Readers like you help support MUO. When you make a purchase using links on our site, we may earn an affiliate commission. Read More.

My computer and my friend's computer are having crash issues. Is there a system utility that you can run and use to take snapshots of what is going on? My computer is Windows 7, and I do use Perfmon and Sysmon for it, but I don't know what to use for XP. And even for Windows 7, i'm not provided with information (like hardware interrupts) that I'd like to have handy.

FIDELIS
2011-11-20 20:36:00
Hello, I have same card you have in a crossfire configuration.  Is your overdrive turned on in catalyst manager?  Is that how you are getting your temperatures?  In that system, temperatures never pass 28 degrees and the fan never passes from running at 40%.  Do you still have warranty on the card?  If you do, you could try returning it.  Did you try running your computer with the incorporated card for long?  I would give it a shot for a few days to check if it does the same.  If for some reason is does same with incorporated card, I am afraid you will have to start checking your motherboard.  Only way to do it by yourself though is by changing the motherboard with a known motherboard that works.
MAKEUSEOF VIDEO OF THE DAY
SCROLL TO CONTINUE WITH CONTENT
Ray
2011-11-22 00:52:00
Answering your Questions:  Overdrive is not turned on.Warranty is long gone.If the ATI is out, this does not happen. (ie not mother board)When it does happen it only happens once.  Then computer automatically restarts and will run for days.
Ray
2011-11-20 19:23:00
I checked it before the crash, and just now.  It says it is at 46c.  I did quite a bit of reading on this subject, and people run at much higher temps.Is 46 out of line?  
Jeff
2011-11-20 19:31:00
No, 46 degrees Celsius (114 degrees Fahrenheit) is not excessive. However, if you just booted , this temperature is likely to get higher. Keep checking, perhaps you can monitor the temperature just before the crash. In your device manager, are any drivers listed as corrupt or faulty? As a last ditch effort, see if your system performs nominally in a Linux environment.
Ray
2011-11-20 20:00:00
I am going to keep using it.  Since I have been out of work so long, I do not have ability to get new card.I will just restart 30-60 minutes after power up.   That avoids the issue (I don't know why).My system disk contains nominal data beyond windows and program files, so restoring if there ever is a loss of disk info will not be hard.The performance difference is significant even just viewing 1080 videos, so I am going to try to keep it going as long as I can.If I find anythings that work, I will post...Thanks again...
Ray
2011-11-20 19:11:00
So here I am again.   Friday i put video card back in after installing update to driver.No crashes Friday or SaturdayI felt it starting this morning after being on for several hours.   Turned on PSR, checked heat levels which were all in low range of what's normal.after 10 minutes BSOD'd.  Nothing left from PSR.  did get this information from who crashed.I am quite sure it's the video card, but have no idea what to do to resolve it.On Sun 11/20/2011 6:44:04 PM GMT your computer crashedcrash dump file: C:WindowsMinidump112011-26254-01.dmpThis was probably caused by the following module: ntoskrnl.exe (nt+0x7CC40) Bugcheck code: 0x124 (0x0, 0xFFFFFA8007150038, 0xF2000040, 0x800)Error: WHEA_UNCORRECTABLE_ERRORfile path: C:Windowssystem32ntoskrnl.exeproduct: Microsoft® Windows® Operating Systemcompany: Microsoft Corporationdescription: NT Kernel & SystemBug check description: This bug check indicates that a fatal hardware error has occurred. This bug check uses the error data that is provided by the Windows Hardware Error Architecture (WHEA). This is likely to be caused by a hardware problem problem. This problem might be caused by a thermal issue. The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time. 
Jeff
2011-11-20 19:15:00
Hi Ray,If your video card is the problem, consider replacing it. As of now, I would say that the video card is overheating, or at least that's what all of the logs indicate. - Jeff
Ray
2011-11-19 01:01:00
I wonder if my other comment will show up:Anyways, this point was made earlier "Rootkits modify your operating system's kernel and most frequently patch I/O calls and callbacks.".   One of the Microsoft tools actually verifies the checksums for all software to be loaded at boottime.   I would have thought that was a pretty good indicator that nothing had changed in them.   I really don't think I have any bad influences floating in my computer, but it was disconcerting to think what many others indicate as thorough is not complete answer.Might be nice just to start another question to pursue this... (before it is too late)
Jeff
2011-11-19 01:26:00
Hi Ray,I'd be interested in seeing such a tool, however if it's verifying the checksums of the software, that probably doesn't include the kernel. Even if it did, the Windows kernel is loaded into memory and getting a checksum of a memory address is unreliable.
Ray
2011-11-19 01:57:00
But the file (or files) that are loaded "in the kernel" can be checked, or are they invisible or otherwise forbidden fruit.  I had thought many things get loaded into the kernel, that all of them come from files.  FYI I did get more info with and updated WhoCrashed indicating the error was in hal.dll hardware abstraction layer.  From what I have read this runs in the Kernel...Anyways, assuming my prior status update did not show up.I checked again and there was a new driver for my card as of November 15th. I have downloaded installed and am running on it.   Very happily surprised to find the new driver increased performance from 6.9 to 7.5.   Now I can type as fast as I want... (joking here)
Jeff
2011-11-19 02:01:00
That's good to hear, Ray! I assume you pinpointed it down to the graphics card?
Ray
2011-11-18 19:18:00
Hello again.   Yesterday after backing everything up, and shortly after getting the 4th BDOD of the week (1 per day), I turned machine off for 8 hours.Pulled the Graphics card and rebooted.     No BSODThis morning No BSOD.I think that points directly to graphics...   Nasty for me, my graphics performance went from 6.9 to 3.5.    oh well... 
Richard Carpenter
2011-11-18 21:22:00
That boils it down pretty good, the driver or the card itself... Hopefully the driver :-)
Ray
2011-11-17 06:17:00
Very interesting discussion.  Glad it did not get political.  I am unemployed and have no funding available, are any of the tools mentioned free and trustworthy....
Jeff
2011-11-17 07:40:00
Ray, see my previous post. Rootkit Revealer, Root Repeal, Sophos Anti-Rootkit or GMER
Ray
2011-11-17 15:28:00
I have to let my frustration be tempered with a couple days not thinking about it.   I will post results for sure...Thank you for your help.   FYI I constantly badger my daughter about her Apple Laptop.   Never seen her have any of these issues.  I know I can do more on MS Windows, but I understand her love...
Richard Carpenter
2011-11-17 21:21:00
Again want to apologize for the previous comment.Apple is actually very venerable to attacks, just does not have a big enough market share. They did get hit pretty hard a few months ago. That said, I still use them and have several, go figure.This kind of troubleshooting can be hard to do, always makes me mad when it turns out to be something simple and have spent days or weeks troubleshooting.Hopefully between all of us, we can help you get it figured out. Definitively keep us posted :-) 
Ray
2011-11-16 20:14:00
Thanks for all the comments.   Lots of stuff in them to try.   So tired of it all, if you can understand that.    Step by step I will work thru it.   I always have multiple level backups ..I am going to do the klite first because that had been updated in the interim...Simple question:  Won't things like Malwarebytes, Microsoft Security Scanner and the Microsoft Malicious Software Removal tool catch RootKits?   Or are they beyond ....
Jeff
2011-11-16 20:57:00
Hi Ray,Your traditional anti-virus/anti-spyware won't detect rootkits as they typically run at the "application level", rootkits run much lower. Rootkits modify your operating system's kernel and most frequently patch I/O calls and callbacks. The problem with anti-viruses is that they clean your system with the false pretence that you can trust the operating system. A rootkit effectively compromises your system and tells it to lie about what is actually going on. As a programmer, I'm sure your aware of the dangers of the operating system returning false information. Most of the .net libraries RELY on that information. If you query the operating system for which processes are running, you're most likely to use the System.Diagnostics.Process namespace. So essentially, you're asking the attacker to keep you updated. Obviously, it's not in the attackers best interest to return honest results. So in order to detect the rootkits, we programmers must dig a lot deeper and write our own libraries that don't rely on an altruistic operating system. In fact, if you find that you are infected by a rootkit, the only method I recommend to remove it is to do a full reinstall. The tools are there to simply let you know it's there. The logic behind rootkits is convoluted, but very interesting. If you're unlucky enough to have been infected by a rootkit: kneel down and kiss your ass goodbye, because you won't even know it's there ;)Sorry for the long reply!- Jeff
Richard Carpenter
2011-11-16 21:12:00
9 times out of 10 a rootkit can be removed by scanning in safe mode. I ussually run ccleaner than a removal tool in safemode, tell all malware is gone. A old IT Guru showed me the way he does it, and it ain't failed me yet :-) If you have ANYTHING sensitive on the computer, than you would not want to take the chance either, like Jeff has said. There are a few rootkit detectors, but most kick back false alarms all day, almost too aggravating to mess with.
Jeff
2011-11-16 21:29:00
I think 9 out of 10 is extremely high, I would set the odds at something more like 2-3 out of 10. I encourage you to build a rootkit and install it on a virtual machine, then see how difficult it is to remove ;) The only way it would be 9 of 10, is if it were written by a bunch of skid monkeys using VB implementing public libraries or using prehistoric sources. :)However, even if that statistic were true, recognizing the infection is the hardest part. After all, anyone can reinstall...Understand that the need to do so is what aids the success rate of rootkits.
Richard Carpenter
2011-11-16 23:49:00
The stat I used comes from experience and certification. I have looked at source code for common modern rootkits and various Malware, even tweaked with them for forensics reason. I have installed rootkits on test machines and VMs for research purposes. A rootkit was once a major boogeyman, but is no longer the major scare it once was, like the early 2000s. A rootkit is a program just like anything else, The reason I mentioned sfemode is becuase only a small portion of the OS is loaded and makes it easier for the removal tool to remove themVirus removal is what I do on the side, not to mention my full time job is IT. If I could not detect and remove a rootkit I would not be worth a grain of salt. People pay me because I can diagnose the problem, whether it is a virus etc. etc.ReInstall is not a magic answer, and can be major waste of time.I do not mean to get defensive, but putting in a public forum that I inflated a stat, only experimented with outdated and useless malware, and last but not least do understand the process involved is rather insulting.
Jeff
2011-11-17 00:52:00
I did not mean to be "that guy". I questioned the statistic, not your experience or intellect (: Of course if you're scrutinizing the rootkit in a controlled environment, using various RE techniques you'll be able to patch it. A rootkit could remain a zero day for years, ya? Until a formal signature has been established for it, rootkit removers simply won't help (unless you have an extremely intelligent heuristics engine). And let's face it, the majority of users don't know what behaviour is considered "abnormal" when analysing network calls, file I/O and logs (or lack there of) for a rootkit.I don't typically see rootkits getting detected, unless the author did something stupid like installing a pseudo-driver or queried another [protected] node on the network. The ones that are detected, are most likely a direct result of the developer sharing the source or stub on an underground network or otherwise attacked a high level firm, where the source of the attack is critical.Then you must worry about patching the vulnerability that allowed the rootkit's entrance and any other's that it created, doubling down on surveillance, cleanup from any bi-product infections, such as trojan downloaders. To me, it seems significantly more secure and logical to backup your non-executable files and wipe it down. Very rarely do I think that a reinstall is the best answer, here I do.All this discussion and Ray may not even have a rootkit, hehe. If you want to continue this discussion, email me at electricnetworks[at]gmail[dot]com
Richard Carpenter
2011-11-17 21:11:00
I flew off the wagon with my previous comment, so no need to finish the discussion else where. I am a "Security" guy and almost live and breath the stuff. My opinion has not changed, but I could have presented it better. That said, you made valid argument to it. I have had great luck removing rootkits, and my technique is sound, but that does not mean I have removed every malware that has come my way by any means.Sorry to Ray and everyone else, that is not what this forum is for. 
FIDELIS
2011-11-16 06:00:00
Hello, one of the reason this error could happen is overheating.  Disconnect cpu cooler and remove the cpu.  Reset the cpu in socket.  Apply new thermal paste.  Recommend to use Artic Silver 5.  Make sure that all connections are set properly inside case and free of dust.  Also recommend to do the following after:-- install updates and device drivers for your computer from Windows Update-- full scan with antivirus-- check harddrive for errorsIs your graphics card overclocked?  If it is, make sure to set it back to defaults.  Also to make sure your hardware is ok, try stress testing it.  You could use the following:http://www.sevenforums.com/tutorials/100352-hardware-stress-test-prime95.htmlFor testing temperature, use the following:http://www.almico.com/speedfan.phpFor GPU, you can use the following:http://www.ozone3d.net/benchmarks/fur/
Ray
2011-11-16 00:49:00
When I happen to be on the computer, it just gets very jerky in it's actions.  When you move the cursor it is not smooth, it sort of takes lots of tiny steps.  Moving a window same only steps seem bigger.  Task manager and perfmon show no indication of this symptom.Once it crashes once it will run for days with no issues.   I don't think it has to do with any software.I have gone so far as restarting once after 15 minutes in which case the issue does not arise. I actually could think it has to do with warming up of Graphics card, but I have no way to check that.As information it is a Radeon HD5770 with 1024mb memory.  The Driver version is 8.850 and was installed around 4-19-2011 when it was released.  GPU is running at core temp right now (after 8 hours online) of 116F (this seems like it might be high)  It says the CPU is running at 93F (min=91F,max=100F).  It is important to note I have not been doing anything on that system today.  It has been on with the thought I would be using it, but I have been distracted all day.  I am on a different computer at the moment..  I might just take out the GPU and see what happens.  I am leery because being unemployed if anything goes wrong I am SOL...  U know that old law by Mr Murphy always haunts us....I have done this before but here is information I can get to...It did crash after about an hour, but restarted, Who Crash reports:    On Tue 11/15/2011 6:28:28 PM your computer crashed    This was likely caused by the following module: hardware    Bugcheck code: 0x124 (0x0, 0xFFFFFA8007195038, 0xB2000040, 0x800)    Error: WHEA_UNCORRECTABLE_ERROR    Dump file: C:WindowsMinidump111511-33259-01.dmpAppCrash View Reports    Version=1    EventType=BlueScreen    EventTime=129658566132989553    ReportType=4    Consent=1    UploadTime=129658566135069672    ReportIdentifier=9910ea6c-0fba-11e1-aa68-002511a5bf85    IntegratorReportIdentifier=111511-33259-01    Response.type=4    Response.AnalysisBucket=X64_0x124_GenuineIntel_PROCESSOR_BUS    DynamicSig[1].Name=OS Version    DynamicSig[1].Value=6.1.7601.2.1.0.768.3    DynamicSig[2].Name=Locale ID    DynamicSig[2].Value=1033    UI[2]=C:Windowssystem32wer.dll    UI[3]=Windows has recovered from an unexpected shutdown    UI[4]=Windows can check online for a solution to the problem.    UI[5]=&Check for solution    UI[6]=&Check later    UI[7]=Cancel    UI[8]=Windows has recovered from an unexpected shutdown    UI[9]=A problem caused Windows to stop working correctly.  Windows will notify you         if a solution is available.    UI[10]=Close    Sec[0].Key=BCCode    Sec[0].Value=124    Sec[1].Key=BCP1    Sec[1].Value=0000000000000000    Sec[2].Key=BCP2    Sec[2].Value=FFFFFA8007195038    Sec[3].Key=BCP3    Sec[3].Value=00000000B2000040    Sec[4].Key=BCP4    Sec[4].Value=0000000000000800    Sec[5].Key=OS Version    Sec[5].Value=6_1_7601    Sec[6].Key=Service Pack    Sec[6].Value=1_0    Sec[7].Key=Product    Sec[7].Value=768_1    State[0].Key=Transport.DoneStage1    State[0].Value=1    State[1].Key=CA    State[1].Value=1    State[2].Key=BLOBState[2].Value=CHKSUM=5855F179CFEA1893919100F567FAC80F;BID=OCATAG;ID=1eb41b07-39a3-4b74-99cb-5d5cccf55f9c;SUB=11//15//2011 10:50:18 AM    File[0].CabName=111511-33259-01.dmp    File[0].Path=111511-33259-01.dmp    File[0].Flags=851970    File[0].Type=2    File[0].Original.Path=C:WindowsMinidump111511-33259-01.dmp    File[1].CabName=sysdata.xml    File[1].Path=WER-1240176-0.sysdata.xml    File[1].Flags=851970    File[1].Type=5    File[1].Original.Path=C:UsersRayAppDataLocalTempWER-1240176-0.sysdata.xml    File[2].CabName=WERInternalMetadata.xml    File[2].Path=WER429B.tmp.WERInternalMetadata.xml    File[2].Flags=589827    File[2].Type=5    File[2].Original.Path=C:UsersRayAppDataLocalTempWER429B.tmp.WERInternalMetadata.xml    File[3].CabName=Report.cab    File[3].Path=Report.cab    File[3].Flags=196608    File[3].Type=7    File[3].Original.Path=Report.cab    FriendlyEventName=Shut down unexpectedly    ConsentKey=BlueScreen    AppName=Windows    AppPath=C:WindowsSystem32WerFault.exe
Jay
2011-11-16 02:57:00
such cursor movement was on my pc also, but task manager did show 100% memory usage. and the responsible task was using the explorer.exe.termination of the process could set everything to normal.I fixed the problem by re-installing the k lite package which was causing this when i open a folder of videos or videos.anything similar in your case ?
Jeff
2011-11-16 04:24:00
The skipping cursor suggests Windows is unable to process messages in the queue, therefore implying that yes - the system is probably processing some resource intensive instructions. It's possible that a rootkit is installed and his computer is a slave, which would explain why Task Manager is not registering the activity. To scan for such activity, use Rootkit Revealer , Root Repeal , Sophos Anti-Rootkit or GMER . Please also post a HiJack This log to Pastebin , then reply with the link.
Jay
2011-11-16 05:09:00
hey, i just shared my experience , if it can help @c832165898bd1592ebef28a50c45de8e:disqus , if he is in the same situation, I don't have such problem right now, I updated the codec and got rid of it months ago. :)so Ray also can find if there is something responsible and get rid of it, it is possible that his friend also uses the same thing which is causing such cursor movement.but what you said in your comment can help him, so thank you for that !
Ray
2011-11-15 23:21:00
All I have to do is start the computer after approx 1 hour it happens, even if I have done nothing....I have analysed it before in great detail, taking hours of reading and checking.   I am sure it has to do with my Graphics Card.   Then again I am not sure...oh well...   I am very leery of all the driver verification software advertised out there.  Years ago, tried one and wish I had not.   If it does not come from Trusted Site or Microsoft, I really won't do it.I run task manager and performance monitor when the cursor starts being nasty (indicating it's about to happen).   Nothing shows.I am not a novice, I am not the Most expert (some people think I am but I know enough to know how much I don't know).    But I can do what needs to be done a and thought the question was worth asking.  If their is no answer, I understand...I am a Microsoft Visual Studio programmer, I wonder where I could get the info to force a Full crash dump (without the crash) and implement analysis (all with a button click)...That could be a help...Does that make any sense?
Richard Carpenter
2011-11-15 23:48:00
A crash dump will not help much if the general cause is unknown. This will lead no where quickly and waste alot of time. I have had to do some of this troubleshooting Unix, In my opinion it is more aggravating than it is worth, but that is just my opinion.If it starts to freeze up after a hour and it steadily keeps doing so it sounds like it could possibly be overheating. How old is the machine and is it dust free?Also a program in the background could be starting up, causing the problem. There is always a answer, Just may drive you crazy trying to figure it out...
Richard Carpenter
2011-11-12 17:52:00
There is not one magic program that will give all the information, Computers are just more complex than that. You have to take several pieces and put them together to get a clear and correct idea of what is happening.What are you doing before it is crashing? Running a certain program? The Process and Performance tabs under the Task Manager will work if you feel the computer slowing down and have time to pull them up. Ctrl+Shift+Esc is the quickest way to pull it up, especially in Win 7I have two more pieces of advice to start with:Remove ALL programs out of the MSConfig startup tab, restart and see if anything changes. Then go back and re-enable just one Antivirus program, nothing else. This also has the added bonus of speeding up your startup timesAlso if you think it is the video card, download and install the latest driver. That will tell you really fast if it is that driver and/or card. If you think the problem may be hardware related, try using a site called MAConfig to update all out of date drivers.
2011-11-12 09:08:00
if you give more details, about the software installed in your pc, now if you are using softs like sandboxie, returnil....they can interfer with your antivirus update sessions and they can cause crashes. Now if you have more than one firewall or antivirus, also they can cause crashes.
FIDELIS
2011-11-12 08:16:00
Hello, you could try the Problems Step recorder tool included with windows 7.  To access it, do the following:-- click on start-- type the following in search bar         psr-- click enter-- a small box will open-- click on down arrow on the right beside-- click on settings-- setup folder for capturing-- click on start record.  You can stop it at any time.  Try to recreate your problem or just record until it happens. 
Ray
2011-11-12 06:49:00
I have who crashed and it provides nothing on Hardware related issues.  It says: On Wed 11/9/2011 6:01:02 PM your computer crashedThis was likely caused by the following module: hardwareBugcheck code: 0x124 (0x0, 0xFFFFFA80071FF038, 0xF2000040, 0x800)Error: WHEA_UNCORRECTABLE_ERRORDump file: C:WindowsMinidump110911-40201-01.dmpI have been around and around on this.  It has something to do with the Video Card.  Here's the point we know it's about to happen, you can feel the system slow down...There must be something that could run to get complete picture...  I will check the other  alternatives...  Trying to catch it before the crash....
FIDELIS
2011-11-12 05:25:00
Hello, these are more options:Nirsoft Blue Screen View:http://www.nirsoft.net/utils/blue_screen_view.htmlDebugging tools for windows:http://www.nirsoft.net/utils/blue_screen_view.htmlHow to use Debugging tools for Windows:http://thebackroomtech.com/2008/01/31/howto-use-the-windows-debugging-tools-to-analyze-a-crash-dump-bsod/How to read small memory dumps:http://support.microsoft.com/kb/315263Microsoft Winternals DebugView:http://technet.microsoft.com/en-us/sysinternals/bb896647
Jay
2011-11-12 03:09:00
you can use soluto , which helps you find the reasons of crash.click :http://www.soluto.com/Download (credit goes to fellow members of this site, i dint know that soluto existed, nor did it work well for me, but you can still try it.)
Jeff Fabish
2011-11-12 00:16:00
Hi Ray,Yes. Windows Event Viewer is probably the best tool you're going to find. However, if you're looking for a more user friendly application, my favourite of which is WhoCrashed , which is simple to use and free. It provides detailed information about the crash, what event/driver/application initiated the error, how to fix it, etc. - Jeff