[SOLVED] Need help proving my CPU is causing BSOD

Page 2 - Seeking answers? Join the Tom's Hardware community: where nearly two million members share solutions and discuss the latest tech.
@johnbl My computer is stuck into a constant BSOD mode right after login it gets a SYSTEM REFERENCE EXCEPTION. I am able to boot into Safe Mode to grab these logs but cannot login to normal mode without the BSOD happening

https://drive.google.com/file/d/1zjwAp2cDbV9Wd2WgUoXCmseKScVF7k3j/view?usp=sharing
bugcheck is coming out of wow64 while running samsungmagician.exe

are you running 32 bit versions of these tools?
I would wipe windows and install from a clean image.
you might be able to recover if you do a windows repair install.
looks like you have a current bios update with all of the old amd support files.
the amd files need to match your bios version. You have to remove them all before you install the current versions.

best to wipe the system, install windows again, apply windows updates and current version of amd chipset drivers for 64 bit windows from your motherboard vendor.

all of your bugchecks are in 32 bit emulation of windows
the 32 bit emulation is all in usermode, that means what ever is running has access to the internals of the emulator. these files should be saved to C:\Windows\SysWOW64 directory. I am not sure windows driver store will restore them at reboot if you delete the files. (or if the driver store also has been modified)

you might be able to boot, if you go into safe mode and wipe out the wow64 bit emulator and reboot and allow windows to self repair. maybe run the
dism.exe /online /cleanup-image /restorehealth
command in safe mode with networking.
(if it will work)
 
Last edited:

effektz

Commendable
Jul 15, 2019
60
0
1,540
1
bugcheck is coming out of wow64 while running samsungmagician.exe

are you running 32 bit versions of these tools?
I would wipe windows and install from a clean image.
you might be able to recover if you do a windows repair install.
looks like you have a current bios update with all of the old amd support files.
the amd files need to match your bios version. You have to remove them all before you install the current versions.

best to wipe the system, install windows again, apply windows updates and current version of amd chipset drivers for 64 bit windows from your motherboard vendor.

all of your bugchecks are in 32 bit emulation of windows
the 32 bit emulation is all in usermode, that means what ever is running has access to the internals of the emulator. these files should be saved to C:\Windows\SysWOW64 directory. I am not sure windows driver store will restore them at reboot if you delete the files. (or if the driver store also has been modified)

you might be able to boot, if you go into safe mode and wipe out the wow64 bit emulator and reboot and allow windows to self repair. maybe run the
dism.exe /online /cleanup-image /restorehealth
command in safe mode with networking.
(if it will work)
I was able to uninstall SamsungMagician and the BSOD loop stopped. Everything I have downloaded has said 64 bit so I am not sure why things would be 32 bit emulation. Even the drivers when I download them I chose the 64 bit option. I will try what you suggested and wipe out the wow64 emulator.

Curious though, I did a fresh windows install and have downloaded mainly only drivers and google chrome but still seem to get these BSOD. Is there a scenario where the CPU may think everything is 32bit that may lead to these? Just wondering for curiousity
 

effektz

Commendable
Jul 15, 2019
60
0
1,540
1
@johnbl I was not able to delete the WOW64 folder (windows would not allow me). So I was trying to update the LAN driver that I got straight from Gigabyte website. Windows 10 64bit version. When trying to install, I got a BSOD. Here is the dump file:

https://drive.google.com/file/d/1zZAL3FV-OZ8VyUxZg0RaPLdE11djaLcv/view?usp=sharing

I then went into Safe Mode and tried installing there as well. I got the Intel one to install i think but then it BSOD on the install of the APU driver which was also Downloaded from Gigabyte website. Windows 10 64bit version. I am working on that upload now and will post link shortly.
 
I assume you have 32 bit malware running.
most likely coming from this locations:
c:\user\jlewa\appdata\locat\temp\7zs14fd.tmp\instupd.exe

this program is running out of wow64 subsystem , running 12 threads
one thread has a corrupted stack, the raw stack looks like it called a c runtime to set a memory range. The memory range being set belongs to kernelbase
one of the system files.

real version of instupd.exe (avast antivirus scanner) runs out of C: \ Program Files \ Avast Software \ Avast \ setup directory

malware code came out in 2010 that shows how to load malware out of windows 32 and push it into windows 64 code to avoid malware scanners. windows 10 tried to make a change to block this type of attack and I think the malware must be causing bugchecks now.

appdata is a hidden directory on your system but you can go and delete the file. problem is you have other files that are suspect.
since I don't really work on malware and rarely on the windows subsystems I don't really know what a good fix would be other than a reinstall of windows.

the name of the .exe is the same name of some antivirus software but I would not think they would run out of a hidden temp directory. more likely malware trying to hide by as a malware scanner name.

here is some general info on 32 bit attacks:
Ten years later, malware authors are still abusing 'Heaven's Gate' technique | ZDNet
 
Last edited:
Reactions: Mandark
And all this could’ve been solved with the format and reinstall 😆

Shows you how good Avast is. 😂

I was following this thread for a while and a long time ago I came to the conclusion that you should format the drive and reinstall windows and if you just did that and nothing else and the problem went away then you would know your system before was f’ed up and not install any of those things that you installed to get it infected. And we knew it was an infection because replacing drivers had zero effect.

And what the OP should do is keep a good back up at all times of their data and be ready to format and reinstall when major problems happen. Or just restore your back up

By doing so you will bypass all the trial and error by ruling out the operating system in the first place and the hardware

But whatever whenever I ask somebody to reinstall fresh they always cry and say they can’t because they don’t feel like it and this is what you end up with. And the OP should be extremely grateful to the people that put forth an effort to find out that it was malware. Even though that was one of my first guesses
 
Last edited:

effektz

Commendable
Jul 15, 2019
60
0
1,540
1
And all this could’ve been solved with the format and reinstall 😆

Shows you how good Avast is. 😂

I was following this thread for a while and a long time ago I came to the conclusion that you should format the drive and reinstall windows and if you just did that and nothing else and the problem went away then you would know your system before was f’ed up and not install any of those things that you installed to get it infected. And we knew it was an infection because replacing drivers had zero effect.

And what the OP should do is keep a good back up at all times of their data and be ready to format and reinstall when major problems happen. Or just restore your back up

By doing so you will bypass all the trial and error by ruling out the operating system in the first place and the hardware

But whatever whenever I ask somebody to reinstall fresh they always cry and say they can’t because they don’t feel like it and this is what you end up with. And the OP should be extremely grateful to the people that put forth an effort to find out that it was malware. Even though that was one of my first guesses
In my original post, where listed all the things I have tried, I specifically listed
  • Reinstalled Windows 10 (3 times now)
I have also bought a brand new SSD and installed a fresh version of windows on that. So I have done that many times. I am grateful to @johnbl for all his help, I hope it is truly malware. I will try reinstalling windows again using the clean windows install process guide that is on this forum and see if I still get the BSOD.
 

effektz

Commendable
Jul 15, 2019
60
0
1,540
1
Also @johnbl when I went into that temp folder location, this looks like the files for AutoRuns that I downloaded from the link you sent me. I noticed the other folders starting with 7zs all have the instupd.exe in them and they seem to be the drivers that I downloaded from AMD and gigabyte website. I will still do a clean windows install but wanted to let you know in case it provides a clue
 
Also @johnbl when I went into that temp folder location, this looks like the files for AutoRuns that I downloaded from the link you sent me. I noticed the other folders starting with 7zs all have the instupd.exe in them and they seem to be the drivers that I downloaded from AMD and gigabyte website. I will still do a clean windows install but wanted to let you know in case it provides a clue
it might be helpful to know if you have the same issues if you create a different local user account on your machine and reboot and log into it.

you can do this by using the ui or by starting cmd.exe as and admin
then running the command like
net.exe /user usernamex passwordx /add
net localgroup administrators usernamex /add

where you provide the usernameX and the passwordX
the second command adds the usernamex to the local machine list of admins
then you would reboot and log on to the new local admin account called usernamex

see if the machine has problems, it would indicate that the default profile has been modified. if the machine seems to work then you would run a virus scan and see if it picks up malware saved on your machine.
from what I read, the virus scanners don't pick up variants of this infection that are active on the machine at the time. (bypasses the scanner)

Also, I see a lot of people that are recommending that people running games and have stuttering problems to turn off the new windows functions that block this type of infection.

it would be nice to know if a virus scanner would find malware or issues in stored profiles on your machine.

creating a local account would also help make sure that files are not being saved on a cloud account and re downloaded.
 
Also @johnbl when I went into that temp folder location, this looks like the files for AutoRuns that I downloaded from the link you sent me. I noticed the other folders starting with 7zs all have the instupd.exe in them and they seem to be the drivers that I downloaded from AMD and gigabyte website. I will still do a clean windows install but wanted to let you know in case it provides a clue
instupd.exe (install update) is a pretty common name. it does look like gigabyte app center uses this name and those directory.
ie it might not be malware but some kind of bug with their tool.
I would avoid leaving it installed if you have to use it at all.

What is InstUpd.exe ? InstUpd.exe info (processchecker.com)

would also be interesting to know if .NET Framework 4.5
is installed and updated on the machine before the gigabyte app center was running.
just looking at the gigabyte utilities requirements and updates for app center version dated 2022/05/05 :
Utility | Service / Support - GIGABYTE Global
 
Last edited:

effektz

Commendable
Jul 15, 2019
60
0
1,540
1
instupd.exe (install update) is a pretty common name. it does look like gigabyte app center uses this name and those directory.
ie it might not be malware but some kind of bug with their tool.
I would avoid leaving it installed if you have to use it at all.

What is InstUpd.exe ? InstUpd.exe info (processchecker.com)
I will try first setting up another local account and try to BSOD the computer. I will change to complete dump so if I do I can give you everything. Then if I do I will try to run a malware scan and virus scan. Note: I don’t have Avast virus scanner unless it comes by default with windows.

while I do that, I deleted all the temp folders and their files that started with 7sw and was able to BSOD the computer. Here is the link for that dump:

https://drive.google.com/file/d/1sUcpfXHE89U5cMrIWgwQwnLbwZuQlnrA/view?usp=drivesdk
 
I will try first setting up another local account and try to BSOD the computer. I will change to complete dump so if I do I can give you everything. Then if I do I will try to run a malware scan and virus scan. Note: I don’t have Avast virus scanner unless it comes by default with windows.

while I do that, I deleted all the temp folders and their files that started with 7sw and was able to BSOD the computer. Here is the link for that dump:

https://drive.google.com/file/d/1sUcpfXHE89U5cMrIWgwQwnLbwZuQlnrA/view?usp=drivesdk
i added a edit to the last post: take a quick look.
 
ok, looked at the memory dump. much cleaner dump.
it looks like you were running a game
the game was running unity
unity called mon0_2_0_bdwgc!mono_os_sem_post
this called into kernelbase!releaseSemaphore
this is where problems start and the system crashes.
when I look at kernelbase I can see 10 changes in the code that the debugger thinks should not be there. I can then look at what the debugger indicates the code should be and I see that some pointer indexes have been changed and the changed code is run before the system crashes.

so I would just blame it on what ever modified kernelbase.dll file
maybe a unmodified version would work.
ie maybe you can copy the file from another computer and replace it. I think your ntdll.dll was modified also.

if you reinstall, do not run any of the app center utility tools. it could have done something stupid like making changes to the 32 bit windows files so it could run its 64 bit utilities like a gpu accelerator.
 
Last edited:

effektz

Commendable
Jul 15, 2019
60
0
1,540
1
start cmd.exe as an admin then run
cd c:\
dir /s kernelbase.dll

and look at the list of files. see if a local copy is in your mankindremastered directory.
Sorry have not been able to do the other things yet. Will get to those later tonight but here is what came out after running that command

Code:
 Directory of c:\ProgramData\Dbg\sym

05/26/2022  02:20 PM    <DIR>          KERNELBASE.dll
               0 File(s)              0 bytes

 Directory of c:\ProgramData\Dbg\sym\KERNELBASE.dll\458ACB5B2cd000

05/26/2022  02:20 PM         2,946,640 KERNELBASE.dll
               1 File(s)      2,946,640 bytes

 Directory of c:\Users\All Users\Dbg\sym

05/26/2022  02:20 PM    <DIR>          KERNELBASE.dll
               0 File(s)              0 bytes

 Directory of c:\Users\All Users\Dbg\sym\KERNELBASE.dll\458ACB5B2cd000

05/26/2022  02:20 PM         2,946,640 KERNELBASE.dll
               1 File(s)      2,946,640 bytes

 Directory of c:\Windows\System32

05/13/2022  09:38 AM         2,946,624 KernelBase.dll
               1 File(s)      2,946,624 bytes

 Directory of c:\Windows\SysWOW64

05/13/2022  09:38 AM         2,200,768 KernelBase.dll
               1 File(s)      2,200,768 bytes

 Directory of c:\Windows\WinSxS\amd64_microsoft-windows-kernelbase_31bf3856ad364e35_10.0.19041.1202_none_9bc2a53d69ca6835

10/06/2021  08:51 AM         2,923,944 KernelBase.dll
               1 File(s)      2,923,944 bytes

 Directory of c:\Windows\WinSxS\amd64_microsoft-windows-kernelbase_31bf3856ad364e35_10.0.19041.1202_none_9bc2a53d69ca6835\f

10/06/2021  08:51 AM           121,217 KernelBase.dll
               1 File(s)        121,217 bytes

 Directory of c:\Windows\WinSxS\amd64_microsoft-windows-kernelbase_31bf3856ad364e35_10.0.19041.1202_none_9bc2a53d69ca6835\r

10/06/2021  08:51 AM           121,422 KernelBase.dll
               1 File(s)        121,422 bytes

 Directory of c:\Windows\WinSxS\amd64_microsoft-windows-kernelbase_31bf3856ad364e35_10.0.19041.1682_none_9b9f67dd69e3a2b1

05/02/2022  10:30 PM         2,946,640 KernelBase.dll
               1 File(s)      2,946,640 bytes

 Directory of c:\Windows\WinSxS\amd64_microsoft-windows-kernelbase_31bf3856ad364e35_10.0.19041.1682_none_9b9f67dd69e3a2b1\f

04/23/2022  12:33 AM           137,010 KernelBase.dll
               1 File(s)        137,010 bytes

 Directory of c:\Windows\WinSxS\amd64_microsoft-windows-kernelbase_31bf3856ad364e35_10.0.19041.1682_none_9b9f67dd69e3a2b1\r

04/23/2022  12:34 AM           126,295 KernelBase.dll
               1 File(s)        126,295 bytes

 Directory of c:\Windows\WinSxS\amd64_microsoft-windows-kernelbase_31bf3856ad364e35_10.0.19041.1706_none_9b8c3a8169f35a6e

05/13/2022  09:38 AM         2,946,624 KernelBase.dll
               1 File(s)      2,946,624 bytes

 Directory of c:\Windows\WinSxS\amd64_microsoft-windows-kernelbase_31bf3856ad364e35_10.0.19041.1706_none_9b8c3a8169f35a6e\f

05/02/2022  10:10 AM           137,113 KernelBase.dll
               1 File(s)        137,113 bytes

 Directory of c:\Windows\WinSxS\amd64_microsoft-windows-kernelbase_31bf3856ad364e35_10.0.19041.1706_none_9b8c3a8169f35a6e\r

05/02/2022  10:10 AM           126,263 KernelBase.dll
               1 File(s)        126,263 bytes

 Directory of c:\Windows\WinSxS\wow64_microsoft-windows-kernelbase_31bf3856ad364e35_10.0.19041.1288_none_a61ec92f9e248eae

10/06/2021  08:52 AM         2,183,240 KernelBase.dll
               1 File(s)      2,183,240 bytes

 Directory of c:\Windows\WinSxS\wow64_microsoft-windows-kernelbase_31bf3856ad364e35_10.0.19041.1288_none_a61ec92f9e248eae\f

10/06/2021  08:51 AM            99,560 KernelBase.dll
               1 File(s)         99,560 bytes

 Directory of c:\Windows\WinSxS\wow64_microsoft-windows-kernelbase_31bf3856ad364e35_10.0.19041.1288_none_a61ec92f9e248eae\r

10/06/2021  08:51 AM            97,674 KernelBase.dll
               1 File(s)         97,674 bytes

 Directory of c:\Windows\WinSxS\wow64_microsoft-windows-kernelbase_31bf3856ad364e35_10.0.19041.1682_none_a5f4122f9e4464ac

05/02/2022  10:30 PM         2,200,768 KernelBase.dll
               1 File(s)      2,200,768 bytes

 Directory of c:\Windows\WinSxS\wow64_microsoft-windows-kernelbase_31bf3856ad364e35_10.0.19041.1682_none_a5f4122f9e4464ac\f

04/22/2022  11:21 PM           111,265 KernelBase.dll
               1 File(s)        111,265 bytes

 Directory of c:\Windows\WinSxS\wow64_microsoft-windows-kernelbase_31bf3856ad364e35_10.0.19041.1682_none_a5f4122f9e4464ac\r

04/22/2022  11:22 PM            99,492 KernelBase.dll
               1 File(s)         99,492 bytes

 Directory of c:\Windows\WinSxS\wow64_microsoft-windows-kernelbase_31bf3856ad364e35_10.0.19041.1706_none_a5e0e4d39e541c69

05/13/2022  09:38 AM         2,200,768 KernelBase.dll
               1 File(s)      2,200,768 bytes

 Directory of c:\Windows\WinSxS\wow64_microsoft-windows-kernelbase_31bf3856ad364e35_10.0.19041.1706_none_a5e0e4d39e541c69\f

05/01/2022  11:33 AM           112,823 KernelBase.dll
               1 File(s)        112,823 bytes

 Directory of c:\Windows\WinSxS\wow64_microsoft-windows-kernelbase_31bf3856ad364e35_10.0.19041.1706_none_a5e0e4d39e541c69\r

05/01/2022  11:34 AM           100,842 KernelBase.dll
               1 File(s)        100,842 bytes

     Total Files Listed:
              22 File(s)     27,833,632 bytes
               2 Dir(s)  793,681,440,768 bytes free
 
Sorry have not been able to do the other things yet. Will get to those later tonight but here is what came out after running that command

Code:
Directory of c:\ProgramData\Dbg\sym

05/26/2022  02:20 PM    <DIR>          KERNELBASE.dll
               0 File(s)              0 bytes

Directory of c:\ProgramData\Dbg\sym\KERNELBASE.dll\458ACB5B2cd000

05/26/2022  02:20 PM         2,946,640 KERNELBASE.dll
               1 File(s)      2,946,640 bytes

Directory of c:\Users\All Users\Dbg\sym

05/26/2022  02:20 PM    <DIR>          KERNELBASE.dll
               0 File(s)              0 bytes

Directory of c:\Users\All Users\Dbg\sym\KERNELBASE.dll\458ACB5B2cd000

05/26/2022  02:20 PM         2,946,640 KERNELBASE.dll
               1 File(s)      2,946,640 bytes

Directory of c:\Windows\System32

05/13/2022  09:38 AM         2,946,624 KernelBase.dll
               1 File(s)      2,946,624 bytes

Directory of c:\Windows\SysWOW64

05/13/2022  09:38 AM         2,200,768 KernelBase.dll
               1 File(s)      2,200,768 bytes

Directory of c:\Windows\WinSxS\amd64_microsoft-windows-kernelbase_31bf3856ad364e35_10.0.19041.1202_none_9bc2a53d69ca6835

10/06/2021  08:51 AM         2,923,944 KernelBase.dll
               1 File(s)      2,923,944 bytes

Directory of c:\Windows\WinSxS\amd64_microsoft-windows-kernelbase_31bf3856ad364e35_10.0.19041.1202_none_9bc2a53d69ca6835\f

10/06/2021  08:51 AM           121,217 KernelBase.dll
               1 File(s)        121,217 bytes

Directory of c:\Windows\WinSxS\amd64_microsoft-windows-kernelbase_31bf3856ad364e35_10.0.19041.1202_none_9bc2a53d69ca6835\r

10/06/2021  08:51 AM           121,422 KernelBase.dll
               1 File(s)        121,422 bytes

Directory of c:\Windows\WinSxS\amd64_microsoft-windows-kernelbase_31bf3856ad364e35_10.0.19041.1682_none_9b9f67dd69e3a2b1

05/02/2022  10:30 PM         2,946,640 KernelBase.dll
               1 File(s)      2,946,640 bytes

Directory of c:\Windows\WinSxS\amd64_microsoft-windows-kernelbase_31bf3856ad364e35_10.0.19041.1682_none_9b9f67dd69e3a2b1\f

04/23/2022  12:33 AM           137,010 KernelBase.dll
               1 File(s)        137,010 bytes

Directory of c:\Windows\WinSxS\amd64_microsoft-windows-kernelbase_31bf3856ad364e35_10.0.19041.1682_none_9b9f67dd69e3a2b1\r

04/23/2022  12:34 AM           126,295 KernelBase.dll
               1 File(s)        126,295 bytes

Directory of c:\Windows\WinSxS\amd64_microsoft-windows-kernelbase_31bf3856ad364e35_10.0.19041.1706_none_9b8c3a8169f35a6e

05/13/2022  09:38 AM         2,946,624 KernelBase.dll
               1 File(s)      2,946,624 bytes

Directory of c:\Windows\WinSxS\amd64_microsoft-windows-kernelbase_31bf3856ad364e35_10.0.19041.1706_none_9b8c3a8169f35a6e\f

05/02/2022  10:10 AM           137,113 KernelBase.dll
               1 File(s)        137,113 bytes

Directory of c:\Windows\WinSxS\amd64_microsoft-windows-kernelbase_31bf3856ad364e35_10.0.19041.1706_none_9b8c3a8169f35a6e\r

05/02/2022  10:10 AM           126,263 KernelBase.dll
               1 File(s)        126,263 bytes

Directory of c:\Windows\WinSxS\wow64_microsoft-windows-kernelbase_31bf3856ad364e35_10.0.19041.1288_none_a61ec92f9e248eae

10/06/2021  08:52 AM         2,183,240 KernelBase.dll
               1 File(s)      2,183,240 bytes

Directory of c:\Windows\WinSxS\wow64_microsoft-windows-kernelbase_31bf3856ad364e35_10.0.19041.1288_none_a61ec92f9e248eae\f

10/06/2021  08:51 AM            99,560 KernelBase.dll
               1 File(s)         99,560 bytes

Directory of c:\Windows\WinSxS\wow64_microsoft-windows-kernelbase_31bf3856ad364e35_10.0.19041.1288_none_a61ec92f9e248eae\r

10/06/2021  08:51 AM            97,674 KernelBase.dll
               1 File(s)         97,674 bytes

Directory of c:\Windows\WinSxS\wow64_microsoft-windows-kernelbase_31bf3856ad364e35_10.0.19041.1682_none_a5f4122f9e4464ac

05/02/2022  10:30 PM         2,200,768 KernelBase.dll
               1 File(s)      2,200,768 bytes

Directory of c:\Windows\WinSxS\wow64_microsoft-windows-kernelbase_31bf3856ad364e35_10.0.19041.1682_none_a5f4122f9e4464ac\f

04/22/2022  11:21 PM           111,265 KernelBase.dll
               1 File(s)        111,265 bytes

Directory of c:\Windows\WinSxS\wow64_microsoft-windows-kernelbase_31bf3856ad364e35_10.0.19041.1682_none_a5f4122f9e4464ac\r

04/22/2022  11:22 PM            99,492 KernelBase.dll
               1 File(s)         99,492 bytes

Directory of c:\Windows\WinSxS\wow64_microsoft-windows-kernelbase_31bf3856ad364e35_10.0.19041.1706_none_a5e0e4d39e541c69

05/13/2022  09:38 AM         2,200,768 KernelBase.dll
               1 File(s)      2,200,768 bytes

Directory of c:\Windows\WinSxS\wow64_microsoft-windows-kernelbase_31bf3856ad364e35_10.0.19041.1706_none_a5e0e4d39e541c69\f

05/01/2022  11:33 AM           112,823 KernelBase.dll
               1 File(s)        112,823 bytes

Directory of c:\Windows\WinSxS\wow64_microsoft-windows-kernelbase_31bf3856ad364e35_10.0.19041.1706_none_a5e0e4d39e541c69\r

05/01/2022  11:34 AM           100,842 KernelBase.dll
               1 File(s)        100,842 bytes

     Total Files Listed:
              22 File(s)     27,833,632 bytes
               2 Dir(s)  793,681,440,768 bytes free
did not see anything useful. was looking for windows dlls running out of some strange directory.
 

effektz

Commendable
Jul 15, 2019
60
0
1,540
1
@johnbl I created another local account and the computer still BSOD with same exception. I tried uploading but it failed because computer had another one happen. So I just completely wiped the HD and re-installed windows. Got it all loaded up, only downloaded the game, and once I played it, it BSOD again. Here is the latest dump for that. I did not update any drivers or anything yet as I wanted to see if it still pointed to the same area you thought might of been malware. Let me know if you find anything useful

https://drive.google.com/file/d/1VWmEQW4gofUaY026IklqT8tnIqCJPxHd/view?usp=sharing


EDIT: While waiting for the file to upload to my Google Drive, I got another BSOD for REFERENCE BY POINTER. I am trying to upload that and will edit when I am able to
 
try booting in safe mode and delete this file:
C:\Users\jlewa\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileCoAuth.exe

then reboot and let microsoft get another copy.
------------
the bugchecks show this running on 4 cpu cores then one core told the cpu to flush its buffers and another core called a bugcheck. everything was running in wowsys64

your core windows files looked ok, you have updated network driver, and many added amd drivers.

your pci bus log indicated it went from a working state to a unknown state
you have several usb devices that are in high powered state but waiting to wake up (strange, connected to a suspended hub?)

here is the list of amd drivers installed. (I assume you installed these)
generally any file with a date was not built by microsoft. So all of the files were added except one was installed by windows amdppm.sys (the amd primary processor module) I do not have a amd system so I do not know if you have to install all of these drivers. you might remove them and see if the system boots and runs. you also have a amd crash defender service running

\SystemRoot\System32\drivers\amdfendr.sys Thu Dec 9 21:13:07 2021 (61B2E1E3)
\SystemRoot\System32\drivers\amdfendrmgr.sys Thu Dec 9 21:13:20 2021 (61B2E1F0)
\SystemRoot\System32\drivers\amdgpio2.sys Wed Mar 11 04:15:48 2020 (5E68C864)
\SystemRoot\System32\DriverStore\FileRepository\u0379219.inf_amd64_3649648678001de4\B378972\amdkmdag.sys Thu Apr 28 00:42:25 2022 (626A4561)
\SystemRoot\System32\drivers\AMDPCIDev.sys Tue Feb 15 22:06:21 2022 (620C945D)
\SystemRoot\System32\drivers\amdppm.sys 445C7121 (This is a reproducible build file hash, not a timestamp)
SystemRoot\System32\drivers\amdpsp.sys Wed Jan 26 14:34:00 2022 (61F1CC58)
\SystemRoot\System32\drivers\amdxe.sys Mon Aug 16 08:48:56 2021 (611A88E8)
AtihdWT6 \SystemRoot\system32\drivers\AtihdWT6.sys Wed Oct 27 14:14:10 2021 (6179C122)

all of the minidumps showed your game running then a corrupted stack at the time of the bugcheck
(no corrupted windows files)

I would look to see if the amd drivers match your bios version. based on the dates I think you may have installed outdated chipset drivers.
most likely the bios is current, the microsoft provided driver is current.

is this where you got your drivers from:
https://www.amd.com/en/support/chipsets/amd-socket-am4/x570
x570 motherboard with Ryzen 7 3700X cpu
version 4.03.03.431 dated 3/14/2022

or from here:
https://www.gigabyte.com/Motherboard/X570-AORUS-ELITE-rev-10/support#support-dl-driver-chipset
version 3.10.22.706 dated 2022/04/08
 
Last edited:

effektz

Commendable
Jul 15, 2019
60
0
1,540
1
try booting in safe mode and delete this file:
C:\Users\jlewa\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileCoAuth.exe

then reboot and let microsoft get another copy.
------------
the bugchecks show this running on 4 cpu cores then one core told the cpu to flush its buffers and another core called a bugcheck. everything was running in wowsys64

your core windows files looked ok, you have updated network driver, and many added amd drivers.

your pci bus log indicated it went from a working state to a unknown state
you have several usb devices that are in high powered state but waiting to wake up (strange, connected to a suspended hub?)

here is the list of amd drivers installed. (I assume you installed these)
generally any file with a date was not built by microsoft. So all of the files were added except one was installed by windows amdppm.sys (the amd primary processor module) I do not have a amd system so I do not know if you have to install all of these drivers. you might remove them and see if the system boots and runs. you also have a amd crash defender service running

\SystemRoot\System32\drivers\amdfendr.sys Thu Dec 9 21:13:07 2021 (61B2E1E3)
\SystemRoot\System32\drivers\amdfendrmgr.sys Thu Dec 9 21:13:20 2021 (61B2E1F0)
\SystemRoot\System32\drivers\amdgpio2.sys Wed Mar 11 04:15:48 2020 (5E68C864)
\SystemRoot\System32\DriverStore\FileRepository\u0379219.inf_amd64_3649648678001de4\B378972\amdkmdag.sys Thu Apr 28 00:42:25 2022 (626A4561)
\SystemRoot\System32\drivers\AMDPCIDev.sys Tue Feb 15 22:06:21 2022 (620C945D)
\SystemRoot\System32\drivers\amdppm.sys 445C7121 (This is a reproducible build file hash, not a timestamp)
SystemRoot\System32\drivers\amdpsp.sys Wed Jan 26 14:34:00 2022 (61F1CC58)
\SystemRoot\System32\drivers\amdxe.sys Mon Aug 16 08:48:56 2021 (611A88E8)
AtihdWT6 \SystemRoot\system32\drivers\AtihdWT6.sys Wed Oct 27 14:14:10 2021 (6179C122)

all of the minidumps showed your game running then a corrupted stack at the time of the bugcheck
(no corrupted windows files)

I would look to see if the amd drivers match your bios version. based on the dates I think you may have installed outdated chipset drivers.
most likely the bios is current, the microsoft provided driver is current.

is this where you got your drivers from:
https://www.amd.com/en/support/chipsets/amd-socket-am4/x570
x570 motherboard with Ryzen 7 3700X cpu
version 4.03.03.431 dated 3/14/2022

or from here:
https://www.gigabyte.com/Motherboard/X570-AORUS-ELITE-rev-10/support#support-dl-driver-chipset
version 3.10.22.706 dated 2022/04/08
I have tried both but with this fresh version of windows I installed I did not update any drivers at all. I will boot in safe mode and delete that file. Would AMD or Gigabyte be the best ones to get the drivers from? Here is the dump with the REFERENCE BY POINTER

https://drive.google.com/file/d/1OOKGmQYn6L9SEtIbesg3MYQiIRwo7Qpd/view?usp=sharing

-------------
Edit: I deleted the file but it was in the folder labeled "22.099.0508.0001". For my USB devices, I just have my Logitech Keyboard and mouse plugged into it. Before I had my Astro Gaming Headset plugged in which has a hub that is powered for bluetooth pairing. Does that need a driver at all?
 
Last edited:
I have tried both but with this fresh version of windows I installed I did not update any drivers at all. I will boot in safe mode and delete that file. Would AMD or Gigabyte be the best ones to get the drivers from? Here is the dump with the REFERENCE BY POINTER

https://drive.google.com/file/d/1OOKGmQYn6L9SEtIbesg3MYQiIRwo7Qpd/view?usp=sharing

-------------
Edit: I deleted the file but it was in the folder labeled "22.099.0508.0001". For my USB devices, I just have my Logitech Keyboard and mouse plugged into it. Before I had my Astro Gaming Headset plugged in which has a hub that is powered for bluetooth pairing. Does that need a driver at all?
normally you should get the drivers from the motherboard vendor. if those do not work you go to the chipset vendor.

microsoft \Windows\DeliveryOptimization is on.
you might want to go to settings -> activity monitor and see where you are getting your files from. (I get mine from microsoft not other computers on the internet or local network)

I looked at the memory dump, it is strange
I am not sure why there was a call to a DMA adapter while running edge. maybe turn off edge gpu hardware acceleration.
do you have some edge extensions installed?

the system bugcheck because the system was tracking access to an object, when the counter gets to zero it frees the object.
the object was free but then something released a handle and the counter became -1, there are still two more handles so the bugcheck was called. since the object was already free I just see a object pointing to address zero.
I would just focus on getting the amd chipset drivers updated and would not run the amd crash protection service.
I do see three duplicate objects before the crash.
maybe I can find the tag.

I would focus on getting the gigabyte chipset drivers installed and see if it has an effect.

SMBus / PCI\VEN_1022&DEV_790B
this driver is attached to the pci bus but is in an unknown state.
(part of the amd chipset drivers)

here is a log from one of the chipset drivers;
InstancePath is "PCI\VEN_1022&DEV_148A&SUBSYS_148A1022&REV_00\4&d573d7&0&0039"
ServiceName is "AMDPCIDev"
State = DeviceNodeStarted (0x308)
Previous State = DeviceNodeEnumerateCompletion (0x30d)
StateHistory[12] = DeviceNodeEnumerateCompletion (0x30d)
StateHistory[11] = DeviceNodeEnumeratePending (0x30c)
StateHistory[10] = DeviceNodeStarted (0x308)
StateHistory[09] = DeviceNodeEnumerateCompletion (0x30d)
StateHistory[08] = DeviceNodeEnumeratePending (0x30c)
StateHistory[07] = DeviceNodeStarted (0x308)
StateHistory[06] = DeviceNodeStartPostWork (0x307)
StateHistory[05] = DeviceNodeStartCompletion (0x306)
StateHistory[04] = DeviceNodeStartPending (0x305)
StateHistory[03] = DeviceNodeResourcesAssigned (0x304)
StateHistory[02] = DeviceNodeDriversAdded (0x303)
StateHistory[01] = DeviceNodeInitialized (0x302)
StateHistory[00] = DeviceNodeUninitialized (0x301)
StateHistory[19] = Unknown State (0x0)
StateHistory[18] = Unknown State (0x0)
StateHistory[17] = Unknown State (0x0)
StateHistory[16] = Unknown State (0x0)
StateHistory[15] = Unknown State (0x0)
StateHistory[14] = Unknown State (0x0)
StateHistory[13] = Unknown State (0x0)
Flags (0x6c000130) DNF_ENUMERATED, DNF_IDS_QUERIED,
DNF_NO_RESOURCE_REQUIRED, DNF_NO_LOWER_DEVICE_FILTERS,
DNF_NO_LOWER_CLASS_FILTERS, DNF_NO_UPPER_DEVICE_FILTERS,
DNF_NO_UPPER_CLASS_FILTERS
 
Last edited:

effektz

Commendable
Jul 15, 2019
60
0
1,540
1
normally you should get the drivers from the motherboard vendor. if those do not work you go to the chipset vendor.

microsoft \Windows\DeliveryOptimization is on.
you might want to go to settings -> activity monitor and see where you are getting your files from. (I get mine from microsoft not other computers on the internet or local network)

I looked at the memory dump, it is strange
I am not sure why there was a call to a DMA adapter while running edge. maybe turn off edge gpu hardware acceleration.
do you have some edge extensions installed?

the system bugcheck because the system was tracking access to an object, when the counter gets to zero it frees the object.
the object was free but then something released a handle and the counter became -1, there are still two more handles so the bugcheck was called. since the object was already free I just see a object pointing to address zero.
I would just focus on getting the amd chipset drivers updated and would not run the amd crash protection service.
I do see three duplicate objects before the crash.
maybe I can find the tag.

I would focus on getting the gigabyte chipset drivers installed and see if it has an effect.

SMBus / PCI\VEN_1022&DEV_790B
this driver is attached to the pci bus but is in an unknown state.
(part of the amd chipset drivers)

here is a log from one of the chipset drivers;
InstancePath is "PCI\VEN_1022&DEV_148A&SUBSYS_148A1022&REV_00\4&d573d7&0&0039"
ServiceName is "AMDPCIDev"
State = DeviceNodeStarted (0x308)
Previous State = DeviceNodeEnumerateCompletion (0x30d)
StateHistory[12] = DeviceNodeEnumerateCompletion (0x30d)
StateHistory[11] = DeviceNodeEnumeratePending (0x30c)
StateHistory[10] = DeviceNodeStarted (0x308)
StateHistory[09] = DeviceNodeEnumerateCompletion (0x30d)
StateHistory[08] = DeviceNodeEnumeratePending (0x30c)
StateHistory[07] = DeviceNodeStarted (0x308)
StateHistory[06] = DeviceNodeStartPostWork (0x307)
StateHistory[05] = DeviceNodeStartCompletion (0x306)
StateHistory[04] = DeviceNodeStartPending (0x305)
StateHistory[03] = DeviceNodeResourcesAssigned (0x304)
StateHistory[02] = DeviceNodeDriversAdded (0x303)
StateHistory[01] = DeviceNodeInitialized (0x302)
StateHistory[00] = DeviceNodeUninitialized (0x301)
StateHistory[19] = Unknown State (0x0)
StateHistory[18] = Unknown State (0x0)
StateHistory[17] = Unknown State (0x0)
StateHistory[16] = Unknown State (0x0)
StateHistory[15] = Unknown State (0x0)
StateHistory[14] = Unknown State (0x0)
StateHistory[13] = Unknown State (0x0)
Flags (0x6c000130) DNF_ENUMERATED, DNF_IDS_QUERIED,
DNF_NO_RESOURCE_REQUIRED, DNF_NO_LOWER_DEVICE_FILTERS,
DNF_NO_LOWER_CLASS_FILTERS, DNF_NO_UPPER_DEVICE_FILTERS,
DNF_NO_UPPER_CLASS_FILTERS
@johnbl I downloaded the chipset drivers from Gigabyte but I am getting a SYSTEM REFERENCE EXCEPTION BSOD when trying to install them. Here is the dump

https://drive.google.com/file/d/1o7rDEDtWJfnkfSZwnaxhlNUgevnI6VyJ/view?usp=sharing

Also I checked Activity Monitor and it said 100% Microsoft. Also I do not have any extensions for Edge. I have not installed anything since the clean install to make sure we can narrow this down
 
Last edited:
@johnbl I downloaded the chipset drivers from Gigabyte but I am getting a SYSTEM REFERENCE EXCEPTION BSOD when trying to install them. Here is the dump

https://drive.google.com/file/d/1o7rDEDtWJfnkfSZwnaxhlNUgevnI6VyJ/view?usp=sharing

Also I checked Activity Monitor and it said 100% Microsoft. Also I do not have any extensions for Edge. I have not installed anything since the clean install to make sure we can narrow this down
try to uninstall all of the current chipset drivers before you install the new ones. you mightg have to turn off plug and play before you uninstall them.
ie start cmd.exe as an admin then
net.exe stop "plug and play"

then go to windows control panel check for a uninstall amd chipset uninstaller in the uninstall programs. run it if there is one.
then try the install from gigabyte.

if that fails you would then google "how to remove drivers from the driverstore" for info on how to use pnputil to find and remove driver packages.

rebooting or
net.exe /start "plug and play"
will turn the plug and play system back on.
sometimes you remove the driver then plug and play detects the removal and 1 second later reinstalls the most current driver which is the one you just removed.
 
Last edited:

effektz

Commendable
Jul 15, 2019
60
0
1,540
1
try to uninstall all of the current chipset drivers before you install the new ones. you mightg have to turn off plug and play before you uninstall them.
ie start cmd.exe as an admin then
net.exe stop "plug and play"

then go to windows control panel check for a uninstall amd chipset uninstaller in the uninstall programs. run it if there is one.
then try the install from gigabyte.

if that fails you would then google "how to remove drivers from the driverstore" for info on how to use pnputil to find and remove driver packages.

rebooting or
net.exe /start "plug and play"
will turn the plug and play system back on.
sometimes you remove the driver then plug and play detects the removal and 1 second later reinstalls the most current driver which is the one you just removed.
ok just stopped the plug and play and went to uninstall the AMD Chipset drivers. I got a BsOD with KMODE EXCEPTION NOT HANDLED. Do you want me to zip those dumps and post the link? Should I try doing this in safe mode?
 
current bugcheck was in 32 bit subsystem, access violation
running instup.exe
checking files for modification now. will look to see where instup.exe is running from. in a few mins (debugger running very slow for some reason)
debugger indicates that the clr.dll has 229 modifications
clr is the .net common language run time
Common Language Runtime - Wikipedia

kernelbase reports 4 modifications
user32 reports 15 errors

instup.exe was running 16 threads on several cpu cored
all threads were running under 32 bit subsystem.
one thread caused the bugcheck
call before the bugchek was
wow64cpu!cpupsyscallstub

program was run out of
c:\users\jlewa\ appdata\local\temp\7zse7.tmp\instupd.exe
 
Last edited:

ASK THE COMMUNITY

TRENDING THREADS