Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Various BSOD errors

- - - - -

Best Answer krepandus , 21 January 2019 - 06:56 AM

No restore points we're created as of the last one, cause there was no new software installed. As I said, I don't use it as much since I started my internship. I'll try to push some limits by redoi... Go to the full post »


  • Please log in to reply

#46
phillpower2

phillpower2

    Mechanised Mod

  • Moderator
  • 23,096 posts

What date is the earliest restore point that you have, it depends on how much storage space you have allocated on the HDD for restore points as to how many you may have available, as new restore points are created old ones may be deleted to make space for the new one.

 

It is long winded installing one thing at a time but it can save you time and trouble in the long run, drivers are being flagged up as the cause in your crash dmp but you should also be aware that bad RAM can also cause the same issue, hence why we are doing this step by step - one install at a time.


  • 0

Advertisements


#47
krepandus

krepandus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

My earliest (viable) restore point is after I installed the Intel Chipset drivers, and there's also one after the NVIDIA drivers. I have a question tho. I only have enabled system restore on drive C: since its the system drive. Now I'm thinking, since I install some apps other than games on the D: drive as well, due to C: being only 128 GB, should a restore point be enabled on D: as well?

 

And, should I then restore to yesterday's point, when all was well, before installing utorrent and iTunes (I just checked the time, it was installed after the restore point), or even before MBAM and other apps?

Also, I did a Memtest before we did all this, 2 passes reported nothing so I stopped the test. I can repeat it if you think it could show something? I've seen some topics saying that the SSD disk could be faulty as well, maybe I should check it too?


  • 0

#48
phillpower2

phillpower2

    Mechanised Mod

  • Moderator
  • 23,096 posts

Stick with restore points on just the Windows C: drive.

 

 

should I then restore to yesterday's point, when all was well, 

 

 

Was MBAM installed before or after this restore point.

 

Can we leave the RAM and SSD out of this for now please.

 

Heading off out for a couple of hrs now but will check back later.


  • 0

#49
krepandus

krepandus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Before the point.

Yeah, sure. Enjoy your Sunday :)
  • 0

#50
phillpower2

phillpower2

    Mechanised Mod

  • Moderator
  • 23,096 posts
Before the point. 

 

 

Use this and test for us if you will.

 

Yeah, sure. Enjoy your Sunday  

 

 

You too  :thumbsup:


  • 0

#51
krepandus

krepandus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

 

Use this and test for us if you will.

 

I assume we're thinking about the same point. Just to note, MBAM will still be installed if I use that one. But never mind that, Windows doesn't let me restore. Tried twice already, was incomplete. Says it couldn't acess a file, probably cause of a antivirus interfering with the restore. Could MBAM or Windows Defender interfere?


  • 0

#52
phillpower2

phillpower2

    Mechanised Mod

  • Moderator
  • 23,096 posts

Both could interfere but would suspect MBAM, disable just MBAM first and if not done so already give the restore point/s another try.


  • 0

#53
krepandus

krepandus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

For some reason, my restore points are gone, all besides one I didnt create, called "Restore Operation". It is on the date of the BSOD tho, but at 6pm, while the BSOD was around noon. 5,94 GB usage is set for the restore points.

On the other side, tho, I haven't had a BSOD since the one on Sunday. I browsed the web, used blender, watched videos, played games high on graphics (basically all the stuff that triggered BSODs back in the past).
I don't know what to make of this.


  • 0

#54
phillpower2

phillpower2

    Mechanised Mod

  • Moderator
  • 23,096 posts

Would suggest that for now you just create a new system restore point and see how things go.


  • 0

#55
krepandus

krepandus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

Nah, scratch that, I just got one BSOD. I had WoW alt-tabbed and discord was up. Happened while I was on the phone. Uploaded the dump.

 

 

 

We're gonna get to the bottom of this, right?  :unsure:

Attached Files


  • 0

Advertisements


#56
phillpower2

phillpower2

    Mechanised Mod

  • Moderator
  • 23,096 posts
Can you run Speccy and post the updated url for us pleased.
 
Three things of note in your crash dmp, Chrome, MBAM and WOW, due to the high level of internet use at the time I strongly suspect that it was MBAM that caused the crash and namely mwac.sys which failed to load, the mwac.sys driver is concerned with MBAMWebProtection see info here
 
Debug session time: Fri Dec 14 16:09:34.821 2018 (UTC - 5:00)
System Uptime: 0 days 15:38:31.581
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************
 
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced.  This cannot be protected by try-except,
it must be protected by a Probe.  Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: ffffe584967a76c0, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff8008fd006fd, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 000000000000000c, (reserved)
 
Debugging Details:
------------------
 
 
Could not read faulting driver name
TRIAGER: Could not open triage file : e:\dump_analysis\program\triage\modclass.ini, error 2
 
READ_ADDRESS: unable to get nt!MmSpecialPoolStart
unable to get nt!MmSpecialPoolEnd
unable to get nt!MmPagedPoolEnd
unable to get nt!MmNonPagedPoolStart
unable to get nt!MmSizeOfNonPagedPoolInBytes
 ffffe584967a76c0 
 
FAULTING_IP: 
nt!NtQueryDirectoryObject+13d
fffff800`8fd006fd 488b1b          mov     rbx,qword ptr [rbx]
 
MM_INTERNAL_CODE:  c
 
CUSTOMER_CRASH_COUNT:  1
 
DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
 
BUGCHECK_STR:  AV
 
PROCESS_NAME:  Wow.exe
 
CURRENT_IRQL:  0
 
TRAP_FRAME:  ffffed827e967720 -- (.trap 0xffffed827e967720)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=00000000000000ba rbx=0000000000000000 rcx=0000000000000018
rdx=fffff8008f81b000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8008fd006fd rsp=ffffed827e9678b0 rbp=ffffed827e967a80
 r8=ffffed827e967888  r9=0000000000000000 r10=7fffffffffffff00
r11=ffffd484a2b3bb00 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl nz na po nc
nt!NtQueryDirectoryObject+0x13d:
fffff800`8fd006fd 488b1b          mov     rbx,qword ptr [rbx] ds:00000000`00000000=0000000000000000
Resetting default scope
 
LAST_CONTROL_TRANSFER:  from fffff8008f87d659 to fffff8008f9c50a0
 
STACK_TEXT:  
ffffed82`7e967468 fffff800`8f87d659 : 00000000`00000050 ffffe584`967a76c0 00000000`00000000 ffffed82`7e967720 : nt!KeBugCheckEx
ffffed82`7e967470 fffff800`8f875228 : 00000000`c0000016 00000000`00000000 ffff8000`00000000 ffff8040`20100800 : nt!MiSystemFault+0xcf9
ffffed82`7e9675b0 fffff800`8f9d27da : 00000000`00000000 00000000`000000ef ffffd484`96426870 00000000`00000020 : nt!MmAccessFault+0x1f8
ffffed82`7e967720 fffff800`8fd006fd : 00000000`00000000 00000000`00004000 00000000`6d4e624f 00000000`00000000 : nt!KiPageFault+0x31a
ffffed82`7e9678b0 fffff800`8f9d5743 : 00000000`00000000 000000eb`ecf8b920 000000eb`00004000 ffffed82`7e967a00 : nt!NtQueryDirectoryObject+0x13d
ffffed82`7e967990 0000024c`9b39c4f4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
000000eb`ecf8b038 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x24c`9b39c4f4
 
 
STACK_COMMAND:  kb
 
FOLLOWUP_IP: 
nt!NtQueryDirectoryObject+13d
fffff800`8fd006fd 488b1b          mov     rbx,qword ptr [rbx]
 
SYMBOL_STACK_INDEX:  4
 
SYMBOL_NAME:  nt!NtQueryDirectoryObject+13d
 
FOLLOWUP_NAME:  MachineOwner
 
MODULE_NAME: nt
 
IMAGE_NAME:  ntkrnlmp.exe
 
DEBUG_FLR_IMAGE_TIMESTAMP:  5c0b7468
 
FAILURE_BUCKET_ID:  X64_AV_nt!NtQueryDirectoryObject+13d
 
BUCKET_ID:  X64_AV_nt!NtQueryDirectoryObject+13d
 
Followup: MachineOwner
---------

  • 0

#57
krepandus

krepandus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

Sure: http://speccy.pirifo...KcuNZPPAYGpRhCh


  • 0

#58
phillpower2

phillpower2

    Mechanised Mod

  • Moderator
  • 23,096 posts

All I am seeing there is problems with the internet connection.

 

For now I would suggest that you uninstall MBAM using the Malwarebytes removal info here

 

Once MBAM has been removed, use the computer as you normally would, post back if you get another BSOD without MBAM installed.


  • 0

#59
krepandus

krepandus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

Sadly, it didn't help. Just got another one while playing wow. Discord and Chrome were active in the background as well. Can it maybe be a faulty network driver?

Attached Files


  • 0

#60
phillpower2

phillpower2

    Mechanised Mod

  • Moderator
  • 23,096 posts

I could be wrong but I suspect that the previous crash/es and this latest one may be unconnected and if they are at all related it is a memory issue, please see below[

 

System Uptime: 0 days 4:56:58.619
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************
 
FAULTY_HARDWARE_CORRUPTED_PAGE (12b)
This bugcheck indicates that a single bit error was found in this page.  This is a hardware memory error.
Arguments:
Arg1: ffffffffc00002c4, virtual address mapping the corrupted page
Arg2: 0000000000000622, physical page number
Arg3: 000000003590f3c0, zero
Arg4: ffff9700fb5ce000, zero
 
Debugging Details:
------------------
 
TRIAGER: Could not open triage file : e:\dump_analysis\program\triage\modclass.ini, error 2
 
BUGCHECK_STR:  PAGE_NOT_ZERO
 
CUSTOMER_CRASH_COUNT:  1
 
DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
 
PROCESS_NAME:  MemCompression
 
CURRENT_IRQL:  0
 
STACK_TEXT:  
fffff30a`a9f17148 fffff803`858c3e2c : 00000000`0000012b ffffffff`c00002c4 00000000`00000622 00000000`3590f3c0 : nt!KeBugCheckEx
fffff30a`a9f17150 fffff803`8582e4a2 : 00000000`00000200 00000000`00000003 ffffc300`f4892050 00000000`3590f3c0 : nt!ST_STORE::StDmPageError+0xf0
fffff30a`a9f171a0 fffff803`857713dd : 00000000`00000004 fffff30a`a9f173b0 00000000`00000000 00000000`0000190f : nt!ST_STORE::StDmSinglePageCopy+0xbd09e
fffff30a`a9f17280 fffff803`857712a2 : 00000000`00000001 00000000`0001f3c0 fffff30a`0001f3c0 00000000`0000e000 : nt!ST_STORE::StDmSinglePageTransfer+0x95
fffff30a`a9f172d0 fffff803`857710cd : 00000000`ffffffff ffffc300`f807d000 fffff30a`a9f173b0 ffffc300`f361d2e0 : nt!ST_STORE::StDmpSinglePageRetrieve+0x186
fffff30a`a9f17370 fffff803`85770f21 : ffffc300`f807d000 fffff803`00000000 ffffc300`00000001 ffffc300`f4893788 : nt!ST_STORE::StDmPageRetrieve+0xc1
fffff30a`a9f17420 fffff803`85770e31 : ffffc300`f4892000 ffffc300`f361d2e0 ffffc300`f807d000 ffffc300`f48939b0 : nt!SMKM_STORE::SmStDirectReadIssue+0x85
fffff30a`a9f174a0 fffff803`856de17a : ffffc300`f3f5b080 fffff30a`a9f17570 00000000`00000000 00000000`00000001 : nt!SMKM_STORE::SmStDirectReadCallout+0x21
fffff30a`a9f174d0 fffff803`85773a6d : fffff803`85770e10 fffff30a`a9f17570 00000000`00000003 ffffc300`f807d000 : nt!KeExpandKernelStackAndCalloutInternal+0x8a
fffff30a`a9f17530 fffff803`85634bb1 : fffff30a`a9f17630 fffff803`85634755 00000000`00000000 fffff803`8577301c : nt!SMKM_STORE::SmStDirectRead+0xad
fffff30a`a9f17600 fffff803`856345f2 : 00000000`00000000 00000000`00000000 fffff30a`a9f176b0 ffffc300`f361d2e0 : nt!SMKM_STORE::SmStWorkItemQueue+0x1b1
fffff30a`a9f17650 fffff803`85772d80 : 00000000`0000000c 00000000`0000000e ffffc300`f361d2e0 ffffc300`f1f01310 : nt!SMKM_STORE_MGR::SmIoCtxQueueWork+0xce
fffff30a`a9f176d0 fffff803`85774426 : 00000000`0000000e ffffc300`f1f013c8 00000000`00000000 ffffc300`f4892000 : nt!SMKM_STORE_MGR::SmPageRead+0x168
fffff30a`a9f17740 fffff803`85697582 : 00000000`00000000 ffffc300`f4fc0580 fffff30a`a9f17820 fffff803`8567ac76 : nt!SmPageRead+0x2e
fffff30a`a9f17790 fffff803`856956a4 : 00000000`00000002 fffff30a`a9f17820 00000000`00000001 8a000001`73fb1825 : nt!MiIssueHardFaultIo+0x122
fffff30a`a9f177e0 fffff803`856793b4 : 00000000`c0033333 00000000`00000001 00000206`89a661c1 fffff30a`00000000 : nt!MiIssueHardFault+0x234
fffff30a`a9f17890 fffff803`857d67da : 00000000`0000008b 00000000`00000464 00007fff`4c7823a0 00000000`001d8170 : nt!MmAccessFault+0x384
fffff30a`a9f17a00 00007fff`4bc6d3ad : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x31a
000000ad`4c4fba90 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7fff`4bc6d3ad
 
 
STACK_COMMAND:  kb
 
SYMBOL_NAME:  REGION_PAGED_OUT
 
FOLLOWUP_NAME:  MachineOwner
 
MODULE_NAME: hardware
 
IMAGE_NAME:  hardware
 
DEBUG_FLR_IMAGE_TIMESTAMP:  0
 
FAILURE_BUCKET_ID:  X64_PAGE_NOT_ZERO_REGION_PAGED_OUT
 
BUCKET_ID:  X64_PAGE_NOT_ZERO_REGION_PAGED_OUT
 
Followup: MachineOwner
---------
 
You may recall that I mentioned the following:
 
All I am seeing there is problems with the internet connection.

 

 

How many tabs are you opening and leaving open, RAM is only intended to be used as a temporary means of storage so perhaps you are overloading things, not saying this for sure but looking at the que of waiting traffic in your Speccy report it is a possibility, see info here read the info, then post back and we can post the steps for properly testing your RAM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP