
      
      OSBUILD:  2600
      
      OSSERVICEPACK:  3000
      
      SERVICEPACK_NUMBER: 3
      
      OS_REVISION: 0
      
      SUITE_MASK:  0
      
      PRODUCT_TYPE:  1
      
      OSPLATFORM_TYPE:  x86
      
      OSNAME:  Windows XP
      
      OSEDITION:  Windows XP WinNt (Service Pack 3)
      
      OS_LOCALE:  
      
      USER_LCID:  0
      
      OSBUILD_TIMESTAMP:  2013-07-04 04:03:08
      
      BUILDOSVER_STR:  5.1.2600.xpsp_sp3_qfe.130704-0421
      
      ANALYSIS_SESSION_ELAPSED_TIME: da
      
      ANALYSIS_SOURCE:  KM
      
      FAILURE_ID_HASH_STRING:  km:0x7f_8_nt!miqueryaddressstate+70
      
      FAILURE_ID_HASH:  {c8741433-23ff-1b46-f01b-480ddfd86f1c}
      
      Followup:     MachineOwner
    • #1553409

      There’s certainly memory corruption going on, probably caused by the odd ‘drivers’ listed but XP always was very difficult to debug, many of the ‘old hands’ simply gave up once Vista/W7 came along and debugging became more refined. This one’s way above my pay scale, the folks over at Sysnative might have someone who has the time and skills to work through it with you: http://www.sysnative.com/forums/bsod-processing-apps-download-information-discussions/3784-xp-bsod-posting-instructions.html

      Feel free to use this, but please keep in mind there are a very limited number of BSOD analysts that will touch XP BSODs.

    • #1553466

      If you temporarily disable your audio, and that fixes the problem, then you know what needs to be fixed in order to solve this. Ultimately, you want to have audio which works, but which does not cause problems.

      Group "L" (Linux Mint)
      with Windows 10 running on a separate hard drive
    • #1554133

      +1 for FN
      use his advice in Post 2.

      🍻

      Just because you don't know where you are going doesn't mean any road will get you there.
    • #1554404

      Will someone kindly recommend a legitimate website from which I will download a LiveCD of Linux Mint. There are so many websites that offer it. Also, okay to download it to a DVD-RAM? Thanks.

      • #1554415

        Will someone kindly recommend a legitimate website from which I will download a LiveCD of Linux Mint. There are so many websites that offer it. Also, okay to download it to a DVD-RAM? Thanks.

        https://www.linuxmint.com/edition.php?id=204

        You do understand this is an ISO file and needs to be image burned so as to make it bootable? [or alternate means to make a flash drive bootable]

        I beleive all versions of Linux Mint are LiveCD’s (really LiveDVD’s) meaning they can run in memory off of the DVD (slow) (or flash drive) to allow a high rez test drive of Linux without actually installing. Internet access is available. And while it is an initial pain to figure out how to get around being used to Windows, once figured out it can be kind of fun. Either way it will need be played with for a sufficient amount of time to have expected the phenomenon to occur (or it does occur) to complete the test.

        If you are concerned about the contents of the boot drive (or any storage drive) being effected (unintended installing of Linux, etc.) they can be unplugged before this testing phase.

        I have no idea whether a DVD-RAM disk would work as I am not familiar with this limited use format. You will soon find out I guess if that is all you have, but a DVD-R or DVD+R will work.

        • #1554497

          https://www.linuxmint.com/edition.php?id=204

          You do understand this is an ISO file and needs to be image burned so as to make it bootable? [or alternate means to make a flash drive bootable]

          Yes. This is no problem. Do I really want 64-bit instead of 32-bit?

          I beleive all versions of Linux Mint are LiveCD’s (really LiveDVD’s) meaning they can run in memory off of the DVD (slow) (or flash drive) to allow a high rez test drive of Linux without actually installing. Internet access is available. And while it is an initial pain to figure out how to get around being used to Windows, once figured out it can be kind of fun. Either way it will need be played with for a sufficient amount of time to have expected the phenomenon to occur (or it does occur) to complete the test.

          Is there a chance this can accidentally install? Does “Internet access is always available” mean instead of doing the LiveCD download, I can use the Internet instead? Your initial post, #2, made this sound really simple to do. Is it?

          If you are concerned about the contents of the boot drive (or any storage drive) being effected (unintended installing of Linux, etc.) they can be unplugged before this testing phase.

          I can unplug the several storage drives I have but I’m not sure what the boot drive is.

          Thanks.

          • #1554547

            Good point!
            https://www.linuxmint.com/edition.php?id=203

            On its own, I doubt it. What are the chances you’d select the wrong option? I know I might be tempted to unplug any storage drives so there was no chance. easy to do. Doesn’t really effect the test. Anything that can go wrong will go wrong. If it still hangs then you ruled out all unattached drives. If it no longer hangs then you ruled out all the hardware except any unattached drives.

