Solved BSOD once every 3-4days, Stop 0xf4

[talon03]

Hello!

Been having a problem with my new build BSODing on me once every couple of days. Happens randomly, the programs on my desktop will stop responding, start closing, then the PC will crash. Thought it might be time to call in the big guns and see if I can get it sussed.

Think it might be a driver issue. But since I haven't been able to get it solved, it might be the current conjunction of Venus and Saturn for all I've been able to do.

I have:
updated MB BIOS
updated SSD firmware
updated SATA drivers
re-seated RAM, twice

thanks very much for the assistance!

 

[koolkat77]

Welcome

Your dumps do not show a definitive cause, but from some of the things I've seen in them I would suggest you to start with :ar: http://www.sevenforums.com/tutorials/433-disk-check.html

Then download and install Malwarebytes free version from here Malwarebytes : Malwarebytes Anti-Malware removes malware including viruses, spyware, worms and trojans, plus it protects your computer and run a full scan

Post back once done

 

[talon03]

koolkat77,

thanks for the reply. Have done what you suggested and run malwarebytes full scan. Nothing found.

Also ran chkdsk. No problems with the drive.

 

[koolkat77]

Okay
Lets try driver verifier to rule out buggy drivers following the tutorial below:
http://www.sevenforums.com/tutorials/101379-driver-verifier-enable-disable.html

 

[talon03]

Bingo!

Or at least, some bluecreens.

Reboot was followed almost immediately by a crash. I booted into safe mode and disabled verifier, the booted normally and had a look at the crash log in bluescreenview. That first one seems to have been caused by the connectify hotspot driver.

So I started up verifier again, leaving it off this time. Another bluecreen, this time caused by what I think is something to do with the AI suite running for my motherboard.

Disabled it, booted again, and again bluescreened. This time it's being caused by a driver I don't recognise and I'm very suspicious about after a bit of quick googling... I've uploaded the crash data again, see what you think and your personal recommendation about how to proceed.

I haven't disabled/uninstalled anything yet, and verifier is still running. No more blue screens since I disabled it for those three drivers.
thanks.

 

[koolkat77]

Thanks for the dumps

BSOD Analyze

You have 2 software drivers that need to be updated or uninstalled.

Problem is with connctfy.sys please uninstall or update connectify software and most likely problem will go away. If it doesn't after an update then uninstall it.

1. AsUpIO.sys | ASUSTeK Computer Inc. -Support- Drivers and Download
2. cnnctfy2.sys | Your Hotspot, Your Way - Connectify

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck C4, {40, 0, fffff98007948d20, 0}

Unable to load image \SystemRoot\system32\DRIVERS\cnnctfy2.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for cnnctfy2.sys
*** ERROR: Module load completed but symbols could not be loaded for cnnctfy2.sys
Probably caused by : [COLOR=Blue]cnnctfy2.sys ( cnnctfy2+2396 )
[/COLOR]
Followup: MachineOwner
---------

2: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
A device driver attempting to corrupt the system has been caught.  This is
because the driver was specified in the registry as being suspect (by the
administrator) and the kernel has enabled substantial checking of this driver.
If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
be among the most commonly seen crashes.
Arguments:
Arg1: 0000000000000040, Acquiring a spinlock at IRQL < DISPATCH_LEVEL.
Arg2: 0000000000000000, Current IRQL
Arg3: fffff98007948d20, Spinlock address
Arg4: 0000000000000000

Debugging Details:
------------------


BUGCHECK_STR:  0xc4_40

CURRENT_IRQL:  0

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VERIFIER_ENABLED_VISTA_MINIDUMP

PROCESS_NAME:  Connectifyd.ex

LAST_CONTROL_TRANSFER:  from fffff8000331d3dc to fffff80002e971c0

STACK_TEXT:  
fffff880`08b22688 fffff800`0331d3dc : 00000000`000000c4 00000000`00000040 00000000`00000000 fffff980`07948d20 : nt!KeBugCheckEx
fffff880`08b22690 fffff800`0332e1af : 00000000`00000002 fffffa80`066669d8 00000000`00000000 fffff800`0332b58b : nt!VerifierBugCheckIfAppropriate+0x3c
fffff880`08b226d0 fffff880`0318a396 : fffffa80`0c555b30 fffff980`07948cd0 fffff980`11422fb0 fffff880`08b22798 : nt!VerifierKeAcquireSpinLockAtDpcLevel+0xa0
fffff880`08b22730 fffffa80`0c555b30 : fffff980`07948cd0 fffff980`11422fb0 fffff880`08b22798 00000000`00000000 : cnnctfy2+0x2396
fffff880`08b22738 fffff980`07948cd0 : fffff980`11422fb0 fffff880`08b22798 00000000`00000000 fffff880`0318bd65 : 0xfffffa80`0c555b30
fffff880`08b22740 fffff980`11422fb0 : fffff880`08b22798 00000000`00000000 fffff880`0318bd65 00000000`00010001 : 0xfffff980`07948cd0
fffff880`08b22748 fffff880`08b22798 : 00000000`00000000 fffff880`0318bd65 00000000`00010001 fffffa80`0c880000 : 0xfffff980`11422fb0
fffff880`08b22750 00000000`00000000 : fffff880`0318bd65 00000000`00010001 fffffa80`0c880000 00000000`00000000 : 0xfffff880`08b22798


STACK_COMMAND:  kb

FOLLOWUP_IP: 
cnnctfy2+2396
fffff880`0318a396 ??              ???

SYMBOL_STACK_INDEX:  3

SYMBOL_NAME:  cnnctfy2+2396

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: cnnctfy2

IMAGE_NAME:  [COLOR=Blue]cnnctfy2.sys[/COLOR]

DEBUG_FLR_IMAGE_TIMESTAMP:  4e04ad3d

FAILURE_BUCKET_ID:  X64_0xc4_40_VRF_cnnctfy2+2396

BUCKET_ID:  X64_0xc4_40_VRF_cnnctfy2+2396

Followup: MachineOwner
---------

2: kd> lmvm cnnctfy2
start             end                 module name
fffff880`03188000 fffff880`03192000   cnnctfy2 T (no symbols)           
    Loaded symbol image file: cnnctfy2.sys
    Image path: \SystemRoot\system32\DRIVERS\cnnctfy2.sys
    Image name: cnnctfy2.sys
    Timestamp:        [COLOR=Blue]Fri Jun 24 21:29:01 2011[/COLOR] (4E04AD3D)
    CheckSum:         0000E6A9
    ImageSize:        0000A000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck C4, {f6, 120, fffffa800c4c3060, fffff880031ef766}

Unable to load image \SystemRoot\SysWow64\drivers\AsUpIO.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for AsUpIO.sys
*** ERROR: Module load completed but symbols could not be loaded for AsUpIO.sys
Probably caused by : [COLOR=Magenta]AsUpIO.sys ( AsUpIO+1766 )[/COLOR]

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
A device driver attempting to corrupt the system has been caught.  This is
because the driver was specified in the registry as being suspect (by the
administrator) and the kernel has enabled substantial checking of this driver.
If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
be among the most commonly seen crashes.
Arguments:
Arg1: 00000000000000f6, Referencing user handle as KernelMode.
Arg2: 0000000000000120, Handle value being referenced.
Arg3: fffffa800c4c3060, Address of the current process.
Arg4: fffff880031ef766, Address inside the driver that is performing the incorrect reference.

Debugging Details:
------------------


BUGCHECK_STR:  0xc4_f6

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VERIFIER_ENABLED_VISTA_MINIDUMP

PROCESS_NAME:  PEUpdater.exe

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from fffff800033553dc to fffff80002ecf1c0

STACK_TEXT:  
fffff880`0c23d448 fffff800`033553dc : 00000000`000000c4 00000000`000000f6 00000000`00000120 fffffa80`0c4c3060 : nt!KeBugCheckEx
fffff880`0c23d450 fffff800`0336aae4 : 00000000`00000120 fffffa80`0c4c3060 00000000`00000002 00000000`00000000 : nt!VerifierBugCheckIfAppropriate+0x3c
fffff880`0c23d490 fffff800`03121ff0 : 00000000`00000000 fffff880`0c23d6c0 00000000`00000000 00000000`00000000 : nt!VfCheckUserHandle+0x1b4
fffff880`0c23d570 fffff800`031a4f65 : 00000000`00000000 00000000`000f001f 00000000`00000000 fffff800`031a4f00 : nt! ?? ::NNGAKEGL::`string'+0x212ce
fffff880`0c23d640 fffff800`0336a878 : 00000000`00000001 00000000`00000002 fffff880`0c23d730 fffff800`02ecaa10 : nt!ObReferenceObjectByHandle+0x25
fffff880`0c23d690 fffff880`031ef766 : 00000000`00000000 00000000`00000002 00000000`00000001 fffff800`0335514e : nt!VerifierObReferenceObjectByHandle+0x48
fffff880`0c23d6e0 00000000`00000000 : 00000000`00000002 00000000`00000001 fffff800`0335514e fffff880`0c23d768 : AsUpIO+0x1766


STACK_COMMAND:  kb

FOLLOWUP_IP: 
AsUpIO+1766
fffff880`031ef766 8bd8            mov     ebx,eax

SYMBOL_STACK_INDEX:  6

SYMBOL_NAME:  AsUpIO+1766

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: AsUpIO

IMAGE_NAME:  AsUpIO.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4c57835f

FAILURE_BUCKET_ID:  X64_0xc4_f6_VRF_AsUpIO+1766

BUCKET_ID:  X64_0xc4_f6_VRF_AsUpIO+1766

Followup: MachineOwner
---------

0: kd> lmvm AsUpIO
start             end                 module name
fffff880`031ee000 fffff880`031f5000   AsUpIO   T (no symbols)           
    Loaded symbol image file: AsUpIO.sys
    Image path: \SystemRoot\SysWow64\drivers\AsUpIO.sys
    Image name: AsUpIO.sys
    Timestamp:        [COLOR=Magenta]Tue Aug 03 08:47:59 2010[/COLOR] (4C57835F)
    CheckSum:         0000BD68
    ImageSize:        00007000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck C4, {40, 0, fffff98007f28c20, 0}

Unable to load image \SystemRoot\system32\DRIVERS\ndisrd.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ndisrd.sys
*** ERROR: Module load completed but symbols could not be loaded for ndisrd.sys
Probably caused by : [COLOR=Blue]ndisrd.sys ( ndisrd+266e )[/COLOR]

ndisrd.sys

Mionet driver/ WinpkFilter high performance packet filtering framework need updates as well.

0: kd> lmvm ndisrd
start             end                 module name
fffff880`0318a000 fffff880`03194000   ndisrd   T (no symbols)           
    Loaded symbol image file: ndisrd.sys
    Image path: \SystemRoot\system32\DRIVERS\ndisrd.sys
    Image name: ndisrd.sys
    Timestamp:        [COLOR=Blue]Fri Aug 12 16:14:50 2011 [/COLOR](4E44FD1A)
    CheckSum:         00009651
    ImageSize:        0000A000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4

Post back once you've done updating all these.

 

[talon03]

OK, so quick update:

I removed all three drivers listed above.

Ran somewhat more stable, but then decided to play the BSOD game again.
Gave what appeared to be an SSD error, I ran chkdsk and it didn't pick anything up.

I'm re-running verifier.exe now to see if it finds anything.

Attached are the latest crash dumps.

Thanks!

 

[koolkat77]

One of your dump shows memory issue, the other two don't show a probable cause.
You should run memtest86+ on each stick for 8 passes preferably overnight.

• http://www.sevenforums.com/tutorials/105647-ram-test-memtest86.html

 

[talon03]

Ok, Ran Memtest86+ today while at work.
10 hours, 9 passes, no fails, no errors.

 

[koolkat77]

Any bsods lately?
Upload them please.

 

[talon03]

Last one was Saturday I think, here's the latest uploads...

 

[koolkat77]

If you are overclocking any hardware, please stop.

Start Menu\Programs\ASUS	Public:Start Menu\Programs\ASUS	Public
Start Menu\Programs\DAEMON Tools Lite	Public:Start Menu\Programs\DAEMON Tools Lite	Public

Please revert to factory clocks if overclocking and uninstall AI Suite and all its components.
Daemon tools is a known cause of BSOD. If you search our forum, you'll get many related threads.

I don't see any antivirus installed there. But you do have Malwarebytes. Can you tell me what antivirus
you're using?

Run the system file checker for any corrupted windows files following:
:ar: http://www.sevenforums.com/tutorials/1538-sfc-scannow-command-system-file-checker.html

Upgrading drivers for pre-existing device

1. Open Windows Device Manager.
   (Click on the start rb: - Type Device Manager in the search bar - Hit enter)
2. In the Device Manager locate the device you wish to update the drivers for/look for a :warn:
3. Right-click the device and click Properties.
4. In the Properties window click the Driver tab.
5. Click the Update Driver button.
6. In the Hardware Update Wizard point Windows to the location of the updated drivers on your hard drive

Once drivers have been installed reboot the system.

Will wait for your next post

 

[talon03]

Knew there was something I forgot to installl Such a noob.
I have Avast now, running a full scan...

Daemon tools was only installed yesterday.

The PC has never been Overclocked. The files for AI suite II have been removed, but the uninstaller failed multiple times (locked up) and I think there's still some registry entries kicking about.

SFC found no system file errors.

No devices need drivers updated.

 

[koolkat77]

Suggest you to uninstall Avast! for now.

Avast sometimes causes BSoDs. Keep MSE for the time being. (You may install Avast! back afterwards.)
:ar: Microsoft Security Essentials - Free Antivirus for Windows

Do a complete scan once downloaded and installed.

Monitor temp of your computer with Speccy:
:ar: Speccy - System Information - Free Download

If you have more BSoDs, upload them.

 

[talon03]

Just had another crash. Have attached logs.

 

[koolkat77]

Run http://www.sevenforums.com/tutorials/166445-windows-defender-offline.html

 

[talon03]

Ran a full scan this morning. Nothing detected.

 

[koolkat77]

Any blue screens?
Do you still have avast on your computer?

 

[talon03]

Nope no blue screen since yesterday.
And it's been un-installed for now.

 

[koolkat77]

Alright
If you do, upload the dumps. (Newest ones only)