Readers like you help support MUO. When you make a purchase using links on our site, we may earn an affiliate commission. Read More.
My computer and my friend's computer are having crash issues. Is there a system utility that you can run and use to take snapshots of what is going on? My computer is Windows 7, and I do use Perfmon and Sysmon for it, but I don't know what to use for XP. And even for Windows 7, i'm not provided with information (like hardware interrupts) that I'd like to have handy.
2011-11-20 20:36:00
Hello, I have same card you have in a crossfire configuration. Is your overdrive turned on in catalyst manager? Is that how you are getting your temperatures? In that system, temperatures never pass 28 degrees and the fan never passes from running at 40%. Do you still have warranty on the card? If you do, you could try returning it. Did you try running your computer with the incorporated card for long? I would give it a shot for a few days to check if it does the same. If for some reason is does same with incorporated card, I am afraid you will have to start checking your motherboard. Only way to do it by yourself though is by changing the motherboard with a known motherboard that works.
2011-11-22 00:52:00
Answering your Questions: Overdrive is not turned on.Warranty is long gone.If the ATI is out, this does not happen. (ie not mother board)When it does happen it only happens once. Then computer automatically restarts and will run for days.
2011-11-20 19:23:00
I checked it before the crash, and just now. It says it is at 46c. I did quite a bit of reading on this subject, and people run at much higher temps.Is 46 out of line?
2011-11-20 19:31:00
No, 46 degrees Celsius (114 degrees Fahrenheit) is not excessive. However, if you
just booted
, this temperature is likely to get higher. Keep checking, perhaps you can monitor the temperature just before the crash. In your device manager, are any drivers listed as corrupt or faulty? As a last ditch effort, see if your system performs nominally in a Linux environment.
2011-11-20 20:00:00
I am going to keep using it. Since I have been out of work so long, I do not have ability to get new card.I will just restart 30-60 minutes after power up. That avoids the issue (I don't know why).My system disk contains nominal data beyond windows and program files, so restoring if there ever is a loss of disk info will not be hard.The performance difference is significant even just viewing 1080 videos, so I am going to try to keep it going as long as I can.If I find anythings that work, I will post...Thanks again...
2011-11-20 19:11:00
So here I am again. Friday i put video card back in after installing update to driver.No crashes Friday or SaturdayI felt it starting this morning after being on for several hours. Turned on PSR, checked heat levels which were all in low range of what's normal.after 10 minutes BSOD'd. Nothing left from PSR. did get this information from who crashed.I am quite sure it's the video card, but have no idea what to do to resolve it.On Sun 11/20/2011 6:44:04 PM GMT your computer crashedcrash dump file: C:WindowsMinidump112011-26254-01.dmpThis was probably caused by the following module: ntoskrnl.exe (nt+0x7CC40) Bugcheck code: 0x124 (0x0, 0xFFFFFA8007150038, 0xF2000040, 0x800)Error: WHEA_UNCORRECTABLE_ERRORfile path: C:Windowssystem32ntoskrnl.exeproduct: Microsoft® Windows® Operating Systemcompany: Microsoft Corporationdescription: NT Kernel & SystemBug check description: This bug check indicates that a fatal hardware error has occurred. This bug check uses the error data that is provided by the Windows Hardware Error Architecture (WHEA). This is likely to be caused by a hardware problem problem. This problem might be caused by a thermal issue. The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.
2011-11-20 19:15:00
Hi Ray,If your video card is the problem, consider replacing it. As of now, I would say that the video card is overheating, or at least that's what all of the logs indicate. - Jeff
2011-11-19 01:01:00
I wonder if my other comment will show up:Anyways, this point was made earlier "Rootkits modify your operating system's kernel and most frequently patch I/O calls and callbacks.". One of the Microsoft tools actually verifies the checksums for all software to be loaded at boottime. I would have thought that was a pretty good indicator that nothing had changed in them. I really don't think I have any bad influences floating in my computer, but it was disconcerting to think what many others indicate as thorough is not complete answer.Might be nice just to start another question to pursue this... (before it is too late)
2011-11-19 01:26:00
Hi Ray,I'd be interested in seeing such a tool, however if it's verifying the checksums of the software, that probably doesn't include the kernel. Even if it did, the Windows kernel is loaded into memory and getting a checksum of a memory address is unreliable.
