In case you are able to boot into the system, then perform a Clean Boot and see if the problem persist, take a look at:
https://support.microsoft.com/en-us/topic/how-to-perform-a-clean-boot-in-windows-da2f9573-6eec-00ad-2f8a-a97a1807f3dd
If not, you may enable services one by one to see which one is causing the problem.
Are you facing the same issue in the Safe Mode too?
BSOD on startup every day - Trying to identify specific causation
Hi all,
For the past week or so I've been experiencing BSODs whenever I power on the computer first during the day; after we REACH the Windows splash screen, I have no further issues, even when restarting.
rom reviewing the Event Logs I can see one in there stating the following:
"The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly."
followed closely by:
"The driver \Driver\WudfRd failed to load for the device PCI\VEN_5853&DEV_1003\1&1a590e2c&0&03."
So far as far as causation goes, this is the only thing throwing flags, as I've successfully performed Windows Memory Diagnostics with no issues being found, system file checks with no corruption being found, and lastly checking in on the device manager and checking all tabs to ensure nothing in there is throwing errors. As far as I can tell, these issues began this week.
I know that this week I plugged in a new keyboard that is different to that of my old one, and in doing so I needed to download some more drivers for it, however I went from a Roccat Aimo 120 to a Roccat Aimo 100, to which the only real difference is the fact that the 100 doesn't have a hand wrest with the keyboard. Besides that, it doesn't appear any different specification wise, so I'm unclear on whether this is the cause. I also changed my power plan on the rig from Balanced to Performance, though I don't expect this to be the cause.
Originally I believed perhaps that drivers were the issue, however, now I'm not so sure.
To cut a long story short, I ran a bugcheck analysis using the Windows Debug tools which threw me the following:
12: kd> !analyze -v
***
*
Bugcheck Analysis *
*
***
MEMORY_MANAGEMENT (1a)
# Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 0000000000041792, A corrupt PTE has been detected. Parameter 2 contains the address of
the PTE. Parameters 3/4 contain the low/high parts of the PTE.
Arg2: ffff83816716da08
Arg3: 0000800000000000
Arg4: 0000000000000000
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 3249
Key : Analysis.DebugAnalysisManager
Value: Create
Key : Analysis.Elapsed.mSec
Value: 10478
Key : Analysis.Init.CPU.mSec
Value: 1249
Key : Analysis.Init.Elapsed.mSec
Value: 65592
Key : Analysis.Memory.CommitPeak.Mb
Value: 73
Key : MemoryManagement.PFN
Value: 800000000
Key : WER.OS.Branch
Value: vb_release
Key : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z
Key : WER.OS.Version
Value: 10.0.19041.1
BUGCHECK_CODE: 1a
BUGCHECK_P1: 41792
BUGCHECK_P2: ffff83816716da08
BUGCHECK_P3: 800000000000
BUGCHECK_P4: 0
MEMORY_CORRUPTOR: ONE_BIT
BLACKBOXNTFS: 1 (!blackboxntfs)
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: autochk.exe
STACK_TEXT:
ffff988d4679f388 fffff8054624423a : 000000000000001a 0000000000041792 ffff83816716da08 0000800000000000 : nt!KeBugCheckEx
ffff988d4679f390 fffff80546242a6f : ffff8688b7883700 0000000000000000 ffff868800000002 0000000000000000 : nt!MiDeleteVa+0x153a
ffff988d4679f490 fffff80546212c10 : 0000000000000001 ffff988d00000000 ffff8688b7883550 ffff8688b7910080 : nt!MiDeletePagablePteRange+0x48f
ffff988d4679f7a0 fffff80546252277 : 000000002ce2db4f 0000000000000000 ffff868800000000 fffff80500000000 : nt!MiDeleteVad+0x360
ffff988d4679f8b0 fffff805465f908c : ffff988d00000000 0000000000000000 ffff988d4679fa10 000002ce2db30000 : nt!MiFreeVadRange+0xa3
ffff988d4679f910 fffff805465f8b65 : 00007ff70784b980 000002ce44f49e50 ffff988d4679fad8 0000000000000000 : nt!MmFreeVirtualMemory+0x4ec
ffff988d4679fa60 fffff80546408bb8 : ffff8688b7910080 ffff868800000001 0000000000000000 ffff868800000000 : nt!NtFreeVirtualMemory+0x95
ffff988d4679fac0 00007ffa4676d134 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : nt!KiSystemServiceCopyEnd+0x28
000000e2f757a4b8 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : 0x00007ffa`4676d134
MODULE_NAME: hardware
IMAGE_NAME: memory_corruption
STACK_COMMAND: .thread ; .cxr ; kb
FAILURE_BUCKET_ID: MEMORY_CORRUPTION_ONE_BIT
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {e3faf315-c3d0-81db-819a-6c43d23c63a7}
Followup: MachineOwner
I work in tech, but I am by no means a master, and to be frank, I don't know what I'm reading here. I can gather that it is telling me that there's something wrong with memory, in that it's seeing corruption, but other than that I'm honestly not too sure.
Here's the event log that prompted me finding these issues:
Event ID 1001
The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001a (0x0000000000041792, 0xffff83816716da08, 0x0000800000000000, 0x0000000000000000). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: 15812135-3f48-42c4-b474-5b9fd5a5cf7e.
If there's any more information required, please don't hesitate to ask and I will do my best to gather it for you.
71 answers
Sort by: Oldest
-
Reza-Ameri 16,836 Reputation points
2021-10-15T15:34:40.743+00:00 -
Darrell Gorter 1,296 Reputation points
2021-10-15T17:41:59.407+00:00 Hello,
Are you running Citrix Software?
The PNP id VEN_5853&DEV_1003\1&1a590e2c&0&03 you mention is for a Citrix Indirect Display Adapter.
Maybe try disabling this as a test to see if you get the same error message -
YELDUR 1 Reputation point
2021-10-16T11:47:09.263+00:00 Hi everyone,
I have booted up the machine today and was not met with a BSOD, or a repair, however, the machine did reboot from a bugcheck just like before, I've gathered the MiniDump file like before and am posting it here:
0: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* INTERNAL_POWER_ERROR (a0) The power policy manager experienced a fatal error. Arguments: Arg1: 000000000000010e, The disk subsystem returned corrupt data while reading from the hibernation file. Arg2: 000000000000000a Arg3: 000000000000f794, Incorrect checksum Arg4: 000000000000e2f1, Previous disk read's checksum Debugging Details: ------------------ KEY_VALUES_STRING: 1 Key : Analysis.CPU.mSec Value: 2265 Key : Analysis.DebugAnalysisManager Value: Create Key : Analysis.Elapsed.mSec Value: 6154 Key : Analysis.Init.CPU.mSec Value: 608 Key : Analysis.Init.Elapsed.mSec Value: 80411 Key : Analysis.Memory.CommitPeak.Mb Value: 70 DUMP_FILE_ATTRIBUTES: 0x9 Hiber Crash Dump Kernel Generated Triage Dump BUGCHECK_CODE: a0 BUGCHECK_P1: 10e BUGCHECK_P2: a BUGCHECK_P3: f794 BUGCHECK_P4: e2f1 CUSTOMER_CRASH_COUNT: 1 STACK_TEXT: ffff9806`717a7608 fffff805`2f9a13d4 : 00000000`000000a0 00000000`0000010e 00000000`0000000a 00000000`0000f794 : nt!KeBugCheckEx ffff9806`717a7610 fffff805`2f9aebf1 : 00000000`00000001 ffffd208`fc959a90 00000005`c1b61000 ffffd209`41c3e000 : nt!PopHiberChecksumHiberFileData+0x10784 ffff9806`717a7670 fffff805`2f9a09ad : 00000000`00000000 ffffe584`ac235f38 00000000`00000001 00000000`00000001 : nt!PopRequestRead+0x7d ffff9806`717a76e0 fffff805`2f98fde0 : 0000b461`8930c9e4 ffffe584`ac235f38 00000000`00000000 00000000`00000000 : nt!PopRestoreHiberContext+0x10a75 ffff9806`717a7770 fffff805`2f98fb1e : fffff805`2fc503a0 ffff9806`717a78f0 fffff805`2fc503a0 00000000`00000100 : nt!PopHandleNextState+0x210 ffff9806`717a77c0 fffff805`2f98f89b : 00000000`00000100 fffff805`2fc503a0 00000079`80c46556 00000000`00989680 : nt!PopIssueNextState+0x1a ffff9806`717a77f0 fffff805`2f992ba9 : ffff9806`717a7a00 00000000`00000018 00000000`00000000 fffff805`2f99292f : nt!PopInvokeSystemStateHandler+0x33b ffff9806`717a79f0 fffff805`2f99263a : ffffffff`00000000 ffffffff`ffffffff 00000000`00000000 00000000`00000000 : nt!PopEndMirroring+0x1e9 ffff9806`717a7ab0 fffff805`2f992325 : 00000000`00000000 00000000`00000000 00000000`00000001 00000000`00000000 : nt!MmDuplicateMemory+0x2be ffff9806`717a7b40 fffff805`2f355855 : ffffd209`031af000 ffffd209`031af040 fffff805`2f9921f0 00000000`00000001 : nt!PopTransitionToSleep+0x135 ffff9806`717a7bd0 fffff805`2f3fe818 : ffff8081`a5200180 ffffd209`031af040 fffff805`2f355800 00000000`00000000 : nt!PspSystemThreadStartup+0x55 ffff9806`717a7c20 00000000`00000000 : ffff9806`717a8000 ffff9806`717a1000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x28 SYMBOL_NAME: nt!PopHiberChecksumHiberFileData+10784 MODULE_NAME: nt IMAGE_NAME: ntkrnlmp.exe IMAGE_VERSION: 10.0.19041.1237 STACK_COMMAND: .thread ; .cxr ; kb BUCKET_ID_FUNC_OFFSET: 10784 FAILURE_BUCKET_ID: 0xa0_10e_nt!PopHiberChecksumHiberFileData OSPLATFORM_TYPE: x64 OSNAME: Windows 10 FAILURE_ID_HASH: {28ba2091-a476-6f77-2dec-6241bccd4685} Followup: MachineOwner ---------
On the bright side it appears different to that of what we've been seeing previously. I've ran another chkdsk on the C: and D: drives which discovered no issues at all.
We have a couple more errors inside the Event Log, here they are in order (top comes first, bottom came last):
Event ID 10029
The activation of the CLSID Windows.Media.Capture.AppCaptureManager timed out waiting for the service BcastDVRUserService_4c8f0a2 to stop.Event ID 29
Windows failed fast startup with error status 0xC0000001.
Event ID 6008
The previous system shutdown at 3:52:34 AM on 10/16/2021 was unexpected.
Event ID 41
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Event ID 1001
The computer has rebooted from a bugcheck. The bugcheck was: 0x000000a0 (0x000000000000010e, 0x000000000000000a, 0x000000000000f794, 0x000000000000e2f1). A dump was saved in: C:\WINDOWS\Minidump\101621-9000-01.dmp. Report Id: af119261-f2ed-4e8e-be4b-0c021838a51c.
Event ID 10005
DCOM got error "87" attempting to start the service GamingServices with arguments "Unavailable" in order to run the server:
{3E8C9ABE-9226-4609-BF5B-60288A391DEE}No BSOD, but issues appear to be continuing even when loading up into a clean boot environment unfortunately, and after uninstalling Citrix.