            Boot drive is your present C: drive.

    • #1554636

      I’ve successfully burned a Linux Mint disk. There is a way to unplug my boot drive as a precaution during the testing?

    • #1554649

      As long as you don’t click on the link to install Linux, you’ll be fine. And if you do, it asks if you want a full install (clearing whatever was on the disk) or a side by side install, so it can be dual boot. This means you have plenty of opportunity to bail out. I’ve run Linux (Mint and Ubuntu) from a DVD/USB and had no problems.

      Eliminate spare time: start programming PowerShell

    • #1554864

      I backed up my computer and created a restore point and was about to start the Linux Mint test when I got another BSOD. This one said: sandbox.sys – Address A9E7E9B9 base at A9E64000, Datestamp 52b3ef2c; stop: 0X0000008E (0XC 0000005, 0XA9E7E9B9, 0XA642C958, 0X00000000)

      I know SandBox.sys is a system driver that belongs to my Agnitum Outpost Firewall Pro. Could this be the root of all my computer problems? A firewall driver?

    • #1554871

      Yes, that could be easily be part, or even root cause, of the problem, especially as it appears to act like some kind of ‘virtual’ machine.

      • #1554891

        Yes, that could be easily be part, or even root cause, of the problem, especially as it appears to act like some kind of ‘virtual’ machine.

        Would my next step be to update this driver?

    • #1554894

      Sure, update it or uninstall the software during troubleshooting.

    • #1555838

      Here is what has happened in my attempt to fix my computer since my last post:

      1) Since I could not find the Agnitum Outpost Firewall Pro driver, I contacted their tech support (Moscow) and they told me to download and install the latest version of the program which was recently released.
      2) I tried many times to do so but my system kept crashing during the install.
      3) I opened the box and carefully vacuumed it out, making sure the vacuum nozzle did not touch anything and making sure I did not generate static electricity. I also made sure connections were tight, no bulged capacitors, no burn odor, etc. Looked okay.
      4) Re-booted and got: “A read disk error has occurred, press Control, Alt, Delete to re-start”.
      5) I pressed c-a-d many times and got the same error message.
      6) Thinking I may have knocked a cable loose when I previously opened the box, I re-opened the box and looked around. Looked okay.
      7) Re-booted and got the BIOS list of drives. My HDD was not on list.
      8) Booted Hirens disk v15.2 thinking I will try to run Hitachi HDD Diagnostic and see if HDD is there. It was not.
      9) Re-booted without Hirens and went to BIOS Setup screen. My HDD is right there where it is suppose to be.

      I don’t quite understand what’s going on. What did I do wrong? Do I or do I not have my HDD? (Please note that all my data has been backed up.) If I can get this HDD issue resolved and then download the new version of Agnitum Outpost Firewall Pro, I would like to continue on and do the Linux Mint test. Continued assistance will be greatly appreciated. Thank you.

    • #1555843

      Points 1 and 2 indicate that the Firewall/driver really is a problem, it cannot be working correctly (the earlier 0x8E Sandbox.sys bugcheck shows memory corruption being flagged, probably another driver ‘sharing’ part of the same memory space – very bad, one or both could be corrupt, like the driver overlaps highlighted by Windbg in the lowest code box in #16).

      The hard drive is suspect, can you find someone local who can install it as a secondary drive and check that it’s correctly detected and accessible and then run chkdsk /r /f on it and attach the chkdsk log? Also run a full AV/Malware scan on it.

      • #1555953

        Points 1 and 2 indicate that the Firewall/driver really is a problem, it cannot be working correctly (the earlier 0x8E Sandbox.sys bugcheck shows memory corruption being flagged, probably another driver ‘sharing’ part of the same memory space – very bad, one or both could be corrupt, like the driver overlaps highlighted by Windbg in the lowest code box in #16).

        The hard drive is suspect, can you find someone local who can install it as a secondary drive and check that it’s correctly detected and accessible and then run chkdsk /r /f on it and attach the chkdsk log? Also run a full AV/Malware scan on it.

        I don’t know anyone who can/would do this for me. Are there any alternative procedures for me here?

    • #1555957

      If you physically disconnect/connect the HDD cables or try with a new cable, you might get it to register correctly. If you can’t access the drive at boot or if the BIOS doesn’t recognise it, it’s pretty serious.

    • #1555987

      I thought I’d try Hirens again before putting the disk away. I went to the Hitachi HDD Diagnostic and this time my HDD was listed. I ran the advanced test. It ran all night and then “operation successfully completed” greeted me this morning. I’m not going to look a gift horse in the mouth but I wonder why it recognized the HDD this time. (I did leave the BIOS Setup screen, point 9 in my previous post, on for many hours if that has anything to do with it.) I then had to leave.

