Strange BSOD, W7-64

oxygen15 · May 10, 2013

Hi all. Sorry for my English.
I have serious strange problem.
I have two HP DC7800 workstations at home (win7-64bit, e8400, hd6570, 4gb, one 500gb hdd, other 630gb hdd).
So, these computers hard working every day (photoshop, premiere, outlook, etc.).
And..... 5 days ago i have had very bad surprise. In one hour i get 4 BSOD's from one machine!!!
Scenario:
received new email in outlook, answerred. BSOD.
restart automatically, loading windows, login- BSOD.
restart automatically, loading in safe mode- loading stops at classpnp.sys file.
turn computer off- turn computer on- loading normally, but at screen was only mouse cursor in black background.
turn off- turn on- finally loaded, everithing fine to the present. 5 days of work without any problems.
i have tested memory with Memtest for 10 passes. No errors.
i have tested CPU with stress test. No errors.
I have checked HDD for errors, everything is good, no errors in SMART too.

I have downloaded BlueScreenView application:

BSOD N.1:

050413-22120-01.dmp
2013.05.04 01:54:47
CRITICAL_OBJECT_TERMINATION
0x000000f4
00000000`00000003
fffffa80`076c2b30
fffffa80`076c2e10
fffff800`02f9b350
ntoskrnl.exe
ntoskrnl.exe+75c00
NT Kernel & System
Microsoft® Windows® Operating System
Microsoft Corporation 6.1.7601.18113 (win7sp1_gdr.130318-1533)
x64
ntoskrnl.exe+75c00
C:\Windows\Minidump\050413-22120-01.dmp 2 15 7601 275.560

BSOD N.2:

050413-20592-01.dmp
2013.05.04 01:59:16
PAGE_FAULT_IN_NONPAGED_AREA
0x00000050
ffffffff`ffffffe0
00000000`00000001
fffff800`02ccfd9c
00000000`00000000
ntoskrnl.exe
ntoskrnl.exe+75c00
NT Kernel & System
Microsoft® Windows® Operating System
Microsoft Corporation 6.1.7601.18113 (win7sp1_gdr.130318-1533)
x64 ntoskrnl.exe+75c00
C:\Windows\Minidump\050413-20592-01.dmp 2 15 7601 275.560

BSOD N.3:

050413-23259-01.dmp
2013.05.04 02:06:00
SYSTEM_SERVICE_EXCEPTION
0x0000003b
00000000`c0000005
fffff800`02fc0833
fffff880`08fd5f70
00000000`00000000
ntoskrnl.exe
ntoskrnl.exe+75c00
NT Kernel & System
Microsoft® Windows® Operating System
Microsoft Corporation 6.1.7601.18113 (win7sp1_gdr.130318-1533)
x64 ntoskrnl.exe+75c00
C:\Windows\Minidump\050413-23259-01.dmp 2 15 7601 275.560

BSOD N.4:

050413-21247-01.dmp
2013.05.04 02:32:11
MEMORY_MANAGEMENT
0x0000001a
00000000`00000031
fffffa80`03fa2280
fffff880`0845e000
fffff8a0`00ffe0cf
ntoskrnl.exe
ntoskrnl.exe+75c00
NT Kernel & System
Microsoft® Windows® Operating System
Microsoft Corporation 6.1.7601.18113 (win7sp1_gdr.130318-1533)
x64 ntoskrnl.exe+75c00
C:\Windows\Minidump\050413-21247-01.dmp 2 15 7601 271.432

So.... Can this be software problem? Or it seems to be hardware?
Many thanks..

cipley · May 10, 2013

at least upload the dump files...read this first:
http://www.sevenforums.com/bsod-help-support/96879-blue-screen-death-bsod-posting-instructions.html
then we'll see if we can be any help

oxygen15 · May 10, 2013

OK, thank You, there it is:

cipley · May 10, 2013

I don't see MSINFO file, can you please look it up and upload here also?

oxygen15 · May 10, 2013

OK, i will try one more time. Just SF checker stops when should detect Serial ports.

cipley · May 10, 2013

Uh oh.

STOP 0x000000F4: CRITICAL_OBJECT_TERMINATION
Usual Causes: ? (in my experience, malware/possibly viruses)

STOP 0x00000050: PAGE_FAULT_IN_NONPAGED_AREA
Usual causes: Defective hardware (particularly memory - but not just RAM), Faulty system service, Antivirus, Device driver, NTFS corruption, BIOS

STOP 0x0000003B: SYSTEM_SERVICE_EXCEPTION
Usual causes: System service, Device driver, graphics driver, ?memory

STOP 0x0000001A: MEMORY_MANAGEMENT
Usual causes: Device driver, memory, kernel

F4 Bugcheck, means something abruptly terminates an essential Windows process, causing the whole system to crash.
in your case, csrss.exe
In my experience, this is mainly caused by malwares. But we need that MSINFO to look for the cause, too

- Scan the computer for viruses and malwares using MSE and Malwarebytes.
Microsoft Security Essentials | Protect against viruses, spyware, and other malware
Malwarebytes : Malwarebytes Anti-Malware removes malware including viruses, spyware, worms and trojans, plus it protects your computer --> DO NOT activate free trial
Install, update, do a full scan.

