Windows 7: BSOD and sometimes black screen freeze by just using computer

anonymousmurder · 31 Dec 2012

lately my computer just been freezing with a black screen and having issues with BSOD

**Pauly** · 31 Dec 2012

Hello anonymousmurder, Welcome to SF

First off if your OCing in anyway stop, return everything to stock settings for the purposes of testing

If you havent already, fill in your system specs so we know what we are dealing with
System Info - See Your System Specs

Run some scans to check against virus or infection
Anti-rootkit utility TDSSKiller
Windows Defender Offline

Run some basic hardware tests
RAM - Test with Memtest86+
Disk Check (windows based check)
Hard Drive Diagnostic Procedure (bootable disk check)

OK thats the general stuff now down to specifics
1st dump reports BugCode 0x1 BSOD Index and doesnt give us a great deal to go on as its quite unusual and blames the driver AgileVpn.sys which is a driver from windows update so cannot really cause a BSOD

Code:

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1, {73732e09, 0, 1, fffff8800ebe2ca0}
Probably caused by : ntkrnlmp.exe ( nt!KiSystemServiceExit+245 )
Followup: MachineOwner
---------
4: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************
APC_INDEX_MISMATCH (1)
This is a kernel internal error. The most common reason to see this
bugcheck is when a filesystem or a driver has a mismatched number of
calls to disable and re-enable APCs. The key data item is the
Thread->CombinedApcDisable field. This consists of two separate 16-bit
fields, the SpecialApcDisable and the KernelApcDisable. A negative value
of either indicates that a driver has disabled special or normal APCs
(respectively) without re-enabling them; a positive value indicates that
a driver has enabled special or normal APCs (respectively) too many times.
Arguments:
Arg1: 0000000073732e09, Address of system call function or worker routine
Arg2: 0000000000000000, Thread->ApcStateIndex
Arg3: 0000000000000001, (Thread->SpecialApcDisable << 16) | Thread->KernelApcDisable
Arg4: fffff8800ebe2ca0, Call type (0 - system call, 1 - worker routine)
Debugging Details:
------------------

FAULTING_IP: 
+0
00000000`73732e09 c3              ret
CUSTOMER_CRASH_COUNT:  1
DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT
BUGCHECK_STR:  0x1
PROCESS_NAME:  ccsvchst.exe
CURRENT_IRQL:  0
LAST_CONTROL_TRANSFER:  from fffff800030da569 to fffff800030dafc0
STACK_TEXT:  
fffff880`0ebe2a68 fffff800`030da569 : 00000000`00000001 00000000`73732e09 00000000`00000000 00000000`00000001 : nt!KeBugCheckEx
fffff880`0ebe2a70 fffff800`030da4a0 : 00000000`00000000 fffff880`0ebe2ca0 00000000`00000000 fffff800`033c0be3 : nt!KiBugCheckDispatch+0x69
fffff880`0ebe2bb0 00000000`73732e09 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceExit+0x245
00000000`0325f068 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x73732e09

STACK_COMMAND:  kb
FOLLOWUP_IP: 
nt!KiSystemServiceExit+245
fffff800`030da4a0 4883ec50        sub     rsp,50h
SYMBOL_STACK_INDEX:  2
SYMBOL_NAME:  nt!KiSystemServiceExit+245
FOLLOWUP_NAME:  MachineOwner
MODULE_NAME: nt
IMAGE_NAME:  ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP:  503f82be
FAILURE_BUCKET_ID:  X64_0x1_SysCallNum_4_nt!KiSystemServiceExit+245
BUCKET_ID:  X64_0x1_SysCallNum_4_nt!KiSystemServiceExit+245
Followup: MachineOwner
---------

2nd dump BugCheck 0x3B BSOD Index with a reference to ks.sys which again is a windows driver
Probable causes

Quote:

System service, Device driver, graphics driver, ?memory

Code:

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 3B, {c0000005, fffff880077cda11, fffff88002de24a0, 0}
Probably caused by : ks.sys ( ks!KspClose+f9 )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff880077cda11, Address of the instruction which caused the bugcheck
Arg3: fffff88002de24a0, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP: 
ks!KspClose+f9
fffff880`077cda11 41ffd0          call    r8
CONTEXT:  fffff88002de24a0 -- (.cxr 0xfffff88002de24a0)
rax=00000000134dc000 rbx=fffffa801a3f19f0 rcx=fffffa800bf70e20
rdx=fffffa801a3f19f0 rsi=fffffa800bf70da0 rdi=fffffa801a3f1d90
rip=fffff880077cda11 rsp=fffff88002de2e80 rbp=fffffa801a3f19f0
 r8=000300020dff0e01  r9=0000000000000000 r10=0000000000000000
r11=0000000000000000 r12=fffffa800adecc50 r13=fffff880077c5110
r14=fffffa800adf6900 r15=fffff8a00354d650
iopl=0         nv up ei pl nz na pe nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010202
ks!KspClose+0xf9:
fffff880`077cda11 41ffd0          call    r8 {00030002`0dff0e01}
Resetting default scope
CUSTOMER_CRASH_COUNT:  1
DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT
BUGCHECK_STR:  0x3B
PROCESS_NAME:  svchost.exe
CURRENT_IRQL:  0
LAST_CONTROL_TRANSFER:  from fffff880077cdc34 to fffff880077cda11
STACK_TEXT:  
fffff880`02de2e80 fffff880`077cdc34 : fffffa80`0adecc50 fffffa80`0bf70d50 fffffa80`1a3f19f0 fffffa80`0adecb90 : ks!KspClose+0xf9
fffff880`02de2ec0 fffff880`077cd52d : 00000000`00000000 fffffa80`1a3f1dd8 fffffa80`0adecb90 fffffa80`0adf6900 : ks!CKsFilter::DispatchClose+0x104
fffff880`02de2f30 fffff880`08bf9825 : 00000000`00000001 fffffa80`0adecb90 fffffa80`17299c80 00000000`00000000 : ks!DispatchClose+0x4d
fffff880`02de2f60 fffff800`033cbf2e : fffffa80`17299cb0 00000000`00000001 fffffa80`00000000 fffffa80`1a3f19f0 : ksthunk!CKernelFilterDevice::DispatchIrp+0x11d
fffff880`02de2fc0 fffff800`030dd1d4 : 00000000`000000d4 fffffa80`0bf7a060 fffffa80`06a492a0 fffff880`02de0015 : nt!IopDeleteFile+0x11e
fffff880`02de3050 fffff800`033c6ae4 : fffffa80`0bf7a060 00000000`00000000 fffffa80`0bfabb50 00000000`00000000 : nt!ObfDereferenceObject+0xd4
fffff880`02de30b0 fffff800`033c7094 : 00000000`000009c4 fffffa80`0bf7a060 fffff8a0`0354d650 00000000`000009c4 : nt!ObpCloseHandleTableEntry+0xc4
fffff880`02de3140 fffff800`030d3253 : fffffa80`0bfabb50 fffff880`02de3210 00000000`00000001 00000000`003fe1f0 : nt!ObpCloseHandle+0x94
fffff880`02de3190 00000000`775c140a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`00fcf2d8 fffff800`030cb610 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x775c140a
fffff880`02de3370 fffff880`00000000 : fffffa80`0bf7a060 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCallUserMode
fffff880`02de3378 fffffa80`0bf7a060 : 00000000`00000000 00000000`00000000 00000000`00000000 fffff880`02de3db0 : 0xfffff880`00000000
fffff880`02de3380 00000000`00000000 : 00000000`00000000 00000000`00000000 fffff880`02de3db0 00000000`00000000 : 0xfffffa80`0bf7a060

