locked
ERROR: Module load completed but symbols could not be loaded for Sftplaylh.sys RRS feed

  • Question

  • Below is .dmp file. Does anyone have a clue as to what is causing BSOD?

    ************************************************************************************
    Loading Dump File [E:\121817-36426-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available

    Symbol search path is: srv*
    Executable search path is:
    Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x86 compatible
    Product: WinNt, suite: TerminalServer SingleUserTS
    Built by: 7601.23915.x86fre.win7sp1_ldr.170913-0600
    Machine Name:
    Kernel base = 0x83448000 PsLoadedModuleList = 0x83594e30
    Debug session time: Mon Dec 18 18:42:14.643 2017 (UTC - 5:00)
    System Uptime: 0 days 3:56:34.533
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    ................................................................
    .....
    Loading User Symbols
    Loading unloaded module list
    ........
    Unable to load image \SystemRoot\system32\DRIVERS\Sftplaylh.sys, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for Sftplaylh.sys
    *** ERROR: Module load completed but symbols could not be loaded for Sftplaylh.sys
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck 19, {20, c6c34980, c6c34990, a020404}

    Probably caused by : Sftplaylh.sys ( Sftplaylh+13408 )

    Followup:     MachineOwner
    ---------

    0: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    BAD_POOL_HEADER (19)
    The pool is already corrupt at the time of the current request.
    This may or may not be due to the caller.
    The internal pool links must be walked to figure out a possible cause of
    the problem, and then special pool applied to the suspect tags or the driver
    verifier to a suspect driver.
    Arguments:
    Arg1: 00000020, a pool block header size is corrupt.
    Arg2: c6c34980, The pool entry we were looking for within the page.
    Arg3: c6c34990, The next pool entry.
    Arg4: 0a020404, (reserved)

    Debugging Details:
    ------------------


    DUMP_CLASS: 1

    DUMP_QUALIFIER: 400

    BUILD_VERSION_STRING:  7601.23915.x86fre.win7sp1_ldr.170913-0600

    DUMP_TYPE:  2

    BUGCHECK_P1: 20

    BUGCHECK_P2: ffffffffc6c34980

    BUGCHECK_P3: ffffffffc6c34990

    BUGCHECK_P4: a020404

    BUGCHECK_STR:  0x19_20

    POOL_ADDRESS: GetPointerFromAddress: unable to read from 835b5850
    Unable to get MmSystemRangeStart
    GetUlongPtrFromAddress: unable to read from 835b5208
    GetUlongPtrFromAddress: unable to read from 835b56ec
    Unable to get NonPagedPoolStart
    Unable to get PagedPoolStart
     c6c34980

    CPU_COUNT: 4

    CPU_MHZ: 9be

    CPU_VENDOR:  GenuineIntel

    CPU_FAMILY: 6

    CPU_MODEL: 2a

    CPU_STEPPING: 7

    CPU_MICROCODE: 6,2a,7,0 (F,M,S,R)  SIG: 1A'00000000 (cache) 0'00000000 (init)

    CUSTOMER_CRASH_COUNT:  1

    DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT

    PROCESS_NAME:  chrome.exe

    CURRENT_IRQL:  0

    ANALYSIS_SESSION_HOST:  DESKTOP-EFNR4US

    ANALYSIS_SESSION_TIME:  12-28-2017 11:26:31.0703

    ANALYSIS_VERSION: 10.0.15063.468 amd64fre

    LAST_CONTROL_TRANSFER:  from b5352408 to 8356bc6b

    STACK_TEXT:  
    b6167a10 b5352408 c6c34988 00000000 b6167a60 nt!ExFreePoolWithTag+0x1b1
    WARNING: Stack unwind information not available. Following frames may be wrong.
    b6167a20 b534e74b c6c34988 8b75a140 b40b5770 Sftplaylh+0x13408
    b6167a60 b5352c68 00000000 0030f1c8 00000001 Sftplaylh+0xf74b
    b6167a84 b53530c8 8b75a140 0000001c 0000001c Sftplaylh+0x13c68
    b6167aa0 b5340d8d 56658220 8b75a140 0000001c Sftplaylh+0x140c8
    b6167adc 8347f169 b46bd988 b6b91290 b6b91290 Sftplaylh+0x1d8d
    b6167af4 83677908 0000001c b6b91290 b6b91300 nt!IofCallDriver+0x63
    b6167b14 8367ac77 b46bd988 b40b5770 00000000 nt!IopSynchronousServiceTail+0x1f8
    b6167bd0 836c1cf2 000000b4 b6b91290 00000000 nt!IopXxxControlFile+0x830
    b6167c04 83485e06 000000b4 00000000 00000000 nt!NtDeviceIoControlFile+0x2a
    b6167c04 77746c74 000000b4 00000000 00000000 nt!KiSystemServicePostCall
    0030f0c8 00000000 00000000 00000000 00000000 0x77746c74


    STACK_COMMAND:  kb

    THREAD_SHA1_HASH_MOD_FUNC:  affad794eb2f592d6aa7ab6c4d46b93fa88c01ff

    THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  246224dd4f8be3bfb54f84c116f91d3739b2ee40

    THREAD_SHA1_HASH_MOD:  688bf98e27f49d1b6d248e6e8ccdb738c815f155

    FOLLOWUP_IP:
    Sftplaylh+13408
    b5352408 ??              ???