- Some of the windows components are failing (i.e. lsm.exe from the dump file). Better check Windows System File integrity
from command prompt, do these two commands:
chkdsk /r /f
SFC /scannow --> if the result is other than "no violations detected" run it again 2 more times

I'll go see if the other is available to help

BSOD ANALYSIS

Code:

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck F4, {3, fffffa80076c2b30, fffffa80076c2e10, fffff80002f9b350}

Probably caused by : csrss.exe

Followup: MachineOwner
---------
CRITICAL_OBJECT_TERMINATION (f4)
A process or thread crucial to system operation has unexpectedly exited or been
terminated.
Several processes and threads are necessary for the operation of the
system; when they are terminated (for any reason), the system can no
longer function.

Code:

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 50, {ffffffffffffffe0, 1, fffff80002ccfd9c, 0}


Could not read faulting driver name
Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+4518f )

Followup: MachineOwner
---------
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced.  This cannot be protected by try-except,
it must be protected by a Probe.  Typically the address is just plain bad or it
is pointing at freed memory.

Code:

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 3B, {c0000005, fffff80002fc0833, fffff88008fd5f70, 0}

Probably caused by : ntkrnlmp.exe ( nt!AlpcpDispatchReplyToPort+6f )

Followup: MachineOwner
---------
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.

Code:

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1A, {31, fffffa8003fa2280, fffff8800845e000, fffff8a000ffe0cf}

Probably caused by : ntkrnlmp.exe ( nt! ?? ::NNGAKEGL::`string'+71d1 )

Followup: MachineOwner
---------
MEMORY_MANAGEMENT (1a)
    # Any other values for parameter 1 must be individually examined.

oxygen15 · May 10, 2013

Here is full SF checker folder:

cipley · May 10, 2013

well well well, look what you've got in your startup list:

Code:

C:\Windows\system32\V0530Ext.ax	c:\windows\system32\regsvr32.exe /s c:\windows\system32\v0530ext.ax	Public	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

I am most definitely sure this is a malware
Can you boot to Safe Mode with Networking?
it's best to run the scan from there.

oxygen15 · May 10, 2013

OK now i will do that!

cipley · May 10, 2013

Looking forward to your result

oxygen15 · May 10, 2013

unfortunately, Cipley,

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.05.10.10
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
Igoris :: IGORIS-PC [administrator]
2013.05.11 00:30:44
mbam-log-2013-05-11 (00-30-44).txt
Scan type: Custom scan (C:\Windows\System32|)
Scan options enabled: File System | Heuristics/Shuriken | PUP | PUM
Scan options disabled: Memory | Startup | Registry | Heuristics/Extra | P2P
Objects scanned: 13606
Time elapsed: 6 minute(s), 32 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

Maybe i should run full system scan?

cipley · May 10, 2013

Scan options disabled: Memory | Startup | Registry | Heuristics/Extra | P2P

well these are actually the important ones

do a full scan.

but, 6 minutes? that's quick :shock:

oxygen15 · May 10, 2013

OK goodnight, Cipley, tomorrow i will write here results.

cipley · May 10, 2013

sure, take your time

oxygen15 · May 11, 2013

Hi, Cipley.
It seems that my system is clean... Only one file in old software installs folder was infected with malware. But I did not use this program for many years.

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.05.10.10
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
Igoris :: IGORIS-PC [administrator]
2013.05.11 00:52:58
MBAM-log-2013-05-11 (09-29-59).txt
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 547363
Time elapsed: 1 hour(s), 30 minute(s), 28 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Users\Igoris\Software\ABBYY FineReader v8.0.0.684 Professional MULTILANGUAGE\Keygen\Keygen.exe (Riskware.Took.CK) -> No action taken.
(end)

oxygen15 · May 11, 2013

so, maybe it was hardware problem?
then it's nightmare

i must trust my workstations, if it can be problem with hardware- i must change my computers.

cipley · May 11, 2013

have you tried scanning using MSE?

Northernsoul55 · May 11, 2013

Interesting!

Code:

C:\Users\Igoris\Software\ABBYY FineReader v8.0.0.684 Professional MULTILANGUAGE\[B][U][COLOR=red]Keygen\Keygen.exe[/COLOR][/U][/B]

oxygen15 · May 11, 2013

Yes, interesting

just old software from my college times

oxygen15 · May 11, 2013

cipley said:
have you tried scanning using MSE?

Hi. Now MSE is running, full scan. But i feel that i'm really don't have any virus or malware.. Later i will write results here.

Strange BSOD, W7-64

New member

My Computer

New member

My Computer

New member

My Computer

New member

My Computer

New member

My Computer

New member

My Computer

New member

My Computer

New member

My Computer

New member

My Computer

New member

My Computer

New member

My Computer

New member

My Computer

New member

My Computer

New member

My Computer

New member

My Computer

New member

My Computer

New member

My Computer

New member

My Computer

New member

My Computer

New member

My Computer