Looking for help reading .dmp files

[ctshirk]

Was wondering if anyone would help me or read these files and tell what is wrong.
https://onedrive.live.com/?id=8C03BF2641D96573%211297&cid=8C03BF2641D96573

 

[Colif]

I can't read them myself but I have asked someone to comment below with a paste file I can read of a conversion of the dump files.

 

[gardenman]

Hi, I ran the dump files through the debugger and got the following information: https://pste.eu/p/CM62.html

File: 110918-36796-01.dmp (Nov 9 2018 - 01:34:12)
BugCheck: [SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007E)]
Probably caused by: memory_corruption (Process: System)
Uptime: 1 Day(s), 1 Hour(s), 36 Min(s), and 13 Sec(s)

File: 110918-34546-01.dmp (Nov 9 2018 - 02:42:16)
BugCheck: [PAGE_FAULT_IN_NONPAGED_AREA (50)]
Probably caused by: memory_corruption (Process: nvsphelper64.exe)
Uptime: 0 Day(s), 1 Hour(s), 07 Min(s), and 12 Sec(s)

The overclocking driver "XtuAcpiDriver.sys" was found on your system. (Intel Extreme Tuning Utility)

Motherboard: https://us.msi.com/Motherboard/Z97S-SLI-Krait-Edition.html

I can't help you with this. Wait for additional replies. Good luck.

 

[Colif]

nvsphelper64.exe is part of the Nvidia drivers, and was what crashed the 2nd time

try doing this and reinstall the Nvidia drivers from either Nvidia themselves or run windows update - http://www.tomshardware.com/faq/id-2767677/perform-clean-install-video-card-drivers.html

 

[johnbl]

since the error code was 0xc0000005 you should confim your memory timings are correct by downloading and runing memtest86 on its own boot image.

several files have had their info removed. you might start cmd.exe or powershell as an admin and run
dism.exe /online /cleanup-image /restorehealth
and a then run a Malwarebytes scan.

special file system driver installed: (suspect driver)
\SystemRoot\system32\DRIVERS\dokan1.sys Tue Sep 20 06:48:47 2016

any idea what it is used for?
bugcheck had a error code of ffffffffc0000005
which would be a bad memory address given to a driver.

overclock driver:
\SystemRoot\System32\drivers\XtuAcpiDriver.sys Thu Feb 26 04:51:57 2015

machine info:
BIOS Version V10.7
BIOS Starting Address Segment f000
BIOS Release Date 02/16/2016
Manufacturer MSI
Product Z97S SLI Krait Edition (MS-7922)
Version 2.0


Processor Version Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz
Processor Voltage 8ch - 1.2V
External Clock 100MHz
Max Speed 3800MHz
Current Speed 4000MHz

 

[Colif]

https://en.wikipedia.org/wiki/Dokan_Library - can be used for ramdisks

4790k max speed should be 4.4ghz: https://ark.intel.com/products/80807/Intel-Core-i7-4790K-Processor-8M-Cache-up-to-4-40-GHz-

 

[ctshirk]

since the error code was 0xc0000005 you should confim your memory timings are correct by downloading and runing memtest86 on its own boot image.

several files have had their info removed. you might start cmd.exe or powershell as an admin and run
dism.exe /online /cleanup-image /restorehealth
and a then run a Malwarebytes scan.

special file system driver installed: (suspect driver)
\SystemRoot\system32\DRIVERS\dokan1.sys Tue Sep 20 06:48:47 2016

any idea what it is used for?
bugcheck had a error code of ffffffffc0000005
which would be a bad memory address given to a driver.

overclock driver:
\SystemRoot\System32\drivers\XtuAcpiDriver.sys Thu Feb 26 04:51:57 2015

machine info:
BIOS Version V10.7
BIOS Starting Address Segment f000
BIOS Release Date 02/16/2016
Manufacturer MSI
Product Z97S SLI Krait Edition (MS-7922)
Version 2.0


Processor Version Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz
Processor Voltage 8ch - 1.2V
External Clock 100MHz
Max Speed 3800MHz
Current Speed 4000MHz

I just RMA my old RAM and just intalled the new ones the gave me (not saying they're not faulty). Ran dism.exe /online /cleanup-image /restorehealth and a then ran the Malwarebytes scan.
Wiped my GPU drivers and re-installed them with a clean install.
Not too sure what to do with the dokan drivers or the \SystemRoot\System32\drivers\XtuAcpiDriver.sys. I have never used either of the those two.

 

[ctshirk]

https://en.wikipedia.org/wiki/Dokan_Library - can be used for ramdisks

4790k max speed should be 4.4ghz: https://ark.intel.com/products/80807/Intel-Core-i7-4790K-Processor-8M-Cache-up-to-4-40-GHz-

My CPU is clocked at 4.0ghz. My PC is running completely stock.

I can't run OC Genie or XMP RAM OC it causes the OC to fail before boot it has happened with last set of RAM and the new RMA'd RAM.

 

[Colif]

\SystemRoot\System32\drivers\XtuAcpiDriver.sys is part of Intel extreme Tuning utility, its on the web site for your motherboard. If its not currently installed, you can use a program called https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns that can be used to stop it running at boot.

you could use same program to stop the dokan driver, I wonder what it was part of, it seems tied to projects from github

 

[ctshirk]

\SystemRoot\System32\drivers\XtuAcpiDriver.sys is part of Intel extreme Tuning utility, its on the web site for your motherboard. If its not currently installed, you can use a program called https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns that can be used to stop it running at boot.

you could use same program to stop the dokan driver, I wonder what it was part of, it seems tied to projects from github

When I run AutoRun and right-click the drivers mention and then properties i get Windows cannot find C:\windows\sysnative\drivers\xtuacoudrivers.sys'
if use process explorer i get process explorer from sysinternals is not running and not in path way

 

[johnbl]

different file, not sure what that one would be.

\SystemRoot\System32\drivers\XtuAcpiDriver.sys is part of Intel extreme Tuning utility, its on the web site for your motherboard. If its not currently installed, you can use a program called https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns that can be used to stop it running at boot.

you could use same program to stop the dokan driver, I wonder what it was part of, it seems tied to projects from github

When I run AutoRun and right-click the drivers mention and then properties i get Windows cannot find C:\windows\sysnative\drivers\xtuacoudrivers.sys'
if use process explorer i get process explorer from sysinternals is not running and not in path way

 

[ctshirk]

different file, not sure what that one would be.

\SystemRoot\System32\drivers\XtuAcpiDriver.sys is part of Intel extreme Tuning utility, its on the web site for your motherboard. If its not currently installed, you can use a program called https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns that can be used to stop it running at boot.

you could use same program to stop the dokan driver, I wonder what it was part of, it seems tied to projects from github

When I run AutoRun and right-click the drivers mention and then properties i get Windows cannot find C:\windows\sysnative\drivers\xtuacoudrivers.sys'
if use process explorer i get process explorer from sysinternals is not running and not in path way

I also get the same error for XtuAcpiDriver.sys

 

[gardenman]

When I run AutoRun and right-click the drivers mention and then properties i get Windows cannot find C:\windows\sysnative\drivers\xtuacoudrivers.sys'
if use process explorer i get process explorer from sysinternals is not running and not in path way

That's an AutoRuns bug. Notice the path it shows in the error message. It will be something like C:\Windows\SysNative

SysNative is the name of the company who made AutoRuns. The actual path to the driver is listed to the right. Just uncheck the 2 drivers, no need to delete them.

 

[ctshirk]

When I run AutoRun and right-click the drivers mention and then properties i get Windows cannot find C:\windows\sysnative\drivers\xtuacoudrivers.sys'
if use process explorer i get process explorer from sysinternals is not running and not in path way

That's an AutoRuns bug. Notice the path it shows in the error message. It will be something like C:\Windows\SysNative

SysNative is the name of the company who made AutoRuns. The actual path to the driver is listed to the right. Just uncheck the 2 drivers, no need to delete them.

Okay I did everything suggested at the moment, So now I have to wait and see if i Blue screen again. I'll keep you posted with in 24hrs. Thank you everyone

 

[johnbl]

i think autoruns was from the sysinternals website and written by Mark Russinovich
I think microsoft bought the company and Mark works for them.
(he developed the first rootkit and release it, i think)

I use the 64 bit version of autoruns and I don't see the path you mention. Sounds like a issue with the 32bit version.

When I run AutoRun and right-click the drivers mention and then properties i get Windows cannot find C:\windows\sysnative\drivers\xtuacoudrivers.sys'
if use process explorer i get process explorer from sysinternals is not running and not in path way

That's an AutoRuns bug. Notice the path it shows in the error message. It will be something like C:\Windows\SysNative

SysNative is the name of the company who made AutoRuns. The actual path to the driver is listed to the right. Just uncheck the 2 drivers, no need to delete them.

Okay I did everything suggested at the moment, So now I have to wait and see if i Blue screen again. I'll keep you posted with in 24hrs. Thank you everyone

 

[ctshirk]

i think autoruns was from the sysinternals website and written by Mark Russinovich
I think microsoft bought the company and Mark works for them.
(he developed the first rootkit and release it, i think)

I use the 64 bit version of autoruns and I don't see the path you mention. Sounds like a issue with the 32bit version.

When I run AutoRun and right-click the drivers mention and then properties i get Windows cannot find C:\windows\sysnative\drivers\xtuacoudrivers.sys'
if use process explorer i get process explorer from sysinternals is not running and not in path way

That's an AutoRuns bug. Notice the path it shows in the error message. It will be something like C:\Windows\SysNative

SysNative is the name of the company who made AutoRuns. The actual path to the driver is listed to the right. Just uncheck the 2 drivers, no need to delete them.

Okay I did everything suggested at the moment, So now I have to wait and see if i Blue screen again. I'll keep you posted with in 24hrs. Thank you everyone

I had the Windows 8.1 x64 then upgraded to Windows 10 x64 so i dont know what that is about

 

[gardenman]

i think autoruns was from the sysinternals website and written by Mark Russinovich
I think microsoft bought the company and Mark works for them.
(he developed the first rootkit and release it, i think)

I use the 64 bit version of autoruns and I don't see the path you mention. Sounds like a issue with the 32bit version.

You're right, it was "SysInternals", not SysNative as I thought. Anyway, I'm using the 64-bit version and it's bugged. Go to the drivers tab, right click on any driver and choose Properties. It will say it can't find the file. It's looking for the file in C:\windows\sysnative\drivers\... when it should be looking in C:\windows\system32\drivers\... It only does this when trying to look at the Properties so it's not a big deal, you can still enable/disable drivers.

 

[johnbl]

never notice that before. guess is it by design implemented in vista and later versions of windows.
http://www.samlogic.net/articles/sysnative-folder-64-bit-windows.htm

i think autoruns was from the sysinternals website and written by Mark Russinovich
I think microsoft bought the company and Mark works for them.
(he developed the first rootkit and release it, i think)

I use the 64 bit version of autoruns and I don't see the path you mention. Sounds like a issue with the 32bit version.

You're right, it was "SysInternals", not SysNative as I thought. Anyway, I'm using the 64-bit version and it's bugged. Go to the drivers tab, right click on any driver and choose Properties. It will say it can't find the file. It's looking for the file in C:\windows\sysnative\drivers\... when it should be looking in C:\windows\system32\drivers\... It only does this when trying to look at the Properties so it's not a big deal, you can still enable/disable drivers.

 

[gardenman]

never notice that before. guess is it by design implemented in vista and later versions of windows.
http://www.samlogic.net/articles/sysnative-folder-64-bit-windows.htm

I see, I tried it in the 32-bit version and it worked. The properties dialog did say C:\Windows\SysNative\... but it still worked correctly. So Mr. Russinovich should have used "System32" in the 64-bit version rather than "SysNative" as he done correctly in the 32-bit version. What a confusing mess Microsoft has made... once again.

...back on topic: ctshirk if you get any more crashes let us know and upload the dump files.

 

[johnbl]

more likely they are just GetWindowsDirectory Windows API and it returns the result and the program just uses what it is given. 32 bit windows would not have the virtual directory.

it is just a design so app vendors would not need to provide a 32 bit and 64 bit version.
while they complete the process of making app changes. Just many app vendors left the 32 bit subsystem because it was good enough for their needs.

never notice that before. guess is it by design implemented in vista and later versions of windows.
http://www.samlogic.net/articles/sysnative-folder-64-bit-windows.htm

I see, I tried it in the 32-bit version and it worked. The properties dialog did say C:\Windows\SysNative\... but it still worked correctly. So Mr. Russinovich should have used "System32" in the 64-bit version rather than "SysNative" as he done correctly in the 32-bit version. What a confusing mess Microsoft has made... once again.

...back on topic: ctshirk if you get any more crashes let us know and upload the dump files.

 

[ctshirk]

its been just over 24/7 hours and have yet to BSOD . Thank you guys!!! I'll post again if there is an issue but finger crossed.

 

[ctshirk]

Talk about jumping the gun. It just BSOD i have uploaded the new .dmp as 111118-32093-01.dmp Thank you
Same link as the Original on i first listed

 

[ctshirk]

never notice that before. guess is it by design implemented in vista and later versions of windows.
http://www.samlogic.net/articles/sysnative-folder-64-bit-windows.htm

I see, I tried it in the 32-bit version and it worked. The properties dialog did say C:\Windows\SysNative\... but it still worked correctly. So Mr. Russinovich should have used "System32" in the 64-bit version rather than "SysNative" as he done correctly in the 32-bit version. What a confusing mess Microsoft has made... once again.

...back on topic: ctshirk if you get any more crashes let us know and upload the dump files.

It just BSOD i have uploaded the new .dmp as 111118-32093-01.dmp
Same link as the Original on i first listed
Thank You!

 

[johnbl]

system bugchecked because of a double fault. this means the system had a problem, then the code that was suspose to handle the problem also had a problem. generally you see this with overheating problems, overclocking or voltage issues to the cpu. since you have a overclock driver installed, you should remove it and see if you still get the problem:
: Intel extreme tuning BIOS interface driver
\SystemRoot\System32\drivers\XtuAcpiDriver.sys Thu Feb 26 04:51:57 2015

the code that originally crashed was in networking code but I would ignore that for now.

you should see if you can also update the motherboard sound driver from the motherboard vendor.
\SystemRoot\system32\drivers\RTKVHD64.sys Thu Jan 5 02:19:52 2017
(there was a fix in aug of 2017 that fixed some conflict with graphics drivers)

you could also check the fans, monitor temps but I would start with the overclocking driver.
system was up for 1 day 20 hours

never notice that before. guess is it by design implemented in vista and later versions of windows.
http://www.samlogic.net/articles/sysnative-folder-64-bit-windows.htm

I see, I tried it in the 32-bit version and it worked. The properties dialog did say C:\Windows\SysNative\... but it still worked correctly. So Mr. Russinovich should have used "System32" in the 64-bit version rather than "SysNative" as he done correctly in the 32-bit version. What a confusing mess Microsoft has made... once again.

...back on topic: ctshirk if you get any more crashes let us know and upload the dump files.

It just BSOD i have uploaded the new .dmp as 111118-32093-01.dmp
Same link as the Original on i first listed
Thank You!

 

[ctshirk]

system bugchecked because of a double fault. this means the system had a problem, then the code that was suspose to handle the problem also had a problem. generally you see this with overheating problems, overclocking or voltage issues to the cpu. since you have a overclock driver installed, you should remove it and see if you still get the problem:
: Intel extreme tuning BIOS interface driver
\SystemRoot\System32\drivers\XtuAcpiDriver.sys Thu Feb 26 04:51:57 2015

the code that originally crashed was in networking code but I would ignore that for now.

you should see if you can also update the motherboard sound driver from the motherboard vendor.
\SystemRoot\system32\drivers\RTKVHD64.sys Thu Jan 5 02:19:52 2017
(there was a fix in aug of 2017 that fixed some conflict with graphics drivers)

you could also check the fans, monitor temps but I would start with the overclocking driver.
system was up for 1 day 20 hours

never notice that before. guess is it by design implemented in vista and later versions of windows.
http://www.samlogic.net/articles/sysnative-folder-64-bit-windows.htm

I see, I tried it in the 32-bit version and it worked. The properties dialog did say C:\Windows\SysNative\... but it still worked correctly. So Mr. Russinovich should have used "System32" in the 64-bit version rather than "SysNative" as he done correctly in the 32-bit version. What a confusing mess Microsoft has made... once again.

...back on topic: ctshirk if you get any more crashes let us know and upload the dump files.

It just BSOD i have uploaded the new .dmp as 111118-32093-01.dmp
Same link as the Original on i first listed
Thank You!

looking into it but it crashed as i was doing so. file name 111218-26968-01.dmp