Bsod

Gigabyte GA-Z87M-D3H LGA 1150 CrossFireX DVI/HDMI mATX
Intel Core i7-4770K Haswell 3.5GHz
G.Skill Sniper Series 32GB (4 x 8GB) 240-Pin SDRAM DDR3 2400 (PC3 19200)
GeForce GTX 760 (4GB 256-bit GDDR5)
SanDisk Extreme II 240 GB SATA 6.0Gb/s 2.5" SSD
Pioneer BDR-209DBK 16x Blu-Ray/CD/DVD Writer
Win7Pro x64 SP1

Screenshot of three separate crash dialogs attached, the one on the right being the most recent.

Event viewer event properties of three errors which took place immediately before latest crash, in order:

WMI Error - http://pastebin.com/GZGQqEph

Dhcp-Client Error 1 - http://pastebin.com/fF9haYyv

Dhcp-Client Error 2 - http://pastebin.com/AvuGx3K0

MEMORY.DMP is 969MB.

Can provide any additional info upon request. Any and all help greatly appreciated.

-newmy51

 

The BSOD was a 0xF4, usually SATA/drive -related, check for a firmware update for your SSD, check that all SATA cables and power cables are making good contact, replace the SATA cables with new ones if you can.

The networking errors look to be unrelated to the crash, as is the WMI error.

What make/model#/output is the PSU? EDIT: also reset everything to stock speeds in the BIOS/UEFI during troubleshooting.

Your screenshot shows the path to a Minidump (C:\Windows\Minidump\????????.dmp) can you copy the minidump to the Desktop, zip it and attach the zip, please? There may be further details in it that could be useful.

 

There is a firmware update, but it's apparently only for fixing a sleep related issue on MacBook Pros:



FWIW, here is Speccy's rundown of the SSD status/health:

http://www.amazon.com/Corsair-CX500M-Modular-Supply-Certified/dp/B00ALK3HF4

.zip attached w/ 4 minidumps from recent crashes.

Thank you satrow,

-newmy51

 

and now this:

 

btw, all bios/uefi settings restored to defaults.

 

I'm seeing I/O errors logged in 3 out of the 4 dumps, your latest screenshots also show I/O errors, it might be that the SSD is going downhill fast.

Refit the SATA cables, try to install the firmware update.

See if you can get the info from this tool zipped and attached, it should furnish fresh details to study. If that tool fails, try this method instead.

 

BSOD Inspector .zip attached. Refitting cables now. Firmware upgrade to come.

My continued thanks.

 

Thanks, I'll be AFK for 2+ hours now, it might be wise to use that time ensuring any vital data is safely saved away from the PC.

 

constant backup w/ crashplan. everything is secured.

 

It was a long 2 hours, I ended up too tired to do anything useful.

Details from MSInfo32's WER (Windows Error Reporting) confirms that a disk problem is most likely: X64_0xF4_csrss.exe_BUGCHECK_CRITICAL_PROCESS_IOERR_c000000e_IMAGE_hardware_disk

I'm seeing AppHangs from 'lowly' Processes, like Notepad, as well as bigger programs. Notepad and many MS Office programs etc. will use the page file when in Edit mode, so a corrupt page file is a possibility.

Delete the pagefile from D: and create a fixed 1024MB min and max on C:, the SSD is the best drive for page file an any scratch disk.

Even though I don't think this is driver -related, there are some 'old' drivers that need checking/updating, also the MagicDisk/MagicISO needs uninstalling during troubleshooting, as it (and many other virtual software/drivers) can be problematic, even causing BSODs.

Code:

AcpiCtlDrv.sys              Tue Jul 17 18:07:16 2012 (50059BC4)
DDCDrv.sys                  Tue Apr  8 08:50:11 2008 (47FB23B3)
ICCWDT.sys                  Mon Aug 12 18:59:08 2013 (5209226C)
NvStreamKms.sys             Tue Dec 22 20:53:26 2015 (5679B846)
RTKVHD64.sys                Fri Jan 22 15:09:21 2016 (56A24621)
Rt64win7.sys                Tue Mar 18 02:27:09 2014 (5327AEFD)
athrx.sys                   Tue Feb 22 20:17:31 2011 (4D6419DB)
bcbtums.sys                 Tue Mar 27 22:06:49 2012 (4F722BE9)
btwampfl.sys                Thu Mar 29 19:51:21 2012 (4F74AF29)
btwaudio.sys                Wed Mar 28 23:34:32 2012 (4F7391F8)
btwavdt.sys                 Thu Mar  1 21:45:18 2012 (4F4FEDEE)
btwl2cap.sys                Sat Aug 27 23:58:52 2011 (4E5976AC)
btwrchid.sys                Thu Mar  1 21:46:08 2012 (4F4FEE20)
iocbios2.sys                Wed Jun 18 07:48:56 2014 (53A13658)
iusb3hcs.sys                Wed Feb 12 11:06:11 2014 (52FB55A3)
iusb3hub.sys                Wed Feb 12 11:04:30 2014 (52FB553E)
iusb3xhc.sys                Wed Feb 12 11:04:33 2014 (52FB5541)
mcdbus.sys                  Tue Feb 24 10:34:07 2009 (49A3CD1F)
nvlddmkm.sys                Sat Jan 23 00:12:06 2016 (56A2C556)
nvvad64v.sys                Thu Dec 17 12:47:18 2015 (5672AED6)
pbfilter.sys                Tue Nov 19 05:56:06 2013 (528AFD76)
tap0901.sys                 Wed Nov  5 13:16:32 2014 (545A2330)

I suggest updating or uninstalling any driver/software pre 2013, you should get clues to updating drivers by using the DRT search here.

 

changed C: pagefile min and max as specified. hiberfil.sys remains on C: (25GB). pagefile.sys on D: deleted (33GB). MagicDisk and MagicISO uninstalled. gradually updating drivers.

 

Sounds good, you've successfully updated the SSD firmware as well?

 

turns out the newest firmware is mac only, to fix that mac only problem. my current ssd firmware is the newest available for pc.

now lately experiencing application hangs in which parts of window frames will remain drawn on the desktop after being minimized or closed. they can be "wiped" away by clicking and dragging over them.

also having trouble tracking down newer versions of many of the drivers from the list previously posted. for some i can hardly find my current version.

 

Run Speccy again and check whether the SSD's 'Unexpected power loss' count has changed.

Download WhatIsHang and use it to collect some data next time you get an application hanging. Do the same with WinCrashReport for programs that have crashed.

Don't fret over the drivers at this point, it still feels more like a hardware issue.

 

three more unexpected power losses on the ssd than the first screenshot (up to 68 from 65).

downloading recommended utilities and monitoring system activity.

 

Unless the affected/hanging/crashing programs are installed on the D:, or they only have problems when loading/saving from/to it, I'd say it was probably the SSD or an issue with power to it.

It's possible that malware might be playing a part, though I didn't see anything obvious in your logs.

 

new bsod

 

and another

 

I've only checked the first of the current epidemic, time for that malware checkup, now! http://forums.majorgeeks.com/index....ide-incl-spyware-virus-trojan-hijacker.35407/

This crash is different, a 0xA, specifically flagging the PeerBlock filter. There's also a driver loaded that my searches suggest is unique - big red flag - "qsbnrp.sys".

Code:

System Uptime: 0 days 0:13:55.403
*** WARNING: Unable to verify timestamp for pbfilter.sys
*** ERROR: Module load completed but symbols could not be loaded for pbfilter.sys
Probably caused by : pbfilter.sys ( pbfilter+2838 )
BugCheck A, {fffff88000961008, 2, 1, fffff80002e22619}
BugCheck Info: [url=http://www.carrona.org/bsodindx.html#0x0000000A]IRQL_NOT_LESS_OR_EQUAL (a)[/url]
Bugcheck code 0000000A
Arguments:
Arg1: fffff88000961008, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, bitfield :
    bit 0 : value 0 = read operation, 1 = write operation
    bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff80002e22619, address which referenced memory
BUGCHECK_STR:  0xA
DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT
PROCESS_NAME:  System
FAILURE_BUCKET_ID:  X64_0xA_pbfilter+2838
MaxSpeed:     3500
CurrentSpeed: 3491
BiosVersion = F5
BiosReleaseDate = 05/09/2013

3rd party driver list:

Code:

AcpiCtlDrv.sys     Tue Jul 17 18:07:16 2012 (50059BC4)
DDCDrv.sys         Tue Apr  8 08:50:11 2008 (47FB23B3)
ICCWDT.sys         Mon Aug 12 18:59:08 2013 (5209226C)
NvStreamKms.sys    Tue Dec 22 20:53:26 2015 (5679B846)
RTKVHD64.sys       Fri Jan 22 15:09:21 2016 (56A24621)
Rt64win7.sys       Tue Mar 18 02:27:09 2014 (5327AEFD)
TrueSight.sys      Fri Jan 15 20:17:58 2016 (569953F6)
amdxata.sys        Fri Mar 19 16:18:18 2010 (4BA3A3CA)
athrx.sys          Tue Feb 22 20:17:31 2011 (4D6419DB)
bcbtums.sys        Tue Mar 27 22:06:49 2012 (4F722BE9)
btwampfl.sys       Thu Mar 29 19:51:21 2012 (4F74AF29)
btwaudio.sys       Wed Mar 28 23:34:32 2012 (4F7391F8)
btwavdt.sys        Thu Mar  1 21:45:18 2012 (4F4FEDEE)
btwl2cap.sys       Sat Aug 27 23:58:52 2011 (4E5976AC)
btwrchid.sys       Thu Mar  1 21:46:08 2012 (4F4FEE20)
intelppm.sys       Tue Jul 14 00:19:25 2009 (4A5BC0FD)
iocbios2.sys       Wed Jun 18 07:48:56 2014 (53A13658)
iusb3hcs.sys       Wed Feb 12 11:06:11 2014 (52FB55A3)
iusb3hub.sys       Wed Feb 12 11:04:30 2014 (52FB553E)
iusb3xhc.sys       Wed Feb 12 11:04:33 2014 (52FB5541)
nvlddmkm.sys       Sat Jan 23 00:12:06 2016 (56A2C556)
nvvad64v.sys       Thu Dec 17 12:47:18 2015 (5672AED6)
pbfilter.sys       Tue Nov 19 05:56:06 2013 (528AFD76)
qsbnrp.sys         Tue Aug 11 18:35:18 2015 (55CA3256)
tap0901.sys        Wed Nov  5 13:16:32 2014 (545A2330)

 

been running the whole malware removal software suite, and am up to RogueKiller, but can't get through a damn scan without a crash! what is qsbnrp.sys? i can't find any info online...

 

That's the point, no online info = very suspicious. Badly written malware is a fairly common cause of BSODs.

Try the scans in Safe Mode/Safe Mode with networking or create a new Topic in Malware and ask how you can get started.

 

http://forums.majorgeeks.com/index.php?threads/unknown-sys.301845/

 

Emma, if you're following this, could that odd driver be dynamically loaded by RogueKiller (I hadn't realised that newmy51 had already begun the malware routine) ?

newmy51, if you get stuck again, prevent PeerBlock from auto-starting or uninstall it during troubleshooting.

 

rebooted in safe mode, no bsods so far. almost all scans/logs done. mgtools is taking forever. stuck at analyse.exe

 

Did you get the Analyse.exe/HiJackThis license popup and agree to it?

 

https://i.imgur.com/V1k9aKi.png

 

logs attached

 

Got all the scans done in normal mode, fwiw. PeerBlock was disabled upon startup.

Still can't find the mysterious .sys file.

On the bright side, no BSOD since this boot...

 

Log reading makes me go blind (those logs are only intended for the Malware area, we're not qualified to deal with them here).

OK, providing you're happy with the judgement of the Malware team, we can continue here.

I'd guess that the odd service might have been dynamically created during the RK scan (I've seen other rootkit scanners also virtual hardware drivers like DaemonTools do this and it would account for you not being able to find the file, as it doesn;t exist without the background process running), I'm happy to ignore any possible malware threat for the time being and continue along faulty hardware lines.

You've checked Speccy and SMART, found 3x more unexpected power losses logged with no corresponding crashes, I've seen a couple of references to PeerBlock causing BSODs at shutdown. It may be that PeerBlock is behind this - uninstall it and keep a close eye on the SMART data for a few days/power cycles.

Do bear in mind that SMART is useful but it cannot detect all defects or predict all drive deaths. It's good at logging what it can but even then, some OEMs log more than others and some drives just die with perfect SMART stats.

 

minidump attached. novel or same old?

 

No, new type, this one is the CPU reporting an error in cache, maybe like some 'memory management' errors, it's down to 'something else' running interference with data that's already loaded into memory/cache. This dump type is difficult to debug deeper than that (for me, at least).

So, it looks like it might be due to a 'bad' driver/filter (again?). Due to the crash being called by the CPU, I suggest you uninstall the Intel Extreme Tuning Utility Performance Tuning Driver and the Intel Extreme Tuning Utility Performance Tuning Acpi Control Driver, also consider updating the motherboard BIOS to F11, it adds "Enhanced Intel K-sku CPU performance" that's your CPU.

Also check for any heat/thermal issues on the motherboard/CPU, I use HWinfo64, set for sensors only (MA has an intro video on it) but Speccy is often accurate and easier to use:
http://www.majorgeeks.com/files/details/hwinfo64.html
http://www.majorgeeks.com/files/details/speccy.html

This could still be caused by one of the remaining older 3rd party drivers.

Code:

Debug session time: Sun Aug 21 16:58:40.994 2016 (UTC + 1:00)
Loading Dump File [C:\Users\Me\SysnativeBSODApps\082116-9406-01.dmp]
Built by: 7601.18798.amd64fre.win7sp1_gdr.150316-1654
System Uptime: 4 days 22:12:05.806
Probably caused by : GenuineIntel
BugCheck 124, {0, fffffa8019861028, be000000, 100110a}
BugCheck Info: [url=http://www.carrona.org/bsodindx.html#0x00000124]WHEA_UNCORRECTABLE_ERROR (124)[/url]
Bugcheck code 00000124
Arguments:
Arg1: 0000000000000000, Machine Check Exception
Arg2: fffffa8019861028, Address of the WHEA_ERROR_RECORD structure.
Arg3: 00000000be000000, High order 32-bits of the MCi_STATUS value.
Arg4: 000000000100110a, Low order 32-bits of the MCi_STATUS value.
BUGCHECK_STR:  0x124_GenuineIntel
PROCESS_NAME:  System
FAILURE_BUCKET_ID:  X64_0x124_GenuineIntel_PROCESSOR_CACHE
MaxSpeed:  3500
CurrentSpeed: 3491
BiosVersion = F5
BiosReleaseDate = 05/09/2013
SystemManufacturer = Gigabyte Technology Co., Ltd.
SystemProductName = Z87M-D3H
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨

 

new implosion

 

Can I have some background information, like what you were doing, what was running, etc. when this occurred please?

 

was in lightroom, alt-tabbed over to Intel Extreme Tuning Utility, turned on the overclock (from 3.7 to 4.3 GHz). cursor froze, bam. here's another one. this time just browsing in chrome with lightroom open in background.

 

Okay, these were both 0x124s, might be a CPU fault, could well be a combination of motherboard and other 'utility' drivers/bloatware (http://www.sevenforums.com/crash-lo...=ad6dfae0b34c1abe27168ef65491173f#post2913688).

Try to run your PC without anything that isn't Windows or the software you run, uninstall all the Intel, Gigabyte, Intel, PeerBlock and other utilities and just use Windows firewall, MSE/Defender during troubleshooting. Try using the 32 bit version of Chrome as well (Download Chrome for another platform link at https://www.google.com/chrome/browser/desktop/index.html)

 

new batch

 

seeing them correspond now almost exclusively with attempts at overclocking (which I don't attempt much anymore).