2011-11-19 01:57:00
But the file (or files) that are loaded "in the kernel" can be checked, or are they invisible or otherwise forbidden fruit. I had thought many things get loaded into the kernel, that all of them come from files. FYI I did get more info with and updated WhoCrashed indicating the error was in hal.dll hardware abstraction layer. From what I have read this runs in the Kernel...Anyways, assuming my prior status update did not show up.I checked again and there was a new driver for my card as of November 15th. I have downloaded installed and am running on it. Very happily surprised to find the new driver increased performance from 6.9 to 7.5. Now I can type as fast as I want... (joking here)
2011-11-19 02:01:00
That's good to hear, Ray! I assume you pinpointed it down to the graphics card?
2011-11-18 19:18:00
Hello again. Yesterday after backing everything up, and shortly after getting the 4th BDOD of the week (1 per day), I turned machine off for 8 hours.Pulled the Graphics card and rebooted. No BSODThis morning No BSOD.I think that points directly to graphics... Nasty for me, my graphics performance went from 6.9 to 3.5. oh well...
2011-11-18 21:22:00
That boils it down pretty good, the driver or the card itself... Hopefully the driver :-)
2011-11-17 06:17:00
Very interesting discussion. Glad it did not get political. I am unemployed and have no funding available, are any of the tools mentioned free and trustworthy....
2011-11-17 07:40:00
Ray, see my previous post. Rootkit Revealer, Root Repeal, Sophos Anti-Rootkit or GMER
2011-11-17 15:28:00
I have to let my frustration be tempered with a couple days not thinking about it. I will post results for sure...Thank you for your help. FYI I constantly badger my daughter about her Apple Laptop. Never seen her have any of these issues. I know I can do more on MS Windows, but I understand her love...
2011-11-17 21:21:00
Again want to apologize for the previous comment.Apple is actually very venerable to attacks, just does not have a big enough market share. They did get hit pretty hard a few months ago. That said, I still use them and have several, go figure.This kind of troubleshooting can be hard to do, always makes me mad when it turns out to be something simple and have spent days or weeks troubleshooting.Hopefully between all of us, we can help you get it figured out. Definitively keep us posted :-)
2011-11-16 20:14:00
Thanks for all the comments. Lots of stuff in them to try. So tired of it all, if you can understand that. Step by step I will work thru it. I always have multiple level backups ..I am going to do the klite first because that had been updated in the interim...Simple question: Won't things like Malwarebytes, Microsoft Security Scanner and the Microsoft Malicious Software Removal tool catch RootKits? Or are they beyond ....
2011-11-16 20:57:00
Hi Ray,Your traditional anti-virus/anti-spyware won't detect rootkits as they typically run at the "application level", rootkits run much lower. Rootkits modify your operating system's kernel and most frequently patch I/O calls and callbacks. The problem with anti-viruses is that they clean your system with the false pretence that you can trust the operating system. A rootkit effectively compromises your system and tells it to lie about what is actually going on. As a programmer, I'm sure your aware of the dangers of the operating system returning false information. Most of the .net libraries RELY on that information. If you query the operating system for which processes are running, you're most likely to use the System.Diagnostics.Process namespace. So essentially, you're asking the attacker to keep you updated. Obviously, it's not in the attackers best interest to return honest results. So in order to detect the rootkits, we programmers must dig a lot deeper and write our own libraries that don't rely on an altruistic operating system. In fact, if you find that you are infected by a rootkit, the only method I recommend to remove it is to do a full reinstall. The tools are there to simply let you know it's there. The logic behind rootkits is convoluted, but very interesting. If you're unlucky enough to have been infected by a rootkit: kneel down and kiss your ass goodbye, because you won't even know it's there ;)Sorry for the long reply!- Jeff
2011-11-16 21:12:00
9 times out of 10 a rootkit can be removed by scanning in safe mode. I ussually run ccleaner than a removal tool in safemode, tell all malware is gone. A old IT Guru showed me the way he does it, and it ain't failed me yet :-) If you have ANYTHING sensitive on the computer, than you would not want to take the chance either, like Jeff has said. There are a few rootkit detectors, but most kick back false alarms all day, almost too aggravating to mess with.
2011-11-16 21:29:00
I think 9 out of 10 is extremely high, I would set the odds at something more like 2-3 out of 10. I encourage you to build a rootkit and install it on a virtual machine, then see how difficult it is to remove ;) The only way it would be 9 of 10, is if it were written by a bunch of skid monkeys using VB implementing public libraries or using prehistoric sources. :)However, even if that statistic were true, recognizing the infection is the hardest part. After all, anyone can reinstall...Understand that the need to do so is what aids the success rate of rootkits.
2011-11-16 23:49:00
The stat I used comes from experience and certification. I have looked at source code for common modern rootkits and various Malware, even tweaked with them for forensics reason. I have installed rootkits on test machines and VMs for research purposes. A rootkit was once a major boogeyman, but is no longer the major scare it once was, like the early 2000s. A rootkit is a program just like anything else, The reason I mentioned sfemode is becuase only a small portion of the OS is loaded and makes it easier for the removal tool to remove themVirus removal is what I do on the side, not to mention my full time job is IT. If I could not detect and remove a rootkit I would not be worth a grain of salt. People pay me because I can diagnose the problem, whether it is a virus etc. etc.ReInstall is not a magic answer, and can be major waste of time.I do not mean to get defensive, but putting in a public forum that I inflated a stat, only experimented with outdated and useless malware, and last but not least do understand the process involved is rather insulting.
2011-11-17 00:52:00
I did not mean to be "that guy". I questioned the statistic, not your experience or intellect (: Of course if you're scrutinizing the rootkit in a controlled environment, using various RE techniques you'll be able to patch it. A rootkit could remain a zero day for years, ya? Until a formal signature has been established for it, rootkit removers simply won't help (unless you have an extremely intelligent heuristics engine). And let's face it, the majority of users don't know what behaviour is considered "abnormal" when analysing network calls, file I/O and logs (or lack there of) for a rootkit.I don't typically see rootkits getting detected, unless the author did something stupid like installing a pseudo-driver or queried another [protected] node on the network. The ones that are detected, are most likely a direct result of the developer sharing the source or stub on an underground network or otherwise attacked a high level firm, where the source of the attack is critical.Then you must worry about patching the vulnerability that allowed the rootkit's entrance and any other's that it created, doubling down on surveillance, cleanup from any bi-product infections, such as trojan downloaders. To me, it seems significantly more secure and logical to backup your non-executable files and wipe it down. Very rarely do I think that a reinstall is the best answer, here I do.All this discussion and Ray may not even have a rootkit, hehe. If you want to continue this discussion, email me at electricnetworks[at]gmail[dot]com
2011-11-17 21:11:00
I flew off the wagon with my previous comment, so no need to finish the discussion else where. I am a "Security" guy and almost live and breath the stuff. My opinion has not changed, but I could have presented it better. That said, you made valid argument to it. I have had great luck removing rootkits, and my technique is sound, but that does not mean I have removed every malware that has come my way by any means.Sorry to Ray and everyone else, that is not what this forum is for.
2011-11-16 06:00:00
Hello, one of the reason this error could happen is overheating. Disconnect cpu cooler and remove the cpu. Reset the cpu in socket. Apply new thermal paste. Recommend to use Artic Silver 5. Make sure that all connections are set properly inside case and free of dust. Also recommend to do the following after:-- install updates and device drivers for your computer from Windows Update-- full scan with antivirus-- check harddrive for errorsIs your graphics card overclocked? If it is, make sure to set it back to defaults. Also to make sure your hardware is ok, try stress testing it. You could use the following:http://www.sevenforums.com/tutorials/100352-hardware-stress-test-prime95.htmlFor testing temperature, use the following:http://www.almico.com/speedfan.phpFor GPU, you can use the following:http://www.ozone3d.net/benchmarks/fur/
2011-11-16 00:49:00
