# Solved: BSOD 0x0~8e W8Pro



## simrick (Mar 12, 2014)

Hi. My computer has been upgraded from XP to W8 (NOT 8.1) and I'm having crashes. Luckily I've been able to recover from them, but not without some fiddling. I hate the fact that I can't get into safe mode unless I am already in the operating system - drives me nuts! Anyways, My latest crash is

0x0~8e (0xc0~5, 0xa7653e27, 0xd7c1314c, 0x0~0)

I had originally been dealing with crashes which MS had supposedly temporarily fixed - logging into my computer and trying all kinds of drivers for my nVidia GeForce 7300LE card. Seems nVidia had not yet made a W8 driver (although they are required to by contract), and so MS did something to tide me over until this new driver is released.

In the meantime, I had to reinstall the OS (due to a partitioning error on my part). Now I am having these BSODs. I am thinking this is a video problem again - can you confirm that based on the codes?
_The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0xa7653e27, 0xd7c1314c, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031214-77548-01._

I am at a loss of what to do - I can't seem to find a good driver on the nVidia site. The one I am using is dated 6/11/2012 v 9.18.13.280. I originally was using v 9.18.13.286, but I was getting BSODs, and so I switched to 9.18.13.280.

If you think it is necessary to get a new video card, I'll need some help with that - I don't know where to start. Thanks much.

Update - I went to the nVidia site again, and this time I found an update for my card that is supposed to be W7 + W8 certified. Just installed it and we'll see if the BSODs go away.


----------



## Macboatmaster (Jan 15, 2010)

1, Welcome to Tech Support Guy

2. Re the driver as you can see it was released on 24 Jan 2013, so I cannot understand this


> Seems nVidia had not yet made a W8 driver (although they are required to by contract), and so MS did something to tide me over until this new driver is released.


*GeForce 307.74 Driver*

Version: 307.74 *WHQL* 
Release Date:2013.1.24 
Operating System: Windows 7 64-bit, Windows 8 64-bit, Windows Vista 64-bit 
Language: English (UK)

as was the driver for Windows 8 32 bit.

3. The crash could be the display driver, it MAY be a ram problem, but that is not as likely, it could also be an anti-virus problem

4. Re this


> Update - I went to the nVidia site again, and this time I found an update for my card that is supposed to be W7 + W8 certified. Just installed it and we'll see if the BSODs go away.


Post back please to either notify us all is now in order and if that is the case please mark the topic solved by clicking on the mark solved button on your post
OR indicating you still have the problem in which case I or someone will further assist you


----------



## simrick (Mar 12, 2014)

Macboatmaster said:


> 1, Welcome to Tech Support Guy
> 
> 2. Re the driver as you can see it was released on 24 Jan 2013, so I cannot understand this
> 
> ...


Sorry, I don't quite remember what the nVidia driver issue was, but I do remember MS said it was not released or certified or something when I upgraded to W8 (was last year some time, and could even be over 1 year ago) - that was why they put an older driver on my system and did some fiddling around to get rid of the BSODs. The MS tech must have tried half a dozen before he finally settled on one (I remember it quite well).

I will wait a few days and see if the problem is resolved. Then I have some WUs to install, so I'll do that and make sure that everything is ok. Then I will post either as solved, or request your further assistance.
Thanks very much for the reply.
Cheers!


----------



## Macboatmaster (Jan 15, 2010)

Send me the dump and I will analyse it and then if you still have the problem- we are on the starting blocks.
Send it as compressed zip attached to your reply please


No need to quote my post back to me - just click reply rather than quote please


----------



## simrick (Mar 12, 2014)

Trying to upload the zip file, but I keep getting this error:

Your submission could not be processed because a security token was missing.

If this occurred unexpectedly, please inform the administrator and describe the action you performed before you received this error.
********************
update
I guess the file was too large.
At any rate, I came across a super free program called WhoCrashed, which I downloaded from C|NET. Ran it, and this is what I got:

Crash dump directory: C:\Windows\Minidump

Crash dumps are enabled on your computer.

*On Wed 3/12/2014 6:17:13 PM GMT your computer crashed*
crash dump file: C:\Windows\Minidump\031214-77548-01.dmp
This was probably caused by the following module: aswsnx.sys (aswSnx+0x4EE27) 
Bugcheck code: 0x1000008E (0xFFFFFFFFC0000005, 0xFFFFFFFFA7653E27, 0xFFFFFFFFD7C1314C, 0x0)
Error: KERNEL_MODE_EXCEPTION_NOT_HANDLED_M
file path: C:\Windows\system32\drivers\aswsnx.sys
product: avast! Antivirus
company: AVAST Software
description: avast! Virtualization Driver
Bug check description: This indicates that a kernel-mode program generated an exception which the error handler did not catch.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. 
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: aswsnx.sys (avast! Virtualization Driver, AVAST Software). 
Google query: AVAST Software KERNEL_MODE_EXCEPTION_NOT_HANDLED_M


*On Wed 3/12/2014 6:17:13 PM GMT your computer crashed*
crash dump file: C:\Windows\memory.dmp
This was probably caused by the following module: aswsnx.sys (aswSnx+0x5032E) 
Bugcheck code: 0x8E (0xFFFFFFFFC0000005, 0xFFFFFFFFA7653E27, 0xFFFFFFFFD7C1314C, 0x0)
Error: KERNEL_MODE_EXCEPTION_NOT_HANDLED
file path: C:\Windows\system32\drivers\aswsnx.sys
product: avast! Antivirus
company: AVAST Software
description: avast! Virtualization Driver
Bug check description: This bug check indicates that a kernel-mode application generated an exception that the error handler did not catch.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: aswsnx.sys (avast! Virtualization Driver, AVAST Software). 
Google query: AVAST Software KERNEL_MODE_EXCEPTION_NOT_HANDLED


*On Sun 3/9/2014 9:44:15 PM GMT your computer crashed*
crash dump file: C:\Windows\Minidump\030914-41605-01.dmp
This was probably caused by the following module: saskutil.sys (SASKUTIL+0x7503) 
Bugcheck code: 0x1000007E (0xFFFFFFFFC0000005, 0xFFFFFFFF9131A503, 0xFFFFFFFF81B9689C, 0xFFFFFFFF81B96460)
Error: SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M
file path: C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
product: SUPERAntiSpyware
company: SUPERAdBlocker.com and SUPERAntiSpyware.com
description: SASKUTIL.SYS
Bug check description: This indicates that a system thread generated an exception which the error handler did not catch.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. 
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: saskutil.sys (SASKUTIL.SYS, SUPERAdBlocker.com and SUPERAntiSpyware.com). 
Google query: SUPERAdBlocker.com and SUPERAntiSpyware.com SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M


*On Thu 2/13/2014 11:02:08 AM GMT your computer crashed*
crash dump file: C:\Windows\Minidump\021314-112227-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0xCA5C4) 
Bugcheck code: 0x19 (0xE, 0xFFFFFFFFA89B5000, 0x0, 0xFFFFFFFFEA239E37)
Error: BAD_POOL_HEADER
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that a pool header is corrupt.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules. 
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time


----------



## Macboatmaster (Jan 15, 2010)

Who Crashed is OK but does not provide the analysis that is available from the dump analysis I use.
That said try uninstalling AVAST use programs and features and then you MUST run this
http://www.avast.com/uninstall-utility
then REBOOT

There is some history of this
description: avast! Virtualization Driver
causing problems on windows 8.

Then check that Windows Defender is enabled
as here - option 2
http://www.eightforums.com/tutorials/21962-windows-defender-turn-off-windows-8-a.html

If it does not stop the crash, you can of course then if you wish reinstall AVAST if it is the free edition
If it is paid for edition, make sure you have the necessary details before uninstalling

Finally I presume you do have only AVAST and SAS - and NO OTHER antivirus that is real time protection installed
If the SAS is the free edition it only provides a scan on demand and Is NOT real time protection


----------



## simrick (Mar 12, 2014)

Thank you very much for the information. Yes, I have Avast Free, SAS Free and MBAM Free, so only Avast is real-time. The other two I run once a month, or when needed.

I found the mini dump file, (originally tried to send the memory.dmp file which is too large), and am attaching it now. There are a total of three, but this one is the most recent. If you want the others, let me know and I will upload them (now that I have found them!) LOL

Yes, I had a read in some of their forums last night about this Virtualization Driver issue - seemed mostly on 64-bit machines (and I am 32-bit), but, we'll see. I will uninstall avast shortly.

Thanks again!


----------



## Macboatmaster (Jan 15, 2010)

DUMP
Windows 8 Kernel Version 9200 UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 9200.16659.x86fre.win8_gdr.130708-1504
Machine Name:
Kernel base = 0x8105e000 PsLoadedModuleList = 0x8124be48
Debug session time: Wed Mar 12 14:17:13.957 2014 (UTC - 4:00)
System Uptime: 2 days 17:43:24.293
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: a7653e27, The address that the exception occurred at
Arg3: d7c1314c, Trap Frame
Arg4: 00000000

Debugging Details:
------------------

TRIAGER: Could not open triage file : e:\dump_analysis\program\triage\modclass.ini, error 2

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

FAULTING_IP: 
aswSnx+4ee27
a7653e27 1b1b sbb ebx,dword ptr [ebx]

TRAP_FRAME: d7c1314c -- (.trap 0xffffffffd7c1314c)
ErrCode = 00000000
eax=bca6165b ebx=00000000 ecx=d7c132c4 edx=81128141 esi=a76a6930 edi=d7c134ac
eip=a7653e27 esp=d7c131c0 ebp=d7c13288 iopl=0 nv up ei ng nz ac po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010292
aswSnx+0x4ee27:
a7653e27 1b1b sbb ebx,dword ptr [ebx] ds:0023:00000000=????????
Resetting default scope

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT

BUGCHECK_STR: AV

PROCESS_NAME: services.exe

CURRENT_IRQL: 0

LAST_CONTROL_TRANSFER: from a765532e to a7653e27

STACK_TEXT: 
WARNING: Stack unwind information not available. Following frames may be wrong.
d7c13288 a765532e d7c132c4 a766bb8c 80002088 aswSnx+0x4ee27
d7c132b0 a762c658 d7c132f8 a766bb8c 80002088 aswSnx+0x5032e
d7c13340 a763615a 00000b9c bcc417b0 00000001 aswSnx+0x27658
d7c13368 a7636bb5 000002b8 00000b9c bcc417b0 aswSnx+0x3115a
d7c13514 812ab00c 84cb8400 00000b9c d7c1353c aswSnx+0x31bb5
d7c13600 812dbc09 d7c13638 d7c13690 02000000 nt!PspInsertThread+0x57b
d7c13d20 8119e978 00d8eab0 00d8ea60 02000000 nt!NtCreateUserProcess+0x5ad
d7c13d20 77e97174 00d8eab0 00d8ea60 02000000 nt!KiSystemServicePostCall
00d8ecdc 00000000 00000000 00000000 00000000 0x77e97174

STACK_COMMAND: kb

FOLLOWUP_IP: 
aswSnx+4ee27
a7653e27 1b1b sbb ebx,dword ptr [ebx]

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: aswSnx+4ee27

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: aswSnx

IMAGE_NAME: aswSnx.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 52deaa15

FAILURE_BUCKET_ID: AV_aswSnx+4ee27

BUCKET_ID: AV_aswSnx+4ee27

Followup: MachineOwner

IT will take sometime to go through it all but 
AVAST uninstall is certainly the way forward

---------


----------



## Macboatmaster (Jan 15, 2010)

Further to the above - do you have installed or use any registry cleaner, booster make it go faster program


There MAY be some evidence that something has changed registry values - but I am not certain.


Also you have SAS loading on startup - there is no need to have that loading you simply start it when you wish - Ctrl Alt Del
Task Manager -startup tab - I think SAS will be there
Select and then disable and exit out of Task Manager
REBOOT


Which model of Dell is it please ?


----------



## simrick (Mar 12, 2014)

I do have ccleaner. What would I look for? The registry scan issues?

For SAS starting up - I think that way it protects your home page in the browser from being changed, no? Otherwise I can disable it, yes.


----------



## Macboatmaster (Jan 15, 2010)

Do you use the registry cleaner in CCleaner - it is not advisable
Please proceed as recommended


----------



## simrick (Mar 12, 2014)

Yes, I do use the registry cleaner occasionally. 
I have uninstalled avast and run the avast removal tool in safe mode.
I will disable SAS from startup.
Thank you!

computer name: DELL E521 W8 - 32 bit
windows version: Windows 8 , 6.2, build: 9200
windows dir: C:\Windows
Hardware: Dimension E521, Dell Inc, 0UW457
CPU: AuthenticAMD AMD Athlon(tm) 64 Processor 3500+ AMD586, level: 15
1 logical processors, active mask: 1
RAM: 3219640320 total
VM: 2147352576, free: 1938395136


----------



## Macboatmaster (Jan 15, 2010)

Please be assured that using the registry cleaner on CCleaner unless you KNOW exactly what it is doing is risky on any system 
On Windows 8 IMHO it is the kiss of death.
AND that is with acknowledgement that it is one of the safest registry cleaners that I know of.
That said cleaning the registry is a non starter on 8



Despite some reports to the contrary there is again IMHO only ONE AV for 8/8.1 and that is Windows Defender
It is the full AV not merely the anti spyware that it was on 7


There is absolutely NO CHANCE it will cause problems on 8 and that cannot be said with 100% certainty of any 3rd party anti-virus


There are so many variables to 8 that there is NO other AV that can keep up to speed.


Check Defender is enabled as previously mentioned


When you have done that - check for updates on it, click the update tab.


Then do a QUICK scan


It will take sometime the first time but after that it is FAST


You only need a full scan if the quick scan finds something.


PLEASE for your own good do NOT use the registry cleaner


Otherwise one day sooner or later you will have severe problems - usually but not always you will start to find that various Store apps will not open.


All that is NOT to say that you should not keep the FREE Malwarebytes not the FREE trial version as that is real time protection and scan with that every week or as it suits you


Neither does it mean that if you like it you should not KEEP the free Super antispyware


When you have done all that please do not leave the topic as for your own good there is MORE to do


----------



## simrick (Mar 12, 2014)

Okay, I am surprised about the ccleaner registry cleaner, because, yes, as you say, I thought it was the most harmless of any out there. But with this Metro side of W8, and the apps, I can see your point.

Defender is on, and updated. I will run a quick scan shortly. I have disabled SAS from startup. I am using MBAM FREE (not free trial) and SAS FREE only.

I am a bit concerned though with Defender, as it is just not as robust as a true antivirus like Avast, or ESET or Kaspersky. In my experience with it, and MS Security Essentials, I have found that the MS programs let the viruses in, and then try to get rid of them, while Avast keeps them from getting in, in the first place.

http://www.maximumpc.com/windows_defender_vs_avast_2013

I will post back when the scan has completed. First, I am running a System Inspector scan for the people over at SAS, per their request.

Thanks!


----------



## Macboatmaster (Jan 15, 2010)

Well you must make your own decision, that is only right, it is your computer
I see little point in entering a discussion about the merits of Defender compared with AVAST or with any other 3rd party product


That said, the topic is about the crash and my suggested solution is to uninstall AVAST and see how you go - SO HAVING uninstalled it and used the Avast removal tool - how is it please 


Whether it proves to be a hardware driver issue, AVAST issue, or a ram problem remains to be seen, but clearly you have a problem, it may even transpire to be a problem caused by registry cleaning, which ceased to be of any benefit sometime ago


It and many other such utilities may have had a place on XP and Vista, they have no place on 7 or especially 8.
For instance many 3rd part defraggers will damage Windows 8.
They defrag in a way that may well delete restore points, or stop them working if needed.


I will leave the issue with you until you post the final result of implementing my recommendations or leaving the issue here and following advice from SAS


That is NOT meant to be unhelpful, but I am not prepared to carry on attempting resolution if you are making any changes based on advice elsewhere.


----------



## simrick (Mar 12, 2014)

Macboatmaster said:


> That said, the topic is about the crash and my suggested solution is to uninstall AVAST and see how you go - SO HAVING uninstalled it and used the Avast removal tool - how is it please


It seems fine for now. I have rebooted twice without issue. However, it may take several days before I would see a BSOD, so I am a bit reluctant to say it's all good just yet.



Macboatmaster said:


> For instance many 3rd part defraggers will damage Windows 8.
> They defrag in a way that may well delete restore points, or stop them working if needed.


Oh! Glad you mentioned that. I had no idea.



Macboatmaster said:


> I will leave the issue with you until you post the final result of implementing my recommendations or leaving the issue here and following advice from SAS
> 
> That is NOT meant to be unhelpful, but I am not prepared to carry on attempting resolution if you are making any changes based on advice elsewhere.


I am NOT making any changes or doing anything recommended by SAS. I simply reported an error to them which I had, and they asked for some information. I will give them the information on the system, but that's as far as I will go with them. If we (you and I) find that SAS should go the way of Avast, then that will be decided here, not with them.

I understand what's involved with computer assistance - I do it for many people - and appreciate your help very much. I would not go muddying up the waters by doing other things outside this scope.


----------



## Macboatmaster (Jan 15, 2010)

Cheers
Please test it and see how it goes
Would you open a cmd prompt with admin rights and type
* sfc /scannow*
that is a system file check
should not take too long and what we are looking for is all files in correct place and no violations etc.

It has to be an admin cmd prompt so you need to have that on the top bar of the window


----------



## simrick (Mar 12, 2014)

Thanks. Will do that shortly and reply back.


----------



## simrick (Mar 12, 2014)

HI. Here are the results. Thanks.


----------



## Macboatmaster (Jan 15, 2010)

Run it twice more REBOOTING after each run
Save those log files that you have posted and then compare the log of the third run with those and see if the failures are reduced


----------



## simrick (Mar 12, 2014)

Okay. Is there a secret way to compare 635-page logs? LOL


----------



## Macboatmaster (Jan 15, 2010)

You note which could not be repaired on the log you have posted and then you note if those are now repaired on the log from the third run
You use the find facility on the doc editor to do so
For instance

CSIPERF:TXCOMMIT;60916

2014-03-13 18:49:29, Info CSI 000003b7 [SR] Verify and Repair Transaction completed. *All files and registry keys listed in this transaction have been successfully repaired*

*as against*

PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, hash mismatch

2014-03-13 18:49:28, Info CSI 000003ae Hashes for file member \SystemRoot\WinSxS\x86_prncacla.inf_31bf3856ad364e35_6.2.9200.16430_none_a1af7694d303e9dc\I386\CNBJ2530.DPB do not match actual file [l:34{17}]"I386\CNBJ2530.DPB" :

Found: {l:32 b:eEVuN9+Epbbj0vk8lOuxFgS5WfNo3HbpOi2EVb2J6WA=} Expected: {l:32 b:n520k714Uu3utHa5JGQ6HQYbZphKhlMWq5pEmfnCDuw=}

2014-03-13 18:49:28, Info CSI 000003af [SR] *Cannot repair member file*

*HOWEVER run it twice more as I said and then see if you get the result all in order*
*It only can repair so much on each run*
*BUT if it has not on the third run it is not going to do so*

*I do have another utility for you to try when you have done the third run*


----------



## simrick (Mar 12, 2014)

Okay. Thanks.


----------



## simrick (Mar 12, 2014)

Got some of these hash mismatches in the second run, and many "Defender definitions updates not owned", but the size of the log has decreased substantially.

All the found/expected errors are Win SxS - that's backup/system restore issues, right?



Macboatmaster said:


> 2014-03-13 18:49:28, Info CSI 000003af [SR] *Cannot repair member file*


*

* Looks like I have about 4 of these left.



Macboatmaster said:


> *I do have another utility for you to try when you have done the third run*



Going to run scan #3 now.


----------



## simrick (Mar 12, 2014)

sfc /scannow run #3 attached


----------



## Macboatmaster (Jan 15, 2010)

Cheers
Run this cmd prompt admin rights again
DO NOT please use the computer for anything whilst it is running
It uses the internet connection if necessary hence ONLINE
Copy and paste the cmd then you do not have to worry about spacing

*Dism /Online /Cleanup-Image /RestoreHealth*


----------



## simrick (Mar 12, 2014)

success!


----------



## Macboatmaster (Jan 15, 2010)

Hope all has gone as good as it can
Now reboot and run the sfc /scannow again


----------



## simrick (Mar 12, 2014)

Okay, done. "_Windows Resource Protection did not find any integrity violations_." :up:


----------



## Macboatmaster (Jan 15, 2010)

Congratulations
Pleased that worked
I THINK and I am not certain, as I am not an expert on those logs, that it MAYBE the registry cleaner
I would stay away from it
If all is OK after a couple of days or so would you mark it solved and it has been good to work with you


----------



## simrick (Mar 12, 2014)

Yes, thank you for all your help. I will test things out for a few days and then return to close this out as resolved. Thanks again and great to work with you as well!


----------



## simrick (Mar 12, 2014)

Hi. I have come across one issue, which I hope you can help me with please. This computer starts itself after I shut it down. I had previously made a change in power settings, unchecking the box "Turn on fast startup" and that had resolved the problem in the past. But I am not able to make any changes to these settings anymore. Yes, I am in an administrator account. Any ideas? Thanks.


----------



## Macboatmaster (Jan 15, 2010)

I cannot decide from your screenshot if it is greyed out
see mine please


----------



## simrick (Mar 12, 2014)

Okay, I feel like a total dweebhead! Thanks for pointing that out - worked! (not enough coffee yet, I guess...)


----------



## Macboatmaster (Jan 15, 2010)

No problem
Head still full of the main topic me thinks :up:
I am not going to agree with you, dweebhead - in case I cannot solve the next problem you ask for help with - otherwise I may have to post


----------



## simrick (Mar 12, 2014)

You're too funny!

Well, everything seems to be working fine and I thank you very much for all your help! I will close this thread as solved. Cheers!


----------



## Macboatmaster (Jan 15, 2010)

Cheers
All the best with it


----------

