Recently I have had some video and system crashes while watching videos on USA Network. They were the only network that I had that problem with.
I searched for any updated drivers and found a newer release that was just a few days before I starting investigating the problem.That driver was supposed to solve a vulnerability that was found that could cause crashes.
A few weeks prior to this I had installed a new driver to try and solve some other problems.
So I downloaded the new version of Catalyst , uninstalled the old version then rebooted, then installed the new version. Then I went back to USA Network and checked, I still had a few crashes on certain videos or when the player stopped and no more videos were available. I began suspecting it had something to do with “Timeout Detection and Recovery of GPUs” ( http://msdn.microsoft.com/en-us/windows/hardware/gg487368.aspx ) but I just didn’t have enough information to go on. After a few days I stopped getting crashes so I figured USA “Fixed” what ever was causing the problem.
The drivers listed above in the title , what are they ?
It is part of the AMD Overdrive utility for tweaking your system to get more performance out of it.(overclocking) Other than that I’m not sure without getting deeper into them.
These are just 2 different versions of the same driver , but what makes it interesting is when I was checking into the loaded drivers on the system the new driver was in the folder but the system was still pointing at the old versions of the registry information.
I created a new tool that uses WMI Win32_SystemDriver to get the information about the drivers and display it in a Data grid view so the information can be sorted and later saved.
When looking at the results I found that both drivers were listed to auto start but only the old one was listed as started , here is a screenshot after my changes.
When I first seen this, both Start Mode settings were set to Automatic and the Started setting was the reverse of what you see here.
While I was doing research on this driver I ran across a article where people were having a problems with this driver causing a crash. Located here.
Rather than using some kind of registry cleaner I used a registry scanner (found Here)to find all of the locations they they were in. One scan for each driver name.
Now that gave me some locations to look in to get more clues on what was going on.
When looking at:
I noticed that the value : (Name) ActiveService (Value)AODDriver4.1 did not exist in this key but it did in the older version on the driver. That tells me that if the service / driver is enabled or running it will have that Name : ActiveService with the Value: of the driver, otherwise it will be blank.
I didn’t want to do a registry hack at this point like was mentioned in the article I had found. So what is the alternative? Well that would be Device manager. These drivers are listed as Non-Plug and Play Drivers.
Open device manager, click view on the top menu, then click on show hidden devices, then click on the Non-Plug and Play Drivers section. This will now display the devices we want so we can get to the settings for them.
When looking at the settings in the registry I found that both drivers used the same ”ClassGUID”.
Next we want to right click on the driver name then select properties , then the Driver tab and then we see this.
As you can see this is the older version of the driver. Before the change it will show Status: Started and Type: Automatic, after the change in will be as shown above.
Now to change which registry version of the driver it is using, just change the old version from Automatic to Demand as shown above, reboot the system and the system will take care of the registry changes for you. I haven’t tested the Disabled setting but would assume it would cause problems at this point.
Since the reboot, the system “should” never demand that version since it “should” now be using the new version. You could possibly remove the registry locations pointing at the old version then reboot and that “should” clear the driver information out of Device manager. Or just leave it alone and just go with it because it is now using the updated information from the registry. Be careful because both setting point at the same driver folder.
Hope this has helped someone.
About the tool I wrote:
This tool came about after watching the newer video by Mark Russinovich Titled: Malware Hunting with the Sysinternals Tools. Located here. And links to several other of his web cast here.
I got to wondering about the newer malware that were loading as drivers and was wanting to get a better view of the drivers, so I found the win32 class
Win32_SystemDriver and built a quick version using my GUI WMI code creator found on Code Project Here.
After I built this program I remembered that Sysinternals had a utility called Loadorder found Here which gets most of the same information that I just got with my Utility, Found on my SkyDrive Here , file name Win32_SystemDriver.zip . (There are several other of my system utilities there also.)
I recently found a better way to get any of the cells copied to clipboard with or with out the header titles. That is implemented only in this version of the app and a test app that is not currently available online. If you Select all cells plus “Check” the check box at the top you can get all of the cells and the header information and then do a “Special Paste (as text)” in Excel then you can save it for comparison later. My system currently list 239 drivers but not all are running or have run since the last boot.
The other feature I have here (that I just recently learned) is the ability to go to the file and highlight the file. I had to do some string manipulation to get it to work with the UNC paths as shown in the picture above earlier.
While testing there was one driver ( nm3, Microsoft Network Monitor 3 Driver) that would not show most of the information till I started the program as Admin, so I added the require admin in the manifest so I wouldn’t forget to elevate, and then start wondering why I wasn’t getting information.(which had me worried for a bit)
That driver name would not show up in a Process Explorer search either, even though it was listed as running.(Which is what had me worried since at the time I didn’t know what it was.)
Hope this program can help others to get a better handle on the drivers on a system.
If anyone has any questions or finds any bugs in my program please let me know so I can fix them.
I forgot to mention that after fixing the driver issue that I had a noticeable improvement on the reboot.
Changed Title Of Post on blog to better reflect what it is about.