FOLLOWUP_IP: 
ks!KspClose+f9
fffff880`077cda11 41ffd0          call    r8
SYMBOL_STACK_INDEX:  0
SYMBOL_NAME:  ks!KspClose+f9
FOLLOWUP_NAME:  MachineOwner
MODULE_NAME: ks
IMAGE_NAME:  ks.sys
DEBUG_FLR_IMAGE_TIMESTAMP:  4ce7a3f3
STACK_COMMAND:  .cxr 0xfffff88002de24a0 ; kb
FAILURE_BUCKET_ID:  X64_0x3B_ks!KspClose+f9
BUCKET_ID:  X64_0x3B_ks!KspClose+f9
Followup: MachineOwner
---------

3rd dump BugCheck 0xFC BSOD Index blaming driver dgmbx2.sys which is associated with ? Digidesign Mbox2 Analog 1/2 (3- Digidesign Mbox 2 Audio) ? if you look at bottom you will see driver is dated 11/02/11 so is nearly 2 years old and in need of updating, if you cant update it i would remove it for the purposes of testing

Code:

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck FC, {fffff8800c3b84c8, 8000000224b62121, fffff8800e77b770, 2}
*** WARNING: Unable to verify timestamp for dgmbx2.sys
*** ERROR: Module load completed but symbols could not be loaded for dgmbx2.sys
Probably caused by : dgmbx2.sys ( dgmbx2+214c8 )
Followup: MachineOwner
---------
7: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************
ATTEMPTED_EXECUTE_OF_NOEXECUTE_MEMORY (fc)
An attempt was made to execute non-executable memory.  The guilty driver
is on the stack trace (and is typically the current instruction pointer).
When possible, the guilty driver's name (Unicode string) is printed on
the bugcheck screen and saved in KiBugCheckDriver.
Arguments:
Arg1: fffff8800c3b84c8, Virtual address for the attempted execute.
Arg2: 8000000224b62121, PTE contents.
Arg3: fffff8800e77b770, (reserved)
Arg4: 0000000000000002, (reserved)
Debugging Details:
------------------

CUSTOMER_CRASH_COUNT:  1
DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT
BUGCHECK_STR:  0xFC
PROCESS_NAME:  svchost.exe
CURRENT_IRQL:  0
TRAP_FRAME:  fffff8800e77b770 -- (.trap 0xfffff8800e77b770)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffffa801a715158 rbx=0000000000000000 rcx=fffffa8019d586a0
rdx=fffffa801d51fb80 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8800c3b84c8 rsp=fffff8800e77b908 rbp=fffffa801d51fb80
 r8=fffff8800c3b84c8  r9=0000000000000000 r10=0000000000000000
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei ng nz na pe nc
dgmbx2+0x214c8:
fffff880`0c3b84c8 e182            loope   dgmbx2+0x2144c (fffff880`0c3b844c) [br=0]
Resetting default scope
LAST_CONTROL_TRANSFER:  from fffff8000307bbb4 to fffff800030d3fc0
STACK_TEXT:  
fffff880`0e77b608 fffff800`0307bbb4 : 00000000`000000fc fffff880`0c3b84c8 80000002`24b62121 fffff880`0e77b770 : nt!KeBugCheckEx
fffff880`0e77b610 fffff800`030d20ee : 00000000`00000008 fffff880`0c3b84c8 fffffa80`72456300 fffffa80`1d51fb80 : nt! ?? ::FNODOBFM::`string'+0x44dbc
fffff880`0e77b770 fffff880`0c3b84c8 : fffff880`07756a14 fffffa80`1d51fb80 fffffa80`00000000 fffff880`0774e100 : nt!KiPageFault+0x16e
fffff880`0e77b908 fffff880`07756a14 : fffffa80`1d51fb80 fffffa80`00000000 fffff880`0774e100 fffffa80`1d51fb00 : dgmbx2+0x214c8
fffff880`0e77b910 fffff880`07756c34 : fffffa80`0701d040 fffffa80`19d585d0 fffffa80`1d51fb80 fffffa80`19907800 : ks!KspClose+0xfc
fffff880`0e77b950 fffff880`0775652d : 00000000`00000000 fffffa80`1d51ff68 fffffa80`19907800 fffffa80`1a631270 : ks!CKsFilter::DispatchClose+0x104
fffff880`0e77b9c0 fffff880`0305e825 : 00000000`00000001 fffffa80`19907800 fffffa80`0fcf21f0 00000000`00000000 : ks!DispatchClose+0x4d
fffff880`0e77b9f0 fffff800`033cbf2e : fffffa80`0fcf2220 00000000`00000001 fffffa80`00000000 fffffa80`1d51fb80 : ksthunk!CKernelFilterDevice::DispatchIrp+0x11d
fffff880`0e77ba50 fffff800`030dd1d4 : 00000000`02aa32d0 fffffa80`0c5ec570 fffffa80`06a32400 fffff800`030dce9a : nt!IopDeleteFile+0x11e
fffff880`0e77bae0 fffff800`033c6ae4 : fffffa80`0c5ec570 00000000`00000000 fffffa80`0c682b50 00000000`00000000 : nt!ObfDereferenceObject+0xd4
fffff880`0e77bb40 fffff800`033c7094 : 00000000`00000430 fffffa80`0c5ec570 fffff8a0`05cb07a0 00000000`00000430 : nt!ObpCloseHandleTableEntry+0xc4
fffff880`0e77bbd0 fffff800`030d3253 : fffffa80`0c682b50 fffff880`0e77bca0 00000000`01b6ae50 00000000`00131410 : nt!ObpCloseHandle+0x94
fffff880`0e77bc20 00000000`771d140a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`01eff438 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x771d140a

