Tutorial creating & using Hirens Boot CD & MemTest86 diagnostic stress testing tools for USB boot to Windows 10 PE & WinXPmini on BIOS & UEFI

[Arlen Holder]

Tutorial creating & using Hirens Boot CD & MemTest86 diagnostic stress
testing tools for USB boot to Windows 10 PE & WinXPmini on BIOS & UEFI
(As always, please improve so that all benefit from every action you take.)

Thanks to Mike Easter for suggesting Hiram BootCD USB diagnostic tools.
o What hardware diagnostic stress-testing freeware can you recommend?
<https://groups.google.com/forum/#!topic/alt.comp.freeware/dkkdOmL95d8>

End result:
a. A 2GB USB stick can boot with BIOS/UEFI to Win10PE for diagnostics
a. A 2GB USB stick can boot with BIOS to WinXPMini for hardware diagnostics

I needed to debug hardware issues on an old 2009 desktop as described here:
o What PC hardware diagnostic stress-testing freeware can you recommend?
<https://groups.google.com/forum/#!topic/alt.comp.freeware/dkkdOmL95d8>

Win+R > perfmon /rel
<https://i.postimg.cc/q7ZQbgXy/bsod-bios05.jpg>

This step-by-step tutorial resulted, written so that others always benefit.
(Please test & improve as this is the first pass of this nascent tutorial.)

1. Find an empty USB flash drive of at least 2GB size:
o Hirens BootCD Win10PE used about 1.25 GB of my 1.90 GB flash stick.
<https://i.postimg.cc/HsGPFQSZ/hiren02.jpg>
o Hirens BootCD 15.2 used about 0.58 GB of my 1.90 GB flash stick.
<https://i.postimg.cc/50BSJCK9/hiren07.jpg>

2. Determine whether your PC is BIOS or UEFI (mine is BIOS).

Win+R > %comspec% /k findstr Callback_BootEnvironmentDetect %SystemRoot%\Panther\setupact.log
o %SystemRoot%\Panther\setupact.log
- Callback_BootEnvironmentDetect: Detected boot environment: BIOS
- Callback_BootEnvironmentDetect: Detected boot environment: UEFI
Note: Mine reported BIOS

Win+R > msinfo32 > System Summary > BIOS Mode
- Win+R > msinfo32 > System Summary > BIOS Mode > Legacy
- Win+R > msinfo32 > System Summary > BIOS Mode > UEFI
Note: Legacy === BIOS

3. If needed, set your PC boot order so that it boots from the USB stick.
For me the defaults worked: i.e., at POST, F10==BIOS, ESC=BOOT, F9=DIAG
Entering Setup > Boot > Boot Device Priority
1st Boot Device = [CD-ROM Group]
2nd Boot Device = [Floppy Group]
3rd Boot Device = [HDD Group]
4th Boot Device = [Network Boot Group]
Note: USB isn't mentioned in my BIOS; but USB booted fine nonetheless.

4. Download the Hiren's Boot CD software containing diagnostic tools:
<http://www.hirensbootcd.org/download/>

a. UEFI/BIOS Win10PE:
Download either the Win10PE BIOS/UEFI HirensBootCD (HBCD) ISO file:
<https://www.hirensbootcd.org/files/HBCD_PE_x64.iso>
<https://www.hirensbootcd.org/files/HBCD_PE_x64.iso>
<http://mirror.sfo12.us.leaseweb.net/hirensbootcd/HBCD_PE_x64.iso>
Name: HBCD_PE_x64.iso
Size: 1354811392 bytes (1292 MiB)
SHA256: D67BCF0437A1BD27F31655C4A9C81C93269A5A239D43F38D0375618443D372BC

b. BIOS WinXPmini:
Or download the BIOS-only WinXPmini HirensBootCD (HBCD) ISO file:
<http://www.hirensbootcd.org/files/Hirens.BootCD.15.2.zip>
Name: Hiren's.BootCD.15.2.iso
Size: 603979776 bytes (576 MiB)
SHA256: 50384A61D304E06B720F9EF729C662D2E9EDA05A96E1C9056975C40E3BF3F2D0

Note: The tools on these two releases are both the same & different:
<https://i.postimg.cc/qv5N2sWS/hiren15.jpg>

5. Download the Windows Rufus ISO-to-USB tool:
<https://rufus.ie/>
<https://github.com/pbatard/rufus/releases/download/v3.11/rufus-3.11.exe>
Name: rufus-3.11.exe
Size: 1155640 bytes (1128 KiB)
SHA256: A43BF34285D393F843B05D80F74C4790ED7F6AC636393CA5F6375AE0BB02E719

6. Remove all USB drives & insert the empty USB flash drive into the PC.

7. In Windows, right click on the Rufus executable to run as administrator.

NOTE: The specific settings for creating a BIOS Win10PE USB are not
documented anywhere on the net I could find, so please take note:
<https://i.postimg.cc/2ykDXjW6/hiren01.jpg>

a. UEFI Win10PE
To create a bootable USB stick for HBCD_PE_x64.iso on UEFI machines:
When you start Rufus as an admin, accept the Win10 UAC consent prompt.
This brings up the Rufus 3.11.1678 GUI
Set the options to:
- Device: (choose your empty USB stick drive letter and label)
(If you only have one USB stick plugged in, it will default to it.)
- Boot selection:
(Choices are: "Disk or ISO image", "FreeDOS", "Non bootable")
I left the Boot selection at "Disk or ISO image".
I pressed the [SELECT] button to choose the "HBCD_PE_x64.iso" file.
- Partition scheme: GPT (The only options are "GPT" and "MBR")
Target System: The only option is "UEFI (non CSM)"
Volume label: This defaulted to "HBCD_PE_x64"
File system: FAT32 (other choices are "NTFS" & "FAT")
Cluster size: It defaulted to 4096 bytes (but other options existed).
When the Status says "READY", press the "START" button.
A warning pops up saying all data on the USB drive will be destroyed.
Press [OK].
The messages will be:
- Deleting partitions (This may take a while)...
- Partitioning (GPT)...
- Formatting (FAT32)...
- Creating file system: Task 1/5 completed.
- Creating file system: Task 2/5 completed.
- Creating file system: Task 3/5 completed.
- Creating file system: Task 4/5 completed.
- Creating file system: Task 5/5 completed.
- Writing Master Boot Record
- Copying ISO files:
- Success
(Mine took six minutes to complete from start to finish.)

Note: You'll get this error if you create a UEFI USB but boot on BIOS:
<https://i.postimg.cc/2ykDXjW6/hiren01.jpg>
ERROR: BIOS/LEGACY BOOT OF UEFI-ONLY MEDIA
Recreate the drive in RUFUS and use:
* Partition scheme -> MBR
* Target system -> BIOS

b. BIOS Win10PE
To create a bootable USB stick for HBCD_PE_x64.iso on BIOS machines:
* Partition scheme -> MBR
* Target system -> BIOS (it was the only option once MBR was set)
* File system -> NTFS (it was the only option once MBR was set)
(Mine took five minutes to complete from start to finish.)

c. BIOS WinXPmini
To create a bootable USB stick for HBCD 15.2 on BIOS machines:
Boot selection -> Hiren's.BootCD.15.2.iso
Partition scheme -> "MBR" (it's the only option)
Target system -> "BIOS (or UEFI-CSM)" (it's the only option)
Volume label -> HBCD 15.2 (it's the default)
File system -> "FAT32" (other options are "FAT" & "NTFS")
Cluster size -> "4096 bytes (Default)"
[START] (Mine took 30 minutes to complete from start to finish.)

8. Now you can boot using that USB image on BIOS/UEFI for Win10/WinXP!
Note: In my case, I press "ESC" during POST to get to the boot menu.

Win10PE: <https://i.postimg.cc/HsGPFQSZ/hiren02.jpg>
WinXPMini: <https://i.postimg.cc/50BSJCK9/hiren07.jpg>

Note: My boot to Windows10PE was _much_ faster than to WinXPmini.

Win10PE looks just like "regular" Windows 10, kind of sort of:
<https://i.postimg.cc/HsGPFQSZ/hiren02.jpg>

Win10PE had access to the old system also so I could save a screenshot:
<https://i.postimg.cc/sDp0zvqV/hiren03.jpg>

9. Each boot environment has similar (but sometimes different) debug tools:
<https://i.postimg.cc/qv5N2sWS/hiren15.jpg>

For example, on the Win10PE, these were the top level tools provided:
<https://i.postimg.cc/W18WDxsC/hiren04.jpg>
o Accessories
o BCD-MBR Tools
o Computer Management
o Driver Management
o Hard Disk Tools
o Network
o Other Tools
o Removable Drive Tools
o Security
o System Tools
o Windows Recovery

Here's what the Hiren PE had in the "Hard Disk Tools" directory:
<https://i.postimg.cc/5ttP8p00/hiren05.jpg>
o Data Recovery
o Defrag
o Diagnostic
o Disk Explorer
o Imaging
o Partition Tools
o Security

Here's what the PE had in the Hard Disk Tools "Diagnostic" category:
<https://i.postimg.cc/CK6c7DB4/hiren06.jpg>
o GSmartControl
o HDDScan
o HDTune
o WD Data Lifeguard Diagnostics

For example, here are screenshots of those HDD diagnostics on Win10PE:
<https://i.postimg.cc/CK6c7DB4/hiren06.jpg>
o GSmartControl <https://i.postimg.cc/BbTFgj2D/hiren13.jpg>
o HDTune <https://i.postimg.cc/WpGqxJJq/hiren14.jpg>
o WD Data Lifeguard Diagnostics <https://i.postimg.cc/KzKrnc9r/hiren12.jpg>

Here are HDD diagnostic utilities on WinXPmini (Hirens 15.2 Boot CD):
<https://i.postimg.cc/7L7g1zk1/hiren09.jpg>
o Check Disk (chkdsk /f /x)
o CrystalDiskInfo (HDD/SSD SMART info)
o DiskView
o DiskWIpe (by Roadkill)
o HDD Capacity Restore
o HDD Low Level Format Tool
o HDD Scan (Low-level diagnostic)
o HDD Scan (Old version)
o HDD Tune (Test / Health / ErrorScan)
o Victoria (HDD Info / Test)
o Western Digital Data Lifeguard Diagnostic
o HDDScan
o HDTune
o WD Data Lifeguard Diagnostics

Note: While MemTest86 is on the Hirams Boot CD, you can boot it separately:
o UEFI MemTest86 v8
<https://www.memtest86.com/downloads/memtest86-usb.zip>
o BIOS MemTest86 v4
<https://www.memtest86.com/downloads/memtest86-4.3.7-usb.img.zip>
That MemTest86 utility came with an "ImageUSB.exe" utility from
"Passmark.com" <http://www.passmark.com> which seems to do pretty
much whatever Rufus 3.11 did for the Hiren's Boot CD ISO
files to create a bootable USB stick.

