New
#1
BSOD and sometimes black screen freeze by just using computer
lately my computer just been freezing with a black screen and having issues with BSOD
lately my computer just been freezing with a black screen and having issues with BSOD
Hello anonymousmurder, Welcome to SF
First off if your OCing in anyway stop, return everything to stock settings for the purposes of testing
If you havent already, fill in your system specs so we know what we are dealing with
System Info - See Your System Specs
Run some scans to check against virus or infection
Anti-rootkit utility TDSSKiller
Windows Defender Offline
Run some basic hardware tests
RAM - Test with Memtest86+
Disk Check (windows based check)
Hard Drive Diagnostic Procedure (bootable disk check)
OK thats the general stuff now down to specifics
1st dump reports BugCode 0x1 BSOD Index and doesnt give us a great deal to go on as its quite unusual and blames the driver AgileVpn.sys which is a driver from windows update so cannot really cause a BSOD
2nd dump BugCheck 0x3B BSOD Index with a reference to ks.sys which again is a windows driverCode:******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 1, {73732e09, 0, 1, fffff8800ebe2ca0} Probably caused by : ntkrnlmp.exe ( nt!KiSystemServiceExit+245 ) Followup: MachineOwner --------- 4: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* APC_INDEX_MISMATCH (1) This is a kernel internal error. The most common reason to see this bugcheck is when a filesystem or a driver has a mismatched number of calls to disable and re-enable APCs. The key data item is the Thread->CombinedApcDisable field. This consists of two separate 16-bit fields, the SpecialApcDisable and the KernelApcDisable. A negative value of either indicates that a driver has disabled special or normal APCs (respectively) without re-enabling them; a positive value indicates that a driver has enabled special or normal APCs (respectively) too many times. Arguments: Arg1: 0000000073732e09, Address of system call function or worker routine Arg2: 0000000000000000, Thread->ApcStateIndex Arg3: 0000000000000001, (Thread->SpecialApcDisable << 16) | Thread->KernelApcDisable Arg4: fffff8800ebe2ca0, Call type (0 - system call, 1 - worker routine) Debugging Details: ------------------ FAULTING_IP: +0 00000000`73732e09 c3 ret CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT BUGCHECK_STR: 0x1 PROCESS_NAME: ccsvchst.exe CURRENT_IRQL: 0 LAST_CONTROL_TRANSFER: from fffff800030da569 to fffff800030dafc0 STACK_TEXT: fffff880`0ebe2a68 fffff800`030da569 : 00000000`00000001 00000000`73732e09 00000000`00000000 00000000`00000001 : nt!KeBugCheckEx fffff880`0ebe2a70 fffff800`030da4a0 : 00000000`00000000 fffff880`0ebe2ca0 00000000`00000000 fffff800`033c0be3 : nt!KiBugCheckDispatch+0x69 fffff880`0ebe2bb0 00000000`73732e09 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceExit+0x245 00000000`0325f068 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x73732e09 STACK_COMMAND: kb FOLLOWUP_IP: nt!KiSystemServiceExit+245 fffff800`030da4a0 4883ec50 sub rsp,50h SYMBOL_STACK_INDEX: 2 SYMBOL_NAME: nt!KiSystemServiceExit+245 FOLLOWUP_NAME: MachineOwner MODULE_NAME: nt IMAGE_NAME: ntkrnlmp.exe DEBUG_FLR_IMAGE_TIMESTAMP: 503f82be FAILURE_BUCKET_ID: X64_0x1_SysCallNum_4_nt!KiSystemServiceExit+245 BUCKET_ID: X64_0x1_SysCallNum_4_nt!KiSystemServiceExit+245 Followup: MachineOwner ---------
Probable causes
System service, Device driver, graphics driver, ?memory3rd dump BugCheck 0xFC BSOD Index blaming driver dgmbx2.sys which is associated with ? Digidesign Mbox2 Analog 1/2 (3- Digidesign Mbox 2 Audio) ? if you look at bottom you will see driver is dated 11/02/11 so is nearly 2 years old and in need of updating, if you cant update it i would remove it for the purposes of testingCode:******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 3B, {c0000005, fffff880077cda11, fffff88002de24a0, 0} Probably caused by : ks.sys ( ks!KspClose+f9 ) Followup: MachineOwner --------- 0: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* SYSTEM_SERVICE_EXCEPTION (3b) An exception happened while executing a system service routine. Arguments: Arg1: 00000000c0000005, Exception code that caused the bugcheck Arg2: fffff880077cda11, Address of the instruction which caused the bugcheck Arg3: fffff88002de24a0, Address of the context record for the exception that caused the bugcheck Arg4: 0000000000000000, zero. Debugging Details: ------------------ EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s. FAULTING_IP: ks!KspClose+f9 fffff880`077cda11 41ffd0 call r8 CONTEXT: fffff88002de24a0 -- (.cxr 0xfffff88002de24a0) rax=00000000134dc000 rbx=fffffa801a3f19f0 rcx=fffffa800bf70e20 rdx=fffffa801a3f19f0 rsi=fffffa800bf70da0 rdi=fffffa801a3f1d90 rip=fffff880077cda11 rsp=fffff88002de2e80 rbp=fffffa801a3f19f0 r8=000300020dff0e01 r9=0000000000000000 r10=0000000000000000 r11=0000000000000000 r12=fffffa800adecc50 r13=fffff880077c5110 r14=fffffa800adf6900 r15=fffff8a00354d650 iopl=0 nv up ei pl nz na pe nc cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010202 ks!KspClose+0xf9: fffff880`077cda11 41ffd0 call r8 {00030002`0dff0e01} Resetting default scope CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT BUGCHECK_STR: 0x3B PROCESS_NAME: svchost.exe CURRENT_IRQL: 0 LAST_CONTROL_TRANSFER: from fffff880077cdc34 to fffff880077cda11 STACK_TEXT: fffff880`02de2e80 fffff880`077cdc34 : fffffa80`0adecc50 fffffa80`0bf70d50 fffffa80`1a3f19f0 fffffa80`0adecb90 : ks!KspClose+0xf9 fffff880`02de2ec0 fffff880`077cd52d : 00000000`00000000 fffffa80`1a3f1dd8 fffffa80`0adecb90 fffffa80`0adf6900 : ks!CKsFilter::DispatchClose+0x104 fffff880`02de2f30 fffff880`08bf9825 : 00000000`00000001 fffffa80`0adecb90 fffffa80`17299c80 00000000`00000000 : ks!DispatchClose+0x4d fffff880`02de2f60 fffff800`033cbf2e : fffffa80`17299cb0 00000000`00000001 fffffa80`00000000 fffffa80`1a3f19f0 : ksthunk!CKernelFilterDevice::DispatchIrp+0x11d fffff880`02de2fc0 fffff800`030dd1d4 : 00000000`000000d4 fffffa80`0bf7a060 fffffa80`06a492a0 fffff880`02de0015 : nt!IopDeleteFile+0x11e fffff880`02de3050 fffff800`033c6ae4 : fffffa80`0bf7a060 00000000`00000000 fffffa80`0bfabb50 00000000`00000000 : nt!ObfDereferenceObject+0xd4 fffff880`02de30b0 fffff800`033c7094 : 00000000`000009c4 fffffa80`0bf7a060 fffff8a0`0354d650 00000000`000009c4 : nt!ObpCloseHandleTableEntry+0xc4 fffff880`02de3140 fffff800`030d3253 : fffffa80`0bfabb50 fffff880`02de3210 