BSOD while playing GTA V

axe0 said:

Hi magnetoeric,

Welcome to 10Forums

Please remove driver booster before troubleshooting.
If you installed any drivers with either of these programs, use a system restore point or system backup. If neither are available and you don't want to go for a clean install,
- if you don't know what drivers were installed, check if these programs have logs of driver installations, if requested I can spit the logs for you to find out
- if you do know, go into device manager and revert the drivers.

Thank you for replying. I should've mentioned in the OP that some of these BSODs had occured even before I updated drivers using driver booster . Updating drivers decreased overall cpu temperature by a little bit. After a fresh install, I used driver manager to update every driver. Should I use the original drivers from OEM or is it fine to use windows default?

MrPepka said:

The DRIVER_IRQL_NOT_LESS_OR_EQUAL bug check has a value of 0x000000D1. This indicates that a kernel-mode driver attempted to access pageable memory at a process IRQL that was too high.

Code:

Microsoft (R) Windows Debugger Version 10.0.17763.132 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [F:\031619-7265-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available


************* Path validation summary **************
Response                         Time (ms)     Location
Deferred                                       SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols
Symbol search path is: SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 10 Kernel Version 17763 MP (12 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 17763.1.amd64fre.rs5_release.180914-1434
Machine Name:
Kernel base = 0xfffff805`78a00000 PsLoadedModuleList = 0xfffff805`78e1b9f0
Debug session time: Sat Mar 16 16:54:14.340 2019 (UTC + 1:00)
System Uptime: 0 days 3:48:30.105
Loading Kernel Symbols
...............................................................
................................................................
................................................................
...
Loading User Symbols
Loading unloaded module list
..........
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck D1, {0, ff, 0, 0}

*** WARNING: Unable to verify timestamp for win32k.sys
*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
Probably caused by : ntkrnlmp.exe ( nt!KiPageFault+44e )

Followup:     MachineOwner
---------

2: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 0000000000000000, memory referenced
Arg2: 00000000000000ff, IRQL
Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
Arg4: 0000000000000000, address which referenced memory

Debugging Details:
------------------


KEY_VALUES_STRING: 1


STACKHASH_ANALYSIS: 1

TIMELINE_ANALYSIS: 1


DUMP_CLASS: 1

DUMP_QUALIFIER: 400

BUILD_VERSION_STRING:  17763.1.amd64fre.rs5_release.180914-1434

SYSTEM_MANUFACTURER:  Acer

SYSTEM_PRODUCT_NAME:  Nitro AN515-52

SYSTEM_SKU:  0000000000000000

SYSTEM_VERSION:  V1.24

BIOS_VENDOR:  Insyde Corp.

BIOS_VERSION:  V1.24

BIOS_DATE:  12/05/2018

BASEBOARD_MANUFACTURER:  CFL

BASEBOARD_PRODUCT:  Freed_CFS

BASEBOARD_VERSION:  V1.24

DUMP_TYPE:  2

BUGCHECK_P1: 0

BUGCHECK_P2: ff

BUGCHECK_P3: 0

BUGCHECK_P4: 0

READ_ADDRESS: fffff80578f42390: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
 0000000000000000 

CURRENT_IRQL:  2

FAULTING_IP: 
+0
00000000`00000000 ??              ???

PROCESS_NAME:  System

CPU_COUNT: c

CPU_MHZ: 8a0

CPU_VENDOR:  GenuineIntel

CPU_FAMILY: 6

CPU_MODEL: 9e

CPU_STEPPING: a

CPU_MICROCODE: 6,9e,a,0 (F,M,S,R)  SIG: 9A'00000000 (cache) 9A'00000000 (init)

BLACKBOXBSD: 1 (!blackboxbsd)


BLACKBOXPNP: 1 (!blackboxpnp)


CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT

BUGCHECK_STR:  AV

ANALYSIS_SESSION_HOST:  MICHAL

ANALYSIS_SESSION_TIME:  03-23-2019 16:23:40.0921

ANALYSIS_VERSION: 10.0.17763.132 amd64fre

TRAP_FRAME:  ffffd0877d03f4b0 -- (.trap 0xffffd0877d03f4b0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000800
rdx=000000000000082f rsi=0000000000000000 rdi=0000000000000000
rip=0000000000000000 rsp=ffffd0877d03f648 rbp=000000000000002f
 r8=ffffd0877d03f6f0  r9=000000000000002f r10=fffff80579471960
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up di pl zr na po nc
00000000`00000000 ??              ???
Resetting default scope

IP_IN_FREE_BLOCK: 0

LAST_CONTROL_TRANSFER:  from fffff80578bc4d69 to fffff80578bb35e0

FAILED_INSTRUCTION_ADDRESS: 
+0
00000000`00000000 ??              ???

STACK_TEXT:  
ffffd087`7d03f368 fffff805`78bc4d69 : 00000000`0000000a 00000000`00000000 00000000`000000ff 00000000`00000000 : nt!KeBugCheckEx
ffffd087`7d03f370 fffff805`78bc118e : 00000000`00000000 ffffd087`00000002 ffffd600`b29c6100 fffff805`78c96d2f : nt!KiBugCheckDispatch+0x69
ffffd087`7d03f4b0 00000000`00000000 : fffff805`794719f5 ffff4134`d19dc38d ffffe704`7379e138 0000001f`ebf30d33 : nt!KiPageFault+0x44e


THREAD_SHA1_HASH_MOD_FUNC:  bf99962f16aee8a6a536cfcc5454c0cd4db15ac9

THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  2053c9cd60dcbe7f477419e6aee8664b1711298a

THREAD_SHA1_HASH_MOD:  2a7ca9d3ab5386d53fea7498e1d81b9c4a4c036b

FOLLOWUP_IP: 
nt!KiPageFault+44e
fffff805`78bc118e 33c0            xor     eax,eax

FAULT_INSTR_CODE:  ffb0c033

SYMBOL_STACK_INDEX:  2

SYMBOL_NAME:  nt!KiPageFault+44e

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  0

IMAGE_VERSION:  10.0.17763.379

STACK_COMMAND:  .thread ; .cxr ; kb

BUCKET_ID_FUNC_OFFSET:  44e

FAILURE_BUCKET_ID:  AV_CODE_AV_NULL_IP_nt!KiPageFault

BUCKET_ID:  AV_CODE_AV_NULL_IP_nt!KiPageFault

PRIMARY_PROBLEM_CLASS:  AV_CODE_AV_NULL_IP_nt!KiPageFault

TARGET_TIME:  2019-03-16T15:54:14.000Z

OSBUILD:  17763

OSSERVICEPACK:  379

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

SUITE_MASK:  272

PRODUCT_TYPE:  1

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

OSEDITION:  Windows 10 WinNt TerminalServer SingleUserTS

OS_LOCALE:  

USER_LCID:  0

OSBUILD_TIMESTAMP:  unknown_date

BUILDDATESTAMP_STR:  180914-1434

BUILDLAB_STR:  rs5_release

BUILDOSVER_STR:  10.0.17763.1.amd64fre.rs5_release.180914-1434

ANALYSIS_SESSION_ELAPSED_TIME:  14f1

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:av_code_av_null_ip_nt!kipagefault

FAILURE_ID_HASH:  {4ce35ff9-c5cf-d66d-0323-0f05e33f6692}

Followup:     MachineOwner
---------

2: kd> .trap 0xffffd0877d03f4b0
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000800
rdx=000000000000082f rsi=0000000000000000 rdi=0000000000000000
rip=0000000000000000 rsp=ffffd0877d03f648 rbp=000000000000002f
 r8=ffffd0877d03f6f0  r9=000000000000002f r10=fffff80579471960
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up di pl zr na po nc
00000000`00000000 ??              ???
2: kd> kb
  *** Stack trace for last set context - .thread/.cxr resets it
 # RetAddr           : Args to Child                                                           : Call Site
00 fffff805`794719f5 : ffff4134`d19dc38d ffffe704`7379e138 0000001f`ebf30d33 00000000`000d6386 : 0x0
01 fffff805`79471945 : ffffe704`79c34001 00000000`00000008 00000000`00000000 ffffd087`7d03f7a0 : hal!HalpApicRequestInterrupt+0x95
02 fffff805`78ac45f6 : ffffe704`79c340c0 ffffe704`79c340c0 ffffd600`b2f49180 ffffd087`7d03f754 : hal!HalSendSoftwareInterrupt+0xa5
03 fffff805`78ac5491 : ffffd600`b29c6180 00000000`00000001 00000000`00000000 ffffe704`00000000 : nt!KiDeferredReadyThread+0xf46
04 fffff805`78ac87fa : ffffe704`79c34230 ffffe704`73f98460 00000000`0000000f ffffd600`b29c6180 : nt!KiReadyThread+0x71
05 fffff805`78ab77f4 : ffffe704`73dc7c28 ffffd600`b29d6300 ffffe704`73dc7c68 00000000`00000002 : nt!KiProcessThreadWaitList+0x9a
06 fffff805`78ab85a7 : 00000000`00000012 00000000`00989680 ffffd600`b29d6300 00000000`0000001a : nt!KiProcessExpiredTimerList+0x2f4
07 fffff805`78bb6ffa : ffffffff`00000000 ffffd600`b29c6180 00000000`00000000 ffffd600`b29d6300 : nt!KiRetireDpcList+0x4a7
08 00000000`00000000 : ffffd087`7d040000 ffffd087`7d039000 00000000`00000000 00000000`00000000 : nt!KiIdleLoop+0x5a

The UNEXPECTED_KERNEL_MODE_TRAP bug check has a value of 0x0000007F. This bug check indicates that the Intel CPU generated a trap and the kernel failed to catch this trap.

This trap could be a bound trap (a trap the kernel is not permitted to catch) or a double fault (a fault that occurred while processing an earlier fault, which always results in a system failure).

Code:

Microsoft (R) Windows Debugger Version 10.0.17763.132 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [F:\031719-7218-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available


************* Path validation summary **************
Response                         Time (ms)     Location
Deferred                                       SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols
Symbol search path is: SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 10 Kernel Version 17763 MP (12 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 17763.1.amd64fre.rs5_release.180914-1434
Machine Name:
Kernel base = 0xfffff806`1761d000 PsLoadedModuleList = 0xfffff806`17a389f0
Debug session time: Sat Mar 16 19:30:52.907 2019 (UTC + 1:00)
System Uptime: 0 days 0:21:13.672
Loading Kernel Symbols
...............................................................
................................................................
................................................................
....
Loading User Symbols
Loading unloaded module list
.........
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 7F, {8, ffff9d819df4c150, 0, fffff8061808e94a}

*** WARNING: Unable to verify timestamp for win32k.sys
*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
Probably caused by : ntkrnlmp.exe ( nt!KiDoubleFaultAbort+2a8 )

Followup:     MachineOwner
---------

2: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

UNEXPECTED_KERNEL_MODE_TRAP (7f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault).  The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
        use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
        use .trap on that value
Else
        .trap on the appropriate frame will show where the trap was taken
        (on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 0000000000000008, EXCEPTION_DOUBLE_FAULT
Arg2: ffff9d819df4c150
Arg3: 0000000000000000
Arg4: fffff8061808e94a

Debugging Details:
------------------


KEY_VALUES_STRING: 1


STACKHASH_ANALYSIS: 1

TIMELINE_ANALYSIS: 1


DUMP_CLASS: 1

DUMP_QUALIFIER: 400

BUILD_VERSION_STRING:  17763.1.amd64fre.rs5_release.180914-1434

SYSTEM_MANUFACTURER:  Acer

SYSTEM_PRODUCT_NAME:  Nitro AN515-52

SYSTEM_SKU:  0000000000000000

SYSTEM_VERSION:  V1.24

BIOS_VENDOR:  Insyde Corp.

BIOS_VERSION:  V1.24

BIOS_DATE:  12/05/2018

BASEBOARD_MANUFACTURER:  CFL

BASEBOARD_PRODUCT:  Freed_CFS

BASEBOARD_VERSION:  V1.24

DUMP_TYPE:  2

BUGCHECK_P1: 8

BUGCHECK_P2: ffff9d819df4c150

BUGCHECK_P3: 0

BUGCHECK_P4: fffff8061808e94a

BUGCHECK_STR:  0x7f_8

TRAP_FRAME:  ffff9d819df4c150 -- (.trap 0xffff9d819df4c150)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000830
rdx=0000000000000100 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8061808e94a rsp=0000000000000000 rbp=fffff00841e3f7f0
 r8=0000000000000100  r9=000000000000002f r10=fffff8061808e960
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl nz na pe nc
hal!HalSendSoftwareInterrupt+0xaa:
fffff806`1808e94a 488b5c2478      mov     rbx,qword ptr [rsp+78h] ss:0018:00000000`00000078=????????????????
Resetting default scope

CPU_COUNT: c

CPU_MHZ: 8a0

CPU_VENDOR:  GenuineIntel

CPU_FAMILY: 6

CPU_MODEL: 9e

CPU_STEPPING: a

CPU_MICROCODE: 6,9e,a,0 (F,M,S,R)  SIG: 9A'00000000 (cache) 9A'00000000 (init)

BLACKBOXBSD: 1 (!blackboxbsd)


BLACKBOXPNP: 1 (!blackboxpnp)


CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT

PROCESS_NAME:  System

CURRENT_IRQL:  2

ANALYSIS_SESSION_HOST:  MICHAL

ANALYSIS_SESSION_TIME:  03-23-2019 16:32:21.0542

ANALYSIS_VERSION: 10.0.17763.132 amd64fre

LAST_CONTROL_TRANSFER:  from fffff806177e1d69 to fffff806177d05e0

STACK_TEXT:  
ffff9d81`9df4c008 fffff806`177e1d69 : 00000000`0000007f 00000000`00000008 ffff9d81`9df4c150 00000000`00000000 : nt!KeBugCheckEx
ffff9d81`9df4c010 fffff806`177dcda8 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
ffff9d81`9df4c150 fffff806`1808e94a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDoubleFaultAbort+0x2a8
00000000`00000000 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : hal!HalSendSoftwareInterrupt+0xaa


THREAD_SHA1_HASH_MOD_FUNC:  fef0b536b317887981a1082be368823414f7b56a

THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  48442a6f9113d5a6074a3fe8d72c9463bc59f3c3

THREAD_SHA1_HASH_MOD:  71b8386492ec9dbcf212c1f17c47760c74888818

FOLLOWUP_IP: 
nt!KiDoubleFaultAbort+2a8
fffff806`177dcda8 90              nop

FAULT_INSTR_CODE:  6666c390

SYMBOL_STACK_INDEX:  2

SYMBOL_NAME:  nt!KiDoubleFaultAbort+2a8

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  0

IMAGE_VERSION:  10.0.17763.379

STACK_COMMAND:  .thread ; .cxr ; kb

BUCKET_ID_FUNC_OFFSET:  2a8

FAILURE_BUCKET_ID:  0x7f_8_nt!KiDoubleFaultAbort

BUCKET_ID:  0x7f_8_nt!KiDoubleFaultAbort

PRIMARY_PROBLEM_CLASS:  0x7f_8_nt!KiDoubleFaultAbort

TARGET_TIME:  2019-03-16T18:30:52.000Z

OSBUILD:  17763

OSSERVICEPACK:  379

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

SUITE_MASK:  272

PRODUCT_TYPE:  1

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

OSEDITION:  Windows 10 WinNt TerminalServer SingleUserTS

OS_LOCALE:  

USER_LCID:  0

OSBUILD_TIMESTAMP:  unknown_date

BUILDDATESTAMP_STR:  180914-1434

BUILDLAB_STR:  rs5_release

BUILDOSVER_STR:  10.0.17763.1.amd64fre.rs5_release.180914-1434

ANALYSIS_SESSION_ELAPSED_TIME:  9cfa

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:0x7f_8_nt!kidoublefaultabort

FAILURE_ID_HASH:  {d1f8395a-8c58-45da-6ebf-e8bb4aad2fc5}

Followup:     MachineOwner
---------

2: kd> kv
 # Child-SP          RetAddr           : Args to Child                                                           : Call Site
00 ffff9d81`9df4c008 fffff806`177e1d69 : 00000000`0000007f 00000000`00000008 ffff9d81`9df4c150 00000000`00000000 : nt!KeBugCheckEx
01 ffff9d81`9df4c010 fffff806`177dcda8 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
02 ffff9d81`9df4c150 fffff806`1808e94a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDoubleFaultAbort+0x2a8 (TrapFrame @ ffff9d81`9df4c150)
03 00000000`00000000 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : hal!HalSendSoftwareInterrupt+0xaa
2: kd> .trap 0xffff9d819df4c150
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000830
rdx=0000000000000100 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8061808e94a rsp=0000000000000000 rbp=fffff00841e3f7f0
 r8=0000000000000100  r9=000000000000002f r10=fffff8061808e960
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl nz na pe nc
hal!HalSendSoftwareInterrupt+0xaa:
fffff806`1808e94a 488b5c2478      mov     rbx,qword ptr [rsp+78h] ss:0018:00000000`00000078=????????????????
2: kd> kb
  *** Stack trace for last set context - .thread/.cxr resets it
 # RetAddr           : Args to Child                                                           : Call Site
00 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : hal!HalSendSoftwareInterrupt+0xaa

Code:

Microsoft (R) Windows Debugger Version 10.0.17763.132 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [F:\032119-7421-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available


************* Path validation summary **************
Response                         Time (ms)     Location
Deferred                                       SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols
Symbol search path is: SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 10 Kernel Version 17763 MP (12 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 17763.1.amd64fre.rs5_release.180914-1434
Machine Name:
Kernel base = 0xfffff801`42a9d000 PsLoadedModuleList = 0xfffff801`42eb89f0
Debug session time: Thu Mar 21 19:17:36.750 2019 (UTC + 1:00)
System Uptime: 0 days 0:32:13.515
Loading Kernel Symbols
...............................................................
................................................................
................................................................
....
Loading User Symbols
Loading unloaded module list
..........
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 7F, {8, ffffcf013a3d9150, 0, fffff80142a0694a}

*** WARNING: Unable to verify timestamp for win32k.sys
*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
Probably caused by : ntkrnlmp.exe ( nt!KiDoubleFaultAbort+2a8 )

Followup:     MachineOwner
---------

2: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

UNEXPECTED_KERNEL_MODE_TRAP (7f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault).  The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
        use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
        use .trap on that value
Else
        .trap on the appropriate frame will show where the trap was taken
        (on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 0000000000000008, EXCEPTION_DOUBLE_FAULT
Arg2: ffffcf013a3d9150
Arg3: 0000000000000000
Arg4: fffff80142a0694a

Debugging Details:
------------------


KEY_VALUES_STRING: 1


STACKHASH_ANALYSIS: 1

TIMELINE_ANALYSIS: 1


DUMP_CLASS: 1

DUMP_QUALIFIER: 400

BUILD_VERSION_STRING:  17763.1.amd64fre.rs5_release.180914-1434

SYSTEM_MANUFACTURER:  Acer

SYSTEM_PRODUCT_NAME:  Nitro AN515-52

SYSTEM_SKU:  0000000000000000

SYSTEM_VERSION:  V1.24

BIOS_VENDOR:  Insyde Corp.

BIOS_VERSION:  V1.24

BIOS_DATE:  12/05/2018

BASEBOARD_MANUFACTURER:  CFL

BASEBOARD_PRODUCT:  Freed_CFS

BASEBOARD_VERSION:  V1.24

DUMP_TYPE:  2

BUGCHECK_P1: 8

BUGCHECK_P2: ffffcf013a3d9150

BUGCHECK_P3: 0

BUGCHECK_P4: fffff80142a0694a

BUGCHECK_STR:  0x7f_8

TRAP_FRAME:  ffffcf013a3d9150 -- (.trap 0xffffcf013a3d9150)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000830
rdx=0000000000000020 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80142a0694a rsp=0000000000000000 rbp=ffff95858083f7f0
 r8=0000000000000020  r9=000000000000002f r10=fffff80142a06960
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl nz na pe nc
hal!HalSendSoftwareInterrupt+0xaa:
fffff801`42a0694a 488b5c2478      mov     rbx,qword ptr [rsp+78h] ss:0018:00000000`00000078=????????????????
Resetting default scope

CPU_COUNT: c

CPU_MHZ: 8a0

CPU_VENDOR:  GenuineIntel

CPU_FAMILY: 6

CPU_MODEL: 9e

CPU_STEPPING: a

CPU_MICROCODE: 6,9e,a,0 (F,M,S,R)  SIG: 9A'00000000 (cache) 9A'00000000 (init)

BLACKBOXBSD: 1 (!blackboxbsd)


BLACKBOXPNP: 1 (!blackboxpnp)


CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT

PROCESS_NAME:  System

CURRENT_IRQL:  2

ANALYSIS_SESSION_HOST:  MICHAL

ANALYSIS_SESSION_TIME:  03-23-2019 16:35:01.0936

ANALYSIS_VERSION: 10.0.17763.132 amd64fre

LAST_CONTROL_TRANSFER:  from fffff80142c61d69 to fffff80142c505e0

STACK_TEXT:  
ffffcf01`3a3d9008 fffff801`42c61d69 : 00000000`0000007f 00000000`00000008 ffffcf01`3a3d9150 00000000`00000000 : nt!KeBugCheckEx
ffffcf01`3a3d9010 fffff801`42c5cda8 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
ffffcf01`3a3d9150 fffff801`42a0694a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDoubleFaultAbort+0x2a8
00000000`00000000 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : hal!HalSendSoftwareInterrupt+0xaa


THREAD_SHA1_HASH_MOD_FUNC:  fef0b536b317887981a1082be368823414f7b56a

THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  48442a6f9113d5a6074a3fe8d72c9463bc59f3c3

THREAD_SHA1_HASH_MOD:  71b8386492ec9dbcf212c1f17c47760c74888818

FOLLOWUP_IP: 
nt!KiDoubleFaultAbort+2a8
fffff801`42c5cda8 90              nop

FAULT_INSTR_CODE:  6666c390

SYMBOL_STACK_INDEX:  2

SYMBOL_NAME:  nt!KiDoubleFaultAbort+2a8

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  0

IMAGE_VERSION:  10.0.17763.379

STACK_COMMAND:  .thread ; .cxr ; kb

BUCKET_ID_FUNC_OFFSET:  2a8

FAILURE_BUCKET_ID:  0x7f_8_nt!KiDoubleFaultAbort

BUCKET_ID:  0x7f_8_nt!KiDoubleFaultAbort

PRIMARY_PROBLEM_CLASS:  0x7f_8_nt!KiDoubleFaultAbort

TARGET_TIME:  2019-03-21T18:17:36.000Z

OSBUILD:  17763

OSSERVICEPACK:  379

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

SUITE_MASK:  272

PRODUCT_TYPE:  1

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

OSEDITION:  Windows 10 WinNt TerminalServer SingleUserTS

OS_LOCALE:  

USER_LCID:  0

OSBUILD_TIMESTAMP:  unknown_date

BUILDDATESTAMP_STR:  180914-1434

BUILDLAB_STR:  rs5_release

BUILDOSVER_STR:  10.0.17763.1.amd64fre.rs5_release.180914-1434

ANALYSIS_SESSION_ELAPSED_TIME:  cfb2

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:0x7f_8_nt!kidoublefaultabort

FAILURE_ID_HASH:  {d1f8395a-8c58-45da-6ebf-e8bb4aad2fc5}

Followup:     MachineOwner
---------

2: kd> kv
 # Child-SP          RetAddr           : Args to Child                                                           : Call Site
00 ffffcf01`3a3d9008 fffff801`42c61d69 : 00000000`0000007f 00000000`00000008 ffffcf01`3a3d9150 00000000`00000000 : nt!KeBugCheckEx
01 ffffcf01`3a3d9010 fffff801`42c5cda8 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
02 ffffcf01`3a3d9150 fffff801`42a0694a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDoubleFaultAbort+0x2a8 (TrapFrame @ ffffcf01`3a3d9150)
03 00000000`00000000 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : hal!HalSendSoftwareInterrupt+0xaa
2: kd> .trap 0xffffcf013a3d9150
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000830
rdx=0000000000000020 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80142a0694a rsp=0000000000000000 rbp=ffff95858083f7f0
 r8=0000000000000020  r9=000000000000002f r10=fffff80142a06960
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl nz na pe nc
hal!HalSendSoftwareInterrupt+0xaa:
fffff801`42a0694a 488b5c2478      mov     rbx,qword ptr [rsp+78h] ss:0018:00000000`00000078=????????????????
2: kd> kb
  *** Stack trace for last set context - .thread/.cxr resets it
 # RetAddr           : Args to Child                                                           : Call Site
00 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : hal!HalSendSoftwareInterrupt+0xaa

The IRQL_NOT_LESS_OR_EQUAL bug check has a value of 0x0000000A. This indicates that Microsoft Windows or a kernel-mode driver accessed paged memory at DISPATCH_LEVEL or above.

Code:

Microsoft (R) Windows Debugger Version 10.0.17763.132 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [F:\031719-7375-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available


************* Path validation summary **************
Response                         Time (ms)     Location
Deferred                                       SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols
Symbol search path is: SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 10 Kernel Version 17763 MP (12 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 17763.1.amd64fre.rs5_release.180914-1434
Machine Name:
Kernel base = 0xfffff807`2040f000 PsLoadedModuleList = 0xfffff807`2082a9f0
Debug session time: Sun Mar 17 13:56:20.484 2019 (UTC + 1:00)
System Uptime: 0 days 3:33:25.249
Loading Kernel Symbols
...............................................................
................................................................
................................................................
.....
Loading User Symbols
Loading unloaded module list
..........
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck A, {61b8, 2, 0, fffff807204d3569}

*** WARNING: Unable to verify timestamp for win32k.sys
*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
Probably caused by : ntkrnlmp.exe ( nt!KiDeferredReadyThread+eb9 )

Followup:     MachineOwner
---------

2: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 00000000000061b8, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, bitfield :
    bit 0 : value 0 = read operation, 1 = write operation
    bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff807204d3569, address which referenced memory

Debugging Details:
------------------


KEY_VALUES_STRING: 1


STACKHASH_ANALYSIS: 1

TIMELINE_ANALYSIS: 1


DUMP_CLASS: 1

DUMP_QUALIFIER: 400

BUILD_VERSION_STRING:  17763.1.amd64fre.rs5_release.180914-1434

SYSTEM_MANUFACTURER:  Acer

SYSTEM_PRODUCT_NAME:  Nitro AN515-52

SYSTEM_SKU:  0000000000000000

SYSTEM_VERSION:  V1.24

BIOS_VENDOR:  Insyde Corp.

BIOS_VERSION:  V1.24

BIOS_DATE:  12/05/2018

BASEBOARD_MANUFACTURER:  CFL

BASEBOARD_PRODUCT:  Freed_CFS

BASEBOARD_VERSION:  V1.24

DUMP_TYPE:  2

BUGCHECK_P1: 61b8

BUGCHECK_P2: 2

BUGCHECK_P3: 0

BUGCHECK_P4: fffff807204d3569

READ_ADDRESS: fffff80720951390: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
 00000000000061b8 

CURRENT_IRQL:  2

FAULTING_IP: 
nt!KiDeferredReadyThread+eb9
fffff807`204d3569 488b91b8610000  mov     rdx,qword ptr [rcx+61B8h]

CPU_COUNT: c

CPU_MHZ: 8a0

CPU_VENDOR:  GenuineIntel

CPU_FAMILY: 6

CPU_MODEL: 9e

CPU_STEPPING: a

CPU_MICROCODE: 6,9e,a,0 (F,M,S,R)  SIG: 9A'00000000 (cache) 9A'00000000 (init)

BLACKBOXBSD: 1 (!blackboxbsd)


BLACKBOXPNP: 1 (!blackboxpnp)


CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT

BUGCHECK_STR:  AV

PROCESS_NAME:  System

ANALYSIS_SESSION_HOST:  MICHAL

ANALYSIS_SESSION_TIME:  03-23-2019 16:37:48.0770

ANALYSIS_VERSION: 10.0.17763.132 amd64fre

TRAP_FRAME:  ffff82857ee3f5e0 -- (.trap 0xffff82857ee3f5e0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffffffffffffffcf rbx=0000000000000000 rcx=0000000000000000
rdx=ffffa684e15a8080 rsi=0000000000000000 rdi=0000000000000000
rip=fffff807204d3569 rsp=ffff82857ee3f770 rbp=ffff82857ee3f7f0
 r8=0000000000000002  r9=0000000000000003 r10=0000000000000000
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl zr na po nc
nt!KiDeferredReadyThread+0xeb9:
fffff807`204d3569 488b91b8610000  mov     rdx,qword ptr [rcx+61B8h] ds:00000000`000061b8=????????????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff807205d3d69 to fffff807205c25e0

STACK_TEXT:  
ffff8285`7ee3f498 fffff807`205d3d69 : 00000000`0000000a 00000000`000061b8 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
ffff8285`7ee3f4a0 fffff807`205d018e : ffffa684`db8d4200 00000000`00000002 00000000`00000000 ffffa684`e0a641f0 : nt!KiBugCheckDispatch+0x69
ffff8285`7ee3f5e0 fffff807`204d3569 : ffffa684`e15a8080 ffff8285`7ee3f7f0 ffffc001`4f596180 ffff8285`7ee3f7a4 : nt!KiPageFault+0x44e
ffff8285`7ee3f770 fffff807`204d4491 : ffffc001`4f3c2180 ffff8285`7ee3fa10 00000000`00000003 00000000`00000000 : nt!KiDeferredReadyThread+0xeb9
ffff8285`7ee3f830 fffff807`204c6786 : ffffa684`e15a81f0 ffffa684`db967398 ffff8285`7ee3fa18 00000000`00000008 : nt!KiReadyThread+0x71
ffff8285`7ee3f860 fffff807`204c75a7 : 00000000`00000012 00000000`00989680 ffffc001`4f3d2300 00000000`00000019 : nt!KiProcessExpiredTimerList+0x286
ffff8285`7ee3f950 fffff807`205c5ffa : ffffffff`00000000 ffffc001`4f3c2180 00000000`00000000 ffffc001`4f3d2300 : nt!KiRetireDpcList+0x4a7
ffff8285`7ee3fb60 00000000`00000000 : ffff8285`7ee40000 ffff8285`7ee39000 00000000`00000000 00000000`00000000 : nt!KiIdleLoop+0x5a


THREAD_SHA1_HASH_MOD_FUNC:  7d1c7bac59940d71a331a915b43b1f0926359f80

THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  6217f9fc4492b900e30ea0d46f9868a8d5804bff

THREAD_SHA1_HASH_MOD:  cb5f414824c2521bcc505eaa03e92fa10922dad8

FOLLOWUP_IP: 
nt!KiDeferredReadyThread+eb9
fffff807`204d3569 488b91b8610000  mov     rdx,qword ptr [rcx+61B8h]

FAULT_INSTR_CODE:  b8918b48

SYMBOL_STACK_INDEX:  3

SYMBOL_NAME:  nt!KiDeferredReadyThread+eb9

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  0

IMAGE_VERSION:  10.0.17763.379

STACK_COMMAND:  .thread ; .cxr ; kb

BUCKET_ID_FUNC_OFFSET:  eb9

FAILURE_BUCKET_ID:  AV_nt!KiDeferredReadyThread

BUCKET_ID:  AV_nt!KiDeferredReadyThread

PRIMARY_PROBLEM_CLASS:  AV_nt!KiDeferredReadyThread

TARGET_TIME:  2019-03-17T12:56:20.000Z

OSBUILD:  17763

OSSERVICEPACK:  379

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

SUITE_MASK:  272

PRODUCT_TYPE:  1

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

OSEDITION:  Windows 10 WinNt TerminalServer SingleUserTS

OS_LOCALE:  

USER_LCID:  0

OSBUILD_TIMESTAMP:  unknown_date

BUILDDATESTAMP_STR:  180914-1434

BUILDLAB_STR:  rs5_release

BUILDOSVER_STR:  10.0.17763.1.amd64fre.rs5_release.180914-1434

ANALYSIS_SESSION_ELAPSED_TIME:  2719

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:av_nt!kideferredreadythread

FAILURE_ID_HASH:  {d70641df-b27f-49ce-f6c0-b234c7435b54}

Followup:     MachineOwner
---------

2: kd> kv
 # Child-SP          RetAddr           : Args to Child                                                           : Call Site
00 ffff8285`7ee3f498 fffff807`205d3d69 : 00000000`0000000a 00000000`000061b8 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
01 ffff8285`7ee3f4a0 fffff807`205d018e : ffffa684`db8d4200 00000000`00000002 00000000`00000000 ffffa684`e0a641f0 : nt!KiBugCheckDispatch+0x69
02 ffff8285`7ee3f5e0 fffff807`204d3569 : ffffa684`e15a8080 ffff8285`7ee3f7f0 ffffc001`4f596180 ffff8285`7ee3f7a4 : nt!KiPageFault+0x44e (TrapFrame @ ffff8285`7ee3f5e0)
03 ffff8285`7ee3f770 fffff807`204d4491 : ffffc001`4f3c2180 ffff8285`7ee3fa10 00000000`00000003 00000000`00000000 : nt!KiDeferredReadyThread+0xeb9
04 ffff8285`7ee3f830 fffff807`204c6786 : ffffa684`e15a81f0 ffffa684`db967398 ffff8285`7ee3fa18 00000000`00000008 : nt!KiReadyThread+0x71
05 ffff8285`7ee3f860 fffff807`204c75a7 : 00000000`00000012 00000000`00989680 ffffc001`4f3d2300 00000000`00000019 : nt!KiProcessExpiredTimerList+0x286
06 ffff8285`7ee3f950 fffff807`205c5ffa : ffffffff`00000000 ffffc001`4f3c2180 00000000`00000000 ffffc001`4f3d2300 : nt!KiRetireDpcList+0x4a7
07 ffff8285`7ee3fb60 00000000`00000000 : ffff8285`7ee40000 ffff8285`7ee39000 00000000`00000000 00000000`00000000 : nt!KiIdleLoop+0x5a
2: kd> .trap 0xffff82857ee3f5e0
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffffffffffffffcf rbx=0000000000000000 rcx=0000000000000000
rdx=ffffa684e15a8080 rsi=0000000000000000 rdi=0000000000000000
rip=fffff807204d3569 rsp=ffff82857ee3f770 rbp=ffff82857ee3f7f0
 r8=0000000000000002  r9=0000000000000003 r10=0000000000000000
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl zr na po nc
nt!KiDeferredReadyThread+0xeb9:
fffff807`204d3569 488b91b8610000  mov     rdx,qword ptr [rcx+61B8h] ds:00000000`000061b8=????????????????
2: kd> kb
  *** Stack trace for last set context - .thread/.cxr resets it
 # RetAddr           : Args to Child                                                           : Call Site
00 fffff807`204d4491 : ffffc001`4f3c2180 ffff8285`7ee3fa10 00000000`00000003 00000000`00000000 : nt!KiDeferredReadyThread+0xeb9
01 fffff807`204c6786 : ffffa684`e15a81f0 ffffa684`db967398 ffff8285`7ee3fa18 00000000`00000008 : nt!KiReadyThread+0x71
02 fffff807`204c75a7 : 00000000`00000012 00000000`00989680 ffffc001`4f3d2300 00000000`00000019 : nt!KiProcessExpiredTimerList+0x286
03 fffff807`205c5ffa : ffffffff`00000000 ffffc001`4f3c2180 00000000`00000000 ffffc001`4f3d2300 : nt!KiRetireDpcList+0x4a7
04 00000000`00000000 : ffff8285`7ee40000 ffff8285`7ee39000 00000000`00000000 00000000`00000000 : nt!KiIdleLoop+0x5a

The SYSTEM_SERVICE_EXCEPTION bug check has a value of 0x0000003B. This indicates that an exception happened while executing a routine that transitions from non-privileged code to privileged code.

Code:

Microsoft (R) Windows Debugger Version 10.0.17763.132 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [F:\031719-7656-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available


************* Path validation summary **************
Response                         Time (ms)     Location
Deferred                                       SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols
Symbol search path is: SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 10 Kernel Version 17763 MP (12 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 17763.1.amd64fre.rs5_release.180914-1434
Machine Name:
Kernel base = 0xfffff804`10eb6000 PsLoadedModuleList = 0xfffff804`112d19f0
Debug session time: Sun Mar 17 18:31:48.137 2019 (UTC + 1:00)
System Uptime: 0 days 0:30:07.902
Loading Kernel Symbols
...............................................................
................................................................
................................................................
....
Loading User Symbols
Loading unloaded module list
.........
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 3B, {c0000005, fffff80412d5fca4, ffff85016e5d62a0, 0}

Probably caused by : Ntfs.sys ( Ntfs!NtfsCommonCreate+a94 )

Followup:     MachineOwner
---------

2: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff80412d5fca4, Address of the instruction which caused the bugcheck
Arg3: ffff85016e5d62a0, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.

Debugging Details:
------------------


KEY_VALUES_STRING: 1


STACKHASH_ANALYSIS: 1

TIMELINE_ANALYSIS: 1


DUMP_CLASS: 1

DUMP_QUALIFIER: 400

BUILD_VERSION_STRING:  17763.1.amd64fre.rs5_release.180914-1434

SYSTEM_MANUFACTURER:  Acer

SYSTEM_PRODUCT_NAME:  Nitro AN515-52

SYSTEM_SKU:  0000000000000000

SYSTEM_VERSION:  V1.24

BIOS_VENDOR:  Insyde Corp.

BIOS_VERSION:  V1.24

BIOS_DATE:  12/05/2018

BASEBOARD_MANUFACTURER:  CFL

BASEBOARD_PRODUCT:  Freed_CFS

BASEBOARD_VERSION:  V1.24

DUMP_TYPE:  2

BUGCHECK_P1: c0000005

BUGCHECK_P2: fffff80412d5fca4

BUGCHECK_P3: ffff85016e5d62a0

BUGCHECK_P4: 0

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

FAULTING_IP: 
Ntfs!NtfsCommonCreate+a94
fffff804`12d5fca4 f7421000200000  test    dword ptr [rdx+10h],2000h

CONTEXT:  ffff85016e5d62a0 -- (.cxr 0xffff85016e5d62a0)
rax=0000000000000800 rbx=ffffa602dbbe6180 rcx=0000000000000820
rdx=0000000000000000 rsi=ffffa602ea643768 rdi=ffff85016e5d6f60
rip=fffff80412d5fca4 rsp=ffff85016e5d6c90 rbp=0000000000000008
 r8=0000000000000000  r9=ffff85016e5d1000 r10=ffffa602e7bbb080
r11=ffff85016e5d6be0 r12=ffff85016e5d6f80 r13=ffff85016e5d7010
r14=ffffa602ec8ae1e0 r15=ffff85016e5d6ffc
iopl=0         nv up ei pl nz na pe nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010202
Ntfs!NtfsCommonCreate+0xa94:
fffff804`12d5fca4 f7421000200000  test    dword ptr [rdx+10h],2000h ds:002b:00000000`00000010=????????
Resetting default scope

CPU_COUNT: c

CPU_MHZ: 8a0

CPU_VENDOR:  GenuineIntel

CPU_FAMILY: 6

CPU_MODEL: 9e

CPU_STEPPING: a

CPU_MICROCODE: 6,9e,a,0 (F,M,S,R)  SIG: 9A'00000000 (cache) 9A'00000000 (init)

BLACKBOXBSD: 1 (!blackboxbsd)


BLACKBOXPNP: 1 (!blackboxpnp)


CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT

BUGCHECK_STR:  0x3B

PROCESS_NAME:  GTA5.exe

CURRENT_IRQL:  0

ANALYSIS_SESSION_HOST:  MICHAL

ANALYSIS_SESSION_TIME:  03-23-2019 16:39:23.0563

ANALYSIS_VERSION: 10.0.17763.132 amd64fre

LAST_CONTROL_TRANSFER:  from fffff80412d643bd to fffff80412d5fca4

STACK_TEXT:  
ffff8501`6e5d6c90 fffff804`12d643bd : ffffa602`ec8ae1e0 ffff8501`6e5d6f60 ffffa602`ec8ae1e0 00000000`00000000 : Ntfs!NtfsCommonCreate+0xa94
ffff8501`6e5d6e80 fffff804`10f6e0d9 : ffffa602`dbbe6030 ffffa602`ec8ae1e0 ffffa602`dba70800 ffffa602`e82533b0 : Ntfs!NtfsFsdCreate+0x1cd
ffff8501`6e5d70e0 fffff806`70796219 : ffffa602`ec8ae1e0 ffffa602`e82533b0 ffffa602`ec8ae5c8 ffffa602`dba05d60 : nt!IofCallDriver+0x59
ffff8501`6e5d7120 fffff806`707cd559 : ffff8501`6e5d71d0 ffffa602`e82533b0 00000020`00000000 fffff806`00000840 : FLTMGR!FltpLegacyProcessingAfterPreCallbacksCompleted+0x289
ffff8501`6e5d7190 fffff804`10f6e0d9 : ffffa602`e8253300 ffff8501`6e5d77a0 00000000`00000000 ffff8501`00000030 : FLTMGR!FltpCreate+0x2f9
ffff8501`6e5d7240 fffff804`10f6f4b4 : 00000000`00000000 ffffa602`ec8ae1e0 ffffa602`dbb94cd0 ffffa602`ec8ae1e0 : nt!IofCallDriver+0x59
ffff8501`6e5d7280 fffff804`1152afe2 : ffff8501`6e5d7540 ffff8501`6e5d77a0 00000000`00000045 ffffa602`db9cb8f0 : nt!IoCallDriverWithTracing+0x34
ffff8501`6e5d72d0 fffff804`115501b9 : ffffa602`db9cb8f0 ffffa602`db9cb800 ffffa602`eb335ad0 ffffcc08`5277ab01 : nt!IopParseDevice+0x632
ffff8501`6e5d7440 fffff804`1154e7bf : ffffa602`eb335a00 ffff8501`6e5d76a8 00000000`00000840 ffffa602`d86ef900 : nt!ObpLookupObjectName+0x719
ffff8501`6e5d7610 fffff804`114a5193 : 00000000`00000001 00000000`00000028 00000099`1bbaeb70 00000099`1bbaea38 : nt!ObOpenObjectByNameEx+0x1df
ffff8501`6e5d7750 fffff804`1107a785 : ffffa602`e7bbb080 00000099`1bbaef88 ffffa602`e7bbb080 ffffa602`e913b6f0 : nt!NtQueryAttributesFile+0x193
ffff8501`6e5d7a00 00007ffc`1ebffe14 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x25
00000099`1bbae9d8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffc`1ebffe14


THREAD_SHA1_HASH_MOD_FUNC:  9c209ea40f95287324b5883448547ea454a82141

THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  4b3254a1a603c848f6cfa908d1ed19ca5bd7ff3b

THREAD_SHA1_HASH_MOD:  5e458b8bf6f18a04d6afdb0200cab3eea46b40ae

FOLLOWUP_IP: 
Ntfs!NtfsCommonCreate+a94
fffff804`12d5fca4 f7421000200000  test    dword ptr [rdx+10h],2000h

FAULT_INSTR_CODE:  1042f7

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  Ntfs!NtfsCommonCreate+a94

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: Ntfs

IMAGE_NAME:  Ntfs.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  0

IMAGE_VERSION:  10.0.17763.379

STACK_COMMAND:  .cxr 0xffff85016e5d62a0 ; kb

BUCKET_ID_FUNC_OFFSET:  a94

FAILURE_BUCKET_ID:  0x3B_Ntfs!NtfsCommonCreate

BUCKET_ID:  0x3B_Ntfs!NtfsCommonCreate

PRIMARY_PROBLEM_CLASS:  0x3B_Ntfs!NtfsCommonCreate

TARGET_TIME:  2019-03-17T17:31:48.000Z

OSBUILD:  17763

OSSERVICEPACK:  379

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

SUITE_MASK:  272

PRODUCT_TYPE:  1

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

OSEDITION:  Windows 10 WinNt TerminalServer SingleUserTS

OS_LOCALE:  

USER_LCID:  0

OSBUILD_TIMESTAMP:  unknown_date

BUILDDATESTAMP_STR:  180914-1434

BUILDLAB_STR:  rs5_release

BUILDOSVER_STR:  10.0.17763.1.amd64fre.rs5_release.180914-1434

ANALYSIS_SESSION_ELAPSED_TIME:  6422

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:0x3b_ntfs!ntfscommoncreate

FAILURE_ID_HASH:  {11136f07-a372-f628-3e9d-70fb38455252}

Followup:     MachineOwner
---------

2: kd> .cxr 0xffff85016e5d62a0
rax=0000000000000800 rbx=ffffa602dbbe6180 rcx=0000000000000820
rdx=0000000000000000 rsi=ffffa602ea643768 rdi=ffff85016e5d6f60
rip=fffff80412d5fca4 rsp=ffff85016e5d6c90 rbp=0000000000000008
 r8=0000000000000000  r9=ffff85016e5d1000 r10=ffffa602e7bbb080
r11=ffff85016e5d6be0 r12=ffff85016e5d6f80 r13=ffff85016e5d7010
r14=ffffa602ec8ae1e0 r15=ffff85016e5d6ffc
iopl=0         nv up ei pl nz na pe nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010202
Ntfs!NtfsCommonCreate+0xa94:
fffff804`12d5fca4 f7421000200000  test    dword ptr [rdx+10h],2000h ds:002b:00000000`00000010=????????
2: kd> kb
  *** Stack trace for last set context - .thread/.cxr resets it
 # RetAddr           : Args to Child                                                           : Call Site
00 fffff804`12d643bd : ffffa602`ec8ae1e0 ffff8501`6e5d6f60 ffffa602`ec8ae1e0 00000000`00000000 : Ntfs!NtfsCommonCreate+0xa94
01 fffff804`10f6e0d9 : ffffa602`dbbe6030 ffffa602`ec8ae1e0 ffffa602`dba70800 ffffa602`e82533b0 : Ntfs!NtfsFsdCreate+0x1cd
02 fffff806`70796219 : ffffa602`ec8ae1e0 ffffa602`e82533b0 ffffa602`ec8ae5c8 ffffa602`dba05d60 : nt!IofCallDriver+0x59
03 fffff806`707cd559 : ffff8501`6e5d71d0 ffffa602`e82533b0 00000020`00000000 fffff806`00000840 : FLTMGR!FltpLegacyProcessingAfterPreCallbacksCompleted+0x289
04 fffff804`10f6e0d9 : ffffa602`e8253300 ffff8501`6e5d77a0 00000000`00000000 ffff8501`00000030 : FLTMGR!FltpCreate+0x2f9
05 fffff804`10f6f4b4 : 00000000`00000000 ffffa602`ec8ae1e0 ffffa602`dbb94cd0 ffffa602`ec8ae1e0 : nt!IofCallDriver+0x59
06 fffff804`1152afe2 : ffff8501`6e5d7540 ffff8501`6e5d77a0 00000000`00000045 ffffa602`db9cb8f0 : nt!IoCallDriverWithTracing+0x34
07 fffff804`115501b9 : ffffa602`db9cb8f0 ffffa602`db9cb800 ffffa602`eb335ad0 ffffcc08`5277ab01 : nt!IopParseDevice+0x632
08 fffff804`1154e7bf : ffffa602`eb335a00 ffff8501`6e5d76a8 00000000`00000840 ffffa602`d86ef900 : nt!ObpLookupObjectName+0x719
09 fffff804`114a5193 : 00000000`00000001 00000000`00000028 00000099`1bbaeb70 00000099`1bbaea38 : nt!ObOpenObjectByNameEx+0x1df
0a fffff804`1107a785 : ffffa602`e7bbb080 00000099`1bbaef88 ffffa602`e7bbb080 ffffa602`e913b6f0 : nt!NtQueryAttributesFile+0x193
0b 00007ffc`1ebffe14 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x25
0c 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffc`1ebffe14

Summarizing:
First, check the RAM memory with memtest86 + and the HD Tune HDD

Thank you so much for the detailed troubleshooting you've done. I got the gist of it overall and I will do these tests. Could you tell me why is it that i get BSODs only while playing this game which I bought legally but didn't face any issue with pirated version or with any other games and stress tests? I reinstalled this game too, but didn't solve the issue. Also, what could be the reason for sudden freezing of laptop with a constant buzzing noise from the speakers? This is happening with the same game too. Thanks once again.

magnetoeric said:

Thank you so much for the detailed troubleshooting you've done. I got the gist of it overall and I will do these tests. Could you tell me why is it that i get BSODs only while playing this game which I bought legally but didn't face any issue with pirated version or with any other games and stress tests? I reinstalled this game too, but didn't solve the issue. Also, what could be the reason for sudden freezing of laptop with a constant buzzing noise from the speakers? This is happening with the same game too. Thanks once again.

Maybe it's some coincidence? I have checked the raw stack and the intelppm.sys driver from the processor scrolls there

Code:

2: kd> !dpx
Start memory scan  : 0xffffd0877d03f368 ($csp)
End memory scan    : 0xffffd0877d040000 (Kernel Stack Base)

               rsp : 0xffffd0877d03f368 : 0xfffff80578bc4d69 : nt!KiBugCheckDispatch+0x69
0xffffd0877d03f368 : 0xfffff80578bc4d69 : nt!KiBugCheckDispatch+0x69
0xffffd0877d03f450 : 0xfffff80578d56c50 : nt!POP_ETW_EVENT_KERNEL_STRS
0xffffd0877d03f468 : 0xfffff80578b21511 : nt!EtwWriteEx+0xe1
0xffffd0877d03f4a8 : 0xfffff80578bc118e : nt!KiPageFault+0x44e
0xffffd0877d03f4b0 : 0x0000000000000000 :  Trap @ ffffd0877d03f4b0
0xffffd0877d03f4c8 : 0xfffff80578c96d2f : nt!KiHeteroChooseTargetProcessor+0x83
0xffffd0877d03f508 : 0xfffff80579471960 : hal!HalpApicRequestInterrupt
0xffffd0877d03f5a8 : 0xfffff80591967df3 : intelppm!GetCpcDifferentialFeedback+0x33
0xffffd0877d03f5d8 : 0xfffff80591961193 : intelppm!PerfReadWrappingCounter+0x33
0xffffd0877d03f5f8 : 0xfffff80578b27acf : nt!KiCheckForTimerExpiration+0x10f
0xffffd0877d03f630 : 0xffffd0877d03f648 : 0xfffff805794719f5 : hal!HalpApicRequestInterrupt+0x95
0xffffd0877d03f648 : 0xfffff805794719f5 : hal!HalpApicRequestInterrupt+0x95
0xffffd0877d03f678 : 0xfffff80578c96d2f : nt!KiHeteroChooseTargetProcessor+0x83
0xffffd0877d03f6a8 : 0xfffff80579471945 : hal!HalSendSoftwareInterrupt+0xa5
0xffffd0877d03f718 : 0xfffff80578ac45f6 : nt!KiDeferredReadyThread+0xf46
0xffffd0877d03f7d8 : 0xfffff80578ac5491 : nt!KiReadyThread+0x71
0xffffd0877d03f808 : 0xfffff80578ac87fa : nt!KiProcessThreadWaitList+0x9a
0xffffd0877d03f858 : 0xfffff80578ab77f4 : nt!KiProcessExpiredTimerList+0x2f4
0xffffd0877d03f948 : 0xfffff80578ab85a7 : nt!KiRetireDpcList+0x4a7
0xffffd0877d03fa28 : 0xfffff80591961580 : intelppm!AcpiCStateIdleCancel
0xffffd0877d03fb18 : 0xfffff80578bba60f : nt!SwapContext+0x1af
0xffffd0877d03fb58 : 0xfffff80578bb6ffa : nt!KiIdleLoop+0x5a

In other dump in raw stack i found network card driver afd.sys

Code:

2: kd> !dpx
Start memory scan  : 0xffff82857ee3f498 ($csp)
End memory scan    : 0xffff82857ee40000 (Kernel Stack Base)

               rsp : 0xffff82857ee3f498 : 0xfffff807205d3d69 : nt!KiBugCheckDispatch+0x69
0xffff82857ee3f498 : 0xfffff807205d3d69 : nt!KiBugCheckDispatch+0x69
0xffff82857ee3f4c0 : 0xfffff807204d3569 : nt!KiDeferredReadyThread+0xeb9
0xffff82857ee3f4c8 : 0xfffff807206a5d2f : nt!KiHeteroChooseTargetProcessor+0x83
0xffff82857ee3f598 : 0xfffff8072053ef43 : nt!PopPepProcessEvent+0xff
0xffff82857ee3f5d8 : 0xfffff807205d018e : nt!KiPageFault+0x44e
0xffff82857ee3f5e0 : 0xffffa684db8d4200 :  Trap @ ffff82857ee3f5e0
0xffff82857ee3f6c8 : 0xfffff807206a5d2f : nt!KiHeteroChooseTargetProcessor+0x83
0xffff82857ee3f6d8 : 0xfffff80720535588 : nt!PpmIdleExecuteTransition+0x9f8
0xffff82857ee3f748 : 0xfffff807204d3569 : nt!KiDeferredReadyThread+0xeb9
0xffff82857ee3f7b8 : 0xfffff807204c0000 : nt!MiSetReadOnlyOnSectionView+0x1c0
0xffff82857ee3f7d8 : 0xfffff8072047ff17 : nt!EtwTraceTimedEvent+0xe3
0xffff82857ee3f828 : 0xfffff807204d4491 : nt!KiReadyThread+0x71
0xffff82857ee3f858 : 0xfffff807204c6786 : nt!KiProcessExpiredTimerList+0x286
0xffff82857ee3f8a8 : 0xfffff805aba3bdf0 : afd!AfdTimeoutPoll
0xffff82857ee3f948 : 0xfffff807204c75a7 : nt!KiRetireDpcList+0x4a7
0xffff82857ee3fa20 : 0xfffff805aba3bdf0 : afd!AfdTimeoutPoll
0xffff82857ee3fb18 : 0xfffff807205c960f : nt!SwapContext+0x1af
0xffff82857ee3fb58 : 0xfffff807205c5ffa : nt!KiIdleLoop+0x5a