When I happen to be on the computer, it just gets very jerky in it's actions. When you move the cursor it is not smooth, it sort of takes lots of tiny steps. Moving a window same only steps seem bigger. Task manager and perfmon show no indication of this symptom.Once it crashes once it will run for days with no issues. I don't think it has to do with any software.I have gone so far as restarting once after 15 minutes in which case the issue does not arise. I actually could think it has to do with warming up of Graphics card, but I have no way to check that.As information it is a Radeon HD5770 with 1024mb memory. The Driver version is 8.850 and was installed around 4-19-2011 when it was released. GPU is running at core temp right now (after 8 hours online) of 116F (this seems like it might be high) It says the CPU is running at 93F (min=91F,max=100F). It is important to note I have not been doing anything on that system today. It has been on with the thought I would be using it, but I have been distracted all day. I am on a different computer at the moment.. I might just take out the GPU and see what happens. I am leery because being unemployed if anything goes wrong I am SOL... U know that old law by Mr Murphy always haunts us....I have done this before but here is information I can get to...It did crash after about an hour, but restarted, Who Crash reports: On Tue 11/15/2011 6:28:28 PM your computer crashed This was likely caused by the following module: hardware Bugcheck code: 0x124 (0x0, 0xFFFFFA8007195038, 0xB2000040, 0x800) Error: WHEA_UNCORRECTABLE_ERROR Dump file: C:WindowsMinidump111511-33259-01.dmpAppCrash View Reports Version=1 EventType=BlueScreen EventTime=129658566132989553 ReportType=4 Consent=1 UploadTime=129658566135069672 ReportIdentifier=9910ea6c-0fba-11e1-aa68-002511a5bf85 IntegratorReportIdentifier=111511-33259-01 Response.type=4 Response.AnalysisBucket=X64_0x124_GenuineIntel_PROCESSOR_BUS DynamicSig[1].Name=OS Version DynamicSig[1].Value=6.1.7601.2.1.0.768.3 DynamicSig[2].Name=Locale ID DynamicSig[2].Value=1033 UI[2]=C:Windowssystem32wer.dll UI[3]=Windows has recovered from an unexpected shutdown UI[4]=Windows can check online for a solution to the problem. UI[5]=&Check for solution UI[6]=&Check later UI[7]=Cancel UI[8]=Windows has recovered from an unexpected shutdown UI[9]=A problem caused Windows to stop working correctly. Windows will notify you if a solution is available. UI[10]=Close Sec[0].Key=BCCode Sec[0].Value=124 Sec[1].Key=BCP1 Sec[1].Value=0000000000000000 Sec[2].Key=BCP2 Sec[2].Value=FFFFFA8007195038 Sec[3].Key=BCP3 Sec[3].Value=00000000B2000040 Sec[4].Key=BCP4 Sec[4].Value=0000000000000800 Sec[5].Key=OS Version Sec[5].Value=6_1_7601 Sec[6].Key=Service Pack Sec[6].Value=1_0 Sec[7].Key=Product Sec[7].Value=768_1 State[0].Key=Transport.DoneStage1 State[0].Value=1 State[1].Key=CA State[1].Value=1 State[2].Key=BLOBState[2].Value=CHKSUM=5855F179CFEA1893919100F567FAC80F;BID=OCATAG;ID=1eb41b07-39a3-4b74-99cb-5d5cccf55f9c;SUB=11//15//2011 10:50:18 AM File[0].CabName=111511-33259-01.dmp File[0].Path=111511-33259-01.dmp File[0].Flags=851970 File[0].Type=2 File[0].Original.Path=C:WindowsMinidump111511-33259-01.dmp File[1].CabName=sysdata.xml File[1].Path=WER-1240176-0.sysdata.xml File[1].Flags=851970 File[1].Type=5 File[1].Original.Path=C:UsersRayAppDataLocalTempWER-1240176-0.sysdata.xml File[2].CabName=WERInternalMetadata.xml File[2].Path=WER429B.tmp.WERInternalMetadata.xml File[2].Flags=589827 File[2].Type=5 File[2].Original.Path=C:UsersRayAppDataLocalTempWER429B.tmp.WERInternalMetadata.xml File[3].CabName=Report.cab File[3].Path=Report.cab File[3].Flags=196608 File[3].Type=7 File[3].Original.Path=Report.cab FriendlyEventName=Shut down unexpectedly ConsentKey=BlueScreen AppName=Windows AppPath=C:WindowsSystem32WerFault.exe
2011-11-16 02:57:00
such cursor movement was on my pc also, but task manager did show 100% memory usage. and the responsible task was using the explorer.exe.termination of the process could set everything to normal.I fixed the problem by re-installing the k lite package which was causing this when i open a folder of videos or videos.anything similar in your case ?
2011-11-16 04:24:00
The skipping cursor suggests Windows is unable to process messages in the queue, therefore implying that yes - the system is probably processing some resource intensive instructions. It's possible that a rootkit is installed and his computer is a slave, which would explain why Task Manager is not registering the activity. To scan for such activity, use
Rootkit Revealer
,
Root Repeal
,
Sophos Anti-Rootkit
or
GMER
. Please also post a
HiJack This
log to
Pastebin
, then reply with the link.
2011-11-16 05:09:00
hey, i just shared my experience , if it can help @c832165898bd1592ebef28a50c45de8e:disqus , if he is in the same situation, I don't have such problem right now, I updated the codec and got rid of it months ago. :)so Ray also can find if there is something responsible and get rid of it, it is possible that his friend also uses the same thing which is causing such cursor movement.but what you said in your comment can help him, so thank you for that !
2011-11-15 23:21:00
All I have to do is start the computer after approx 1 hour it happens, even if I have done nothing....I have analysed it before in great detail, taking hours of reading and checking. I am sure it has to do with my Graphics Card. Then again I am not sure...oh well... I am very leery of all the driver verification software advertised out there. Years ago, tried one and wish I had not. If it does not come from Trusted Site or Microsoft, I really won't do it.I run task manager and performance monitor when the cursor starts being nasty (indicating it's about to happen). Nothing shows.I am not a novice, I am not the Most expert (some people think I am but I know enough to know how much I don't know). But I can do what needs to be done a and thought the question was worth asking. If their is no answer, I understand...I am a Microsoft Visual Studio programmer, I wonder where I could get the info to force a Full crash dump (without the crash) and implement analysis (all with a button click)...That could be a help...Does that make any sense?
2011-11-15 23:48:00
A crash dump will not help much if the general cause is unknown. This will lead no where quickly and waste alot of time. I have had to do some of this troubleshooting Unix, In my opinion it is more aggravating than it is worth, but that is just my opinion.If it starts to freeze up after a hour and it steadily keeps doing so it sounds like it could possibly be overheating. How old is the machine and is it dust free?Also a program in the background could be starting up, causing the problem. There is always a answer, Just may drive you crazy trying to figure it out...
2011-11-12 17:52:00
There is not one magic program that will give all the information, Computers are just more complex than that. You have to take several pieces and put them together to get a clear and correct idea of what is happening.What are you doing before it is crashing? Running a certain program? The Process and Performance tabs under the Task Manager will work if you feel the computer slowing down and have time to pull them up. Ctrl+Shift+Esc is the quickest way to pull it up, especially in Win 7I have two more pieces of advice to start with:Remove ALL programs out of the MSConfig startup tab, restart and see if anything changes. Then go back and re-enable just one Antivirus program, nothing else. This also has the added bonus of speeding up your startup timesAlso if you think it is the video card, download and install the latest driver. That will tell you really fast if it is that driver and/or card. If you think the problem may be hardware related, try using a site called MAConfig to update all out of date drivers.
2011-11-12 09:08:00
if you give more details, about the software installed in your pc, now if you are using softs like sandboxie, returnil....they can interfer with your antivirus update sessions and they can cause crashes. Now if you have more than one firewall or antivirus, also they can cause crashes.
2011-11-12 08:16:00
Hello, you could try the Problems Step recorder tool included with windows 7. To access it, do the following:-- click on start-- type the following in search bar psr-- click enter-- a small box will open-- click on down arrow on the right beside-- click on settings-- setup folder for capturing-- click on start record. You can stop it at any time. Try to recreate your problem or just record until it happens.
2011-11-12 06:49:00
I have who crashed and it provides nothing on Hardware related issues. It says: On Wed 11/9/2011 6:01:02 PM your computer crashedThis was likely caused by the following module: hardwareBugcheck code: 0x124 (0x0, 0xFFFFFA80071FF038, 0xF2000040, 0x800)Error: WHEA_UNCORRECTABLE_ERRORDump file: C:WindowsMinidump110911-40201-01.dmpI have been around and around on this. It has something to do with the Video Card. Here's the point we know it's about to happen, you can feel the system slow down...There must be something that could run to get complete picture... I will check the other alternatives... Trying to catch it before the crash....
2011-11-12 05:25:00
Hello, these are more options:Nirsoft Blue Screen View:http://www.nirsoft.net/utils/blue_screen_view.htmlDebugging tools for windows:http://www.nirsoft.net/utils/blue_screen_view.htmlHow to use Debugging tools for Windows:http://thebackroomtech.com/2008/01/31/howto-use-the-windows-debugging-tools-to-analyze-a-crash-dump-bsod/How to read small memory dumps:http://support.microsoft.com/kb/315263Microsoft Winternals DebugView:http://technet.microsoft.com/en-us/sysinternals/bb896647
2011-11-12 03:09:00
you can use
soluto
, which helps you find the reasons of crash.click :http://www.soluto.com/Download (credit goes to fellow members of this site, i dint know that soluto existed, nor did it work well for me, but you can still try it.)
2011-11-12 00:16:00
Hi Ray,Yes.
Windows Event Viewer
is probably the best tool you're going to find. However, if you're looking for a more user friendly application, my favourite of which is
WhoCrashed
, which is simple to use and free. It provides detailed information about the crash, what event/driver/application initiated the error, how to fix it, etc. - Jeff