T toms New member Joined Aug 6, 2015 Posts 3 Aug 7, 2015 #1 Hi guys! Please help me resolve my BSOD issue. I noticed that the Sysnative BSOD app collected all my minidumps and I have a lot of them. Here is a little story about them: BSODs till 2015.05.11 (including) - OLD RAM KIT These BSODs mostly occured when PC was waking up from sleep, sometimes when PC was idling, but never while actively using the PC. The first thing I did was scanned each memory module individually with MemTest86. MemTest86 reported that one of the modules had errors in the Test 13 (Hammer Test). Then, by testing each RAM module individually for couple of weeks, I found the culprit, it was one of the RAM modules. Interesting was that the faulty one was the one without MemTest86 errors, the one with the errors was working ok (without BSODs). The RAM kit was exchanged for a new one. I got the new one on 2015.06.10 but from 2015.06.11 BSODs again! BSODs from 2015.06.11 (see attached image) - NEW RAM KIT The first thing I did was scanned each memory module individually with MemTest86. And with this kit the situation was like before, MemTest86 reported that one of the modules had errors in the Test 13 (Hammer Test). Then I tested each module individually for a week. The module without MemTest86 errors worked well without any BSODs. The module with errors gave only one BSOD (not convincing). But when I put them both back in the system BSODs started to occure frequently (especially in the last few days). BSODs with the empty bug check string occured while playing Battlefield Bad Company 2, but I fixed them by uninstalling gigabyte software. The rest of BSODs occured only when PC was waken from sleep (they occur random not always when PC is waken from sleep). Could it be that it's RAM fault again? OS: Windows 7 64-bit CPU: Intel i5-4590 MB: Gigabyte H97-D3H RAM: Crucial Ballistix Sport (2x4GB kit) PSU: FSP Aurum S 500W (80 PLUS Gold) P.s. sorry for my english. Attachments BSODs_new.PNG 81.2 KB · Views: 3
Hi guys! Please help me resolve my BSOD issue. I noticed that the Sysnative BSOD app collected all my minidumps and I have a lot of them. Here is a little story about them: BSODs till 2015.05.11 (including) - OLD RAM KIT These BSODs mostly occured when PC was waking up from sleep, sometimes when PC was idling, but never while actively using the PC. The first thing I did was scanned each memory module individually with MemTest86. MemTest86 reported that one of the modules had errors in the Test 13 (Hammer Test). Then, by testing each RAM module individually for couple of weeks, I found the culprit, it was one of the RAM modules. Interesting was that the faulty one was the one without MemTest86 errors, the one with the errors was working ok (without BSODs). The RAM kit was exchanged for a new one. I got the new one on 2015.06.10 but from 2015.06.11 BSODs again! BSODs from 2015.06.11 (see attached image) - NEW RAM KIT The first thing I did was scanned each memory module individually with MemTest86. And with this kit the situation was like before, MemTest86 reported that one of the modules had errors in the Test 13 (Hammer Test). Then I tested each module individually for a week. The module without MemTest86 errors worked well without any BSODs. The module with errors gave only one BSOD (not convincing). But when I put them both back in the system BSODs started to occure frequently (especially in the last few days). BSODs with the empty bug check string occured while playing Battlefield Bad Company 2, but I fixed them by uninstalling gigabyte software. The rest of BSODs occured only when PC was waken from sleep (they occur random not always when PC is waken from sleep). Could it be that it's RAM fault again? OS: Windows 7 64-bit CPU: Intel i5-4590 MB: Gigabyte H97-D3H RAM: Crucial Ballistix Sport (2x4GB kit) PSU: FSP Aurum S 500W (80 PLUS Gold) P.s. sorry for my english.
x BlueRobot Administrator Staff member Joined May 7, 2013 Posts 10,166 Location %systemroot% Aug 7, 2015 #2 Code: BugCheck D1, {fffff8a014410958, 2, 0, fffff88003cb6150} Probably caused by : avgtdia.sys ( avgtdia+a150 ) Code: 3: kd> lmvm avgtdia start end module name fffff880`03cac000 fffff880`03cf2000 avgtdia T (no symbols) Loaded symbol image file: avgtdia.sys Image path: \SystemRoot\system32\DRIVERS\avgtdia.sys Image name: avgtdia.sys Timestamp: Fri Oct 10 14:14:19 2014 (5437DBAB) CheckSum: 0005224F ImageSize: 00046000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 Please remove AVG from your system since it appearing to be causing issues. For an alternative AV, I would suggest reading this thread - https://www.sysnative.com/forums/general-help-and-information/412-whats-best-antivirus.html You may also wish to read this thread to gain understanding of some of the security set ups which use at Sysnative - https://www.sysnative.com/forums/the-lounge/15834-share-your-security-setup.html The issue appears to lie with AVG referencing an invalid address at the wrong IRQL Level. The trap frame gives slightly more information: Code: 3: kd> .trap 0xfffff88002b581e0 NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=0000000000000000 rbx=0000000000000000 rcx=fffff8a014410960 rdx=fffffa8007c7e1e0 rsi=0000000000000000 rdi=0000000000000000 rip=fffff88003cb6150 rsp=fffff88002b58370 rbp=fffffa8009bdb070 r8=fffffa8007c7e1b0 r9=0000000000000000 r10=0000000000001027 r11=fffffa800bc7f500 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei ng nz na pe cy avgtdia+0xa150: fffff880`03cb6150 483969f8 cmp qword ptr [rcx-8],rbp ds:fffff8a0`14410958=fffffa8006660680 The purple address is the address which referenced the invalid memory address which is stored in a pointer as seen above.
Code: BugCheck D1, {fffff8a014410958, 2, 0, fffff88003cb6150} Probably caused by : avgtdia.sys ( avgtdia+a150 ) Code: 3: kd> lmvm avgtdia start end module name fffff880`03cac000 fffff880`03cf2000 avgtdia T (no symbols) Loaded symbol image file: avgtdia.sys Image path: \SystemRoot\system32\DRIVERS\avgtdia.sys Image name: avgtdia.sys Timestamp: Fri Oct 10 14:14:19 2014 (5437DBAB) CheckSum: 0005224F ImageSize: 00046000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 Please remove AVG from your system since it appearing to be causing issues. For an alternative AV, I would suggest reading this thread - https://www.sysnative.com/forums/general-help-and-information/412-whats-best-antivirus.html You may also wish to read this thread to gain understanding of some of the security set ups which use at Sysnative - https://www.sysnative.com/forums/the-lounge/15834-share-your-security-setup.html The issue appears to lie with AVG referencing an invalid address at the wrong IRQL Level. The trap frame gives slightly more information: Code: 3: kd> .trap 0xfffff88002b581e0 NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=0000000000000000 rbx=0000000000000000 rcx=fffff8a014410960 rdx=fffffa8007c7e1e0 rsi=0000000000000000 rdi=0000000000000000 rip=fffff88003cb6150 rsp=fffff88002b58370 rbp=fffffa8009bdb070 r8=fffffa8007c7e1b0 r9=0000000000000000 r10=0000000000001027 r11=fffffa800bc7f500 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei ng nz na pe cy avgtdia+0xa150: fffff880`03cb6150 483969f8 cmp qword ptr [rcx-8],rbp ds:fffff8a0`14410958=fffffa8006660680 The purple address is the address which referenced the invalid memory address which is stored in a pointer as seen above.
T toms New member Joined Aug 6, 2015 Posts 3 Aug 8, 2015 #3 Thank you for replying! Is the examined AVG BSOD from 2014.12.12? If yes than it's not actual since that BSOD occured from the old RAM kit. However I did unistall AVG, but it didn't help. Today I got another BSOD, something about: memory_corruption, X64_MEMORY_CORRUPTION_ONE_BIT_LARGE (see the attached zip file). Attachments 080815-14898-01.zip 26.9 KB · Views: 2
Thank you for replying! Is the examined AVG BSOD from 2014.12.12? If yes than it's not actual since that BSOD occured from the old RAM kit. However I did unistall AVG, but it didn't help. Today I got another BSOD, something about: memory_corruption, X64_MEMORY_CORRUPTION_ONE_BIT_LARGE (see the attached zip file).
x BlueRobot Administrator Staff member Joined May 7, 2013 Posts 10,166 Location %systemroot% Aug 8, 2015 #4 Code: BugCheck 3B, {c0000096, fffff800034c5677, fffff8800a024ca0, 0} Probably caused by : ntkrnlmp.exe ( nt!SwapContext_PatchXSave+a7 ) Code: 1: kd> !error c0000096 Error code: (NTSTATUS) 0xc0000096 (3221225622) - {EXCEPTION} Privileged instruction. Some driver has attempted to run some privileged code. Code: 1: kd> .cxr 0xfffff8800a024ca0 rax=0000000000000000 rbx=fffff880009ef180 rcx=fffffa80091adba2 rdx=fffffa80091adb38 rsi=fffffa80067f6b50 rdi=fffffa80066f0040 rip=fffff800034c5677 rsp=fffff8800a025680 rbp=fffffa80066f0040 r8=fffffa80091adb98 r9=0000000000000000 r10=fffffffffffffffd r11=fffff88003322e50 r12=0000000000000000 r13=0000000000000000 r14=fffffa80091adb10 r15=0000000000000005 iopl=0 nv up ei pl zr na po nc cs=0010 ss=0000 ds=002b es=002b fs=0053 gs=002b efl=00010246 nt!SwapContext_PatchXSave+0xa7: fffff800`034c5677 0f22da mov cr3,rdx It appears that something was possibly wishing to change the page directory tables by changing the address stored within the PDBR. I would suggest running Driver Verifier since the stack doesn't reveal much - https://www.sysnative.com/forums/bs...er-bsod-related-windows-10-8-1-8-7-vista.html
Code: BugCheck 3B, {c0000096, fffff800034c5677, fffff8800a024ca0, 0} Probably caused by : ntkrnlmp.exe ( nt!SwapContext_PatchXSave+a7 ) Code: 1: kd> !error c0000096 Error code: (NTSTATUS) 0xc0000096 (3221225622) - {EXCEPTION} Privileged instruction. Some driver has attempted to run some privileged code. Code: 1: kd> .cxr 0xfffff8800a024ca0 rax=0000000000000000 rbx=fffff880009ef180 rcx=fffffa80091adba2 rdx=fffffa80091adb38 rsi=fffffa80067f6b50 rdi=fffffa80066f0040 rip=fffff800034c5677 rsp=fffff8800a025680 rbp=fffffa80066f0040 r8=fffffa80091adb98 r9=0000000000000000 r10=fffffffffffffffd r11=fffff88003322e50 r12=0000000000000000 r13=0000000000000000 r14=fffffa80091adb10 r15=0000000000000005 iopl=0 nv up ei pl zr na po nc cs=0010 ss=0000 ds=002b es=002b fs=0053 gs=002b efl=00010246 nt!SwapContext_PatchXSave+0xa7: fffff800`034c5677 0f22da mov cr3,rdx It appears that something was possibly wishing to change the page directory tables by changing the address stored within the PDBR. I would suggest running Driver Verifier since the stack doesn't reveal much - https://www.sysnative.com/forums/bs...er-bsod-related-windows-10-8-1-8-7-vista.html
T toms New member Joined Aug 6, 2015 Posts 3 Aug 12, 2015 #5 I did run driver verifier for a while and nothing, didn't get any BSODs. Will now try to test each RAM module individually to see if something changes.
I did run driver verifier for a while and nothing, didn't get any BSODs. Will now try to test each RAM module individually to see if something changes.