This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 50%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
I am getting this on the windows debugger any help would be appreciated.
Microsoft (R) Windows Debugger Version 10.0.25136.1001 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\WINDOWS\MEMORY.DMP]
Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.
Dump completed successfully, progress percentage: 100
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 22000 MP (16 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Edition build lab: 22000.1.amd64fre.co_release.210604-1628
Machine Name:
Kernel base = 0xfffff8041d400000 PsLoadedModuleList = 0xfffff8041e0297b0
Debug session time: Sun Sep 4 17:48:12.975 2022 (UTC - 5:00)
System Uptime: 0 days 0:08:15.609
Loading Kernel Symbols
...............................................................
................................................................
................................................................
................
Loading User Symbols
PEB is paged out (Peb.Ldr = 0000005c55d51018). Type ".hh dbgerr001" for details Loading unloaded module list .......... For analysis of this file, run !analyze -v nt!KeBugCheckEx: fffff8041d81acf0 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:fffffc03`c3cca3a0=0000000000000050
11: kd> !analyze -v
**
Bugcheck Analysis
**
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except.
Typically the address is just plain bad or it is pointing at freed memory.
Arguments:
Arg1: fffff8041db3d456, memory referenced.
Arg2: 0000000000000003, X64: bit 0 set if the fault was due to a not-present PTE.
bit 1 is set if the fault was due to a write, clear if a read.
bit 3 is set if the processor decided the fault was due to a corrupted PTE.
bit 4 is set if the fault was due to attempted execute of a no-execute PTE.
- ARM64: bit 1 is set if the fault was due to a write, clear if a read.
bit 3 is set if the fault was due to attempted execute of a no-execute PTE.
Arg3: fffff8041d68cd46, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000002, (reserved)
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : AV.PTE
Value: Valid
Key : AV.Type
Value: Write
Key : Analysis.CPU.mSec
Value: 2890
Key : Analysis.DebugAnalysisManager
Value: Create
Key : Analysis.Elapsed.mSec
Value: 4445
Key : Analysis.Init.CPU.mSec
Value: 937
Key : Analysis.Init.Elapsed.mSec
Value: 18096
Key : Analysis.Memory.CommitPeak.Mb
Value: 90
Key : Bugcheck.Code.DumpHeader
Value: 0x50
Key : Bugcheck.Code.KiBugCheckData
Value: 0x50
Key : Bugcheck.Code.Register
Value: 0x50
Key : Dump.Attributes.AsUlong
Value: 1000
Key : WER.OS.Branch
Value: co_release
Key : WER.OS.Timestamp
Value: 2021-06-04T16:28:00Z
Key : WER.OS.Version
Value: 10.0.22000.1
FILE_IN_CAB: MEMORY.DMP
DUMP_FILE_ATTRIBUTES: 0x1000
BUGCHECK_CODE: 50
BUGCHECK_P1: fffff8041db3d456
BUGCHECK_P2: 3
BUGCHECK_P3: fffff8041d68cd46
BUGCHECK_P4: 2
WRITE_ADDRESS: fffff8041db3d456
MM_INTERNAL_CODE: 2
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
PROCESS_NAME: Dell.TechHub.Instrumentation.SubAgent.exe
TRAP_FRAME: fffffc03c3cca640 -- (.trap 0xfffffc03c3cca640)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffff8041db3d486 rbx=0000000000000000 rcx=fffff8041db3d486
rdx=ffffc6090ed8dae0 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8041d68cd46 rsp=fffffc03c3cca7d0 rbp=fffffc03c3ccab60
r8=d707962d36b0fffe r9=fffff8041d400000 r10=0000fffff8041d00
r11=ffffd7079a311b40 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
nt!ObfDereferenceObject+0x26:
fffff8041d68cd46 f0480fc15ed0 lock xadd qword ptr [rsi-30h],rbx ds:ffffffffffffffd0=????????????????
Resetting default scope
STACK_TEXT:
fffffc03c3cca398 fffff8041d8ad7d9 : 0000000000000050 fffff8041db3d456 0000000000000003 fffffc03c3cca640 : nt!KeBugCheckEx
fffffc03c3cca3a0 fffff8041d6ae096 : 0000000000000000 0000000000000003 fffffc03c3cca5a0 0000000000000000 : nt!MiSystemFault+0x1c8c09
fffffc03c3cca4a0 fffff8041d8299f5 : 0000000001d961d8 ffffc60924370080 0000000000000000 fffff8041db28939 : nt!MmAccessFault+0x2a6
fffffc03c3cca640 fffff8041d68cd46 : ffffc6090ed8dae0 fffff8041deaf001 00000000746c6644 fffffc03c3cca800 : nt!KiPageFault+0x335
fffffc03c3cca7d0 fffff8041db3d799 : 00000000c0000008 0000005c56b7d8d8 0000000000000000 0000000000000000 : nt!ObfDereferenceObject+0x26
fffffc03c3cca810 fffff8041d82d378 : 000001d9614a45e0 0000005c56b7dd68 0000000000000001 00000000000014e0 : nt!NtQueryKey+0x449
fffffc03c3ccaa70 00007ff9b2303e44 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : nt!KiSystemServiceCopyEnd+0x28
0000005c56b7d858 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : 0x00007ff9`b2303e44
SYMBOL_NAME: nt!MiSystemFault+1c8c09
MODULE_NAME: nt
STACK_COMMAND: .cxr; .ecxr ; kb
IMAGE_NAME: ntkrnlmp.exe
BUCKET_ID_FUNC_OFFSET: 1c8c09
FAILURE_BUCKET_ID: AV_W_(null)_nt!MiSystemFault
OS_VERSION: 10.0.22000.1
BUILDLAB_STR: co_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {66411fc0-2fe2-a1a3-7539-3b3fcf286ba7}
Followup: MachineOwner
---------
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(92.8, 23%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Run System File Checker: Open command prompt as Admin and in it's window, type SFC /scannow and press Enter.
Run Windows Memory Diagnostic Tool: To launch the Windows Memory Diagnostic tool, open the Start menu, type “Windows Memory Diagnostic”, and press Enter.
Disable Automatic Paging File Size Management- Check it here on how to
I am still getting BSOD and frequent restart
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(83.2, 74%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ED%3C/text%3E%3C/svg%3E)
Please run the V2 log collector and post a share link into this thread using one drive, drop box, or google drive.
https://www.tenforums.com/bsod-crashes-debugging/2198-bsod-posting-instructions.html
https://www.elevenforum.com/t/bsod-posting-instructions.103/
.
.
.
.
.
Please remember to vote and to mark the replies as answers if they help.
On the bottom of each post there is:
Propose as answer = answered the question
On the left side of each post there is /\ with a number: click = a helpful post
.
.
.
.
.
Here is the link of the V2 LOG : https://1drv.ms/u/s!Aj8NamyDu-N4in5jsHxh2wkUt0V-?e=5D1b1d
Uninstall McAfee antivirus using the applicable uninstall tool:
https://www.mcafee.com/support/?articleId=TS101331&page=shell&shell=article-view
Make sure that Microsoft defender is on.
If the computer is stable for one day (no BSOD or unexpected shutdowns and restarts) then reinstall McAfee AV or continue using Microsoft defender.
.
.
.
.
.
Please remember to vote and to mark the replies as answers if they help.
On the bottom of each post there is:
Propose as answer = answered the question
On the left side of each post there is /\ with a number: click = a helpful post
.
.
.
.
.
Already uninstalled but computer still randomly restart
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(118.4, 64%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EOS%3C/text%3E%3C/svg%3E)
already did issue still not resolve
If there are continued BSOD after uninstalling McAfee antivirus then perform the following steps:
1) Do not reinstall McAfee AV
2) Continue to use Microsoft defender during the troubleshooting
3) Open administrative command prompt and copy and paste:
PowerShell $D=(New-Object -ComObject Wscript.Shell).SpecialFolders(4);Compress-Archive "%WinDir%\MEMORY.DMP" "$D\Memory_dmp"
Post a share link into this thread with the compressed memory dump.
Please make sure that this share link is separate from all other share links.
4) Run:
(bat scripts by design prompt antivirus software and require manual overrides)
Post share links into this thread using one drive, drop box, or google drive.
5) Make a new restore point:
https://www.tenforums.com/tutorials/4571-create-system-restore-point-windows-10-a.html
6) Read this link on Windows Driver Verifier (WDV):
https://www.tenforums.com/tutorials/5470-enable-disable-driver-verifier-windows-10-a.html
Learn the methods to recover from using the tool by booting into safe mode and running one or more of these commands:
verifier /reset
verifier /bootmode resetonbootfail
Start the testing with the three customized tests in the Ten Forums link.
Test all non-Microsoft drivers.
Test no Microsoft drivers.
If there is no immediate BSOD then open administrative command prompt and type or copy and paste:
verifier /querysettings
Post a share link into this thread using one drive, drop box, or google drive.
For any new BSOD post a new V2 share link into the newest post.
.
.
.
.
.
Please remember to vote and to mark the replies as answers if they help.
On the bottom of each post there is:
Propose as answer = answered the question
On the left side of each post there is /\ with a number: click = a helpful post
.
.
.
.
.