I'm using Bitdefender. It kept blocking the log collector when I ran it. Eventually, it found a .cab file in my temp files that it did not like, and quarantined it, describing the nature of the threat as "Atc4.Detection". Any thoughts?
Update: Attached output of DM Log Collector
Last edited by bcgirton; 01 Aug 2019 at 00:28.
1) Run DM log collector
BSOD - Posting Instructions
2) Uninstall Bitdefender using the applicable uninstall tool
Uninstall Bitdefender
How to uninstall Bitdefender from your Windows device
3) Make sure Windows defender is on
4) Run V2 log collector
5) If there are still problems then place the computer in safe mode and see if you can run V2 while in safe mode
Boot into Safe Mode on Windows 10
6) Open administrative command prompt and type or copy and paste:
7) sfc /scannow
8) dism /online /cleanup-image /restorehealth
9) chkdsk /scan
10) wmic recoveros set autoreboot = false
11) bcdedit /enum {badmemory}
12) When these have completed > right click on the top bar or title bar of the administrative command prompt box > left click on edit then select all > right click on the top bar again > left click on edit then copy > paste into the thread
Uninstalling BitDefender seems to have done the trick. The V2 log collector output is attached.
The V2 Log collector also needs to be provided for more comprehensive diagnostics. The one attached above is from the older DM Log collector.
What we can tell from the crash dumps so far is that you have run Driver Verifier which has detected a bad Intel Driver ISH.sys.
This is an old driver and may no longer be required. Do you have a sensor hub? ISH seems to be associated with this but I am not familiar with it. Remove or update.
I will look for the V2 file and upload ASAP; that computer is currently running a HDD test.
I have no experience with comprehending what WinDBG displays, but ish.sys seemed to have been flagged as suspicious after the Driver Verifier crash test. Offhand, I don't know what a "sensor hub" is. I gather that it's some kind of Intel hardware functionality, but there is no device called "sensor hub" visible in Device Manager. I will rename ish.sys to ish.bak, restart and see what happens. SFC /scannow did not show any system file issues, and a full system scan with Bitdefender did not pick up any malware other than that one temp file. It's not clear to me why ish.sys would suddenly go rogue after all these years and start writing into the kernel's address space. Cosmic rays, maybe - need to go back to wearing my aluminum foil hat.
- - - Updated - - -
V2 log collector zip file
From here: https://www.kernel.org/doc/Documenta...el-ish-hid.txt
Looks to be a newer feature in i7 processors - as my 2015 model doesn't have it. Should be part of the installed Intel Integrated Sensor Solution software.Intel Integrated Sensor Hub (ISH)
===============================
A sensor hub enables the ability to offload sensor polling and algorithm
processing to a dedicated low power co-processor. This allows the core
processor to go into low power modes more often, resulting in the increased
battery life.
Intel drivers are usually pretty stable. They may get corrupted (but a reinstall should fix that)
Could be that another driver is causing ish.sys to crash. To tell this, the easiest thing is to test as you are doing (rename ish.sys to ish.BAK) and see if that helps.
BIOS/UEFI dates from 2018 - please visit the HP support website for your model to download/install the latest BIOS update(s). While there it may be a good idea to update the Intel Chipset software also.
FYI - the stack text of the Verifier enabled memory dump shows a lot of stuff prior to the ISH.SYS driver.
Most often these are either bad addresses, or (more likely) stuff from user level programs that doesn't show in the limited amount of data in a minidump. Even less likely is that it is caused by a hardware problem (but still a possibility) The inference here is that (most likely) a user level program may have made a bad call that ended up in ISH.SYS crashing.
Older drivers (need to be updated or their programs uninstalled (if they're not critical)):
Less old, but still old:Code:teamviewervpn.sys Thu Dec 13 04:22:09 2007 (4760F9C1) TeamViewerVPN Network Adapter http://www.teamviewer.com/en/download/windows.aspx[br][br]http://www.teamviewer.com/download/teamviewer_manual.pdf [/url] DDCDrv.sys Tue Apr 8 03:50:11 2008 (47FB23B3) Nicomsoft Ltd WINI2C-DDC Kernel Mode Library Driver (also may be included with Lacie's BlueEye Pro Driver) Trial version available here: WinI2C DDC - Access I2C bus of video card: DDC/CI protocol, EDID [br] May be available from LaCie here: LaCie Microsoft.Bluetooth.AvrcpTransport.sys Tue May 13 16:54:46 2008 (482A0016) [color=#777777]Microsoft.Bluetooth.AvrcpTransport.sys Please search Google/Bing for the driver if additional information is needed. umpass.sys Wed May 12 03:53:37 2010 (4BEA5E81) Generic pass-through driver Windows Update vwifibus.sys Tue Feb 14 21:47:58 2012 (4F3B1CDE) Virtual WiFi Bus Driver Windows Update WindowsTrustedRTProxy.sys Sat Mar 23 18:43:47 2013 (514E3023) Windows Trusted RunTime Service Proxy driver Windows Update iaStorA.sys Wed Jul 22 04:42:17 2015 (55AF5769) Intel RST (Rapid Storage Technology) driver Drivers & Software XP HID_PCI.sys Sun Oct 25 04:14:41 2015 (562C8F71) HID_PCI.sys - Please search Google/Bing for the driver if additional information is needed. ISH.sys Sun Nov 1 09:31:59 2015 (5636225F) [color=#777777]ISH.sys - Please search Google/Bing for the driver if additional information is needed. ISH_BusDriver.sys Sun Nov 8 07:17:51 2015 (563F3D6F) ISH Bus driver Likely OEM ONLY - Samsung[br][br]Windows 10 - SCCM package for Windows 10 (64-bit) (Version 1709, 1803, 1809, 1903) - ThinkPad 10 (Types 20E3, 20E4) - US[br][br]Windows 8.1 - SCCM Package for Windows 8.1 (64-bit) - ThinkPad 10 (Types: 20E3, 20E4) - US
Start by using the HP Support Assistant to update the system.Code:IntcAudioBus.sys Thu Apr 21 10:24:15 2016 (5718E28F) IntcOED.sys Thu Apr 21 10:25:57 2016 (5718E2F5) vmci.sys Sat Jun 4 04:08:00 2016 (57528C60) vsock.sys Wed Jun 22 04:09:14 2016 (576A47AA) RtsPer.sys Thu Aug 4 05:11:14 2016 (57A306B2) hcmon.sys Thu Aug 18 01:43:53 2016 (57B54B19) VirtualButtons.sys Thu Oct 27 16:58:02 2016 (58126A5A) VMNET.SYS Tue Dec 20 23:20:48 2016 (585A0320) vmnetuserif.sys Tue Dec 20 23:20:52 2016 (585A0324) vmnetadapter.sys Tue Dec 20 23:20:52 2016 (585A0324) vmnetbridge.sys Tue Dec 20 23:20:53 2016 (585A0325) WMILIB.SYS Thu Apr 27 12:37:17 2017 (59021E3D) IntcDAud.sys Tue May 2 10:07:08 2017 (5908928C) CHDRT64.sys Tue May 16 06:06:45 2017 (591ACF35) vmx86.sys Tue Jun 13 23:37:50 2017 (5940AF8E) uimbus.sys Tue Sep 12 08:50:41 2017 (59B7D821) uimdevim.sys Tue Sep 12 08:50:42 2017 (59B7D822) igdkmd64.sys Mon Oct 2 15:32:54 2017 (59D29466) TeeDriverW8x64.sys Sun Nov 19 06:39:59 2017 (5A116D8F) ibtusb.sys Tue Dec 5 23:53:12 2017 (5A2777B8) SynTP.sys Fri Jun 15 22:39:51 2018 (5B247877) Smb_driver_Intel.sys Fri Jun 15 22:45:08 2018 (5B2479B4) Netwtw04.sys Mon Sep 3 06:17:21 2018 (5B8D0A31)
Once that's done, then start checking to see if the drivers on the HP support website for your model are more current (if so, install them). NOTE: to update Microsoft Windows drivers - visit Windows Update. If it doesn't update them, then they don't need updating.
Good luck!
The BIOS: Version/Date American Megatrends Inc. F.52, 11/16/2018
Upgrade the BIOS: F.52 > F.53 Rev.A
https://support.hp.com/us-en/drivers...-1?sku=N5S04UA
Post a share link for the memory dump using one rive, drop box, or google drive:
Code:Crash dump found at C:\WINDOWS\MEMORY.DMP Creation date: 08/01/2019 12:27:13 Size on disk: 793 MB
Thanks so much for all the thoughtful advice, philc43 and jdc1!
I changed the security settings on the \windows\system32\ copy of ish.sys and renamed it to ish.sys.bak. I also renamed about 10 other copies I found in various folders in c:\swsetup\ and in c:\windows\. I rebooted, and there were no error messages or crashes (yet). I was thinking of running Driver Verifier again to see if it would crash under stress.
For some reason, HP Support Assistant does not recognize any need for any update.
Thanks for the link and the help, zbook. While trying to find some reference to ISH.SYS earlier today, I noticed that recent BIOS update, but did not do anything with it. I will install that soon. Meantime, here is the link to the memory dump folder on Dropbox: Dropbox - memory dump 08-01-19 - Simplify your life
It's not unusual for HP's Support Assistant not to identify updates.
In most cases (on a freshly repaired system) we don't find it necessary.
BUT, in cases like this (where problems exist), I suggest going through the list of all updates on the HP support site for your model and installing any/all that need updating.
As for Driver Verifier:
- installing the stuff from HP will likely reinstall ISH.SYS - so watch for it.
- the purpose of Driver Verifier is to stress drivers to the point where an unstable driver will crash to a BSOD. Then it's up to the dump collection mechanism's built into Windows to catch that. There's plenty that can go wrong with the process (see this link for a brief description of the process: BSOD Crash Dump Generation )
So, even in verifier, another event (driver/software) can cause ISH.SYS to crash.
Running verifier again (with ISH.SYS renamed to ISH.SYS.BAK) may reveal other drivers.
BUT, this can also be chasing a needle in a haystack - with verifier crashing repeatedly until it's identified everything on the system (or so it seems) to be at fault.
Perhaps someone with more skill than I can massage the large Memory Dump (that you uploaded to DropBox) and will find some other evidence of the cause of the crash. (by tracing the stack back to determine the stuff that faults prior to ISH.SYS)
Good luck!
When available please post the results for post #2 steps 6 > 12.
Quote