Solved "PFN_LIST_CORRUPT" BSOD on new build

[agentsmith24]

Hello,

I just finished reinstalling Windows 7 x64 on a computer I built, and I got a new BSOD message. The .dmp file is attached. I've ran memtest for several passes, no errors. I just did a clean install yesterday, and updated all the drivers and programs today. I'm not sure how to read the .dmp file, can somebody decipher what's going on?

Thanks in advance!

EDIT: Added SF diagnostic file.

 

[YoYo155]

Welcome, please follow the http://www.sevenforums.com/bsod-help-support/96879-blue-screen-death-bsod-posting-instructions.html .

 

[agentsmith24]

Original post edited.

 

[x BlueRobot]

[COLOR=Red]BugCheck 4E[/COLOR], {[COLOR=Blue]99[/COLOR], [COLOR=SeaGreen]32531f[/COLOR], 5, 0}

Probably caused by : [COLOR=Red]memory_corruption[/COLOR] ( nt!MiBadShareCount+4c )

6: kd> [COLOR=SeaGreen]!stack[/COLOR]
Call Stack : [COLOR=Red]11 frames[/COLOR]
## Stack-Pointer    Return-Address   Call-Site       
00 fffff8800ae11938 fffff80002f20a0c nt!KeBugCheckEx+0 
01 fffff8800ae11940 fffff80002e3dea2 [COLOR=Red]nt!MiBadShareCount[/COLOR]+4c 
02 fffff8800ae11980 fffff80002e61773 [COLOR=Red]nt!MiDeletePfnList[/COLOR]-250ce (perf)
03 fffff8800ae11a10 fffff80002e62842 [COLOR=Red]nt!MiDeleteAddressesInWorkingSet[/COLOR]+307 
04 fffff8800ae122c0 fffff80003167a2a [COLOR=Red]nt!MmCleanProcessAddressSpace[/COLOR]+96 
05 fffff8800ae12310 fffff8000314db3d nt!PspExitThread+56a 
06 fffff8800ae12410 fffff80002e846da nt!PsExitSpecialApc+1d 
07 fffff8800ae12440 fffff80002e84a20 nt!KiDeliverApc+2ca 
08 fffff8800ae124c0 fffff80002e90eb7 nt!KiInitiateUserApc+70 
09 fffff8800ae12600 00000000772211d6 nt!KiSystemServiceExit+9c

The system seemed to have crashed, as a result of a Bad Share Count, the Share Count is the number of PTE's which correspond to that physical page within the PFN database. This dump file may be difficult to analyse fully, since the !pfn extension can't be used, since the information used by this extension was most likely paged out or not retained at the time of the crash.

The last few frames of the stack seem to be the most relevant, a process was probably closed, and the process object associated with it was deleted since the reference count dropped to 0. The object's pool was probably freed, and the working set pages were also freed. I'm guessing a problem occurred between the PTE's being cleared up properly, and the PFN database.

Run Driver Verifier to scan for any corrupted drivers which may be causing problems, this program works by running various stress tests on drivers, in order to produce a BSOD which will locate the driver; run for least 24 hours:

• http://www.sevenforums.com/tutorials/101379-driver-verifier-enable-disable.html

   Information

Additional Help - http://www.sevenforums.com/crash-lo...-driver-verifier-identify-issues-drivers.html

 

[x BlueRobot]

If your interested, or any other debuggers are interested, the MmCleanProcessAddressSpace most likely works the same way in Windows as it does with ReactOS, since ReactOS was built upon the NT specification.

Development | www.reactos.org

 

[agentsmith24]

Thanks. Just had another crash while I was eating dinner so I didn't see the bsod code. Here is the dmp file it produced. I'll going to run driver verifier after this.

 

[x BlueRobot]

[COLOR="Red"]BugCheck 1000007E[/COLOR], {[COLOR="SeaGreen"]ffffffffc0000005[/COLOR], fffff80002ecca1f, fffff880033d26b8, fffff880033d1f10}

*** WARNING: Unable to verify timestamp for win32k.sys
*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
Probably caused by : ntkrnlmp.exe ( nt!KiSwapContext+f )

fffff880033d26b8 -- ([COLOR="SeaGreen"].exr 0xfffff880033d26b8[/COLOR])
ExceptionAddress: fffff80002ecca1f (nt!KiSwapContext+0x000000000000000f)
   ExceptionCode: [COLOR="Blue"]c0000005 (Access violation)[/COLOR]
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 0000000000000000
   Parameter[1]: 0000000000000000
Attempt to read from address [COLOR="Red"]0000000000000000[/COLOR]

2: kd> [COLOR="SeaGreen"]k[/COLOR]
 # Child-SP          RetAddr           Call Site
00 fffff880`033d28f8 fffff800`02ebf5d2 [COLOR="Red"]nt!KiSwapContext[/COLOR]+0xf
01 fffff880`033d2a38 fffff800`02ed099f nt!KiCommitThreadWait+0x1d2
02 fffff880`033d2ac8 fffff800`02fa8bd9 nt!KeWaitForSingleObject+0x19f
03 fffff880`033d2b68 fffff880`03179040 nt!ExUnregisterCallback+0x139
04 fffff880`033d2bd8 00000000`00000000 0xfffff880`03179040

2: kd> [COLOR="SeaGreen"]!irql[/COLOR]
Debugger saved IRQL for processor 0x2 -- 2 (DISPATCH_LEVEL)

The system seemed to have crashed, as a result of a illegal context switch, the IRQL Level was too high for context switches to be used.

 

[agentsmith24]

The system seemed to have crashed, as a result of a illegal context switch, the IRQL Level was too high for context switches to be used.

What does this mean?

 

[agentsmith24]

So I ran verifier.exe and it caused all kinds of havoc. I got a LOT of crashes, was unable to boot into windows about a dozen times, and when I could, it usually caused the whole screen to turn into a blurred mass of colors and freeze the computer (video card error?). Once it froze in BIOS. I've attached a newer SF log again. Some of the BSOD codes I got were "IRQL_NOT_LESS_OR_EQUAL" and "Attempt was made to write to read-only memory". These happened on boot and prevented me getting into windows. I managed to boot into safe mode somehow, which is where I'm at now. I disabled the settings on driver verifier, but I don't think that fixed anything.

 

[x BlueRobot]

[COLOR="Red"]BugCheck BE[/COLOR], {[COLOR="SeaGreen"]fffff900003bad24[/COLOR], 80000003fea00021, fffff8800b223050, b}

Probably caused by : win32k.sys ( win32k!AllocateObject+dd )

The only problem with using Minidumps, is most of the extensions and commands do not give the desired information, since either the stack trace was right at the end of the crash, or the information was paged out. The !pte would have be another useful extension.

5: kd> [COLOR="SeaGreen"]k[/COLOR]
Child-SP          RetAddr           Call Site
fffff880`0b222ee8 fffff800`02ef77b6 nt!KeBugCheckEx
fffff880`0b222ef0 fffff800`02e77cae nt! ?? ::FNODOBFM::`string'+0x44cde
fffff880`0b223050 fffff800`02e7bde0 nt!KiPageFault+0x16e
fffff880`0b2231e8 fffff800`02e9940c [COLOR="Red"]nt!memset[/COLOR]+0x50
fffff880`0b2231f0 fffff800`02e9baf1 nt!RtlSetBits+0x8c
fffff880`0b223220 fffff800`02faaf86 nt!MiAllocatePagedPoolPages+0x325
fffff880`0b223340 fffff800`02e999b0 nt!MiAllocatePoolPages+0x906
fffff880`0b223480 fffff800`02fae43e [COLOR="Red"]nt![/COLOR][COLOR="Red"]ExpAllocateBigPool[/COLOR]+0xb0
fffff880`0b223570 fffff960`000e4dfd nt!ExAllocatePoolWithTag+0x82e
fffff880`0b223660 fffff960`000e64b6 [COLOR="Red"]win32k!AllocateObject[/COLOR]+0xdd
fffff880`0b2236a0 fffff960`000bd1d0 win32k!SURFMEM::bCreateDIB+0x38a
fffff880`0b223790 fffff960`000bcd4a win32k!hsurfCreateCompatibleSurface+0x3bc
fffff880`0b223860 fffff800`02e78e13 win32k!GreCreateCompatibleBitmap+0x26e
fffff880`0b223940 00000000`73e22e09 nt!KiSystemServiceCopyEnd+0x13
00000000`000d9a88 fffff800`02e711d0 0x73e22e09
fffff880`0b223b20 00000000`00000000 nt!KiCallUserMode

Looking at the stack trace, a new graphics related object was created, and then allocated with paged pool. The allocation was most likely using large pool pages (> 4KB). The problem seemed to have happened on this stack frame:

5: kd> [COLOR="SeaGreen"].frame 3[/COLOR]
03 fffff880`0b2231e8 fffff800`02e9940c nt!memset+0x50

[COLOR="SeaGreen"].trap 0xfffff8800b223050[/COLOR]
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffff900003bad24 rbx=0000000000000000 rcx=fffff900003bad24
rdx=ffffffffffffffff rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002e7bde0 rsp=fffff8800b2231e8 rbp=fffff80002e04000
 r8=0000000000000000  r9=0000000000000006 r10=fffff8800426cbd0
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl nz na po nc
[COLOR="Blue"]nt!memset+0x50[/COLOR]:
fffff800`02e7bde0 488911          mov     qword ptr [rcx],rdx ds:fffff900`003bad24=ffffffffffffffff

The memset function call, fills the specified number of bytes of memory with data, and since this memory region was read-only, the system bugchecked with the current stop code.

Unfortunately, Driver Verifier wasn't able to pinpoint a driver, however, since the functions being called and causing exceptions are related to graphics. I would suggest you update to the latest WHQL driver of your graphics card driver.

 

[agentsmith24]

I've updated the graphics card driver to the latest version, and everything seemed to be running fine until just now, random BlueScreen (just browsing internet, nothing graphics-intensive). I attached the SF diagnostics log again. Thank you for your help so far x BlueRobot!

 

[x BlueRobot]

Debugging Analysis:

[COLOR=Red]BugCheck 1E[/COLOR], {0, 0, 0, 0}

Probably caused by : ntkrnlmp.exe ( nt!KiKernelCalloutExceptionHandler+e )

fffff88002f8da08 -- ([COLOR=SeaGreen].exr 0xfffff88002f8da08[/COLOR])
ExceptionAddress: fffff80002e7b850 (nt!KiIdleLoop+0x0000000000000020)
   ExceptionCode: [COLOR=Blue]c0000096[/COLOR]
  ExceptionFlags: 00000000
NumberParameters: 0

2: kd> [COLOR=SeaGreen]!error c0000096[/COLOR]
Error code: (NTSTATUS) 0xc0000096 (3221225622) - {EXCEPTION}  Privileged instruction.

Okay, the nt!KiIdleLoop function call has executed a privileged instruction (Kernel Mode or Ring 0) in User Mode or Ring 3, which then resulted in the invalid operation code exception being raised and the exception handler interrupting the thread.

2: kd> [COLOR=SeaGreen]k[/COLOR]
Child-SP          RetAddr           Call Site
fffff880`02f8cae8 fffff800`02e7b57e nt!KeBugCheck
fffff880`02f8caf0 fffff800`02eae75d nt!KiKernelCalloutExceptionHandler+0xe
fffff880`02f8cb20 fffff800`02ead535 [COLOR=Red]nt!RtlpExecuteHandlerForException[/COLOR]+0xd
fffff880`02f8cb50 fffff800`02ebe4e1 nt!RtlDispatchException+0x415
fffff880`02f8d230 fffff800`02e83202 nt!KiDispatchException+0x135
fffff880`02f8d8d0 fffff800`02e8135f nt!KiExceptionDispatch+0xc2
fffff880`02f8dab0 fffff800`02e7b850 [COLOR=Red]nt!KiInvalidOpcodeFault[/COLOR]+0x11f
fffff880`02f8dc40 00000000`00000000 [COLOR=Red]nt!KiIdleLoop[/COLOR]+0x20

2: kd> [COLOR=SeaGreen]r[/COLOR]
Last set context:
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000000
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002e7b850 rsp=fffff88002f8dc40 rbp=0000000000000000
 r8=fffffa800c6e1bb8  r9=0000000000000000 r10=fffffffffffffffb
r11=fffff88002f65101 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
[COLOR=Orange]iopl=0[/COLOR]         nv up di pl zr na po nc
[COLOR=Red]cs=0010[/COLOR]  ss=0018  ds=0000  es=0000  fs=0000  gs=0000             efl=00010046
nt!KiIdleLoop+0x20:
fffff800`02e7b850 440f22c1        [COLOR=Blue]mov[/COLOR]     [COLOR=Red]cr8[/COLOR],[COLOR=Orange]rcx[/COLOR]

The last instruction which was called, was a simply copy some data from the cr8 register to the rcx register, this doesn't seem to be the problem. We need to disassemble the instruction to find more.

2: kd> [COLOR=SeaGreen]u nt!KiIdleLoop+0x20[/COLOR]
nt!KiIdleLoop+0x20:
fffff800`02e7b850 440f22c1        mov     cr8,rcx
fffff800`02e7b854 488bcb          mov     rcx,rbx
fffff800`02e7b857 e884090100      call    nt!PoIdle (fffff800`02e8c1e0)
fffff800`02e7b85c fb              [COLOR=Blue]sti[/COLOR] <-- Problem may be here?
fffff800`02e7b85d b902000000      mov     ecx,2
fffff800`02e7b862 440f22c1        mov     cr8,rcx
fffff800`02e7b866 80630700        and     byte ptr [rbx+7],0
fffff800`02e7b86a 803d41f9230000  cmp     byte ptr [nt!HvlEnableIdleYield (fffff800`030bb1b2)],0

The IOPL (I/O Privilege Level has been set to 0), and therefore once this has been set, the sti instruction can only be called from Ring 0. I believe this instruction sets interrupts to true.

I know, the cs segment register contains the CPL (Current Privilege Level), which is supposedly the last two bits, but I'm not sure wherever this can be dumped properly. It was probably running at Ring 3, which would have caused the crash.

2: kd> [COLOR=SeaGreen].formats 0010[/COLOR]
Evaluate expression:
  Hex:     00000000`00000010
  Decimal: [COLOR=Red]16[/COLOR] <-- 16 bits
  Octal:   0000000000000000000020
  Binary:  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00010000
  Chars:   ........
  Time:    Thu Jan 01 00:00:16 1970
  Float:   low 2.24208e-044 high 0
  Double:  7.90505e-323

##############################################
##############################################

I looked through the raw stack, and noticed a few drivers:

2: kd> [COLOR=SeaGreen]lmvm athrx[/COLOR]

start             end                 module name
fffff880`04c08000 fffff880`04fcf000   athrx    T (no symbols)           
    Loaded symbol image file: athrx.sys
    Image path: \SystemRoot\system32\DRIVERS\athrx.sys
    Image name: athrx.sys
    Timestamp:        [COLOR=Red]Thu Oct 25 03:31:15 2012[/COLOR] (5088A473)
    CheckSum:         003AF186
    ImageSize:        003C7000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4

Your Atheros network adapter driver seems to be outdated and potentially causing problems, please update the driver from here - ATHEROS drivers for Microsoft Windows (Atheros?????)

MSINFO32 seems to point to this model - Qualcomm Atheros AR946x Wireless Network Adapter

You may need to check your motherboard or model support page too.

2: kd> [COLOR=SeaGreen]lmvm iusb3xhc[/COLOR]
Browse full module list
start             end                 module name
fffff880`0f000000 fffff880`0f0c3000   iusb3xhc T (no symbols)           
    Loaded symbol image file: iusb3xhc.sys
    Image path: \SystemRoot\system32\DRIVERS\iusb3xhc.sys
    Image name: iusb3xhc.sys
    Timestamp:        [COLOR=Red]Fri Mar 29 12:36:19 2013[/COLOR] (51558AC3)
    CheckSum:         000C59AC
    ImageSize:        000C3000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4

Your Intel(R) USB 3.0 eXtensible Host Controller Driver seems to be causing problems, check for updates or roll back to a previous driver. Check your motherboard or model support page too.

2: kd> [COLOR=SeaGreen]lmvm atikmdag[/COLOR]

start             end                 module name
fffff880`0f0c5000 fffff880`0fdb2000   atikmdag T (no symbols)           
    Loaded symbol image file: atikmdag.sys
    Image path: \SystemRoot\system32\DRIVERS\atikmdag.sys
    Image name: atikmdag.sys
    Timestamp:       [COLOR=Red] Thu Nov 07 16:47:15 2013[/COLOR] (527BC413)
    CheckSum:         00CA43A7
    ImageSize:        00CED000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4

Your also seem to have updated to the Beta driver, and not the WHQL driver.

WHQL
Release Date: September 18th 2013
Version: 13.9
In Device Manager: 13.152

 

[agentsmith24]

I went to this page and entered my information (z-87-pro, Win7 64 bit). The wifi driver is the latest they have on there (V10.0.0.216) and I have the Intel USB 3.0 driver (added the ASmedia_u3_fw_update). I found the WHQL video card driver on this page but I'm not sure what I need to disable/uninstall so there isn't a conflict with the existing drivers. Do you know?
http://support.asus.com/Download.aspx?SLanguage=en&m=Z87-PRO&p=1&s=45

 

[x BlueRobot]

It should just install over the other version of the driver, but you could remove the current driver and then install it.

 

[agentsmith24]

A couple more issues today. Back to back bluescreens with error codes system_service_exception and then bad_pool_header.

 

[x BlueRobot]

[COLOR="Red"]BugCheck 19[/COLOR], {[COLOR="Blue"]3[/COLOR], [COLOR="SeaGreen"]fffffa801094d6c0[/COLOR], fffffa801094d6c0, fffffa801095d6c0}

Probably caused by : [COLOR="Red"]Pool_Corruption[/COLOR] ( nt!ExDeferredFreePool+cbb )

3: kd> [COLOR="SeaGreen"]!pool fffffa801094d6c0[/COLOR]
GetPointerFromAddress: unable to read from fffff800030b8100
Pool page fffffa801094d6c0 region is GetUlongFromAddress: unable to read from fffff800030b81c0
Nonpaged pool
 fffffa801094d000 size:  510 previous size:    0  (Allocated)  Thre (Protected)
 fffffa801094d510 size:   40 previous size:  510  (Allocated)  WfpH
 fffffa801094d550 size:   90 previous size:   40  (Allocated)  Vad 
 fffffa801094d5e0 size:   d0 previous size:   90  (Allocated)  CcBc
[COLOR="Red"]*fffffa801094d6b0 size:   20 previous size:   d0  (Free)      *Ntfi[/COLOR]
		Pooltag Ntfi : IRP_CONTEXT, Binary : ntfs.sys
 fffffa801094d6d0 size:   80 previous size:   20  (Free )  SeTl
 fffffa801094d750 size:   80 previous size:   80  (Free )  smMd
 fffffa801094d7d0 size:   b0 previous size:   80  (Free)       smMd
 fffffa801094d880 size:   50 previous size:   b0  (Allocated)  VadS
 fffffa801094d8d0 size:   90 previous size:   50  (Allocated)  Vad 
 fffffa801094d960 size:   d0 previous size:   90  (Allocated)  CcBc
 fffffa801094da30 size:   d0 previous size:   d0  (Allocated)  CcBc
 fffffa801094db00 size:   20 previous size:   d0  (Free)       ViMm
 fffffa801094db20 size:  3b0 previous size:   20  (Allocated)  Irp 
 fffffa801094ded0 size:   90 previous size:  3b0  (Allocated)  Vad 
 fffffa801094df60 size:   20 previous size:   90  (Free)       Io  
 fffffa801094df80 size:   80 previous size:   20  (Allocated)  Even (Protected)

The pool page doesn't seem corrupt itself, it's rather the pool freelist is corrupt. The pool freelist is a doubly linked list used to be track of pool allocations. The !poolval extension further illustrates my point.

3: kd> [COLOR="SeaGreen"]!poolval fffffa801094d6c0[/COLOR]
Pool page fffffa801094d6c0 region is Nonpaged pool

Validating Pool headers for pool page: fffffa801094d6c0

Pool page [ fffffa801094d000 ] is [COLOR="Red"]VALID[/COLOR].

As a side note, I managed to find out how to view the privilege field contained within the cs register.

Arguments:
Arg1: 0000000000000003, the pool freelist is corrupt.
Arg2: fffffa801094d6c0, the pool entry being checked.
Arg3: fffffa801094d6c0, the read back flink freelist value (should be the same as 2). <-- Forward Link
Arg4: fffffa80109[COLOR="Red"]5[/COLOR]d6c0, the read back blink freelist value (should be the same as 2). <-- Backwards Link

Notice a single bit is corrupt, a link should always point to the next entry and the previous entry. This may be due to very acute problems with drivers or can be hardware.

View attachment 294057

Run Driver Verifier to scan for any corrupted drivers which may be causing problems, this program works by running various stress tests on drivers, in order to produce a BSOD which will locate the driver; run for least 24 hours:

• http://www.sevenforums.com/tutorials/101379-driver-verifier-enable-disable.html

   Information

Additional Help - http://www.sevenforums.com/crash-lo...-driver-verifier-identify-issues-drivers.html

Select Individual Settings, and select all the options, apart from the Low Resources Simulation.

 

[agentsmith24]

Ok, so I ran Driver Verifier, and had some interesting problems. Every time I checked, it had crashed like this: http://i.imgur.com/Qyoqnk8.jpg
This happened without warning, usually within a few minutes of login. It would stay like that until I rebooted, then proceed to do the same thing. I have disabled Verifier now so I can post this. I don't know if it actually Bluescreen'd at all, but I created the attached log files anyways.

 

[x BlueRobot]

That's quite a common problem with Driver Verifier, and it does it seem to have crashed quite a few problems actually.

[COLOR=Red]BugCheck A[/COLOR], {3, 2, 0, fffff80002e86d49}

Probably caused by : ntkrnlmp.exe ( nt!KiInsertTimerTable+189 )

0: kd> [COLOR=SeaGreen]lmvm athrx[/COLOR]

start             end                 module name
fffff880`04806000 fffff880`04bcd000   athrx    T (no symbols)           
    Loaded symbol image file: athrx.sys
    Image path: \SystemRoot\system32\DRIVERS\athrx.sys
    Image name: athrx.sys
    Timestamp:        [COLOR=Red]Thu Oct 25 03:31:15 2012[/COLOR] (5088A473)
    CheckSum:         003AF186
    ImageSize:        003C7000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4

I would roll back to an earlier version of this driver if available, and I know since Qualcomm took over Atheros their drivers haven't been the best.

[COLOR="Red"]BugCheck 3B[/COLOR], {[COLOR="SeaGreen"]c0000005[/COLOR], [COLOR="Blue"]fffff80002ecce94[/COLOR], [COLOR="SeaGreen"]fffff88006af8d60[/COLOR], 0}

Probably caused by : ntkrnlmp.exe ( nt!SwapContext_PatchXRstor+0 )

2: kd> [COLOR="SeaGreen"]!error 0xc0000005[/COLOR]
Error code: (NTSTATUS) 0xc0000005 (3221225477) - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

nt!SwapContext_PatchXRstor+0
[COLOR="Blue"]fffff800`02ecce94[/COLOR] 0fae29          [COLOR="Orange"]xrstor[/COLOR]  [[COLOR="SeaGreen"]rcx[/COLOR]]

The xrstor instruction seems to be causing problems here, and the memory address which it referenced was stored in the rcx register. The xrstor instruction is used to restore the processor from a extended processor state.

A General Protection Fault can arise if the memory address is not aligned on a 64-byte boundary. x64 and x86 modes.

 

[agentsmith24]

Ok I've installed a newer version of the athrx driver (version 10.0.0.255 replacing 10.0.0.216 I think) since I didn't have an older one to roll back on. Before I had a chance to do that however, it bluescreen'd at least twice again, attached are the files related to that.

EDIT: It happened again after updating that driver, SYSTEM_SERVICE_EXCEPTION. The _new .zip is the diagnostic files from after that.

 

[agentsmith24]

Ran Windows memory diagnostic for 2 passes with all optional tests just because, it didn't find anything. Shortly after that I had another crash, attached are yet more diagnostic files.