Couple of Problems (WTF Happened to All My CPU?, I'm the Admin and

[anathematized1]

I also still can't think for the life of me why the other problem, with the BSOD when trying to authorize this program, happens in normal mode but it works fine in safe mode.

Not entirely certain without seeing the actual crash dump. You'd need a complete system dump of this, as well, not just a small or kernel dump.

1. I am assuming that when Windows BSOD's when this happens, it only does a kernal memory dump? How can I go about getting a complete system dump of this crash?

[cluberti]

Visit the link here, scroll down to the section entitled "Memory dump of the entire system", and do steps 2, 3 (3a if necessary), and 4, and then reboot. Ignore steps 1 and 5, as they are not relevant.

[anathematized1]

Visit the link here, scroll down to the section entitled "Memory dump of the entire system", and do steps 2, 3 (3a if necessary), and 4, and then reboot. Ignore steps 1 and 5, as they are not relevant.

Does it have to be exactly equal to the system ram + 50 MB? I mean right now, mine is way above that (system ram is 8 GB, paging file is 11 gb)...

[cluberti]

No, that's just the minimum. If it's larger, that's perfectly fine, although from a performance perspective a larger paging file is usually detrimental to overall system performance. Other than the brief times you configure it this large for troubleshooting (when you do want a large paging file to handle the memory being dumped out in the crash dump file), with 8GB of RAM on an x64 Win7 box you probably want a paging file of 1GB or less (most kernel dumps are 400MB or smaller, so 512MB is my usual recommendation).

I personally run any machine with more than 4GB of RAM with no paging file at all, and only add one if it becomes an issue with specific software that require one. I've posted on that particular point before.

[anathematized1]

No, that's just the minimum. If it's larger, that's perfectly fine, although from a performance perspective a larger paging file is usually detrimental to overall system performance. Other than the brief times you configure it this large for troubleshooting (when you do want a large paging file to handle the memory being dumped out in the crash dump file), with 8GB of RAM on an x64 Win7 box you probably want a paging file of 1GB or less (most kernel dumps are 400MB or smaller, so 512MB is my usual recommendation). I personally run any machine with more than 4GB of RAM with no paging file at all, and only add one if it becomes an issue with specific software that require one.

One last question.

SO I'm about to restart my computer and have these changes take effect. When I start the faulty program/driver up, will it automatically make a complete dump? Because there is no time when it happens to hit rghtctrl + scrlck.

[cluberti]

Yes, if it crashes, it'll create a complete dump on it's own without your intervention.

[anathematized1]

Alright, I have to .rar it into a split archive because the dump file is 1.1 GB (and the max file size I can upload being a non-premium member is 200 MB). So, it's coming, soon.

However, while we are waiting, where did you learn so much about computers? I'm looking for a career change and I've always been interested in computers and scripting, CGI, all that kind of stuff.

Edited August 12, 2010 by anathematized1

[cluberti]

I learned most of it when I was younger in the school of hard knocks. The library, a spare PC or two, and lots of free time. I've been doing this for almost 20 years now, and I still feel like I've not really scratched the surface.

[anathematized1]

That's cool, I tried to learn that way, but I'm having a hard time finding things like the building blocks that lead up to bigger things. It seems all the information I want is never available, but if I wanted to know how to make a bomb out of duct tape, toothpaste, and a stale fart, or if I wanted to find a t****y donkey having s** with a man and a woman, I could find it easily all over the Internet. -__-

On a side note, these dump files compress really well apparently, 1.1 GB down to 103 MB. I was worried about that so I opened the .rar file and WinRAR says that it will be 1.1 GB extracted. So, if the dump file comes out... incomplete, let me know.

mediafire.com/file/hwwl1wf31d8m3j8/Memory%20Dump.rar

[cluberti]

Looks like a driver called Tpkd.sys is causing the crash by passing an invalid handle to a filter request:

2: kd> !thread fffffa800a53cb60
THREAD fffffa800a53cb60  Cid 1584.0efc  Teb: 000000007efdb000 Win32Thread: fffff900d0d08c30 RUNNING on processor 2
IRP List:
    fffff98063164ee0: (0006,0118) Flags: 40060070  Mdl: 00000000
Not impersonating
DeviceMap                 fffff8a0024bd210
Owning Process            fffffa8007cdd060       Image:         Authorization Wizard.exe
Attached Process          N/A            Image:         N/A
Wait Start TickCount      107196         Ticks: 0
Context Switch Count      26232                 LargeStack
UserTime                  00:00:00.093
KernelTime                00:00:02.839
Win32 Start Address 0x00000000007aed19
Stack Init fffff8800a3fcdb0 Current fffff8800a3fb830
Base fffff8800a3fd000 Limit fffff8800a3f4000 Call 0
Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
Child-SP          RetAddr           : Args to Child                                                           : Call Site
fffff880`0a3fbe98 fffff800`03d4b3dc : 00000000`000000c4 00000000`000000f6 00000000`00000208 fffffa80`07cdd060 : nt!KeBugCheckEx
fffff880`0a3fbea0 fffff800`03d60ae4 : 00000000`00000208 fffffa80`07cdd060 00000000`00000004 00000000`00000000 : nt!VerifierBugCheckIfAppropriate+0x3c
fffff880`0a3fbee0 fffff800`03b1d580 : fffff880`02f64180 fffff880`0a3fc0e8 fffff880`0a3fc300 fffff880`0a3fc518 : nt!VfCheckUserHandle+0x1b4
fffff880`0a3fbfc0 fffff800`03bdd22c : 00000000`00000000 00000000`00000000 fffffa80`0744b750 fffffa80`07cdd000 : nt!ObReferenceObjectByHandleWithTag+0xffffffff`fff66d40
fffff880`0a3fc090 fffff800`03bddf16 : fffff880`0a3fcc20 00000000`00000000 00000000`00000000 00000000`00000000 : nt!IopXxxControlFile+0x17c
fffff880`0a3fc1c0 fffff800`038c0853 : fffffa80`0a53cb60 fffff780`00001000 00000000`00000000 fffffa80`0a53cb60 : nt!NtDeviceIoControlFile+0x56
fffff880`0a3fc230 fffff800`038bcdf0 : fffff880`013e1072 fffffa80`034503f0 fffff781`c0000000 fffff800`03a4db40 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`0a3fc2a0)
fffff880`0a3fc438 fffff880`013e1072 : fffffa80`034503f0 fffff781`c0000000 fffff800`03a4db40 fffff800`038f9dd2 : nt!KiServiceLinkage
fffff880`0a3fc440 fffff880`013e46a5 : fffff880`013f3840 00000000`00000208 00000000`00000000 00000000`00000000 : Tpkd+0x6072
fffff880`0a3fc4a0 fffff880`013e7453 : fffff880`013f5d80 fffff980`63164e01 fffff980`6314ae20 00000000`00000004 : Tpkd+0x96a5
fffff880`0a3fc540 fffff880`013ef195 : fffffa80`0854bb60 fffff980`63164ee0 00000000`00000001 00000000`00000001 : Tpkd+0xc453
fffff880`0a3fc900 fffff880`013e90e6 : fffffa80`0854bb60 fffff980`63164ee0 fffff880`0a3fca28 fffff800`03d542a7 : Tpkd+0x14195
fffff880`0a3fc960 fffff800`03d67c16 : fffffa80`0854ba10 fffff980`63164ee0 fffffa80`0829f4a0 fffffa80`06ada898 : Tpkd+0xe0e6
fffff880`0a3fc9b0 fffff800`03bdd6b7 : fffffa80`0829f4a0 fffff880`0a3fcca0 fffffa80`0829f4a0 fffffa80`091ab750 : nt!IovCallDriver+0x566
fffff880`0a3fca10 fffff800`03bddf16 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!IopXxxControlFile+0x607
fffff880`0a3fcb40 fffff800`038c0853 : ffffffff`ffffffff 00000000`00000001 00000000`0018edc8 fffff800`00000004 : nt!NtDeviceIoControlFile+0x56
fffff880`0a3fcbb0 00000000`73ce2dd9 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`0a3fcc20)
00000000`0008e548 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x73ce2dd9

