Solved

Identify BSOD Codes and Avoid OS Reinstall

Posted on 2009-07-02
51
1,423 Views
Last Modified: 2013-12-01
My system is afflicted with recurring BSOD, that appears predictably when copying large files between drives and spontaneously at other times. Although this suggests a memory fault, and two of the four memory sticks are new and predated the BSOD errors, diagnostics and practical tests cannot verify any memory flaws. The systems specs are:

2.40 gigahertz Intel Core2 Quad Q6600
64 kilobyte primary memory cache
4096 kilobyte secondary memory cache
Running XP Pro 5.1.2600 SP3 mobo Intel DG33Fb
Four 1024 mb Kingston memory sticks
NVIDEA 9600 GT

C: system drive       WDC WD740ADFD-00NLR5 [Hard drive] (74.35 GB) drive 0  NEW
F: Data Storage      WDC WD360GD-00FNA0 [Hard drive] (37.02 GB) -- drive 2  
                                   SMART Status: Healthy
G: Data Storage      WDC WD10EADS-00L5B1 [Hard drive] (1000.20 GB) -- drive 1  NEW
(all NTFS)

The following are examples of the error messages-

STOP: 0x 0000007F (0x00000008, 0x80042000, 0x00000000,0x00000000)

STOP:0x 0000007F (0x00000008, 0xB8338D70, 0x00000000,0x00000000)

STOP:0x 0000007F (0x00000008, 0xB8340D70, 0x00000000,0x00000000)

STOP: 0x 0000007F (0x00000008, 0xB8348D70, 0x00000000,0x00000000)

The last 3 series recur most often, and of these the last 0xB8348D70 is the most common; approximately 50% or more of the failures display this same message.

All peripherals have been systematically removed and replaced; the error recurs.

New drivers have been installed in the net card, and graphics card; the error recurs.

The four 1024  mb mem sticks were removed in pairs; the error recurs with each pair of memory sticks alone and with both pairs installed. Memory tests show no errors on the mem sticks.

The Mobo chipset drivers and the Management Engine Interface drivers have been reinstalled from the original mobo install disk.

The object is to identifythe detail of the rror code and avoid an OS reinstall.

Please advise.  Thanks.
0
Comment
Question by:sinbad8508
  • 28
  • 21
  • +1
51 Comments
 
LVL 18

Expert Comment

by:awawada
ID: 24765272
0
 
LVL 10

Expert Comment

by:Datedman
ID: 24765454
Hmmm no cryptic error code such as IRQL_NOT_LESS_etc?

I'm a great believer in the built-in program VERIFIER it's a driver verifier and once turned on will likely give you specific information instead of the BSOD's you've been getting.  Just run it, take the defaults, turn it back off after the problem is solved because there is some overhead.
0
 

Author Comment

by:sinbad8508
ID: 24765554
Thanks for the prompt reply.  I reviewed the referenced article, which suggests:

   "1. Test the RAM in the computer by running the diagnostic software that is provided by the computer manufacturer. Replace any RAM that is reported as bad. Also, make sure that all the RAM in the computer is the same speed." ((the RAM was tested twice, once by me and once by a bench tech who built the unit- no faults were identified. Also the practical test of removing the ram sticks in pairs did not eliminate the error.))
   "2. Try removing or swapping out controllers, cards, or other peripherals.(t(his was done,again by me and the a bench tech"   nada))
   "3. Try a different motherboard on the computer." ((this has not yet been tried)).

"If you are over clocking the speed of your processor, set it back to the speed at which it is designed to run." ((No OC has been attempted))
"Check with the hardware vendor for any updated hardware drivers or BIOS updates, or both." ((all available drivers have been reinstalled or upgraded, including the BIOS)).

Is there no way to specifically identify the code? It must mean something , and it is remarkably stable as it recurs.
0
 
LVL 10

Expert Comment

by:Datedman
ID: 24765580
If you turn on verifier you should get a more specific idea where the problem is. :)
0
 

Author Comment

by:sinbad8508
ID: 24765586
Datedman-

Thanks for the prompt reply.

No cryptic error code, just the addresses noted above.

How do I run VERIFYER?

sinbad
0
 

Author Comment

by:sinbad8508
ID: 24765604
OK I used Start , Run to to run verifier, but there are now options.

How do I get useful data?

0
 

Author Comment

by:sinbad8508
ID: 24765668
Trying "Automatically select all drivers installed on this computer" and rebooting.

I will be offline for a few.

sinbad
0
 
LVL 10

Expert Comment

by:Datedman
ID: 24765695
All drivers is a big performance hit from what I hear, I've had good luck with just taking the defaults but if that doesn't work, try all drivers. :)
0
 

Author Comment

by:sinbad8508
ID: 24765873
Back on line on a laptop.

OK no problem with the lag.

We have an apparently clear error message:

IO system verification error in pctfw2.sys

(WDM driver error 224)

[pctfw2.sys +142e at A1FE542E]

then on reboot same message but found at

F42E

How do I proceed? What do these codes tell us?

How do I get out of the Verifier mode on boot?  Safe mode or ??

sinbad
0
 

Author Comment

by:sinbad8508
ID: 24765889
Sorry this kb is klutzy

second location was at A228F42E

sinbad
0
 
LVL 10

Expert Comment

by:Datedman
ID: 24765975
You have Spyware Doctor installed?  Looks like that driver is part of SD...if you have it installed try uninstalling it.

You can just turn off verifier now I think.  Should be able to do that in safe mode if the system won't start normally (haven't ever seen verifier cause that, if it is please let me know for future reference.)
0
 

Author Comment

by:sinbad8508
ID: 24766096
Four tries- boot goes to blue verifier screen every time. Now booting in safe mode.

How do I turn VERIFIER off?
0
 
LVL 10

Expert Comment

by:Datedman
ID: 24766113
Delete existing settings.
0
 

Author Comment

by:sinbad8508
ID: 24766221
OK  rebooting now.The driver in question appears to be part of PC Tools Firewall Plus.

They have posted a revised driver on their forum, but I no longer use that FW.

I am about to try scrubbing it.

Reboot now ran normally.
0
 
LVL 10

Expert Comment

by:Datedman
ID: 24766277
Ah ok sorry I saw it was from PC Tools but when I hit their site I saw Spyware Doctor, DOH.
0
 

Author Comment

by:sinbad8508
ID: 24766425
DRAT!

No joy

We may have scrubbed that error, but it did not cure the main issue. Same symptoms still here.
Attempt to copy large file G: to F:
 
STOP: Ox0000007F  (0x00000008, 0xB8338D70, 0x00000000,0x00000000)

Shall we run Verifier again or ?
0
 
LVL 10

Expert Comment

by:Datedman
ID: 24766523
OK yup turn verifier back on. :)
0
 
LVL 10

Expert Comment

by:Datedman
ID: 24766529
I love to peel these onions. :)
0
 

Author Comment

by:sinbad8508
ID: 24766585
So why are my eyes watering??

OK Verifier on.

What settings?
0
 
LVL 10

Expert Comment

by:Datedman
ID: 24766625
Take the default settings and see what happens.  Hopefully next time you BSOD it'll give you useful info.  Like the driver name. :)
0
 

Author Comment

by:sinbad8508
ID: 24766775
Standard settings
All Drivers

here we go.
0
 
LVL 22

Expert Comment

by:optoma
ID: 24766927
Could you also post the last few dump files. Rename .dmp 's to  .txt or just zip a folder containing the dump files located at C:\WINDOWS\Minidump . Might also help in identifing BSOD's
0
 

Author Comment

by:sinbad8508
ID: 24766947
New errors on reboot.


First
jspclcap.sys''(WDM driver error 21f) [jspclcap.sys at B83B0597]

then reboot to

IOSYSTEM VERIFICATION ERROR in pctgntdi.sys (WDM DRIVER ERROR 224)

[pctgntdi.sys+4c96 at A2108C96

rebooting again
0
 
LVL 10

Expert Comment

by:Datedman
ID: 24766984
former looks like a printer driver?

Don't see anything on the latter.

BTW I'd limit it to unsigned drivers to start with...
0
 
LVL 10

Expert Comment

by:Datedman
ID: 24767016
http://msdn.microsoft.com/en-us/library/ms792869.aspx see the stuff about volatile settings...should work to just check until next BSOD without bugging you at startup.
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:sinbad8508
ID: 24767052
Just going again to safe mode to do the house cleaning.

BTW I have Acronis running. Perhaps the OS selection blocks normal reboot after Verifier.