-
Docs 15,146 Reputation points
2021-10-16T14:09:16.97+00:00 Please run the V2 log collector and post a share link into this thread using one drive, drop box, or google drive:
https://www.windowsq.com/t/bsod-posting-instructions.17/
https://www.windowsq.com/resources/v2-log-collector.8/
https://www.tenforums.com/bsod-crashes-debugging/2198-bsod-posting-instructions.html%
%
%
%
%The Microsoft Q&A email notifications are not working in my account.
A thread was opened in the feedback area.
To date there has been to fix.
So there likely will no longer be a fast reply to posts.
And posts may be missed.
Comments can be made in the feedback thread to indicate that a post was made..
.
.
.
.
Please remember to vote and to mark the replies as answers if they help.On the bottom of each post there is:
Propose as answer = answered the question
On the left side of each post: Vote = a helpful post
.
.
.
.
. -
Docs 15,146 Reputation points
2021-10-16T21:04:18.93+00:00 Please perform the following steps:
(some may have been performed earlier in the troubleshooting)1) Open administrative command prompt and type or copy and paste:
sfc /scannow
dism /online /cleanup-image /restorehealthWhen these have completed > right click on the top bar or title bar of the administrative command box > left click on edit then select all > right click on the top bar again > left click on edit then copy > paste into this thread
2) Open administrative command prompt and type or copy and paste: (all at one time)
wmic recoveros set autoreboot = false
wmic recoveros set debuginfotype = 7
wmic recoveros get autoreboot
wmic recoveros get debuginfotype
wmic computersystem where name=%computername% set automaticmanagedpagefile=true
wmic computersystem where name=%computername% get automaticmanagedpagefile
bcdedit /enum {badmemory}
powercfg -h offWhen these have completed > right click on the top bar or title bar of the administrative command box > left click on edit then select all > right click on the top bar again > left click on edit then copy > paste into this thread
3) Open administrative command prompt and type or copy and paste:
chkdsk /r /v W:
(change W to the applicable drive letter: C or D)
(test all drives)
(the windows drive testing can be performed overnight)C:\WINDOWS\system32>chkdsk /r /v C:
The type of the file system is NTFS.
Cannot lock current drive.Chkdsk cannot run because the volume is in use by another
process. Would you like to schedule this volume to be
checked the next time the system restarts? (Y/N)(type: y)
https://www.tenforums.com/tutorials/4189-turn-off-fast-startup-windows-10-a.html
https://www.tenforums.com/tutorials/2859-enable-disable-hibernate-windows-10-a.html
https://www.tenforums.com/tutorials/40734-drive-error-checking-windows-10-a.html
https://www.tenforums.com/tutorials/40822-read-chkdsk-log-event-viewer-windows-10-a.html4) Run Memtest86 for two tests of four passes:
Repeat the test so that there are a total of eight passes.
Find a camera or smartphone camera to take pictures and post images into this thread.
For any problems posting images please use share links.
Memtest86 has a feature to view a text report.
Please post both images and text reports.
5) Uninstall and reinstall:
e1r68x64.sys
Intel(R) I211 Gigabit Network ConnectionName [00000001] Intel(R) I211 Gigabit Network Connection
Adapter Type Ethernet 802.3
Product Type Intel(R) I211 Gigabit Network Connection
PNP Device ID PCI\VEN_8086&DEV_1539&SUBSYS_85F01043&REV_03\6&2AD155D1&0&0028000A
Driver C:\WINDOWS\SYSTEM32\DRIVERS\E1R68X64.SYS (12.18.11.1, 579.37 KB (593,272 bytes), 13/07/2021 22:03)e1rexpress Intel(R) PCI Express Network Connection Driver R c:\windows\system32\drivers\e1r68x64.sys
6) For any new BSOD after performing all of the above steps run V2 and post a share link into this thread.
.
.
.
.
.
Please remember to vote and to mark the replies as answers if they help.On the bottom of each post there is:
Propose as answer = answered the question
On the left side of each post: Vote = a helpful post
.
.
.
.
.