See also:
o Windows 10 BSOD indicates a hardware problem - but what hardware is the problem?
<http://www.pcbanter.net/showthread.php?t=1110105>
<https://alt.comp.os.windows-10.narkive.com/oL7PTNKu/windows-10-bsod-indicates-a-hardware-problem-but-what-hardware-is-the-problem>
--
As always, please test & improve so all may benefit from your every action.

[Arlen Holder]

On Fri, 11 Sep 2020 20:09:19 -0400, n/a wrote:

> Nice tutorial and now that you are loaded for bear and have all the tools -
> did any of them provide a clue as to what is causing the BSOD's?

Well, to be frank, I've shot my wad on these classic bear-hunting rifles...
o F9 Build-in HP Diagnostic check === good
o Memtest86v4 RAM Memory check === good
o WD Diagnostic HDD check === good
o Windows Driver Verifier Manager check === good
o USB Host Controller check === good
o MalwareBytes check === good

Given that the Sieber USBTreeView Paul suggested indicated a bad mouse:
o <https://i.postimg.cc/rmCXCgN2/usbview02.jpg>
I recently replaced the mouse but there still was one BSOD afterward.

Yet, the BSODs kept coming & seem "maybe" related to "Windows Update"
(although I'm not sure how to interpret this "Hardware Error" output)
o Win+R > perfmon /rel
<https://i.postimg.cc/HnnR8qdC/bsod106.jpg>
o [Control Panel\System & Security\Security & Maintenance\Reliability Monitor]
<https://i.postimg.cc/q7ZQbgXy/bsod-bios05.jpg>

Sometimes, the POST never makes it to the checking-USB drives line
(which is a line missing from this screenshot just before the last line)
o <https://i.postimg.cc/zGpQ89NH/bsod11.jpg>

But most of the time it boots fine past that penultimate line:
o <https://i.postimg.cc/jdZ94dLY/bsod107.jpg>

The Memtest86v4 passes the 16GB of RAM no matter how long I run it:
o <https://i.postimg.cc/KY1Yk4WP/memtest02.jpg>

BTW, the Windows Driver Verifier Manager checks are enabled by:
o Win+R > verifier
<https://i.postimg.cc/vTnqk9GC/bsod100.jpg>
Configure that Windows Driver Verifier Manager
o Create standard settings > Next
o Automatically select all drivers installed on this computer > Finish
o Win+R > shutdown.exe /r /f /t 5 /c "Reboot in 5 seconds!"

I ran the driver verifier for an entire day while using the computer.
o The CPU took a huge hit; but every driver loaded tested out OK.

At Mike Easter's request, I booted to live Knoppix to describe hardware:
<https://i.postimg.cc/BnMXSWXb/bsod105.jpg>
o inxi -Fx

For example inxi delineates mobo, graphics, audio, network, partitions:
<https://i.postimg.cc/g0mndzYf/bsod103.jpg
I should note I disabled the Nvidia GeForce 210 card in the BIOS:
<https://i.postimg.cc/MXJzD5Hh/bsod104.jpg

That "seems" to have helped, but a lot of things "seemed" to have
helped for a while, as just removing & replacing everything inside
that could be removed/replaced seems to have helped at times.

Luckily, I'm not out of .45-70 Government bear-hunting ammo just yet...
where I'm dutifully following this "BSOD Analysis" tutorial:

o Windows BSOD analysis - A thorough usage guide
<https://www.dedoimedo.com/computers/windows-bsod.html>

Which eventually pointed me to these freeware minidump-parsing tools:
o WhoCrashed
<https://www.resplendence.com/downloads>
<https://www.resplendence.com/download/whocrashedSetup.exe>
Name: whocrashedSetup.exe
Size: 9936128 bytes (9703 KiB)
SHA256: 0A7E3A03256D3143118BE5389F0C5F7F405A40066D999E246C57280E9282AE14

o WhySoSlow
<https://www.resplendence.com/downloads>
<https://www.resplendence.com/download/WhySoSlowSetup.exe>
Name: WhySoSlowSetup.exe
Size: 3028336 bytes (2957 KiB)
SHA256: B86CED75CFB352A464613DE922FA8B9D63FA4494EAA24509713C01B0615097B3

o BlueScreenView
<http://www.nirsoft.net/utils/blue_screen_view.html>
<http://www.nirsoft.net/utils/bluescreenview-x64.zip>
Name: BlueScreenView.exe
Size: 146528 bytes (143 KiB)
SHA256: 09F3023554BE864F31D80F2E7E7C7E824D79A69DDF84F1F02A433E85E866282C

o AppCrashView
<http://www.nirsoft.net/utils/app_crash_view.html>
<http://www.nirsoft.net/utils/appcrashview.zip>
Name: AppCrashView.exe
Size: 51408 bytes (50 KiB)
SHA256: A192607D63FFD9448CCAAEAB461D3E3FABFAB999B0FC14CD869CC8C501312839

o WhatIsHang
<http://www.nirsoft.net/utils/what_is_hang.html>
<http://www.nirsoft.net/utils/whatishang-x64.zip>
Name: WhatIsHang.exe
Size: 130144 bytes (127 KiB)
SHA256: E2095DBE5FF7A1E7113ABDF8D26BD8532789CE5B725FBF5321225E743B8E29B0

o WinCrashReport
<http://www.nirsoft.net/utils/application_crash_report.html>
<http://www.nirsoft.net/utils/wincrashreport-x64.zip>
Name: WinCrashReport.exe
Size: 294096 bytes (287 KiB)
SHA256: 6638857A3BF187626B5E4878E10479AE5E4107DC786744F32D1E659955524B24

o Windows Debugger (Windbg)
<https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/debugger-download-tools>
Getting Started with WinDbg (User-Mode)
<https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/getting-started-with-windbg>
Getting Started with WinDbg (Kernel-Mode)
<https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/getting-started-with-windbg--kernel-mode->

o Windows Symbol Packages (apparently no longer available offline):
<https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/debugger-download-symbols>

o Official Microsoft Kernel Debugging Tutorial
<https://docplayer.net/37532550-Kernel-debugging-with-windbg.html>
Name: Kernel_Debugging_Tutorial.doc
Size: 1196032 bytes (1168 KiB)
SHA256: 5A4E442B965280C791AC0AEA9D91B001AFF620F6ECF67C87AB011C1BAC673156

If those 430-grain hard-cast bear bullets don't work, there's always these:

o How to stress-test your PC hardware
<https://www.pcworld.com/article/2028882/keep-it-stable-stupid-how-to-stress-test-your-pc-hardware.html>

o 18 Top Computer Stress Test Software To Test CPU, RAM And GPU
<https://www.softwaretestinghelp.com/computer-stress-test-software/>

o Huge List of Computer Stress Test Software
<https://www.trentonsystems.com/blog/list-of-computer-stress-test-software>

o Top 8 best tools to stress test and monitor your PC
<https://pcgamehaven.com/best-tools-stress-test-monitor-pc/>

o How To Stress Test Your Hardware and Keep Your PC Stable
<https://www.tested.com/tech/pcs/762-how-to-stress-test-your-hardware-and-keep-your-pc-stable/>

o Best Tools to Stress Test Your Computer
<https://www.addictivetips.com/hardware/cpu-ram-stress-test/>

o Stress Test Your Hardware to Troubleshoot Problems
<https://lifehacker.com/stress-test-your-hardware-to-troubleshoot-problems-and-5619416>

o The freeware stress test tool HeavyLoad
<https://www.jam-software.com/heavyload>

o The 6 Best Free Programs for Stress Testing Your PC
<http://blog.logicalincrements.com/2015/12/the-best-programs-for-stress-testing-your-pc/>

o CPU Stress Test Online
<https://cpux.net/cpu-stress-test-online>

o How to Stress-Test CPUs and PCs
<https://www.tomshardware.com/reviews/stress-test-cpu-pc-guide,5461-13.html>

o 15 Best Tools to Stress Test Your PC
<https://www.gearprimer.com/technology/best-tools-stress-test-pc-cpu-ram-gpu/>

o 16 Best Tools To Stress Test Your PC
<https://www.rankred.com/best-tools-stress-test-pc-cpu-gpu-ram/>

o The 11 Best Tools to Stress Test Your PC
<https://techguided.com/best-tools-to-stress-test-p-cpu-ram-gpu/>

o 8 Best Tools for Stress Testing your PC
<https://premiumbuilds.com/guides/best-tools-for-stress-testing-pc-cpu-gpu-ram/>

o Best Tools To Stress Test Your PC: RAM & CPU Stress Tests
<https://www.wepc.com/how-to/stress-test-cpu-ram/>
etc.

When hunting for bear, bring along plenty of high-grain ammo!
--
The great thing about identifying BSOD causes is there are so many of them.

[Arlen Holder]

On Sat, 12 Sep 2020 20:17:31 -0000 (UTC), Arlen Holder wrote:

> Neat. I forgot about that command for the hardware testing tutorial!
> o I'm gonna add your suggested cut-&-paste one liner:
>
> o Win+R > %comspec% /k chkdsk C: /r {control+shift+enter}
> The type of the file system is NTFS.
> Cannot lock current drive.
> Chkdsk cannot run because the volume is in use by another
> process. Would you like to schedule this volume to be
> checked the next time the system restarts? (Y/N) y
> This volume will be checked the next time the system restarts.

Hmmmmmmmmmmmmmmm

So I ran the check disk as a user as follows:
o Win+R > %comspec% /k chkdsk C: /r {control+shift+enter}

Note: I never use "cortana search" (never never never never!).

Then I booted and watched it for a while, but of course, it's boring:
o <https://i.postimg.cc/rm0zHSGT/bsod108.jpg>

I left chkdsk to do its four stages, which took about a half hour:
o Stage 1 ¡V verifying files;
o Stage 2 ¡V verifying indexes;
o Stage 3 ¡V verifying security descriptors;
o Stage 4 ¡V verifying Usn Journal and sectors.

Coming back to a login.
o Now what?

Where's the check disk log file anyway?
o Googling, I find it's a common question...

The first thing you're supposed to check, supposedly, is:
o Win+R > control > View by: Category
System and Security > Security and Maintenance > Maintenance >
Drive Status
You're looking for "All drives are working properly" of course.
o <https://i.postimg.cc/GpdzP63J/bsod113.jpg>

One way to view the check disk log is have powershell create it:
o <https://i.postimg.cc/Cx8W1dFN/bsod110.jpg>

o Win+R > powershell {control+shift+enter}
$path = "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
$UserDesktop = (Get-ItemProperty -Path $path -Name "Desktop").Desktop
get-winevent -ProviderName "ChkDsk" | fl timecreated, message | out-file "$UserDesktop\ChkDskResults.txt"
get-winevent -FilterHashTable @{logname="Application"}| ?{$_.providername -match "wininit"} | fl timecreated, message | out-file "$UserDesktop\ChkDskResults.txt" -append

Another way to view the check disk log is the event viewer:
o <https://i.postimg.cc/KY7fgm0S/bsod109.jpg>

Open the Event Viewer
o Win+R > eventvwr
Event Viewer (Local} > Windows Logs > Application >
(Scroll down to see "Wininit (Windows Initialization)"

Checking file system on C:
The type of the file system is NTFS.
Volume label is foobar.
A disk check has been scheduled.
Windows will now check the disk.

