BSODs & MSI is corrupted?

ssherjj

ssherjj

Sysnative Staff
Microsoft MVP
Contributor
Joined
Sep 28, 2017
Posts
501
Location
New York
Hello Sysnative Techs! I am needing some help and so here I am again. I have been getting a few BSODs this past week. Event Viewer Errors leading to MSI being an issue. Do I have to reinstall Windows again? Or can it be fixed without going through a format/refresh? I am having issues with Webroot Anti Virus Program files not being able to install correctly. The files start to install and then these files get deleted. Not sure if Webroot is causing my BSODs or not. Webroot Support said it is probably the MSI is corrupted.

Please advise,
Thank you!
 

Attachments

Over what time span have you noticed the latest round of oddities, do you have a date they began?
 
Yes since 08/11/20. Event Viewer shows 2 errors from Webroot MSIInstaller since 08/04/20 continuously everyday. The BSODs just happened a few days ago. Can't find any Dump files though.

Thanks for responding!
 
Nope, no dump files, so I'm trying to get a handle on 'bad' events using the System Information's Windows Error Reports, not easy.

I can see a lot from the 11th onwards, a gap prior to that back to the 5th (holiday?), before that a few weeks of similar numbers of errors logged. Not much similarity between the two time periods.

I grabbed a screenshot of the most recent WER logs to use magnified in Photo Viewer so it's readable (though it still doesn't make it easy to get a feel for what was happening). No common factor jumping out at me, though it must be pretty unstable if Notepad's crashing!

I reckon we need another set of eyes/brain on this one, some of the *dump.txt's are too much for me.
 

Attachments

The logs displayed multiple BSOD in July and August without dump files.

If July 13, 2020 predates attempted Webroot Anti Virus Program installation then there are other factors causing the BSOD.

Other findings in the logs were possible problems with the drive and registry.


For all tests / steps post images into the thread.
For any problems posting images use share links (one drive, drop box, or google drive)

Please perform the following steps:

1) Open administrative command prompt and type or copy and paste:
2) sfc /scannow
3) dism /online /cleanup-image /scanhealth
4) dism /online /cleanup-image /restorehealth
5) sfc /scannow
6) chkdsk /scan
7) wmic recoveros set autoreboot = false
8) wmic recoveros set DebugInfoType = 7
9) wmic recoveros get autoreboot
10) wmic recoveros get DebugInfoType
11) bcdedit /enum {badmemory}

12) When these have completed > right click on the top bar or title bar of the administrative command prompt box > left click on edit then select all > right click on the top bar again > left click on edit then copy > paste into the thread

13) Make sure that there is no over clocking while troubleshooting

14) In the left lower corner search type: system or system control > open system control panel > on the left pane click advanced system settings

a) > on the advanced tab under startup and recovery > click settings > post an image of the startup and recovery window into the thread

b) > on the advanced tab under performance > click on settings > on the performance options window > click on the advanced tab > under virtual memory > click on change > post an image of the virtual memory window into the thread

15) If the computer has Ccleaner (do not install the software if it is not already installed) > click windows tab or custom clean > scroll down to system and advanced > post an image into the thread

16) Run HD Tune (free version) (all drives)
HD Tune website
Post images into the thread for results on these tabs:
a) Health
b) Benchmark
c) Full error scan

17) Run Sea Tools for Windows
long generic test
Post an image of the test result into the thread
SeaTools for Windows | Seagate
How to use SeaTools for Windows | Seagate Support US

18) These steps can be performed overnight:
a) HD Tune full error scan
b) Sea Tools for Windows long generic test

19) Read these links on Windows driver verifier:

a) learn how to use the Windows Recovery Environment (RE) commands: reset and bootmode to turn off the tool

b) do not use the tool until it is communicated in the thread


Enable and Disable Driver Verifier in Windows 10
Driver Verifier-- tracking down a mis-behaving driver.
 
Thank you so much satrow for looking at all that. I can wait for additional help and advice. Much appreciated! 😊
 
Whoa, I didn't write up #5. Some of it I agree with, some I don't, others you already have alternatives installed (quite important if an initial assessment queries the trustworthiness of the System drive, pointless triggering crashes if the dump data can't be saved).

You can give us some details/screenshots from HDSentinel; later on, we may ask you to run one, or both, of the drive tests it has.

Otherwise hold tight until we can figure out the safest methods of detecting the main problems.
 
This will take me some time @zbook and hopefully I can follow all these steps. I will get back to you as soon as I can...

I did have a bad crash in June or July where I had to reformat and reinstall Windows from scratch.

Thank you for all this help.
 
satrow said:
Whoa, I didn't write up #5. Some of it I agree with, some I don't, others you already have alternatives installed (quite important if an initial assessment queries the trustworthiness of the System drive, pointless triggering crashes if the dump data can't be saved).

You can give us some details/screenshots from HDSentinel; later on, we may ask you to run one, or both, of the drive tests it has.

Otherwise hold tight until we can figure out the safest methods of detecting the main problems.
Click to expand...

I will hang on then...I can give you screenshots from HDSentinel later this morning...Thank you again...
 
The dump files are just not getting created:

Code: 
   2020-07-13T09:08:47.6940000Z        Dump file creation failed due to error during dump creation.
   2020-07-27T12:18:06.4830000Z        Dump file creation failed due to error during dump creation.
   2020-08-11T18:33:28.6920000Z        Dump file creation failed due to error during dump creation.
   2020-08-15T18:33:05.1200000Z        Dump file creation failed due to error during dump creation.

This is usually because it is happening really early in the boot process or could be if there are disk problems however, there do not appear to be any disk related errors in the logs.

I notice that you have autoreboot enabled after a crash - this means you may not get to see the BSOD screen and any codes that are provided.

In a command prompt please run the following command to change this setting:

wmic recoveros set autoreboot = false
 
ssherjj said:
Sorry I cannot delete this post that I messed up...
Click to expand...
No problem, it was a good question - you do need to wait for another crash and see if there is any information on the blue screen that you can capture with a photo to help us understand what is causing the crash.

Some of the recent file corruption is reported as being with a logfile - I doubt if that is causing the BSOD though.

Code: 
   2020-08-18T18:21:27.8070000Z        wuaueng.dll (3736,R,98) SUS20ClientDataStore: Corruption was detected during soft recovery in logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. The failing checksum record is located at position . Data not matching the log-file fill pattern first appeared in sector isec 56 reason ValidSegmentAfterEmpty. This logfile has been damaged and is unusable.
   2020-08-18T18:21:27.7760000Z        wuaueng.dll (3736,R,98) SUS20ClientDataStore: Corruption was detected during soft recovery in logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. The failing checksum record is located at position . Data not matching the log-file fill pattern first appeared in sector isec 56 reason ValidSegmentAfterEmpty. This logfile has been damaged and is unusable.


The webroot installation issues seemed to start on August 5th - was that when you started to use it? It is certainly after the first recorded dump file creation failure so may not be connected.

If you are getting corruption during downloads then I would start to suspect the network driver or something related to that.

Name [00000002] Killer E2500 Gigabit Ethernet Controller
Name [00000003] Killer Wireless-n/a/ac 1535 Wireless Network Adapter
 
philc43 said:
No problem, it was a good question - you do need to wait for another crash and see if there is any information on the blue screen that you can capture with a photo to help us understand what is causing the crash.

Some of the recent file corruption is reported as being with a logfile - I doubt if that is causing the BSOD though.

Code: 
   2020-08-18T18:21:27.8070000Z        wuaueng.dll (3736,R,98) SUS20ClientDataStore: Corruption was detected during soft recovery in logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. The failing checksum record is located at position . Data not matching the log-file fill pattern first appeared in sector isec 56 reason ValidSegmentAfterEmpty. This logfile has been damaged and is unusable.
   2020-08-18T18:21:27.7760000Z        wuaueng.dll (3736,R,98) SUS20ClientDataStore: Corruption was detected during soft recovery in logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. The failing checksum record is located at position . Data not matching the log-file fill pattern first appeared in sector isec 56 reason ValidSegmentAfterEmpty. This logfile has been damaged and is unusable.


The webroot installation issues seemed to start on August 5th - was that when you started to use it? It is certainly after the first recorded dump file creation failure so may not be connected.
Click to expand...

No I have been using Webroot Beta for awhile. August 11th I got a DMP file here:Capture.PNG
 
I edited my post #15 with an extra thought on networking. I'm guessing you use wireless networking - have you looked for any updates to the wireless adapter?

If any of those WRSA dumpfiles are still available can you zip them and post them?
 
philc43 said:
I edited my post #15 with an extra thought on networking. I'm guessing you use wireless networking - have you looked for any updates to the wireless adapter?

If any of those WRSA dumpfiles are still available can you zip them and post them?
Click to expand...

I thought I updated one of these last night but will check for new drivers.

Killer E2500 Gigabit Ethernet Controller
Killer Wireless-n/a/ac 1535 Wireless Network Adapter

The Webroot Dump file is corrupted for some reason.
 
Hello,

I tried to zip the WRDmp file but it is too big.

I did update Killer Wireless-n/a/ac 1535 Wireless Network Adapter
 

Attachments

  • 2020-08-19_7-38-04.png
    2020-08-19_7-38-04.png
    215.5 KB · Views: 3

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top