Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random BSOD (been diagnosing it for 3 months)


  • Please log in to reply
1 reply to this topic

#1 BSDetective

BSDetective

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 15 September 2017 - 07:54 AM

Hi,

 

I really hoped i will be able to figure it myself what the hell is causing the BSODs. Being a sysadmin myself i read many tutorials about crash dump analysis but somehow i've never could find a connection/pattern in my dump analysis attempts.

 

The crashes struck randomly sometimes when i'm browsing in Chrome, or when i'm RDP ing and even when i'm gaming.

 

  • I've run memtest86 (8-10 hours+), Furmark for up to 15 hours, CPU burn tests but all passed every time.
  • Driver verifier found a few problematic drivers (KILLER E2400 network driver which was fixed replacing old drivers with the newest one, Logitech G402 driver LGBusEnum.sys which was fixed by disabling Logitech Gaming Virtual Bus Enumerator in Device Manager) which were fixed and now my system runs with the Verifier without crashing.
  • Tried various AMD Radeon drivers with clean uninstall/install (Guru3d Display Driver Uninstaller)

 

Still, although fewer BSODs but i still get them sometimes more than once a day, sometimes once a day or just once every 2 days)

 

System specs: http://speccy.piriform.com/results/fXIQfTb1MEKpVSEMO8HodIN

 

Attached File  SysnativeFileCollectionApp.zip   1.37MB   4 downloads


Edited by BSDetective, 15 September 2017 - 07:55 AM.


BC AdBot (Login to Remove)

 


#2 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:12:14 PM

Posted 16 September 2017 - 06:09 AM

In general, random errors are due to hardware problems.
Unfortunately, there's a lot of components in a system that don't have diagnostics.  So figuring out which component is difficult.

 

Next, if it's not hardware, then it's usually a compatibility issue or a low-level driver issue.

There's not much you can do about compatibility.  The most effective troubleshooting tool is to try the previous version/OS and see if the problem persists there.

As for the low-level drivers, the most effective tool is Driver Verifier - but even that's not 100% accurate (as you've found out).

Low-level drivers is a very imprecise term that I use to describe things like chipset, graphics, storage drivers.

 

So, let's have a look at the reports and see what's there that may be causing problems.

 

Your UEFI/BIOS (version F23a) dates from 30 June 2017.  Please check at the manufacturer's website to see if there are any UEFI/BIOS updates available for your system.  This is just in case there has been a more recent update.
FYI - W8 and W10 communicate more with the UEFI/BIOS than previous versions of Windows, so it's important to ensure that the UEFI/BIOS is kept up to date (and that outdated UEFI/BIOS' may be the cause of some compatibility issues).

Only 3 Windows Update hotfixes installed.  Most build 15063 (1703) systems have more than this.  Please visit Windows Update and get ALL available Windows Updates.
The actual number is not important.  Rather it's important that you checked manually, installed any available updates, and didn't experience any errors when checking or updating.

This device is disabled in Device Manager:

 

Logitech Gaming Virtual Bus Enumerator    ROOT\SYSTEM\0001    This device is disabled.

Device drivers load early in the boot process.  If a device is disabled, that's done after the driver has loaded.  As such, the driver remains loaded into memory and can affect operations in the kernel space (and can cause crashes).
As such, I suggest re-enabling the device and uninstalling the software that installed it (which should uninstall that disabled device)

If you must have that device installed, then I suggest that you still uninstall it's software - but then install a freshly downloaded copy of the latest, W10 compatible version available from the manufacturer.

 

Out of 5 memory dumps there were 4 different BSOD  (aka STOP or BugCheck) error codes.  The differing error codes are usually symptomatic of a lower level problem within the system. They are usually caused by one of these things (the list is not in any sort of order):
- borked (broken) hardware (several different procedures used to isolate the problem device)
- BIOS issues (check for updates at the motherboard manufacturer's website)
- overclocking/overheating - You'll know if you're overclocking or not. If uncertain we can suggest things to check.
- dirt/dust/hair/fur/crud inside the case.  Blow out the case/vents with canned air (DO NOT use an air compressor or vacuum as they can cause damage to the system)
- missing Windows Updates
- compatibility issues (3rd party hardware/drivers), older systems, or even pirated systems
- low-level driver problems
- or even malware (scanned for when we ask for hardware diagnostics from http://www.carrona.org/initdiag.html or http://www.carrona.org/hwdiag.html ).

Please get a head start on the hardware diagnostics - they are located here:  http://www.carrona.org/hwdiag.html
Please finish ALL of them and let us know the results.

If all the hardware tests pass, then there's 2 different things to try:

- a "clean" install of Windows (this'll help to rule out both Windows and 3rd party driver problems), or

- proceed straight to troubleshooting by hardware stripdown:  http://www.carrona.org/strpdown.html

 

One thing that you can try to make it easier on yourself is to image the hard drive(s) so that you can put the system back the way that it was.
That way you can test for the "clean" install - and still be able to go back to the original system setup if needed.

 

Just FYI - here's my thoughts on a clean install:

 

A clean install is:
- Windows is installed to a freshly partitioned hard drive with legitimate installation media (W10:  https://www.microsoft.com/en-us/software-download/windows10 ).
- The installation media is only a copy of Windows, not the OEM recovery disks that you can make on some systems.
- Windows is fully updated after it's installed.  That's ALL updates - none excepted.
- NO 3rd party software is installed.
- There are no errors in Device Manager (if you find any, post back for suggestions).

This will wipe everything off of the computer, so it's advisable to backup your stuff first.
Also, it will wipe out all the special software that the OEM added to the system, so if you rely on any of that - let us know what it is so we can figure out a way to save/download it (the easiest way is to create/obtain the OEM;s recovery media)

If unable to find recovery media that has the software (or if you suspect that this is a hardware problem), you can make an image of your system that'll preserve everything in the state that it was in when you made the image.
One drawback to this is that you're making an image of a malfunctioning system - so, if there are errors in the system software, you'll have a nice copy of them :(
Another drawback is that the image of the system will be very large - so you'll most likely need a large external drive to store it on.
But, this will allow you to save everything on the hard drive (although you'll need an image viewer to get things out of the image).
The point here is that, if it's a hardware problem, then you can restore the system to the point it was when you made the image - after you repair the hardware problem.
You can obtain more info on imaging in the Backup/Imaging/DiskMgmt forums located here:  http://www.bleepingcomputer.com/forums/f/238/backup-imaging-and-disk-management-software/

The point of doing this (the clean install) is to:
- rule out Windows as a problem (if the problem continues, it's not a Windows problem as you completely replaced Windows
- rule out 3rd party software (if the problem continues, it's not a 3rd party software problem as you didn't install any 3rd party software)
- so, if the problem continues, it must be a hardware problem.

OTOH, if the problem stops, then it was either a Windows or 3rd party software problem.  If the problem doesn't come back, then you've fixed it.  Then all that remains is setting the computer back up the way that you'd like it and importing your data from the backup you made.

 

I can't be certain that this is a hardware problem.  There's a possibility of it being a software issue IMO - just can't pin it down (in some of the stack text I saw what could have been errors from user-mode processes - which may mean something or may just be a coincidence).

 

Analysis:
The following is for information purposes only.
The following information contains the relevant information from the blue screen analysis:
**************************Fri Sep 15 08:26:01.447 2017 (UTC - 4:00)**************************
Loading Dump File [C:\Users\john\SysnativeBSODApps\091517-5140-01.dmp]
Windows 10 Kernel Version 15063 MP (4 procs) Free x64
Built by: 15063.0.amd64fre.rs2_release.170317-1834
System Uptime:2 days 12:15:16.113
Probably caused by :win32kfull.sys ( win32kfull!DestroyThreadsHotKeys+63 )
BugCheck 3B, {c0000005, ffffc8248a123613, ffffb680a84e1c80, 0}
BugCheck Info: SYSTEM_SERVICE_EXCEPTION (3b)
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: ffffc8248a123613, Address of the instruction which caused the bugcheck
Arg3: ffffb680a84e1c80, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
BUGCHECK_STR:  0x3B
DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
PROCESS_NAME:  mstsc.exe
FAILURE_BUCKET_ID: 0x3B_win32kfull!DestroyThreadsHotKeys
CPUID:        "Intel® Core™ i5-6600 CPU @ 3.30GHz"
MaxSpeed:     3300
CurrentSpeed: 3312
  BIOS Version                  F23a
  BIOS Release Date             06/30/2017
  Manufacturer                  Gigabyte Technology Co., Ltd.
  Product Name                  Z170-Gaming K3
  Baseboard Product             Z170-Gaming K3-CF
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Mon Sep 11 18:26:42.220 2017 (UTC - 4:00)**************************
Loading Dump File [C:\Users\john\SysnativeBSODApps\091117-4828-01.dmp]
Windows 10 Kernel Version 15063 MP (4 procs) Free x64
Built by: 15063.0.amd64fre.rs2_release.170317-1834
System Uptime:1 days 10:11:55.965
Probably caused by :memory_corruption ( nt!MiDispatchFault+152 )
BugCheck A, {ffffc27fe7676778, 2, 0, fffff802988abf02}
BugCheck Info: IRQL_NOT_LESS_OR_EQUAL (a)
Arguments:
Arg1: ffffc27fe7676778, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, bitfield :
    bit 0 : value 0 = read operation, 1 = write operation
    bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff802988abf02, address which referenced memory
BUGCHECK_STR:  AV
DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
PROCESS_NAME:  chrome.exe
FAILURE_BUCKET_ID: AV_nt!MiDispatchFault
CPUID:        "Intel® Core™ i5-6600 CPU @ 3.30GHz"
MaxSpeed:     3300
CurrentSpeed: 3312
  BIOS Version                  F23a
  BIOS Release Date             06/30/2017
  Manufacturer                  Gigabyte Technology Co., Ltd.
  Product Name                  Z170-Gaming K3
  Baseboard Product             Z170-Gaming K3-CF
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Sun Sep 10 08:14:24.131 2017 (UTC - 4:00)**************************
Loading Dump File [C:\Users\john\SysnativeBSODApps\091017-4828-01.dmp]
Windows 10 Kernel Version 15063 MP (4 procs) Free x64
Built by: 15063.0.amd64fre.rs2_release.170317-1834
System Uptime:0 days 16:45:50.147
*** WARNING: Unable to verify timestamp for atikmdag.sys
*** ERROR: Module load completed but symbols could not be loaded for atikmdag.sys
Probably caused by :Pool_Corruption ( nt!ExDeferredFreePool+22d4 )
BugCheck 139, {3, ffff93803d61aec0, ffff93803d61ae18, 0}
BugCheck Info: KERNEL_SECURITY_CHECK_FAILURE (139)
Arguments:
Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
Arg2: ffff93803d61aec0, Address of the trap frame for the exception that caused the bugcheck
Arg3: ffff93803d61ae18, Address of the exception record for the exception that caused the bugcheck
Arg4: 0000000000000000, Reserved
BUGCHECK_STR:  0x139
PROCESS_NAME:  RainbowSix.exe
FAILURE_BUCKET_ID: 0x139_3_CORRUPT_LIST_ENTRY_nt!ExDeferredFreePool
CPUID:        "Intel® Core™ i5-6600 CPU @ 3.30GHz"
MaxSpeed:     3300
CurrentSpeed: 3312
  BIOS Version                  F23a
  BIOS Release Date             06/30/2017
  Manufacturer                  Gigabyte Technology Co., Ltd.
  Product Name                  Z170-Gaming K3
  Baseboard Product             Z170-Gaming K3-CF
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Sat Sep  9 15:28:10.189 2017 (UTC - 4:00)**************************
Loading Dump File [C:\Users\john\SysnativeBSODApps\090917-4562-01.dmp]
Windows 10 Kernel Version 15063 MP (4 procs) Free x64
Built by: 15063.0.amd64fre.rs2_release.170317-1834
System Uptime:0 days 3:36:41.933
*** WARNING: Unable to verify timestamp for win32k.sys
*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
Probably caused by :dxgmms2.sys ( dxgmms2+160c0 )
BugCheck 3B, {c0000005, fffff803c57260c0, ffffa500cdab41d0, 0}
BugCheck Info: SYSTEM_SERVICE_EXCEPTION (3b)
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff803c57260c0, Address of the instruction which caused the bugcheck
Arg3: ffffa500cdab41d0, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
BUGCHECK_STR:  0x3B
DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
PROCESS_NAME:  QuakeChampions.exe
FAILURE_BUCKET_ID: 0x3B_dxgmms2!unknown_function
CPUID:        "Intel® Core™ i5-6600 CPU @ 3.30GHz"
MaxSpeed:     3300
CurrentSpeed: 3312
  BIOS Version                  F23a
  BIOS Release Date             06/30/2017
  Manufacturer                  Gigabyte Technology Co., Ltd.
  Product Name                  Z170-Gaming K3
  Baseboard Product             Z170-Gaming K3-CF
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Sat Sep  9 11:50:51.602 2017 (UTC - 4:00)**************************
Loading Dump File [C:\Users\john\SysnativeBSODApps\090917-6078-01.dmp]
Windows 10 Kernel Version 15063 MP (4 procs) Free x64
Built by: 15063.0.amd64fre.rs2_release.170317-1834
System Uptime:0 days 16:45:26.347
*** ERROR: Module load completed but symbols could not be loaded for fileinfo.sys
Probably caused by :fileinfo.sys ( fileinfo+d970 )
BugCheck 3B, {c0000005, fffff803637279d8, ffff8f8054c1c670, 0}
BugCheck Info: SYSTEM_SERVICE_EXCEPTION (3b)
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff803637279d8, Address of the instruction which caused the bugcheck
Arg3: ffff8f8054c1c670, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
BUGCHECK_STR:  0x3B
DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
PROCESS_NAME:  chrome.exe
FAILURE_BUCKET_ID: 0x3B_fileinfo!unknown_function
CPUID:        "Intel® Core™ i5-6600 CPU @ 3.30GHz"
MaxSpeed:     3300
CurrentSpeed: 3312
  BIOS Version                  F23a
  BIOS Release Date             06/30/2017
  Manufacturer                  Gigabyte Technology Co., Ltd.
  Product Name                  Z170-Gaming K3
  Baseboard Product             Z170-Gaming K3-CF
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``

 

FYI - the drivers that start with MpKslf....  are dynamically generated drivers used by Windows Defender.

The dump_stornvme.sys driver is just a copy of the stornvme.sys driver that the system makes in case of a crash (to make sure that the crashed system has enough drivers to write the crash dump to disk).  More info on crash dump generation here:  http://www.carrona.org/dumpgen.html


3rd Party Drivers:
The following is for information purposes only.
My recommendations were given above. The drivers that follow belong to software or devices that were not developed by Microsoft.  You can find links to the driver information and where to update the drivers in the section after the code box:

**************************Fri Sep 15 08:26:01.447 2017 (UTC - 4:00)**************************
dump_stornvme.sys           Tue Mar 13 03:19:09 2001 (3AADC9ED)
lvrs64.sys                  Mon Oct 22 22:11:24 2012 (5085FCCC)
MpKslbe139bbd.sys           Tue May 19 21:50:37 2015 (555BE86D)
lgcoretemp.sys              Tue Jun  9 12:52:10 2015 (557719BA)
asmtxhci.sys                Mon Apr 11 02:15:42 2016 (570B410E)
asmthub3.sys                Mon Apr 11 02:16:03 2016 (570B4123)
AtihdWT6.sys                Sat Mar 25 17:04:05 2017 (58D6DB45)
RTKVHD64.sys                Wed Jun 14 01:58:31 2017 (5940D087)
TeeDriverW8x64.sys          Tue Jun 20 12:35:20 2017 (59494EC8)
e2xw10x64.sys               Tue Aug  8 17:25:01 2017 (598A2C2D)
atikmpag.sys                Tue Sep  5 11:24:14 2017 (59AEC19E)
atikmdag.sys                Tue Sep  5 12:35:39 2017 (59AED25B)
intelppm.sys                ***** Invalid 2007 Invalid 2007 Invalid
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Mon Sep 11 18:26:42.220 2017 (UTC - 4:00)**************************
MpKslf651e273.sys           Tue May 19 21:50:37 2015 (555BE86D)
MpKsl1f9d700e.sys           Tue May 19 21:50:37 2015 (555BE86D)
MpKsl87237910.sys           Tue May 19 21:50:37 2015 (555BE86D)
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Sun Sep 10 08:14:24.131 2017 (UTC - 4:00)**************************
BEDaisy.sys                 Tue Jan 10 22:01:10 2017 (58759FF6)
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Sat Sep  9 15:28:10.189 2017 (UTC - 4:00)**************************
MpKsl9aa2b3e1.sys           Tue May 19 21:50:37 2015 (555BE86D)

dump_stornvme.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
http://www.carrona.org/drivers/driver.php?id=lvrs64.sys
MpKslbe139bbd.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
http://www.carrona.org/drivers/driver.php?id=lgcoretemp.sys
http://www.carrona.org/drivers/driver.php?id=asmtxhci.sys
http://www.carrona.org/drivers/driver.php?id=asmthub3.sys
http://www.carrona.org/drivers/driver.php?id=AtihdWT6.sys
http://www.carrona.org/drivers/driver.php?id=RTKVHD64.sys
http://www.carrona.org/drivers/driver.php?id=TeeDriverW8x64.sys
http://www.carrona.org/drivers/driver.php?id=e2xw10x64.sys
http://www.carrona.org/drivers/driver.php?id=atikmpag.sys
http://www.carrona.org/drivers/driver.php?id=atikmdag.sys
http://www.carrona.org/drivers/driver.php?id=intelppm.sys
MpKslf651e273.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
MpKsl1f9d700e.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
MpKsl87237910.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
http://www.carrona.org/drivers/driver.php?id=BEDaisy.sys
MpKsl9aa2b3e1.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
 


Edited by usasma, 16 September 2017 - 06:16 AM.

My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users