[FaMzNeSS]

Hey guys,

I had this problem a while ago and it seemed to rectify itself, but it's happening all over again. I'm getting BSOD's when I woke up the PC from being asleep. Turns out it'd happen on a cold boot as well. It normally Blue screens once, reboots and then boots up fine after that.

I took a look at the forums and did some troubleshooting a while ago, and that thread is here: BSOD on Boot - Win7 64 Bit 1 year old system - Tech Support Forum

So far I did the checkdisk, ran a virus scan, used jv16 Powertools2011 and I'm still running into issues.

Here is my PC information:

· OS - Vista/ Windows 7 - Windows 7
· x86 (32-bit) or x64 - 64 Bit
· What was original installed OS on system? - Windows XP (Only briefly, then wiped it and loaded Win7)
· Age of system (hardware) - 1 year as of February
· Age of OS installation - have you re-installed the OS? - 2 years as of February and no.
· CPU - AMD Athalon II X4 620 2.6Ghz Socket AM3 95W Quad-core Processor
· Video Card - Sapphire Radeon HD 5770
· MotherBoard - Gigabyte GA-MA74GM-S2 Micro ATX AMD Motherboard
· Power Supply - brand & wattage - Cooler Master eXtreme Power Plus RS-460-PMSR-A3 460W Power Supply
· System Manufacturer - Built myself
· Exact model number (if laptop, check label on bottom) - N/A

I've attached the .zip file along with my last three .dmp files. It's really aggravating and I hope you guys can help

 

[VirGnarus]

The three bugchecks show something different each. While I can't find anything definitive from the first two, I do believe they might have something in common. Yet, the greatest concern is that I noticed one of them was caused by win32k.sys crashing (Windows needs this process to run). When I looked at the details behind it, I didn't see any timestamp or nothing on it. Very, very suspicious. Usually this is iconic to a malware infection (primarily rootkit). Keep this in mind.

Anyways, Driver Verifier did detect something. It found MpFilter.sys was making a function call that is no longer supported by Windows 7. It's associated with Windows Defender or Windows Security Essentials. It's dated April 2011, so check for any updates. I personally find it odd that MS Devs would write code that is not compatible to the newest Windows, but perhaps thinks like this just slip. The erroneous function it called does kinda explain the previous crashdumps, however (as in it has the potential to cause the two previous crashes).

 

[FaMzNeSS]

Yeah, that's what's kickin' my tail VirGnarus. It seems like it's always something different. I'll try to do a MalwareBytes scan now, and Driver verification again, as well as look for updates. If you, or anyone else can think of/find something I'd greatly appreciate the help.

 

[FaMzNeSS]

I ran a flash scan and a quick scan with Malwarebytes and it turned up zero. I'm planning on running a full scan today as well as a windows update. I've also run a checkdisk on my slaved off HDD, just to ensure it was running properly, which it was.

I put the machine to sleep twice yesterday and so far it's been okay, I'll update later as I progress. If anyone else can think of or see anything, it would be greatly appreciated.

 

[VirGnarus]

Yeah. Keep Driver Verifier active. If nothing definitive comes it, you might have to end up doing hardware diagnostic tests.

Btw, in case this is a rootkit, I've also known Kaspersky's TDSSKiller to be effective at finding them. Grab it here, run it, but if it finds anything, do not let it clean infection. Instead, report to our Security Team on the appropriate subforum. More often than we'd like, while AV engines do a good job finding infections, they can do an incomplete job cleaning them, resulting in very problematic symptoms.

 

[FaMzNeSS]

Alright, I ran the TDSSKiller and it came up with nothing. I also did a full updates with Microsoft. I put the PC to sleep and woke it up a few hours later with a blue screen after a few moments:

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7600.2.0.0.256.1
Locale ID: 1033

Additional information about the problem:
BCCode: a
BCP1: 00000000002D2A8C
BCP2: 0000000000000002
BCP3: 0000000000000001
BCP4: FFFFF80002E86530
OS Version: 6_1_7600
Service Pack: 0_0
Product: 256_1

Files that help describe the problem:
C:\Windows\Minidump\011112-30872-01.dmp
C:\Users\Glenn Adycki\AppData\Local\Temp\WER-49826-0.sysdata.xml

Read our privacy statement online:
Windows 7 Privacy Statement - Microsoft Windows

If the online privacy statement is not available, please read our privacy statement offline:
C:\Windows\system32\en-US\erofflps.txt

I'll attach this crash as well.

 

[VirGnarus]

Ok, apparently false alarm on that win32k. I checked the other crashdumps and the details are all there. It must've got dumped onto the paging file at the time of that particular crash, which is very weird to me.

I checked your latest crashdump and it appears Driver Verifier wasn't on at the time. Confirm that it's on by going back into it and using the Display existing settings option. Remember that it'll only become active after you complete a successful restart of the computer after you set everything. Letting it crash before you restart the PC after turning on DV most likely will not have it save the settings.

Anyways, moving on, it's evident we may very well be looking at hardware failure here. Time to do some hardware testing:

RAM: Memtest86+ - 7+ passes
CPU: Prime95 - Torture Test; Large FFTs; overnight (9+ hours)
GPU: MemtestG80/CL - Run twice (if any of the tests work on your GPU)
Drives: Seatools - All basic tests aside from the Fix all or the advanced ones.

All of these (excluding MemtestG80/CL) are included in the UBCD if you prefer a Live CD environment (which is a good environment to test hardware on). Also, if you want, provide us temps/voltages using HWInfo with Sensors only option checked. Log two 30-minute instances: one for idle, and one for high load.

 

[FaMzNeSS]

Alright, I'm going to start that next battery of tests you suggested. I went into the Driver Verifier manager and I selected "Display existing settings" as you suggested, then I clicked finish. Should I just leave the window open instead, or do I have it set up wrong. I want to make sure it's actively capturing any data to help in the analysis of the problem.

In the interim, I'm going to start with the HDD tests and then move around from there.

 

[VirGnarus]

The Display existing settings will only show you what's currently active. If you see that all the options are "NO" and no drivers are listed, then DV is not on, and you'll have to run through the previous method of turning it on from that article on it I linked you too, to start it back up. As mentioned, restart immediately after you finish with it.

Driver Verifier only alters the Windows environment to perform more specific checks on the drivers you select than the usual checks that Windows has which causes a BSOD. It will persist across both shutdowns, restarts, BSODs, etc., and will only turn off if you either use a Restore point that was previous to turning it on, or you go and manually turn it off. If you start seeing that it BSODs at Windows startup, it means a driver being loaded at Windows startup failed the new checks and is causing the BSOD. You can go into Safe Mode and disable DV.

Send us any new crashdumps that may occur that you believe DV is involved in. They will give us a better idea as to cause, if this is in fact a driver causing it. Note that any driver not loaded at the time you opened and set up Driver Verifier will not be covered by the new checks, so those drivers may still slip by. But usually anything from boot-up that are buggy as well as some others will be checked by DV.

 

[FaMzNeSS]

Alright, I believe I've had driver Verifier on for a few days now. Same thing, sometimes multiple times. Either I put it to sleep, it wakes up and 20 seconds later blue screens, or I cold boot and it'll blue screen once or twice before getting into windows. It's really annoying. I wonder if it's just my HDD, although it's passing all the tests I put it through.

I attached a slew of dump files to see if you guys can notice anything.

 

[VirGnarus]

Umm, have you checked Driver Verifier to see if it's still on? None of the crashdumps state that it was active at the time.

Anyways, if all the tests show up negative, and if DV does NOT show up anything when it's active, then only two parts of the computer are responsible: the PSU, or the Mobo. I've found in every case where tests showed nothing nor DV, the motherboard was responsible for all of them. To rule out the PSU as being possible, provide us two 30-minute HWInfo logs. Start it up with Sensors only, and log two instances, one for idle, and one as high load. Then send em over. Note this will not ENTIRELY rule out the PSU, but some PSU issues can show up in this.

 

[FaMzNeSS]

I could've sworn I had DV running. I'll admit, I'm not as familiar with this tool as much as I am with all of the other troubleshooting utilities. I'll look up a quick "how-to" to ensuring I'm doing it correctly.

Your jnsite has been extremely helpful. I'm hoping it really is just a driver issue that I keep missing. I'll report back in a day or three with what you've asked for above.

 

[VirGnarus]

As mentioned before, you can check to see if it's on using the "Display existing settings" option once you start it up. This will show what settings are currently active. No settings active or drivers listed, no DV on.

Go ahead and provide the HWinfo logs as well so we can get that out of the way. Thanks.

 

[FaMzNeSS]

I got a crashdump today, and DV was certainly on. The machine crashed twice, but only generated one dump file. I think it was because the machine didn't look like it made it into windows on the first crash.

Also, I noticed that when DV is on my Processor works pretty hard. I have that little Win7 gadget that shows system PSU and RAM performance, and my processor was constantly working above 85%, sometimes as high as 98%. But when I disabled DV and restarted, it returned to normal. I just wanted to report on that as an issue.

Attached is my Dump file. I'll get those HWInfo logs tomorrow or later this weekend.

 

[VirGnarus]

DV can put strain on situations where particular drivers are performing very unusual behavior, such as allocating very large amounts of small memory allocations. Usually DV doesn't cause all that much stress unless some driver (or drivers) are misbehaving.

Unfortunately, I'm afraid we're most likely looking at a CPU problem here. I did some analysis on that last crashdump, and it looks like there's a logic issue with your CPU. Your CPU was given an instruction to mess with a memory address, but it went ahead and attempted to read the contents of another one. All the evidence shows that the CPU was given a proper address, but it deliberately chose to read something else. In fact, what's especially peculiar is that it wasn't even being told to read the memory at the address it was given, only told it to change the address a bit. We are witnessing a major logic failure here.

When you mentioned you ran tests, did you run Prime95? This can help ensure that we're dealing with a bad CPU. Also, note that any motherboard software has the ability and propensity to cause these kind of errors, as well as possibly the motherboard itself. Make sure that you have absolutely no software installed that came with your motherboard, aside from the actual chipset drivers. You may need to use something like Driver Sweeper to wipe em off as they have a tendency to leave residue after you run their uninstaller.

Go ahead and provide us those HWInfo logs. There's always the chance overheating or voltage issues are at work here. However, I'm leaning more on CPU.

 

[FaMzNeSS]

I rad HWInfo twice, for thirty minutes, as per your suggestion. Attached are those two files.

I haven't used Prime95 yet, but I'll try running that now as well.

 

[VirGnarus]

Urp, I'm afraid those won't help. I think I might have failed to mention that you have to start up HWInfo with Sensors only checked. Otherwise all it does is give me a report of all your hardware setup. Sorry, mate.

 

[FaMzNeSS]

Why was I afraid you were going to say that?

Thats no problem, I'll re-run them after the Prime95 completes. I apologize, as some of these tools are new to me, despite the fact that I've been an IT forever, so I'm not used to running them as flawlessly as you are. I sincerely appreciate all of your assistance.

 

[FaMzNeSS]

Alright. Two HWInfo files, ran at 30 minutes a piece, and also a Prime95 file as well. I hope this one provides us with some answers.

 

[FaMzNeSS]

Bumping this just in-case.