STACK_COMMAND:  kb
FOLLOWUP_IP: 
dgmbx2+214c8
fffff880`0c3b84c8 e182            loope   dgmbx2+0x2144c (fffff880`0c3b844c)
SYMBOL_STACK_INDEX:  3
SYMBOL_NAME:  dgmbx2+214c8
FOLLOWUP_NAME:  MachineOwner
MODULE_NAME: dgmbx2
IMAGE_NAME:  dgmbx2.sys
DEBUG_FLR_IMAGE_TIMESTAMP:  4d55bffc
FAILURE_BUCKET_ID:  X64_0xFC_dgmbx2+214c8
BUCKET_ID:  X64_0xFC_dgmbx2+214c8
Followup: MachineOwner
---------
7: kd> lmvm dgmbx2
start             end                 module name
fffff880`0c397000 fffff880`0c3c8000   dgmbx2   T (no symbols)           
    Loaded symbol image file: dgmbx2.sys
    Image path: dgmbx2.sys
    Image name: dgmbx2.sys
    Timestamp:        Fri Feb 11 23:02:20 2011 (4D55BFFC)
    CheckSum:         00032601
    ImageSize:        00031000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4

Given the combo of errors and possible reasons i think it likely we are looking at a problem with a driver
I would start with dgmbx2.sys then have a look at your gfx drivers they are dated 01/06/11 and would benefit from updating, to do this locate new drivers uninstall old ones run Drivers - Clean Left over Files after Uninstalling to clean out any leftovers than can cause problems then install new ones

A few other drivers that look old are
HECIx64.sys 17/09/2009 Intel Management Engine Interface (mobo driver ? chipset)
MDPMGRNT.SYS 23/09/2009 MacDrive Partition Driver
Tpkd.sys 23/12/2009 PACE Anti-Piracy InterLok software
CBDisk.sys 13/01/2010 CallbackDisk Virtual Storage Driver
MDFSYSNT.sys 04/02/2010 MacDrive file system driver
Rt64win7.sys 04/03/2010 Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC
RTKVHD64.sys 07/09/2010 Realtek High Definition Audio Function Driver
could be beneficial to update these but not top priority

anonymousmurder · 04 Jan 2013

i still have the same problem but i know that every time my computer goes into idle. That's when it turns black and never recovers or i get a BSOD . BSOD sometimes when i just browse the internet or watch YouTube . here goes my newest BSOD

**Pauly** · 04 Jan 2013

Have you followed post #2 ? what have you done

Windows 7: BSOD and sometimes black screen freeze by just using computer

BSOD and sometimes black screen freeze by just using computer problems?