Continual BSODs. Could someone help analyze dump file please?

Toggle sidebar Toggle sidebar
M

MadMikentist

Commendable
May 14, 2016
17
0
1,510
Hello, I'm having an odd problem that is centered around continual BSODs in Windows 10. Here are my specs:

Windows 10 x64
Asus M5A97 motherboard
AMD Radeon HD 6800 video card
AMD Phenom II X4 975 processor
Samsung SSD 840 EVO 250GB primary hard drive
500GB standard secondary hard drive
8GB of RAM (5.96GB usable?)
DDR3 Corsair RAM


My PC BSODs at random within a few minutes of use. Sometimes during a game (hearthstone or rocket league), but also during copying files to USB or browsing online or running "sfc /scannow".

Here is the dump file:
https://drive.google.com/file/d/0B6KtdudpNDEYVFphSnd2NHkyYjA/view?usp=sharing

I've updated GPU drivers with no change. I also ran "sfc /scannow". The first time it said that some files were corrupted and it fixed them. Now when I try it, it just says 'Windows Resource Protection could not perform the requested operation.' or it BSODs.

When it BSODs, it usually BSODs multiple times trying to reboot. Sometimes this results in the computer failing to boot or even POST and I have to unplug it or wait a while to get it to boot.
I've suspected that RAM is the issue. I ran memtest86 with all 4 sticks of RAM in and I received 180,000+ errors and the test froze. I tried booting with each stick of RAM individually and there are no problems. I tried to run memtest on each stick individually and they all pass with 0 errors. I tried memtest with a single stick in each slot individually and they all pass with 0 errors.

A friend pointed me to this forum post:
http://www.tomshardware.com/answers/id-2214624/ram-testing-sticks-prompts-error-testing-stick-error-arise-memtest86.html

It's the same problem I was having. I increased the NB voltage to 1.25 and then all 4 sticks passed memtest together and my computer was working for most of today. Then it all crashed again with a stream of BSODs. I'm at a loss here and I could really use some help or at least someone to point me in the right direction. I really appreciate any tips that can be offered and please let me know if you need any more information. I'll post if I can figure out what finally fixes this. Thanks.

EDIT:
minidump files link:
https://drive.google.com/folderview?id=0B6KtdudpNDEYM2t3NFFvMmY0X1E&usp=sharing
 
Solution
Colif
Just general tips, I am no expert as I only look at hardware normally when I am upgrading.

buy a good brand psu with high efficiency rating as that counts more than high wattage. Good psu means none of the other parts die a premature death (its no guarantee but its more likely than if you use no name brands). I would look at this for names/models: http://www.tomshardware.com/forum/id-2547993/psu-tier-list.html
read reviews of any part you might want to buy, see if its good enough. Watch videos, look for negatives.
I always go nuts on a case and get a really good one as my 1st two pc had crap cases with built in power supplies and I refuse to do that again. 3rd case was a Lian Li and last two been Silverstone... the current one just...
Sort by date Sort by votes
Hi,

Please do try these troubleshooting steps that may help.
- First is to run Windows Update and install all the update available.
- Once done, do run SFC Scanner.
- Search for Command Prompt, right click on it and select Run as Administrator.
- Once open, type sfc/scannow then press Enter. While until it finish the scan and see if it will solve the issue or not.
- If these steps will not work, proceed with doing a clean install of the graphics card driver.
- Go to Device Manager and uninstall the graphics driver.
- Next is to open Programs and Features then uninstall anything related to the graphics card driver.
- Once done, download and install the latest driver.
- Reboot the laptop once the latest driver has been installed then test it again.
- If the same problem will persist, do also run a memory test just to make sure everything is working properly.
- If all test will pass, last option would be to reinstall Windows 10.
 
Upvote 0 Downvote


I've done all of those steps except reinstall windows. SFC scanner occasionally works, although sometimes it fails or BSODs before it can finish. In safe mode it runs fine and says there is no problem. The drivers have been wiped and reinstalled, no change. The memory tests got complicated, but I fixed that by increasing the NB voltage and my computer worked for most of today, then started crashing again. Since that seemed to have an effect, even if only temporarily, could that provide a clue about the problem causing this? Is reinstalling Windows 10 the only step left? Thanks.
 
Upvote 0 Downvote


I believe the PSU is Raidmax RX-700AC and DRAM is Corsair XMS3 4GB DDR3. I have the latest bios Asus supplied, but I couldn't find a lot of drivers for my mobo on Windows likely due to age. This was it:

https://www.asus.com/Motherboards/M5A97/HelpDesk_Download/
 
Upvote 0 Downvote
try and uninstall your avira virus scanner.
or disable its filter using ftlmgr.exe (see below)

actual thread that caused the stack overflow was:
Avira.ServiceHost.exe




---------
system was up for 33 second then a driver corrupted kernel memory by because of a stack overflow.
the service running was: Avira.ServiceH (rest of the name was truncated)

I would suspect Avira AntiVir, the stack trace before the Bugcheck shows that windows filter manager was called.
looking at the installed filters you have
\SystemRoot\system32\DRIVERS\avgntflt.sys Wed Jan 13 09:40:59 2016

my guess it either that filter has a bug or another filter installed screwed up that filter and caused the crash

you can start cmd.exe as an admin then run
Fltmc.exe
to display the list of filters installed on your machine
here is what is shown on my system:

C:\WINDOWS\system32>fltmc

Filter Name Num Instances Altitude Frame
------------------------------ ------------- ------------ -----
WdFilter 7 328010 0
storqosflt 0 244000 0
FileCrypt 0 141100 0
luafv 1 135000 0
npsvctrig 1 46000 0
FileInfo 7 45000 0
Wof 6 40700 0

C:\WINDOWS\system32>fltmc /?

** Invalid command
Valid commands:
load Loads a Filter driver
unload Unloads a Filter driver
filters Lists the Filters currently registered in the system
instances Lists the Instances for a Filter or Volume currently
registered in the system
volumes Lists all volumes/RDRs in the system
attach Creates a Filter Instance to a Volume
detach Removes a Filter Instance from a Volume

Use fltmc help [ command ] for help on a specific command

note: looks like you have a disable vpn, you might remove it if you don't want it.

Dumping IopRootDeviceNode (= 0xffffe0011973fd30)
DevNode 0xffffe001196f4a50 for PDO 0xffffe001196f5940
InstancePath is "ROOT\NET\0001"
ServiceName is "vpnva"
State = DeviceNodeInitialized (0x302)
Previous State = DeviceNodeUninitialized (0x301)
Problem = CM_PROB_DISABLED




 
Upvote 0 Downvote



That's really interesting. I posted about this in another forum and just had someone else suggest that Avira might have caused it too, along with some other drivers that I've just updated. Though they didn't provide nearly as much info as you did. I uninstalled Avira a little while ago and no crashes so far, but I also updated bios driver and removed my GPU driver, so I can't really stress my system with games because the resolution leaves it unplayable. If everything looks good, tomorrow I'll reinstall the newest stable GPU driver and test further. Would you be able to suggest a decent free antivirus? I grabbed bitdefender, but I had used Avast before Avira.

Think a VPN could be causing a problem also? I have 2 VPNs installed, one of which I use for school. They haven't caused problems in the past, but it wouldn't surprise me. I also realized that I didn't post a link to the minidumps from the BSODs, so I'll include it here and update my original post in case that info could help narrow the problem down for sure. Thanks for all of your help and the useful info. I'll post back after I've tested this further to see if it's fixed and identify the solution.

minidumps:
https://drive.google.com/folderview?id=0B6KtdudpNDEYM2t3NFFvMmY0X1E&usp=sharing
 
Upvote 0 Downvote
overall, I just think it is the antivirus code
avguard.exe
avgntflt.sys

but you also had a office app (msoia.exe)
and windows dwm.exe was having a fault. that windows was trying to record and report.
dwm.exe =Desktop Window Manager

I would remove the disable vpn also just to remove possibilities.



vpn and old network drivers can mess up antivirus scanners and cause the scanners to fail.
when I looked at the memory dump it looked like something stopped processing and caused every thing to just back up behind it. For example windows explorer had waited 55 thousand times to access some resource and your system was not up very long.

You also had a few outdated drivers (2 if i remember) but I think it is going to be the filter driver as the cause. (or a secondary filter driver, messing up the first driver, they are chained together)
the filter drivers are used to add functionality to some core windows component but are not part of windows so windows updates will not provide the updates. You have to go to the driver vendor to get them. They also tend to have common bugs, for example they might insert them self in to a link so they get first crack at data and not pass control to the next filter driver. then the second driver might fail.



 
Upvote 0 Downvote
Ah, I see. Thank you so much for taking the time to help me with this. Your insight has been extremely useful. So far I've gotten rid of Avira and updated my outdated drivers. I've been testing it most of today with the basic GPU driver just to be safe and tomorrow I'll reinstall my newest GPU driver and test some more. I use the VPNs quite often so I hope they're not causing the problem, but they will be the next thing I remove if I BSOD again tomorrow. I'll reply back if I BSOD again or once I'm convinced these changes have taken care of it. Thank you.



