Multiple BSOD even after factory reset

Page 1 of 2 12 LastLast

  1. Posts : 5
    windows 7 home premium 64 bit
       #1

    Multiple BSOD even after factory reset


    hi there,

    As the title suggest, I've reset my laptop to the factory settings after suffering through mutliple BSODs. Sadly this doesn't seem to have helped as I'm getting BSODs every 15 minutes or so on the default factory setup.

    I haven't installed anything, just the Windows Updates that load automatically after resetting.

    I've uploaded the dumpfiles using the diagnostic tool.

    Thanks in advance
      My Computer


  2. Posts : 15,026
    Windows 10 Home 64Bit
       #2

    Welcome to the Forum.
    Code:
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    Use !analyze -v to get detailed debugging information.
    
    BugCheck 3B, {c0000005, fffff88005501d26, fffff88007f4e990, 0}
    
    *** WARNING: Unable to verify timestamp for mfeavfk.sys
    *** ERROR: Module load completed but symbols could not be loaded for mfeavfk.sys
    Probably caused by : mfeavfk.sys ( mfeavfk+ad26 )
    
    Followup: MachineOwner
    ---------


       Note
    Do not start the trial version of MalwareBytes





    • System File Checker
      • The SFC /SCANNOW Command - System File Checker scans the integrity of all protected Windows 7 system files and replaces incorrect corrupted, changed/modified, or damaged versions with the correct versions if possible. If you have modified your system files as in theming explorer/system files, running sfc /scannow will revert the system files to it's default state.


    • Run Disk Check in Windows 7
      • Run this on your Hard Drive(s). This will show you how to run Check Disk or chkdsk in Windows 7 to check a selected hard disk for file system errors and bad sectors on it. With both boxes checked for all HDDs and with Automatically fix file system errors. Post back your logs for the checks after finding them using Check Disk (chkdsk) - Read Event Viewer Log


      My Computer


  3. Posts : 5
    windows 7 home premium 64 bit
    Thread Starter
       #3

    I've done all the suggested steps, with nothing unusual showing up.

    The BSODs are less frequent now, but they're still happening.

    Attached are the printscrn from speccy and the latest dumpfiles.

    Thanks again for any help :)
      My Computer

  4.    #4

    Could you post the .CBS log from here - SFC /SCANNOW Command - System File Checker

    Please post the log created by Check Disk - Check Disk (chkdsk) - Read Event Viewer Log

    Please post the MBAM logs and TDSS logs.

    -------------------------------------------------------------

    Code:
    BugCheck C2, {7, 1097, 0, fffffa8008c3c340}
    
    GetPointerFromAddress: unable to read from fffff80002f030e0
    GetUlongFromAddress: unable to read from fffff80002f03198
    Probably caused by : win32k.sys ( win32k!xxxMsgWaitForMultipleObjects+108 )
    Code:
    0: kd> dt nt!_KAPC_STATE fffffa80062a6660
       +0x000 ApcListHead      : [2] _LIST_ENTRY [ 0x00000000`00000006 - 0xfffffa80`062a6668 ]
       +0x020 Process          : 0x00000000`672911a0 _KPROCESS
       +0x028 KernelApcInProgress : 0x70 'p'
       +0x029 KernelApcPending : 0x9d ''
       +0x02a UserApcPending   : 0x39 '9'
    I don't think the APC data structures have been paged out properly since this is a Minidump. The values of the fields of some of the other structures didn't appear to look right.

    Code:
    0: kd> !pool fffffa8008c3c340
    Pool page fffffa8008c3c340 region is Nonpaged pool
     fffffa8008c3c000 size:  300 previous size:    0  (Free)       TNbl
    *fffffa8008c3c300 size:  150 previous size:  300  (Allocated) *File (Protected)
            Pooltag File : File objects
     fffffa8008c3c450 size:  860 previous size:  150  (Free)       AfdB
     fffffa8008c3ccb0 size:  100 previous size:  860  (Allocated)  MmCa
     fffffa8008c3cdb0 size:  150 previous size:  100  (Allocated)  File (Protected)
     fffffa8008c3cf00 size:  100 previous size:  150  (Allocated)  MmCa
    We can see that the Protected bit has been set for the pool allocation which was being freed, the Protected bit enables the Windows Memory Manager to check that the pool allocation being freed is the intentional one.

    Code:
    0: kd> !stack
    Call Stack : 12 frames
    ## Stack-Pointer    Return-Address   Call-Site       
    00 fffff88002399538 fffff80002dfe60e nt!KeBugCheckEx+0 
    01 fffff88002399540 fffff80002ceacce nt!ExFreePoolWithTag-1aa2 (perf)
    02 fffff880023995f0 fffff80002ca823f nt!IopCompleteRequest+5ce 
    03 fffff880023996c0 fffff80002cd2bfd nt!KiDeliverApc+1d7 
    04 fffff88002399740 fffff80002cceeeb nt!KiCommitThreadWait+3dd (perf)
    05 fffff880023997d0 fffff9600015a46c nt!KeWaitForMultipleObjects+26b (perf)
    06 fffff88002399a80 fffff9600015b443 win32k!xxxMsgWaitForMultipleObjects+108 
    07 fffff88002399b00 fffff96000115098 win32k!xxxDesktopThread+253 
    08 fffff88002399b80 fffff96000195f9a win32k!xxxCreateSystemThreads+64 
    09 fffff88002399bb0 fffff80002ccaad3 win32k!NtUserCallNoParam+36 
    0a fffff88002399be0 000007fefd9c3d5a nt!KiSystemServiceCopyEnd+13
    The thread was placed into a wait state, possibly to allow the APC deliver to provide the I/O operation, which lead to the release of the pool allocation which has already been freed.

    Code:
    0xfffff880023995e8 : 0xfffff80002ceacce : nt!IopCompleteRequest+0x5ce
    0xfffff880023995f8 : 0xfffff80002cd177a : nt!KiSwapContext+0x7a
    0xfffff88002399610 : 0xfffff88002399628 : 0xfffff9600021656f : win32k!StartDeviceRead+0x1e7
    0xfffff88002399618 : 0xfffff960001b9da9 : win32k!ProcessMouseInput+0x1d5
    0xfffff88002399628 : 0xfffff9600021656f : win32k!StartDeviceRead+0x1e7
    0xfffff880023996b8 : 0xfffff80002ca823f : nt!KiDeliverApc+0x1d7
    In fact, the APC delivery may have been used, to help service a I/O operation from the mouse.

    The File Object within the pool block is most likely the mouse.

    Code:
    0: kd> !irql
    Debugger saved IRQL for processor 0x0 -- 1 (APC_LEVEL)
    Run Driver Verifier to scan for any corrupted drivers which may be causing problems, this program works by running various stress tests on drivers, in order to produce a BSOD which will locate the driver; run for least 24 hours:

       Information
      My Computer


  5. Posts : 5
    windows 7 home premium 64 bit
    Thread Starter
       #5

    Requested logs attached, not sure what MBAM log is.

    I've let driver verifier run for around 24hours, still getting BSODs.
      My Computer

  6.    #6

    Uploading MBAM Log:

    1. Open up MBAM or Malwarebytes, and then navigate the Logs tab:

    Attachment 292654

    2. Select the latest log file, and then click Open. Notepad should open with MBAM text log file. The bottom entry will always be the latest.

    Attachment 292655

    3. With Notepad, click File and then Save As.

    Attachment 292656

    Attachment 292657

    4. Save the log file to your desktop, and then upload in your next post.

    Attachment 292658
      My Computer

  7.    #7

    Please upload the actual TDSS log file:

    Attachment 292660

    There appears to be no problems with your file system which is good, and no problems within your .CBS log file.

    Please upload any new dump files with the SF_Diagnostic tool. I'm not trying to sound rude, but it's quite annoying when people simply state they are still having BSODs without uploading any new dump files. It slows down the troubleshooting process.
      My Computer


  8. Posts : 5
    windows 7 home premium 64 bit
    Thread Starter
       #8

    The requested files are attached.

    Sorry about not attaching the SF_Diagnostic files too. I had no idea I was supposed to send this with every posting.
      My Computer

  9.    #9

    Logs:

    Your TDSS log is clean and your MBAM log is fine apart from a PUP (Potientally Unwanted Program) which you seem to have deleted which is great. I've been doing some searching, and it appears that PUP.Optional.Bandoo.A is used to make certain websites appear higher in search engine rankings.

    Debugging Analysis:

    Code:
    0: kd> vertarget
    Windows 7 Kernel Version 7600 MP (2 procs) Free x64
    Product: WinNt, suite: TerminalServer SingleUserTS Personal
    Built by: 7600.17273.amd64fre.win7_gdr.130318-1532
    Machine Name:
    Kernel base = 0xfffff800`02c0f000 PsLoadedModuleList = 0xfffff800`02e4be70
    Debug session time: Wed Nov  6 16:12:30.579 2013 (UTC + 0:00)
    System Uptime: 0 days 1:12:28.483
    Please install Service Pack 1, it contains many patches and security updates - Learn how to install Windows 7 Service Pack 1 (SP1)

    Code:
    BugCheck 1A, {3452, 7fffffac000, fffff7000108f250, 8f6000003623cc66}
    
    Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+33013 )
    Unfortunately, the 3452 subtype error code is undocumented, however, this a 3451 which indicates that the PTEs of a kernel thread stack which have been paged out have become corrupt.

    Have you ran Driver Verifer?

    Run Driver Verifier to scan for any corrupted drivers which may be causing problems, this program works by running various stress tests on drivers, in order to produce a BSOD which will locate the driver; run for least 24 hours:

       Information
      My Computer


  10. Posts : 5
    windows 7 home premium 64 bit
    Thread Starter
       #10

    I managed to install service pack after several attempts. The installation stopped working halfway through several times, but i finally managed to get it installed in the end. BSODs are still happening but less frequently now.

    I ran driver verifier previously, nothing showed up.
      My Computer


 
Page 1 of 2 12 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 07:24.
Find Us