BSOD every 30-40 minutes no specific applications open causing it.

Collapse
X
Collapse
 
  • Page of 2
  • Time
  • Show
Clear All
new posts
Previous 1 2 template Next
  • Eughurt
    PCHF Member
    • Jul 2021
    • 14
    #1

    BSOD every 30-40 minutes no specific applications open causing it.

    Hello, since this morning I’ve been having issues with my computer randomly blue screening. I’ve done research, updated some drivers, and listened to some online advice to get the most info possible. At this point it feels like I’ve exhausted every avenue for someone who isn’t really great with computers and doesn’t really understand the information I’ve been given. I would really appreciate some help and a big thank you to everyone who responds to this thread!!!

    Here’s some information:
    Microsoft (R) Windows Debugger Version 10.0.21349.1004 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.

    Loading Dump File [C:\Windows\MEMORY.DMP]
    Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.

    Symbol search path is: srv*
    Executable search path is:
    Windows 10 Kernel Version 19041 MP (16 procs) Free x64
    Product: WinNt, suite: TerminalServer SingleUserTS Personal
    Edition build lab: 19041.1.amd64fre.vb_release.191206-1406
    Machine Name:
    Kernel base = 0xfffff807[ICODE]2181c000 PsLoadedModuleList = 0xfffff807[/ICODE]22446230
    Debug session time: Fri Jul 2 16:48:44.386 2021 (UTC - 4:00)
    System Uptime: 0 days 0:10:48.206
    Loading Kernel Symbols




    Loading User Symbols

    Loading unloaded module list

    For analysis of this file, run !analyze -v
    nt!KeBugCheckEx:
    fffff807[ICODE]21c12c20 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffffdc88[/ICODE]cef36490=000000000000007e
    15: kd> !analyze -v
    • Code:
                                                                              *
    • Code:
                         Bugcheck Analysis                                    *
    • Code:
                                                                              *


    SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e)
    This is a very common BugCheck. Usually the exception address pinpoints
    the driver/function that caused the problem. Always note this address
    as well as the link date of the driver/image that contains this address.
    Arguments:
    Arg1: ffffffff80000003, The exception code that was not handled
    Arg2: fffff80721c1ab08, The address that the exception occurred at
    Arg3: ffffdc88cef37488, Exception Record Address
    Arg4: ffffdc88cef36cc0, Context Record Address
    [HEADING=1]Debugging Details:[/HEADING]
    KEY_VALUES_STRING: 1
    Code:
    Key  : Analysis.CPU.mSec
Value: 2374

Key  : Analysis.DebugAnalysisManager
Value: Create

Key  : Analysis.Elapsed.mSec
Value: 6121

Key  : Analysis.Init.CPU.mSec
Value: 655

Key  : Analysis.Init.Elapsed.mSec
Value: 37789

Key  : Analysis.Memory.CommitPeak.Mb
Value: 93

Key  : WER.OS.Branch
Value: vb_release

Key  : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z

Key  : WER.OS.Version
Value: 10.0.19041.1
    BUGCHECK_CODE: 7e

    BUGCHECK_P1: ffffffff80000003

    BUGCHECK_P2: fffff80721c1ab08

    BUGCHECK_P3: ffffdc88cef37488

    BUGCHECK_P4: ffffdc88cef36cc0

    EXCEPTION_RECORD: ffffdc88cef37488 – (.exr 0xffffdc88cef37488)
    ExceptionAddress: fffff80721c1ab08 (nt!DebugPrompt+0x0000000000000018)
    ExceptionCode: 80000003 (Break instruction exception)
    ExceptionFlags: 00000000
    NumberParameters: 1
    Parameter[0]: 0000000000000002

    CONTEXT: ffffdc88cef36cc0 – (.cxr 0xffffdc88cef36cc0)
    rax=0000000000000002 rbx=000000000000005a rcx=fffff80721782d18
    rdx=ffffdc88cef3001f rsi=fffff8072178afc0 rdi=000000000000002f
    rip=fffff80721c1ab07 rsp=ffffdc88cef376c8 rbp=ffffdc88cef37820
    r8=ffffdc88cef37750 r9=0000000000000002 r10=0000000000000000
    r11=0000000000000010 r12=0000000000000408 r13=000000000000012c
    r14=000000000000012c r15=ffffdc88cf9d4710
    iopl=0 nv up ei pl zr na po nc
    cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00040246
    nt!DebugPrompt+0x17:
    fffff807`21c1ab07 cc int 3
    Resetting default scope

    PROCESS_NAME: System

    ERROR_CODE: (NTSTATUS) 0x80000003 - {EXCEPTION} Breakpoint A breakpoint has been reached.

    EXCEPTION_CODE_STR: 80000003

    EXCEPTION_PARAMETER1: 0000000000000002

    EXCEPTION_STR: 0x80000003

    STACK_TEXT:
    ffffdc88[ICODE]cef376c8 fffff807[/ICODE]21d9c3c4 : 00000000[ICODE]0000005a fffff807[/ICODE]2178afc0 00000000[ICODE]0000002f fffff807[/ICODE]2177a8a2 : nt!DebugPrompt+0x17
    ffffdc88[ICODE]cef376d0 fffff807[/ICODE]217bc9ac : 00000000[ICODE]0000005a fffff807[/ICODE]2178afc0 fffff807[ICODE]21782d14 00000000[/ICODE]00000007 : nt!DbgPrompt+0x44
    ffffdc88[ICODE]cef37720 fffff807[/ICODE]217bc36f : 00000000[ICODE]0000002d ffffdf8c[/ICODE]7fc80b90 ffffdf8c[ICODE]7fcbaff0 00000000[/ICODE]00000000 : FLTMGR!FltpvPrintErrors+0x188
    ffffdc88[ICODE]cef379a0 fffff807[/ICODE]21b5d225 : ffffdf8c[ICODE]20498240 ffffdf8c[/ICODE]20498240 ffffdf8c[ICODE]16cae8c0 ffffdc88[/ICODE]cf9d4720 : FLTMGR!FltpvDoLostObjectCheck+0x1ef
    ffffdc88[ICODE]cef37a70 fffff807[/ICODE]21b113b5 : ffffdf8c[ICODE]20498240 00000000[/ICODE]00000080 ffffdf8c[ICODE]16d02080 000fa4ef[/ICODE]bd9bbfff : nt!ExpWorkerThread+0x105
    ffffdc88[ICODE]cef37b10 fffff807[/ICODE]21c1a278 : ffffc180[ICODE]4248b180 ffffdf8c[/ICODE]20498240 fffff807[ICODE]21b11360 00000000[/ICODE]00000000 : nt!PspSystemThreadStartup+0x55
    ffffdc88[ICODE]cef37b60 00000000[/ICODE]00000000 : ffffdc88[ICODE]cef38000 ffffdc88[/ICODE]cef31000 00000000[ICODE]00000000 00000000[/ICODE]00000000 : nt!KiStartSystemThread+0x28

    SYMBOL_NAME: nt!DebugPrompt+18

    MODULE_NAME: nt

    IMAGE_NAME: ntkrnlmp.exe

    STACK_COMMAND: .cxr 0xffffdc88cef36cc0 ; kb

    BUCKET_ID_FUNC_OFFSET: 18

    FAILURE_BUCKET_ID: AV_VRF_nt!DebugPrompt

    OS_VERSION: 10.0.19041.1

    BUILDLAB_STR: vb_release

    OSPLATFORM_TYPE: x64

    OSNAME: Windows 10

    FAILURE_ID_HASH: {f47fc276-52c8-da5f-1a32-8baabfc97af2}
    [HEADING=1]Followup: MachineOwner[/HEADING]
    15: kd> .exr 0xffffdc88cef37488
    ExceptionAddress: fffff80721c1ab08 (nt!DebugPrompt+0x0000000000000018)
    ExceptionCode: 80000003 (Break instruction exception)
    ExceptionFlags: 00000000
    NumberParameters: 1
    Parameter[0]: 0000000000000002
    15: kd> .cxr 0xffffdc88cef36cc0
    rax=0000000000000002 rbx=000000000000005a rcx=fffff80721782d18
    rdx=ffffdc88cef3001f rsi=fffff8072178afc0 rdi=000000000000002f
    rip=fffff80721c1ab07 rsp=ffffdc88cef376c8 rbp=ffffdc88cef37820
    r8=ffffdc88cef37750 r9=0000000000000002 r10=0000000000000000
    r11=0000000000000010 r12=0000000000000408 r13=000000000000012c
    r14=000000000000012c r15=ffffdc88cf9d4710
    iopl=0 nv up ei pl zr na po nc
    cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00040246
    nt!DebugPrompt+0x17:
    fffff807[ICODE]21c1ab07 cc int 3 15: kd> lmvm nt Browse full module list start end module name fffff807[/ICODE]2181c000 fffff807`22862000 nt (pdb symbols) C:\ProgramData\Dbg\sym\ntkrnlmp.pdb\FC57F1C841C2C3 F793D57AC134DC0EFA1\ntkrnlmp.pdb
    Loaded symbol image file: ntkrnlmp.exe
    Mapped memory image file: C:\ProgramData\Dbg\sym\ntoskrnl.exe\05C0E3E0104600 0\ntoskrnl.exe
    Image path: ntkrnlmp.exe
    Image name: ntkrnlmp.exe
    Browse all global symbols functions data
    Image was built with /Brepro flag.
    Timestamp: 05C0E3E0 (This is a reproducible build file hash, not a timestamp)
    CheckSum: 00A5C86C
    ImageSize: 01046000
    Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
    Information from resource tables:
    Tags: None
    • veeg
      PCHF Director
      • Jul 2016
      • 8980
      #2
      Hello

      Download and run and then post.. SysnativeBSODCollectionApp | Sysnative Forums

      Speccy - Free Download
      https://www.ccleaner.com/speccy/download
      Download Speccy - the System Information tool


      To post: CCleaner Support Community

      jmarket @phillpower2

        Comment

        • Eughurt
          PCHF Member
          • Jul 2021
          • 14
          #3
          Originally posted by veeg
          Hello

          Download and run and then post.. SysnativeBSODCollectionApp | Sysnative Forums

          Speccy - Free Download
          https://www.ccleaner.com/speccy/download
          Download Speccy - the System Information tool


          To post: CCleaner Support Community

          @jmarket @phillpower2
          Hello! Thank you very much for replying, it says the uploader files is too large for the server to process for the sysnativefilecollecionapp.

          http://speccy.piriform.com/results/S7fCflgu6bsZ4BF4GbaycBg

            Comment

            • Eughurt
              PCHF Member
              • Jul 2021
              • 14
              #4
              Originally posted by Eughurt
              Hello! Thank you very much for replying, it says the uploader files is too large for the server to process for the sysnativefilecollecionapp.

              http://speccy.piriform.com/results/S7fCflgu6bsZ4BF4GbaycBg
              SysnativeFileCollectionApp.zip
              https://drive.google.com/file/d/1G1IlwYlFJAPKLxK9J934tDHtAvfpZZbK/view?usp=sharing

              This is the sysnative files put into a google drive if you can accept and look at it this way. Thank you again!

                Comment

                • phillpower2
                  PCHF Administrator
                  • Sep 2016
                  • 15206
                  #5
                  The below as a starting point;

                  Windows Defender
                  [COLOR=rgb(184, 49, 47)]Windows Defender: Enabled
                  [COLOR=rgb(184, 49, 47)]Firewall
                  Firewall: Enabled
                  [COLOR=rgb(184, 49, 47)]Display Name: McAfee Firewall
                  Antivirus
                  [COLOR=rgb(184, 49, 47)]Windows Defender
                  Antivirus: Enabled
                  Virus Signature Database: Up to date
                  McAfee VirusScan
                  Antivirus: Disabled
                  Virus Signature Database: Up to date
                  [COLOR=rgb(184, 49, 47)]Malwarebytes
                  Antivirus: Enabled
                  Virus Signature Database: Up to date

                  Having more than one AV or Firewall installed on your computer is bad, it will slow down the computer, cause internet connection problems and leave you with no AV protection at all if they cancel each other out as they fight for resources.

                  Windows 8, 8.1 and 10 come with an improved Windows Defender, it offers the same real-time anti-virus/anti-malware protection as Microsoft Security Essentials. Windows Defender also shares the same malware signature definitions as Microsoft Security Essentials, and Forefront Endpoint Protection. Technically, Microsoft Security Essentials has not been renamed Windows Defender, or combined with it in Windows 8, 8.1 and 10.

                  [COLOR=rgb(184, 49, 47)]If any AV product that you have is a paid for version you should always make sure that you have a copy of the product key kept somewhere safe just in case you ever wish to reinstall it.

                  Malwarebytes removal info here

                  McAfee product removal tool (MCPR) info here

                  [COLOR=rgb(184, 49, 47)]Once any other AV has been correctly uninstalled, check to see if Windows Defender has auto enabled and allow it to update and carry out a full scan of your computer.[/COLOR][/COLOR][/COLOR][/COLOR][/COLOR][/COLOR][/COLOR]

                    Comment

                    • Eughurt
                      PCHF Member
                      • Jul 2021
                      • 14
                      #6
                      Originally posted by phillpower2
                      The below as a starting point;

                      Windows Defender
                      [COLOR=rgb(184, 49, 47)]Windows Defender: Enabled
                      [COLOR=rgb(184, 49, 47)]Firewall
                      Firewall: Enabled
                      [COLOR=rgb(184, 49, 47)]Display Name: McAfee Firewall
                      Antivirus
                      [COLOR=rgb(184, 49, 47)]Windows Defender
                      Antivirus: Enabled
                      Virus Signature Database: Up to date
                      McAfee VirusScan
                      Antivirus: Disabled
                      Virus Signature Database: Up to date
                      [COLOR=rgb(184, 49, 47)]Malwarebytes
                      Antivirus: Enabled
                      Virus Signature Database: Up to date

                      Having more than one AV or Firewall installed on your computer is bad, it will slow down the computer, cause internet connection problems and leave you with no AV protection at all if they cancel each other out as they fight for resources.

                      Windows 8, 8.1 and 10 come with an improved Windows Defender, it offers the same real-time anti-virus/anti-malware protection as Microsoft Security Essentials. Windows Defender also shares the same malware signature definitions as Microsoft Security Essentials, and Forefront Endpoint Protection. Technically, Microsoft Security Essentials has not been renamed Windows Defender, or combined with it in Windows 8, 8.1 and 10.

                      [COLOR=rgb(184, 49, 47)]If any AV product that you have is a paid for version you should always make sure that you have a copy of the product key kept somewhere safe just in case you ever wish to reinstall it.

                      Malwarebytes removal info here

                      McAfee product removal tool (MCPR) info here

                      [COLOR=rgb(184, 49, 47)]Once any other AV has been correctly uninstalled, check to see if Windows Defender has auto enabled and allow it to update and carry out a full scan of your computer.
                      [/COLOR][/COLOR][/COLOR][/COLOR][/COLOR][/COLOR][/COLOR]
                      [COLOR=rgb(184, 49, 47)][COLOR=rgb(184, 49, 47)][COLOR=rgb(184, 49, 47)][COLOR=rgb(184, 49, 47)][COLOR=rgb(184, 49, 47)][COLOR=rgb(184, 49, 47)][COLOR=rgb(184, 49, 47)]
                      I have uninstalled both and full scanned it came up with nothing. Just to make sure things didn’t resolve itself I left my computer running and it is still BSODing.[/color][/color][/color][/color][/color][/color][/color]

                        Comment

                        • phillpower2
                          PCHF Administrator
                          • Sep 2016
                          • 15206
                          #7
                          1. Copy any dmp files from C:\Windows\Minidump onto the desktop.
                          2. Select all of them, right-click on one, and click on Send To> New Compressed (zipped) Folder.
                          3. Upload the zip folder using the Attach button, bottom left of the dialogue input box

                          Can I ask that you do not quote every reply as we have to read the full post to make sure nothing gets missed, thanks.

                            Comment

                            • Eughurt
                              PCHF Member
                              • Jul 2021
                              • 14
                              #8
                              Right, apologies for that.
                              The file was too large to send through the attached files and wouldn’t process. Again a googledrive of the zipped folder if that’s fine. Thanks again.
                              Minidumps.zip
                              https://drive.google.com/file/d/1IbDk8YIAB2elsKOUj4cXkDg7g_X_otu4/view?usp=sharing

                                Comment

                                • phillpower2
                                  PCHF Administrator
                                  • Sep 2016
                                  • 15206
                                  #9
                                  Sorry but can we have the dmps the way that they were requested, your method is wanting me to download a third party extractor which I am not prepared to do, only dmps that are between 1 and 3 days are any use and using my means of getting the dmps to us can more than handle the amount of dmps you have.

                                    Comment

                                    • Eughurt
                                      PCHF Member
                                      • Jul 2021
                                      • 14
                                      #10
                                      It says the uploaded file is too large for the server to process, but I’ll try anyway.

                                        Comment

                                        • Eughurt
                                          PCHF Member
                                          • Jul 2021
                                          • 14
                                          #11
                                          There we go.

                                            Comment

                                            • phillpower2
                                              PCHF Administrator
                                              • Sep 2016
                                              • 15206
                                              #12
                                              Each crash was caused by the same thing Bugcheck 0x18 REFERENCE_BY_POINTER which amongst other things was a known problem with McAfee, see thread here

                                              Your latest crash dmp is a couple of days old so we need to see if the same crash happens again, while we wait, can you post a new Speccy url for us, no rush here as I`m going offline now.

                                                Comment

                                                • Eughurt
                                                  PCHF Member
                                                  • Jul 2021
                                                  • 14
                                                  #13
                                                  http://speccy.piriform.com/results/f53WcJrpCN3GXzORjeyhU0Z

                                                  It still mentions malwarebytes and mcafee, but they are both uninstalled and when opening task manager not in there. Not sure if that’s okay.

                                                    Comment

                                                    • Eughurt
                                                      PCHF Member
                                                      • Jul 2021
                                                      • 14
                                                      #14
                                                      Still crashing.

                                                        Comment

                                                        • phillpower2
                                                          PCHF Administrator
                                                          • Sep 2016
                                                          • 15206
                                                          #15
                                                          The first two crashes were the same as all of the previous but the latest was caused by either plug n play drivers or an actual PnP device failing, first thing we need to do is check to see if we can see any orphaned McAfee or MBAM files that may have been left behind, once done we will look at the PnP issue.

                                                          When you post the Autoruns log can you also let us know if the first two of the latest crashes were before or after McAfee and MBAM had been uninstalled and had the the computer been restarted since their removal, both points are important for us to know.

                                                          Post an Autoruns log for us, see here

                                                          1: Extract the Autoruns Zip file contents to a folder.

                                                          2: Double-click the “Autoruns.exe”.

                                                          3: Click on the "Hide Signed Microsoft and Windows Entries” option.

                                                          4: Go to File then to Export As or Save in some versions.

                                                          5: Save AutoRuns.txt file to known location like your Desktop > when you click on File > Save you will then get the option to Save as type, click the drop down tab, change it to Text and then click the Save button.

                                                          6: Attach to your next reply.

                                                          Tutorial here

                                                            Comment

                                                            Previous 1 2 template Next
                                                            Working...

                                                              We process personal data about users of our site, through the use of cookies and other technologies, to deliver our services, personalize advertising, and to analyze site activity. We may share certain information about our users with our advertising and analytics partners. For additional details, refer to our Privacy Policy.

                                                              By clicking "I AGREE" below, you agree to our Privacy Policy and our personal data processing and cookie practices as described therein. You also acknowledge that this forum may be hosted outside your country and you consent to the collection, storage, and processing of your data in the country where this forum is hosted.

                                                              I Agree