    SYMBOL_STACK_INDEX:  1

    SYMBOL_NAME:  Sftplaylh+13408

    FOLLOWUP_NAME:  MachineOwner

    MODULE_NAME: Sftplaylh

    IMAGE_NAME:  Sftplaylh.sys

    DEBUG_FLR_IMAGE_TIMESTAMP:  51c9e946

    FAILURE_BUCKET_ID:  0x19_20_Sftplaylh+13408

    BUCKET_ID:  0x19_20_Sftplaylh+13408

    PRIMARY_PROBLEM_CLASS:  0x19_20_Sftplaylh+13408

    TARGET_TIME:  2017-12-18T23:42:14.000Z

    OSBUILD:  7601

    OSSERVICEPACK:  1000

    SERVICEPACK_NUMBER: 0

    OS_REVISION: 0

    SUITE_MASK:  272

    PRODUCT_TYPE:  1

    OSPLATFORM_TYPE:  x86

    OSNAME:  Windows 7

    OSEDITION:  Windows 7 WinNt (Service Pack 1) TerminalServer SingleUserTS

    OS_LOCALE:  

    USER_LCID:  0

    OSBUILD_TIMESTAMP:  2017-09-13 10:47:57

    BUILDDATESTAMP_STR:  170913-0600

    BUILDLAB_STR:  win7sp1_ldr

    BUILDOSVER_STR:  6.1.7601.23915.x86fre.win7sp1_ldr.170913-0600

    ANALYSIS_SESSION_ELAPSED_TIME:  4be

    ANALYSIS_SOURCE:  KM

    FAILURE_ID_HASH_STRING:  km:0x19_20_sftplaylh+13408

    FAILURE_ID_HASH:  {11b3c1b9-c8a9-707e-bfc8-8445f37db0a7}

    Followup:     MachineOwner
    ---------

    0: kd> lmvm Sftplaylh
    Browse full module list
    start    end        module name
    b533f000 b5375000   Sftplaylh T (no symbols)           
        Loaded symbol image file: Sftplaylh.sys
        Image path: \SystemRoot\system32\DRIVERS\Sftplaylh.sys
        Image name: Sftplaylh.sys
        Browse all global symbols  functions  data
        Timestamp:        Tue Jun 25 15:02:30 2013 (51C9E946)
        CheckSum:         00035B8F
        ImageSize:        00036000
        Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4


    Pat Corrigan

    Thursday, December 28, 2017 5:30 PM

Answers

  • TO All,

    THANK YOU for all your responses. I followed all advice, but it is time to re-image PC - no way around it. Still having problems and Windows is corrupted!

    Pat Corrigan


    Pat Corrigan

    • Marked as answer by PM1888 Saturday, January 13, 2018 8:33 PM
    Saturday, January 13, 2018 8:33 PM

All replies

  • Hi,

    Sftplaylh.sys is a third-party driver, so WinDBG does not contain the symbol for Sftplaylh.sys and we got “ERROR: Module load completed but symbols could not be loaded for Sftplaylh.sys”.

    From the stack, we can see nt calls Sftplaylh.sys and then triggered the bug check.

    b6167a10 b5352408 c6c34988 00000000 b6167a60 nt!ExFreePoolWithTag+0x1b1 WARNING: Stack unwind information not available. Following frames may be wrong. b6167a20 b534e74b c6c34988 8b75a140 b40b5770 Sftplaylh+0x13408 b6167a60 b5352c68 00000000 0030f1c8 00000001 Sftplaylh+0xf74b b6167a84 b53530c8 8b75a140 0000001c 0000001c Sftplaylh+0x13c68 b6167aa0 b5340d8d 56658220 8b75a140 0000001c Sftplaylh+0x140c8 b6167adc 8347f169 b46bd988 b6b91290 b6b91290 Sftplaylh+0x1d8d b6167af4 83677908 0000001c b6b91290 b6b91300 nt!IofCallDriver+0x63 b6167b14 8367ac77 b46bd988 b40b5770 00000000 nt!IopSynchronousServiceTail+0x1f8 b6167bd0 836c1cf2 000000b4 b6b91290 00000000 nt!IopXxxControlFile+0x830 b6167c04 83485e06 000000b4 00000000 00000000 nt!NtDeviceIoControlFile+0x2a b6167c04 77746c74 000000b4 00000000 00000000 nt!KiSystemServicePostCall 0030f0c8 00000000 00000000 00000000 00000000 0x77746c74

    It is recommended to contact the vendor of this driver to upgrade it, or delete it if possible.


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, December 29, 2017 6:37 AM
  • To evaluate the BSOD please post logs for troubleshooting.

    Using administrative command prompt copy and paste this whole command:

    Make sure the default language is English so that the logs can be scanned and read.

    https://www.tenforums.com/tutorials/3813-language-add-remove-change-windows-10-a.html

    The command will automatically collect the computer files and place them on the desktop.

    Then use one drive or drop box to place share links into the the thread for troubleshooting.

    https://support.office.com/en-us/article/Share-OneDrive-files-and-folders-9fcc2f7d-de0c-4cec-93b0-a82024800c07

    It will automatically collect these files:  msinfo32, dxdiag, mini dumps, drivers hosts, install, uninstall, services, startup, event viewer files, etc.

    Open administrative command prompt and copy and paste the whole command:

    copy %SystemRoot%\minidump\*.dmp "%USERPROFILE%\Desktop\"&dxdiag /t %Temp%\dxdiag.txt&copy %Temp%\dxdiag.txt "%USERPROFILE%\Desktop\SFdebugFiles\"&type %SystemRoot%\System32\drivers\etc\hosts >> "%USERPROFILE%\Desktop\hosts.txt"&systeminfo > "%USERPROFILE%\Desktop\systeminfo.txt"&driverquery /v > "%USERPROFILE%\Desktop\drivers.txt" &msinfo32 /nfo "%USERPROFILE%\Desktop\msinfo32.nfo"&wevtutil qe System /f:text > "%USERPROFILE%\Desktop\eventlog.txt"&reg export HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall "%USERPROFILE%\Desktop\uninstall.txt"&reg export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components" "%USERPROFILE%\Desktop\installed.txt"&net start > "%USERPROFILE%\Desktop\services.txt"&REM wmic startup list full /format:htable >"%USERPROFILE%\Desktop\startup.html"&wmic STARTUP GET Caption, Command, User >"%USERPROFILE%\Desktop\startup.txt"

    There is 1 file for you to find manually:  memory dump file:

    C:\Windows\MEMORY.DMP

    Use file explorer > this PC > local C: drive > right upper corner search enter each of the above to find results.

    If dxdiag was not on the desktop please type dxdiag in the left lower corner search > advance each page > save all information > post into the thread as a one drive or drop box share link

    Friday, December 29, 2017 7:50 AM
  • icrosoft (R) Windows Debugger Version 10.0.15063.468 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.


    Loading Dump File [I:\Village of Navarre\MDT 5 Toshiba\MEMORY.DMP]
    Kernel Summary Dump File: Kernel address space is available, User address space may not be available.

    Symbol search path is: srv*
    Executable search path is:
    Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x86 compatible
    Product: WinNt, suite: TerminalServer SingleUserTS
    Built by: 7601.23915.x86fre.win7sp1_ldr.170913-0600
    Machine Name:
    Kernel base = 0x83448000 PsLoadedModuleList = 0x83594e30
    Debug session time: Mon Dec 18 18:42:14.643 2017 (UTC - 5:00)
    System Uptime: 0 days 3:56:34.533
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    .........................................Page 5a6b9 not present in the dump file. Type ".hh dbgerr004" for details
    .......................
    .....
    Loading User Symbols
    PEB is paged out (Peb.Ldr = 7ffd400c).  Type ".hh dbgerr001" for details
    Loading unloaded module list
    ........
    *** ERROR: Module load completed but symbols could not be loaded for Sftplaylh.sys
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck 19, {20, c6c34980, c6c34990, a020404}

    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Page 3feba not present in the dump file. Type ".hh dbgerr004" for details
    Probably caused by : Sftplaylh.sys ( Sftplaylh+13408 )

    Followup:     MachineOwner
    ---------


    Pat Corrigan

    Friday, December 29, 2017 1:48 PM
  • https://1drv.ms/f/s!AiVmc2haLvdwkhUEIl52pHR6Ox35

    Requested file drop box location is above.


    Pat Corrigan

    Friday, December 29, 2017 2:19 PM
  • There was 1 BSOD mini dump file.

    The memory dump was not available

    The dxdiag was not available

    Sftplaylh.sys is a Microsoft driver and is ordinarily fixed by windows updates.

    It is part of Office.

    These were some of the problems noted:

    bugcheck 19 

    This indicates that a pool header is corrupt.

    There is corruption of the drive file system

    AVG AV boot problems

    There are a lot of applications on boot:  > 30

    a) Which antivirus products are always on?

    b) which antivirus products are run manually?

    Perform the following steps:

    1) Open administrative command prompt and type or copy and paste:

    2) sfc /scannow

    3) When this has completed > right click on the top bar or title bar of the administrative command prompt box > left click on edit then select all > right click on the top bar again > left click on edit then copy > paste into the thread

    4) chkdsk /x /f /r

    This may take many hours so plan to run overnight

    5) Find the chkdsk report in the event viewer and post the results into the thread using a one drive or drop box share link using the information in this thread:

    https://www.tenforums.com/tutorials/40822-read-chkdsk-log-event-viewer-windows-10-a.html

    6) Uninstall AVG

    https://support.avg.com/SupportArticleView?l=en&urlName=How-to-uninstall-AVG&supportType=home

    7) Turn on Windows defender/security essentials

    8) Run each of these AV products and post the reports into the thread:

    ESET:  https://www.eset.com/us/home/online-scanner/
    MALWAREBYTES:  https://www.malwarebytes.com/

    When these scans have completed uninstall the software.