00000000`00000001 00000000`003fe1f0 : nt!ObpCloseHandle+0x94 fffff880`02de3190 00000000`775c140a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 00000000`00fcf2d8 fffff800`030cb610 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x775c140a fffff880`02de3370 fffff880`00000000 : fffffa80`0bf7a060 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCallUserMode fffff880`02de3378 fffffa80`0bf7a060 : 00000000`00000000 00000000`00000000 00000000`00000000 fffff880`02de3db0 : 0xfffff880`00000000 fffff880`02de3380 00000000`00000000 : 00000000`00000000 00000000`00000000 fffff880`02de3db0 00000000`00000000 : 0xfffffa80`0bf7a060 FOLLOWUP_IP: ks!KspClose+f9 fffff880`077cda11 41ffd0 call r8 SYMBOL_STACK_INDEX: 0 SYMBOL_NAME: ks!KspClose+f9 FOLLOWUP_NAME: MachineOwner MODULE_NAME: ks IMAGE_NAME: ks.sys DEBUG_FLR_IMAGE_TIMESTAMP: 4ce7a3f3 STACK_COMMAND: .cxr 0xfffff88002de24a0 ; kb FAILURE_BUCKET_ID: X64_0x3B_ks!KspClose+f9 BUCKET_ID: X64_0x3B_ks!KspClose+f9 Followup: MachineOwner ---------
Given the combo of errors and possible reasons i think it likely we are looking at a problem with a driverCode:******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck FC, {fffff8800c3b84c8, 8000000224b62121, fffff8800e77b770, 2} *** WARNING: Unable to verify timestamp for dgmbx2.sys *** ERROR: Module load completed but symbols could not be loaded for dgmbx2.sys Probably caused by : dgmbx2.sys ( dgmbx2+214c8 ) Followup: MachineOwner --------- 7: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* ATTEMPTED_EXECUTE_OF_NOEXECUTE_MEMORY (fc) An attempt was made to execute non-executable memory. The guilty driver is on the stack trace (and is typically the current instruction pointer). When possible, the guilty driver's name (Unicode string) is printed on the bugcheck screen and saved in KiBugCheckDriver. Arguments: Arg1: fffff8800c3b84c8, Virtual address for the attempted execute. Arg2: 8000000224b62121, PTE contents. Arg3: fffff8800e77b770, (reserved) Arg4: 0000000000000002, (reserved) Debugging Details: ------------------ CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT BUGCHECK_STR: 0xFC PROCESS_NAME: svchost.exe CURRENT_IRQL: 0 TRAP_FRAME: fffff8800e77b770 -- (.trap 0xfffff8800e77b770) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=fffffa801a715158 rbx=0000000000000000 rcx=fffffa8019d586a0 rdx=fffffa801d51fb80 rsi=0000000000000000 rdi=0000000000000000 rip=fffff8800c3b84c8 rsp=fffff8800e77b908 rbp=fffffa801d51fb80 r8=fffff8800c3b84c8 r9=0000000000000000 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei ng nz na pe nc dgmbx2+0x214c8: fffff880`0c3b84c8 e182 loope dgmbx2+0x2144c (fffff880`0c3b844c) [br=0] Resetting default scope LAST_CONTROL_TRANSFER: from fffff8000307bbb4 to fffff800030d3fc0 STACK_TEXT: fffff880`0e77b608 fffff800`0307bbb4 : 00000000`000000fc fffff880`0c3b84c8 80000002`24b62121 fffff880`0e77b770 : nt!KeBugCheckEx fffff880`0e77b610 fffff800`030d20ee : 00000000`00000008 fffff880`0c3b84c8 fffffa80`72456300 fffffa80`1d51fb80 : nt! ?? ::FNODOBFM::`string'+0x44dbc fffff880`0e77b770 fffff880`0c3b84c8 : fffff880`07756a14 fffffa80`1d51fb80 fffffa80`00000000 fffff880`0774e100 : nt!KiPageFault+0x16e fffff880`0e77b908 fffff880`07756a14 : fffffa80`1d51fb80 fffffa80`00000000 fffff880`0774e100 fffffa80`1d51fb00 : dgmbx2+0x214c8 fffff880`0e77b910 fffff880`07756c34 : fffffa80`0701d040 fffffa80`19d585d0 fffffa80`1d51fb80 fffffa80`19907800 : ks!KspClose+0xfc fffff880`0e77b950 fffff880`0775652d : 00000000`00000000 fffffa80`1d51ff68 fffffa80`19907800 fffffa80`1a631270 : ks!CKsFilter::DispatchClose+0x104 fffff880`0e77b9c0 fffff880`0305e825 : 00000000`00000001 fffffa80`19907800 fffffa80`0fcf21f0 00000000`00000000 : ks!DispatchClose+0x4d fffff880`0e77b9f0 fffff800`033cbf2e : fffffa80`0fcf2220 00000000`00000001 fffffa80`00000000 fffffa80`1d51fb80 : ksthunk!CKernelFilterDevice::DispatchIrp+0x11d fffff880`0e77ba50 fffff800`030dd1d4 : 00000000`02aa32d0 fffffa80`0c5ec570 fffffa80`06a32400 fffff800`030dce9a : nt!IopDeleteFile+0x11e fffff880`0e77bae0 fffff800`033c6ae4 : fffffa80`0c5ec570 00000000`00000000 fffffa80`0c682b50 00000000`00000000 : nt!ObfDereferenceObject+0xd4 fffff880`0e77bb40 fffff800`033c7094 : 00000000`00000430 fffffa80`0c5ec570 fffff8a0`05cb07a0 00000000`00000430 : nt!ObpCloseHandleTableEntry+0xc4 fffff880`0e77bbd0 fffff800`030d3253 : fffffa80`0c682b50 fffff880`0e77bca0 00000000`01b6ae50 00000000`00131410 : nt!ObpCloseHandle+0x94 fffff880`0e77bc20 00000000`771d140a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 00000000`01eff438 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x771d140a STACK_COMMAND: kb FOLLOWUP_IP: dgmbx2+214c8 fffff880`0c3b84c8 e182 loope dgmbx2+0x2144c (fffff880`0c3b844c) SYMBOL_STACK_INDEX: 3 SYMBOL_NAME: dgmbx2+214c8 FOLLOWUP_NAME: MachineOwner MODULE_NAME: dgmbx2 IMAGE_NAME: dgmbx2.sys DEBUG_FLR_IMAGE_TIMESTAMP: 4d55bffc FAILURE_BUCKET_ID: X64_0xFC_dgmbx2+214c8 BUCKET_ID: X64_0xFC_dgmbx2+214c8 Followup: MachineOwner --------- 7: kd> lmvm dgmbx2 start end module name fffff880`0c397000 fffff880`0c3c8000 dgmbx2 T (no symbols) Loaded symbol image file: dgmbx2.sys Image path: dgmbx2.sys Image name: dgmbx2.sys Timestamp: Fri Feb 11 23:02:20 2011 (4D55BFFC) CheckSum: 00032601 ImageSize: 00031000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
I would start with dgmbx2.sys then have a look at your gfx drivers they are dated 01/06/11 and would benefit from updating, to do this locate new drivers uninstall old ones run Drivers - Clean Left over Files after Uninstalling to clean out any leftovers than can cause problems then install new ones
A few other drivers that look old are
HECIx64.sys 17/09/2009 Intel Management Engine Interface (mobo driver ? chipset)
MDPMGRNT.SYS 23/09/2009 MacDrive Partition Driver
Tpkd.sys 23/12/2009 PACE Anti-Piracy InterLok software
CBDisk.sys 13/01/2010 CallbackDisk Virtual Storage Driver
MDFSYSNT.sys 04/02/2010 MacDrive file system driver
Rt64win7.sys 04/03/2010 Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC
RTKVHD64.sys 07/09/2010 Realtek High Definition Audio Function Driver
could be beneficial to update these but not top priority
i still have the same problem but i know that every time my computer goes into idle. That's when it turns black and never recovers or i get a BSOD . BSOD sometimes when i just browse the internet or watch YouTube . here goes my newest BSOD
Last edited by anonymousmurder; 04 Jan 2013 at 04:39.