 
Upvote 0 Downvote
Well, everything ran pretty well so I updated to my latest GPU driver yesterday morning. I played games yesterday, ran unigine for a while to put some pressure on the GPU, and generally tried to stress my system out and had no problems.

I was just messing around in hearthstone a minute ago and my display driver crashed according to Windows 10, then I BSODed.

Here's a link to the minidump file:
https://drive.google.com/file/d/0B6KtdudpNDEYU0VLQlVQdmFzWkk/view?usp=sharing

If you get a chance, could you tell me what might be causing it this time? Thank you.



 
Upvote 0 Downvote
maybe your bit defender filter driver
\SystemRoot\system32\DRIVERS\gzflt.sys Mon Apr 22 03:21:00 2013
is causing problems with
your amdkmafd.sys amd audio bus filter driver
causing your AMD graphic driver to use a bad memory address.

I would remove the bitdefender driver and maybe disable your amd audio bus filter driver if you are not getting audio via your video cable to your monitor speakers.

otherwise:
change your memory dump type to kernel, then start cmd.exe as an admin, then run
verifier.exe /standard /all

reboot and run your system until the next bugcheck, then copy up c:\windows\memory.dmp file and post a link
it will contain debug info for filter drivers.

Note: be sure to know how to get into safe mode (f8 or shift+f8) so you can disable verifier if your machine crashes on boot.

use
verifier.exe /reset

this will turn off verifier functions after you are done testing. if you fail to do this your machine will run slowly until you do. (maybe 10 to 20 % slower)

 
Upvote 0 Downvote
Thank you so much for your help! I have a few follow up questions so I can execute your instructions. Are you saying I should delete the bit defender driver (gzflt.sys)? Should I uninstall bit defender first or will it still function without that driver? Also, how do I disable the AMD audio bus filter driver and change my memory dump to kernel?

Just to make sure I understand, once I've done those things I should run verifier as you suggested and reboot my PC, then just use it as normal until I BSOD again? After that, I can upload and link the memory.dmp file that will contain filter driver info, right? And once all of that is done, I can reset the verifier as you explained it so it won't slow down my system? I just want to make sure I don't misunderstand and do anything stupid. Thank again. You're a life saver.



 
Upvote 0 Downvote
-uninstall bit defender.
-use control panel device manager to find the high definition audio devices and disable any you don't have a speaker connected to.
google "how to change the memory dump type"
verifier.exe will do a lot of checking and will force a bugcheck when it finds any common bugs in device drivers and it will name the driver in the bugcheck memory dump. It stays active even if you reboot, until you run verifier.exe /reset to turn it off
You could turn it on first but often 3rd party products have bugs in the uninstaller that verifier will catch and it might be unrelated to your current problem.
 
Upvote 0 Downvote
Thanks for the help. I uninstalled bitdefender and installed Avast for now. Let me know if you think that will be a problem and I can get rid of it too. Not sure why antivirus is giving me so much trouble lately. I changed the memory dump to kernel (thanks John and Colif) and ran verifier. Rebooted and tried to trigger a bugcheck by playing a little hearthstone, which usually leads to a BSOD. No bugcheck, but I did get a BSOD again. I copied and uploaded the memory.dmp file in case it's useful, but I suspect you want me to wait until a bugcheck triggers. I guess I can't incite one because I get BSOD, so I'll just leave my computer on and wait. Here's the link to the dmp file:

https://drive.google.com/file/d/0B6KtdudpNDEYUFVLX1hwb3RqSTA/view?usp=sharing

Thanks again, and please let me know if there's anything else I should do or if I can do something to elicit a bugcheck.
 
Upvote 0 Downvote
-you have some system drivers that are missing timestamps. you should run cmd.exe as an admin then run
dism.exe /online /cleanup-image /restorehealth
this will replace any hacked/corrupted system files with known good versions from a microsoft update server.

good odds this failure is caused by a service that is trying to talk to one of your (4) disabled device drivers. You would want to stop the service.

I think you have a service running under a generic service provider host (svchost.exe)
it looks like it is doing Alpc until the system runs out of kernel mode memory. (non page memory)

at this point other drivers that need to allocate kernel mode memory will begin to fail.
the bugcheck shows you running a game, the directx trying to read data into memory, found the data in standby memory but got a page fault trying to read the memory. IE windows told the driver that data was preload in standby memory and should have marked it as active memory before the graphics driver attempted to use it. (it did not happen and the driver called a bugcheck)

so: I would download process explorer https://technet.microsoft.com/en-us/sysinternals/processexplorer
and click on every svchost.exe listed and find any that were not microsoft services and see if you can figure out which one is using all the kernel memory.
(inside process explorer you can just move the mouse over svchost.exe and see what .exe files are running under that process)

You could download poolmon.exe from the windows SDK and leave it running and look at the pooltags that are being used but it just will say ALPC
as the tag. but you could leave it running then stop various 3rd party services in windows control panel services dialog and watch for the nonpage pool being released.

You also have 4 devices not that are disable but not removed from the system. Better to remove the device and drivers and services related to the device than trying to figure out what 3rd party service is messing up.

I would clear the windows standby memory list using rammap.exe
here is info on how to do that: https://support.software.dell.com/appassure/kb/118393
(this is just in case of a bug, it should not have a effect)

Note: standby memory is data preloaded by windows memory manager on the guess that you might want it sometime.
the preloaded data/programs may have not been accessed for months.

- your system also indicated you do not have a pagefile.sys, you might want to add one.






 
Upvote 0 Downvote
I know I keep saying it, but thank you so much for the help. I would be dead in the water on this. I had no idea it was going to be a complicated issue, or at least complicated for me. I'm going to run the commands you suggested now and use process explorer to try and figure out which one is using all of the kernel memory.

What would be the best way to identify and remove the disabled devices? Also, if you think this issue would be easier to solve by me reinstalling Windows 10, just let me know. I'm not opposed to doing that if you think it would work or be easier. Thanks man.



 
Upvote 0 Downvote
- reinstalling is always a good time to run crystaldiskinfo.exe and check your drive life, maybe update firmware for the SSD also.

a clean re install would be a good solution. I see various issues with the software I have not even mentioned yet.
Two versions of asus software from different years could be doing some screwy things. I think asus put a command in the scheduler to put the driver back in a week after you remove it. Many uninstallers do not really do a full uninstall, some uninstall but do it incorrectly and cause other drivers to fail.

Most people just give up and do the reinstall and call it done.



 
Upvote 0 Downvote
I see, and I think you're right. It seems like I fix the apparent problem only to discover that it was a symptom of a new problem. You've been so incredibly helpful and I have to keep asking you to dig through this stuff and I hate to do that.

Any tips for doing a reinstall and setting everything up fresh that will keep this issue from coming back? I did the free upgrade from Windows 7 a while back. That got buggy due to some Asus software I left on and caused my USB ports to not work. So I did a clean install with a Windows 10 disc that I burned. Think I'll be alright to do a clean install with that again or should I do anything to wipe the system first? Thanks.



 
Upvote 0 Downvote
you might consider removing all of your partitions from your boot drive and then making new partitions. Windows 10 likes a larger hidden partition than what windows 7 would have made by default.
don't accidentally delete the wrong drive (you might even want to disconnect the drive if you have data you want to save)

if you are installing to the SSD drive, I would just format and reinstall
(in theory it should not matter if you just reinstall but you will have to figure out how to remove the old window directory and takeownership of files in other directories)
if you are installing to a HDD drive I would do a full format rather than a quick format.
for the most part if you had windows 10 running or a while it will have scanned and tried to do repairs of your HDD already.



 
Upvote 0 Downvote
Yes, I ran into that problem when I was trying to upgrade. My HDD had the old hidden windows partition and it was too small, which took me a little while to figure out. I'm going to install to the SSD, so maybe I'll just disconnect the HDD like I did before and reconnect once Windows 10 is running? I just store some videos and media on the HDD, so it shouldn't be a big deal.

Should I format before I run the Windows 10 disc, or format as part of the reinstall? I just want to make sure it will remember my windows 10 key since I didn't actually buy one, it was part of the free upgrade and stored in Windows I think.
 
Upvote 0 Downvote
I would just disconnect the old drive and just format during the install.
I think the system looks at your hardware signature and checks on the web if you have a valid license for that signature.
So you would not have to know the key. I am not sure because I am running a pre-release build and don't keep up with the changes.




 
Upvote 0 Downvote
Cool, I'll go ahead and do that tomorrow night probably. I'm going to leave this thread open for a few days so I can reply to it if something crazy happens, but I'll come back and list it as solved as soon as I test out the new install. Thanks again for all of your help. You've been incredible.



 
Upvote 0 Downvote
Backup stuff you want to keep, fresh install of Win 10 after being on win 7 may force you to delete all the partitions anyway as it uses a different partition scheme to Win 7. It all depends on your bios settings. If motherboard is really old, you might be fine, but if its a UEFI bios it may force what I said above.

Fresh install usually fixes everything unless there is hardware at fault.
 
Upvote 0 Downvote
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom