BSOD (KERNAL_DATA_INPAGE_ERROR) on waking from sleep.

[phv3773]

I think we may be on to something.

In chronological order, I ran full scan with Windows Defender (because it was there). It found two issues. One was a concern about a file named GoogleUpdateTaskMachineCore.job. It was forwarded to Microsoft for Analysis. Second was that it found a virus: Win32/Lerspeng.B. See image. I don't think this is the problem because of where it was found.

Next, I installed Kaspersky Antivirus, and ran a full scan. No issues discovered. Note: Still running in Clean Boot condition, though I have not checked to see if anything was turned on programmatically.

Finally, I ran the DPC Latency Checker. Definite issues, See image.

View attachment 61212View attachment 61211

 

[phv3773]

Myers Briggs: The drive has been tested. I'm reluctant to run a long test on the solid state hard drive because they have a limited life span of reads/writes. If there was a test specifically for SSDs, I might.

 

[Mysers Briggs]

Myers Briggs: The drive has been tested. I'm reluctant to run a long test on the solid state hard drive because they have a limited life span of reads/writes. If there was a test specifically for SSDs, I might.

The life span of an SSDs read and writes is much larger than that of a HDD, I certainly wouldn't worry about it.

 

[Addictive Gamer]

One was a concern about a file named GoogleUpdateTaskMachineCore.job. It was forwarded to Microsoft for Analysis. Second was that it found a virus: Win32/Lerspeng.B. See image. I don't think this is the problem because of where it was found.

Are you saying you were aware about this trojan downloader before??
It does not matter where the trojan downloader has been found, what matters is how much trojans did that thing download while outside of recycle bin?
Btw, A trojan is something that let's haxors get into your machine.

I have some feeling that you are not worried too much here, but some other people ( including me ) would tell following:

If machine has been infected it can not be trusted any more, the only way to return trust is to wipe the hard drive clean off and reload the operating system

What this means is that even if machine really is infected you can't make it clean from malicious programs any more, because there is no such antivirus capable of doing this.

As for DPC tool showing high latency there is one ( or more ) ways to figure out which drivers behave bad, that is downloading Windows SDK and installing performance monitor which would be then used to identify/capture bad drivers.
However In order to complete this process majority of the work would have to be done by you.

I have a link which explains the process easy way without too much details so you might find it interesting:
how-do-i-get-to-the-root-cause-of-high-deferred-procedure-calls

Note: the webpage above is currently offline.

 

[phv3773]

I'm getting out of my depth here. However, I did run the performance monitor for about 10 minutes. I watched a video online, opened Google Earth, opened PhotoShop Essentials. Actually, I did it twice and got similar results. glcnd.exe is apparently Microsoft Reader. I don't know why that would be accessed. I got that and the MsgCheck delay both times.

 

[Addictive Gamer]

You are looking at wrong things.

edit:
This is where you look for DPC of a capture file, however timeframes are in miliseconds not microseconds, use sort function to sort them:


View attachment 61234

 

[phv3773]

More like this?

 

[Addictive Gamer]

More like this?

Now that looks like we found a bad guy's hideout

However resolving the issue is not as easy as terminating ndis.sys driver, because that driver belongs to Microsoft, it's very unlikely that this driver causes troubles here.

As your 1st dump file tells that system crash was around ndis.sys, here are few options to try out and re-ran the test to see if that makes any change.

1. Open device manager as Administrator
2. right click on Broadcom Wireless adapter and select properties
3. go to advanced tab or something like that and find power management.
4. set an option to not save power for that device ( if that option is set, then revert it )
5. additionally disable all other network devices except wireless adapter ( which you use to connect to internet ?)

Once you do this save settings and re-run performance monitor to capture new data.

Other possible cause could be bad wireless driver. therefore rolling back could solve the issue.
Report results.

 

[phv3773]

The PC is on ethernet, and the Broadcom WiFi has been turned off.
I changed the power option on the Realtek PCIe GBE Family controller from "may turn off" to "don't turn off." I don't see much change.

I talked to the guy at Staples. Yes, they are an HP Authorized Service Center. Yes, they are willing to look at the machine. Yes, they will probably reset to new-in-the-box condition, but, really, the guy thinks I should call HP and demand a replacement machine.

I don't understand why refreshing Windows (writing the same code onto the same computer) without any other changes is likely to have a different result.

Experimenting with the DPC Latency Checker, I found that if I left the computer untouched, the number of red bars diminished to about 1 every 30-60 seconds. Any use of the computer, even just moving the mouse around without clicking on anything, caused a flurry of red bars. So does typing into a document, not it's not mouse-specific.

No crashes in 48 hours.

 

[Addictive Gamer]

the guy thinks I should call HP and demand a replacement machine.

The guy sounds like a person who has no solution to the problem, seriously blaming the entry machine for unknown problem?
I think he completed his mission to get rid of complaining costumer.

I don't understand why refreshing Windows (writing the same code onto the same computer) without any other changes is likely to have a different result.

It's not really the same code, according to your feedback so far the code is most likely corrupt.

Experimenting with the DPC Latency Checker, I found that if I left the computer untouched, the number of red bars diminished to about 1 every 30-60 seconds. Any use of the computer, even just moving the mouse around without clicking on anything, caused a flurry of red bars. So does typing into a document, not it's not mouse-specific.

If you have given up on this problem then OK, it's your choice, but still you can try to disable all devices associated with high DPC latency drivers, put PC into safe mode and see if that makes any change.

 

[phv3773]

BSOD while waking this evening.

With the latency checker running, I disabled everything under Network adapters: 2 Bluetooth devices, the Broadcom, the Realtek, and 8 WAN Miniports. I didn't notice any difference.

My problem is that I don't really know what else to try. I did try the printer, however. It's an HP Officejet Pro L7600. Not a new printer.

Disabling the device seemed to reduce the red bars a bit, to maybe one every 60 seconds when the computer was left alone. It still gave a flurry of red bars when it was in use, however.

I experimented by turning the printer off and back on. As the printer was coming back on, I got lot of red bars. After it had finished it's warmup, the pattern settled down to 5 yellow bars followed by 2 red ones. That continued until I noticed that the printer was displaying a low message. When I cleared that, the latency checker immediately went back to the 1 bar every 45 seconds or so. The printer was "disabled" the entire time. So maybe the printer driver is a problem. I think we got the first BSOD before the printer was installed, though, so maybe it's just stimulating something else.

I ran the Performance Monitor while getting the red bars with the printer disabled.
View attachment 61262

 

[Addictive Gamer]

I would need to have this trace log here to see myself for other processes that might interfere with ndis and netbt drivers.
this latency as shown is far too high.

 

[phv3773]

Is there a way to send to you directly? I'm not too keen on posting here in the thread.

 

[Addictive Gamer]

Hi,
sorry for delay,
I'm not able to find any pattern but here are few "suspicious" that could make a difference.

1. Disable google crash handler ( I think it can be done in browser settings )

2. Disable office services such as click to run ( not sure where to disable )
- some are found in services other in task scheduler.

both can be found in:
Control Panel\All Control Panel Items\Administrative Tools


Try disconnecting any USB attached device.
Try to disable NETBIOS in:
Control Panel\Network and Internet\Network Connections
right click adapter > properties > double click on Internet protocol v4 > Advanced ... and disable netbios under WINS tab.

 

[phv3773]

As far as I could tell, closing all the Google processes had no effect.

I couldn't figure out how to disable the NETBIOS.

I do think that USB is a likely problem. The printer is USB as is the new backup drive. However so are my keyboard and mouse, and I'm concerned about leaving the computer in an non-working configuration.

I sent a new file via tutanota.

 

[Addictive Gamer]

I'm not sure any more, we are shooting into the dark. trace log is the same as before but worse.
Microsoft network drivers running too high, and what causes them I have no clue.
there is no single manufacturer's driver running bad directly^^


As fo NETBIOS, I missed one detail in post above, under:
Control Panel\All Control Panel Items\Network and Sharing Center
you need to click on "change adapter settings" and then do the rest as told above.

 

[phv3773]

I'm resigned to having to refresh the machine, but I have to pick a time when it doesn't upset the household more than necessary.

Edit: I tried disabling the netbios on the Bluetooth, WiFi, and Ethernet, and saw no difference.
I've turned on everything that I turned off for the clean boot, and I'm going to send you one more .etl file. Just because. I appreciate your help, and I don't want to wear you out with it. We're getting pretty close to punt time.

 

[phv3773]

Check out the image. I've hardly ever seen a green bar before. Watching for 5 minutes or more, I saw 1 red bar, even when doing things that caused a flurry of red bars before like moving the mouse or turning the printer on and off.

I'm not sure what could have caused the change. I had turned off a bunch of stuff which I turned back on earlier, but that didn't cause an immediate change in the latency detector. I was trying to run a video and there was no sound. I was offered "trouble shoot the problem" and it discovered a sound card was off, and turned it on. Who knows if it did something else too.

I have not put any new hardware in the box, but I do have a pair of Creative speakers which were an add on.

 

[Addictive Gamer]

This last one as well as the image above looks much better, with USB xHCI Compliant Host Controller being on top of the list, which was on 3rd place before.

Maybe generating a power report could tell something more about USB devices:
press: :winkey: + X
select Command prompt (Admin)
type:
cd \
powercfg /energy

this will place a HTML report into C drive, zip the file and attach it here.


Additionally you can try to schedule PC to go to sleep in:
Control Panel\All Control Panel Items\Power Options

and also dettaching USB devices before sleep (including mouse, keyboard ...) leaving only one for interaction.
and see what happens without any USB device attached.

 

[phv3773]

Naturally, the PC crashed a couple hours after I posted the image with the green bars, and the latency went back to the previous standard.

Have not done the sleep study yet.

Edit: Kaspersky may have been scanning during the energy report.