Stage 1: Examining basic file system structure ...
270080 file records processed.
File verification completed.
Phase duration (File record verification): 6.55 seconds.
6980 large file records processed.
Phase duration (Orphan file record recovery): 0.00 milliseconds.
0 bad file records processed.
Phase duration (Bad file record checking): 1.90 milliseconds.

Stage 2: Examining file name linkage ...
1040 reparse records processed.
365912 index entries processed.
Index verification completed.
Phase duration (Index verification): 1.26 minutes.
0 unindexed files scanned.
Phase duration (Orphan reconnection): 299.97 milliseconds.
0 unindexed files recovered to lost and found.
Phase duration (Orphan recovery to lost and found): 1.21 seconds.
1040 reparse records processed.
Phase duration (Reparse point and Object ID verification): 10.31 milliseconds.

Stage 3: Examining security descriptors ...
Cleaning up 4196 unused index entries from index $SII of file 0x9.
Cleaning up 4196 unused index entries from index $SDH of file 0x9.
Cleaning up 4196 unused security descriptors.
Security descriptor verification completed.
Phase duration (Security descriptor verification): 233.36 milliseconds.
47917 data files processed.
Phase duration (Data attribute verification): 1.95 milliseconds.
CHKDSK is verifying Usn Journal...
36184984 USN bytes processed.
Usn Journal verification completed.
Phase duration (USN journal verification): 383.78 milliseconds.

Stage 4: Looking for bad clusters in user file data ...
270064 files processed.
File data verification completed.
Phase duration (User file recovery): 32.53 minutes.

Stage 5: Looking for bad, free clusters ... 204496592 free clusters processed.
Free space verification is complete.
Phase duration (Free space recovery): 0.00 milliseconds.
Windows has scanned the file system and found no problems.
No further action is required.

976708607 KB total disk space.
158175452 KB in 214336 files.
139824 KB in 47918 indexes.
0 KB in bad sectors.
406959 KB in use by the system.
65536 KB occupied by the log file.
817986372 KB available on disk.
4096 bytes in each allocation unit.
244177151 total allocation units on disk.
204496593 allocation units available on disk.

Total duration: 33.95 minutes (2037596 ms).
Internal Info: (a bunch of numbers)
Windows has finished checking your disk.
Please wait while your computer restarts.

An easier way to _find_ the log is to filter events:
o <https://i.postimg.cc/3wcrrQHp/bsod112.jpg>

To filter by events, Rightclick on:
Event Viewer (Local) > Windows Logs > Application
Select "Filter Current Log"
In the Event sources dropdown, check
[x]Chkdsk
[x]Winit
[OK]

You can also spit out the last few event viewer logs:
Get-EventLog -LogName Application -Source chkdsk | Select-Object -Last 5 -Property TimeGenerated,Message | Format-Table -Wrap| out-file "$env:userprofile\Desktop\CHKDSK_SCANS.txt"

There is apparently also wevtutil but I couldn't get it to work.
o wevtutil epl [Application/System/Security/etc] [savepath&filename]
<https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/wevtutil>

Also there's a task scheduler option for check disk:
o <https://i.postimg.cc/QMGpNTYN/bsod114.jpg>
o Win+R > taskschd.msc
Task Scheduler (Local) > Task Scheduler Library
Microsoft > Windows > Chkdsk > ProactiveScan

<http://woshub.com/view-check-disk-chkdsk-results-in-windows-10/>
Note: "chkdsk C: /F /R" is probably what I should have run
because that will "fix" the bad sectors, or maybe even
"chkdsk C: /F /R /X" to unmount it first, or,
"chkdsk C: /f /offlinescanandfix" to check it offline.

Note: I could also have run a "Storage Diagnostic Tool" test:
stordiag.exe -collectEtw -checkfsconsistency -out %userprofile%\desktop

Note: There's also a check disk equivalent in powershell:
Repair-Volume ¡Vdriveletter C ¡Vscan
Repair-Volume ¡Vdriveletter C ¡Vofflinescanandfix
Repair-volume ¡Vdriveletter E ¡Vspotfix
Repair-Volume -DriveLetter EHI ¡VSpotFix
You can even scan drives on remote computers:
Repair-Volume ¡Vdriverletter c -scan ¡Vcimsession ny-fs01,ny-fs02,ny-dc01
And you can scan SMART status of HDD using "cmdlets"
Get-PhysicalDisk | Sort Size | FT FriendlyName, Size, MediaType,SpindleSpeed, HealthStatus, OperationalStatus -AutoSize

[Arlen Holder]

On Mon, 14 Sep 2020 10:36:48 -0700, Mike Easter wrote:

> That is, this isn't a 'virgin' win10pro that is bsod/ing, it is a arlen
> frankenholder win10pro, nicht wahr?

Das ist richtig Herr Easter!
o You might wonder why I haven't responded all day, Mike.

I got my first BSOD in days, this morning, when I woke up.
o It took me about six hours of repetitive booting to get the OS back.

By the time I booted to a stable OS, I had a dozen handwritten pages of
what happened, where I've been up and alive for, oh, about three hours now,
but it took me six hours to be booted to a stable OS.
(I need to write the steps up separately, so that others can benefit.)

I must have booted twenty to thirty times in that process, where I
documented every step with a photo if I could (some flashed by too fast).

Here's just the short summary of my day today...

o This is the PC hardware:
<https://i.postimg.cc/FR03FQMc/bsod201.jpg>

o This is just some of the dozen pages of steps it took to boot today:
<https://i.postimg.cc/gJzjkzQt/bsod202.jpg>

o BSOD #1 (with white lines) SYSTEM SERVICE EXCEPTION
<https://i.postimg.cc/BnCkxJXG/bsod203.jpg>

o BSOD #2 (with white lines) SYSTEM THREAD EXCEPTION NOT HANDLED
<https://i.postimg.cc/5t7rRpB7/bsod204.jpg>

o BSOD #3 SYSTEM THREAD EXCEPTION NOT HANDLED
<https://i.postimg.cc/RFWY5fGM/bsod205.jpg>

o BSOD #4 (just the white lines)
<https://i.postimg.cc/tT8MXTmF/bsod206.jpg>

o BSOD #5 (with white lines) DRIVER OVERRAN STACK BUFFER
<https://i.postimg.cc/FFJ6Ty7p/bsod207.jpg>

o BSOD #6 KERNEL SECURITY CHECK FAILURE
<https://i.postimg.cc/gkFTQxhW/bsod208.jpg>

o Choosing the latest restore point:
<https://i.postimg.cc/HswhgT07/bsod209.jpg>

o Back to Windows 10 again, like nothing ever happened:
<https://i.postimg.cc/bwqFY4LV/bsod210.jpg>

Now, it's working just fine!
--
As with religion & God, both computers & Microsoft work in mysterious ways.

[Arlen Holder]

Today I was on the old WinXP 1/2GB memory DELL laptop, missing a battery
and with a dead screen (so it is treated as a "desktop" in a weird way).

Given its main purpose is to tie to the scanner, I've pulled the Ethernet
cable so it hasn't been on the Internet for quite some time.

I got to thinking whether the Hirens Boot CD to WinXP would work on that
old BIOS laptop, and lo and behold, it worked just fine!

I was pleasantly surprised that the mouse seemed snappier and the file
system seemed to be accessed faster under the Hirens Boot USB to WinXP than
the original WinXP was, which was a pleasant surprise (Thanks Mike!).

In addition, I ran a few virus checks that were on the Hirens Boot USB
which was also nice, and a defrag operation (which quit due to lack of disk
space).

In summary, if you have an XP machine off the net, you might consider
booting to the Hirens XP which seems to work as well or better than the
original XP did.

Thanks Mike.

[Mike Easter]

Arlen Holder wrote:
> In summary, if you have an XP machine off the net, you might consider
> booting to the Hirens XP which seems to work as well or better than the
> original XP did.

That isn't the way I would 'do that' -- where 'that' is breathing some
life into some old hardware which is lying around fallow.

I have such an old low resource machine which I inherited as a
hand-me-down from a friend. It has an 'original' *legitimate* OEM WinXP
on its hdd; it is a Dell Inspiron 1300 laptop w/ 600 MHz Pentium M and 1
G of ram, BIOS 2006. Its battery doesn't work, but its screen does.

6 y ago I equipped it w/ a lightweight graphical linux as a dual boot;
that was a Mint 17 XFCE which runs fine, but is now out of its support
lifetime. I haven't gotten around to replacing that linux w/ a
currently supported v., but I have tested some options such as current
MX Linux, which also runs fine.

The biggest advantage of the linux over the OEM XP are that it runs a
modern browser.

In the case of your machine, a linux would also be a better choice for
it because:
- the Hirens wasn't 'intended' to be used as a OS except for its role
in troubleshooting
- it certainly wasn't MS's 'intention' to be providing an outdated old
OS for old hardware

Since your machine has 2G ram, it has even more linux options than my 1G
machine; likely the 'bottleneck' restricting choices would be what its
old graphics are, which we don't know at this point.




--
Mike Easter

[Arlen Holder]

On Sat, 26 Sep 2020 04:56:47 -0700, Mike Easter wrote:

> Arlen Holder wrote:
>> In summary, if you have an XP machine off the net, you might consider
>> booting to the Hirens XP which seems to work as well or better than the
>> original XP did.
>
> That isn't the way I would 'do that' -- where 'that' is breathing some
> life into some old hardware which is lying around fallow.

Hi Mike,
Yes. But. In reality, I was needing a sneaker net because I scanned in a
document with my ancient Dell Inspiron B130 laptop connected, via USB, to
my almost as ancient HP laserjet 3200m which I only use as a scanner.

I needed to bring the scan to another machine, so I grabbed the recently
created winXP hiren's boot USB, and then figured, what the heck.

I may as well see if it boots on the ancient Dell laptop (it's so old it
has only 1/2GB of memory, and only a 149GB HDD - it's got to be more than
15 years old - and it's still (kind of sort of) kicking!

It booted, and it's still running virus scans as we speak.

> The biggest advantage of the linux over the OEM XP are that it runs a
> modern browser.

This is a good point of the modern tools for an old-as-hell laptop.
o And, another key advantage is you can put it back on the network.

As long as it works with the HP LJ 3200m scanner, I'm fine with Linux.

> Since your machine has 2G ram, it has even more linux options than my 1G
> machine; likely the 'bottleneck' restricting choices would be what its
> old graphics are, which we don't know at this point.

Actually, it has only 1/2 GB of RAM.
o It's a $500 Dell Inspiron B130.
--
BTW, I was able to create, on Win10, crash logs, which I was writing up the
analysis in deep detail last night, when that BSOD Win10 machine crashed
again, and again, and again, and wouldn't boot until this morning. Sigh.

Details to follow in the BSOD thread.

[David W. Hodgins]

On Sat, 26 Sep 2020 11:11:05 -0400, Arlen Holder <arlen_...@newmachines.com> wrote:
> As long as it works with the HP LJ 3200m scanner, I'm fine with Linux.

$ grep 'HP LaserJet 3200' /usr/share/hplip/data/models/models.dat
model1=HP LaserJet 3200 All-in-One Printer
model2=HP LaserJet 3200se All-in-One Printer

>> Since your machine has 2G ram, it has even more linux options than my 1G
>> machine; likely the 'bottleneck' restricting choices would be what its
>> old graphics are, which we don't know at this point.

> Actually, it has only 1/2 GB of RAM.
> o It's a $500 Dell Inspiron B130.

I have Mageia 7 running xfce4 on a toshiba portege with 1GB ram. That's slow
enough that trying to run on 1/2 GB would be swapping before it even starts
to load a desktop environment. It might be ok as a command line only system,
any but gui would be intolerably slow.

Regards, Dave Hodgins

--
Change dwho...@nomail.afraid.org to davidw...@teksavvy.com for
email replies.

[Mike Easter]

David W. Hodgins wrote:

> Arlen Holder wrote:
>> As long as it works with the HP LJ 3200m scanner, I'm fine with Linux.
>
> $ grep 'HP LaserJet 3200' /usr/share/hplip/data/models/models.dat
> model1=HP LaserJet 3200 All-in-One Printer
> model2=HP LaserJet 3200se All-in-One Printer
>
>>> Since your machine has 2G ram, it has even more linux options than my 1G
>>> machine; likely the 'bottleneck' restricting choices would be what its
>>> old graphics are, which we don't know at this point.
>
>> Actually, it has only 1/2 GB of RAM.
>> o It's a $500 Dell Inspiron B130.
>

I misread his 1/2 as 2. 0.5 isn't much ram. I don't have anything
around here that low. Even my RPi3B is 1 G.

> I have Mageia 7 running xfce4 on a toshiba portege with 1GB ram.
> That's slow enough that trying to run on 1/2 GB would be swapping
> before it even starts to load a desktop environment. It might be ok
> as a command line only system, any but gui would be intolerably
> slow.
>

I have a current Sparky minimal GUI that is pretty light.

It is OpenBox over Debian. The Raspbian on the RPi is OB & some LXDE
parts. Sparky uses Thunar file, LX term. Its free -m to the live
desktop is 237.


--
Mike Easter

[Arlen Holder]

On Sat, 26 Sep 2020 10:24:15 -0700, Mike Easter wrote:

>> As long as it works with the HP LJ 3200m scanner, I'm fine with Linux.
>
> $ grep 'HP LaserJet 3200' /usr/share/hplip/data/models/models.dat
> model1=HP LaserJet 3200 All-in-One Printer
> model2=HP LaserJet 3200se All-in-One Printer

Hi Mike,

Thanks for your purposefully helpful answer.
o It's good to know the HP LaserJet 3200m will work on Linux as a scanner.

> I misread his 1/2 as 2. 0.5 isn't much ram. I don't have anything
> around here that low. Even my RPi3B is 1 G.

Here are the specs for the Dell Inspiron B130
o <http://www.notebookreview.com/assets/9016.jpg>
<http://www.notebookreview.com/notebookreview/dell-inspiron-b130-and-b120-review-pics-specs/>

o Intel Pentium M Processor 740 (1.73GHz/2MB Cache/400MHz FSB*)
o 15.4-inch WXGA display
o 512MB of RAM (2 stick configuration)
o Intel integrated Media Accelerator 900 graphics card
o 60GB Hard Drive (5400RPM)
o Microsoft Windows XP Home
o 24x CD Burner/DVD Combo drive
o Dell 1470 Internal Wireless 802.11a/b/g
o 56Kbps Modem and Integrated Network Card (ethernet)
o Dimensions: Height 1.41″, Width 14.0″, Depth 10.5″
o Weight: 6.7lbs (with 4-cell battery)
o 4-cell Lithium Ion Battery
o Ports: 3 USB 2.0, VGA out, Modem RJ-11, audio line-out
(for speakers headphones), external microphone port, ExpressCard 34 slot
o 1 yr. warranty
o Final Price (after using $250 off Dell coupon): $1,027 – $250 Off
with Dell Coupon Code + $49.00 Shipping + $69.17 Tax = $895.17
Note: * The Pentium M 740 actually has a 533MHz FSB
but operates only at 400MHz in the Dell Inspiron B130

I remember I got a "good deal" back in the day for the thing as I bought a
few as gifts, which I'm wont to do when I get a good price on electronics.
--
I paid $500 but I have a 149GB HDD, which may not be original (I don't
remember if I replaced it). The battery died long ago, as did the screen.

[Mike Easter]

Arlen Holder wrote:
> On Sat, 26 Sep 2020 10:24:15 -0700, Mike Easter wrote:
>
>>> As long as it works with the HP LJ 3200m scanner, I'm fine with Linux.
>>
>> $ grep 'HP LaserJet 3200' /usr/share/hplip/data/models/models.dat
>> model1=HP LaserJet 3200 All-in-One Printer
>> model2=HP LaserJet 3200se All-in-One Printer
>
> Hi Mike,
>
> Thanks for your purposefully helpful answer.

You mis-attributed to me. That was David W. Hodgins grep read from
hplip .dat file.

> o It's good to know the HP LaserJet 3200m will work on Linux as a scanner.
>
>> I misread his 1/2 as 2. 0.5 isn't much ram. I don't have anything
>> around here that low. Even my RPi3B is 1 G.
>
> Here are the specs for the Dell Inspiron B130
> o <http://www.notebookreview.com/assets/9016.jpg>
> <http://www.notebookreview.com/notebookreview/dell-inspiron-b130-and-b120-review-pics-specs/>
>
> o Intel Pentium M Processor 740 (1.73GHz/2MB Cache/400MHz FSB*)
> o 15.4-inch WXGA display
> o 512MB of RAM (2 stick configuration)

The article says that Dell says the max ram is 1G, but as is often the
case, it also says users have found for themselves that it can take/use 2G.

It is hard to find a 'good deal' on old ram, but some people have access
to 'recycled' throwaway ram sticks which are practically free. With 2G
ram, that would be a much more functional machine; but not if you had to
purchase it retail -- the whole machine wouldn't be worth the cost of
the ram.

> o Intel integrated Media Accelerator 900 graphics card
> o 60GB Hard Drive (5400RPM)
> o Microsoft Windows XP Home
> o 24x CD Burner/DVD Combo drive
> o Dell 1470 Internal Wireless 802.11a/b/g
> o 56Kbps Modem and Integrated Network Card (ethernet)

A fax machine.

> o Dimensions: Height 1.41″, Width 14.0″, Depth 10.5″
> o Weight: 6.7lbs (with 4-cell battery)
> o 4-cell Lithium Ion Battery
> o Ports: 3 USB 2.0, VGA out, Modem RJ-11, audio line-out
> (for speakers headphones), external microphone port, ExpressCard 34 slot
> o 1 yr. warranty
> o Final Price (after using $250 off Dell coupon): $1,027 – $250 Off
> with Dell Coupon Code + $49.00 Shipping + $69.17 Tax = $895.17
> Note: * The Pentium M 740 actually has a 533MHz FSB
> but operates only at 400MHz in the Dell Inspiron B130
>
> I remember I got a "good deal" back in the day for the thing as I bought a
> few as gifts, which I'm wont to do when I get a good price on electronics.
>

Well you are very generous to be gifting such hardware in '06 dollars.

--
Mike Easter

[Arlen Holder]

On Sat, 26 Sep 2020 12:14:46 -0700, Mike Easter wrote:

> You mis-attributed to me. That was David W. Hodgins grep read from
> hplip .dat file.

Well then, thanks go to David Hodgins for stepping in to be purposefully
helpful to a fellow Usenet'er. (I didn't see his post, but he may not have
posted to the group I read your note from, where even I admit the offshoots
don't belong anymore on some of the groups).

> The article says that Dell says the max ram is 1G, but as is often the
> case, it also says users have found for themselves that it can take/use 2G.
>
> It is hard to find a 'good deal' on old ram, but some people have access
> to 'recycled' throwaway ram sticks which are practically free. With 2G
> ram, that would be a much more functional machine; but not if you had to
> purchase it retail -- the whole machine wouldn't be worth the cost of
> the ram.

Yup. It's only the machine because I have a spare office with a spare
printer with a spare computer such that I never bothered to set up any
other computer or printer to be the "home scanner".

Turns out 500MB of RAM is fine for that home scanner purpose.
o What's nice is that the Hiren's XP Boot USB is good for when the OS dies.

> A fax machine.

Yea. I used to use it as a fax machine.
o But when is the last time you sent a fax?

> Well you are very generous to be gifting such hardware in '06 dollars.

Gifting low-cost good price-to-performance hardware is my schtick!

Examples over the years...
o What do you think of the LG Stylus3 plus (T-Mobile LG-TP450) as a gift phone?
<https://groups.google.com/forum/#!topic/comp.mobile.android/wkttc2CxxzM>
o Phablet stocking stuffers: iPhone 7 versus LG Stylo 3 Plus price/performance hardware comparison
<https://groups.google.com/forum/#!topic/comp.mobile.android/ls71mnkj4jk>
o Stocking stuffers for Christmas, great Android phones around $150 (what do you suggest?)
<https://groups.google.com/forum/#!topic/comp.mobile.android/wAodwFeI4V8>

My current Android phone I bought as a gift handful on Black Friday
o Google subtracted $200 + $20 tax if I consented to one day on Google Fi

Where I needed one for myself because a kid decided to go swimming with the
old Android LG Stylo 3 Plus I had gifted for Christmas two years prior, so
I replaced that 2-year old now soaking wet 2017 gifted $130 LG Stylo 3 Plus
with the $100 Moto G7 (of which I gave a bunch away as 2019 gifts and kept
one for myself).

o Does anyone here have Google Fi service? (What do you think of it?)
<https://groups.google.com/forum/#!topic/comp.mobile.android/VwyaI4EgIts>

And where I compared at the time, to Apple's hardware as gifts:
o What is the closest Apple iPhone comparison to the $100 64GB 4GB RAM Motorola G7?
<https://groups.google.com/forum/#!topic/comp.mobile.android/UIYH1QYp8Pw>

Notice non-Apple hardware just gets better, faster, & cheaper over time!
o Does the best price:performance choice in any common consumer electronics device NOT get better, faster, and CHEAPER over time?
<https://groups.google.com/forum/#!topic/comp.mobile.android/eSudn2SUkws>

So lately, I've been giving less Apple hardware & more Android hardware
o In addition to a bunch of gifted S-mode Windows Home computers

o Is there freeware extent to convert Win10S to Win10H WITHOUT enabling the Win10S laptop Wi-Fi?
<https://groups.google.com/forum/#!topic/alt.comp.freeware/MwzjUei-0Oo>

It turns out, often price buys you nothing in terms of hardware value:
o Facts please: What would a 10X more expensive phone actually buy me that actually matters?
<https://groups.google.com/forum/#!topic/comp.mobile.android/SfGKMN43_ss>

Where I'm always on the lookout for gift hardware for my extended family:
o Current Android & iOS smartphones on sale now for less than $250
<https://groups.google.com/forum/#!topic/comp.mobile.android/p2s-rDt_2FQ>
--
The plus for those who give gifts, is they often get them back years later!

[Mike Easter]

Arlen Holder wrote:
> o But when is the last time you sent a fax?

Last year I 'had to' send many pages. It was a PITA. It would have
been much easier to email, but the recipient couldn't do that.

I was very glad that the combination of an ancient WinModem was
compatible w/ VoIP faxing. I used the old WinXP fax accessory and 'Data
Fax SoftModem w/ SmartCP' (in device mgr) whatever that means.

I also have 2 able-bodied external modems which are more linux-capable
than the WinModem. And an old trusty Brother freestanding w/ thermal
paper. If I recall, it couldn't quite pass muster for the VoIP
transmission test. One of either send or receive didn't.

--
Mike Easter

[Arlen Holder]

UPDATE:
a. I was able to get Windows to create crash logs finally (it's not intuitive)
b. The crash logs (or BSOD messages) tentatively implicate 3 specific files:
c:\windows\system32\drivers\fltmgr.sys (implicated in crash logs)
c:\windows\system32\ntoskrnl.exe (secondarily indicated in crash logs)
c:\windows\system32\win32kbase.sys (implicated in BSOD screen message)
c. All three files test good.
sfc /verifyfile=c:\windows\system32\drivers\fltmgr.sys (runs in a second)
sfc /verifyfile=c:\windows\system32\ntoskrnl.exe (takes a second to run)
sfc /verifyfile=c:\windows\system32\win32kbase.sys (runs in a second)

Technical questions that resulted are:
1. How can we tell exactly which restore point Windows finally ended up with?
2. How can we update all the outdated hardware drivers at once?

Gory Details (written so that many others can follow in our footsteps):

Last I reported yesterday afternoon, I had scheduled a checkdisk to run
on boot at about 9:20 PM after running sfc and dism cleanup operations:
o <https://i.postimg.cc/PrNVbMsw/newbsod01.jpg>
o <https://i.postimg.cc/tCfSBVpm/newbsod02.jpg>
o <https://i.postimg.cc/52CPTNt9/newbsod03.jpg>
o <https://i.postimg.cc/YSBXHK46/newbsod04.jpg>
o <https://i.postimg.cc/nrxjF24w/newbsod05.jpg>
o <https://i.postimg.cc/hPyfZYzY/newbsod06.jpg>
o <https://i.postimg.cc/1377tygK/newbsod07.jpg>

Just my luck that it BSOD'd during that checkdisk operation at about 9:26 PM:
o <https://i.postimg.cc/BnkhdZKy/newbsod08.jpg>
Your device ran into a problem and needs to restart.
We're just collecting some error info, and then you can restart.
0% complete
System Thread Exception Not Handled

Then, it BSOD'd instantly on the very next reboot at about 9:28 PM.
o <https://i.postimg.cc/vZJz0qRw/newbsod09.jpg>
Your device ran into a problem and needs to restart.
We're just collecting some error info, and then you can restart.
100% complete
Kernel Mode Heap Corruption

Note that the log file appears to have been created 100%.

o The third reboot then brought up the POST screen, which is a good sign:
<https://i.postimg.cc/nhbj56L2/newbsod10.jpg>

o Then came the obligatory "Preparing Automatic Repair" & ferris dots:
<https://i.postimg.cc/2S7Qxzxh/newbsod11.jpg>

o And then the "Diagnosing your PC" and ferris dots:
<https://i.postimg.cc/QNKcygbX/newbsod12.jpg>

o And the always inevitable "Windows couldn't load correctly":
<https://i.postimg.cc/j5pnb9XR/newbsod13.jpg>
To which I pressed [Restore]

o Which brought us to the "Attempting repairs" screen with ferris dots:
<https://i.postimg.cc/9QL4Mzp8/newbsod14.jpg>

o After a flag, ferris dots, & a flag with ferris dots, "Please wait":
<https://i.postimg.cc/j5PdzjHr/newbsod15.jpg>

o Once booted, I noticed from my menus Windows had reverted to an old
restore point, but I can't figure out how to tell which one it used.
(You'd think it's the last but it's not always the last one, particularly
when it takes many reboots to finally get to the login screen.)

o I ran the Windows Reliability Monitor which finally had some information:
<https://i.postimg.cc/dQgpbBcn/newbsod16.jpg>
Win+R > perfmon /rel

Control Panel > System & Security > Security & Maintenance

o The first of two logged failures was not all that informatively useful:
<https://i.postimg.cc/9FVtwRdC/newbsod17.jpg>
Control Panel > System & Security > Security & Maintenance > Problem Details
Date: 9/25/2020 9:38 PM
Problem: Windows failed to start because of missing system files
Description: Windows was unable to determine the problem.
Error code: 0x13a

o The second of two logged failures was only slightly more informative:
<https://i.postimg.cc/3R5DMV9Y/newbsod18.jpg>
Control Panel > System & Security > Security & Maintenance > Problem Details

This is the first of two entries at 9:39 PM:
Problem: Windows stopped working 9/25/2020 9:39 PM
Description
The computer has rebooted from a bugcheck.
The bugcheck was: 0x0000013a
(0x0000000000000012, 0xffffca0853202100, 0xffffca0858beb000, 0x0000000000000000)
A dump was saved in: C:\Windows\MEMORY.DMP.
Report Id: ba013a5c-613d-4fae-9d5a-a26f9ab3b1af.

This is the second of two entries at 9:39 PM:

Problem: Shut down unexpectedly 9/25/2020 9:39 PM
Problem signature
Problem Event Name: BlueScreen
Code: 13a
Parameter 1: 12
Parameter 2: ffffca0853202100
Parameter 3: ffffca0858beb000
Parameter 4: 0
OS version: 10_0_19041
Service Pack: 0_0
Product: 256_1
OS Version: 10.0.19041.2.0.0.256.48
Locale ID: 1033

o Than I ran the Windows System Event Viewer:
<https://i.postimg.cc/LsBZpvWP/newbsod19.jpg>
Win+R > eventvwr.msc
EventViewer (Local) > Windows Logs > System > (right click)
Filter Current Log > Event IDs = 41, 1074, 6006, 6008

Information: 9/25/2020 9:24:30 PM Source=User32 EventID=1074 Task=None
General: The process C:\Windows\Explorer.EXE (pcname) has initiated
the restart of computer pcname on behalf of user pcname\username
for the following reason: Other (Unplanned)
Reason Code: 0x0
Shutdown Type: restart
Comment:
General:
Log Name: System
Source: User32
Event ID: 1074
Level: Information
User: pcname\username
OpCode: Info
Logged: 9/25/2020 9:24:30 PM
Task Category: None
Keywords: Classic
Computer: pcname

Information: 9/25/2020 9:24:36 PM Source=EventLog EventID=6006 Task=None
General: The Event log service was stopped.
Log Name: System
Source: EventLog
Event ID: 6006
Level: Information
User: N/A
OpCode: Info
Logged: 9/25/2020 9:24:36 PM
Task Category: None
Keywords: Classic
Computer: pcname

o Then I ran "WhoCrashed" which implicated "fltmgr.sys" & "ntoskrnl.exe":
<https://i.postimg.cc/Y28Z9HFn/newbsod20.jpg>

On Fri 9/25/2020 9:28:05 PM your computer crashed or a problem was reported
crash dump file: C:\Windows\MEMORY.DMP
This was probably caused by the following module: fltmgr.sys
(FLTMGR!FltCbdqInitialize+0x2EC2)
Bugcheck code: 0x13A (0x12, 0xFFFFCA0853202100, 0xFFFFCA0858BEB000, 0x0)
Error: KERNEL_MODE_HEAP_CORRUPTION
file path: C:\Windows\system32\drivers\fltmgr.sys
product: Microsoft(c) Windows(c) Operating System
company: Microsoft Corporation
description: Microsoft Filesystem Filter Manager
Bug check description: This indicates that the kernel mode heap manager has detected corruption in a heap.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in a file system driver. Since there is no other responsible driver detected,
this could be pointing to a malfunctioning drive or corrupted disk.
It's suggested that you run CHKDSK.

On Fri 9/25/2020 9:28:05 PM your computer crashed or a problem was reported
crash dump file: C:\Windows\Minidump\092520-31906-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x3F3EA0)
Bugcheck code: 0x13A (0x12, 0xFFFFCA0853202100, 0xFFFFCA0858BEB000, 0x0)
Error: KERNEL_MODE_HEAP_CORRUPTION
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft(c) Windows(c) Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that the kernel mode heap manager has detected corruption in a heap.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel.
Possibly this problem is caused by another driver that cannot be identified at this time.

Conclusion
2 crash dumps have been found and analyzed.
No offending third party drivers have been found.
Connsider [sic] using WhoCrashed Professional which offers more detailed
analysis using symbol resolution.
Also configuring your system to produce a full memory dump may help you.

o Time to check the hash for these three implicated files:
Name: fltMgr.sys
Size: 430392 bytes (420 KiB)
SHA256: 6390C3D54E955C42E73B74B1FDFB7BA45965DCBA273B34EDADAC265ADCDD9731
(Implicated by the crash logs.)

Name: ntoskrnl.exe
Size: 10847552 bytes (10 MiB)
SHA256: A577850D67D1B4DF94E64B3309169E20F3850D4BFA54C40DC9F4F09722E2F5EA
(Implicated by the crash logs.)

Name: win32kbase.sys
Size: 2951680 bytes (2882 KiB)
SHA256: 0BE65ECF2983B13A8C25687A5695A2542D184DEC45DD28C7D38190F25C06B3DF
(Implicated by an earlier BSOD message.)

o But nothing seems to be wrong with those the implicated files:
Win+R > cmd {control+shift+enter}
sfc /verifyfile=c:\windows\system32\drivers\fltmgr.sys (runs in a second)
sfc /verifyfile=c:\windows\system32\ntoskrnl.exe (takes a second to run)
sfc /verifyfile=c:\windows\system32\win32kbase.sys (runs in a second)

o I also ran the following commands, all of which came up clean:
sfc /scannow (mine took about 10 minutes for the first run)
sfc /scannow (mine took about 4 minutes for the second run)
sfc /scannow (mine took about 4 minutes for the third run)
Dism /Online /Cleanup-Image /CheckHealth (mine took five seconds)
Dism /Online /Cleanup-Image /ScanHealth (mine took thirteen minutes)
Dism /Online /Cleanup-Image /RestoreHealth (mine took about ten minutes)
sfc /scannow (mine took about seven minutes for this last run)

o Ran BlueScreenView which used C:\Windows\MiniDump implicating the same files:
<https://i.postimg.cc/nhkfvD9x/newbsod21.jpg>

Dump File: 092520-31906-01.dmp
Crash Time: 9/25/2020 9:28:05 PM
Bug Check Code: 0x0000013a
Parameter 1: 00000000'00000012
Parameter 2: ffffca08'53202100
Parameter 3: ffffca08'58beb000
Parameter 4: 00000000'00000000
Caused by Driver: FLTMGR.SYS
Caused by Address: FLTMGR.SYS+aa2f
Processor: x64
Crash Address: ntoskrnl.exe+3f3ea0
Full Path: C:\Windows\Minidump\092520-31906-01.dmp
Processors Count: 4
Major Version: 15
Minor Version: 19041
Dump File Size: 602,252
Dump File Time: 9/25/2020 9:39:31 PM

o Googling for what fltmgr.sys is, a problem is every scam on the planet
tells you a teeny tiny bit about the file, and then tries to sell you
their driver fixit tools.
o What Is Fltmgr.sys?
<https://www.partitionwizard.com/disk-recovery/fltmgr-sys.html>
It's a MS Windows file related to the file system filter manager.
It's used to make sure all files stay in their proper locations.

o What Is Fltmgr?
<https://www.file.net/process/fltmgr.sys.html>
Microsoft Filesystem Filter Manager is an essential Windows process
that allows installed files to be placed into their respective directories.
This utility is installed with the Windows OS, and is only triggered
when a minifilter driver is loaded. The Filter manager then connects
with the files system stack for a target volume.

o What causees FltMgr.sys Errors?
<https://www.personalcomputerfixes.com/how-to-prevent-fltmgr-sys-blue-screen-errors/>
The fltmgr.sys error is caused when Windows cannot read or process files
that are on the hard drive, usually because the File System Manager is
damaged or unreadable. If this is the case, it can cause hard drives
to stop working and the blue screen to appear.

o Googling for what ntoskrnl is,

o Googling for what win32kbase.sys is, I find the same scam tactics:
o ntoskrnl.exe (Wikipedia)
<https://en.wikipedia.org/wiki/Ntoskrnl.exe>
In computing ntoskrnl.exe (short for Windows NT operating system kernel
executable), also known as kernel image, provides the kernel and
executive layers of the Microsoft Windows NT kernel space.

o Fix Ntoskrnl.exe BSOD on WIndows 10
<https://www.partitionwizard.com/disk-recovery/ntoskrnlexe-bsod.html>

o What causes the ntoskrnl.exe error?
<https://www.auslogics.com/en/articles/fix-ntoskrnl-exe-bsod/>
There's no one thing that could be said to be the cause.
The issue could be software or hardware related.
But the possible factors include:
Your device drivers are outdated, corrupt, or incompatible.
Faulty RAM.
Your RAM and local storage may be inadequate.
You overclocked your devices.
Some of your system files are corrupt.

o I checked my driver update which says I'm updated just fine:
Win+I > Update & Security > Windows Update > [Check for updates]

o I bit and tried the "auslogics driver update" but it will only update
three drivers every 4 hours (go figure).

<https://www.auslogics.com/en/articles/fix-ntoskrnl-exe-bsod/>
<https://downloads.auslogics.com/en/driver-updater/driver-updater-setup.exe>

Name: driver-updater-setup.exe
Size: 12768144 bytes (12 MiB)
SHA256: A9A07BCDF2D9663FC54B42DC2E754BD9AADABD8DA9D7CF428618808B7F076F81
C:\Program Files (x86)\Auslogics\Driver Updater
C:\app\hardware\driver\auslogic_driver_updater

When I ran the crippleware, it said:
ATTENTION: 10 drivers on your PC are either outdated or corrupt.

AMD SMBus Installed 8/30/2017 Available 9/25/2018 Outdated
PCI Standard ISA Bridge Installed 6/21/2006 Available 7/16/2012 Outdated
HID-compliant mouse Installed 6/21/2006 Available 4/24/2010 Outdated
Disk drive Installed 6/21/2006 Available 8/11/2013 Outdated
Microsoft iSCSI Initiator Installed 6/21/2006 Available 11/13/2008 Outdated
Standard Dual Channel PCI IDE Controller Installed 6/21/2006 Available 6/28/2013 Outdated
Standard Dual Channel PCI IDE Controller Installed 6/21/2006 Available 6/28/2013 Outdated
Realtek USB 2.0 Card Reader Installed 3/15/2018 Available 4/1/2019 Outdated
Realtek PCIe GbE Family Controller Installed 4/10/2015 Available 12/6/2018 Outdated
Generic PnP Monitor Installed 6/21/2006 Available 9/16/2010 Outdated

o I tried to update the remaining 7 device drivers manually:
Win+R > devmgmt.msc
And then I right clicked > Update Drivers - HID-Compliant Mouse >
Search automatically for drivers (but all I tested simply reported):
"The best drivers for your device are already installed"

What I'll do is every four hours, I'll update another 3 drivers.

o Googling for a good free driver update tool, I find this article:
o 11 Best Free Driver Updater Tools
<https://www.lifewire.com/free-driver-updater-tools-2619206>
1. Driver Booster
2. DriverPack Solution
3. Snappy Driver Installer
4. Driver Talent
5. DriversCloud
6. DriverIdentifier
7. Free Driver Scout
8. Driver Easy
9. Device Doctor
10. DriverHub
11. DriverMax

Where I opened a thread on what's the best update driver software:
o What's the one free Windows 10 driver update tool you prefer most and why?
<https://groups.google.com/forum/#!topic/alt.comp.freeware/zhWjvKgDBt4>
<https://groups.google.com/forum/#!topic/alt.comp.microsoft.windows/-yDz26GC6zA>
--
I'm determined to find out what is causing this BSOD but it's not easy!

[Arlen Holder]

UPDATE:

The only update I want to make, since it irks me when people don't close
the loop after getting such excellent & friendly help, is that I haven't
had a BSOD for, oh, let me see based on my restore point logs...
Win+R > systempropertiesprotection

The last BSOD was 9/27 at 3am.
I swapped the order of the memory, but I doubt that made any difference.
I also ran a series of sfc and dism and check-disk commands.

The BSOD crash logs implicated fltmgr.sys first, and ntoskrnl.exe next, but
if you google them, you'll find 99% bullshit (spam crap for software to
"clean up your computer") and barely 1% real technical advice, all of it
being to just run the sfc, dism, and check-disk commands & to update
drivers.

So I did all that.

Dunno if anything else has improved, but all the drivers that would update
are updated, using Dumo crippleware, Auslogics crippleware, & DriverPack
crapware, even as Windows itself never complained about the drivers via:
Win+R > verifier
Win+R > devmgmt.msc
Win+I > Update & Security

And worse, Windows refuses to even say that the drivers need updating, so
it's hard to blame Windows for that.

The machine is almost always running, so there have been plenty of chances
for a BSOD, but I'll let you know if/when the next one happens.

It's only fair since you spent your valuable time & energy to help me.

[Arlen Holder]

UPDATE <https://i.postimg.cc/HnY00z47/winbsod01b.jpg>

Got my first BSOD since 9/26 when I awoke this morning:
o Your device ran into a problem and needs to restart.
o We're just collecting some error info, and then you can restart.
o 100% complete
o Unexpected kernel mode trap
<https://i.postimg.cc/HnY00z47/winbsod01b.jpg>

Machine runs 24/7 with sleep, hibernate, fastboot all turned off
o Also disabled are reboot-after-crash & reboot after update

That way, I get the information from the BSOD screen
o And the machine doesn't restore to older RPs without me knowing it

All drivers have been updated to the latest I can possibly find:
o <https://i.postimg.cc/CKjgVNKK/driver16.jpg>

I shut down the machine to a cold state (light off the motherboard & PS)
o Then I shuffled the 4 memory cards, outside to middle, middle to outside

Then I did the cold reboot process with monitors on the power strip
o And the machine booted to the login prompt without argument

I immediately created a new restore point, so that I know where I was:
o Win+R > systempropertiesprotection > [Create]

I then ran "WhoCrashed", but it only sees the crash dumps from 9/26.
o Next I ran BlueScreenView, which also only sees the 9/26 crash logs.

Why doesn't this new BSOD today create a crash log file?

Let's check the "automatic memory dump" settings:
Win+R > systempropertiesadvanced > Startup and Recovery > [Settings]
Default Operating system:
[Windows 10]
System startup:
[x]Time to display list of operating systems [10]seconds
[x]Time to display recovery options when needed [30]seconds
System failure:
[x]Write an event to the system log
[_]Automatically restart
Write debugging information
[Automatic memory dump]
Dump file:
[%SystemRoot%\memory.dmp]
[_]Overwrite any existing file
[x]Disable automatic deletion of memory dumps when disk space is low

Maybe I need to have checked the "overwrite" button?
o I would have presumed it can make a new one next to it?

For now, I checked the overwrite button...
o Whenever I get a crash log, I can manually copy it to a safe place

I ran these move commands to ensure the log name is available:
o Win+R > cmd {control+shift+enter}
o move %SystemRoot%\memory.dmp c:\data\sys\bsod\20200925_memory.dmp
o move %SystemRoot%\Minidump\092520-31906-01.dmp c:\data\sys\bsod\.
o move %LocalAppData%\crashdumps\*.dmp c:\data\sys\bsod\.

I decided to change my page size from the default 2.5GB managed by Windows
to more than my memory (> 16GB) just in case that will help gather info.

Win+R > systempropertiesadvanced > Performance > [Settings] > [Advanced]
Virtual memory Total paging file size for all drives: 2432 MB [Change]
[x]Automaticaly manage paging file size for all drivers
Uncheck that... and select
(o)Custom size
Initial size (MB): 9216
Maximum size (MB): 9216
(it says I need to reboot.)

As usual, I ran these obligatory steps after the BSOD:
1. sfc /scannow (should take about 10 minutes for the first run)
Windows Resource Protection did not find any integrity violations.
2. sfc /scannow (should take about 4 minutes for the second run)
3. sfc /scannow (should take about 4 minutes for the third run)
4. Dism /Online /Cleanup-Image /CheckHealth (should take 5 seconds)
No component store corruption detected.
5. Dism /Online /Cleanup-Image /ScanHealth (should take about 13 minutes)
6. Dism /Online /Cleanup-Image /RestoreHealth should take about 10 minutes)
7. sfc /scannow (should take about 7 minutes for this last run)
8. chkdsk /f /r C:
9. shutdown.exe /r /f /t 5 /c "Reboot in 5 seconds"

[Arlen Holder]

On Mon, 5 Oct 2020 19:29:38 -0000 (UTC), Arlen Holder wrote:
> 8. chkdsk /f /r C:
> 9. shutdown.exe /r /f /t 5 /c "Reboot in 5 seconds"

Just to finish up explaining how to recover from a BSOD
o Because this thread is intended to help others solve their BSOD issues

The check disk /r /f ran to completion after rebooting:
o <https://i.postimg.cc/668bjhqk/winbsod02.jpg>
o <https://i.postimg.cc/RC2sjnnN/winbsod03.jpg>
o <https://i.postimg.cc/dtdHvt8n/winbsod04.jpg>

The checkdisk logs show zero errors:
<https://i.postimg.cc/PrYYXx5L/winbsod05.jpg>
o Win+R > eventvwr
o Event Viewer (Local) > Windows Logs > Application
o Find > wininit > [Find Next]

A disk check has been scheduled.
Windows will now check the disk.
Stage 1: Examining basic file system structure ...

0 bad file records processed.

Stage 2: Examining file name linkage ...

0 unindexed files recovered to lost and found.

Stage 3: Examining security descriptors ...

Usn Journal verification completed.

Stage 4: Looking for bad clusters in user file data ...

File data verification completed.

Stage 5: Looking for bad, free clusters ...

Free space verification is complete.

Windows has scanned the file system and found no problems.
No further action is required.

0 KB in bad sectors
Total duration: 55.69 minutes (3341634 ms).

In summary, after a BSOD, these 10 sfc & DISM & chkdsk steps are
veritably required to ensure the integrity of your Windows file system.
0. Win+R > cmd {control+shift+enter}
1. sfc /scannow
2. sfc /scannow
3. sfc /scannow

4. Dism /Online /Cleanup-Image /CheckHealth

5. Dism /Online /Cleanup-Image /ScanHealth

6. Dism /Online /Cleanup-Image /RestoreHealth

7. sfc /scannow

8. chkdsk /f /r C:
9. shutdown.exe /r /f /t 5 /c "Reboot in 5 seconds"

10. Win+R > eventvwr > Windows Logs > Application > Find "wininit"
--
Others may benefit from at least one good BSOD diagnostic tutorial.

[Arlen Holder]

On Fri, 16 Oct 2020 03:30:16 -0400, Andy wrote:

> Did you ever find the problem i would have rolled back the Nvidea driver i
> had that problem once and rolling the driver back fixed it until they
> relised a fixed updated driver the next month.

Hi Andy,

Thanks for sticking with this since there are three things I am wont to do:
1. I always (almost always, eventually) figure out the problem cause, and,
2. I often try to learn as much as I can about debugging in the process,
3. And, I sometimes write up the gory details in the form of tutorials.

Hence, everyone benefits from any troubleshooting we collectively do.

To that end of troubleshooting, I've learned a lot, and I've stress tested
a lot, but I haven't yet definitively figured out the problem - but I do
not think it's the Nvidia drivers, if only because the BSOD happened even
after I had the Nvidia card removed from the system for months
(since the AMD-based motherboard has its own graphics output).

So I put the Nvidia GeForce 210 card back into the PCI slot, and it
BSOD'd with or without that specific graphics card being involved.

As you may be aware, I tested the memory (Memtest86 v4 for BIOS) for
24 hours, but I still think it "may" be memory related simply because,
consistently, when I reshuffle the memory, the boot-after-BSOD is
successful every time, whereas if I don't reshuffle the memory cards,
that's not always the case (yes, I know it's flimsy evidence).

I've tested all the drivers using Microsoft "Verifier.exe", and
I've updated all the drivers that could be updated (using Dumo to
tell me what's available), and I've identified the memory location
where the BSOD occurred
o ntoskrnl.exe (nt+0x3F3EA0)
Bugcheck code: 0x139 (0x3, 0xFFFFF30F99097970, 0xFFFFF30F990978C8, 0x0)
o ntkrnlmp.exe (nt!setjmpex+0x8279)
Bugcheck code: 0x139 (0x3, 0xFFFFF30F99097970, 0xFFFFF30F990978C8, 0x0)

I'm slowly coming to grips with how to proceed to debug _that_ error.
o Meanwhile I'm running a long-term physical test of the memory sticks

Right now, I have memory card 1 (of 4) in one of the four slots.
It hasn't BSOD'd since I did that - but of course - that tells me nothing.

However, what I plan on doing is putting that memory card in all
four slots, and if it still doesn't BSOD for a while,
I'm gonna "presume" tentatively that it's not the slots.

I might then do the same with memory card 2, but overall,
there are so many permutations and combinations I can run
with the four memory slots and four memory cards that if ONE slot
or ONE card is bad, I think the BSOD may finger it.

Dunno yet... but every single day I try something new;
it's just that most of the time there's nothing to report.

Here's a synopses of some of the related threads though...

o Windows 10 BSOD indicates a hardware problem - but what hardware is the problem?

<https://alt.comp.os.windows-10.narkive.com/oL7PTNKu/windows-10-bsod-indicates-a-hardware-problem-but-what-hardware-is-the-problem>
<http://www.pcbanter.net/showthread.php?t=1110105>
<https://groups.google.com/forum/#!topic/alt.comp.microsoft.windows/u0ay9h777Wg>

o What's the one free Windows 10 driver update tool you prefer most & why?
<https://groups.google.com/forum/#!topic/alt.comp.microsoft.windows/-yDz26GC6zA>

o Tutorial: How to update a driver that Windows just doesn't want to update
<https://groups.google.com/forum/#!topic/alt.comp.microsoft.windows/a23fY9CM6rY>

o Tutorial: How to delete a specific restore point in Windows 10 (e.g., after an errant program such as driverpack created it!)
<https://groups.google.com/forum/#!topic/alt.comp.microsoft.windows/MbtX0Y_U0dg>

o Tutorial creating & using Hirens Boot CD & MemTest86 diagnostic stress testing tools for USB boot to Windows 10 PE & WinXPmini on BIOS & UEFI
<https://groups.google.com/forum/#!topic/alt.comp.microsoft.windows/OlpQK3Uy7K8>

o What PC hardware diagnostic stress-testing freeware can you recommend?

<https://groups.google.com/forum/#!topic/alt.comp.microsoft.windows/a6aAvxnDRB8>

o What else in Win10 can we turn off that hinders successful rebooting after a BSOD event that can chew up the operating system?
<https://groups.google.com/forum/#!topic/alt.comp.microsoft.windows/DlMnG1klEhc>

o What does it mean when a CPU won't wake up from its S3 state?
<https://groups.google.com/forum/#!topic/alt.comp.microsoft.windows/YJw0idlompc>

o Is there an option to completely shut off a Windows 10 desktop (not just go to sleep, hibernate, or fastboot)?
<https://groups.google.com/forum/#!topic/alt.comp.microsoft.windows/WVUpUtA_ExA>

o Windows 10 v2004 update repeatedly fails to update non existent keyboard but keeps trying forever (how to stop that nonsense?)
<https://groups.google.com/forum/#!topic/alt.comp.microsoft.windows/Npcs-xbnQdU>

o Tutorial creating & using Hirens Boot CD & MemTest86 diagnostic stress testing tools for USB boot to Windows 10 PE & WinXPmini on BIOS & UEFI
<https://groups.google.com/forum/#!topic/alt.comp.freeware/VWG0NNyGNHc>

o What PC hardware diagnostic stress-testing freeware can you recommend?
<https://groups.google.com/forum/#!topic/alt.comp.freeware/dkkdOmL95d8>

o What does it mean when the Event Viewer (eventvwr.msc) says "Report Sent"?
<https://groups.google.com/forum/#!topic/alt.comp.microsoft.windows/WG9y9YNVeH4>

Together, there must be hundreds of annotated screenshots so people
can see exactly what's going on, such as these in just one post
in that last thread.
a. I received a BSOD today which I am methodically diagnosing step by step.
<https://i.postimg.cc/k4Hssdpr/bsod205.jpg>
b. One of the score of steps is to see what the event viewer tells me.
<https://i.postimg.cc/0Qh3QmxJ/eventvwr01.jpg>
c. I noticed some events cause a report to be generated and then "sent".
<https://i.postimg.cc/mZMpjPB8/eventvwr02.jpg>
d. Others cause a report to be generated, but, apparently not to be "sent".
<https://i.postimg.cc/63ZcMPJy/eventvwr03.jpg>
e. Still others, cause a report neither to be generated nor to be "sent".
<https://i.postimg.cc/sg2JkxCF/eventvwr04.jpg>

[Arlen Holder]

On Tue, 20 Oct 2020 03:42:04 -0400, Andy wrote:

> What i would do is add memory one slot at a time until you get the blue
> screen of death again then remove the last stick of memory and if it goes
> away you have found the bad stick of memory and yes they can go bad in time.
> Especially the cheap off brand ram that is sold for a low price.
> I only use PNY for my systems as i don't game.

Hi Andy,

I just snapped this screenshot of what I'm testing right now:
o <https://i.postimg.cc/GpGdHnxs/bsod213.jpg>

I want to thank you as I very much appreciate & much need your advice.
o Particularly because the memory passed a MEMTEST86v4 24-hour test

I'm gonna hone in on those memory cards... or those memory slots on the MB
o Since I've almost exhausted all the testing I can do on the drivers

I've been getting these BSOD's since December of last year, where I haven't
yet pinned it down to the cause, but about the only consistent fact is that
"juggling" the memory cards, seems to make the next boot more reliable
after any given BSOD.

That is, if I get a BSOD and then just reboot, I've documented in this
thread that often, it could takes hours of reboot attempts; but if I simply
"juggle" the memory cards, then the _next_ reboot attempt usually works.

This "juggling" can be that I change the order of the four 4GB memory
cards; or that I put only one card in, where right now I have card #3 in
bank #2, but that was just a random selection after the last BSOD.
o <https://i.postimg.cc/GpGdHnxs/bsod213.jpg>

Interestingly, it has been, oh, maybe over a week since I did that, without
any BSOD (and I've been running driver verifier & CPU stress testing all
along).

What I'll do on my next boot, is, as you suggested, _add_ another memory
card, and then test for at least a week. If that goes well, I'll add
another card, and test for a week. And then add the last card & test.

If the BSOD happens, I "may" have found a bad memory card, which I can then
further test alone by MEMTEST86v4 (for BIOS) or by some other methods.
--
I much appreciate the advice of others because BSOD diagnostics are key.

[Arlen Holder]

UPDATE:

As per Andy's suggestion, I'm running for a week at a time, almost 24/7
with a few boots in between due to normal operation of the PC, with very
small changes to the memory card situation.

The original memory cards were labeled as per the original slots:
o With four 4GB memory cards labeled 1 to 4 in memory slots 1 to 4.

The only consistent thing about these BSOD's since last December is that
merely shuffling the cards in the memory slots "appears" to make the
machine more reliable for the next boot after a BSOD.

Following up on that only consistent hint, I've been running (randomly
selected) memory card 3 in memory slot 2 as shown in this prior photo:
o <https://i.postimg.cc/GpGdHnxs/bsod213.jpg>

After a week of no BSODs, yesterday I added memory card 1 in slot 4.
o <https://i.postimg.cc/pdLF3041/bsod219.jpg>

In addition, I followed up on Andy's suggestion to secure the HDDs
o Where I need to find a source of the missing special bolts!
<https://i.postimg.cc/D06XqtS5/bsod214.jpg>

In addition, I've noticed that the disk manager shows that crash logs are
enabled, which is a nice doublecheck that you're all set for the next BSoD.
o Have you noticed a "Crash Dump" description when you run disk management?
<https://groups.google.com/forum/#!topic/alt.comp.microsoft.windows/FSfbmPq3wlM>
<https://i.postimg.cc/QdMhLy3v/format10.jpg>
--
Diagnosing BSODs turns out to take a million little tests over time.

[Arlen Holder]

UPDATE:
o <https://i.postimg.cc/L8w5Cxmr/memtest01.jpg>

o *How to Test RAM: Making Sure Bad Memory Isn't Crashing Your PC*
<https://www.tomshardware.com/how-to/how-to-test-ram>
"One option preferred by us at Tom's Hardware is HCI Design's MemTest.
The good thing about this is you don't have to any pre-booting
and there are no directions. You just run it."

o Downloading MemTest (free)
<https://hcidesign.com/memtest/download.html>
<https://hcidesign.com/memtest/MemTest.zip>
[X:\software\hardware\memory\hcimemtest\MemTest.zip]
Name: MemTest.zip
Size: 17671 bytes (17 KiB)
SHA256: 08960F448F4514E7C2D388420560D7D03F5F0A54EC8F9663D66C887B8E4679E6

o Unzip & move MemTest c:\app\hardware\ram\hcimemtest\
c:\app\hardware\ram\hcimemtest\memtest.exe
Name: memtest.exe
Size: 40960 bytes (40 KiB)
SHA256: 5E2D1B0E56095D4D219F3A606E46CE5DE3220FDF3CF55A6E405D3946F25792A6

o Create a link & SendTo populate your Taskbar accordion cascade menu tree:
c:\menu\hardware\ram\memtest.lnk
TARGET: C:\app\hardware\ram\hcimemtest\memtest.exe
STARTIN: C:\app\hardware\ram\hcimemtest

o Run the program as many times as needed to simultaneously test RAM:
Taskbar > menu > hardware > ram > memtest.lnk
Enter megabytes of RAM to test === All unused RAM
[Start Testing]

Could not allocate 4095 MB
Windows limits the amount of contiguous RAM MemTest can allocate
to between 2 and 3.5GB. To test all your RAM, run more than one copy
of MemTest simultaneously and set each copy to test a portion of
available RAM. Running more than one copy of MemTest does not
lower the quality of the test (and can even improve it if you have
multiple cores or CPUs).

Enter megabytes of RAM to test === 2
[Start Testing]
(instance 1)

o Run Taskbar > menu > hardware > ram > memtest.lnk
Enter megabytes of RAM to test === 2
[Start Testing]
(instance 2)

Note that every installation goes 'where it belongs' (which you define):
o <https://i.postimg.cc/L8w5Cxmr/memtest01.jpg>
--
The high cost of freeware is in finding & testing for the best out there.

[Arlen Holder]

On Mon, 26 Oct 2020 17:15:27 -0000 (UTC), Arlen Holder wrote:

> o Downloading MemTest (free)
> <https://hcidesign.com/memtest/download.html>

Update:
o <https://i.postimg.cc/tCS6LhzB/memtest02.jpg>
o <https://i.postimg.cc/L8w5Cxmr/memtest01.jpg>

I don't know how "good" this HCI "MemTest" freeware is that Tom's Hardware
recommended, but I can say it has been running all morning and yet I
haven't "felt" any impact of it running, while I concurrently use the
machine.

If it actually works, then the huge advantage it has over MemTest86 v4 is
that not only does it work no matter if you're BIOS or UEFI, but it doesn't
require the machine to be unusable while the memory tests are running.
--
Almost never do we fail to solve our problem set using the best freeware.

[Arlen Holder]

UPDATE:
o Previous: Caused by address: ntoskrnl.exe+3f3ea0
o Current_: Caused by address: ntoskrnl.exe+3f45a0

IMAGES:
o <https://i.postimg.cc/fRngbsGX/bsod220.jpg> KMODE EXCEPTION NOT HANDLED
o <https://i.postimg.cc/fLFHgx4D/bsod221.jpg> Who Crashed
o <https://i.postimg.cc/5ymjPSGR/bsod222.jpg> Blue Screen View
o <https://i.postimg.cc/C5Jrw9XH/bsod223.jpg> App Crash View
o <https://i.postimg.cc/j5937ftw/bsod224.jpg> perfmon /rel shortcut
o <https://i.postimg.cc/d1mbYx62/bsod225.jpg> eventvwr filter shortcut

After stress testing two 4GB RAM sticks for about a week...
o Optimistically, last night I had added the other two 4GB RAM sticks...

Within an hour of adding the last two RAMs, I got a STOP CODE
at 11/1/2020 / 18:47:50 Pacific, according to my EXIF information
o <https://i.postimg.cc/fRngbsGX/bsod220.jpg> KMODE EXCEPTION NOT HANDLED

Here's the approximate dates I added those 4GB memory sticks:
o 10/15/2020 4GB Memory 3 was put in motherboard RAM bank 2
o 10/22/2020 4GB Memory 1 was put in motherboard RAM bank 4
o 11/01/2020 4GB Memory 2 was put in motherboard RAM bank 1
o 11/01/2020 4GB Memory 4 was put in motherboard RAM bank 3
(It's currently running fully populated for stress testing.)

BSOD diagnosis was slowed down by WhoCrashed failing to work:
o Has your current copy of WhoCrashed home free version suddenly expired?
<https://groups.google.com/forum/#!topic/alt.comp.microsoft.windows/DV15x2Wuv6k>
Due to (caveat emptor) a hidden secret hard-coded expiry date.

Nonetheless, an updated WhoCrashed eventually worked without failure:
o Taskbar > menu > hardware > bsod > WhoCrashed
o <https://i.postimg.cc/fLFHgx4D/bsod221.jpg>
"On Sun 11/1/2020 6:46:29 PM

crash dump file: C:\Windows\MEMORY.DMP
This was probably caused by the following module:

ntkrnlmp.exe (nt!HvlPerformEndOfInterrupt+0x4DEE)
Bugcheck code: 0x1E (0xFFFFFFFFC0000005, 0xFFFFF80325325B70, 0x0, 0xFFFFFFFFFFFFFFFF)
Error: KMODE_EXCEPTION_NOT_HANDLED

On Sun 11/1/2020 6:46:29 PM
crash dump file: C:\Windows\Minidump\110120-31890-01.dmp

This was probably caused by the following module:

ntoskrnl.exe (nt+0x3F45A0)
Bugcheck code: 0x1E (0xFFFFFFFFC0000005, 0xFFFFF80325325B70, 0x0, 0xFFFFFFFFFFFFFFFF)
Error: KMODE_EXCEPTION_NOT_HANDLED

file path: C:\Windows\system32\ntoskrnl.exe

o Taskbar > menu > hardware > bsod > BlueScreenView
BlueScreenView:
Dump File: 110120-31890-01.dmp
Crash Time: 11/1/2020 7:46:29 PM
Bug Check String: KMODE_EXCEPTION_NOT_HANDLED
Bug Check Code: 0x0000001e
Parameter 1: ffffffff'c0000005
Parameter 2: fffff803'25325b70
Parameter 3: 00000000'00000000
Parameter 4: ffffffff'ffffffff
Caused By Driver: ntoskrnl.exe
Caused By Address: ntoskrnl.exe+3f45a0
Processor: x64
Crash Adddress: ntoskrnl.exe+3f45a0
Full Path: C:\Windows\Minidump\110120-31890-01.dmp

Processors Count: 4
Major Version: 15
Minor Version: 19041

Dump File Size: 470,276
Dump File Date: 11/1/2020 7:56:11 PM

Interestingly, AppCrashView perhaps implicated MS Edge updates!
o Taskbar > menu > hardware > bsod > AppCrashView
o <https://i.postimg.cc/C5Jrw9XH/bsod223.jpg> App Crash View
TargetAppId=W:<long set of numbers>!setup.exe
TargetAppVer=2020//07//01:03:12:51!3f34d!MicrosoftEdgeUpdate.exe

The Event Viewer didn't tell me all that much that was useful:
o Taskbar > menu > hardware > bsod > Eventvwr Filter 41, 1074, 6006, 6008
o <https://i.postimg.cc/d1mbYx62/bsod225.jpg>

I ran the obligatory post-BSOD cleanup tasks:
o Win+R > cmd {control+shift+enter}
o stordiag.exe -collectEtw -checkfsconsistency -out %userprofile%\desktop
"Checking for corruption on drive: C
Running chkdsk on drive: C
o sfc /scannow

"Windows Resource Protection did not find any integrity violations."

o findstr /c:"[SR]" %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcdetails.txt"
o sfc /scannow
o sfc /scannow
o Dism /Online /Cleanup-Image /CheckHealth

"No component store corruption detected."

o Dism /Online /Cleanup-Image /ScanHealth

"No component store corruption detected."

o Dism /Online /Cleanup-Image /RestoreHealth
"The restore operation completed successfully."
o sfc /scannow

"Windows Resource Protection did not find any integrity violations."

o chkdsk /f /r C: (or CHKDSK C: /F /R /X)

"This volume will be checked the next time the system restarts."

o shutdown.exe /r /f /t 5 /c "Reboot in 5 seconds"

o After logging back in, view the checkdisk logs:
Win+R > eventvwr

Event Viewer (Local) > Windows Logs > Application

Select "Filter Current Log"
In the Event sources dropdown, check
[x]Chkdsk
[x]Winit
[OK]

"Windows has scanned the file system and found no problems."

--
If we keep at it, we'll just get better & better at BSOD disgnostics.

[alina hansen]

Choose a driver updater tool, keep all drivers up to date and make your pc performance fast anytime.
Get a driver updater from this list - https://wethegeek.com/best-driver-update-software/

[fazi jani]

<a href="https://desktopprintersetup.com/what-is-brother-printer-default-password/">Finding printer ip address mac</a>Brother Printers play an important role in our professional as well as personal lives by providing fast, secure, and high-quality printing solutions with minimum errors. However, a few small problems such as the inability to find or reset its password can bring your productivity down. This is why we bring to you this guide that discusses steps to find, change, and reset the Brother printer’s default password.Once you have reset the printer with the help of the aforementioned steps, connect your printer back to your network and access your printer with the Brother printer default password. Make sure you reconnect all the cables that you disconnected at the time of starting this process.