Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.



Windows 7: BSOD coming frequently

09 Jan 2013   #1

Windows 7 64 bit
 
 
BSOD coming frequently

Have been getting BSOD starting Christmas day 2012. First was BCCode 50. Then BCCode 96. Now BCCode f4 occurs when they system trys to do the update when shutting down. It also occurs if I try and do the updates manually.

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7601.2.1.0.256.48
Locale ID: 1033

Additional information about the problem:
BCCode: f4
BCP1: 0000000000000003
BCP2: FFFFFA800BCD9B30
BCP3: FFFFFA800BCD9E10
BCP4: FFFFF800033C8460
OS Version: 6_1_7601
Service Pack: 1_0
Product: 256_1

Files that help describe the problem:
C:\Windows\Minidump\010913-20358-01.dmp
C:\Users\Ronald\AppData\Local\Temp\WER-57611-0.sysdata.xml

Read our privacy statement online:
http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:
C:\Windows\system32\en-US\erofflps.txt

This is information from the most recent crash.

I have run memtest86. It found no problems
I ran the Dell hardware analyzer it showed no problems.
I have more dump files from previus days

Hopefully my dmp file is attached or was uploaded...

My System SpecsSystem Spec
.

09 Jan 2013   #2

Microsoft Community Contributor Award Recipient

Windows 7 Home Premium 64Bit
 
 

Welcome.

Code:
DEFAULT_BUCKET_ID:  VERIFIER_ENABLED_VISTA_MINIDUMP
Please disable driver verfier:
Driver Verifier - Enable and Disable
Please upload your msinfo32.nfo file. To get this: Start Menu -> Type msinfo32 into the Search programs and files box -> When it opens, go to File, Save -> Save as msinfo32.nfo and save in a place you will remember -> Let it finish the process of gathering and saving the system info -> Right click the .nfo file, click send to compressed (zipped) folder -> Upload the .zip file here.

Please upload your msinfo32.txt file. To get this: Start Menu -> Type msinfo32 into the Search programs and files box -> When it opens, go to File, Export -> Save as msinfo32.txt and save in a place you will remember -> Let it finish the process of gathering and saving the system info -> Right click the .txt file, click send to compressed (zipped) folder -> Upload the .zip file here.
My System SpecsSystem Spec
10 Jan 2013   #3

Windows 7 64 bit
 
 
Requested files attached

Good luck!
My System SpecsSystem Spec
.


10 Jan 2013   #4

Microsoft Community Contributor Award Recipient

Windows 7 Home Premium 64Bit
 
 

What antivirus app do you use?
My System SpecsSystem Spec
10 Jan 2013   #5

Windows 7 64 bit
 
 

Windows defender
My System SpecsSystem Spec
10 Jan 2013   #6

Microsoft Community Contributor Award Recipient

Windows 7 Home Premium 64Bit
 
 

Make scans with the following:

-Kaspersky TDSSKiller-ESET online scannerMicrosoft Security Essentials.
Recommended from a strict BSOD perspective, compatibility & stability compared to other antiviruses/internet security software. It is free and lightweight:-
warning   Warning
Do not start the free trial of Malware Bytes; remember to deselect that option when prompted.


Run a full scan with both (separately) once downloaded, installed and updated.
My System SpecsSystem Spec
10 Jan 2013   #7

Windows 7 64 bit
 
 
Kaspersky results

Ran Kaspersky. Found one item. Quarantined it first. Ran the scan again then cured it. I did not write down the name of the item. I don't know if that was important? Will run malware next.

Here is the report:

08:40:59.0378 4048 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
08:40:59.0909 4048 ============================================================
08:40:59.0909 4048 Current date / time: 2013/01/10 08:40:59.0909
08:40:59.0909 4048 SystemInfo:
08:40:59.0909 4048
08:40:59.0909 4048 OS Version: 6.1.7601 ServicePack: 1.0
08:40:59.0909 4048 Product type: Workstation
08:40:59.0909 4048 ComputerName: RONALD-PC
08:40:59.0909 4048 UserName: Ronald
08:40:59.0909 4048 Windows directory: C:\Windows
08:40:59.0909 4048 System windows directory: C:\Windows
08:40:59.0909 4048 Running under WOW64
08:40:59.0909 4048 Processor architecture: Intel x64
08:40:59.0909 4048 Number of processors: 8
08:40:59.0909 4048 Page size: 0x1000
08:40:59.0909 4048 Boot type: Normal boot
08:40:59.0909 4048 ============================================================
08:41:02.0701 4048 BG loaded
08:41:02.0998 4048 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:41:03.0029 4048 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:41:03.0029 4048 Drive \Device\Harddisk2\DR2 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
08:41:03.0029 4048 ============================================================
08:41:03.0029 4048 \Device\Harddisk0\DR0:
08:41:03.0029 4048 MBR partitions:
08:41:03.0029 4048 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1A4D000
08:41:03.0029 4048 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A61000, BlocksNum 0x72CA5000
08:41:03.0029 4048 \Device\Harddisk1\DR1:
08:41:03.0029 4048 MBR partitions:
08:41:03.0029 4048 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
08:41:03.0029 4048 \Device\Harddisk2\DR2:
08:41:03.0029 4048 MBR partitions:
08:41:03.0029 4048 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0xA962F3, BlocksNum 0x16A03C0D
08:41:03.0029 4048 \Device\Harddisk2\DR2\Partition2: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0xA962B4
08:41:03.0029 4048 ============================================================
08:41:03.0076 4048 C: <-> \Device\Harddisk0\DR0\Partition2
08:41:03.0076 4048 D: <-> \Device\Harddisk1\DR1\Partition1
08:41:03.0076 4048 F: <-> \Device\Harddisk2\DR2\Partition2
08:41:03.0107 4048 G: <-> \Device\Harddisk2\DR2\Partition1
08:41:03.0107 4048 ============================================================
08:41:03.0107 4048 Initialize success
08:41:03.0107 4048 ============================================================
My System SpecsSystem Spec
10 Jan 2013   #8

Microsoft Community Contributor Award Recipient

Windows 7 Home Premium 64Bit
 
 

Update the thread when you're done scanning with all the apps.
My System SpecsSystem Spec
10 Jan 2013   #9

Windows 7 64 bit
 
 
Malware and ESET logs

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Database version: v2013.01.10.08
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Ronald :: RONALD-PC [administrator]
1/10/2013 11:06:38 AM
MBAM-log-2013-01-10 (16-25-31).txt
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 509030
Time elapsed: 50 minute(s), 11 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 9
C:\$Recycle.Bin\S-1-5-18\$bf85b9ec1403fe70ca17f882159b1a31\n (Trojan.0Access) -> No action taken.
C:\$Recycle.Bin\S-1-5-18\$bf85b9ec1403fe70ca17f882159b1a31\U\00000004.@ (Trojan.0Access) -> No action taken.
C:\$Recycle.Bin\S-1-5-18\$bf85b9ec1403fe70ca17f882159b1a31\U\00000008.@ (Trojan.Dropper.BCMiner) -> No action taken.
C:\$Recycle.Bin\S-1-5-18\$bf85b9ec1403fe70ca17f882159b1a31\U\000000cb.@ (Trojan.0Access) -> No action taken.
C:\$Recycle.Bin\S-1-5-18\$bf85b9ec1403fe70ca17f882159b1a31\U\80000000.@ (Trojan.0Access) -> No action taken.
C:\$Recycle.Bin\S-1-5-18\$bf85b9ec1403fe70ca17f882159b1a31\U\80000064.@ (Trojan.0Access) -> No action taken.
C:\$Recycle.Bin\S-1-5-21-127904358-1895413300-3915022823-1000\$bf85b9ec1403fe70ca17f882159b1a31\n (Trojan.0Access) -> No action taken.
C:\Users\Ronald\AppData\Local\Temp\dooi0h2ans.exe (Exploit.Drop.GS) -> No action taken.
C:\Windows\svchost.exe (Trojan.Agent) -> No action taken.
(end)

ESET:

C:\Users\All Users\Microsoft\Windows\DRM\5611.tmp Win64/Olmarik.AO trojan unable to clean
C:\Users\All Users\Microsoft\Windows\DRM\5660.tmp Win64/Olmarik.AO trojan unable to clean
C:\ProgramData\Microsoft\Windows\DRM\5611.tmp Win64/Olmarik.AO trojan cleaned by deleting - quarantined
C:\ProgramData\Microsoft\Windows\DRM\5660.tmp Win64/Olmarik.AO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\10.01.2013_08.37.17\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\10.01.2013_08.37.17\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AM trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\10.01.2013_08.37.17\mbr0000\tdlfs0000\tsk0002.dta a variant of Win32/Rootkit.Kryptik.RG trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\10.01.2013_08.37.17\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AN trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\10.01.2013_08.37.17\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\10.01.2013_08.37.17\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\10.01.2013_08.37.17\mbr0001\tdlfs0000\tsk0000.dta Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\10.01.2013_08.37.17\mbr0001\tdlfs0000\tsk0001.dta Win64/Olmarik.AM trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\10.01.2013_08.37.17\mbr0001\tdlfs0000\tsk0002.dta a variant of Win32/Rootkit.Kryptik.RG trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\10.01.2013_08.37.17\mbr0001\tdlfs0000\tsk0003.dta Win64/Olmarik.AN trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\10.01.2013_08.37.17\mbr0001\tdlfs0000\tsk0007.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\10.01.2013_08.37.17\mbr0001\tdlfs0000\tsk0008.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\Users\Ronald\AppData\Local\Temp\573C.tmp Win32/Olmarik.AYR trojan cleaned by deleting - quarantined
C:\Users\Ronald\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\28a8bade-23c01b9b Win32/Olmarik.AYR trojan cleaned by deleting - quarantined
C:\Users\Ronald\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\1a558184-440cdea7 a variant of Win32/Injector.AAHF trojan cleaned by deleting - quarantined
C:\Users\Ronald\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\17b87d05-61342035 Java/Exploit.CVE-2012-1723.AV trojan cleaned by deleting - quarantined
C:\Users\Ronald\AppData\Roaming\pstorecr.dll a variant of Win32/Ponmocup.FT trojan cleaned by deleting (after the next restart) - quarantined
My System SpecsSystem Spec
11 Jan 2013   #10

Microsoft Community Contributor Award Recipient

Windows 7 Home Premium 64Bit
 
 

What about MSE?

Any new BSODs?
My System SpecsSystem Spec
Reply

 BSOD coming frequently





Thread Tools



Similar help and support threads for2: BSOD coming frequently
Thread Forum
BSOD Very Frequently While Using PC BSOD Help and Support
BSOD Frequently BSOD Help and Support
BSoD very frequently plz help BSOD Help and Support
BSOD too frequently BSOD Help and Support
BSOD frequently BSOD Help and Support
BSOD Frequently BSOD Help and Support
BSOD Frequently BSOD Help and Support

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 02:40 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33