[SOLVED] Random BSODs (at least once a day) for an entire year ?

[nidhamu]

Hi, thanks for taking a look at this post!
I am using a laptop and have been suffering from BSODs for over a year. I tried a clean install of windows this month, but they are rather more frequent.
I don't know what more I can do.

The errors that came up are as follows
KMODE_EXCEPTION_NOT_HANDLED
IRQL_NOT_LESS_OR_EQUAL
PAGE_FAULT_IN_NONPAGED_AREA

Also, DRIVER_VERIFIER_DETECTED_VIOLATION occurred when attempting to reboot after enabling VERIFIER for all drivers (recover from safe mode).

I have tried the following But no use.

• Update Drivers
• Memory Diagnostic tool
• sfc /scannow
• CHKDSK
• disable fast startup

Here is my minidump.
Thank you for any help!

edit: I don't think it's caused by the SSD. I tried another SSD with the clone but it still happened.

 

[JohnBonhamsGhost]

tried a clean install of windows this month, but they are rather more frequent.

are you using the same installation media each time you've installed the OS fresh
or have you used the MS Media Creation Tool to create a new updated install package?

 

[nidhamu]

are you using the same installation media each time you've installed the OS fresh
or have you used the MS Media Creation Tool to create a new updated install package?

I have used the MS Media Creation Tool.

 

[JohnBonhamsGhost]

I have used the MS Media Creation Tool.

have actually used the latest version available each time
or used the same version each time?

 

[nidhamu]

have actually used the latest version available each time
or used the same version each time?

I used the latest version for a clean installation from USB.

 

[johnbl]

your earlier bugcheck show unmodified windows core files, then over the course of several bugchecks the 3 core windows files are modified.

here is what I would do:
update the bios to the current version, apply chipset drivers and any security fixes from the machine vendors website. This will patch the known secruity holes in the cpu.
then you need to start cmd.exe as an admin and run
dism.exe /online /cleanup-image /restorehealth
to fix any modified windows core files on disk.

Then you need to boot windows and disable virtual memory to dump the pagefile.sys, reboot and turn it back on to create a new pagefile.sys
This will remove the modified windows core files from virtual memory.

after that I would run a malware scan

you should update the network driver simply because it is old.
you might remove the Acronis software (it could be what is changing the windows core files)

You will also see the same type of bugchecks caused by over heated CPUs
so make sure your fan is working and the vents are not blocked.



notes:-
second bugcheck verifier violation by
vgk.sys driver did not free up its kernel memory when unloading:
(ignore this one you can use driver exclude switch with verifier)

----------------
first bugcheck
bad instruction pointer.
several modified windows files.

old network driver installed:
rt640x64.sys Fri May 10 01:59:23 2019

third party drivers installed:
Acronis File Protector installed (2020 version)
volume_tracker.sys Wed Sep 30 02:15:29 2020
virtual_file.sys Wed Sep 30 01:41:04 2020
file_tracker.sys Wed Sep 30 01:09:22 2020
file_protector.sys Mon Nov 9 22:12:51 2020

Acronis True Image file: snapman.sys Thu Jan 14 01:26:59 2021



BIOS Version N.1.20THI06
BIOS Release Date 12/22/2020
Manufacturer Thirdwave Corporation
Product Name GR2060RGF-T
Family GALLERIA
Product GK5NR0O
Chassis Type Notebook
Processor Manufacturer Advanced Micro Devices, Inc.
Processor ID 10f8600fffb8b17
Processor Version AMD Ryzen 7 4800H with Radeon Graphics
Processor Voltage 8ch - 1.2V
External Clock 100MHz
Max Speed 4300MHz
Current Speed 2900MHz

 

[nidhamu]

your earlier bugcheck show unmodified windows core files, then over the course of several bugchecks the 3 core windows files are modified.

here is what I would do:
update the bios to the current version, apply chipset drivers and any security fixes from the machine vendors website. This will patch the known secruity holes in the cpu.
then you need to start cmd.exe as an admin and run
dism.exe /online /cleanup-image /restorehealth
to fix any modified windows core files on disk.

Then you need to boot windows and disable virtual memory to dump the pagefile.sys, reboot and turn it back on to create a new pagefile.sys
This will remove the modified windows core files from virtual memory.

after that I would run a malware scan

you should update the network driver simply because it is old.
you might remove the Acronis software (it could be what is changing the windows core files)

You will also see the same type of bugchecks caused by over heated CPUs
so make sure your fan is working and the vents are not blocked.



notes:-
second bugcheck verifier violation by
vgk.sys driver did not free up its kernel memory when unloading:
(ignore this one you can use driver exclude switch with verifier)

----------------
first bugcheck
bad instruction pointer.
several modified windows files.

old network driver installed:
rt640x64.sys Fri May 10 01:59:23 2019

third party drivers installed:
Acronis File Protector installed (2020 version)
volume_tracker.sys Wed Sep 30 02:15:29 2020
virtual_file.sys Wed Sep 30 01:41:04 2020
file_tracker.sys Wed Sep 30 01:09:22 2020
file_protector.sys Mon Nov 9 22:12:51 2020

Acronis True Image file: snapman.sys Thu Jan 14 01:26:59 2021



BIOS Version N.1.20THI06
BIOS Release Date 12/22/2020
Manufacturer Thirdwave Corporation
Product Name GR2060RGF-T
Family GALLERIA
Product GK5NR0O
Chassis Type Notebook
Processor Manufacturer Advanced Micro Devices, Inc.
Processor ID 10f8600fffb8b17
Processor Version AMD Ryzen 7 4800H with Radeon Graphics
Processor Voltage 8ch - 1.2V
External Clock 100MHz
Max Speed 4300MHz
Current Speed 2900MHz

Great thanks for debugging and suggesting a response.
Unfortunately, the vendor does not provide BIOS update support for this model. (I have previously confirmed this.)
So, I did

then you need to start cmd.exe as an admin and run
dism.exe /online /cleanup-image /restorehealth
to fix any modified windows core files on disk.

Then you need to boot windows and disable virtual memory to dump the pagefile.sys, reboot and turn it back on to create a new pagefile.sys
This will remove the modified windows core files from virtual memory.

after that I would run a malware scan

I checked the device driver and the network driver was shown as the latest.
I also uninstalled Acronis and ran a malware scan.
In addition, since a BSOD by G hub was also reported on a computer with a Ryzen 7 4800H CPU, I uninstalled G hub as well.
I'll wait and see how things go for a while.
I will post a message if the BSOD occurs again.

 

[johnbl]

Great thanks for debugging and suggesting a response.
Unfortunately, the vendor does not provide BIOS update support for this model. (I have previously confirmed this.)
So, I did

I checked the device driver and the network driver was shown as the latest.
I also uninstalled Acronis and ran a malware scan.
In addition, since a BSOD by G hub was also reported on a computer with a Ryzen 7 4800H CPU, I uninstalled G hub as well.
I'll wait and see how things go for a while.
I will post a message if the BSOD occurs again.

be sure to run the dism.exe command and delete the pagefile,sys to dump any malware that was not detected.

bios updates fix the bugs in the cpu, if you can not get one then you have to depend on the microsoft cpu specfic update to patch the microcode(from windows update) OR install ryzenmaster update directly from the CPU vendor to get a CPU microcode patch. but note if you use the AMD ryzenmaster you will have to update the software manually as new updates come out. I would look at the AMD website to see if they have a security processor firmware update tool. (not sure what it is called)

Most of the malware will attempt to hack known vulnerabilities in third party drivers then worm their way into the system and modify the windows core files stored in the pagefile.sys and reloaded via the fastboot option (sleep/wake) they get wiped when the pagefile.sys is deleted and have to start the infection sequence all over again. Most malware do not seem to modify the files on disk directly any more, just the copy stored in virtual memory.

 

[nidhamu]

It seems the BSODs occurring on my laptop were due to multiple causes. After following the steps in the previous messages, plus disabling onedrive, I have not had a BSOD for a week. Thanks to all of you for your help.