This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(73.60000000000001, 65%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
Windows 7. It is accidental but happened many times. When the desktop was appeared, There were so many appearances just below.
Thank you very much!
It seemed that PsSetCreateProcessNotifyRoutine was called first. Then, when any process was created, the child would be blocked until the parent process ran some function.
Great!Actually, PsSetCreateProcessNotifyRoutine was called first.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(28.799999999999997, 57.99999999999999%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECF%3C/text%3E%3C/svg%3E)
Hi,
The memory dump provided some information about kbdhid.sys and usb.sys. You need to update your USB driver, mainboard driver, keyboard driver from manufacturer's official website.
Restart to Safe Mode to check if the issue still insists.
Then Perform a clean boot and disable security software temporarily.
Could you open cmd window, right click and run as admin. Type the command below:
sfc /scannow
DISM /Online /Cleanup-Image /RestoreHealth
Best Regards,
Carl
Thank you. As we know, if we clicked ctrl_r-scrollock-scrolllock, the Windows should be bluescreened, and the coredump must showed some information about kbdhid.sys and usb.sys. It was normal.
I thought the driver of mainboard or keyboard was not the reason.