Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Recurring BSOD while idle with Bug Check Code 0xc000021a


  • Please log in to reply
11 replies to this topic

#1 kghastie

kghastie

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:09:58 AM

Posted 09 February 2015 - 09:22 PM

Hi, I could use some help with a recurring BSOD I have, running Windows 8.1.

I'm not sure what info is most helpful, but I have minidumps, etc.

I'm including the events for each of the three occurrences (2/9/15, 1/30/15, 1/20/15), including the bugcheck event and the last set of Administrative Events that appeared to have occurred leading up to the reboot (which never actually reboots but hangs on the new, pale, Windows 8 BSOD).

I have removed the WatchESPN and TouchMail (DaVincisGarageLLC) Metro apps from the system, although I suspect that their failures are just a downhill cascade from the rpcss.dll failure (the very first event listed each time).

 

If there are other useful pieces of information, please let me know.

**** 2/9/15 ****

2/9/2015 7:55:02 PM    Error    1001    BugCheck
The computer has rebooted from a bugcheck.  The bugcheck was: 0xc000021a (0xffffc0004a190180, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\WINDOWS\Minidump\020915-14687-01.dmp. Report Id: 020915-14687-01.

2/9/2015 6:38:20 PM    Error    5973    Apps    (5973)
Activation of app daVincisGarageLLC.LarryBooBoo_526xyj0r2d3h2!TouchMail failed with error: Unknown HResult Error code: 0xc0000005 See the Microsoft-Windows-TWinUI/Operational log for additional information.

2/9/2015 6:38:16 PM    Error    7031    Service Control Manager
The Remote Procedure Call (RPC) service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Reboot the machine.

2/9/2015 6:38:16 PM    Error    7031    Service Control Manager
The RPC Endpoint Mapper service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

2/9/2015 6:38:15 PM    Error    5973    Apps    (5973)
Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: The remote procedure call failed. See the Microsoft-Windows-TWinUI/Operational log for additional information.

2/9/2015 6:38:15 PM    Error    5973    Apps    (5973)
Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: The remote procedure call failed. See the Microsoft-Windows-TWinUI/Operational log for additional information.

2/9/2015 6:38:15 PM    Error    5973    Apps    (5973)
Activation of app ESPNInc.WatchESPN_hpt16c9c0eesj!App failed with error: The remote procedure call failed. See the Microsoft-Windows-TWinUI/Operational log for additional information.

2/9/2015 6:38:15 PM    Error    1000    Application Error    (100)
Faulting application name: svchost.exe_RpcSs, version: 6.3.9600.17415, time stamp: 0x54504177
Faulting module name: rpcss.dll, version: 6.3.9600.17415, time stamp: 0x5450409b
Exception code: 0xc0000005
Fault offset: 0x00000000000351ff
Faulting process id: 0x360
Faulting application start time: 0x01d03c94163aacea
Faulting application path: C:\WINDOWS\system32\svchost.exe
Faulting module path: c:\windows\system32\rpcss.dll
Report Id: b79e432f-b0b4-11e4-beab-6cf049e0cfc7
Faulting package full name:
Faulting package-relative application ID:

**** 1/20/15 ****

1/20/2015 8:41:22 PM    Error    1001    BugCheck
The computer has rebooted from a bugcheck.  The bugcheck was: 0xc000021a (0xffffc000da4dd2e0, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: 012015-12640-01.

1/20/2015 8:35:11 PM    Error    7031    Service Control Manager
The Remote Procedure Call (RPC) service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Reboot the machine.

1/20/2015 8:35:11 PM    Error    7031    Service Control Manager
The RPC Endpoint Mapper service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

1/20/2015 8:35:11 PM    Error    5973    Apps    (5973)
Activation of app Facebook.Facebook_8xx8rvfyw5nnt!App failed with error: The remote procedure call failed. See the Microsoft-Windows-TWinUI/Operational log for additional information.

1/20/2015 8:35:11 PM    Error    5973    Apps    (5973)
Activation of app daVincisGarageLLC.LarryBooBoo_526xyj0r2d3h2!TouchMail failed with error: The remote procedure call failed. See the Microsoft-Windows-TWinUI/Operational log for additional information.

1/20/2015 8:35:11 PM    Error    5973    Apps    (5973)
Activation of app ESPNInc.WatchESPN_hpt16c9c0eesj!App failed with error: The remote procedure call failed. See the Microsoft-Windows-TWinUI/Operational log for additional information.

1/20/2015 8:35:11 PM    Error    1000    Application Error
Faulting application name: svchost.exe_RpcSs, version: 6.3.9600.17415, time stamp: 0x54504177
Faulting module name: rpcss.dll, version: 6.3.9600.17415, time stamp: 0x5450409b
Exception code: 0xc0000005
Fault offset: 0x00000000000351af
Faulting process id: 0x348
Faulting application start time: 0x01d0329f91165274
Faulting application path: C:\WINDOWS\system32\svchost.exe
Faulting module path: c:\windows\system32\rpcss.dll
Report Id: bcc7d904-a10d-11e4-bea4-6cf049e0cfc7
Faulting package full name:
Faulting package-relative application ID:

**** 1/30/15 ****

1/30/2015 8:53:13 AM    Error    1001    BugCheck
The computer has rebooted from a bugcheck.  The bugcheck was: 0xc000021a (0xffffc00086aa8830, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\WINDOWS\Minidump\013015-14609-01.dmp. Report Id: 013015-14609-01.

1/30/2015 8:50:38 AM    Error    7031    Service Control Manager
The Remote Procedure Call (RPC) service terminated unexpectedly.  It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.

1/30/2015 8:50:38 AM    Error    7031    Service Control Manager
The RPC Endpoint Mapper service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

1/30/2015 8:50:38 AM    Error    5973    Apps    (5973)
Activation of app daVincisGarageLLC.LarryBooBoo_526xyj0r2d3h2!TouchMail failed with error: The remote procedure call failed. See the Microsoft-Windows-TWinUI/Operational log for additional information.

1/30/2015 8:50:38 AM    Error    1000    Application Error    (100)
Faulting application name: svchost.exe_RpcSs, version: 6.3.9600.17415, time stamp: 0x54504177
Faulting module name: rpcss.dll, version: 6.3.9600.17415, time stamp: 0x5450409b
Exception code: 0xc0000005
Fault offset: 0x000000000001c37e
Faulting process id: 0x338
Faulting application start time: 0x01d0368c72bc6a51
Faulting application path: C:\WINDOWS\system32\svchost.exe
Faulting module path: c:\windows\system32\rpcss.dll
Report Id: f83a9026-a886-11e4-beaa-6cf049e0cfc7
Faulting package full name:
Faulting package-relative application ID:

 

Thanks in advance,

 

kghastie



BC AdBot (Login to Remove)

 


m

#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,198 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:10:58 AM

Posted 09 February 2015 - 09:28 PM

Hi kghastie :)

It'll be useful if we could have access to your minidump logs so we can analyze them and pinpoint the cause of these BSODs.

Inxv2xa.pngBSOD Minidumps
Follow the instructions below to get and upload your BSOD minidumps so I can analyze them:
  • Create a new folder on your Desktop called dumps;
  • Go in your C:\windows\minidump folder, copy every files inside then paste them in your dumps folder;
  • Right-click on the dumps folder, select Send to then Compressed (zipped) folder;
  • Attach the compressed folder (archive) to your next reply and post it;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 kghastie

kghastie
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:09:58 AM

Posted 09 February 2015 - 09:50 PM

Including the minidumps plus some other system data (eightforums.com style):

 

 

Attached Files


Edited by kghastie, 09 February 2015 - 09:52 PM.


#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,198 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:10:58 AM

Posted 09 February 2015 - 09:57 PM

It seems like this BSOD could be malware related, but I cannot tell yet. Let's start with something simple, your installed programs.

3Al62Pm.pngList Installed Programs
  • Download MiniToolBox and move it to your Desktop;
  • Execute it by double-clicking on it;
  • Check the "List Installed Programs" checkbox;
    dE2KOUZ.png
  • Click on the Go button;
  • Once the scan is complete, a log will open.
    wRKHMXW.png
  • Copy/paste (select the Notepad, press Ctrl + A then Ctrl + C to copy, and Ctrl + V to paste) the content of the output log in your next reply;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 kghastie

kghastie
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:09:58 AM

Posted 09 February 2015 - 10:09 PM

Hi. I suspect it's something related to all of the driver and hardware shennanigans I've participated in recently, rather than malware, but here you go:

 

MiniToolBox by Farbar  Version: 30-11-2014
Ran by khastie (administrator) on 09-02-2015 at 22:07:43
Running from "C:\Users\khastie\Downloads"
Microsoft Windows 8.1 Pro with Media Center  (X64)
Boot Mode: Normal
***************************************************************************


=========================== Installed Programs ============================
µTorrent (HKLM-x32\...\uTorrent) (Version: 1.8.5 - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.249 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 15.0.0.249 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.4 64-bit (HKLM\...\{558B5965-CC1B-4AF1-BA07-5D6832404050}) (Version: 5.4.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 12 (HKLM\...\PremElem120) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 12 (Version: 12.0 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Amazon Music (HKCU\...\Amazon Amazon Music) (Version: 3.7.1.698 - Amazon Services LLC)
Amazon Music Importer (HKLM-x32\...\com.amazon.music.uploader) (Version: 2.1.0 - Amazon Services LLC)
Amazon Music Importer (x32 Version: 2.1.0 - Amazon Services LLC) Hidden
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.3.6.0 - SlySoft)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
ConEmu 140814.x64 (HKLM\...\{082BC566-19F8-43B1-ACD5-9DF01EBCE395}) (Version: 11.140.8140 - ConEmu-Maximus5)
Core Temp 1.0 RC6 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
CPUID CPU-Z 1.71.1 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CrashPlan (HKLM-x32\...\{3D42B6A9-00B4-44BC-B190-5847F5A63C36}) (Version: 3.6.4 - Code 42 Software)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - CutePDF.com)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DriverMax 7 (HKLM-x32\...\DMX5_is1) (Version: 7.48.0.1000 - Innovative Solutions)
Dropbox (HKCU\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Elements 12 Organizer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
eMule (HKLM-x32\...\eMule) (Version:  - )
EPSON WorkForce 845 Series Printer Uninstall (HKLM\...\EPSON WorkForce 845 Series) (Version:  - SEIKO EPSON Corporation)
Equalify v2.5.3 (Stable) (HKLM-x32\...\{33EC4F70-9F4B-406F-BB2A-F75A285E927D}) (Version: 2.5.3.0 - Equalify)
Evernote v. 5.8.1 (HKLM-x32\...\{4FD2D1C8-8636-11E4-9D21-00163E98E7D6}) (Version: 5.8.1.6061 - Evernote Corp.)
Git Extensions 2.47.03 (HKLM-x32\...\{D9015694-B0D2-4AEB-AFBF-BE76B356C296}) (Version: 2.47.03 - Henk)
Git version 1.8.3-preview20130601 (HKLM-x32\...\Git_is1) (Version: 1.8.3-preview20130601 - The Git Development Community)
Google Chrome (HKLM-x32\...\{61D1D65D-76AF-37E3-A2AC-006AACB51587}) (Version: 65.143.49253 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HandBrake 0.10.0 (HKLM-x32\...\HandBrake) (Version: 0.10.0 - )
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version:  - EFD Software)
HD Writer AE 3.0 (HKLM-x32\...\{5678B15A-504C-4A79-8554-05488A206E41}) (Version: 3.00.019.1033 - Panasonic Corporation)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Chipset Device Software (Version: 10.0.13 - Intel Corporation) Hidden
Intel® Chipset Device Software (x32 Version: 10.0.13 - Intel® Corporation) Hidden
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
KDiff3 (remove only) (HKLM-x32\...\KDiff3) (Version:  - )
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
LenovoEMC Storage Manager (HKLM\...\LenovoEMC Storage Manager) (Version: 1.4.4.14439 - EMC)
Magical Jelly Bean KeyFinder (HKLM-x32\...\KeyFinder_is1) (Version: 2.0.10.10 - Magical Jelly Bean)
MakeMKV v1.9.0 (HKLM-x32\...\MakeMKV) (Version: v1.9.0 - GuinpinSoft inc)
marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.2.0.1035 - Marvell)
MediaInfo 0.7.71 (HKLM\...\MediaInfo) (Version: 0.7.71 - MediaArea.net)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MusicBrainz Picard (HKLM-x32\...\MusicBrainz Picard) (Version: 1.3 - MusicBrainz)
NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Control Panel 340.52 (Version: 340.52 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.157.1165 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Plex Media Server (HKLM-x32\...\{16eca963-68c5-4756-80f9-db9094a4d6f0}) (Version: 0.9.1104 - Plex, Inc.)
Plex Media Server (x32 Version: 0.9.1104 - Plex, Inc.) Hidden
PRE12 STI 64Installer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RAMDisk (HKLM-x32\...\{0FEB4B92-FA19-4417-B7A2-092D1F85A2FA}) (Version: 4.4.0.32 - Dataram, Inc.)
RAPID Mode (Version: 1.0.1.81 - Samsung Electronics Co., Ltd.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
Sandboxie 4.14 (64-bit) (HKLM\...\Sandboxie) (Version: 4.14 - Sandboxie Holdings, LLC)
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Spotify (HKCU\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)
System Requirements Lab for Intel (HKLM-x32\...\{53C63F43-B827-42D9-8886-4698D91EA33B}) (Version: 4.5.15.0 - Husdawg, LLC)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
TextPad 7 (HKLM-x32\...\{9F53AC20-2D32-4341-9DA1-29DD40E2199E}) (Version: 7.0.9 - Helios)
VidCoder 1.5.31 (x64) (HKLM\...\VidCoder-x64_is1) (Version: 1.5.31 - RandomEngy)
VLC media player 2.1.0 (HKLM-x32\...\VLC media player) (Version: 2.1.0 - VideoLAN)
WinDirStat 1.1.2 (HKCU\...\WinDirStat) (Version:  - )
Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
Wireshark 1.12.1 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.12.1 - The Wireshark developer community, http://www.wireshark.org)

**** End of log ****

 



#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,198 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:10:58 AM

Posted 09 February 2015 - 10:13 PM

warning.gifDriver Updater Warning!
I see that you're using a "Driver Updater" program, which can be harmful for your system and is totally useless. I'll explain you how it works under Windows when it comes to drivers, other people might disagree with me, but over the time, I've experienced with so many drivers related issues and these programs that it becames an obvious big no in my head. Think of drivers as "middleman" between the hardware and the software. They are what the software use to communicate with the hardware and vice-versa. When you update your your drivers (except for the GPU ones), you do not really increase their performance at all. You cannot boost an hardware component level over the level it has been conceived on (when you overclock a CPU or a GPU, or even your RAM, the capabilities of overclocking are present on the hardware, just not enabled), so even if you update your drivers, you won't get any real "boost" of performance on your system. When a driver update is released, it's mainly to address a bug or an issue in the precedent driver version. If you didn't encounter a single issue with your current drivers, then you have no need to update them to their latest version. This is because the bug present on these drivers might only affect a certain brand of computer, laptop, when it works with a specific software, service, I/O interaction, etc. In other words, I could relate it to a pretty common expression "Why change it (or upgrade it) if it still works perfectly fine?". Then comes what we call the "Driver Updaters". You'll notice that under Windows, and many other OS, a lot of people create software that tries to tell you that you "need" something. You need something more that you don't have. And this is exactly the case of Driver Updater software. They try to tell you that if you keep all your drivers up to date, your system will run faster and always be performant. And if you understood my explanation above, you'll see that it's not true, hence this is "false advertising". The goal of these software are to make you download them, since they are either paid by the download they have, or they bundle other applications and programs in their installers (which we call foistware). The author of the program is paid by these foistware maker to include their program in his program installer. Therefore, you end up installing one product that contained 3 or 4 others and just "bloated" down your system. Also, most of them will ask you to "pay" in order to unlock more benefits or better updates, which is totally false. Drivers updates are totally free from your hardware manufacturer website or your computer/laptop manufacturer website. And this brings anothing point, we don't know where these programs downloads their drivers from. Are they really downloading the drivers they say they download and install? Are they really downloading them from the manufacturer's website? Who knows. There's been some tests that have been done by other reputable websites, like HowToGeek, who tested these Driver Update programs. On a fresh installation of Windows, with the most updated drivers from the manufacturer, the program would report that tons of drivers were outdated and needed to be updated. How is it possible? It's not, it's just inventing that in order to push you to use the software and ultimately buy it. In a whole, you could say these software as a big scam. The same goes for "PC Boosters", "PC Optimizers", "Registry Cleaners" (which are dangerous to use by the way), etc. It looks like I have a total hate of these programs and I'll be honest, I do. But I'm not hating for no reason on them, I'm hating on them because I know them, I know how they "work", I know that they don't work like they say and overall, I know that they cause way more issues than they solve. Therefore, I strongly suggest you to uninstall any "Driver Updater" program you currently have installed, for the well-being of your system.

Alright, please uninstall the following software and let me know once it's done:
  • DriverMax 7;
  • Java 7 Update 45 (64-bits);
  • Java 7 Update 67;
You have a lot of software that should be updated as well. Also, is it possible to tell me when exactly these BSODs occurs? Are you doing anything specific on your system?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 kghastie

kghastie
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:09:58 AM

Posted 09 February 2015 - 11:11 PM

I'm not usually at the computer when the BSODs occur.  Not for any of the last three, at least. 

 

Per DriverMax: I totally agree with you that Driver updater software is dangerous, should never be used and is completely unreliable in every way.  To be clear, I have never used DriverMax for updating at all.  I installed it recently just to see if it would help me track down a few older drivers that Intel can't autodetect for me.  It didn't provide much useful information, although I do find it somewhat helpful as a 3rd check when I am trying to decide between a currently installed driver, the one Intel recommends and the one Gigabyte recommends.  I don't think it's ever influenced a decision I've made.

 

So anyway, it's uninstalled, and Java as well, although I'll need to reinstall that eventually (I'm a Java developer, so it's kinda key for me :) ).



#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,198 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:10:58 AM

Posted 09 February 2015 - 11:20 PM

Java developper? I don't see any Java-ready IDE on your system or am I wrong? :P Also, like I said in my canned, no need to update old drivers if they work just fine :wink: Let's try one last thing before seeing if you get anymore BSODs.

EndqYRa.pngSystem File Checker (SFC)
Follow the instructions below to run a SFC scan on your system:
  • On Windows Vista & 7, click on the Windows Start Menu, then enter cmd in the search box, right-click on the cmd icon and select Run as Administrator
  • On Windows 8, drag your cursor in the bottom-left corner, and right-click on the metro menu preview, then select Command Prompt (Admin);
  • On Windows 8.1, right click on the Windows logo in the bottom-left corner and select Command Prompt (Admin);
  • Enter the command sfc /scannow (there's a space between "sfc" and "/scannow") and press on Enter;
  • Let the scan run until the end (100%), then copy/paste in your next reply the message that is returned after;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 kghastie

kghastie
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:09:58 AM

Posted 09 February 2015 - 11:32 PM

Yeah, been looking at driver updates because of the issues I'm having (I've had issues since I first built this machine from scratch 5 yrs ago), like these BSODs and assorted other errors, issues with my SSD underperforming, etc....  I was trying the only competing philosophy to If It Ain't Broke, Don't Fix It, which is When You Install Windows Fresh, First Thing To Do Is Install Drivers From The Mobo Site.  Neither approach has fixed my issues, though (and I suspect it's a bad mobo, from a long long chain of replacing every piece of HW other than the mobo/cpu, down to the PSU).

 

[Yep, I made a pledge 5 yrs ago to stop installing Intellij on my home machine unless I was doing a personal project :)  Still do some command-line stuff in a pinch.]

 

SFC pending.  I do think I ran this somewhat recently, although I can't remember for sure if it was after these BSODs started appearing.



#10 kghastie

kghastie
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:09:58 AM

Posted 09 February 2015 - 11:36 PM

Also, checking the Application Logs in EventViewer (instead of just Admin Events), I did see two other Informational events for this most recent one.  Here they are:

 

Information    2/9/2015 6:38:16 PM    Windows Error Reporting    1001    None

Fault bucket , type 0
Event Name: APPCRASH
Response: Not available
Cab Id: 0

Problem signature:
P1: svchost.exe_RpcSs
P2: 6.3.9600.17415
P3: 54504177
P4: rpcss.dll
P5: 6.3.9600.17415
P6: 5450409b
P7: c0000005
P8: 00000000000351ff
P9:
P10:

Attached files:
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\WER7650.tmp.appcompat.txt
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\WER7661.tmp.WERInternalMetadata.xml
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_svchost.exe_RpcS_580a85bbe9b40fa8793909991af17a75050fb6_c1c5299b_cab_62ff766f\memory.hdmp
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_svchost.exe_RpcS_580a85bbe9b40fa8793909991af17a75050fb6_c1c5299b_cab_62ff766f\triagedump.dmp

These files may be available here:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_svchost.exe_RpcS_580a85bbe9b40fa8793909991af17a75050fb6_c1c5299b_cab_62ff766f

Analysis symbol:
Rechecking for solution: 0
Report Id: b79e432f-b0b4-11e4-beab-6cf049e0cfc7
Report Status: 32770
Hashed bucket:

Information    2/9/2015 6:38:16 PM    Windows Error Reporting    1001    None

Fault bucket , type 0
Event Name: APPCRASH
Response: Not available
Cab Id: 0

Problem signature:
P1: svchost.exe_RpcSs
P2: 6.3.9600.17415
P3: 54504177
P4: rpcss.dll
P5: 6.3.9600.17415
P6: 5450409b
P7: c0000005
P8: 00000000000351ff
P9:
P10:

Attached files:
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\WER7650.tmp.appcompat.txt
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\WER7661.tmp.WERInternalMetadata.xml
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_svchost.exe_RpcS_580a85bbe9b40fa8793909991af17a75050fb6_c1c5299b_cab_62ff766f\memory.hdmp
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_svchost.exe_RpcS_580a85bbe9b40fa8793909991af17a75050fb6_c1c5299b_cab_62ff766f\triagedump.dmp

These files may be available here:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_svchost.exe_RpcS_580a85bbe9b40fa8793909991af17a75050fb6_c1c5299b_cab_62ff766f

Analysis symbol:
Rechecking for solution: 0
Report Id: b79e432f-b0b4-11e4-beab-6cf049e0cfc7
Report Status: 4
Hashed bucket:


Edited by kghastie, 09 February 2015 - 11:37 PM.


#11 kghastie

kghastie
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:09:58 AM

Posted 09 February 2015 - 11:42 PM

C:\Users\khastie>sfc /scannow

Beginning system scan.  This process will take some time.

Beginning verification phase of system scan.
Verification 100% complete.

Windows Resource Protection did not find any integrity violations.



#12 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,198 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:10:58 AM

Posted 10 February 2015 - 08:20 AM

Alright, let me know if you get any more BSODs, if you do, I'll probably put this thread in hold and I'll send you get checked for malware, since the more I research about these particuliar crashes and BSODs, the more they come up as malware related.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users