Question Random BSOD, need help !!

[birdzzmg]

I have an annoying blue screen problem, I have the error files to show, since 04/24 it had 5 errors, before that it had happened on 03/23 but I don't have the files to show.



About 2 months ago I changed the processor, motherboard and memories and after about 10 days of use the blue screen started, on March 22/24, if I'm not mistaken. I thought it could be one of these components, but my PC always gave some blue screens randomly, usually when I played Valorant and closed the game and opened chrome to search for something, it did.



The last 3 blue screens occurred with me turning off windows, I closed the browser when I clicked Turn off the TURN OFF screen appeared and gave a blue screen, and this afternoon I just closed some chrome tabs and got the UNEXPECTED STORE EXPECTION error.



The errors are usually: MEMORY MANAGEMENT, PAGE FAULT IN NONPAGED AREA AND THE UNEXPECTED STORE EXCEPTION.



I've already run MEMTEST86 on both sticks, then 1 stick at a time in different slots, it didn't give an ERROR, I've already used the program that sees the health of the HD, it didn't give any error, only the health of my SSD that this windows it was below 60%, I don't know if that could be the cause of the problem.

I have already disabled XMP as well. And I updated the bios to the latest version.

I'm also having errors on google chrome: status_access_violation when I watch lives on twitch.

https://www.dropbox.com/sh/x52szuwom9lc2ct/AABoD-eJIaO_YMArfLr1DA6ma?dl=0


PC: Ryzen 5 5600, RTX 2060, 16GB 3200MHZ, MWE 450W 80 PLUS BRONZE, B450-M AORUS.

 

[birdzzmg]

Can someone help me plz? Just get another BSOD... PFN_LIST_CORRUPT

 

[johnbl]

looks like you have a driver corrupting memory.
best guess it is one of the drivers for bluestacks. (android emulator)
only way to prove the cause of the corruptions would to run verifier flags and force the system to bugcheck at the time of corruption rather than when a second driver is effected.
if you turn on verifier be sure you know how to get into safe mode and know how to turn it back off by running verifier.exe /reset

or you could just uninstall bluestacks and see if the problem goes away

 

[birdzzmg]

I uninstalled bluestacks about 2 days ago, and today I got this blue screen PFN_LIST_CORRUPT...

 

[johnbl]

I uninstalled bluestacks about 2 days ago, and today I got this blue screen PFN_LIST_CORRUPT...

most current memory dump is on
Fri May 27 17:44:19.415 2022
had indications of bluestacks running
put up the most current memory dump,
then run cmd.exe
verifier.exe /standard /all

then reboot your system and wait for the next bugcheck.
after the next bugcheck you will want to run
verifier.exe /reset
to turn it off.
then provide the new mini dump

 

[birdzzmg]

last dump https://www.dropbox.com/s/em5brx7usoa0v19/052922-9171-01.7z?dl=0

can i use my pc normally after using this command?

 

[johnbl]

last dump https://www.dropbox.com/s/em5brx7usoa0v19/052922-9171-01.7z?dl=0

can i use my pc normally after using this command?

sure, until it crashes. it does a lot of error checking so it might run slower
until you turn verifier off via verifier.exe /reset

edit:
you might change the memory dump to kernel and provide the kernel dump c:\windows\memory.dmp
it has a lot more info for debugging. could not debug the last dump without a kernel memory dump

 

[birdzzmg]

ok then, I'll activate it now, if there is any error I'll post it here!

 

[birdzzmg]

sure, until it crashes. it does a lot of error checking so it might run slower
until you turn verifier off via verifier.exe /reset

I tried to start 2 times, as soon as I entered the desktop it gave a blue screen, I had to start in safe mode to disable the verifier, here are the dumps.

https://www.dropbox.com/s/y4m39swvjay97lt/dump after verif.7z?dl=0

 

[johnbl]

bad driver was
nvrtxvad64v.sys Timestamp: Fri Aug 7 00:43:11 2020
NVIDIA Broadca (nvidia broadcast driver ?)
stack corrupted. raw stack just shows this driver making a bad call.
the error:
Arg1: 00000000000000f6, Referencing user handle as KernelMode.

this is a driver bug. programs will work for a while but the memory can be moved around by the memory manager as other demands are made on the system memory then the pointer becomes invalid when something else gets the memory and the user mode program modifies it.

--------------
same driver in both bugchecks.
uninstall the software or use microsoft autoruns and disable the driver https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns

find the menu option to hide microsoft entries, select it and it will be easier to find the driver. you can delete the entry or uncheck it so it does not load on the during boot.

 

[birdzzmg]

I installed this program yesterday, should I uninstall and use verifier.exe again? because it was already giving errors before installing it.

Edit:I activated it again and after a while it gave the blue screen, here is the dump: https://www.dropbox.com/s/a49xv7zhg8sd7eo/052922-6406-01.7z?dl=0

 

[johnbl]

I installed this program yesterday, should I uninstall and use verifier.exe again? because it was already giving errors before installing it.

Edit:I activated it again and after a while it gave the blue screen, here is the dump: https://www.dropbox.com/s/a49xv7zhg8sd7eo/052922-6406-01.7z?dl=0

looks like originwebhelperservice.exe
using a user mode handle passing to kernel mode. error does not make sense.
go and disable the service and reboot with verifier flags set again.
also use autoruns to remove the overclock driver
RTCore64.sys Thu Jun 18 04:55:42 2020

I would also remove this driver:
AmdTools64.sys Tue May 26 23:45:35 2020
(i think it is left over from running this tool:https://www.amd.com/en/support/kb/faq/gpu-601)

try another run with verifier to see if you can get the system to boot for a while. the bugs these two dumps have shown take a long time to bugcheck the system.

if you change to a kernel dump I can verify the handles used and what app used them.

realtek sound driver and network driver are out of date.
(old driver had a bug where it would respond to other sound devices)
https://www.gigabyte.com/us/Motherboard/B450-AORUS-M-rev-1x/support#support-dl-driver-lan

there is also a new set of amd chipset drivers for the bios update.
(your amd drivers range in dates from 2016 to 2021)
best to remove old drivers before you update the chipset if you can. amd want you to use this method to remove old chipset drivers:https://www.amd.com/en/support/kb/faq/chipset-install#faq-Uninstalling-AMD-Ryzen-Chipset-Drivers

 

[birdzzmg]

looks like originwebhelperservice.exe
using a user mode handle passing to kernel mode. error does not make sense.
go and disable the service and reboot with verifier flags set again.
also use autoruns to remove the overclock driver
RTCore64.sys Thu Jun 18 04:55:42 2020

I would also remove this driver:
AmdTools64.sys Tue May 26 23:45:35 2020
(i think it is left over from running this tool:https://www.amd.com/en/support/kb/faq/gpu-601)

try another run with verifier to see if you can get the system to boot for a while. the bugs these two dumps have shown take a long time to bugcheck the system.

if you change to a kernel dump I can verify the handles used and what app used them.

realtek sound driver and network driver are out of date.
(old driver had a bug where it would respond to other sound devices)
https://www.gigabyte.com/us/Motherboard/B450-AORUS-M-rev-1x/support#support-dl-driver-lan

there is also a new set of amd chipset drivers for the bios update.
(your amd drivers range in dates from 2016 to 2021)
best to remove old drivers before you update the chipset if you can. amd want you to use this method to remove old chipset drivers:https://www.amd.com/en/support/kb/faq/chipset-install#faq-Uninstalling-AMD-Ryzen-Chipset-Drivers

hello, i did what you asked, and after 15-20 seconds it gave the blue screen again.

https://www.dropbox.com/s/y4v91vkovo5ldta/052922-17187-01.zip?dl=0

 

[johnbl]

hello, i did what you asked, and after 15-20 seconds it gave the blue screen again.

https://www.dropbox.com/s/y4v91vkovo5ldta/052922-17187-01.zip?dl=0

looks like
OriginWebHelpe
originwebhelper.exe service again. using a user mode handle as a kernel handle
kind of strange unless they are calling a internal undocumented function you would not expect this error.

you would need to find the service and disable it so it can not start up. (or uninstall the service)

the debugger does not detect any modifications in the core windows files but you might run
cmd.exe as an admin then run
dism.exe /online /cleanup-image /restorehealth
and it will check and repair your core files.

here is the series of calls (read from the bottom up)
# Call Site
00 nt!KeBugCheckEx
01 nt!VerifierBugCheckIfAppropriate
02 nt!VfCheckUserHandle
03 nt!ObpReferenceObjectByHandleWithTag
04 nt!ObReferenceObjectByHandle
05 nt!NtQueryValueKey
06 nt!KiSystemServiceCopyEnd
07 nt!KiServiceLinkage
08 VerifierExt!ZwQueryValueKey_wrapper
09 nt!VfZwQueryValueKey
0a win32kfull!IsWDAGContainer
0b win32kfull!xxxSystemParametersInfoWorker
0c win32kfull!EditionxxxSystemParametersInfoWorker
0d win32kbase!xxxSystemParametersInfo
0e win32kbase!NtUserSystemParametersInfo
0f win32k!NtUserSystemParametersInfo
10 nt!KiSystemServiceCopyEnd
11 0x0


the problem was coming out of call 0a
the sequence was started by OriginWebHelpe
(debugger cuts off the .exe name so I assume it is originwebhelper.exe still running)

you might also make sure all of the windows updates have been applied.

there is a bug on windows 10 listed for one of the functions:
SystemParametersInfo works incorrectly - Application Developer | Microsoft Docs

 

[birdzzmg]

I will uninstall Origin and try again, I will edit here with the dump if there is an error.

looks like
OriginWebHelpe
originwebhelper.exe service again. using a user mode handle as a kernel handle
kind of strange unless they are calling a internal undocumented function you would not expect this error.

you would need to find the service and disable it so it can not start up. (or uninstall the service)

the debugger does not detect any modifications in the core windows files but you might run
cmd.exe as an admin then run
dism.exe /online /cleanup-image /restorehealth
and it will check and repair your core files.

here is the series of calls (read from the bottom up)
# Call Site
00 nt!KeBugCheckEx
01 nt!VerifierBugCheckIfAppropriate
02 nt!VfCheckUserHandle
03 nt!ObpReferenceObjectByHandleWithTag
04 nt!ObReferenceObjectByHandle
05 nt!NtQueryValueKey
06 nt!KiSystemServiceCopyEnd
07 nt!KiServiceLinkage
08 VerifierExt!ZwQueryValueKey_wrapper
09 nt!VfZwQueryValueKey
0a win32kfull!IsWDAGContainer
0b win32kfull!xxxSystemParametersInfoWorker
0c win32kfull!EditionxxxSystemParametersInfoWorker
0d win32kbase!xxxSystemParametersInfo
0e win32kbase!NtUserSystemParametersInfo
0f win32k!NtUserSystemParametersInfo
10 nt!KiSystemServiceCopyEnd
11 0x0


the problem was coming out of call 0a
the sequence was started by OriginWebHelpe
(debugger cuts off the .exe name so I assume it is originwebhelper.exe still running)

you might also make sure all of the windows updates have been applied.

there is a bug on windows 10 listed for one of the functions:
SystemParametersInfo works incorrectly - Application Developer | Microsoft Docs

I will uninstall Origin and try again, I will edit here with the dump if there is an error.


EDIT: I activated the verifier, and so far no blue screen, what I did was I disabled steam to start with windows and uninstalled Origin.
30 minutes with verifier and no bsod

EDIT2: should i continue with verifier active until get bsod? so far 0 bsod. 45 minutes.

 

[birdzzmg]

After 60-90 minutes, it got blue screen with SPECIAL POOL DETECTED MEMORY CORRUPTION error when I was using chrome.
https://www.dropbox.com/s/fdagb4pcrgkeo2o/052922-17328-01.zip?dl=0

 

[johnbl]

note: added a edit to last message about a known windows 1

After 60-90 minutes, it got blue screen with SPECIAL POOL DETECTED MEMORY CORRUPTION error when I was using chrome.
https://www.dropbox.com/s/fdagb4pcrgkeo2o/052922-17328-01.zip?dl=0

bugcheck was while running
NGUIdle.exe
The filesystem was cleaning up some allocations. verifier looks at each of these for corruption beyond the buffer space and found some.
It does this by writing a pattern to the memory then looks for changes that should not be there when the memory is released back to the system: You can see the change from 97979797 pattern on the 4th and 5th line. It does not look like a random change. I might turn off the virus scanner to see if it is involved in the modifications. You should change the memory dump to kernel so the allocations can be traced.


ffffa686d8970fb0 97979797 97979797 97979797 97979797 ffffa686d8970fc0 97979797 97979797 97979797 97979797
ffffa686d8970fd0 97979797 97979797 97979797 97979797 ffffa686d8970fe0 00000000 00000000 d896af08 ffffa686
ffffa686`d8970ff0 23fc949f 000000d6 97979797 97979797

 

[birdzzmg]

note: added a edit to last message about a known windows 1

bugcheck was while running
NGUIdle.exe
The filesystem was cleaning up some allocations. verifier looks at each of these for corruption beyond the buffer space and found some.
It does this by writing a pattern to the memory then looks for changes that should not be there when the memory is released back to the system: You can see the change from 97979797 pattern on the 4th and 5th line. It does not look like a random change. I might turn off the virus scanner to see if it is involved in the modifications. You should change the memory dump to kernel so the allocations can be traced.


ffffa686d8970fb0 97979797 97979797 97979797 97979797 ffffa686d8970fc0 97979797 97979797 97979797 97979797
ffffa686d8970fd0 97979797 97979797 97979797 97979797 ffffa686d8970fe0 00000000 00000000 d896af08 ffffa686
ffffa686`d8970ff0 23fc949f 000000d6 97979797 97979797

my windows is already up to date, do you think a clean install of windows might fix it?
When I formatted I didn't disconnect the other HDS, and I didn't wipe all the partitions.
my computer already had some blue screens before changing the motherboard/memory, but they weren't that frequent.
do you think its not a hardware problem?

 

[johnbl]

my windows is already up to date, do you think a clean install of windows might fix it?
When I formatted I didn't disconnect the other HDS, and I didn't wipe all the partitions.
my computer already had some blue screens before changing the motherboard/memory, but they weren't that frequent.
do you think its not a hardware problem?

it will be some device driver, for example it could be a usb device that has special firmware, it could be a virus scanner.
most likely something is writing to a location is used to own. the location gets recycled by the memory manager but some program writes to it again when it does not own it and corrupts the block. This would not be detected except verifier wrote a pattern in the blocks and checks when the area is released back to the system.

best to provide the kernel dump and I can take a quick look. look for usb devices that can be programmed, or might need firmware updates things like a old logitech mouse. (just a guess)

you could also do a wipe and update windows then turn on verifer before you install all the apps again.
just to see if you bugcheck with a clean setup with no 3rd party drivers installed.

 

[birdzzmg]

it will be some device driver, for example it could be a usb device that has special firmware, it could be a virus scanner.
most likely something is writing to a location is used to own. the location gets recycled by the memory manager but some program writes to it again when it does not own it and corrupts the block. This would not be detected except verifier wrote a pattern in the blocks and checks when the area is released back to the system.

best to provide the kernel dump and I can take a quick look. look for usb devices that can be programmed, or might need firmware updates things like a old logitech mouse. (just a guess)

so I should enable verifier again and enable kernel dump, right? or when i change to kernel dump i dont have to wait for a bsod

 

[johnbl]

so I should enable verifier again and enable kernel dump, right? or when i change to kernel dump i dont have to wait for a bsod

yep, that should do it. kernel dump will save in the file c:\windows\memory.dmp it will be much larger but will include internal logs, info on all of the cpu cores and subsystems.
verifier will do the checking for mistakes and force the bugcheck when it detects a problem

 

[birdzzmg]

yep, that should do it. kernel dump will save in the file c:\windows\memory.dmp it will be much larger but will include internal logs, info on all of the cpu cores and subsystems.
verifier will do the checking for mistakes and force the bugcheck when it detects a problem

is a 3.6gb .dmp?

I'm already thinking about just doing a clean install of windows and see if it solves...

 

[johnbl]

is a 3.6gb .dmp?

I'm already thinking about just doing a clean install of windows and see if it solves...

3.3 gb is ok for kernel dump. full dumps are the size of the actual ram.
go ahead and do a reinstall, it might be faster and you can make sure you get all of the updated drivers and software.

 

[birdzzmg]

3.3 gb is ok for kernel dump. full dumps are the size of the actual ram.
go ahead and do a reinstall, it might be faster and you can make sure you get all of the updated drivers and software.

What drivers should I install?
I usually download the video card, motherboard chipset and audio. should i download any more?

 

[johnbl]

What drivers should I install?
I usually download the video card, motherboard chipset and audio. should i download any more?

add the network card and you should be good. update firmware of any device that might not have been updated. (cpu firmware, usb device, thunderbolt,..., firmware of ssd maybe)