    Only use one AV software product during the troubleshooting.

    AVG can be reinstalled 2 weeks after the last BSOD.  If there are new BSOD uninstall the AV and find another product.  If there are no BSOD you can continue using the AV product.

    Only one AV always on product should be used at a time.  So if you use AVG turn off Windows defender/security essentials.

    9) Run HD Tune:  http://www.hdtune.com/ (free edition)

    Health

    Benchmark

    Full error scan

    Post the results of these three tests in the thread using one drive or drop box share links.

    10) Backup all of the files on the drive to another drive or to the cloud

    11) Make a backup image of the drive using Macrium:

    https://www.macrium.com/reflectfree

    12) Place the backup image onto another drive or into the cloud

    13) Make a brand new restore point

    14) Download and install Whocrashed:

    http://www.resplendence.com/whocrashed


    15) Windows driver verifier is a tool that is used to find misbehaving drivers.  It will repetitively produce BSOD until all misbehaving drivers are fixed or until the tool is turned off.

    Learn the 3 methods to turn off the tool.  All of the methods are done using the Windows advanced troubleshooting menu:

    1) startup options (not startup repair) > click restart > select #6 safe mode with command prompt > type:

    verifier /reset

    2) command prompt > Administratofr X:\windows\system32\cmd.exe > type:

    verifier /bootmode resetonbootfail

    3) system restore

    The methods used to turn off windows driver verifier should be done in the order above and only if the prior method fails.  System restore often leads to a loss of the BSOD mini dump file and little progress is made in the troubleshooting.

    While using windows driver verifier the computer may become sluggish.  This is related to the number of drivers being stressed and the number of active windows driver verifier active tests.

    The tool will be run for 48 hours.  After the last BSOD it will be run for an additional 36 hours of typical computer use.

    Do not turn on the tool until all files are backed up,you have made a brand new restore point, and are comfortable using the windows advanced troubleshooting menu.

    To view the windows advanced troubleshooting menu open administrative command prompt and type shutdown /r /o /f /t /00

    Upon reboot the computer will boot to the windows advanced troubleshooting menu.

    After each BSOD you will turn off windows driver verifier, return to the desktop, and run whocrashed.  The misbehaving driver will be uninstalled and windows driver verifer started again to find the next misbehaving driver.  Replacement drivers can be installed once all misbehaving drivers have been uninstalled or immediately after they are uninstalled.  The end result should be the same.

    After each BSOD post a mini dump file into the thread for troubleshooting:  c:\windows\minidump

    16) find and post dxdiag:  

    In left lower corner search type dxdiag > wait several minutes for it to load > save to desktop > use share link to post into thread.


    Read these links on Windows driver verifier:

    https://answers.microsoft.com/en-us/windows/forum/windows_10-update/driver-verifier-tracking-down-a-mis-behaving/f5cb4faf-556b-4b6d-95b3-c48669e4c983

    https://www.tenforums.com/tutorials/5470-enable-disable-driver-verifier-windows-10-a.html

    AVG AVI Loader Driver ROOT\LEGACY_AVGLDX86\0000 This device is not present, is not working properly, or does not have all its drivers installed.

    Event[54263]:
      Log Name: System
      Source: Ntfs
      Date: 2017-12-29T08:55:13.746
      Event ID: 55
      Task: N/A
      Level: Error
      Opcode: N/A
      Keyword: Classic
      User: N/A
      User Name: N/A
      Computer: NavarrePD1
      Description: 
    The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume F:.

    The following boot-start or system-start driver(s) failed to load: 
    AVGIDSHX
    Avgldx86
    Avglogx

      

    Event[50339]:
      Log Name: System
      Source: Microsoft Antimalware
      Date: 2017-12-22T23:08:24.000
      Event ID: 3002
      Task: N/A
      Level: Error
      Opcode: Info
      Keyword: Classic
      User: N/A
      User Name: N/A
      Computer: NavarrePD1
      Description: 
    Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.
    Feature: Network Inspection System
    Error Code: 0x8007041d
    Error description: The service did not respond to the start or control request in a timely fashion. 
    Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and restart the computer.

    Event[40818]:
      Log Name: System
      Source: Microsoft-Windows-WindowsUpdateClient
      Date: 2017-12-02T16:07:32.730
      Event ID: 20
      Task: Windows Update Agent
      Level: Error
      Opcode: Installation
      Keyword: Installation,Failure
      User: S-1-5-18
      User Name: NT AUTHORITY\SYSTEM
      Computer: NavarrePD1
      Description: 
    Installation Failure: Windows failed to install the following update with error 0x80070643: Windows Malicious Software Removal Tool - November 2017 (KB890830).

    Event[54250]:
      Log Name: System
      Source: Disk
      Date: 2017-12-29T08:53:43.553
      Event ID: 51
      Task: N/A
      Level: Warning
      Opcode: N/A
      Keyword: Classic
      User: N/A
      User Name: N/A
      Computer: NavarrePD1
      Description: 
    An error was detected on device \Device\Harddisk1\DR4 during a paging operation.

    Event[52805]:
      Log Name: System
      Source: Microsoft-Windows-DriverFrameworks-UserMode
      Date: 2017-12-28T13:16:18.148
      Event ID: 10110
      Task: User-mode Driver problems.
      Level: Critical
      Opcode: Info
      Keyword: N/A
      User: S-1-5-18
      User Name: NT AUTHORITY\SYSTEM
      Computer: NavarrePD1
      Description: 
    A problem has occurred with one or more user-mode drivers and the hosting process has been terminated.  This may temporarily interrupt your ability to access the devices.

    Event[52806]:
      Log Name: System
      Source: Microsoft-Windows-DriverFrameworks-UserMode
      Date: 2017-12-28T13:16:18.148
      Event ID: 10111
      Task: User-mode Driver problems.
      Level: Critical
      Opcode: Info
      Keyword: N/A
      User: S-1-5-18
      User Name: NT AUTHORITY\SYSTEM
      Computer: NavarrePD1
      Description: 
    The device WPD FileSystem Volume Driver (location (unknown)) is offline due to a user-mode driver crash.  Windows will attempt to restart the device 5 more times.  Please contact the device manufacturer for more information about this problem.

    Event[52801]:
      Log Name: System
      Source: Microsoft-Windows-DriverFrameworks-UserMode
      Date: 2017-12-28T13:16:16.728
      Event ID: 10110
      Task: User-mode Driver problems.
      Level: Critical
      Opcode: Info
      Keyword: N/A
      User: S-1-5-18
      User Name: NT AUTHORITY\SYSTEM
      Computer: NavarrePD1
      Description: 
    A problem has occurred with one or more user-mode drivers and the hosting process has been terminated.  This may temporarily interrupt your ability to access the devices.

    Event[52802]:
      Log Name: System
      Source: Microsoft-Windows-DriverFrameworks-UserMode
      Date: 2017-12-28T13:16:16.728
      Event ID: 10111
      Task: User-mode Driver problems.
      Level: Critical
      Opcode: Info
      Keyword: N/A
      User: S-1-5-18
      User Name: NT AUTHORITY\SYSTEM
      Computer: NavarrePD1
      Description: 
    The device Light Sensor (location (unknown)) is offline due to a user-mode driver crash.  Windows will attempt to restart the device 5 more times.  Please contact the device manufacturer for more information about this problem.
    Event[51837]:
      Log Name: System
      Source: Microsoft-Windows-Kernel-Power
      Date: 2017-12-26T10:59:44.350
      Event ID: 41
      Task: N/A
      Level: Critical
      Opcode: Info
      Keyword: N/A
      User: S-1-5-18
      User Name: NT AUTHORITY\SYSTEM
      Computer: NavarrePD1
      Description: 
    The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.


    Click Start, and then click
    Computer.
    In the Search Computer box, typeCvh.dll, and then press ENTER.
    Right-click Cvh.dll, and then click
    Properties.
    On the General tab, note the properties of the Cvh.dll file that is installed on the computer.

    Post an image of this information into the thread.

    Friday, December 29, 2017 4:00 PM
  • Items 1-13 completed before posting dump files.  

    1. SFC - no errors
    2. CHKDSK /f = MFT errors - resolved - no free space and bad sectors
    3. Malware Bytes - a few minor but nothing really notable
    4. Ran full AV scan - clear
    5. AVG removed prior to Step 1
    6. 6-9 completed and clean

    I will work on Item 10-16


    Pat Corrigan

    Friday, December 29, 2017 5:36 PM
  • AVG has not been properly uninstalled.

    The event logs displayed boot problems related to the AVG drivers.

    Please run the AVG unistall tool.

    What were the minor findings with Malwarebytes?

    For all tests please post images into the thread.

    avgidshx.sys
    AVG IDS Application Activity Monitor Helper Driver
    Support: http://www.avg.com/us-en/support 
    Downloads: http://www.avg.com/us-en/download

    avgldx86.sys
    AVG AVI Loader Driver
    Support: http://www.avg.com/us-en/support 
    Downloads: http://www.avg.com/us-en/download

    avglogx.sys
    AVG Logging Driver
    Support: http://www.avg.com/us-en/support 
    Downloads: http://www.avg.com/us-en/download



    Friday, December 29, 2017 5:45 PM
  • Will do and thank you!

    Pat Corrigan

    Friday, December 29, 2017 6:10 PM
  • Hi,

    From the dump we can see the process chrome.exe called the driver Sftplaylh.

     

    Process               Thread           CID       TEB      UserTime KernelTime ContextSwitches Wait Reason Time State

    chrome.exe (86134960) 8693d6f0 (E/K/V) 768.c04   7ffdf000        0          0              30 Executive      0  on processor 0

     

    Irp List:

        IRP      File

        b6b91290

     

    # Child-SP Return   Call Site                          Source

    0 b61679a0 b5352408 nt!ExFreePoolWithTag+0x1b1         open start of function

    1 b6167a18 b534e74b Sftplaylh+0x13408                 

    2 b6167a28 b5352c68 Sftplaylh+0xf74b                  

    3 b6167a68 b53530c8 Sftplaylh+0x13c68                 

    4 b6167a8c b5340d8d Sftplaylh+0x140c8                 

    5 b6167aa8 8347f169 Sftplaylh+0x1d8d                   

    6 b6167ae4 83677908 nt!IofCallDriver+0x63              open start of function

    7 b6167afc 8367ac77 nt!IopSynchronousServiceTail+0x1f8 open start of function

    8 b6167b1c 836c1cf2 nt!IopXxxControlFile+0x830         open start of function

    9 b6167bd8 83485e06 nt!NtDeviceIoControlFile+0x2a      open start of function

    a b6167c0c 77746c74 nt!KiSystemServicePostCall         open start of function

    b 0030f068 00000000 0x77746c74

     

    start    end        module name

    b533f000 b5375000   Sftplaylh T (no symbols)          

        Loaded symbol image file: Sftplaylh.sys

        Image path: \SystemRoot\system32\DRIVERS\Sftplaylh.sys

        Image name: Sftplaylh.sys

        Timestamp:        Wed Jun 26 03:02:30 2013 (51C9E946)

        CheckSum:         00035B8F

        ImageSize:        00036000

        Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4

     

    The version of this driver is an old version updated by KB2837578 of Microsoft Office 2010.

     

    We can install the following KB2986257 to upgrade this driver.

    https://support.microsoft.com/en-us/help/2986257/may-12--2015--update-for-office-2010-kb2986257


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, January 3, 2018 9:27 AM
  • Hi,

    If you have any updates,please feel free to let me know.


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, January 4, 2018 1:52 AM
  • Thank you for your input, but this Office patch has already been installed quite some time ago.

    Thank You!


    Pat Corrigan

    Thursday, January 4, 2018 3:51 PM
  • Were the BSOD reduced or fixed by fixing the misbehaving AVG drivers?

    If you need additional help please post a memory dump with computer files for troubleshooting.

    To evaluate the BSOD please post logs for troubleshooting.

    Using administrative command prompt copy and paste this whole command:

    Make sure the default language is English so that the logs can be scanned and read.

    https://www.tenforums.com/tutorials/3813-language-add-remove-change-windows-10-a.html

    The command will automatically collect the computer files and place them on the desktop.

    Then use one drive or drop box to place share links into the the thread for troubleshooting.

    https://support.office.com/en-us/article/Share-OneDrive-files-and-folders-9fcc2f7d-de0c-4cec-93b0-a82024800c07

    It will automatically collect these files:  msinfo32, dxdiag, mini dumps, drivers hosts, install, uninstall, services, startup, event viewer files, etc.

    Open administrative command prompt and copy and paste the whole command:

    copy %SystemRoot%\minidump\*.dmp "%USERPROFILE%\Desktop\"&dxdiag /t %Temp%\dxdiag.txt&copy %Temp%\dxdiag.txt "%USERPROFILE%\Desktop\SFdebugFiles\"&type %SystemRoot%\System32\drivers\etc\hosts >> "%USERPROFILE%\Desktop\hosts.txt"&systeminfo > "%USERPROFILE%\Desktop\systeminfo.txt"&driverquery /v > "%USERPROFILE%\Desktop\drivers.txt" &msinfo32 /nfo "%USERPROFILE%\Desktop\msinfo32.nfo"&wevtutil qe System /f:text > "%USERPROFILE%\Desktop\eventlog.txt"&reg export HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall "%USERPROFILE%\Desktop\uninstall.txt"&reg export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components" "%USERPROFILE%\Desktop\installed.txt"&net start > "%USERPROFILE%\Desktop\services.txt"&REM wmic startup list full /format:htable >"%USERPROFILE%\Desktop\startup.html"&wmic STARTUP GET Caption, Command, User >"%USERPROFILE%\Desktop\startup.txt"

    There is 1 file for you to find manually:  memory dump file:

    C:\Windows\MEMORY.DMP

    Use file explorer > this PC > local C: drive > right upper corner search enter each of the above to find results.

    Sometimes dxdiag needs to be saved manually:  In the left lower corner type:  dxdiag > advance each page > allow several minutes for it to fully load > save to desktop > post a one drive or drop box share link into the thread.

    Thursday, January 4, 2018 4:19 PM
    1. Removing AVG had no impact. I ran full ESET scan an all is clean.
    2. After Running WhoCrashed, it uncovered the Error - ntkrpamp.exe BAD_POOL_HEADER

    How do i resolve this error?

    Thank You!


    Pat Corrigan

    Thursday, January 4, 2018 4:25 PM
  • In the prior post run the administrative command prompt command and post share links with these files:

    Please generate new files:

    *.dmp,
    dxdiag.txt,
    hosts.txt,
    systeminfo.txt,
    drivers.txt,
    msinfo32.nfo,
    eventlog.txt,
    uninstall.txt,
    installed.txt,
    services.txt,
    startup.txt

    The files that you may need to find manually are:

    1) C:\windows\memory.dmp

    Use file explorer > this PC > local C: drive > right upper corner search enter each of the above to find results.

    2) dxdiag

    In left lower corner search type dxdiag > advance each page > wait several minutes for it to load > save to desktop > use share link to post into thread.



    Thursday, January 4, 2018 5:01 PM
  • Will do.

    Currently, I am cloning new ssd to replace 6-year old Hitachi 2.5 SATA 3.0 disk.


    Pat Corrigan

    Thursday, January 4, 2018 5:25 PM
  • https://onedrive.live.com/?id=70F72E5A68736625%212325&cid=70F72E5A68736625

    Pat Corrigan

    Thursday, January 4, 2018 6:58 PM
  • The last BSOD mini dump submitted was from 12/18 and that was bugcheck 19.

    The logs displayed a bugcheck today of C4 indicating probable windows driver verifier use.  There was no dump submitted.  Had you been using Windows driver verifier?

    On  12/29/2017 you posted:  CHKDSK /f = MFT errors - resolved - no free space and bad sectors

    The logs have displayed recurrent corruption:


    Event[53015]:
      Log Name: System
      Source: Ntfs
      Date: 2018-01-04T10:54:55.267
      Event ID: 55
      Task: N/A
      Level: Error
      Opcode: N/A
      Keyword: Classic
      User: N/A
      User Name: N/A
      Computer: NavarrePD1
      Description: 
    The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume F:.

    Event[53016]:
      Log Name: System
      Source: Ntfs
      Date: 2018-01-04T10:54:55.322
      Event ID: 55
      Task: N/A
      Level: Error
      Opcode: N/A
      Keyword: Classic
      User: N/A
      User Name: N/A
      Computer: NavarrePD1
      Description: 
    The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume F:.



    The logs displayed that the problems with the AVG drivers were not fixed:

    Event[54043]:
      Log Name: System
      Source: Service Control Manager
      Date: 2018-01-04T13:03:31.326
      Event ID: 7026
      Task: N/A
      Level: Error
      Opcode: N/A
      Keyword: Classic
      User: N/A
      User Name: N/A
      Computer: NavarrePD1
      Description: 
    The following boot-start or system-start driver(s) failed to load: 
    AVGIDSHX
    Avgldx86
    Avglogx








    Please post images or one drive/drop box share links into the thread for all tests:

    1) open administrative command prompt and type or copy and paste:

    2) sfc /scannow

    3) dism /online /cleanup-image /restorehealth


    4) When these have completed > right click on the top bar or title bar of the administrative command prompt box > left click on edit then select all > right click on the top bar again > left click on edit then copy > paste into the thread

    5) chkdsk /x /f /r

    This may take many hours so plan to run overnight.

    Use the information in this link to find the chkdsk report in the event viewer and post the report into the thread using a one drive or drop box share link:

    https://www.tenforums.com/tutorials/40822-read-chkdsk-log-event-viewer-windows-10-a.html

    6) Run HD Tune:  http://www.hdtune.com/

    Please post images of the results for each of these tabs:

    a) Health (SMART)

    b) Benchmark

    c) Full error scan

    7) In the left lower corner search type:  system > open system control panel > on the left pane click advanced system settings > under startup and recovery click settings > post an image into the thread

    8) For any new BSOD look for C:\windows\memory.dmp > post share link into the thread

    9) Uninstall AVG using the AVG remover:

    https://www.avg.com/en-ca/utilities

    10) Turn on Windows defender




    Thursday, January 4, 2018 8:30 PM
  • Drive F: is a 128 Gig thumbdrive.

    I may have found the problem. This unit has Office 2010 Starter. When I clicked on Word...it downloaded some files, Blue Screened with Bad_Pool_Error and rebooted. I was unable to uninstall and had to use the Office Removal Tool.

    Testing now...


    Pat Corrigan

    Thursday, January 4, 2018 8:38 PM
  • Please give me a few days to test.

    Thank You !


    Pat Corrigan

    Thursday, January 4, 2018 9:23 PM
  • Okay.  This is the syntax for testing different drives:

    chkdsk /x /f /r c:

    chkdsk /x /f /r d:

    chkdsk /x /f /r f:

    So change the drive letter so that all drives are evaluated and fixed using chkdsk.  Then post the report of each drive into the thread.

    For HD Tune check all drives and post images into the thread.

    Thursday, January 4, 2018 10:03 PM
    1. There is no D: drive anymore. I cloned old drive to new drive and deleted D:.
    2. F: was removed.

    **********************************************************************************

    1. Here are the results of the only drive.

    Checking file system on C:
    The type of the file system is NTFS.

    A disk check has been scheduled.
    Windows will now check the disk.                         

    CHKDSK is verifying files (stage 1 of 5)...
      212480 file records processed.                                          File verification completed.
      1209 large file records processed.                                      0 bad file records processed.                                        2 EA records processed.                                              60 reparse records processed.                                       CHKDSK is verifying indexes (stage 2 of 5)...
      266228 index entries processed.                                         Index verification completed.
      0 unindexed files scanned.                                           0 unindexed files recovered.                                       CHKDSK is verifying security descriptors (stage 3 of 5)...
      212480 file SDs/SIDs processed.                                         Cleaning up 43 unused index entries from index $SII of file 0x9.
    Cleaning up 43 unused index entries from index $SDH of file 0x9.
    Cleaning up 43 unused security descriptors.
    Security descriptor verification completed.
      26875 data files processed.                                            CHKDSK is verifying Usn Journal...
      34287872 USN bytes processed.                                             Usn Journal verification completed.
    CHKDSK is verifying file data (stage 4 of 5)...
      212464 files processed.                                                 File data verification completed.
    CHKDSK is verifying free space (stage 5 of 5)...
      39465604 free clusters processed.                                         Free space verification is complete.
    Windows has checked the file system and found no problems.

     227213311 KB total disk space.
      68914460 KB in 138446 files.
        112844 KB in 26876 indexes.
             0 KB in bad sectors.
        323591 KB in use by the system.
         65536 KB occupied by the log file.
     157862416 KB available on disk.

          4096 bytes in each allocation unit.
      56803327 total allocation units on disk.
      39465604 allocation units available on disk.

    Internal Info:
    00 3e 03 00 d4 85 02 00 ee a2 04 00 00 00 00 00  .>..............
    51 3f 00 00 3c 00 00 00 00 00 00 00 00 00 00 00  Q?..<...........
    20 64 1a 00 50 01 18 00 28 20 18 00 00 00 18 00   d..P...( ......

    Windows has finished checking your disk.
    Please wait while your computer restarts.


    Pat Corrigan

    Thursday, January 4, 2018 10:28 PM
  • Hi,

    To analyze further, we can configure kernel memory dump which contains more information. When this issue reoccur, please help upload the latest dump for analysis.


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, January 5, 2018 7:17 AM
  • Vivian,

    The OP is able to submit automatic memory dumps, mini dumps, and memory dumps.

    What is the purpose of a smaller kernal dump when the other dump are available?

    https://support.microsoft.com/en-in/help/254649/overview-of-memory-dump-file-options-for-windows

    https://www.howtogeek.com/196672/windows-memory-dumps-what-exactly-are-they-for/

    Automatic Memory Dump

    • <time datetime="2017-11-28T06:00:00.000Z">11/28/2017</time>
    • 2 minutes to read
    • Contributors
      • Don Marshall

    An Automatic Memory Dump contains the same information as a Kernel Memory Dump. The difference between the two is not in the dump file itself, but in the way that Windows sets the size of the system paging file.

    If the system paging file size is set to System managed size, and the kernel-mode crash dump is set to Automatic Memory Dump, then Windows can set the size of the paging file to less than the size of RAM. In this case, Windows sets the size of the paging file large enough to ensure that a kernel memory dump can be captured most of the time.

    If the computer crashes and the paging file is not large enough to capture a kernel memory dump, Windows increases the size of the paging file to at least the size of RAM. The time of this event is recorded here in the Registry:

    HKLM\SYSTEM\CurrentControlSet\Control\CrashControl\LastCrashTime

    The increased paging file size stays in place for 4 weeks and then returns to the smaller size. If you want to return to the smaller paging file before 4 weeks, you can delete the Registry entry.

    To see the paging file settings, go to Control Panel > System and Security > System > Advanced system settings. Under Performance, click Settings. On the Advanced tab, under Virtual memory, click Change. In the Virtual Memory dialog box, you can see the paging file settings.

    Friday, January 5, 2018 7:54 AM
  • Hi,

    If you have any updates, please let me know.


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by PM1888 Saturday, January 13, 2018 8:34 PM
    • Unmarked as answer by PM1888 Saturday, January 13, 2018 8:34 PM
    Monday, January 8, 2018 2:18 AM
  • TO All,

    THANK YOU for all your responses. I followed all advice, but it is time to re-image PC - no way around it. Still having problems and Windows is corrupted!

    Pat Corrigan


    Pat Corrigan

    • Marked as answer by PM1888 Saturday, January 13, 2018 8:33 PM
    Saturday, January 13, 2018 8:33 PM
  • Please display the problems that your are having by making a post into the thread for these administrative command prompt commands:

    1) sfc /scannow

    2) dism /online /cleanup-image /scanhealth

    3) dism /online /cleanup-image /restorehealth


    4) When these have completed > right click on the top bar or title bar of the administrative command prompt box > left click on edit then select all > right click on the top bar again > left click on edit then copy > paste into the thread


    Sunday, January 14, 2018 4:34 AM
  • These tests have been completed but still unable to install software successfully. Time to reimage.

    Pat Corrigan

    Sunday, January 14, 2018 3:12 PM
  • This is information on clean install if that is what you prefer to do:

    https://www.sevenforums.com/tutorials/1649-clean-install-windows-7-a.html

    https://www.tenforums.com/tutorials/1950-clean-install-windows-10-a.html

    Monday, January 15, 2018 2:07 AM