1. #1

    Blue screens over various computers for same user

    I have a user that has been having blue screens on her system since we took over IT for this company 18 months ago. Previous IT provider would just buy her new hardware every 12 months. User has insisted on that again mainly because we haven't been given the opportunity to troubleshoot.

    So. . . She has brand new hardware. All drivers, firmware, etc., up-to-date. I'm 99.9% positive this is not a driver or hardware issue. User has had the laptop for two weeks and already getting blue screens.

    She has minimal software and is insistent that no one else with the same software has these issues (Which I concur with.) Many of the software she has installs plug-ins in Outlook and her Outlook has issues occasionally. So my first response is to point the blow torch there. Unfortunately, user has been unwilling to work without her add-ins (Salesforce, Zoom, etc.) as she needs those for work. We finally got her to allow us to uninstall them all (Just now.) So we wait.

    In the meantime, I did get a few minidumps from her machine. I would be most grateful if someone looked them over. Nothing in them is jumping out at me, but I'm just looking using bluescreenview.

    Files are located here - Dropbox - Minidump20181119.zip

    Any help is appreciated! Thanks!


    • Ad Bot

      advertising
      Beep.

        
       

  2. #2

    Join Date
    Apr 2017
    Posts
    224

    Re: Blue screens over various computers for same user

    Hi PatD,

    The dumps don't have much in common except they seem to be caused by random memory corruption. I don't see any drivers I recognize as having caused problems on other systems and all of the 3rd party drivers look quite recent.

    The only thing I see in common with 2 of the dumps is what looks like a pnp issue:
    Code:
    5: kd> !blackboxpnp
        PnpActivityId      : {00000000-0000-0000-0000-000000000000}
        PnpActivityTime    : 131871186615641219
        PnpEventInformation: 3
        PnpEventInProgress : 0
        PnpProblemCode     : 24
        PnpVetoType        : 0
        DeviceId           : SWD\DAFWSDProvider\urn:uuid:0f114574-110f-d1fc-c0d5-b1052cee5e16
        VetoString         :
    The problem code is 24 and I believe this site has the meanings for those codes (not 100 percent sure, though.) I think the device ID is a printer but not sure about that, either. Printer drivers aren't kernel drivers so shouldn't cause bugchecks but maybe it is intermittently having issues which is confusing something in the kernel which doesn't expect it to be having problems... maybe. An old printer driver being installed via a driver disc that came with the printer, perhaps? I'm just speculating, really. It could explain the problem being common amongst several computers. However, 1 of the dumps doesn't show a pnp problem.

    The randomness of the bugcheck codes and callstacks would have me suspecting hardware, honestly. What hardware diagnostics have you done which makes you confident it's not a hardware problem?

    Last edited by cwsink; 11-20-2018 at 06:05 PM.

  3. #3

    Re: Blue screens over various computers for same user

    Honestly, I've done no hardware diagnostics. I'm confident it's software though (Can't prove it) because these issues have followed the user through 3-4 laptops now. She said she was getting constant blue screens yesterday until I went in and yanked a bunch of crap HP loads with their printers and every add-in from Outlook got yanked. No complaints in 24 hours (Though user also has a tendency to not mention issues until she has 50 of them and blows things out of proportions.)

  4. #4

    Join Date
    Apr 2017
    Posts
    224

    Re: Blue screens over various computers for same user

    Is it the same user from this post?

  5. #5

    Re: Blue screens over various computers for same user

    It is not, though the users work(ed) in the same office (The user in that post left the company a few months after.) We never resolved the issue. We sent her a loaner laptop and she continued on with that without issue. I really feel her original machine was having a hardware issue, but no amount of troubleshooting could get it to blue screen. We rebuilt it and it got used as a loaner I believe - never heard any more about it.

  6. #6

    Re: Blue screens over various computers for same user

    Starting to wonder if this is hardware now. More work on the machine today in terms of fixing some odd Outlook issues. During Office repairs, it blue screens. I logged in as myself instead of the end user and it's now blue screening on my profile, which it was not doing before. Can only get one-two minutes on the machine before it blue screens again. I was able to grab a full memory dump from one of these blue screens. https://www.dropbox.com/s/ot1j8v4p07...81127.zip?dl=1

    Anything? Unfortunately, I'll probably have to get the user to ship the machine to me to start really running diags unless the memory dump turns something up.

  7. #7

    Join Date
    Jun 2012
    Posts
    4,530

    Re: Blue screens over various computers for same user

    Idk if you're still checking in on this, but...

    Code:
    4: kd> ln fffff803b0cd8258
    Browse module
    Set bu breakpoint
    
    (fffff803`b0cd81f0)   nt!HvpGetCellPaged+0x68   |  (fffff803`b0cd82d0)   nt!HvpReleaseCellPaged
    Exception occurred in the HvpGetCellPaged function, specifically 0x68. We also see mention of ReleaseCellPaged, both of which are functions that are involved in the Windows registry.

    Code:
    PROCESS_NAME:  Registry
    We can see the process that crashed at the bug check was also the registry process itself.

    Code:
    4: kd> !process registry
    PROCESS ffffdd01958e0040
        SessionId: none  Cid: 0078    Peb: 00000000  ParentCid: 0004
        DirBase: 483400002  ObjectTable: ffffba8e6e226040  HandleCount:   0.
        Image: Registry
    Code:
    4: kd> knL
      *** Stack trace for last set context - .thread/.cxr resets it
     # Child-SP          RetAddr           Call Site
    00 ffff8202`4d8770b8 fffff803`b0d0ed30 nt!HvpGetCellPaged+0x68
    01 ffff8202`4d8770c0 fffff803`b0e97cac nt!CmpDoCompareKeyName+0x30
    02 ffff8202`4d877120 fffff803`b0d0e1d3 nt!CmpCompareInIndex+0x18992c
    03 ffff8202`4d877170 fffff803`b0d0c1e6 nt!CmpFindSubKeyInRoot+0x83
    04 ffff8202`4d8771e0 fffff803`b0cddbf4 nt!CmpWalkOneLevel+0x726
    05 ffff8202`4d8772e0 fffff803`b0cd4cdd nt!CmpDoParseKey+0x1414
    06 ffff8202`4d8776b0 fffff803`b0cdb2ab nt!CmpParseKey+0x26d
    07 ffff8202`4d877890 fffff803`b0cecd1f nt!ObpLookupObjectName+0x73b
    08 ffff8202`4d877a70 fffff803`b0cec9c8 nt!ObOpenObjectByNameEx+0x1df
    09 ffff8202`4d877bb0 fffff803`b0ce903a nt!CmOpenKey+0x298
    0a ffff8202`4d877e00 fffff803`b09aef13 nt!NtOpenKey+0x12
    0b ffff8202`4d877e40 00007ff9`918fa1d4 nt!KiSystemServiceCopyEnd+0x13
    0c 00000000`04b6da78 00000000`00000000 0x00007ff9`918fa1d4
    We're doing some registry key stuff at the time of the crash, all stemming from the opening of a preexisting key. I'm really curious about buggy malware here, so I recommend running a scan. I'd start with Malwarebytes.
    cwsink and MichaelB say thanks for this.

  8. #8

    Re: Blue screens over various computers for same user

    Still following, thanks so much for replying! Almost out of ideas!

    I'll see if I can get the machine back online long enough to run some scans. Thanks.

  9. #9

    Join Date
    Jun 2012
    Posts
    4,530

    Re: Blue screens over various computers for same user

    Cool.

  10. #10

    Re: Blue screens over various computers for same user

    No dice. Was able to get on the machine today and MalwareBytes shows a very clean machine. Kept crashing after that.

    User is going to be local next week and I'll have my hands on the machine then. We'll see.

  11. #11

    Join Date
    Jun 2012
    Posts
    4,530

    Re: Blue screens over various computers for same user

    MWB wouldn't show a rootkit which was my theory, however I wanted a MWB scan just to be sure there was nothing else going on.

    I'm going to recommend enabling Driver Verifier on this machine to be sure before we continue, just so we can rule out any glaring driver issues. If none, it's either some nasty/buggy rootkit or perhaps OS corruption. It's really hard to say with just minidumps and nothing to really go off of for now. Keep us updated.

  12. #12

    Join Date
    Apr 2017
    Posts
    224

    Re: Blue screens over various computers for same user

    @Patrick, reply number 6 has a link to a full kernel dump - just in case you missed it.

  13. #13

    Re: Blue screens over various computers for same user

    Finally have the machine in my hands. It's running the built-in Lenovo diagnostics now. CPU already passed, it's testing RAM now and it's completed all but the last test, which says it will take about three hours.

    Any other diagnostics that are recommended? @Patrick, did you get a chance to look at the full kernel dump?

    I'll run the driver verifier this afternoon once diags are done, assuming I can get it back in to Windows. May be doing a rebuild since it my first few attempts to boot to Windows resulted in blue screens with different codes each time.

  14. #14

    Join Date
    Jun 2012
    Posts
    4,530

    Re: Blue screens over various computers for same user

    I'm going to take a look yet because of what you said here:

    May be doing a rebuild since it my first few attempts to boot to Windows resulted in blue screens with different codes each time.
    On-boot or shortly after-boot crashes indicate a potential driver issue that is loaded from startup or once again shortly after. Enable DV, restart, and then we'll go from there. Ensure that the next crash you post here is a kernel dump like you did in post #6, please.

  15. #15

    Re: Blue screens over various computers for same user

    I'm going to say this machine is toast. All hardware diagnostics (From Lenovo) passed. However, I can't get it to boot in to Windows no matter what. And. . . When I put my flash drive in to reimage it from scratch - also blue screens. I either get a stop code of 0xc000021a or APC_INDEX_MISMATCH. So I can't even rebuild from scratch!

  16. #16
    jcgriff2's Avatar
    Join Date
    Feb 2012
    Location
    New Jersey Shore
    Posts
    16,746
    • specs System Specs
      • Manufacturer:
        HP
      • Model Number:
        HP ENVY TouchSmart 17-j130us Notebook - E8A04UA
      • Motherboard:
        HP Insyde 720265-501 6050A2549501-MB-A02
      • CPU:
        Intel Core i7-4700MQ Processor with Turbo Boost up to 3.4GHz.
      • Memory:
        12GB DDR3L SDRAM (2 DIMM)
      • Graphics:
        Intel HD graphics 4600 with up to 1792MB total graphics memory
      • Sound Card:
        Beats Audio quad speakers and two subwoofers
      • Hard Drives:
        1TB 5400RPM hard drive with HP ProtectSmart Hard Drive Protection
      • Disk Drives:
        Hitachi 500 GB SSD; 7 TB USB External
      • Power Supply:
        90w
      • Case:
        Laptop
      • Display:
        17.3-inch diagonal HD+ BrightView LED-backlit touchscreen display (1600 x 900)
      • Operating System:
        Windows 8.1

    Re: Blue screens over various computers for same user

    Quote Originally Posted by PatD View Post
    So. . . She has brand new hardware. All drivers, firmware, etc., up-to-date. I'm 99.9% positive this is not a driver or hardware issue. User has had the laptop for two weeks and already getting blue screens.
    RE: Highlighted area - BSODs are caused by either hardware issues (usually outright hardware failure) or software - most often by a 3rd party (non-Microsoft) kernel-mode driver.

    So, in your highlighted statement, you claim that you're 99.9% sure that the BSOD cause IS NOT a driver nor hardware, but the question begs -- what else is there besides driver (software) or a hardware issue that could cause a BSOD?

    The cause of a BSOD has to be one of the two.

    Any dodgy apps that she has installed on this new system? Any apps at all installed on her own outside of those sanctioned by the company? (Most companies do not allow the installation of random 3rd party apps onto work-owned computers).

    If all OK initially with brand new system for two weeks, then suddenly BSODs appear, it could be related to the installation of an app whose driver(s) don't play nice with Windows 10's drivers. The W10 drivers and the app's drivers may clash, often times over memory addresses, and BSODs result. However, there are many, many other reasons as well that can cause BSODs. But - the reason HAS TO BE either hardware or software.

    Check the Reliability Monitor (RELMON) for app crashes/crash info as well as [possible] app installation info (not sure if RELMON reports app install info or not). You may find signs of the offensive app (assuming that a driver is responsible) crashing, but not causing a BSOD. Both APPCRASH info and BSOD info is available in RELMON. Look around and see if any APPCRASHes and BSODs share anything in common.

    Hit WIN KEY; type or paste perfmon /rel; select either perfmon /rel or Reliability Monitor, whichever appears; analyze output as mentioned above and a few other items are below.

    You can also enter perfmon /rel into a CMD screen, if easier for you.

    It will take about a minute for RELMON to populate. Then. . .

    You can click on the red "x" and blue circles containing the letter "i" for additional info below the graph.

    You can also click on most items shown below the graph that are colored blue.

    Once you've chosen a red or blue item (not sure if there are other colors - mine just shows red and blue items in the graph), you can then double-click on the line item below the graph. This will provide additional detailed info that may be helpful to us; not sure - no way to know until we see it. You should be able to select all (CTRL-A), then copy/paste into a post. If you do so, please enclose the info inside of a code box (click on the number sign/hash tag) in the editor menu. You'll see this appear:

    Code:
    [CODE] [/CODE]
    Insert the code between the tags.

    My apologies for the introductory detail info if you already know all of this. I have no way of knowing what you do or do not know.

    Create as many code boxes as you need to.

    Any other changes that she has made to the computer prior to the BSODs starting that you know of?

    By the way, RELMON will reveal the exact start date of the BSODs.

    EDIT: Are there any external devices like a DVD player or LCD Writing Tablet attached to the system? Any external devices at all? If YES, does the device require either software &/or a driver?

    Lastly, can you please run - Blue Screen of Death (BSOD) Posting Instructions - Windows 10, 8.1, 8, 7 + Vista

    ... and ATTACH the resulting ZIP file to your post?

    Just run steps 1 and 2. No need to create a new thread and the rest of the steps have pretty much been taken care of.

    Regards. . .

    jcgriff2
    Last edited by jcgriff2; Yesterday at 03:21 PM.

  17. #17

    Re: Blue screens over various computers for same user

    jcgriff2,

    Thanks for the well written response. You're right - hardware or drivers is generally it. I jumped the gun on hardware only because this user has had issues no matter what hardware we have given her for years.

    Anyway, thanks to everyone for your help. Has to be hardware at this point. Lenovo agrees and they're sending a tech with a system board, RAM and a drive since they can't be certain which is causing the issue.

    --Pat

  18. #18

    Join Date
    Jun 2012
    Posts
    4,530

    Re: Blue screens over various computers for same user

    I'm just going to let you know that 0x1 is a typically a device driver problem 99% of the time with the rare occasion of a file system or drive issue, and I am once again trying to reiterate that enabling verifier and providing us with a post-verifier kernel dump will lead us in the right direction. You seem to have already convinced yourself otherwise though, so I wish you luck.

  19. #19

    Re: Blue screens over various computers for same user

    Patrick - I would be happy to enable verifier - but how? I can't get the machine to boot in regular mode. I can't get to safe mode because it won't respond to F8. So I tried to boot from an ISO to adjust bcd for safe mode, and it still blue screens. Also can't boot to the flash drive/ISO to rebuild.

    If you have a way for me to enable verifier without getting the machine to boot, I'm all for it. The fact that I can't boot off of an ISO on a USB flash drive (And other test machines boot fine from the same ISO/flash) would lead me to believe hardware, no?

Similar Threads

  1. I keep getting blue screens
    By desbest in forum BSOD, Crashes, Kernel Debugging
    Replies: 36
    Last Post: 10-22-2016, 10:15 AM
  2. 8.1 Pro Blue Screens of Death
    By onephenom in forum BSOD, Crashes, Kernel Debugging
    Replies: 52
    Last Post: 04-28-2015, 06:11 PM
  3. A few blue screens recently
    By courtjester in forum BSOD, Crashes, Kernel Debugging
    Replies: 3
    Last Post: 06-29-2013, 11:08 PM
  4. Three Blue screens in one day (New laptop)
    By Rosaline in forum BSOD, Crashes, Kernel Debugging
    Replies: 4
    Last Post: 07-17-2012, 11:38 AM

Log in

Log in