BSOD at random

M

MrBlueScreen

New member
Local time
5:47 PM
Messages
4
I've been getting bsod for the past week. I dont recall any changes or updates done that might be the cause. My computer is about 1 year old. Had it built for me so not sure about specifics of the OS other than its Win 7 Ultimate x64. Earlier when I got a blue screen after reboot I got it repeatedly then it finally booted. Please help If you can. thnx
 

My Computer

Computer Manufacturer/Model Number
custom
OS
Windows 7 Ultimate x64
CPU
AMD Phenom II X4 955 Black Edition Deneb 3.2GHz
Motherboard
ASUS M4A79T Deluxe AM3 DDR3 AMD 790FX
Memory
(2) Kingston 1GB 240-Pin DDR3 SDRAM DDR3 1333
Graphics Card(s)
MSI R5770-PM2D1G-OC Radeon HD 5770 1GB
Sound Card
onboard Realtek
Monitor(s) Displays
NEC FP2141sb, IC Power 19" lcd
Hard Drives
Win C: WD1600YS, storage drives: WD3200aa, ST380013a
PSU
630 watt
Case
NZXT
Cooling
Cooler Master Intel Core i5 compatible Hyper TX3 Socket 775/
There is a long long list of things that may need addressing in the way of drivers on your system, but I'll start simple first. Remove any virtual device software you are running at the moment. For instance, your clone dvd software, as it is installing a massively out of date driver into your system.
(not too mention win 7 has been known to suddenly decide it doesn't like a virtual device)

I am not personally familiar with the following
Code: 
fffff880`05470000 fffff880`0547a780   wowhd_kern_amd64 wowhd_kern_amd64.sys Thu Jul 26 11:28:46 2007 (46A8CBBE)
fffff880`0547b000 fffff880`0548ab80   csiidecoder_kern_amd64 csiidecoder_kern_amd64.sys Thu Jul 26 11:28:48 2007 (46A8CBC0)
fffff880`0548b000 fffff880`0549ad00   surroundhp_kern_amd64 surroundhp_kern_amd64.sys Thu Jul 26 11:28:45 2007 (46A8CBBD)
fffff880`0549b000 fffff880`054a9a00   tshd4_kern_amd64 tshd4_kern_amd64.sys Thu Jul 26 11:28:42 2007 (46A8CBBA)
but anything before roughly jul 13th '09 is not a win 7 driver.
My driver reference can't even turn up anything on these files.
Willing to bet they are malware related.

Running MBAM with latest definitions will check that.
Malwarebytes (the free version is more than adequate for on demand scanning)
 

My Computer

Computer Manufacturer/Model Number
Insane hobo technologies. ;-)
OS
Windows 7 x64
CPU
Intel i7 2600k
Motherboard
Asrock z68 extreme 4 gen 3
Memory
G.skill Ripjaw 16gigs @ 1866
Graphics Card(s)
Nvidia gtx580 (evga)
Sound Card
Integrated HD audio + hdmi
Monitor(s) Displays
24" ASUS widescreen + 42" insignia
Screen Resolution
1080p (1920x1080)
Hard Drives
128 Samsung 830
256 Samsung 840
3 x 1tb storage drive (various)
1 western digital 1tb (eSATA)
1 Seagate 1tb (eSATA)
PSU
1 kilowatt SLI/Crossfire rated Silverstone modular
Case
NZXT Phantom + additional 220 fan
Cooling
Zalmann
Keyboard
Microsoft wireless 3000 (v2)
Mouse
MS - wireless 5000 (bluetrack)
Internet Speed
depends on if you ask me or my provider.
Other Info
The above information is provided as is, and the author assumes no responsibility for issues it may cause with your sanity or fanboyism.
In addition to Maguscreed's advice, uninstall Daemon Tools. After that's done, use this tool to remove SPTD: http://www.duplexsecure.com/download/SPTDinst-v174-x64.exe

SPTD is a driver used by Daemon Tools and a couple other programs, which is known to cause BSODs in Vista and 7.

Please validate your OS: Genuine Microsoft Software

Finally, run driver verifier: http://www.sevenforums.com/tutorials/101379-driver-verifier-enable-disable.html

...Summary of the dumps:
Code: 
[font=lucida console]
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Built by: 7600.16384.amd64fre.win7_rtm.090710-1945
Debug session time: Fri Feb 11 14:54:38.417 2011 (GMT-5)
System Uptime: 0 days 0:00:33.619
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Probably caused by : ntoskrnl.exe ( nt+764d8 )
DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
BUGCHECK_STR:  0xA
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Built by: 7600.16384.amd64fre.win7_rtm.090710-1945
Debug session time: Fri Feb 11 14:53:26.170 2011 (GMT-5)
System Uptime: 0 days 0:01:01.372
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Probably caused by : ntoskrnl.exe ( nt+77fef )
DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
BUGCHECK_STR:  0x3B
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Built by: 7600.16384.amd64fre.win7_rtm.090710-1945
Debug session time: Fri Feb 11 14:51:52.496 2011 (GMT-5)
System Uptime: 0 days 0:42:31.698
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Probably caused by : ntoskrnl.exe ( nt+914ac )
DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
BUGCHECK_STR:  0xA
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Built by: 7600.16384.amd64fre.win7_rtm.090710-1945
Debug session time: Fri Feb 11 13:42:03.003 2011 (GMT-5)
System Uptime: 0 days 0:32:36.205
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Probably caused by : ntoskrnl.exe ( nt+c076a )
DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
BUGCHECK_STR:  0x50
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Built by: 7600.16384.amd64fre.win7_rtm.090710-1945
Debug session time: Fri Feb 11 13:08:50.916 2011 (GMT-5)
System Uptime: 0 days 0:00:33.493
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Probably caused by : ntoskrnl.exe ( nt+91a83 )
DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
BUGCHECK_STR:  0xA
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
  
[/font]
 

My Computer

Computer Manufacturer/Model Number
Custom
OS
Windows 7 Professional x64
CPU
Intel i7 2600K OC'd @ 4620 MHz
Motherboard
Asus P8Z68-V Pro
Memory
16GB GSkill Sniper 2133 Mhz (4x4GB)
Graphics Card(s)
EVGA GeForce GTX 480 SuperClocked+
Sound Card
Realtek High Definition Audio
Monitor(s) Displays
2x Acer S273HLbmii 27"
Screen Resolution
2 x 1920x1080
Hard Drives
64GB Crucial M4 SSD

Storage: Hitachi 1TB 5400RPM, Samsung 1.5TB 5400RPM
PSU
Corsair HW Series 750w (modular)
Case
Cooler Master HAF 932 Advanced Blue Edition
Cooling
CM Hyper 212+ CPU cooler, 3x 230mm + 1x 140mm case fans
Keyboard
Logitech MK320 (wireless)
Mouse
Logitech MK320 (wireless)
Internet Speed
30 Mb/s : 2 Mb/s
O.K. I'm starting from the beginning by running Malwarebytes and found 3 viruses. I noticed that my notifications for windows defender was turned off so I enabled it and it had a notification that it found this:(Trojan:Win32/Alureon.DX is a rootkit that differs in behavior depending on whether the operating system is 32-bits or 64-bits.) On a 64-bit-based operating system:

Trojan:Win32/Alureon.DX writes directly into the encrypted virtual file system (VFS). It also attempts to directly modify the Master Boot Record (MBR). After attempting these modifications, it attempts to force a reboot of the computer.
I remember now that when I got my first blue screen Avast told me that it detected something trying to control of my asus Q-button. it found a dropper and said to restart to remove it. and I got blue screen when trying to reboot. Had to roll back to a recent restore point to be able to reboot.
 

My Computer

Computer Manufacturer/Model Number
custom
OS
Windows 7 Ultimate x64
CPU
AMD Phenom II X4 955 Black Edition Deneb 3.2GHz
Motherboard
ASUS M4A79T Deluxe AM3 DDR3 AMD 790FX
Memory
(2) Kingston 1GB 240-Pin DDR3 SDRAM DDR3 1333
Graphics Card(s)
MSI R5770-PM2D1G-OC Radeon HD 5770 1GB
Sound Card
onboard Realtek
Monitor(s) Displays
NEC FP2141sb, IC Power 19" lcd
Hard Drives
Win C: WD1600YS, storage drives: WD3200aa, ST380013a
PSU
630 watt
Case
NZXT
Cooling
Cooler Master Intel Core i5 compatible Hyper TX3 Socket 775/
Boot in safe mode with networking and run malwarebytes and let it do the removal. I think you'll find it a bit safer for virus removal than some of the pay for suites.

Always best to do removals in safemode. It helps prevents possible conflicts.
 

My Computer

Computer Manufacturer/Model Number
Insane hobo technologies. ;-)
OS
Windows 7 x64
CPU
Intel i7 2600k
Motherboard
Asrock z68 extreme 4 gen 3
Memory
G.skill Ripjaw 16gigs @ 1866
Graphics Card(s)
Nvidia gtx580 (evga)
Sound Card
Integrated HD audio + hdmi
Monitor(s) Displays
24" ASUS widescreen + 42" insignia
Screen Resolution
1080p (1920x1080)
Hard Drives
128 Samsung 830
256 Samsung 840
3 x 1tb storage drive (various)
1 western digital 1tb (eSATA)
1 Seagate 1tb (eSATA)
PSU
1 kilowatt SLI/Crossfire rated Silverstone modular
Case
NZXT Phantom + additional 220 fan
Cooling
Zalmann
Keyboard
Microsoft wireless 3000 (v2)
Mouse
MS - wireless 5000 (bluetrack)
Internet Speed
depends on if you ask me or my provider.
Other Info
The above information is provided as is, and the author assumes no responsibility for issues it may cause with your sanity or fanboyism.
I'm running windows defenderscan again and avast is saying found:hidden. File name MBR:\\.\PHYSICALDRIVE0. So in safe mode will an anti virus software be able to remove the virus from my master boot record without erasing it? Or is that why avast can't seem to delete this virus because it has written itself into the MBR. And if so is there anyway to repair or replace the MBR without having to reinstall the OS?
 

My Computer

Computer Manufacturer/Model Number
custom
OS
Windows 7 Ultimate x64
CPU
AMD Phenom II X4 955 Black Edition Deneb 3.2GHz
Motherboard
ASUS M4A79T Deluxe AM3 DDR3 AMD 790FX
Memory
(2) Kingston 1GB 240-Pin DDR3 SDRAM DDR3 1333
Graphics Card(s)
MSI R5770-PM2D1G-OC Radeon HD 5770 1GB
Sound Card
onboard Realtek
Monitor(s) Displays
NEC FP2141sb, IC Power 19" lcd
Hard Drives
Win C: WD1600YS, storage drives: WD3200aa, ST380013a
PSU
630 watt
Case
NZXT
Cooling
Cooler Master Intel Core i5 compatible Hyper TX3 Socket 775/
Used TDSSKILLER to scan and repair MBR. it found infected with that virus. Rebooted and no Blue screen. I'm going to run scans again to make sure all rootkits are gone. I will post back later to let you guys know if this fixed problem.
 

My Computer

Computer Manufacturer/Model Number
custom
OS
Windows 7 Ultimate x64
CPU
AMD Phenom II X4 955 Black Edition Deneb 3.2GHz
Motherboard
ASUS M4A79T Deluxe AM3 DDR3 AMD 790FX
Memory
(2) Kingston 1GB 240-Pin DDR3 SDRAM DDR3 1333
Graphics Card(s)
MSI R5770-PM2D1G-OC Radeon HD 5770 1GB
Sound Card
onboard Realtek
Monitor(s) Displays
NEC FP2141sb, IC Power 19" lcd
Hard Drives
Win C: WD1600YS, storage drives: WD3200aa, ST380013a
PSU
630 watt
Case
NZXT
Cooling
Cooler Master Intel Core i5 compatible Hyper TX3 Socket 775/
You must log in or register to reply here.
Back
Top