• Question

  • I have a user running win 10 pro that has had a BSOD occur 3x in the past week or so.  We did a remote session and I updated any Dell drivers that needed updates as well as the BIOS but I was also able to grab the dump file. I examined it with WinDbg but can’t really tell what the cause was. Perhaps someone here can narrow it down?

    Here is a link to the dump file:

    Mini Kernel Dump File: Only registers and stack trace are available
    Symbol search path is: srv*
    Executable search path is: 
    Windows 10 Kernel Version 18362 MP (4 procs) Free x64
    Product: WinNt, suite: TerminalServer SingleUserTS
    Built by: 18362.1.amd64fre.19h1_release.190318-1202
    Machine Name:
    Kernel base = 0xfffff805`1d400000 PsLoadedModuleList = 0xfffff805`1d848170
    Debug session time: Fri Nov 22 16:38:40.043 2019 (UTC - 5:00)
    System Uptime: 0 days 5:58:04.799
    Loading Kernel Symbols
    Loading User Symbols
    Loading unloaded module list
    For analysis of this file, run !analyze -v
    fffff805`1d5c14e0 48894c2408      mov     qword ptr [rsp+8],rcx ss:0018:ffffec8c`dea8dac0=000000000000003b
    0: kd> !analyze -v
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    An exception happened while executing a system service routine.
    Arg1: 00000000c0000006, Exception code that caused the bugcheck
    Arg2: fffff8051da8e592, Address of the instruction which caused the bugcheck
    Arg3: ffffec8cdea8e3f0, Address of the context record for the exception that caused the bugcheck
    Arg4: 0000000000000000, zero.
    Debugging Details:
    *** WARNING: Unable to verify checksum for win32k.sys
        Key  : Analysis.CPU.Sec
        Value: 3
        Key  : Analysis.DebugAnalysisProvider.CPP
        Value: Create: 8007007e on DESKTOP-7001FCV
        Key  : Analysis.DebugData
        Value: CreateObject
        Key  : Analysis.DebugModel
        Value: CreateObject
        Key  : Analysis.Elapsed.Sec
        Value: 29
        Key  : Analysis.Memory.CommitPeak.Mb
        Value: 70
        Key  : Analysis.System
        Value: CreateObject
    BUGCHECK_P1: c0000006
    BUGCHECK_P2: fffff8051da8e592
    BUGCHECK_P3: ffffec8cdea8e3f0
    BUGCHECK_P4: 0
    CONTEXT:  ffffec8cdea8e3f0 -- (.cxr 0xffffec8cdea8e3f0)
    rax=0000000000000000 rbx=ffffec8cdea8ee40 rcx=0000000000000007
    rdx=00000000042bf0a8 rsi=00000000000003a9 rdi=ffff818fb28b7000
    rip=fffff8051da8e592 rsp=ffffec8cdea8ede8 rbp=ffff818fb28b7000
     r8=000000000000001c  r9=ffffd7037e44e080 r10=0000021ce09300a8
    r11=00000000000000a8 r12=00000000ce4cf905 r13=ffffec8cdea8f0a0
    r14=00000000000003a9 r15=0000021ce083c024
    iopl=0         nv up ei pl nz na pe nc
    cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00050202
    fffff805`1da8e592 418b02          mov     eax,dword ptr [r10] ds:002b:0000021c`e09300a8=????????
    Resetting default scope
    BLACKBOXBSD: 1 (!blackboxbsd)
    BLACKBOXNTFS: 1 (!blackboxntfs)
    BLACKBOXPNP: 1 (!blackboxpnp)
    PROCESS_NAME:  Registry
    ffffec8c`dea8ede8 fffff805`1da2979f : 00000000`7f147a21 ffffec8c`dea8f170 00000000`00000000 ffff818f`c1cba1b0 : nt!HvpGetCellPaged+0xa2
    ffffec8c`dea8edf0 fffff805`1da28099 : 00000001`ffffffff 00000000`ce4cf905 ffffec8c`dea8f8e8 ffff818f`00000000 : nt!CmpDoCompareKeyName+0x2f
    ffffec8c`dea8ee40 fffff805`1d9f226a : ffff818f`c1cba1b0 00000000`00000006 ffffec8c`dea8f038 ffffec8c`dea8f0c0 : nt!CmpWalkOneLevel+0x709
    ffffec8c`dea8ef50 fffff805`1d9ef2d4 : ffffec8c`0000001c ffffec8c`dea8f2a0 ffffec8c`dea8f268 00000000`00000000 : nt!CmpDoParseKey+0x9fa
    ffffec8c`dea8f1f0 fffff805`1d9ed1bf : ffffd703`7a3af010 ffff818f`c2f3c001 00000000`00000000 00000000`00000001 : nt!CmpParseKey+0x274
    ffffec8c`dea8f410 fffff805`1d9eb621 : ffffd703`7a3af000 ffffec8c`dea8f658 00000000`00000040 ffffd703`686d1220 : nt!ObpLookupObjectName+0x78f
    ffffec8c`dea8f5d0 fffff805`1d9f4b3c : 00000000`00000001 00000000`00000000 00000000`00000000 ffffd703`686d1220 : nt!ObOpenObjectByNameEx+0x201
    ffffec8c`dea8f710 fffff805`1d9f49bd : 00000032`121fed30 ffffec8c`dea8fa80 00000000`00000001 00000000`00000000 : nt!ObOpenObjectByName+0x5c
    ffffec8c`dea8f760 fffff805`1d9f69df : 00000000`00010000 00007ffe`2cb00000 00000032`121ff020 00000000`00000000 : nt!CmOpenKey+0x29d
    ffffec8c`dea8f9c0 fffff805`1d5d2d15 : ffffd703`00000000 00000000`00000001 00000000`00000000 ffffec8c`dea8fa80 : nt!NtOpenKeyEx+0xf
    ffffec8c`dea8fa00 00007ffe`3059e414 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x25
    00000032`121fec58 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffe`3059e414
    SYMBOL_NAME:  nt!HvpGetCellPaged+a2
    IMAGE_NAME:  ntkrnlmp.exe
    IMAGE_VERSION:  10.0.18362.476
    STACK_COMMAND:  .cxr 0xffffec8cdea8e3f0 ; kb
    FAILURE_BUCKET_ID:  0x3B_c0000006_nt!HvpGetCellPaged
    OS_VERSION:  10.0.18362.1
    BUILDLAB_STR:  19h1_release
    OSNAME:  Windows 10
    FAILURE_ID_HASH:  {68f3db38-ae8e-4bae-c37a-85819946495f}
    Followup:     MachineOwner

    • Edited by GlenTech83 Tuesday, November 26, 2019 4:03 PM
    Tuesday, November 26, 2019 4:02 PM

All replies

  • that was a a STATUS_IN_PAGE_ERROR in the Registry process.
    So could be a problem with the system disk.
    Incidentally, the same exception was observed here: WINDOWS BLUE SCREEN ERROR
    ut the other user seems to not have tested his drives.
    Tuesday, November 26, 2019 7:30 PM
  • Thanks. I can run a disk diagnostic when I get back in a few days. I'll post my results.
    Tuesday, November 26, 2019 8:50 PM
  • Hi

    >>PROCESS_NAME:  Registry

    It seems the problem is the Registry corrupted. Kindly follow the below methods and check if it works:

    1. Run DISM Tool and System File Checker(SFC), the specific steps you can refer to the following Microsoft link:

    2.Uninstall non-Microsoft antivirus software. To remove an antivirus application, go to Control Panel\Programs\Programs and Features. Select the program, and then select Uninstall. Select Yes to confirm.

    3.Uninstall nonessential software. To uninstall software, go to Control Panel\Programs\Programs and Features. Select the program, and then select Uninstall. Select Yes to confirm.

    4. Run Windows Memory Diagnostic. You can follow the below steps:

    • Type memory in the Windows search bar and select “Windows Memory Diagnostic“
    • In the set of options displayed select “Restart now and check for problems“
    • After which Windows will restart to check for possible RAM errors and will hopefully display the possible reasons as for why you get the Blue Screen of Death (BSOD) error message
    • Reboot your PC and check if the problem is resolved or not.

    Meanwhile, you can try to follow the troubleshooting steps on the below Microsoft link to resolve blue screen issues:

    Troubleshoot blue screen errors

    Hope can help you. Have a nice day!

    Best Regards,


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact

    Wednesday, November 27, 2019 5:43 AM
  • Hi,

    Was your issue solved?

    If the reply helped you, please remember to mark it as an answer.

    If no, please reply and tell us the current situation in order to provide further help.

    Best Regards,


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact

    Thursday, November 28, 2019 1:51 AM
  • The user travels so I'll need to coordinate a remote session into his machine for sometime this week if possible in order to check the disk.
    Monday, December 2, 2019 3:53 PM
  • The bugcheck was 3B:  SYSTEM_SERVICE_EXCEPTION

    To evaluate the BSOD please post logs for troubleshooting.

    Using administrative command prompt copy and paste this whole command.

    Make sure the default language is English so that the logs can be scanned and read.

    The command will automatically collect the computer files and place them on the desktop.

    Then use 7zip to organize the files and one drive, drop box, or google drive to place share links into the thread for troubleshooting.

    This command will automatically collect these files:  msinfo32, mini dumps, drivers, hosts, install, uninstall, services, startup, event viewer files, etc.

    Open administrative command prompt and copy and paste the whole command:

    copy %SystemRoot%\minidump\*.dmp "%USERPROFILE%\Desktop\"&dxdiag /t %Temp%\dxdiag.txt&copy %Temp%\dxdiag.txt "%USERPROFILE%\Desktop\SFdebugFiles\"&type %SystemRoot%\System32\drivers\etc\hosts >> "%USERPROFILE%\Desktop\hosts.txt"&systeminfo > "%USERPROFILE%\Desktop\systeminfo.txt"&driverquery /v > "%USERPROFILE%\Desktop\drivers.txt" &msinfo32 /nfo "%USERPROFILE%\Desktop\msinfo32.nfo"&wevtutil qe System /f:text > "%USERPROFILE%\Desktop\eventlog.txt"&reg export HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall "%USERPROFILE%\Desktop\uninstall.txt"&reg export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components" "%USERPROFILE%\Desktop\installed.txt"&net start > "%USERPROFILE%\Desktop\services.txt"&REM wmic startup list full /format:htable >"%USERPROFILE%\Desktop\startup.html"&wmic STARTUP GET Caption, Command, User >"%USERPROFILE%\Desktop\startup.txt"

    There are two files for you to find manually:

    a) C:\Windows\MEMORY.DMP

    Use file explorer > this PC > local C: drive > right upper corner search enter the above to find results.

    b) dxdiag:  

    In the left lower corner search type:  dxdiag > When the DirectX Diagnostic Tool opens click on the next page button so that each tab is opened > click on save all information > save to desktop > post one drive or drop box share link into the thread




    Please remember to vote and to mark the replies as answers if they help.
    Monday, December 2, 2019 4:21 PM