New
#11
Yes, that's the correct procedure.
Could you enable Driver Verifier?
Driver Verifier - Enable and Disable
Restart the computer when Verifier is on. It will cause BSOD - because it is finding and stressing the faulty driver. Give couple of BSOD. Then go to Safe Mode - turn it off. Reboot into normal mode and upload the Verifier dumps.
Alright. After enabling the verifier.exe as per the settings you linked, I've restarted my system 3 times. No BSODs have occurred thus far...?
Wait at least 36 hours for BSOD to occur. If it doesn't occur, you do not have any faulty drivers.
I will do that. The only reason I asked is that somewhere I read that the verifier would actually *cause* a BSOD.
How do I find the verifier log when a BSOD happens?
Also, thank you again for all of the assistance
Alright. I've:
1. Uninstalled Malwarebytes
2. Enabled Driver Verifier
3. Run Memtest86+ for a few hours (with no issues found)
4. Updated Drivers
5. Run the /scannow checker multiple times (with no issues found)
And I have just received another BSOD.
How do I find/upload the logs that Driver Verifier keeps for the BSOD crashes so that I am able to upload it?
OKay, here's my new BSOD report.
Rank Check Disk last night, it restarted before I could see if it had any errors.
Also, ran Memtest86+ overnight, 0 errors. Do I need to test each stick individually if the test doesn't find any issues when running it with my normal setup?
Driver verified Saitek Hid Driver Version : 6.2.2.4 (your sailH8000.sys).
Yours is dated 4/2008 so way too old. Remove or update
How To Find Drivers:- - The most common drivers are listed on this page: Driver Reference Driver Reference- search Google for the name of the driver
- compare the Google results with what's installed on your system to figure out which device/program it belongs to
- visit the web site of the manufacturer of the hardware/program to get the latest drivers (DON'T use Windows Update or the Update driver function of Device Manager).
- if there are difficulties in locating them, post back with questions and someone will try and help you locate the appropriate program.
- - Driver manufacturer links are on this page: Drivers and Downloads
Code:Microsoft (R) Windows Debugger Version 6.11.0001.404 X86 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [C:\Users\K\Desktop\Windows_NT6_BSOD_jcgriff2\021911-14851-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: SRV*C:\Symbols*http://msdl.microsoft.com/download/symbols;srv*e:\symbols *http://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Kernel Version 7600 MP (4 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Built by: 7600.16695.amd64fre.win7_gdr.101026-1503 Machine Name: Kernel base = 0xfffff800`02a07000 PsLoadedModuleList = 0xfffff800`02c44e50 Debug session time: Sat Feb 19 03:35:59.840 2011 (GMT-5) System Uptime: 0 days 1:50:22.759 Loading Kernel Symbols ............................................................... ................................................................ ......................... Loading User Symbols Loading unloaded module list ...... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck C4, {f6, 528, fffffa8004b8ab30, fffff88002b66234} Unable to load image \SystemRoot\system32\DRIVERS\SaiH8000.sys, Win32 error 0n2 *** WARNING: Unable to verify timestamp for SaiH8000.sys *** ERROR: Module load completed but symbols could not be loaded for SaiH8000.sys Probably caused by : SaiH8000.sys ( SaiH8000+26234 ) Followup: MachineOwner --------- 2: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* DRIVER_VERIFIER_DETECTED_VIOLATION (c4) A device driver attempting to corrupt the system has been caught. This is because the driver was specified in the registry as being suspect (by the administrator) and the kernel has enabled substantial checking of this driver. If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will be among the most commonly seen crashes. Arguments: Arg1: 00000000000000f6, Referencing user handle as KernelMode. Arg2: 0000000000000528, Handle value being referenced. Arg3: fffffa8004b8ab30, Address of the current process. Arg4: fffff88002b66234, Address inside the driver that is performing the incorrect reference. Debugging Details: ------------------ BUGCHECK_STR: 0xc4_f6 CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VERIFIER_ENABLED_VISTA_MINIDUMP PROCESS_NAME: dxdiag.exe CURRENT_IRQL: 0 LAST_CONTROL_TRANSFER: from fffff80002f023dc to fffff80002a77740 STACK_TEXT: fffff880`07329de8 fffff800`02f023dc : 00000000`000000c4 00000000`000000f6 00000000`00000528 fffffa80`04b8ab30 : nt!KeBugCheckEx fffff880`07329df0 fffff800`02f17ae4 : 00000000`00000528 fffffa80`04b8ab30 00000000`00000004 fffff980`239f6000 : nt!VerifierBugCheckIfAppropriate+0x3c fffff880`07329e30 fffff800`02cd2030 : ffffffff`ffffffff fffff880`0732a080 fffff880`0732a200 fffff880`0732a408 : nt!VfCheckUserHandle+0x1b4 fffff880`07329f10 fffff800`02d503b5 : 00000000`00000000 fffff800`00000001 fffffa80`0461a3c0 fffff6fc`40015b00 : nt! ?? ::NNGAKEGL::`string'+0x20b4e fffff880`07329fe0 fffff800`02a76993 : fffffa80`047066e0 fffff880`0732a398 00000000`00000002 fffff880`0732a420 : nt!NtQueryValueKey+0x115 fffff880`0732a170 fffff800`02a72f30 : fffff800`02f06c86 fffff880`02b66234 fffff880`0732a408 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 fffff880`0732a378 fffff800`02f06c86 : fffff880`02b66234 fffff880`0732a408 00000000`00000000 00000000`00000000 : nt!KiServiceLinkage fffff880`0732a380 fffff880`02b66234 : fffff880`0732a4d0 fffff880`0732a538 fffff880`0732a4d0 fffff800`02b7f1c2 : nt!VfZwQueryValueKey+0x76 fffff880`0732a3d0 fffff880`0732a4d0 : fffff880`0732a538 fffff880`0732a4d0 fffff800`02b7f1c2 00000000`0000000c : SaiH8000+0x26234 fffff880`0732a3d8 fffff880`0732a538 : fffff880`0732a4d0 fffff800`02b7f1c2 00000000`0000000c fffff880`0732a400 : 0xfffff880`0732a4d0 fffff880`0732a3e0 fffff880`0732a4d0 : fffff800`02b7f1c2 00000000`0000000c fffff880`0732a400 00000001`082f3963 : 0xfffff880`0732a538 fffff880`0732a3e8 fffff800`02b7f1c2 : 00000000`0000000c fffff880`0732a400 00000001`082f3963 fffff800`00080006 : 0xfffff880`0732a4d0 fffff880`0732a3f0 00000000`00000000 : fffff880`0732a1b0 fffffa80`00000040 00000000`00000000 00000000`00000000 : nt!MmAllocateSpecialPool+0x722 STACK_COMMAND: kb FOLLOWUP_IP: SaiH8000+26234 fffff880`02b66234 488b4c2440 mov rcx,qword ptr [rsp+40h] SYMBOL_STACK_INDEX: 8 SYMBOL_NAME: SaiH8000+26234 FOLLOWUP_NAME: MachineOwner MODULE_NAME: SaiH8000 IMAGE_NAME: SaiH8000.sys DEBUG_FLR_IMAGE_TIMESTAMP: 47f6106a FAILURE_BUCKET_ID: X64_0xc4_f6_VRF_SaiH8000+26234 BUCKET_ID: X64_0xc4_f6_VRF_SaiH8000+26234 Followup: MachineOwner ---------