      I guess my next steps would be to try to reboot normally, run a full AV/Malware scan, install the newest Agnitum Outpost Firewall Pro and attempt the Linux Mint test.

    • #1556102

      I tried to reboot normally and got the error message: “Reboot and select proper boot device or insert boot media in selected boot device and press a key.” I rebooted and pressed F8, selected my HDD and got the error message: “A read error occurred, press c-a-d to restore.” I did. I got the same error message again.

      Any assistance will be appreciated. Thank you.

    • #1556106

      If the drive is detected by the BIOS, that would normally indicate that the disk appears to be valid but the data in the MBR (or possibly the VBR – Volume Boot Record, on the active/bootable partition) Master Boot Record, on the first sector of the drive, is damaged or missing.

      Booting from an XP CD/Recovery Console or bootable floppy might enable you to run possible fixes (eg. https://support.microsoft.com/en-us/kb/69013) but it’s possible that there’s physical damage to that vital sector.

      Can you access/detect the drive booting from the diags CD still?

      • #1556172

        If the drive is detected by the BIOS, that would normally indicate that the disk appears to be valid but the data in the MBR (or possibly the VBR – Volume Boot Record, on the active/bootable partition) Master Boot Record, on the first sector of the drive, is damaged or missing.

        Booting from an XP CD/Recovery Console or bootable floppy might enable you to run possible fixes (eg. https://support.microsoft.com/en-us/kb/69013) but it’s possible that there’s physical damage to that vital sector.

        Can you access/detect the drive booting from the diags CD still?

        Yes, I can access/detect the drive booting from the diags CD.

        Another development. I tried booting and rebooting and F8’d and sometimes the HDD was on the list and sometimes not. If it was not, I rebooted. If it was on the list, I highlighted it and clicked on it. Throughout all this, I got several error messages I have never seen before but I think may be helpful:

        1) “S.M.A.R.T. capable but command failed”
        2) After trying to reboot in Safe Mode to attempt a Restore, I got this: “Windows could not start because the following file is missing or corrupt: system32ntoskrnl.exe; Please re-install a copy of the above file.”

        I do have my XP CD slipstreamed with SP3 on it. Would I somehow use this to get the ntoskrnl.exe file? Thank you.

        • #1556222

          Clearly the simplest explanation is the HDD is failing. One can recheck connector seatings. Try a new cable, power cable, or controller (latter two best done as a secondary drive in a different PC) to eliminate those physical possibilities.

          Lack of effort to run the HDD maker’s dx app when opportunity presented itself so very long ago may have signaled the issue before it outright failed so all this stuff could have been averted. Since everything is backed up no great harm; just possibly wasted time.

          Confirm the cause, replace the part and if the HDD install the backup.

          • #1556311

            Clearly the simplest explanation is the HDD is failing. One can recheck connector seatings. Try a new cable, power cable, or controller (latter two best done as a secondary drive in a different PC) to eliminate those physical possibilities.

            Lack of effort to run the HDD maker’s dx app when opportunity presented itself so very long ago may have signaled the issue before it outright failed so all this stuff could have been averted. Since everything is backed up no great harm; just possibly wasted time.

            Confirm the cause, replace the part and if the HDD install the backup.

            I’m afraid I just don’t understand. (Kindly note that I am not a techie):

            1) Since the HDD passed the Hitachi HDD diagnostic (Hirens), doesn’t that mean the HDD is okay?
            2) In that light, I also don’t follow: “Lack of effort to run the HDD maker’s dx app when opportunity presented itself so very long ago may have signaled the issue before it outright failed…” It didn’t fail. It passed the test.
            3) “Try a new cable, power cable, or controller…” Do any of these require soldering? (If so, I won’t touch it.) When you say “Try a new cable…”, what cable are you referring to?
            4) “…(latter two best done as a secondary drive in a different PC) to eliminate those physical possibilities.” Sorry, I don’t understand this. Remove my “…power cable, or controller…” and install in another machine to see if it works?
            5) Are there any other diagnostics I can run to eliminate or not eliminate any causes of my problems?

            Thank you very much, FN.

    • #1556261

      SMART errors (the drive self-reporting errors) plus the kernel error means there’s little point in trying to run/repair an OS on the drive, replace it, as FN suggests above.

    • #1556768

      Here are the latest developments:

      1) When booting up, it stopped at “Auto Detecting 3rd Master (my hdd)” or I got the error message “Reboot and select…”. I continued to reboot and F8 and my hdd never showed up again.
      2) I opened the box and unclipped the hdd cable from both ends and re-clipped them, making sure the connections were tight.
      3) I rebooted, F8’d and the hdd showed up in the listing. I clicked on the hdd and I got the BSOD, over and over.
      4) I inserted my slipstreamed PC disk, it loaded, I clicked on R for repair, got C:WINDOWS>, tried to get to the root C:, could not so I tried to run CHKDSK /F and got the error message “The parameter is not valid.” so I ran CHKDSK /R instead and that worked.
      5) CHKDSK /R ran most of the night, it completed and I got the message “CHKDSK found and fixed 1 or more errors on the volume.” plus all the number of bytes, allocations, etc.