2: kd> !irp fffff98063164ee0
Irp is active with 1 stacks 1 is current (= 0xfffff98063164fb0)
 No Mdl: System buffer=fffff9806314ae20: Thread fffffa800a53cb60:  Irp stack trace.  
     cmd  flg cl Device   File     Completion-Context
>[  e, 0]   0  0 fffffa800854ba10 fffffa800829f4a0 00000000-00000000    
	       \Driver\Tpkd
			Args: 000001e0 00000004 00070660 00000000

2: kd> lmvm Tpkd
start             end                 module name
fffff880`013db000 fffff880`013fe000   Tpkd       (no symbols)           
    Loaded symbol image file: Tpkd.sys
    Image path: \SystemRoot\System32\Drivers\Tpkd.sys
    Image name: Tpkd.sys
    Timestamp:        Wed Dec 23 14:32:16 2009 (4B327040)
    CheckSum:         000287EA
    ImageSize:        00023000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4

It appears to be some sort of driver to handle whether or not a dongle is attached, and beyond that I'm not sure what it does. I believe that driver is from this company, so contacting them about this is probably best. This would explain why it works in safe mode though, as this driver doesn't appear to be boot-critical, so it wouldn't load with the kernel in safe-mode.

[anathematized1]

OH I know the driver comes from PACE, and I could have told you it had something to do with the dongle.

The thing though is, it DOES load that driver in Safe Mode (I mean I even watched the screen as it was loading the drivers and saw it on there).

But I get it now (since I now know what it does). You see, the driver, while loaded, doesn't do anything in safe mode because in safe mode, dongles are ignored. I get that, sweet.

Now, I'm on the Ilok website, and for me to support a help ticket, I have to log in with my Ilok name and password. Done. Next it tells me that the Ilok client program is not installed on my computer (apparently all anybody gave me were just the drivers). Maybe if I install this client, it could fix the problem?

[cluberti]

Hard to say, as I don't know how that app was written. I don't think it could hurt any worse, though .

[anathematized1]

Well, as I expected, having the client installed did not change a thing, I had a BSOD (same driver, same issue).

I really don't think it's the driver though because I went to that website and downloaded that Process Explorer and when I tried to run it, I got a BSOD citing some driver that goes with the program and again, it said that it was trying to corrupt system memory or what have you.

So I honestly don't think there is anything wrong with these drivers in question. However, if it isn't the drivers, what is causing these drivers to cause BSODs?

[anathematized1]

So I have an update.

I got my Windows 7 upgrade disk and they don't have a "repair installation" option like they used to (when the f*** did they stop doing that? I know they still had it with Windows 98...). My only recovery options are to use a restore point, as I already explained I cannot do because a boot-scan antivirus got rid of a file on my computer and it was there up until the last restore point before my computer went to garbage and it fails to restore to that point because it can't restore that file, which I think is really stupid, prevent a system restore all because ONE little file can't be found that isn't even essential to the system? SERIOUSLY!? You can't just, restore and say "oh, it's restored, all except this file, is this alright?" Apparently not. The only other option is with a system image, which I didn't know you could make, don't know what it is, don't know how to make one, and don't even have one anyway.

I noticed something else weird when I was running task manager. I noticed that the things that were running, were taking up twice the memory they should be. Hell, task manager itself was taking up 10-20% of my CPU while it was running. Does there happen to be a Windows 7 Home Premium installation repair? I mean, because I have no way of backing up 600 GB of data (hell, even half of that). I would also hate to have to reinstall a lot of this crap.

[anathematized1]

I have a very strange update to my computer troubles/woes.

I decided to start randomly uninstalling things that don't run when you're in Safe Mode and then reinstall them. The first thing I started with was my sound card. Oddly enough, after I uninstalled it and restarted the computer, then reinstalled it... my CPU hovers between 10 and 20% CPU - this is great great great.

However I still have the problem of both that process explorer you linked me to causing the computer to have a BSOD as well as that authorization program for my East/West Quantum Leap Symphonic Orchestra, both of which work in safe mode but not in normal mode.

I found this to be really odd because in all the Windows Performance Tools xperf trace analysis runs that I did - nothing ever came up involving the sound card driver. I just don't get it, really. There is still something wrong with the computer though, what with those two programs unable to run.