New BSOD "To Me"

[Dave22]

Windows 7 Home Premium SP-1 64bit
HP model p7-1187c Desktop
Original OS OEM 2009
Intel Core i5-2400 CPU @ 3.10 GHz

I have experienced several BSOD's and finally decided to try and find out what's up. Thanks for any help you can provide. Also have run SFC/Fix and DISM
SFC summary below

AutoAnalysis::
SUMMARY: Some corruptions could not be fixed automatically. Seek advice from helper or sysnative.com.
CBS & SFC total detected corruption count: 0
CBS & SFC total unimportant corruption count: 0
CBS & SFC total fixed corruption count: 0
SURT total detected corruption count: 8
SURT total unimportant corruption count: 0
SURT total fixed corruption count: 0
AutoAnalysis:: directive completed successfully.




Successfully processed all directives.
SFCFix version 3.0.2.1 by niemiro has completed.
Currently storing 5 datablocks.
Finish time: 2020-07-22 10:30:42.123
----------------------EOF-----------------------

 

[MrPepka]

Update Intel HD Graphics driver - Downloads for Intel® HD Graphics 2000
Update VIA USB 3.0 driver - Drivers
Update Apple driver - check updates in program iTunes
Update BIOS - HP Pavilion p7-1187c Desktop PC Software and Driver Downloads | HP® Customer Support

 

[Dave22]

Thanks. I will see what I can do

 

[Dave22]

Ok I updated
Intel HD Graphics driver 1st
BIOS 2nd
VIA USB 3.0 driver 3rd
And checked that I have the latest version of ITunes 4th

During the Bios update I was out of the room and when I got back I had the BSOD shown below.

 

[MrPepka]

Send new crash dumps

 

[Dave22]

I'm not quite sure I have the right thing here. If not I can look some more later. Thanks

 

[cluberti]

According to the files in this dump, you've not ever updated volsnap.sys, which makes some sense as you need a cumulative (non-WU) rollup installed to get on the LDR branch, which will get you further bugfixes. I'm not certain this isn't a bug with the filter drivers loaded and volsnap, but the volume snapshot service does have some issues with large snapshots causing bugs, so I would strongly suggest you update to the convenience SP1 rollup which should install volsnap version 6.1.7601.23403, which as far as I'm aware is the latest available for Windows 7 SP1. If it continues to reproduce, a minidump isn't going to be enough to catch this as most of what is needed in IRP and kernel data is missing.

0: kd> !thread fffffa8006d14040
THREAD fffffa8006d14040  Cid fffffa8006d143e8.0004  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
    fffff880035db2f8  SynchronizationEvent
IRP List:
    Unable to read nt!_IRP @ fffff8a00022e362
Not impersonating
GetUlongFromAddress: unable to read from fffff80003840c20
Owning Process            fffffa8006d01040       Image:         
Attached Process          N/A            Image:         N/A
fffff78000000000: Unable to get shared data
Wait Start TickCount      5503496     
Context Switch Count      1290646        IdealProcessor: 2  NoStackSwap
ReadMemory error: Cannot get nt!KeMaximumIncrement value.
UserTime                  00:00:00.000
KernelTime                00:00:00.000
Stack Init fffff880035dbc70 Current fffff880035db010
Base fffff880035dc000 Limit fffff880035d6000 Call 0000000000000000
Priority 15 BasePriority 12 PriorityDecrement 0 IoPriority 0 PagePriority 0
Child-SP          RetAddr               : Args to Child                                                           : Call Site
fffff880`035db050 fffff800`036a1a92     : fffffa80`06d14100 fffffa80`06d14040 00000000`00000000 00000000`00000000 : nt!KiSwapContext+0x7a
fffff880`035db190 fffff800`036a2803     : fffffa80`06d01000 fffffa80`0f44e380 00000000`00000000 fffff880`0114f6df : nt!KiCommitThreadWait+0x1d2
fffff880`035db220 fffff800`03716fc6     : 00000000`00000000 00000000`00000000 fffff880`035db200 fffff880`035db300 : nt!KeWaitForSingleObject+0x1a3
fffff880`035db2c0 fffff880`00faef8f     : fffffa80`0bc5e360 fffffa80`0bc5e360 fffffa80`0bc5e300 fffffa80`0bc5e300 : nt!ExWaitForRundownProtectionReleaseCacheAware+0x38c92
fffff880`035db330 fffff880`00fafcc9     : fffffa80`0bc5e360 fffff800`0383b400 00000000`00000000 fffffa80`0bc5e360 : volsnap!VspPauseVolumeIo+0xaf
fffff880`035db370 fffff880`00fe143c     : fffffa80`0bc5e360 fffffa80`07807800 fffff8a0`00130950 00000000`00000080 : volsnap!VspCleanupPreamble+0x99
fffff880`035db3a0 fffff880`00fad4bd     : fffff8a0`00001990 fffffa80`07807800 fffffa80`06d01040 fffff8a0`00130900 : volsnap!VspCleanupFilterSync+0x3c
fffff880`035db3f0 fffff800`039192ec     : fffff8a0`00138a00 00000000`00000000 00000000`00000000 00000000`00000000 : volsnap!VolSnapTargetDeviceNotification+0x1c6d
fffff880`035db860 fffff800`0398a127     : fffff8a0`10b94d60 fffff880`035db928 fffff800`0366ad28 00000000`00000000 : nt!PnpNotifyDriverCallback+0x5c
fffff880`035db8f0 fffff800`03b458b9     : 00000000`00000000 00000000`00000000 fffff8a0`1cffe630 fffff8a0`00000000 : nt!PnpNotifyTargetDeviceChange+0x16b
fffff880`035db9a0 fffff800`03b45fcc     : fffff880`00000000 fffffa80`10056300 fffffa80`06d14000 fffffa80`00000000 : nt!PnpProcessQueryRemoveAndEject+0xb79
fffff880`035dbae0 fffff800`039fceab     : 00000000`00000000 fffffa80`10056390 fffff8a0`29be0010 00000000`00000000 : nt!PnpProcessTargetDeviceEvent+0x4c
fffff880`035dbb10 fffff800`036ac28d     : fffff800`03988fbc fffff8a0`1cffe630 fffff800`038717f8 fffffa80`0f84b168 : nt!PnpDeviceEventWorker+0x73eef
fffff880`035dbb70 fffff800`039a21a0     : 00000000`00000000 fffff880`03365180 00000000`00000080 00000000`00000001 : nt!ExpWorkerThread+0x111
fffff880`035dbc00 fffff800`036faba6     : fffff880`03365180 fffffa80`06d14040 fffff880`03374140 00000000`00000000 : nt!PspSystemThreadStartup+0x194
fffff880`035dbc40 00000000`00000000     : fffff880`035dc000 fffff880`035d6000 fffff880`035da410 00000000`00000000 : nt!KxStartSystemThread+0x16

0: kd> lmDvm nt

Browse full module list
start             end                 module name
fffff800`03661000 fffff800`03c3d000   nt         (private pdb symbols)  C:\Debuggers\sym\ntkrnlmp.pdb\ECE191A20CFF4465AE46DF96C22638451\ntkrnlmp.pdb
    Loaded symbol image file: ntkrnlmp.exe
    Mapped memory image file: C:\Debuggers\sym\ntoskrnl.exe\5C6E1CBD5dc000\ntoskrnl.exe
    Image path: ntkrnlmp.exe
    Image name: ntkrnlmp.exe
    Browse all global symbols  functions  data
    Timestamp:        Wed Feb 20 19:36:29 2019 (5C6E1CBD)
    CheckSum:         0054FFBE
    ImageSize:        005DC000
    File version:     6.1.7601.24384
    Product version:  6.1.7601.24384
    File flags:       0 (Mask 3F)
    File OS:          40004 NT Win32
    File type:        1.0 App
    File date:        00000000.00000000
    Translations:     0409.04b0
    Information from resource tables:
        CompanyName:      Microsoft Corporation
        ProductName:      Microsoft® Windows® Operating System
        InternalName:     ntkrnlmp.exe
        OriginalFilename: ntkrnlmp.exe
        ProductVersion:   6.1.7601.24384
        FileVersion:      6.1.7601.24384 (win7sp1_ldr_escrow.190220-1800)
        FileDescription:  NT Kernel & System
        LegalCopyright:   © Microsoft Corporation. All rights reserved.


0: kd> lmDvm volsnap
Browse full module list
start             end                 module name
fffff880`00faa000 fffff880`00ff6000   volsnap    (private pdb symbols)  C:\Debuggers\sym\volsnap.pdb\E4BEF1477E78427AAB44995AD5A103DA2\volsnap.pdb
    Loaded symbol image file: volsnap.sys
    Mapped memory image file: C:\Debuggers\sym\volsnap.sys\4D67242A4c000\volsnap.sys
    Image path: \SystemRoot\system32\drivers\volsnap.sys
    Image name: volsnap.sys
    Browse all global symbols  functions  data
    Timestamp:        Thu Feb 24 19:38:18 2011 (4D67242A)
    CheckSum:         0004AFDD
    ImageSize:        0004C000
    File version:     6.1.7601.17567
    Product version:  6.1.7601.17567
    File flags:       0 (Mask 3F)
    File OS:          40004 NT Win32
    File type:        3.7 Driver
    File date:        00000000.00000000
    Translations:     0409.04b0
    Information from resource tables:
        CompanyName:      Microsoft Corporation
        ProductName:      Microsoft® Windows® Operating System
        InternalName:     volsnap.sys
        OriginalFilename: volsnap.sys
        ProductVersion:   6.1.7601.17567
        FileVersion:      6.1.7601.17567 (win7sp1_gdr.110224-1502)
        FileDescription:  Volume Shadow Copy Driver
        LegalCopyright:   © Microsoft Corporation. All rights reserved.

 

[Dave22]

Thank you. I will update and change dump to kernel if that would help and see what happens.

 

[x BlueRobot]

A kernel memory dump should already be available, have a look here:

%systemroot%\MEMORY.DMP

 

[Dave22]

A kernel memory dump should already be available, have a look here:

%systemroot%\MEMORY.DMP

I have searched and searched. There is no MEMORY.DMP that I can find in the root. System files are not hidden. System files are not protected Ect.
The only .dmp files in C:Windows are in The Minidump folder so I am at a loss at this point

 

[x BlueRobot]

What are the dump file settings set to? There should be an option to produce a kernel memory dump along with Minidumps.

https://support.microsoft.com/en-us/help/254649/overview-of-memory-dump-file-options-for-windows

 

[Dave22]

There are two settings. minidump and kernel. At the time of the BSOD it was set on Minidump and I supplied that above. It was in the root minidump file. Since then I changed the setting to kernel and of course no BSOD since that change. Since it was not set to kernel there is no MEMORY.DMP I presume.
Is there any other Info that would be helpful or just wait and see what happens ? Thanks for all the help.

 

[cluberti]

If you've updated your system as recommended above with the rollup and then installed the latest available CU (which I assume you did before Win7 went out of support), then I would suggest waiting to see if the problem recurs (and if so, you should have a kernel dump if you've clicked OK and rebooted after clicking OK on that dialog in your screenshot :) ).

 

[Dave22]

Yes. Updated as above and set to kernel. will wait and see. Thank Again.