      As long as C:WINDOWS> is still on the screen, is it advisable to run FIXBOOT and/or FIXMBR (and/or anything else) before I try to reboot normally and again try to reinstall Agnitum Firewall Pro? Thank you.

    • #1557166

      I am attempting to run the SFC /SCANNOW command using my slipstreamed Windows XP installation disk by typing: sfc /scannow /offbootdir=c: /offwindir=c:windows at the c:windows> prompt but I keep getting the “invalid parameter” error. What am I doing wrong? Thank you.

    • #1557995

      I think you may have the drive letter wrong. Booted from a CD your hdd windows dir is likely not on the c: drive. do a cd / and dir to check.

      🍻

      Just because you don't know where you are going doesn't mean any road will get you there.
      • #1558083

        I booted up with my slipstreamed WIN PRO XP disk, selected R for the Repair Console, got the C:WINDOWS> prompt and, if I followed your instructions correctly, did cd /, got the root, c:, ran dir, eyeballed the list of files and found only one file with the word “windows” in it. It said: 3/29/16….11:29pm…d——-…0…WINDOWS

        Did I do this right? What do I do now? Thank you, wavy.

    • #1558733

      I would be grateful for a response. Thank you.

      • #1558765

        I would be grateful for a response. Thank you.

        Sorry been busy. What Satrow said is correct.My instructions were a bit lacking I know. The idea was to confirm you were setting the correct drive for the SFC.Assuming you have a drive set as D while booted to your recovery disk, typing “d” for instance would put you at the current directory of the D drive, typing “cd ” would set the current directory to the root of that drive. Then “DIR” would allow you to confirm you were in the correct directory , all the dir you would normally see in the root of the C drive whilst booted normally would be there! “The system cannot find the drive specified.” will result if there is no D drive, try the next letter. Hope that is clearer!:)

        :cheers:

        🍻

        Just because you don't know where you are going doesn't mean any road will get you there.
    • #1558758

      The C:WINDOWS> prompt is from the CD, what you need to find is the drive letter allocated to your System drive. From the prompt, change to D: and dir that to look for a Windows folder, if there’s no D:, work your way through the alphabet.

    • #1558981

      My computer had been off for about 12 hours. I rebooted normally to see what would happen. I don’t know why or how but I got my Desktop, the icons, everything. The mouse also worked even though during the bootup, the system recognized the keyboard but not the mouse. Then:

      1) Successfully Restored to a previous date before all the problems started.
      2) Successfully ran SFC /SCANNOW at the C-prompt.
      3) Successfully ran the Western Digital diagnostic for my HDD. No issues.
      4) Tried to install the latest, just-released version of Agnitum Outpost firewall. It stopped in mid-install. I let it stay that way for hours to see what would happen. Nothing happened.
      5) I rebooted normally again and I’m getting the same old problems, the same old BSOD with the same old error messages (issues with isass.exe, ati2mtag.sys, DRIVER_IRQL_NOT_OR_EQUAL, “No AMD graphics driver is installed or the AMD driver is not functioning properly. Please install the AMD driver appropriate…”, PAGE_FAULT, etc.)

      I noticed the computer works better after being shut off for hours so could this be a temperature thing? I did clean the fans a few weeks ago. Also, an icon in the lower right bottom of the screen is telling me I have updates waiting. I guess my slipstreamed WIN PRO XP disk does not have all the updates on it?

      Any suggestions for next steps? Thank you for your help.

    • #1559275

      Any assistance would be appreciated. Thank you.

    • #1559508

      Is my computer issue unsolvable?

    • #1559519

      After reading through this thread I have nothing to offer except to suggest that you take the computer to a local computer repair shop for further analysis. You should refer them to this thread so they may be able to more easily help you.
      You could have multiple problems but they should relatively quickly make diagnostic tests to resolve your delimma. Sorry, but that’s my best response in light of what has transpired up until now.

      RockE

      Image or Clone often! Backup, backup, backup, backup......
      - - - - -
      Home Built: Windows 10 Home 64-bit, AMD Athlon II X3 435 CPU, 16GB RAM, ASUSTeK M4A89GTD-PRO/USB3 (AM3) motherboard, 512GB SanDisk SSD, 3 TB WD HDD, 1024MB ATI AMD RADEON HD 6450 video, ASUS VE278 (1920x1080) display, ATAPI iHAS224 Optical Drive, integrated Realtek HD Audio

    Viewing 31 reply threads
    Reply To: Frozen pointer and BSOD

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: