Question System service exception BSOD's (previously thought to be solved, but persisting)

Oct 27, 2020
40
0
30
0
Hello

I've been experiencing consistent BSOD's almost randomly for several months. I decided to look to these forums for help solving this issue a few months ago. The forum post and the replies, as well as the steps we took and the outcomes of those steps can be found here:
https://forums.tomshardware.com/threads/blue-screen-of-death-errors.3657226/?view=date

Overview of what we did:

The blue screens had caused audio driver issues (audio was completely disabled), and impaired files were found after running /sfc scannow and DISM.exe /Online /Cleanup-image/Restorehealth command. I created 5 dump files to offer as much information about the BSOD's as possible. Then, we updated any drivers that were suspect to the errors manually, and later updated my Windows 10 OS to 20H2. The audio driver problems were fixed (as far as I know, I thought there used to be an additional audio option, though), blue screens weren't occurring, and sfc scans and restore health brought up no errors, so I assumed the problem was fixed. Though now, blue screen errors are showing up again. I was then recommended to make a new post about the issue.

System info:

System model: OMEN by HP Desktop PC 880-p1xx
Processor: Intel Core i7-8700K CPU @ 3.70 (12 CPU's), ~3.7Ghz
OS: Windows 10 Home 64-bit -- Build 10.0.19042
Graphics card: NVIDIA GeForce GTX 1080Ti
32 GB RAM

Because dump files were looked over last time, I'll post my current minidump files I have in regards to the BSOD's. As far as I know, they have all been SYSTEM_SERVICE_EXCEPTION:

https://drive.google.com/file/d/1tzRaJ9mmDXeISCubBBsrYWawEVVEg5VG/view?usp=sharing 12/2/20 BSOD
https://drive.google.com/file/d/1yInYI10e22G9LrCpG4yo87SL21ZPV1dn/view?usp=sharing 12/9/20 8:04pm BSOD
https://drive.google.com/file/d/1yInYI10e22G9LrCpG4yo87SL21ZPV1dn/view?usp=sharing 12/9/20 8:15pm BSOD
https://drive.google.com/file/d/1lHLUXqVfNayqmI95HpfHM4hgoGCNYQjW/view?usp=sharing 12/11/20 BSOD
https://drive.google.com/file/d/1Hw5akCSvMjuZ6uo5uguVAdqOv9EZta9C/view?usp=sharing 12/17/20 BSOD

Some extra notes:

-I decided to hold off on running sfc scannow or restore health until the post was seen.
-Audio drivers are still in the same state as they were after the update; they still work right now.
-I never installed the cabinet files for the audio drivers in the previous post, because audio was working after the update.
-I have not run the hp support assistant since the most recent BSOD's. (The first time it was ran, it caused a BSOD. I ran it a second time later, with no notable results.) This is the link I was given to run it: https://www8.hp.com/au/en/campaigns/hpsupportassistant/hpsupport.html

Hoping for the best, any constructive input toward solving the issue would be appreciated.
 
Last edited:
---------
first bugcheck looked like a filter driver trying to find a key in the registry and the query resulted in a bugcheck for some reason
the filter driver was windows defender wdfilter.sys
(you might start cmd.exe as an admin then
sc stop WdFilter
sc start Wdfilter

and see if it triggers a bugcheck on your system
-------------

machine has some hp support drivers installed: i would uninstall this if you don't use it
hpcustomcapdriver.sys Tue Sep 19 15:13:13 2017
hpomencustomcapdriver.sys Wed Oct 25 14:24:00 2017

overclock driver:
iocbios2.sys Mon Jan 29 00:48:40 2018

this is the network driver and a network helper driver, BUT I would expect them to have nearly the same dates.
(you might want to check for a update to both of them)
rt640x64.sys Mon Sep 28 06:35:36 2020
rtf64x64.sys Tue Sep 5 00:27:01 2017

-----------
will take a quick look at the other bugchecks to see if there is a pattern.
 
looks like all of the bugchecks involved attempts to read a value from the registry.
all but one was due to windows defender attempting to read something.
with one bugcheck I could not tell what service attempted to read the registry.

this could mean you have something blocking the attempt to read the registry

- a corruption in the registry
- another filter driver interfering with the query
- a bad spot on your hard drive related to where your registry file is stored.

I would google for a way to remove windows defender and get it reinstalled again.
programs might attack windows defender by putting a bad value in its registry setting.

each one of these failure took a long time 1 day 9 hours for example.
normally if the problem was simple, you would see the failure much quicker

sorry, this is just not much help




---------
first bugcheck looked like a filter driver trying to find a key in the registry and the query resulted in a bugcheck for some reason
the filter driver was windows defender wdfilter.sys
(you might start cmd.exe as an admin then
sc stop WdFilter
sc start Wdfilter

and see if it triggers a bugcheck on your system
-------------

machine has some hp support drivers installed: i would uninstall this if you don't use it
hpcustomcapdriver.sys Tue Sep 19 15:13:13 2017
hpomencustomcapdriver.sys Wed Oct 25 14:24:00 2017

overclock driver:
iocbios2.sys Mon Jan 29 00:48:40 2018

this is the network driver and a network helper driver, BUT I would expect them to have nearly the same dates.
(you might want to check for a update to both of them)
rt640x64.sys Mon Sep 28 06:35:36 2020
rtf64x64.sys Tue Sep 5 00:27:01 2017

-----------
will take a quick look at the other bugchecks to see if there is a pattern.
 

gardenman

Dignified
Moderator
Similar thread: https://www.tenforums.com/bsod-crashes-debugging/107440-system_service_exception-wdfilter-sys.html
It seems one guy disabled Defender and that helped (see the last post), but that's a temporary solution. The underlying issue still needs to be addressed, and you don't need to go without anti-virus. If you disable it, do as john said above and re-enable or reinstall it afterwards.

I wouldn't follow all of the instructions on that link because many of those are system specific.
 
Oct 27, 2020
40
0
30
0
---------
first bugcheck looked like a filter driver trying to find a key in the registry and the query resulted in a bugcheck for some reason
the filter driver was windows defender wdfilter.sys
(you might start cmd.exe as an admin then
sc stop WdFilter
sc start Wdfilter

and see if it triggers a bugcheck on your system
-------------

machine has some hp support drivers installed: i would uninstall this if you don't use it
hpcustomcapdriver.sys Tue Sep 19 15:13:13 2017
hpomencustomcapdriver.sys Wed Oct 25 14:24:00 2017

overclock driver:
iocbios2.sys Mon Jan 29 00:48:40 2018

this is the network driver and a network helper driver, BUT I would expect them to have nearly the same dates.
(you might want to check for a update to both of them)
rt640x64.sys Mon Sep 28 06:35:36 2020
rtf64x64.sys Tue Sep 5 00:27:01 2017

-----------
will take a quick look at the other bugchecks to see if there is a pattern.
After running sc stop Wdfilter in admin cmd, I got the message:

[SC] OpenService FAILED 5:
Access denied.

I assumed starting it wouldn't do anything, so I didn't.

How do I know if I use those capdrivers, and the overclock driver? And, how can I update the network helper driver?
 
Oct 27, 2020
40
0
30
0
Similar thread: https://www.tenforums.com/bsod-crashes-debugging/107440-system_service_exception-wdfilter-sys.html
It seems one guy disabled Defender and that helped (see the last post), but that's a temporary solution. The underlying issue still needs to be addressed, and you don't need to go without anti-virus. If you disable it, do as john said above and re-enable or reinstall it afterwards.

I wouldn't follow all of the instructions on that link because many of those are system specific.
It's a lot to look through, I'll get started now. I haven't disabled windows defender and re-enabled it just yet, but I mean to after reading through.
 
Oct 27, 2020
40
0
30
0
Similar thread: https://www.tenforums.com/bsod-crashes-debugging/107440-system_service_exception-wdfilter-sys.html
It seems one guy disabled Defender and that helped (see the last post), but that's a temporary solution. The underlying issue still needs to be addressed, and you don't need to go without anti-virus. If you disable it, do as john said above and re-enable or reinstall it afterwards.

I wouldn't follow all of the instructions on that link because many of those are system specific.
Following page 2 instructions, I ran restorehealth and sfc scanow commands, without any corrupted files. Then, I ran chkdsk /scan. It prompted the following:

"The type of the file system is NTFS.
Volume label is Windows.

Stage 1: Examining basic file system structure ...
Found corrupt basic file structure for '\ProjectIgnis\scripts\official\c11012887.lua <0x35,0x15f3>'
was not able to send command for self-healing due to lack of memory."

I got a windows notification that my system needed to be restarted, so I shut the system down and powered it on, which prompted a disk clean and restore on the boot-up screen.

Project Ignis is a yugioh simulator game project, which was the directory of the displayed file. I was actually playing the game and leaving the system locked for a lot of the blue screens. I talked to the discord that develops the game, and was able to determine that the file was for a certain card's scripting. They don't know any reason for the file to be causing blue screens, and I can't say confidently it's this particular script's fault (maybe the game?). They recommended a memtest, which was on the directions for the forum you posted. I decided to run chkdsk /scan once more, which prompted no corrupted files.

I went to do a memtest, but I got confused pretty quickly and burned a usb drive with the wrong program. I think I'll need to get another usb drive if I'm going to do a memtest.

I'm also a little worried about disabling defender, and the chance that it will cause a virus. Is there any way I can protect myself from that before disabling defender?
 

gardenman

Dignified
Moderator
Is there any way I can protect myself from that before disabling defender?
Unplug the internet, disable defender, re-enable defender, plug the internet back up. Another way to disable defender is to simply installed a 3rd party anti-virus. I have no recommendations on which one. Simply disabling AV for a few minutes (while not connected) is generally safe as long as you don't install or run any other software during that time.

You should be able to download memtest86 and re-burn the same USB flash drive. You can use them more than once, unless it's damaged.

Having to restart to properly scan the disk is normal as many files are in use while Windows is running and that prevents the scan on those. The error on the drive may (or may not) indicate that the drive is bad and that could also be an issue. Maybe others will have more input on that.
 
Oct 27, 2020
40
0
30
0
Unplug the internet, disable defender, re-enable defender, plug the internet back up. Another way to disable defender is to simply installed a 3rd party anti-virus. I have no recommendations on which one. Simply disabling AV for a few minutes (while not connected) is generally safe as long as you don't install or run any other software during that time.

You should be able to download memtest86 and re-burn the same USB flash drive. You can use them more than once, unless it's damaged.

Having to restart to properly scan the disk is normal as many files are in use while Windows is running and that prevents the scan on those. The error on the drive may (or may not) indicate that the drive is bad and that could also be an issue. Maybe others will have more input on that.
Things just got worse, now I'm seeing windows threats to my device, and after I tried logging in to tomshardware forum, the tab crashed. I just can't move forward with disabling windows security now, there might be a virus on my tower. I'm extremely worried.

Edit: I never disabled defender, but now I feel I really can't.

Here's the info I'm getting on the issues. There are two in windows security:

Alert level: Severe
Status: Active
Category: Trojan
Details: This program has potentially unwanted behavior

Affected items:

File: C:\ProgramFiles\Elgato\SoundCapture\SoundCapture.exe

File: C:programData\Microsoft\Windows\Start Menu\Programs\Elgato\Sound Capture.lnk

Regkey: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Elgato Sound Capture

Runkey: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Elgato sound capture

Startup: C\ProgramData\Microsoft\Windows\Start Menu\Programs\Elgato\Sound Capture\Sound Capture.lnk

The second is a duplicate of this, and the third is similar with regkey and runkeys of my mouse drivers.
 
Last edited:
Oct 27, 2020
40
0
30
0
Unplug the internet, disable defender, re-enable defender, plug the internet back up. Another way to disable defender is to simply installed a 3rd party anti-virus. I have no recommendations on which one. Simply disabling AV for a few minutes (while not connected) is generally safe as long as you don't install or run any other software during that time.

You should be able to download memtest86 and re-burn the same USB flash drive. You can use them more than once, unless it's damaged.

Having to restart to properly scan the disk is normal as many files are in use while Windows is running and that prevents the scan on those. The error on the drive may (or may not) indicate that the drive is bad and that could also be an issue. Maybe others will have more input on that.
I'm going to quaritine the threats and shut off my computer. There are even more issues showing up. I'm strongly considering a factory restore.
 
Last edited:
Oct 27, 2020
40
0
30
0
Unplug the internet, disable defender, re-enable defender, plug the internet back up. Another way to disable defender is to simply installed a 3rd party anti-virus. I have no recommendations on which one. Simply disabling AV for a few minutes (while not connected) is generally safe as long as you don't install or run any other software during that time.

You should be able to download memtest86 and re-burn the same USB flash drive. You can use them more than once, unless it's damaged.

Having to restart to properly scan the disk is normal as many files are in use while Windows is running and that prevents the scan on those. The error on the drive may (or may not) indicate that the drive is bad and that could also be an issue. Maybe others will have more input on that.
I can't factory reset. There are no restore points, either. I can't sign into my computer through safe mode because of the windows 10 update. This is a nightmare, I'm terrified. I really hope you guys can help me.
 

gardenman

Dignified
Moderator
Is the iso all I need to wipe my system clean?
Yes. During the install you can choose to remove all partitions that are currently on the drive, and then begin a new install. Note: This will wipe out ALL information on the drive, all personal files, applications, everything. If there are important files that you want to keep, back those up first (if you think you can do so without carrying any virus infection over to your new setup). Full instructions can be found here: https://forums.tomshardware.com/faq/windows-10-clean-install-tutorial.3170366/ Step 7 tells you how to remove all files from the drive.

Sometimes anti-virus have what is known as a false positive. It's where they claim files are infected when in fact they are not. If I was you, I personally would first backup any important files. Then try to remove the Elgato software. Afterwards do a full scan again. If the scan shows up clean afterwards, then it's likely you won't have to reinstall, and it could have been a false positive.

Also I would recommend a 3rd party antivirus for you. Give one a try. I'm not in a position to recommend one. I have friends that use BitDefender but I didn't like it. I use Avast on another household PC. I'm sure you will get recommendations on others if you ask around. Just pick one and go with it.
 
Reactions: Mandark

Colif

Win 10 Master
Moderator
I can't factory reset. There are no restore points, either. I can't sign into my computer through safe mode because of the windows 10 update. This is a nightmare, I'm terrified. I really hope you guys can help me.
anything on C you want to save?
boot from installer
on screen after languages, choose repair this pc, not install.
choose troubleshoot
choose advanced
choose command prompt
type notepad and press enter
in notepad, select file>open
Use file explorer to copy any files you need to save to USB or hdd

then clean install as above
 
Oct 27, 2020
40
0
30
0
anything on C you want to save?
boot from installer
on screen after languages, choose repair this pc, not install.
choose troubleshoot
choose advanced
choose command prompt
type notepad and press enter
in notepad, select file>open
Use file explorer to copy any files you need to save to USB or hdd

then clean install as above
Fortunately while all of this was going on, I made a backup usb drive for all of my files. I just hope the bluescreens aren't related to the potential virus, because if they were, that usb may be infected (assuming it wasn't a false positive.) There were issues with opening steam and browser tabs were crashing, so I assume there was actual damage. My greatest fear is a blue screen during the windows 10 reinstall/repair. I'll finish a shift today and let you know how it all goes tonight
 

Colif

Win 10 Master
Moderator
well, the files on usb aren't live. so if you attach the USB to PC and right click it, there should be an option to scan it with defender (I assume, I don't have defender). Once it passes, you should be safe to copy them onto pc.
 
Oct 27, 2020
40
0
30
0
Yes. During the install you can choose to remove all partitions that are currently on the drive, and then begin a new install. Note: This will wipe out ALL information on the drive, all personal files, applications, everything. If there are important files that you want to keep, back those up first (if you think you can do so without carrying any virus infection over to your new setup). Full instructions can be found here: https://forums.tomshardware.com/faq/windows-10-clean-install-tutorial.3170366/ Step 7 tells you how to remove all files from the drive.

Sometimes anti-virus have what is known as a false positive. It's where they claim files are infected when in fact they are not. If I was you, I personally would first backup any important files. Then try to remove the Elgato software. Afterwards do a full scan again. If the scan shows up clean afterwards, then it's likely you won't have to reinstall, and it could have been a false positive.

Also I would recommend a 3rd party antivirus for you. Give one a try. I'm not in a position to recommend one. I have friends that use BitDefender but I didn't like it. I use Avast on another household PC. I'm sure you will get recommendations on others if you ask around. Just pick one and go with it.
I'm seeing a USB partition, and I'm assuming that's the partition for the USB that I'm doing this off of, right? These are the partitions I'm seeing:

Drive 0 Partition 1: DATA. 917.1GB Primary
Drive 0 Partition 2: RECOVERY. 14.4GB. OEM (Reserved)
Drive 1 Partition 1. 260.0 MB. System
Drive 1 Partition 2. 16MB MSR (Reserved)
Drive 1 Partition 3: Windows. 237.2 GB Primary
Drive 3 Partition 1: ESD-USB. 32.0GB System
Drive 3 Unallocated Space 27.6GB (no type)

Edit: Drive 0 is my HDD, and Drive 1 is my SSD. I'm not sure which drive I installed windows to before.
 
Last edited:

Colif

Win 10 Master
Moderator
you better off unplugging all but the drive you want windows on, as that will reduce chance windows puts parts of itself elsewhere. Only have drive 1 attached if that is where you want windows.
Drive 3 is the USB
 

gardenman

Dignified
Moderator
What all drives do you have and which one do you want to install it to?

It's preferred to install Windows to an SSD if you have one. From the looks of it, you have a 950 (ish) GB drive, a 250 (ish) GB drive, and the USB (which you can't install Windows to).

Is the 250 GB drive an SSD?
Is the 950 GB drive a regular HDD?

If so, I would install to the 250 GB drive (if it's an SSD).

As Colif just suggested, unplug all other drives before installing (except the USB and the drive you want to install to).
 
Oct 27, 2020
40
0
30
0
well, the files on usb aren't live. so if you attach the USB to PC and right click it, there should be an option to scan it with defender (I assume, I don't have defender). Once it passes, you should be safe to copy them onto pc.
So after reinstalling windows, and after a prompted restart, there was ANOTHER blue screen. Another system service exception.
 
Oct 27, 2020
40
0
30
0
What all drives do you have and which one do you want to install it to?

It's preferred to install Windows to an SSD if you have one. From the looks of it, you have a 950 (ish) GB drive, a 250 (ish) GB drive, and the USB (which you can't install Windows to).

Is the 250 GB drive an SSD?
Is the 950 GB drive a regular HDD?

If so, I would install to the 250 GB drive (if it's an SSD).

As Colif just suggested, unplug all other drives before installing (except the USB and the drive you want to install to).
I decided to install it on the SSD. I'm going through updates now. Should I update drivers after I'm finished?
 

ASK THE COMMUNITY

TRENDING THREADS

Latest posts