Question Per Driver Verifier Use In Windows 7

I'm running the diagnostic utility Driver Verifier in Windows 7 to detect the cause of some BSODs, which seem to occur when I'm editing video footage.

I know that DV must run for almost 24 hours continuously - does this mean I should temporarily disable Sleep Mode in the Win 7 OS?

As of now, Sleep Mode is enabled in my OS.

Thanks for any feedback!

 

Sleep mode on/off probably doesn't matter for your BSOD, I'd suggest 24+ hours of working time as a minimum as you've already pinpointed when it's most likely to happen.

Do you have any minidumps stored?

What are the bugcheck codes?

 

Thanks for responding.

Are you saying it's OK to leave Sleep Mode on and it wouldn't be a factor in running Driver Verifier?

I have a minidump stored from my latest BSOD (not sure of "bugcheck codes"), but I'd want to hold off on uploading it for any diagnosis for the moment, because I'm still waiting for overdue responses on another forum--and it isn't kosher to cross-post.

But if I don't get responses there soon, I'll submit a minidump for analysis. For now, I just wanted an answer on Sleep Mode and not get into diagnostics here so far, because again, cross-posting just isn't kosher.

And thank you again.

 

A link to your topic would be useful.

I really can't see how a BSOD during some heavy lifting would be triggered by Sleep mode switching but there's no real effort/risk to turning it off.

 

I would set my power settings to 'Never' in sleep mode in order to let the 24 hour test run correctly.

Let us know the results of the test.

Do you get an error code on the BSOD?

 

Thanks.

I wasn't able to get the error code, but I did get this from the BSOD of 5/19:

DRIVER_NOT_LESS_THAN_EQUAL [and] TCPIS

 

Do you get the BSOD occuring before, or after the windows 'splash' screen loads?

Does the BSOD also occur in Safe Mode?

Also, reset TCP/IP in a command prompt run as administrator, run the command:
netsh int ip reset

Hit enter and reboot!

 

The BSODs have occured well after the splash screen occurs, only during editing video footage.

I can't remember the occuring in Safe Mode.

 

Not transcribed accurately enough to get the bugcheck codes from.

Driver involvement most likely, almost certainly 3rd party, could be network-related driver only (eg. 3rd party firewall/security, torrent, network card driver) or two different BSOD causes. Need those minidumps and a link to the other site topic.

 

Most likely a 3rd party video capture app.
If your using one, try uninstalling any sound tap drivers running and see if that helps.

As satrow states, dump files will reveal the suspect!

 

Sysnative File Collection App attached (Zipped)

And Correction: BSOD from May 19th read:

IRQL_NOT_LESS_THAN_EQUAL [and] TCP/IP

Not certain of reference to "link to the other site topic," sorry.

 

Attached, per request. Will hold off on running Driver Verifier until minidump is analyzed.

 

This:

 

I am extremely conflicted about linking to another forum, as I feel it gets into
cross-posting, which is almost a violation of forums trust--committed by myself,
not by MG responders here.

I do apologize profusely about this; not sure how to proceed, sorry. I certainly don't
want to gum up the momentum here.

 

Generally, the shotgun approach, cross-posting to multiple fora in a very short time frame, is a big no-no/verboten.

After a couple/three days without reply on the original forum, it's fine to post afresh elsewhere - but - link both ways, so everyone can keep tabs on suggestions, and hopefully an eventual fix.

Commonly used explanation: https://www.excelguru.ca/content.php?184

Not had the debugging tools installed for some time, it might be some hours before I get results worth sharing.

 

Thanks. Will consider linking--but the other forum got on my case about any cross-posting.

Meantime, I upload video footage to Picasa, then import to Video Studio Pro, my digital video editor in Win 7. Also, a few months ago after BSODs, I changed to an earlier version of my video driver (for NVIDIA GeForce GTX 970) and the BSODs ceased. Until the one of May 19, during some video editing.

I will go ahead and run Driver Verifier this afternoon.

 

In the most recent dump it looks like *some driver* is creating a logjam - or blocking - a TCP/IP call which forces a timeout, main suspects would be Malwarebytes/Avast!/network driver (the latter is quite old, the latest driver "Win7 and Server 2008 R2 Auto Installation Program (SId:1152921504628030952)" should be here). The previous dump involves ntfs, disk checks (chkdsk) on all drives and SFC /SCANNOW are needed.

Try to do as much video editing/uploading as you can whilst running DV - but don't forget to create a Restore point first - to stress the most likely drivers.

 

Thanks. Will update network driver after DV run.

 

Thats interesting you note an Antivirus......I checked out dump 5 #071918-34304-01

Crash Count 1 with exception address points to: WIN7_DRIVER_FAULT

Process : MsMpEng.exe (a core process of Windows Defender)

Also with FAULTING_IP

 

~10 months old, maybe unrelated as changes were made:

Security checks can have a big impact on performance, esp. on lower spec. and older hardware when they're already being worked hard, having multiple security products active simultaneously, esp. at their default settings which are usually belt and braces anyway, during working sessions with high CPU%, memory/data throughput could push the limits too far.

Here it looks like we have a reasonable CPU (8350), single 8GB RAM, SSD +HDDs but potential for bottlenecking might be reduced somewhat by using dual channel RAM and locating the paging file onto the SSD (it's fine to have additional page files on an HDD or two - Windows will use the first drive to respond to each paging request).

Code:

[Processor Information (Type 4) - Length 42 - Handle 0004h]
  Socket Designation            CPUSocket
  Processor Type                Central Processor
  Processor Family              3fh - Specification Reserved
  Processor Manufacturer        AMD            
  Processor ID                  200f6000fffb8b17
  Processor Version             AMD FX(tm)-8350 Eight-Core Processor          
  Processor Voltage             8dh - 1.3V
  External Clock                200MHz
  Max Speed                     4000MHz
  Current Speed                 4000MHz
  Status                        Enabled Populated
  Processor Upgrade             Specification Reserved
  L1 Cache Handle               0005h
  L2 Cache Handle               0006h
  L3 Cache Handle               0007h
  Serial Number                                      
  Asset Tag Number                                  
  Part Number                   To Be Filled By O.E.M.
[Cache Information (Type 7) - Length 19 - Handle 0005h]
  Socket Designation            L1-Cache
  Cache Configuration           0180h - WB Enabled Int NonSocketed L1
  Maximum Cache Size            0180h - 384K
  Installed Size                0180h - 384K
  Supported SRAM Type           0010h - Pipeline-Burst
  Current SRAM Type             0010h - Pipeline-Burst
  Cache Speed                   1ns
  Error Correction Type         Specification Reserved
  System Cache Type             Unified
  Associativity                 2-way Set-Associative
[Cache Information (Type 7) - Length 19 - Handle 0006h]
  Socket Designation            L2-Cache
  Cache Configuration           0181h - WB Enabled Int NonSocketed L2
  Maximum Cache Size            2000h - 8192K
  Installed Size                2000h - 8192K
  Supported SRAM Type           0010h - Pipeline-Burst
  Current SRAM Type             0010h - Pipeline-Burst
  Cache Speed                   1ns
  Error Correction Type         Specification Reserved
  System Cache Type             Unified
  Associativity                 16-way Set-Associative
[Cache Information (Type 7) - Length 19 - Handle 0007h]
  Socket Designation            L3-Cache
  Cache Configuration           0182h - WB Enabled Int NonSocketed L3
  Maximum Cache Size            2000h - 8192K
  Installed Size                2000h - 8192K
  Supported SRAM Type           0010h - Pipeline-Burst
  Current SRAM Type             0010h - Pipeline-Burst
  Cache Speed                   1ns
  Error Correction Type         Specification Reserved
  System Cache Type             Unified
  Associativity                 Specification Reserved
[OEM Strings (Type 11) - Length 5 - Handle 000dh]
  Number of Strings             1
   1                            To Be Filled By O.E.M.
[Physical Memory Array (Type 16) - Length 23 - Handle 000eh]
  Location                      03h - SystemBoard/Motherboard
  Use                           03h - System Memory
  Memory Error Correction       03h - None
  Maximum Capacity              33554432KB
  Memory Error Inf Handle       [Not Provided]
  Number of Memory Devices      4
[Memory Array Mapped Address (Type 19) - Length 31 - Handle 000fh]
  Starting Address              00000000h
  Ending Address                00900000h
  Memory Array Handle           000eh
  Partition Width               255
  Extended Starting Address     0000000000000000h
  Extended Ending Address       0000000000000000h
[Memory Device (Type 17) - Length 34 - Handle 0010h]
  Physical Memory Array Handle  000eh
  Memory Error Info Handle      [Not Provided]
  Total Width                   0 bits
  Data Width                    64 bits
  Size                          [Not Populated]
  Form Factor                   09h - DIMM
  Device Set                    [None]
  Device Locator                A1_DIMM0
  Bank Locator                  A1_BANK0
  Memory Type                   02h - Unknown
  Type Detail                   0080h - Synchronous
  Speed                         0MHz
  Manufacturer                  A1_Manufacturer0
  Serial Number                          
  Asset Tag Number                            
  Part Number                   Array1_PartNumber0
[Memory Device (Type 17) - Length 34 - Handle 0012h]
  Physical Memory Array Handle  000eh
  Memory Error Info Handle      [Not Provided]
  Total Width                   64 bits
  Data Width                    64 bits
  Size                          8192MB
  Form Factor                   09h - DIMM
  Device Set                    [None]
  Device Locator                A1_DIMM1
  Bank Locator                  A1_BANK1
  Memory Type                   18h - Specification Reserved
  Type Detail                   4080h - Synchronous
  Speed                         1333MHz
  Manufacturer                  Undefined      
  Serial Number                          
  Asset Tag Number                            
  Part Number                   16G-D3-1600-MR  
[Memory Device Mapped Address (Type 20) - Length 35 - Handle 0013h]
  Starting Address              00000000h
  Ending Address                007fffffh
  Memory Device Handle          0012h
  Mem Array Mapped Adr Handle   000fh
  Partition Row Position        01
  Interleave Position           [None]
  Interleave Data Depth         [None]
  Extended Starting Address     0000000000000000h
  Extended Ending Address       0000000000000000h
[Memory Device (Type 17) - Length 34 - Handle 0014h]
  Physical Memory Array Handle  000eh
  Memory Error Info Handle      [Not Provided]
  Total Width                   0 bits
  Data Width                    64 bits
  Size                          [Not Populated]
  Form Factor                   09h - DIMM
  Device Set                    [None]
  Device Locator                A1_DIMM2
  Bank Locator                  A1_BANK2
  Memory Type                   02h - Unknown
  Type Detail                   0080h - Synchronous
  Speed                         0MHz
  Manufacturer                  A1_Manufacturer2
  Serial Number                          
  Asset Tag Number                            
  Part Number                   Array1_PartNumber2
[Memory Device (Type 17) - Length 34 - Handle 0016h]
  Physical Memory Array Handle  000eh
  Memory Error Info Handle      [Not Provided]
  Total Width                   0 bits
  Data Width                    64 bits
  Size                          [Not Populated]
  Form Factor                   09h - DIMM
  Device Set                    [None]
  Device Locator                A1_DIMM3
  Bank Locator                  A1_BANK3
  Memory Type                   02h - Unknown
  Type Detail                   0080h - Synchronous
  Speed                         0MHz
  Manufacturer                  A1_Manufacturer3
  Serial Number                          
  Asset Tag Number                            
  Part Number                   Array1_PartNumber3
Machine ID Information [From Smbios 2.7, DMIVersion 39, Size=1611]
BiosMajorRelease = 4
BiosMinorRelease = 6
BiosVendor = American Megatrends Inc.
BiosVersion = P1.20
BiosReleaseDate = 01/12/2016
SystemManufacturer = To Be Filled By O.E.M.
SystemProductName = To Be Filled By O.E.M.
SystemFamily = To Be Filled By O.E.M.
SystemVersion = To Be Filled By O.E.M.
SystemSKU = To Be Filled By O.E.M.
BaseBoardManufacturer = ASRock
BaseBoardProduct = 970A-G/3.1

 

So I ran Driver Verifier for 24 hours. I did some video editing and uploaded some digital photos.
The video editing was terribly sluggish, but the changes took OK. Video footage playback was also very sluggish--to be expected I'm sure with DV running.

There were no subsequent BSODs. I experienced many BSODs last summer.

I will look into Dual-channel RAM (I did have to replace a faulty memory stick about a year ago).

I also tried the NETSH INT IP RESET from a command prompt, logged in as Admin, but got an error message complaining it wasn't "elevated" and I wasn't executing as an Admin. Very curious.

 

If you start CMD from the Start>Run box, it should automatically run as Admin. NETSH INT IP RESET isn't going to do anything for the problem as I see it.

I look on 24 hours as the minimum for DV, your trigger seems quite specific to the workload during one series of tasks, rather than a general/random BSOD which is often caused by a 3rd party driver loading at startup - I'd want to have DV running for at least the next 3-4 video editing sessions.

 

I'll run DV again as I edited more videos.

Will update the network driver as you suggested. RCN cable provider recently upgraded my cable internet speed; unsure if that's any kind of factor.

Any other suggested diagnostics to run?

Thanks!

 

I tried to install that network driver and Malwarebytes blocked it due to "A Trojan!"

 

It's likely a false positive, pretty unusual for them. The zip file scores 0/64 = clean at VT, so it's likely tripping up over a .bat or temp file.

What's the name/infection given?

Anyway, that might be the catalyst for you to cut back on that security overlap, at least during testing/troubleshooting.

Added: disk checks and SFC, the previous dump flagged NTFS.

 

Back to you shortly on that.

 

To security system software?

Judging by what Im seeing in the dumps, this is a highly probable cause!
Running multiple security system software programs in conjunction with Windows Defender may be causing already high resource usage.
Once the video editing program is run, this is enough to be causing system interrupts and a breakdown in communication between hardware and software directly affecting the latency of kernel-mode device drivers.
(I agree a NETSH INT IP RESET is not going to help).

ColKorn, If nothing else you have been advised about works;

Can you list all the security software programs that are running on your device for us?

As a test, I would disable all of them (including Win Defender) and just have one running (ie Malwarebytes), then stress test the system again by running Video Studio Pro.
Making sure to check in Device Manager on CPU and Memory % rates.

Having a 'clean bill of health' from any Malicious Software running in the background would also help enormously.

 

I don't know, though there have been changes to security software since the latest dump. The change that led to a 6 month reprieve from BSODs, until the bugcheck flagging NTFS in March, was a GPU driver change. We're now into June and there's been only one bugcheck that's given us a minidump since then, cf. 33 minidumps in a 4 month period during mid-2018.

Other than evidence of some fraudulent software, I see no sign of malicious software in the collected data.

 

Run this utility and upload the log file.
Download SFC Utility - MajorGeeks

 

Thanks. Will run this today.

 

I uninstalled Avast last year and replaced it with MSE.

My only security programs now are Malwarebytes and MSE.

 

Both recent dumps have what looks like the full suite of Avast's drivers loaded, MSInfo32 shows similar though no evidence that it was running: follow the instructions carefully to run the ASWClear cleanup tool.

 

Do this first, restart, and run the SFC Utility.

 

Ran ASWClear and got rid of Avast remnants.

 

SFC report attached.

 

No problems detected by the System File Checker.
Now run this bath file and upload the log.

 

Chkdsk Report attached.

 

That was for the SSD only, we also need checks run on the 3x HDD

 

No problems detected by check disk.

 

How about checking the 3x HDDs next?

 

OK. How do I configure Chkdsk to also check 3x HDDs?

 

Thank you.

Where in the configuration of Chkdsk does this get set up?

Will run tomorrow AM. Family obligations now!

 

From the Administrative Command prompt or manually, from the Properties sheet for each drive in Explorer:
https://www.howtogeek.com/howto/windows-vista/guide-to-using-check-disk-in-windows-vista/

 

Thanks.

 

Unable to run Chkdsk this AM due to intense, time-consuming physical therapy.

Will run later this afternoon. My apologies.

 

I was able to run Chkdsk on Drive E and found no errors.

However, the system wouldn't let Chkdsk run on Drives D & F, because "they were in use."

Did I want to force a dismount? Ummm....

 

Try to force a dismount, if that fails, it might offer to run at boot, allow it. (The pagefile's on one of those drives, that's likely to be in use.)

 

OK. Tomorrow AM, another Chkdsk on Drives D & F.

TY

 

Will the system automatically "re-mount" if I force a dismount for a Chkdsk run?