I did run with only unsigned drivers selected and got immediately back to normal desktop.

I thought that perhaps best to just stay in safe mode but then I cannot test fix.
 
0
 
LVL 10

Expert Comment

by:Datedman
ID: 24767132
Immediately back to normal desktop is good.  Then wait for the BSOD. :)
0
 

Author Comment

by:sinbad8508
ID: 24767149
PC Tools is making quite an impression on me today.

The second file was from Jet Suite Fax. I have an old, but sturdy HP Laserjet  3100 Multifunction p rarely use the fax.  No loss there. HP can be forgiven for a printer ten years old.PC Tools pretends to avoid and fix problems.

Running file XFR test now.

0
 

Author Comment

by:sinbad8508
ID: 24767150
PC Tools is making quite an impression on me today.

The second file was from Jet Suite Fax. I have an old, but sturdy HP Laserjet  3100 Multifunction p rarely use the fax.  No loss there. HP can be forgiven for a printer ten years old.PC Tools pretends to avoid and fix problems.

Running file XFR test now.

0
 

Author Comment

by:sinbad8508
ID: 24767182
DRAT DRAT DRAT


STOP: Ox0000007F  (0x00000008, 0xB834070, 0x00000000,0x00000000)

0
 
LVL 10

Expert Comment

by:Datedman
ID: 24767190
back to all drivers i guess.  Try volatile tho so it will hopefully only happen on crash?
0
 
LVL 10

Expert Comment

by:Datedman
ID: 24767234
Hmm according to that page awawada sent, you have a double fault.  Nice...
You have the latest BIOS and drivers?
Try disabling write caching on disk drives?
0
 

Author Comment

by:sinbad8508
ID: 24767335
Now new error.

DRIVER_IRQL_NOT_LESS_OR_EQUAL -  blah blah

STOP:0x00000001  (0xA2A8D1AF, 0x00000002, 0x00000008, 0xA2A8D1AF)

***   mozy.sys - ADDRESS A2A8D1AF base at A2A81000, DAtestamp48dd5d3b
***   mozy.sys - ADDRESS A2A8D1AF base at A2A81000, DAtestamp48dd5d3b
0
 
LVL 10

Expert Comment

by:Datedman
ID: 24767367
Mozy backup?
0
 

Author Comment

by:sinbad8508
ID: 24767369
Going back to safe mode to delete Mozy.

Then plan to reboot.

What time zone are you in?
0
 
LVL 10

Expert Comment

by:Datedman
ID: 24767392
I wonder if you should try a fresh install in a new folder (can say not to overwrite existing install and pick new location) and see if that install has the same problem?  It's basically a dual-boot scenario but with the same OS on both boots.  If the problem exists on the fresh install, it's likely hardware. :)  Or could be drivers or BIOS but at least you'll know it isn't third-party software leftovers or whatnot.
0
 

Author Comment

by:sinbad8508
ID: 24767395
Mozy backup is online backup system.Very nice and no problem for over 2 years.

Important here in Florida where the whole house  and all backup can blow away. Still a bit complex.

Deleting it now.
0
 
LVL 10

Expert Comment

by:Datedman
ID: 24767425
I'm not sure it's Mozy, could be that some hardware issue or other-driver-complication is causing this since it's unlikely so many things should give you a problem.

I'm familiar with the FL situ, in Fort Lauderdale waiting to see if the *massive* thunderstorm comes back before venturing out to get groceries.  However I'm more in favor of storing backups offsite.  If the roof comes off during a hurricane I'll grab my external drive right after the dog.
0
 

Author Comment

by:sinbad8508
ID: 24767430
I wonder if you should try a fresh install in a new folder . . .

Right- I was thinking about using the totally clean F Drive for that. The to set BIOS to go there first. No need even to use Acronis.

 I am getting close to remdial drinking hour here. That's why I asked about your time zone.

0
 

Author Comment

by:sinbad8508
ID: 24767461
Cannot delete pgms in safe mode. Back to normal boot.
0
 
LVL 10

Expert Comment

by:Datedman
ID: 24767475
I  may be afk a bit myself shortly, have to clean the house and go shopping before the kids get here tonight for the weekend.  

Missed the TZ question but I'm on a work-till-you-fall-down schedule, varies but usually up most of the day/night.
0
 
LVL 10

Expert Comment

by:Datedman
ID: 24767483
U do have the latest BIOS and drivers?  btw when did this BSOD stuff start?
0
 

Author Comment

by:sinbad8508
ID: 24767516
Yes new BIOS and drivers updated by both me and bench tech.
0
 

Author Comment

by:sinbad8508
ID: 24767588
I am going to shut down in a few. I hope you will look in tomorrow for a report . I very much appreciate your help.

0
 

Author Comment

by:sinbad8508
ID: 24774364
Continuing tests today suggest that the diagnostic efforts suggested by Datedman have enabled me to cure the problem. (corrupted drivers identified by VERIFIER). Given the 45 day history of my struggles with this beast, I am not quite ready to close this matter, but so far it appears that we have indeed answered the question.

I will do more testing over the weekend.

Meanwhile thanks and have a good Forth!

sinbad
0
 

Author Comment

by:sinbad8508
ID: 24794304
Back on line- still troubleshooting. Now in SAFE mode trying to cure VERIFIER identified error:

"IO SYSTEM VERIFICATION ERROR pctgntdi.sys  (WDM driver error224)  [pctgntdi.sys+4c96 at A2037c96]

I am hunting for the pctgntdi.sys file. I ran RevoUninstaller to delete PC Tools files, but obviously not all were scrubbed.

FUN
0
 

Author Comment

by:sinbad8508
ID: 24794643
NOW BSOD

DRIVER_IRQL_NOT_LESS_OR_EQUAL

stop:0x000000D1 (0xA1F851AF, 0x00000002,0x00000008,0xA1F851AF)

XXX     MOZY.SYS  -ADDRESS A1F51AF  base at A1F79000, datestamp 48dd5d3b

XXX     MOZY.SYS  -ADDRESS A1F51AF  base at A1F79000, datestamp 48dd5d3b

searching and deleting Mozy.sys

Also have trouble ticket running at Mozy

0
 
LVL 10

Accepted Solution

by:
Datedman earned 500 total points
ID: 24794698
Still think it's a disk problem.  OR, could be a virus affecting those files?
0
 

Author Comment

by:sinbad8508
ID: 24798115
Hi Datedman-
Thanks for looking in. I hope you had a good weekend.
I've learned a lot since Friday. Part of the problem lies in a totally stubborn PC Tools Spyware Doctor package that clings on like Freddie. There are a couple of especially nasty bits (see http://www.pctools.com/forum/showthread.php?t=48526) and (http://www.pctools.com/forum/archive/index.php/t-44706.html) that seem to be nearly immune to everything but a format. One blocks all online access --something the PC Tools team initially denied and later admitted. There went Sunday.  

There are two new drives in the subject rig, including the C: drive, so I lean away from that theory. I have gained some info from the Event Viewer. This began when I installed Online Armor (a very solid program and not at fault except as a bystander). I disabled and later attempted to uninstall the PC Tools SD program, There were some weaknesses in the original C; drive, but that was replaced under warranty (Western Digital Raptor 76 gig).

I am now restoring the C: drive back to May 24. We'll see what happens then. Meanwhile, I'mm going to award the points on the initial question here, as the troubleshooting got be a better grip on the slimy mess here. Eventually I'll go to system 7, and I want try to limp along until the final release. I know there is an RC available now, but I really don't want to play with it.

If this saga continues, I'll post again. Thanks again for your help

sinbad








0
 

Author Closing Comment

by:sinbad8508
ID: 31599273
The original question now seems aspirational, and perhaps unrealistic. The assistance provided was very helpful in slogging through a series of problems, some totally unrecognized when I first asked the original question.
0
 
LVL 10

Expert Comment

by:Datedman
ID: 24798146
Good luck, I'll keep monitoring in case...good to know about PC Tools blech.  I only use Symantec corporate products for AV altho they haven't been enough in some cases for customers, but in many cases the prevention is about as bad as the alternative I guess.
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Storage devices are generally used to save the data or sometime transfer the data from one computer system to another system. However, sometimes user accidentally erased their important data from the Storage devices. Users have to know how data reco…
In the modern office, employees tend to move around the workplace a lot more freely. Conferences, collaborative groups, flexible seating and working from home require a new level of mobility. Technology has not only changed the behavior and the expe…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now