Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random BSOD 0xF4 and 0x9F


  • Please log in to reply
8 replies to this topic

#1 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,492 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:38 PM

Posted 11 February 2016 - 04:48 PM

We built a new machine for a customer only 2 months ago, and the system has started bluescreening at random. No particular programs or conditions that have been noted before the crashes.

 

The system has passed SeaTools, MemTest, BurnIn, chkdsk, and sfc /scannow with no issues found. All malware scans are clean.

 

I've not really troubleshot these particular BSODs before, but can only guess it sounds hardware-related. I'd like to diagnose it properly before blindly swapping out parts under warranty (and dealing with the manufacturers for RMA).

 

 

· OS - Windows 8.1, 8, 7, Vista ?

Windows 7 Professional
· x86 (32-bit) or x64 ?

64-bit
· What was original installed OS on system?

Windows 7
· Is the OS an OEM version (came pre-installed on system) or full retail version (YOU purchased it from retailer)?

OEM (we are a system builder)
· Age of system (hardware)

2 months
· Age of OS installation - have you re-installed the OS?

2 months - have not reloaded for this issue yet

· CPU

Intel Core i5
· Video Card

On-board Intel HD
· MotherBoard - (if NOT a laptop)

Gigabyte B85M-D3H
· Power Supply - brand & wattage (skip if laptop)
Antec 350W

· System Manufacturer

Facet Technologies (our company)
· Exact model number (if laptop, check label on bottom)
Custom built

· Laptop or Desktop?

Desktop

 

I will get Driver Verified running here shortly.

 

 

Thanks for any help.

Attached Files


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


BC AdBot (Login to Remove)

 


#2 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:10:38 PM

Posted 11 February 2016 - 06:30 PM

Although you appear to have a reasonable number of Windows Update hotfixes for this version of your OS, please double check for any new Windows Updates.  It only takes one update to cause a problem, so it's essential that you have all of them.  There are recent Windows Update failures in the WER section of the MSINFO32 report.

 

Beyond this, please start with these free hardware diagnostics:  http://www.carrona.org/hwdiag.html
If all of the hardware tests pass, then run Driver Verifier according to these instructions:  http://www.carrona.org/verifier.html

 

 

Analysis:
The following is for informational purposes only.
**************************Tue Feb  9 15:23:16.268 2016 (UTC - 5:00)**************************
Loading Dump File [C:\Users\John\SysnativeBSODApps\020916-12214-01.dmp]
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Built by: 7601.23313.amd64fre.win7sp1_ldr.151230-0600
System Uptime: 0 days 1:46:42.005
Probably caused by : ntkrnlmp.exe ( nt!PspCatchCriticalBreak+92 )
BugCheck F4, {3, fffffa800885eb10, fffffa800885edf0, fffff80002fc5120}
BugCheck Info: CRITICAL_OBJECT_TERMINATION (f4)
Arguments:
Arg1: 0000000000000003, Process
Arg2: fffffa800885eb10, Terminating object
Arg3: fffffa800885edf0, Process image file name
Arg4: fffff80002fc5120, Explanatory message (ascii)
PROCESS_NAME:  csrss.exe
BUGCHECK_STR:  0xF4
DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT
FAILURE_BUCKET_ID:  X64_0xF4_csrss.exe_BUGCHECK_CRITICAL_PROCESS_67cf060_nt!PspCatchCriticalBreak+92
CPUID:        "Intel® Core™ i5-4460  CPU @ 3.20GHz"
MaxSpeed:     3200
CurrentSpeed: 3192
  BIOS Version                  F15
  BIOS Release Date             08/20/2015
  Manufacturer                  Gigabyte Technology Co., Ltd.
  Product Name                  B85M-D3H
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Tue Feb  9 12:20:04.948 2016 (UTC - 5:00)**************************
Loading Dump File [C:\Users\John\SysnativeBSODApps\020916-12355-01.dmp]
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Built by: 7601.23313.amd64fre.win7sp1_ldr.151230-0600
System Uptime: 0 days 17:31:13.941
Probably caused by : ntkrnlmp.exe ( nt!PspCatchCriticalBreak+92 )
BugCheck F4, {3, fffffa8008b25b10, fffffa8008b25df0, fffff80002f90120}
BugCheck Info: CRITICAL_OBJECT_TERMINATION (f4)
Arguments:
Arg1: 0000000000000003, Process
Arg2: fffffa8008b25b10, Terminating object
Arg3: fffffa8008b25df0, Process image file name
Arg4: fffff80002f90120, Explanatory message (ascii)
PROCESS_NAME:  wininit.exe
BUGCHECK_STR:  0xF4
DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT
FAILURE_BUCKET_ID:  X64_0xF4_wininit.exe_BUGCHECK_CRITICAL_PROCESS_7f54a00_nt!PspCatchCriticalBreak+92
CPUID:        "Intel® Core™ i5-4460  CPU @ 3.20GHz"
MaxSpeed:     3200
CurrentSpeed: 3192
  BIOS Version                  F15
  BIOS Release Date             08/20/2015
  Manufacturer                  Gigabyte Technology Co., Ltd.
  Product Name                  B85M-D3H
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Mon Feb  8 14:11:21.617 2016 (UTC - 5:00)**************************
Loading Dump File [C:\Users\John\SysnativeBSODApps\020816-17097-01.dmp]
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Built by: 7601.23313.amd64fre.win7sp1_ldr.151230-0600
System Uptime: 0 days 2:03:49.976
Probably caused by : ntkrnlmp.exe ( nt!PspCatchCriticalBreak+92 )
BugCheck F4, {3, fffffa8008a2bb10, fffffa8008a2bdf0, fffff80002f84120}
BugCheck Info: CRITICAL_OBJECT_TERMINATION (f4)
Arguments:
Arg1: 0000000000000003, Process
Arg2: fffffa8008a2bb10, Terminating object
Arg3: fffffa8008a2bdf0, Process image file name
Arg4: fffff80002f84120, Explanatory message (ascii)
PROCESS_NAME:  wininit.exe
BUGCHECK_STR:  0xF4
DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT
FAILURE_BUCKET_ID:  X64_0xF4_wininit.exe_BUGCHECK_CRITICAL_PROCESS_8229520_nt!PspCatchCriticalBreak+92
CPUID:        "Intel® Core™ i5-4460  CPU @ 3.20GHz"
MaxSpeed:     3200
CurrentSpeed: 3192
  BIOS Version                  F15
  BIOS Release Date             08/20/2015
  Manufacturer                  Gigabyte Technology Co., Ltd.
  Product Name                  B85M-D3H
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Thu Feb  4 19:32:48.977 2016 (UTC - 5:00)**************************
Loading Dump File [C:\Users\John\SysnativeBSODApps\020516-18813-01.dmp]
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Built by: 7601.23313.amd64fre.win7sp1_ldr.151230-0600
System Uptime: 0 days 10:05:20.867
*** WARNING: Unable to verify timestamp for iusb3hub.sys
*** ERROR: Module load completed but symbols could not be loaded for iusb3hub.sys
Probably caused by : iusb3hub.sys
BugCheck 9F, {3, fffffa8007d9abd0, fffff80000b9a3d8, fffffa800986fb40}
BugCheck Info: DRIVER_POWER_STATE_FAILURE (9f)
Arguments:
Arg1: 0000000000000003, A device object has been blocking an Irp for too long a time
Arg2: fffffa8007d9abd0, Physical Device Object of the stack
Arg3: fffff80000b9a3d8, nt!TRIAGE_9F_POWER on Win7 and higher, otherwise the Functional Device Object of the stack
Arg4: fffffa800986fb40, The blocked IRP
BUGCHECK_STR:  0x9F
DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT
PROCESS_NAME:  System
FAILURE_BUCKET_ID:  X64_0x9F_3_POWER_DOWN_DM150Drv_IMAGE_iusb3hub.sys
CPUID:        "Intel® Core™ i5-4460  CPU @ 3.20GHz"
MaxSpeed:     3200
CurrentSpeed: 3192
  BIOS Version                  F15
  BIOS Release Date             08/20/2015
  Manufacturer                  Gigabyte Technology Co., Ltd.
  Product Name                  B85M-D3H
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Mon Feb  1 19:10:57.967 2016 (UTC - 5:00)**************************
Loading Dump File [C:\Users\John\SysnativeBSODApps\020216-15256-01.dmp]
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Built by: 7601.23313.amd64fre.win7sp1_ldr.151230-0600
System Uptime: 0 days 7:08:35.134
*** WARNING: Unable to verify timestamp for iusb3hub.sys
*** ERROR: Module load completed but symbols could not be loaded for iusb3hub.sys
Probably caused by : iusb3hub.sys
BugCheck 9F, {3, fffffa8007d1cbd0, fffff80003fe03d8, fffffa8007832ae0}
BugCheck Info: DRIVER_POWER_STATE_FAILURE (9f)
Arguments:
Arg1: 0000000000000003, A device object has been blocking an Irp for too long a time
Arg2: fffffa8007d1cbd0, Physical Device Object of the stack
Arg3: fffff80003fe03d8, nt!TRIAGE_9F_POWER on Win7 and higher, otherwise the Functional Device Object of the stack
Arg4: fffffa8007832ae0, The blocked IRP
BUGCHECK_STR:  0x9F
DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT
PROCESS_NAME:  System
FAILURE_BUCKET_ID:  X64_0x9F_3_POWER_DOWN_DM150Drv_IMAGE_iusb3hub.sys
CPUID:        "Intel® Core™ i5-4460  CPU @ 3.20GHz"
MaxSpeed:     3200
CurrentSpeed: 3192
  BIOS Version                  F15
  BIOS Release Date             08/20/2015
  Manufacturer                  Gigabyte Technology Co., Ltd.
  Product Name                  B85M-D3H
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Tue Jan 26 17:25:52.817 2016 (UTC - 5:00)**************************
Loading Dump File [C:\Users\John\SysnativeBSODApps\012616-12027-01.dmp]
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Built by: 7601.23313.amd64fre.win7sp1_ldr.151230-0600
System Uptime: 0 days 0:22:57.006
Probably caused by : ntkrnlmp.exe ( nt!PspCatchCriticalBreak+92 )
BugCheck F4, {3, fffffa8008335b10, fffffa8008335df0, fffff80002fc0120}
BugCheck Info: CRITICAL_OBJECT_TERMINATION (f4)
Arguments:
Arg1: 0000000000000003, Process
Arg2: fffffa8008335b10, Terminating object
Arg3: fffffa8008335df0, Process image file name
Arg4: fffff80002fc0120, Explanatory message (ascii)
PROCESS_NAME:  csrss.exe
BUGCHECK_STR:  0xF4
DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT
FAILURE_BUCKET_ID:  X64_0xF4_csrss.exe_BUGCHECK_CRITICAL_PROCESS_8a91b50_nt!PspCatchCriticalBreak+92
CPUID:        "Intel® Core™ i5-4460  CPU @ 3.20GHz"
MaxSpeed:     3200
CurrentSpeed: 3192
  BIOS Version                  F15
  BIOS Release Date             08/20/2015
  Manufacturer                  Gigabyte Technology Co., Ltd.
  Product Name                  B85M-D3H
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Tue Jan 26 17:01:54.191 2016 (UTC - 5:00)**************************
Loading Dump File [C:\Users\John\SysnativeBSODApps\012616-12573-01.dmp]
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Built by: 7601.23313.amd64fre.win7sp1_ldr.151230-0600
System Uptime: 0 days 1:08:27.005
Probably caused by : ntkrnlmp.exe ( nt!PspCatchCriticalBreak+92 )
BugCheck F4, {3, fffffa80082ddb10, fffffa80082dddf0, fffff80002fc8120}
BugCheck Info: CRITICAL_OBJECT_TERMINATION (f4)
Arguments:
Arg1: 0000000000000003, Process
Arg2: fffffa80082ddb10, Terminating object
Arg3: fffffa80082dddf0, Process image file name
Arg4: fffff80002fc8120, Explanatory message (ascii)
PROCESS_NAME:  csrss.exe
BUGCHECK_STR:  0xF4
DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT
FAILURE_BUCKET_ID:  X64_0xF4_csrss.exe_BUGCHECK_CRITICAL_PROCESS_86f7b50_nt!PspCatchCriticalBreak+92
CPUID:        "Intel® Core™ i5-4460  CPU @ 3.20GHz"
MaxSpeed:     3200
CurrentSpeed: 3192
  BIOS Version                  F15
  BIOS Release Date             08/20/2015
  Manufacturer                  Gigabyte Technology Co., Ltd.
  Product Name                  B85M-D3H
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Tue Jan 26 15:52:25.642 2016 (UTC - 5:00)**************************
Loading Dump File [C:\Users\John\SysnativeBSODApps\012616-12994-01.dmp]
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Built by: 7601.23313.amd64fre.win7sp1_ldr.151230-0600
System Uptime: 0 days 2:13:15.005
Probably caused by : ntkrnlmp.exe ( nt!PspCatchCriticalBreak+92 )
BugCheck F4, {3, fffffa8008356930, fffffa8008356c10, fffff80002f92120}
BugCheck Info: CRITICAL_OBJECT_TERMINATION (f4)
Arguments:
Arg1: 0000000000000003, Process
Arg2: fffffa8008356930, Terminating object
Arg3: fffffa8008356c10, Process image file name
Arg4: fffff80002f92120, Explanatory message (ascii)
PROCESS_NAME:  csrss.exe
BUGCHECK_STR:  0xF4
DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT
FAILURE_BUCKET_ID:  X64_0xF4_csrss.exe_BUGCHECK_CRITICAL_PROCESS_89acb50_nt!PspCatchCriticalBreak+92
CPUID:        "Intel® Core™ i5-4460  CPU @ 3.20GHz"
MaxSpeed:     3200
CurrentSpeed: 3192
  BIOS Version                  F15
  BIOS Release Date             08/20/2015
  Manufacturer                  Gigabyte Technology Co., Ltd.
  Product Name                  B85M-D3H
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Tue Jan 26 13:38:15.161 2016 (UTC - 5:00)**************************
Loading Dump File [C:\Users\John\SysnativeBSODApps\012616-18049-01.dmp]
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Built by: 7601.23313.amd64fre.win7sp1_ldr.151230-0600
System Uptime: 0 days 4:05:10.022
Probably caused by : ntkrnlmp.exe ( nt!PspCatchCriticalBreak+92 )
BugCheck F4, {3, fffffa800883a880, fffffa800883ab60, fffff80002fd6120}
BugCheck Info: CRITICAL_OBJECT_TERMINATION (f4)
Arguments:
Arg1: 0000000000000003, Process
Arg2: fffffa800883a880, Terminating object
Arg3: fffffa800883ab60, Process image file name
Arg4: fffff80002fd6120, Explanatory message (ascii)
PROCESS_NAME:  csrss.exe
BUGCHECK_STR:  0xF4
DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT
FAILURE_BUCKET_ID:  X64_0xF4_csrss.exe_BUGCHECK_CRITICAL_PROCESS_91e4b50_nt!PspCatchCriticalBreak+92
CPUID:        "Intel® Core™ i5-4460  CPU @ 3.20GHz"
MaxSpeed:     3200
CurrentSpeed: 3192
  BIOS Version                  F15
  BIOS Release Date             08/20/2015
  Manufacturer                  Gigabyte Technology Co., Ltd.
  Product Name                  B85M-D3H
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Thu Jan  7 16:54:30.801 2016 (UTC - 5:00)**************************
Loading Dump File [C:\Users\John\SysnativeBSODApps\010716-12838-01.dmp]
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Built by: 7601.23250.amd64fre.win7sp1_ldr.151019-1255
System Uptime: 0 days 7:28:05.998
Probably caused by : ntkrnlmp.exe ( nt!PspCatchCriticalBreak+92 )
BugCheck F4, {3, fffffa8008799b10, fffffa8008799df0, fffff80002fc8ed0}
BugCheck Info: CRITICAL_OBJECT_TERMINATION (f4)
Arguments:
Arg1: 0000000000000003, Process
Arg2: fffffa8008799b10, Terminating object
Arg3: fffffa8008799df0, Process image file name
Arg4: fffff80002fc8ed0, Explanatory message (ascii)
PROCESS_NAME:  wininit.exe
BUGCHECK_STR:  0xF4
DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT
FAILURE_BUCKET_ID:  X64_0xF4_wininit.exe_BUGCHECK_CRITICAL_PROCESS_6d46060_nt!PspCatchCriticalBreak+92
CPUID:        "Intel® Core™ i5-4460  CPU @ 3.20GHz"
MaxSpeed:     3200
CurrentSpeed: 3192
  BIOS Version                  F15
  BIOS Release Date             08/20/2015
  Manufacturer                  Gigabyte Technology Co., Ltd.
  Product Name                  B85M-D3H
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Wed Jan  6 13:55:35.283 2016 (UTC - 5:00)**************************
Loading Dump File [C:\Users\John\SysnativeBSODApps\010616-21668-01.dmp]
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Built by: 7601.23250.amd64fre.win7sp1_ldr.151019-1255
System Uptime: 0 days 4:23:34.874
Probably caused by : ntkrnlmp.exe ( nt!PspCatchCriticalBreak+92 )
BugCheck F4, {3, fffffa8008a84b10, fffffa8008a84df0, fffff80002fd4ed0}
BugCheck Info: CRITICAL_OBJECT_TERMINATION (f4)
Arguments:
Arg1: 0000000000000003, Process
Arg2: fffffa8008a84b10, Terminating object
Arg3: fffffa8008a84df0, Process image file name
Arg4: fffff80002fd4ed0, Explanatory message (ascii)
PROCESS_NAME:  wininit.exe
BUGCHECK_STR:  0xF4
DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT
FAILURE_BUCKET_ID:  X64_0xF4_wininit.exe_BUGCHECK_CRITICAL_PROCESS_99fe060_nt!PspCatchCriticalBreak+92
CPUID:        "Intel® Core™ i5-4460  CPU @ 3.20GHz"
MaxSpeed:     3200
CurrentSpeed: 3192
  BIOS Version                  F15
  BIOS Release Date             08/20/2015
  Manufacturer                  Gigabyte Technology Co., Ltd.
  Product Name                  B85M-D3H
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Tue Jan  5 17:37:24.286 2016 (UTC - 5:00)**************************
Loading Dump File [C:\Users\John\SysnativeBSODApps\010516-17472-01.dmp]
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Built by: 7601.23250.amd64fre.win7sp1_ldr.151019-1255
System Uptime: 0 days 3:53:39.386
Probably caused by : ntkrnlmp.exe ( nt!PspCatchCriticalBreak+92 )
BugCheck F4, {3, fffffa8008a76b10, fffffa8008a76df0, fffff80002f78ed0}
BugCheck Info: CRITICAL_OBJECT_TERMINATION (f4)
Arguments:
Arg1: 0000000000000003, Process
Arg2: fffffa8008a76b10, Terminating object
Arg3: fffffa8008a76df0, Process image file name
Arg4: fffff80002f78ed0, Explanatory message (ascii)
PROCESS_NAME:  wininit.exe
BUGCHECK_STR:  0xF4
DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT
FAILURE_BUCKET_ID:  X64_0xF4_wininit.exe_BUGCHECK_CRITICAL_PROCESS_8a86b50_nt!PspCatchCriticalBreak+92
CPUID:        "Intel® Core™ i5-4460  CPU @ 3.20GHz"
MaxSpeed:     3200
CurrentSpeed: 3192
  BIOS Version                  F15
  BIOS Release Date             08/20/2015
  Manufacturer                  Gigabyte Technology Co., Ltd.
  Product Name                  B85M-D3H
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Tue Jan  5 13:43:01.489 2016 (UTC - 5:00)**************************
Loading Dump File [C:\Users\John\SysnativeBSODApps\010516-16068-01.dmp]
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Built by: 7601.23250.amd64fre.win7sp1_ldr.151019-1255
System Uptime: 0 days 4:15:46.006
Probably caused by : ntkrnlmp.exe ( nt!PspCatchCriticalBreak+92 )
BugCheck F4, {3, fffffa8007db4940, fffffa8007db4c20, fffff80002fbfed0}
BugCheck Info: CRITICAL_OBJECT_TERMINATION (f4)
Arguments:
Arg1: 0000000000000003, Process
Arg2: fffffa8007db4940, Terminating object
Arg3: fffffa8007db4c20, Process image file name
Arg4: fffff80002fbfed0, Explanatory message (ascii)
PROCESS_NAME:  csrss.exe
BUGCHECK_STR:  0xF4
DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT
FAILURE_BUCKET_ID:  X64_0xF4_csrss.exe_BUGCHECK_CRITICAL_PROCESS_7da3b50_nt!PspCatchCriticalBreak+92
CPUID:        "Intel® Core™ i5-4460  CPU @ 3.20GHz"
MaxSpeed:     3200
CurrentSpeed: 3192
  BIOS Version                  F15
  BIOS Release Date             08/20/2015
  Manufacturer                  Gigabyte Technology Co., Ltd.
  Product Name                  B85M-D3H
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``


3rd Party Drivers:
The following is for information purposes only.
Any drivers in RED should be updated or removed from your system. And should have been discussed in the body of my post.
**************************Tue Feb  9 15:23:16.268 2016 (UTC - 5:00)**************************
intelppm.sys                Mon Jul 13 19:19:25 2009 (4A5BC0FD)
amdxata.sys                 Fri Mar 19 12:18:18 2010 (4BA3A3CA)
generic.sys                 Sat Jul  3 23:26:53 2010 (4C2FFF7D)
DM150Drv.sys                Sat Jul  3 23:29:20 2010 (4C300010)
Rt64win7.sys                Tue Jun 12 10:00:29 2012 (4FD74B7D)
usbfilter.sys               Tue Aug 28 21:27:12 2012 (503D6FF0)
mvusbews.sys                Mon Nov 26 01:55:41 2012 (50B3126D)
TeeDriverx64.sys            Thu Sep  5 14:02:18 2013 (5228C72A)
iusb3hub.sys                Fri Aug  8 09:09:20 2014 (53E4CC00)
iusb3xhc.sys                Fri Aug  8 09:09:23 2014 (53E4CC03)
iusb3hcs.sys                Fri Aug  8 09:11:08 2014 (53E4CC6C)
igdkmd64.sys                Wed Aug  5 00:53:18 2015 (55C196BE)
http://www.carrona.org/drivers/driver.php?id=intelppm.sys
http://www.carrona.org/drivers/driver.php?id=amdxata.sys
http://www.carrona.org/drivers/driver.php?id=generic.sys
http://www.carrona.org/drivers/driver.php?id=DM150Drv.sys
http://www.carrona.org/drivers/driver.php?id=Rt64win7.sys
http://www.carrona.org/drivers/driver.php?id=usbfilter.sys
http://www.carrona.org/drivers/driver.php?id=mvusbews.sys
http://www.carrona.org/drivers/driver.php?id=TeeDriverx64.sys
http://www.carrona.org/drivers/driver.php?id=iusb3hub.sys
http://www.carrona.org/drivers/driver.php?id=iusb3xhc.sys
http://www.carrona.org/drivers/driver.php?id=iusb3hcs.sys
http://www.carrona.org/drivers/driver.php?id=igdkmd64.sys



 


My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#3 Demonslay335

Demonslay335

    Ransomware Hunter

  • Topic Starter

  • Security Colleague
  • 3,492 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:38 PM

Posted 11 February 2016 - 06:47 PM

Thanks usasma. My technician actually pushed it through Windows updates right after I posted. She says there were 21 updates applied, and it is fully patched now. Most were .NET Framework updates. I wonder if it was having trouble pulling updates on-site for some reason with their domain, as it had no issues at our shop.

 

We are running Prime95 on the system now.

 

I do see iusb3hub.sys mentioned in your kernel analysis a lot - we didn't see that in BlueScreenView. The driver date for that is 08/08/14, so we will look into updating that from Gigabyte's site for sure Gigabyte's website has no newer updates for USB 3.0 on this board.

 

I'll let you know how it goes in the morning.


Edited by Demonslay335, 11 February 2016 - 06:49 PM.

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#4 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:10:38 PM

Posted 12 February 2016 - 06:06 AM

BSOD analysis is a funny subject, If a driver writes information to the address space owned by another driver, and then exits - there's no evidence left of that if the system crashes because of it later on.  It makes the hunt for a cause a bit like looking for a "needle in a haystack".

 

I've spoken with the creator of BlueScreenView and there are a lot of technical reasons why his output isn't similar to the output of kd.exe or WinDbg.  I'm not a programmer, so I didn't understand a lot of it (and this was back in the W7 days).

 

Just FYI - here's how I do BSOD analysis':
- first I rule out 3rd party drivers (over 90% of BSOD's are due to this)
- then I rule out hardware (less than 10% of BSOD's are due to this)
- then I look at Windows problems (less than 1% of BSOD's are due to this - as long as Windows Updates are fully up to date).

My posting has had the Windows drivers scrubbed out, so we can focus on the 3rd party drivers

Usually I concentrate on the drivers that you see there.

If the obvious one's don't have problems, then I try running Driver Verifier to see if it'll help point out problems

But in the really difficult cases, we end up replacing all of the drivers (by uninstalling the software that uses them and reinstalling a freshly downloaded version).

 

Unfortunately, with older OS's we are faced with the lack of interest that manufacturer's show for providing updates to a dying OS.

 

*******************************************************

So, while writing the stuff above, I was scanning through the BSOD info and spotted this:

FAILURE_BUCKET_ID:  X64_0x9F_3_POWER_DOWN_DM150Drv_IMAGE_iusb3hub.sys

I was thinking about your mention of the iusb3hub.sys drivers, and then recalled that I had wondered about the DM150Drv driver when the dumps originally finished (as I hadn't seen it much in the past).
For some reason, I had missed that particular line of the dump output.

 

The DRT (Driver Reference Table) is primarily composed of drivers that we've culled from memory dumps - so they are more likely to be seen in BSOD's than other drivers that you'll find on the web.

 

The DM150Drv.sys driver is a component of the Pitney Bowes meter driver.

The Failure Bucket seems to imply that it's having trouble with power transitions.

I'd suggest uninstalling the Pitney Bowes software and physically disconnecting the USB device associated with it (for testing)

 

As the driver dates from 2010, I'd suggest contacting PitneyBowes for support in getting a newer version of the driver.

An internet search reveals at least a few problems with this driver for users.

 

While replacing the driver is the most likely fix, we still have to consider that the device itself (or even the USB cable that it uses) could have hardware problems.

Is there any way to test a new device or a new cable if the problems persist after updating the driver?


My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#5 Demonslay335

Demonslay335

    Ransomware Hunter

  • Topic Starter

  • Security Colleague
  • 3,492 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:38 PM

Posted 12 February 2016 - 09:44 AM

I've never heard of Pitney Bowes, but then again this particular system isn't one of my personal contracts. I'll have our technician who has their case check into what they plug in. It's a car dealership, so it wouldn't surprise me if they do plug a bunch of funny gadgets in for ERT and all of that.

 

Thanks for the tips on BSOD analysis. BlueScreenView has been pretty helpful for leading us in the right direction since we are noobs at this particular type of diagnostics. Most of the time it at least points us to "hey it has a virus", or "that sounds like a hard drive issue" with some of the more common ones. I'm definitely interested in learning to better understand tools like WinDbg.

 

One question on using WinDbg while on that subject. Do you have to have all of the symbols for the OS you are assessing the dump from? I run on a SSD, and the symbol packages are rather large. I can see that being a constraint if I have to have flexibility on troubleshooting each OS/edition/architecture. Loading them over a network share proved to run terrible. I've tried looking into some guides, but they seem to all say you need to load the symbols packages.

 

 

Once I hear back on the Pitney Bowes device and troubleshoot that, I'll post back. I'm sure they can get a new one from their vendors if it does turn out to be an issue with the device or cable.


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#6 Demonslay335

Demonslay335

    Ransomware Hunter

  • Topic Starter

  • Security Colleague
  • 3,492 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:38 PM

Posted 12 February 2016 - 07:54 PM

We found a driver from January of 2015, but ran into issues with installing it with some odd error about "cycles". I am not at the same shop, so I did not catch the full error. We are looking into if this is a device they can bring to our shop, or if we have to continue troubleshooting it on-site.

 

I may not be able to have an update until Monday, since I think they are closed over the weekend. Thanks for the help, I'll keep you posted


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#7 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:10:38 PM

Posted 13 February 2016 - 05:40 AM

You must have symbols (at least the Microsoft one's) - without them you're losing information.

For example, the other day a friend was having symbol errors while helping a user online (I noticed it in the WinDbg output).

The dumps provided him with a generic view of the crash process - but didn't address any specific issues.

When I ran the dumps (with symbols), they specifically pointed to a problem with the hard drive - which saved a lot of time troubleshooting.

 

 

FYI - the symbol cache on my personal system (and I do analysis with kd.exe on all versions of Windows from XP on up) is 5 gB in size.

A hefty chunk, but manageable on most systems.
There are switches where you can force the system to use the online symbols, but it's a bit slow.

Another option is to store symbols on another drive, and point WinDbg there (if using an external, I'd use USB 3 or better)

But this isn't much use for a shop that doesn't use them often.  For my shop, it just uses the symbols off the web and we accept the delays.

It's not much trouble to point it at the symbol server, start running WinDbg, and then walking away for a few minutes while waiting for it to run.

 

Also there's a free online analysis tool here:  http://www.osronline.com/page.cfm?name=Analyze

It'll run WinDbg with the !analze -v option


My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#8 Demonslay335

Demonslay335

    Ransomware Hunter

  • Topic Starter

  • Security Colleague
  • 3,492 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:38 PM

Posted 17 February 2016 - 10:39 AM

Thanks for that info. I've actually just been upgraded to a bigger SSD that I might be able to actually store those symbols on now if they are only 5GB. I thought I remember them being more like 20GB... on an 80GB SSD that was already full of development tools, I only had 2GB to spare at any given time. Now I have a 250GB SSD, so I should be good now. :)

Our engineer delivered the system on Monday and was able to successfully update the software while connected to the meter device. We have not heard of any trouble from the client since, so I think this case can be marked as solved. :thumbup2:
 
Thanks for all the help and useful links.


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#9 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:10:38 PM

Posted 18 February 2016 - 03:32 PM

I don't download the symbol packages, I just let the debugger download the needed symbols.

 

I'm glad to hear that things are working OK.

Thanks for letting us know!


My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users