After Updating To Windows 11, Getting BSOD from a Windows Update

After recently upgrading from Windows 10 to Windows 11, I am on 23H2 (OS Build 22631.3296). I am getting a BSOD caused by an update labeled "Windows 11, 23H2" from Windows Update. The crash type is KERNEL_MODE_HEAP_CORRUPTION. The OS then reboots and Windows will attempt to download and reinstall the update and the cycle continues. I have had to pause updates until this can be sorted out. So far, other than this update, Windows seems stable. I've been running Kahru memory stressor tests on it for 90 minutes now and so far, no memory corruption has been found. I am attaching the resulting DMP file in hopes someone might be able to figure out what is causing this issue.
Here is my hardware profile:
ASUS Z790 Hero
64 GB (2x 32GB) Corsair Vengeance DDR5 RAM (5200 MHz) (Set to XMP Profile I in BIOS)
Intel i9-13900KS
NVidia GeForce RTX 3060
 
Thanks in advance!
 
Attaching 7z file from the Sysnative application. Please remove txt extension name and use 7-zip to extract and view.

Edited by hamluis, 14 March 2024 - 02:22 PM.
Merged posts - Hamluis.

Hi, Welcome to BC.

Please follow the posting instructions which must of missed : https://www.bleepingcomputer.com/forums/t/576314/blue-screen-of-death-bsod-posting-instructions-windows-vista-through-to-11/

Edited by Pkshadow, 14 March 2024 - 04:29 PM.

Per your request, I have attached the Speccy info as well. I was hoping the provided information would have sufficed but I suppose you need more info. I have marked <REDACTED> in the txt file.

Hi, please follow the directions of posting a link as well as as the Sysnative Report.

The link is easier to read and is grouped in to headings.   I personally no longer look at Speccy txt files.  Nor can anything happen with out the Sysnative Report.

Completely up to you.

Edited by Pkshadow, 14 March 2024 - 04:58 PM.

From your name in Top Right Corner click on it then Click on My Settings then left side click on Manage Attachments and delete your attachments.

A Dump file is not a txt file.   Provide the full Sysnative Report so can figure out what is causing the issue/s.

When things are not followed as per directions nothing gets solved.

Okay files have been removed. The .7z file should be good. The zip file that the program created exceeded the attachment size limit so I had to use 7-zip to manually compress all the files on the ultra setting. You should have received the Speccy link to my PC profile via PM.

Edited by Capt_Ahab, 14 March 2024 - 05:03 PM.

Update your ROG MAXIMUS Z790 HERO BIOS when stable to current version : 2002   Released : 2024/02/23

from your Motherboard Support Page : https://rog.asus.com/ca-en/motherboards/rog-maximus/rog-maximus-z790-hero-model/helpdesk_bios/

"• Improved system performance.
• Enhanced compatibility with 256GB memory.
Updating this BIOS will simultaneously update the corresponding intel ME to version 16.1.30.2307. Please note after you update this BIOS, the ME version remains the updated one even if you roll back to an older BIOS later.
Before running the USB BIOS Flashback tool, please rename the BIOS file (MZ790H.CAP) using BIOSRenamer."

Turn off in BIOS ASUS Fast Boot for the same reasons as below :

Turn off MS Fast Start : https://www.windowscentral.com/how-disable-windows-10-fast-startup /11 and WHY !!!

 You are running : ESET Security and COMODO Antivirus.

You can not run 2 or more A/V programs at the Same time.   This could be the issue here.

You do not need 3rd party as Defender is good enough. (though I run a 3rd party)

If you want more protection run Malwarebytes by doing this : https://www.howtogeek.com/230158/how-to-run-malwarebytes-alongside-another-antivirus/  during it's free trial and if purchase it.  Should make these changes anyways for on demand scanner after trial period.

Windows Defender ranks in the top 10 A/V programs but of course the interface is hard to get. This will bring out the hidden Interface :

https://www.majorgeeks.com/files/details/configuredefender.html

As well for the Firewall Developer now works for Malwarebytes thus the colours : https://www.makeuseof.com/windows-firewall-control-guide/   The above is a Review page, there is a link to download it.

Still going to protection the 1st way in is through the Browser : https://www.malwarebytes.com/browserguard

Would not use the Ads/Trackers blocker but use Ublock Origin in Advanced Mode and train the browser and what you accept.

(I have no cookies except the ones I want to have) using the above in Firefox, using Private and no 3rd party allowed.

The SanDisk 3.2 Gen 1 SCSI Disk Device (USB (SATA) (SSD)):   52 °C is too hot, needs below 50c

If you do not need Java for a program or a game you can uninstall it as browsers no longer use it.

Turn this to Balanced : Active power scheme:  Bitsum Highest Performance it is a form of Overclocking.  Should run it only if every need to.   Then turn it back to Balanced

Do not take Drivers from Windows Update Optional or otherwise : https://www.windowscentral.com/how-disable-automatic-driver-updates-windows-10 /11 as best as can for Home.

Especially Video : https://www.tenforums.com/tutorials/146562-prevent-windows-update-updating-specific-device-driver.html

&

https://www.windowscentral.com/how-roll-back-device-driver-windows-10 /11

Edited by Pkshadow, 14 March 2024 - 05:56 PM.

Speccy completed above.

Sysnative below.

There were no Dump Files collected. Make sure Collection is turned on for small.

https://www.windowscentral.com/how-manage-crash-dump-settings-windows-10 /11

DxDiagx86  crashing

=========

AISuite3.exe    is not really needed. So if still issues can uninstall with Geel or Revo Uninstall as they get more.

KERNELBASE.dll

PushNoticeMonitor.exe   - KERNELBASE.dll

aaHMSvc.exe                  -  ASUS for something

HOSTS File :   # Start of entries inserted by Spybot - Search & Destroy  NOTE : This is now a full blown A/V program that makes 3.

Paranoid.

MSInfo32

=======

Essentially is same as DxDiagx86

From a DOS Command Prompt from START | type cmd.exe into the start search box | RIGHT-click on cmd.exe | select "Run as Administrator" then Copy/Paste --> :  DISM /Online /Cleanup-Image /RestoreHealth command then Enter   if it finds problems then reboot. (Completed Successfully : means reboot)
then
After : please Open another Admin Command Prompt and please run Copy/Paste --> SFC /SCANNOW into the Dos window or Powershell and Enter.  Reboot after.

Do not run any cleaning programs after a crash as will delete the Dump Files.   Please leave them so that the BSOD Kernel Expert can look at them late this date or early next.

So ya, Paranoid. Too Much.      If are worried about websites do not go to stuff that can get affected by visiting.

Edited by Pkshadow, 14 March 2024 - 06:17 PM.

Just so you know, the AV Component in Comodo is disabled, I'm using it for HIPS and Firewall only. The Spybot entry in the hosts file is probably an old remnant of when I was using the program a few years back. I am sure it's not installed any longer. I'll go in there and remove the entry.

The only AV programs installed are Microsoft and NOD32 at the moment. I apologize for the delayed response as I just recently updated my BIOS for the first time after switching to UEFI and I was panicking because my motherboard wouldn't boot from any device. It turns out, by default, with UEFI on, you have to toggle the Windows UEFI mode on these Asus motherboards.

With regards to the crash info, are you telling me that DxDiagx86 is the component crashing which is suspected to be caused by those listed applications? I can tell you that AISuite3 needs to go if it's somehow causing issues. I don't see it currently installed anywhere on the system. It may be that you are looking at something that didn't get perfectly cleaned from the system but a quick check in task manager shows that it's not running.

I am collecting dump files, as you can see from my current settings. I had been using Bluescreenview to pull them up but it wasn't able to see anything other than telling me that the crash was with ntoskrnl.exe during the Windows 11 patch but it doesn't tell me what was the faulting process or driver.

Hi, well your Dump Files are what is needed, please upload them.  They should have been collected when running SysnativeCollectionApp.    

Bluescreen View gives about the same info as DxDiagx86, it is a list of things crashing/faulting that sometimes has nothing to do with what is starting the issue as is the coding near the end of MSInfo32, just shows what is going down.

The Dump files pin down what is.  The Kernel Dump Expert will be around in a few hours so should upload them.

AISuite3 that showed has no date nor do the rest in there. but in MSInfo32 it is dated 2018.  Remarkably not any current info.  So the Dump Files hold the answer to what is crashing /faulting/bad instruction/memory and causing ntoskrnl.exe

to go down.

DxDiagx86

========

Problem signature:
P1: unspecified
P2: HardeningTelemetry
P3: HardeningTelemetryDisableAV  =========== This one is interesting as to what is doing it.

At Time of Speccy Report : (I deleted) Shows that the 2 A/V Programs were active and Windows Defender was Deactivated.    There was no NOD32 listed that I saw.  Need to go into Taskbar Shortcut Windows Security and check that both are not running.

Most others would tell you to uninstall all of your Security Programs to make sure that they are not causing the issue.

The last 3 to 5 current dump files uploaded somewhere would be good.

What is this you've uploaded? Apart from having an unnecessary .txt extension, the System and Application logs date from 2017 and 2018!!

Not only that but it's quite clear that the upload does not relate to the PC spec you mentioned.
 

Edited by ubuysa, 15 March 2024 - 06:44 AM.

What is this you've uploaded? Apart from having an unnecessary .txt extension, the System and Application logs date from 2017 and 2018!!

 

Not only that but it's quite clear that the upload does not relate to the PC spec you mentioned.
 

I don't know what you are referring to. I simply ran the analysis software and manually zipped the files from my documents folder as the zip file it created on my desktop exceeded the file limit.

Removing the unnecessary .txt extension and extracting the resulting .7z file does give the SysnativeFileCollection folder as expected. However, the data in there looks to be for a totally different system!

You mention you're running Windows 11 and yet the uploaded data is for a Windows 10 system...

OS Name    Microsoft Windows 10 Pro
Version    10.0.16299 Build 16299

Windows 10 build 16299 is version 1709, which dates from 2020 and no longer receives updates.

Here's the first and last entries in the System log that was uploaded. Note the dates...

Event[6962]:
  Log Name: System
  Source: EventLog
  Date: 2017-11-21T17:20:25.865
  Event ID: 6009
  Task: N/A
  Level: Information
  Opcode: N/A
  Keyword: Classic
  User: N/A
  User Name: N/A
  Computer: MAINPC
  Description:
Microsoft (R) Windows (R) 10.00. 16299  Multiprocessor Free.
 
.....
 
Event[0]:
  Log Name: System
  Source: Microsoft-Windows-Ntfs
  Date: 2018-02-05T09:41:17.475
  Event ID: 98
  Task: N/A
  Level: Information
  Opcode: Info
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\SYSTEM
  Computer: MAINPC
  Description:
Volume ?? (\Device\HarddiskVolumeShadowCopy5) is healthy.  No action is needed.

The data in that upload doesn't bear any relationship with the system you describe in your opening post. You did run the SysnativeBSODCollectionApp on the PC with the problem?

Edited by ubuysa, 17 March 2024 - 10:22 AM.

Yes but perhaps I had run the SysnativeBSODCollectionApp before and didn't realize that the directory was there from the last time I ran it. I'll clear out the directory contents and run it again and repost the result.

Hmm it looks like the folder didn't repopulate so I just extracted the files from the created zip file and compressed them instead with 7-Zip as the file was too large to put up on here. The file dates on this look recent so hopefully this is what you are looking for.