You trying update network card drivers? What kind of network card do you have?

axe0 said:

In my opinion, OEM drivers are preference, but if the vendor doesn't have any then drivers provided by Windows are fine.

Hmm, the drivers listed on OEM website are kinda old. That's the reason I always use driver manager to update them. I'll revert to previous drivers and check whether BSOD still occurs.

MrPepka said:

Maybe it's some coincidence? I have checked the raw stack and the intelppm.sys driver from the processor scrolls there

Code:

2: kd> !dpx
Start memory scan  : 0xffffd0877d03f368 ($csp)
End memory scan    : 0xffffd0877d040000 (Kernel Stack Base)

               rsp : 0xffffd0877d03f368 : 0xfffff80578bc4d69 : nt!KiBugCheckDispatch+0x69
0xffffd0877d03f368 : 0xfffff80578bc4d69 : nt!KiBugCheckDispatch+0x69
0xffffd0877d03f450 : 0xfffff80578d56c50 : nt!POP_ETW_EVENT_KERNEL_STRS
0xffffd0877d03f468 : 0xfffff80578b21511 : nt!EtwWriteEx+0xe1
0xffffd0877d03f4a8 : 0xfffff80578bc118e : nt!KiPageFault+0x44e
0xffffd0877d03f4b0 : 0x0000000000000000 :  Trap @ ffffd0877d03f4b0
0xffffd0877d03f4c8 : 0xfffff80578c96d2f : nt!KiHeteroChooseTargetProcessor+0x83
0xffffd0877d03f508 : 0xfffff80579471960 : hal!HalpApicRequestInterrupt
0xffffd0877d03f5a8 : 0xfffff80591967df3 : intelppm!GetCpcDifferentialFeedback+0x33
0xffffd0877d03f5d8 : 0xfffff80591961193 : intelppm!PerfReadWrappingCounter+0x33
0xffffd0877d03f5f8 : 0xfffff80578b27acf : nt!KiCheckForTimerExpiration+0x10f
0xffffd0877d03f630 : 0xffffd0877d03f648 : 0xfffff805794719f5 : hal!HalpApicRequestInterrupt+0x95
0xffffd0877d03f648 : 0xfffff805794719f5 : hal!HalpApicRequestInterrupt+0x95
0xffffd0877d03f678 : 0xfffff80578c96d2f : nt!KiHeteroChooseTargetProcessor+0x83
0xffffd0877d03f6a8 : 0xfffff80579471945 : hal!HalSendSoftwareInterrupt+0xa5
0xffffd0877d03f718 : 0xfffff80578ac45f6 : nt!KiDeferredReadyThread+0xf46
0xffffd0877d03f7d8 : 0xfffff80578ac5491 : nt!KiReadyThread+0x71
0xffffd0877d03f808 : 0xfffff80578ac87fa : nt!KiProcessThreadWaitList+0x9a
0xffffd0877d03f858 : 0xfffff80578ab77f4 : nt!KiProcessExpiredTimerList+0x2f4
0xffffd0877d03f948 : 0xfffff80578ab85a7 : nt!KiRetireDpcList+0x4a7
0xffffd0877d03fa28 : 0xfffff80591961580 : intelppm!AcpiCStateIdleCancel
0xffffd0877d03fb18 : 0xfffff80578bba60f : nt!SwapContext+0x1af
0xffffd0877d03fb58 : 0xfffff80578bb6ffa : nt!KiIdleLoop+0x5a

In other dump in raw stack i found network card driver afd.sys

Code:

2: kd> !dpx
Start memory scan  : 0xffff82857ee3f498 ($csp)
End memory scan    : 0xffff82857ee40000 (Kernel Stack Base)

               rsp : 0xffff82857ee3f498 : 0xfffff807205d3d69 : nt!KiBugCheckDispatch+0x69
0xffff82857ee3f498 : 0xfffff807205d3d69 : nt!KiBugCheckDispatch+0x69
0xffff82857ee3f4c0 : 0xfffff807204d3569 : nt!KiDeferredReadyThread+0xeb9
0xffff82857ee3f4c8 : 0xfffff807206a5d2f : nt!KiHeteroChooseTargetProcessor+0x83
0xffff82857ee3f598 : 0xfffff8072053ef43 : nt!PopPepProcessEvent+0xff
0xffff82857ee3f5d8 : 0xfffff807205d018e : nt!KiPageFault+0x44e
0xffff82857ee3f5e0 : 0xffffa684db8d4200 :  Trap @ ffff82857ee3f5e0
0xffff82857ee3f6c8 : 0xfffff807206a5d2f : nt!KiHeteroChooseTargetProcessor+0x83
0xffff82857ee3f6d8 : 0xfffff80720535588 : nt!PpmIdleExecuteTransition+0x9f8
0xffff82857ee3f748 : 0xfffff807204d3569 : nt!KiDeferredReadyThread+0xeb9
0xffff82857ee3f7b8 : 0xfffff807204c0000 : nt!MiSetReadOnlyOnSectionView+0x1c0
0xffff82857ee3f7d8 : 0xfffff8072047ff17 : nt!EtwTraceTimedEvent+0xe3
0xffff82857ee3f828 : 0xfffff807204d4491 : nt!KiReadyThread+0x71
0xffff82857ee3f858 : 0xfffff807204c6786 : nt!KiProcessExpiredTimerList+0x286
0xffff82857ee3f8a8 : 0xfffff805aba3bdf0 : afd!AfdTimeoutPoll
0xffff82857ee3f948 : 0xfffff807204c75a7 : nt!KiRetireDpcList+0x4a7
0xffff82857ee3fa20 : 0xfffff805aba3bdf0 : afd!AfdTimeoutPoll
0xffff82857ee3fb18 : 0xfffff807205c960f : nt!SwapContext+0x1af
0xffff82857ee3fb58 : 0xfffff807205c5ffa : nt!KiIdleLoop+0x5a

You trying update network card drivers? What kind of network card do you have?

I have intel wireless ac 9560 wireless adapter and realtek pcie gbe family controller ethernet adapter. Other than windows updating wireless driver, I used intel's driver assistant in addition.

Could you send me a full dump? I have some suspicion, but only in a full dump of memory I can confirm it

MrPepka said:

Could you send me a full dump? I have some suspicion, but only in a full dump of memory I can confirm it

I'm sorry, but I don't know how to collect full dump. Could you please share the necessary steps to do so? If i know how to do it, i will share it immediately. Thanks for your patience and I'm sorry for not responding quickly, since I've been a bit busy in real life :/

Edit: I've found a MEMORY.dmp in /windows/ directory. I'm sharing it right now.
https://drive.google.com/open?id=1E4...Fanrhuj27WI-r5