T
Tim223322
Guest
Good afternoon. I recently upgraded from Windows 7 to windows 10 and my machine blue screens about every 20 minutes now.
I have ran MS debugging tool. Output below. I have tried tried using Verifier to isolate the issue and I got "Driver Verifier Detected Violation" usbfilter.sys
I tried pulling that out that driver but the machine still blue screens(Renamed file). I uninstalled all AV including defender(disabled). I tried uninstalling the graphic card nvidia driver and that has not helped. If I run safe mode, then all is well.. I also have two usb devices that device manager doesn't detect. I'm using the drivers provided by the manufacturer and have flashed my BIOS to newest version. Any ideas?
Microsoft (R) Windows Debugger Version 10.0.18362.1 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\MEMORY.DMP]
Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 18362 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 18362.1.amd64fre.19h1_release.190318-1202
Machine Name:
Kernel base = 0xfffff804`6c800000 PsLoadedModuleList = 0xfffff804`6cc475b0
Debug session time: Wed Nov 6 14:26:29.562 2019 (UTC - 6:00)
System Uptime: 0 days 0:11:28.364
Loading Kernel Symbols
...............................................................
................................................................
.............................................
Loading User Symbols
....................
Loading unloaded module list
..................................................
For analysis of this file, run !analyze -v
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
CRITICAL_PROCESS_DIED (ef)
A critical system process died
Arguments:
Arg1: ffff838f38c39140, Process object or thread object
Arg2: 0000000000000000, If this is 0, a process died. If this is 1, a thread died.
Arg3: 0000000000000000
Arg4: 0000000000000000
Debugging Details:
------------------
KEY_VALUES_STRING: 1
PROCESSES_ANALYSIS: 1
SERVICE_ANALYSIS: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 401
BUILD_VERSION_STRING: 18362.1.amd64fre.19h1_release.190318-1202
SYSTEM_MANUFACTURER: To be filled by O.E.M.
SYSTEM_PRODUCT_NAME: To be filled by O.E.M.
SYSTEM_SKU: To be filled by O.E.M.
SYSTEM_VERSION: To be filled by O.E.M.
BIOS_VENDOR: American Megatrends Inc.
BIOS_VERSION: 1703
BIOS_DATE: 10/17/2012
BASEBOARD_MANUFACTURER: ASUSTeK COMPUTER INC.
BASEBOARD_PRODUCT: Crosshair V Formula
BASEBOARD_VERSION: Rev 1.xx
DUMP_TYPE: 1
BUGCHECK_P1: ffff838f38c39140
BUGCHECK_P2: 0
BUGCHECK_P3: 0
BUGCHECK_P4: 0
PROCESS_NAME: csrss.exe
CRITICAL_PROCESS: csrss.exe
EXCEPTION_RECORD: ffff81c0e0703000 -- (.exr 0xffff81c0e0703000)
ExceptionAddress: 0000000000000000
ExceptionCode: 2a97c867
ExceptionFlags: 0a000001
NumberParameters: 0
EXCEPTION_CODE: (Win32) 0x2a97c867 (714590311) - <Unable to get error code text>
ERROR_CODE: (NTSTATUS) 0x2a97c867 - <Unable to get error code text>
CPU_COUNT: 8
CPU_MHZ: c26
CPU_VENDOR: AuthenticAMD
CPU_FAMILY: 15
CPU_MODEL: 1
CPU_STEPPING: 2
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXWINLOGON: 1
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
BUGCHECK_STR: 0xEF
CURRENT_IRQL: 0
EXCEPTION_CODE_STR: 2a97c867
ANALYSIS_SESSION_HOST: TIMBOSLICE
ANALYSIS_SESSION_TIME: 11-06-2019 14:41:30.0904
ANALYSIS_VERSION: 10.0.18362.1 amd64fre
TRAP_FRAME: ffff800000000000 -- (.trap 0xffff800000000000)
Unable to read trap frame at ffff8000`00000000
LAST_CONTROL_TRANSFER: from fffff8046d0ca0e9 to fffff8046c9c10a0
THREAD_SHA1_HASH_MOD_FUNC: 7a63ba89a1edd263c2bf27bfe9859b607de294c7
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 7799028204c6123204d14461820d895f2fbcbf4a
THREAD_SHA1_HASH_MOD: fce349dc646e593f08044dc37b873c2ca743b272
FOLLOWUP_IP:
ntdll!RtlDispatchException+ec
00007ffa`a294a16c 482be1 sub rsp,rcx
FAULT_INSTR_CODE: 4ce12b48
SYMBOL_STACK_INDEX: b
SYMBOL_NAME: ntdll!RtlDispatchException+ec
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: ntdll
IMAGE_NAME: ntdll.dll
DEBUG_FLR_IMAGE_TIMESTAMP: 0
IMAGE_VERSION: 10.0.18362.356
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: ec
FAILURE_BUCKET_ID: 0xEF_csrss.exe_BUGCHECK_CRITICAL_PROCESS_38ff1580_ntdll!RtlDispatchException
BUCKET_ID: 0xEF_csrss.exe_BUGCHECK_CRITICAL_PROCESS_38ff1580_ntdll!RtlDispatchException
PRIMARY_PROBLEM_CLASS: 0xEF_csrss.exe_BUGCHECK_CRITICAL_PROCESS_38ff1580_ntdll!RtlDispatchException
TARGET_TIME: 2019-11-06T20:26:29.000Z
OSBUILD: 18362
OSSERVICEPACK: 356
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: unknown_date
BUILDDATESTAMP_STR: 190318-1202
BUILDLAB_STR: 19h1_release
BUILDOSVER_STR: 10.0.18362.1.amd64fre.19h1_release.190318-1202
ANALYSIS_SESSION_ELAPSED_TIME: 26f4
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0xef_csrss.exe_bugcheck_critical_process_38ff1580_ntdll!rtldispatchexception
FAILURE_ID_HASH: {135d3413-5031-6aa5-cb5b-9899eaf344a0}
Followup: MachineOwner
---------
More...
I have ran MS debugging tool. Output below. I have tried tried using Verifier to isolate the issue and I got "Driver Verifier Detected Violation" usbfilter.sys
I tried pulling that out that driver but the machine still blue screens(Renamed file). I uninstalled all AV including defender(disabled). I tried uninstalling the graphic card nvidia driver and that has not helped. If I run safe mode, then all is well.. I also have two usb devices that device manager doesn't detect. I'm using the drivers provided by the manufacturer and have flashed my BIOS to newest version. Any ideas?
Microsoft (R) Windows Debugger Version 10.0.18362.1 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\MEMORY.DMP]
Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 18362 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 18362.1.amd64fre.19h1_release.190318-1202
Machine Name:
Kernel base = 0xfffff804`6c800000 PsLoadedModuleList = 0xfffff804`6cc475b0
Debug session time: Wed Nov 6 14:26:29.562 2019 (UTC - 6:00)
System Uptime: 0 days 0:11:28.364
Loading Kernel Symbols
...............................................................
................................................................
.............................................
Loading User Symbols
....................
Loading unloaded module list
..................................................
For analysis of this file, run !analyze -v
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
CRITICAL_PROCESS_DIED (ef)
A critical system process died
Arguments:
Arg1: ffff838f38c39140, Process object or thread object
Arg2: 0000000000000000, If this is 0, a process died. If this is 1, a thread died.
Arg3: 0000000000000000
Arg4: 0000000000000000
Debugging Details:
------------------
KEY_VALUES_STRING: 1
PROCESSES_ANALYSIS: 1
SERVICE_ANALYSIS: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 401
BUILD_VERSION_STRING: 18362.1.amd64fre.19h1_release.190318-1202
SYSTEM_MANUFACTURER: To be filled by O.E.M.
SYSTEM_PRODUCT_NAME: To be filled by O.E.M.
SYSTEM_SKU: To be filled by O.E.M.
SYSTEM_VERSION: To be filled by O.E.M.
BIOS_VENDOR: American Megatrends Inc.
BIOS_VERSION: 1703
BIOS_DATE: 10/17/2012
BASEBOARD_MANUFACTURER: ASUSTeK COMPUTER INC.
BASEBOARD_PRODUCT: Crosshair V Formula
BASEBOARD_VERSION: Rev 1.xx
DUMP_TYPE: 1
BUGCHECK_P1: ffff838f38c39140
BUGCHECK_P2: 0
BUGCHECK_P3: 0
BUGCHECK_P4: 0
PROCESS_NAME: csrss.exe
CRITICAL_PROCESS: csrss.exe
EXCEPTION_RECORD: ffff81c0e0703000 -- (.exr 0xffff81c0e0703000)
ExceptionAddress: 0000000000000000
ExceptionCode: 2a97c867
ExceptionFlags: 0a000001
NumberParameters: 0
EXCEPTION_CODE: (Win32) 0x2a97c867 (714590311) - <Unable to get error code text>
ERROR_CODE: (NTSTATUS) 0x2a97c867 - <Unable to get error code text>
CPU_COUNT: 8
CPU_MHZ: c26
CPU_VENDOR: AuthenticAMD
CPU_FAMILY: 15
CPU_MODEL: 1
CPU_STEPPING: 2
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXWINLOGON: 1
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
BUGCHECK_STR: 0xEF
CURRENT_IRQL: 0
EXCEPTION_CODE_STR: 2a97c867
ANALYSIS_SESSION_HOST: TIMBOSLICE
ANALYSIS_SESSION_TIME: 11-06-2019 14:41:30.0904
ANALYSIS_VERSION: 10.0.18362.1 amd64fre
TRAP_FRAME: ffff800000000000 -- (.trap 0xffff800000000000)
Unable to read trap frame at ffff8000`00000000
LAST_CONTROL_TRANSFER: from fffff8046d0ca0e9 to fffff8046c9c10a0
THREAD_SHA1_HASH_MOD_FUNC: 7a63ba89a1edd263c2bf27bfe9859b607de294c7
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 7799028204c6123204d14461820d895f2fbcbf4a
THREAD_SHA1_HASH_MOD: fce349dc646e593f08044dc37b873c2ca743b272
FOLLOWUP_IP:
ntdll!RtlDispatchException+ec
00007ffa`a294a16c 482be1 sub rsp,rcx
FAULT_INSTR_CODE: 4ce12b48
SYMBOL_STACK_INDEX: b
SYMBOL_NAME: ntdll!RtlDispatchException+ec
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: ntdll
IMAGE_NAME: ntdll.dll
DEBUG_FLR_IMAGE_TIMESTAMP: 0
IMAGE_VERSION: 10.0.18362.356
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: ec
FAILURE_BUCKET_ID: 0xEF_csrss.exe_BUGCHECK_CRITICAL_PROCESS_38ff1580_ntdll!RtlDispatchException
BUCKET_ID: 0xEF_csrss.exe_BUGCHECK_CRITICAL_PROCESS_38ff1580_ntdll!RtlDispatchException
PRIMARY_PROBLEM_CLASS: 0xEF_csrss.exe_BUGCHECK_CRITICAL_PROCESS_38ff1580_ntdll!RtlDispatchException
TARGET_TIME: 2019-11-06T20:26:29.000Z
OSBUILD: 18362
OSSERVICEPACK: 356
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: unknown_date
BUILDDATESTAMP_STR: 190318-1202
BUILDLAB_STR: 19h1_release
BUILDOSVER_STR: 10.0.18362.1.amd64fre.19h1_release.190318-1202
ANALYSIS_SESSION_ELAPSED_TIME: 26f4
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0xef_csrss.exe_bugcheck_critical_process_38ff1580_ntdll!rtldispatchexception
FAILURE_ID_HASH: {135d3413-5031-6aa5-cb5b-9899eaf344a0}
Followup: MachineOwner
---------
More...