Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BSODing randomly after virus cleanup


  • Please log in to reply
4 replies to this topic

#1 Skiizm

Skiizm

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 22 October 2016 - 07:47 PM

A few nights ago I noticed a process taking up a lot of network resources (SystemWin.exe), since then I deleted and cleaned it with Revo, and I also noticed another thing called PsP2Clnt,exe, which I also deleted. Since doing this it changed my proxy settings so I couldn't access the internet, I fixed that, but now it randomly BSODs with the message "Modification of data or critical system detected" or something similar. I've scanned with MBAM/MSE in safe mode/normal mode and cleaned it, but these BSODs keep happening and it's driving me nuts. I'm not sure if it's my PSU as some googling suggests, or my RAM, but this computer is about 3 months old, and I actually plan on getting more RAM soon. Just in case, these are my specs: http://i.imgur.com/vCENI0u.png Windows 7 x64

 

I'm attempting to do the steps at the top of the forum but I can't test my HDD because I don't have a CD drive, is there any other way of doing that if I need to do that as well? About to do all the other tests as well. Thanks for reading.

Attached Files



BC AdBot (Login to Remove)

 


#2 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:04:11 PM

Posted 23 October 2016 - 04:51 AM

Unfortunately it appears that the system has pirated software.
Please get a legitimate copy installed and we'll be glad to help.

Here's suggestions on how to ensure that your version is legitimate:  http://windows.microsoft.com/en-us/windows/genuine

Please be aware that we may not be able to fix it (as the hacks that were done to activate it will cause the OS to behave differently than we expect it to). If that's the case, our efforts to help may just waste your time. Secondly, the forum rules prohibit assisting with pirated software - so the topic would be closed if that is the case.

As a courtesy, I will offer an analysis of your issues using the reports you provided.
I will not answer any questions about the analysis until the system is made legitimate.
If you do make it legitimate, please submit a new set of reports for us to check.

Just FYI, sometimes the owner won't know about this.  So here's 2 scenarios that might ring a bell:
- if they had a "friend" help with the computer - and the "friend" installed a pirated copy.
- or they used a copy that they had from another OEM computer.  The OEM license is tied to the hardware that it came from - so you can't just use it on another system (that means that it's pirated).

And here's the analysis:

 

 

Only 202 Windows Update hotfixes installed.  Most systems with SP1 have 350-400 or more.  Please visit Windows Update and get ALL available updates (it may take several trips to get them all).
The actual number is not important.  Rather it's important that you checked manually, installed any available updates, and didn't experience any errors when checking or updating.

These devices have problems in Device Manager:

 

PCI Memory Controller    PCI\VEN_8086&DEV_A121&SUBSYS_86941043&REV_31\3&11583659&0&FA    The drivers for this device are not installed.
SM Bus Controller    PCI\VEN_8086&DEV_A123&SUBSYS_86941043&REV_31\3&11583659&0&FC    The drivers for this device are not installed.
PCI Simple Communications Controller    PCI\VEN_8086&DEV_A13A&SUBSYS_86941043&REV_31\3&11583659&0&B0    The drivers for this device are not installed.
Ethernet Controller    PCI\VEN_10EC&DEV_8168&SUBSYS_86771043&REV_15\4&38D583E8&0&00EB    The drivers for this device are not installed.

The first 3 appear related to your Intel chipset and other Intel drivers (such as the RST, MEI, DPTF, SCST, etc)

The last one is your wired network controller.

Please download and install the latest, W7 compatible versions from the system/motherboard manufacturer's support website

 

Daemon Tools (and Alcohol % software) are known to cause BSOD's on some Windows systems (mostly due to the sptd.sys driver, although I have seen both dtsoftbus01.sys and dtscsibus.sys blamed on several occasions).

Please un-install the program, then use the following free tool to ensure that the troublesome sptd.sys driver is removed from your system (pick the 32 or 64 bit system depending on your system's configuration):  New link (15 Aug 2012):  http://www.duplexsecure.com/downloads (pick the appropriate version for your system and select "Un-install" when you run it).
Alternate link:  http://www.disc-tools.com/download/sptd
Manual procedure here:  http://daemonpro-help.com/en/problems_and_solutions/registry_and_sptd_problems.html
NOTE:  The uninstaller may not find the SPTD.sys driver.  Don't worry about it, just let us know in your post.
NOTE2:  The latest version has an SPTD2.sys driver - the uninstaller is on the same page as the SPTD.sys driver - just download the version for W10!

MSI Afterburner and Riva Tuner (along with EVGA Precision) are known to cause BSOD's in some Windows systems (it's driver is usually RTCore64.sys).  Please un-install them immediately!

If you're overclocking, please stop the overclock while we're troubleshooting.  Feel free to resume the overclock once the system has been stabilized.

Waiting on the memory dumps to process, will make another post with them.

 

XXXXX


My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#3 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:04:11 PM

Posted 23 October 2016 - 05:15 AM

Nothing further in these memory dumps....

 

Beyond this I have these 5 suggestions:
1.  Get ALL available Windows Updates.  It may take several trips to get them all
2.  Get ALL available, compatible updates for your system from the manufacturer's website (to include BIOS/UEFI).
3.  Get ALL available, compatible updates for the programs and any additional hardware installed on your computer from the developer's website
4.  Start with these free hardware diagnostics:  http://www.carrona.org/hwdiag.html
5.  If all of the hardware tests pass, then run Driver Verifier according to these instructions:  http://www.carrona.org/verifier.html

If that doesn't fix it, then I'd suggest that you backup your stuff, wipe the hard drive, and reinstall Windows "clean":  http://www.carrona.org/canned.html#clean

 

Analysis:
The following is for information purposes only. The following information contains the relevant information from the blue screen analysis:
**************************Sat Oct 22 18:58:01.904 2016 (UTC - 4:00)**************************
Loading Dump File [C:\Users\john\SysnativeBSODApps\102316-6052-01.dmp]
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Built by: 7601.23564.amd64fre.win7sp1_ldr.160930-0600
System Uptime:0 days 11:59:14.654
*** WARNING: Unable to verify timestamp for win32k.sys
*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
Probably caused by :memory_corruption
BugCheck 109, {a3a039d89e96364b, b3b7465ef11305a1, fffff80002c780be, 1}
BugCheck Info: CRITICAL_STRUCTURE_CORRUPTION (109)
Arguments:
Arg1: a3a039d89e96364b, Reserved
Arg2: b3b7465ef11305a1, Reserved
Arg3: fffff80002c780be, Failure type dependent information
Arg4: 0000000000000001, Type of corrupted region, can be
    0   : A generic data region
    1   : Modification of a function or .pdata
    2   : A processor IDT
    3   : A processor GDT
    4   : Type 1 process list corruption
    5   : Type 2 process list corruption
    6   : Debug routine modification
    7   : Critical MSR modification
    8   : Object type
    9   : A processor IVT
    a   : Modification of a system service function
    b   : A generic session data region
    c   : Modification of a session function or .pdata
    d   : Modification of an import table
    e   : Modification of a session import table
    f   : Ps Win32 callout modification
    10  : Debug switch routine modification
    11  : IRP allocator modification
    12  : Driver call dispatcher modification
    13  : IRP completion dispatcher modification
    14  : IRP deallocator modification
    15  : A processor control register
    16  : Critical floating point control register modification
    17  : Local APIC modification
    18  : Kernel notification callout modification
    19  : Loaded module list modification
    1a  : Type 3 process list corruption
    1b  : Type 4 process list corruption
    1c  : Driver object corruption
    1d  : Executive callback object modification
    1e  : Modification of module padding
    1f  : Modification of a protected process
    20  : A generic data region
    21  : A page hash mismatch
    22  : A session page hash mismatch
    23  : Load config directory modification
    24  : Inverted function table modification
    25  : Session configuration modification
    26  : An extended processor control register
    27  : Type 1 pool corruption
    28  : Type 2 pool corruption
    29  : Type 3 pool corruption
    101 : General pool corruption
    102 : Modification of win32k.sys
BUGCHECK_STR:  0x109
DEFAULT_BUCKET_ID:  CODE_CORRUPTION
PROCESS_NAME:  System
FAILURE_BUCKET_ID: X64_MEMORY_CORRUPTION_ONE_BIT
CPUID:        "Intel® Core™ i5-6600 CPU @ 3.30GHz"
MaxSpeed:     3300
CurrentSpeed: 3312
  BIOS Version                  1801
  BIOS Release Date             05/12/2016
  Manufacturer                  System manufacturer
  Baseboard Manufacturer        ASUSTeK COMPUTER INC.
  Product Name                  System Product Name
  Baseboard Product             B150M-A
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Sat Oct 22 06:58:22.629 2016 (UTC - 4:00)**************************
Loading Dump File [C:\Users\john\SysnativeBSODApps\102216-6130-01.dmp]
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Built by: 7601.23564.amd64fre.win7sp1_ldr.160930-0600
System Uptime:0 days 7:10:46.753
*** WARNING: Unable to verify timestamp for win32k.sys
*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
Probably caused by :memory_corruption
BugCheck 109, {a3a039d89e99b7b8, b3b7465ef116870e, fffff80002c780be, 1}
BugCheck Info: CRITICAL_STRUCTURE_CORRUPTION (109)
Arguments:
Arg1: a3a039d89e99b7b8, Reserved
Arg2: b3b7465ef116870e, Reserved
Arg3: fffff80002c780be, Failure type dependent information
Arg4: 0000000000000001, Type of corrupted region, can be
    0   : A generic data region
    1   : Modification of a function or .pdata
    2   : A processor IDT
    3   : A processor GDT
    4   : Type 1 process list corruption
    5   : Type 2 process list corruption
    6   : Debug routine modification
    7   : Critical MSR modification
    8   : Object type
    9   : A processor IVT
    a   : Modification of a system service function
    b   : A generic session data region
    c   : Modification of a session function or .pdata
    d   : Modification of an import table
    e   : Modification of a session import table
    f   : Ps Win32 callout modification
    10  : Debug switch routine modification
    11  : IRP allocator modification
    12  : Driver call dispatcher modification
    13  : IRP completion dispatcher modification
    14  : IRP deallocator modification
    15  : A processor control register
    16  : Critical floating point control register modification
    17  : Local APIC modification
    18  : Kernel notification callout modification
    19  : Loaded module list modification
    1a  : Type 3 process list corruption
    1b  : Type 4 process list corruption
    1c  : Driver object corruption
    1d  : Executive callback object modification
    1e  : Modification of module padding
    1f  : Modification of a protected process
    20  : A generic data region
    21  : A page hash mismatch
    22  : A session page hash mismatch
    23  : Load config directory modification
    24  : Inverted function table modification
    25  : Session configuration modification
    26  : An extended processor control register
    27  : Type 1 pool corruption
    28  : Type 2 pool corruption
    29  : Type 3 pool corruption
    101 : General pool corruption
    102 : Modification of win32k.sys
BUGCHECK_STR:  0x109
DEFAULT_BUCKET_ID:  CODE_CORRUPTION
PROCESS_NAME:  System
FAILURE_BUCKET_ID: X64_MEMORY_CORRUPTION_ONE_BIT
CPUID:        "Intel® Core™ i5-6600 CPU @ 3.30GHz"
MaxSpeed:     3300
CurrentSpeed: 3312
  BIOS Version                  1801
  BIOS Release Date             05/12/2016
  Manufacturer                  System manufacturer
  Baseboard Manufacturer        ASUSTeK COMPUTER INC.
  Product Name                  System Product Name
  Baseboard Product             B150M-A
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Fri Oct 21 03:54:44.610 2016 (UTC - 4:00)**************************
Loading Dump File [C:\Users\john\SysnativeBSODApps\102116-4617-01.dmp]
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Built by: 7601.23564.amd64fre.win7sp1_ldr.160930-0600
System Uptime:0 days 1:31:36.734
*** WARNING: Unable to verify timestamp for win32k.sys
*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
Probably caused by :memory_corruption
BugCheck 109, {a3a039d89d34258f, b3b7465eefb0f4e5, fffff80002c780c0, 1}
BugCheck Info: CRITICAL_STRUCTURE_CORRUPTION (109)
Arguments:
Arg1: a3a039d89d34258f, Reserved
Arg2: b3b7465eefb0f4e5, Reserved
Arg3: fffff80002c780c0, Failure type dependent information
Arg4: 0000000000000001, Type of corrupted region, can be
    0   : A generic data region
    1   : Modification of a function or .pdata
    2   : A processor IDT
    3   : A processor GDT
    4   : Type 1 process list corruption
    5   : Type 2 process list corruption
    6   : Debug routine modification
    7   : Critical MSR modification
    8   : Object type
    9   : A processor IVT
    a   : Modification of a system service function
    b   : A generic session data region
    c   : Modification of a session function or .pdata
    d   : Modification of an import table
    e   : Modification of a session import table
    f   : Ps Win32 callout modification
    10  : Debug switch routine modification
    11  : IRP allocator modification
    12  : Driver call dispatcher modification
    13  : IRP completion dispatcher modification
    14  : IRP deallocator modification
    15  : A processor control register
    16  : Critical floating point control register modification
    17  : Local APIC modification
    18  : Kernel notification callout modification
    19  : Loaded module list modification
    1a  : Type 3 process list corruption
    1b  : Type 4 process list corruption
    1c  : Driver object corruption
    1d  : Executive callback object modification
    1e  : Modification of module padding
    1f  : Modification of a protected process
    20  : A generic data region
    21  : A page hash mismatch
    22  : A session page hash mismatch
    23  : Load config directory modification
    24  : Inverted function table modification
    25  : Session configuration modification
    26  : An extended processor control register
    27  : Type 1 pool corruption
    28  : Type 2 pool corruption
    29  : Type 3 pool corruption
    101 : General pool corruption
    102 : Modification of win32k.sys
BUGCHECK_STR:  0x109
DEFAULT_BUCKET_ID:  CODE_CORRUPTION
PROCESS_NAME:  System
FAILURE_BUCKET_ID: X64_MEMORY_CORRUPTION_ONE_BIT
CPUID:        "Intel® Core™ i5-6600 CPU @ 3.30GHz"
MaxSpeed:     3300
CurrentSpeed: 3312
  BIOS Version                  1801
  BIOS Release Date             05/12/2016
  Manufacturer                  System manufacturer
  Baseboard Manufacturer        ASUSTeK COMPUTER INC.
  Product Name                  System Product Name
  Baseboard Product             B150M-A
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
The rest of the memory dump summaries are hidden in the Spoiler tag below.  Click on "Show" to reveal them.

Spoiler




3rd Party Drivers:
The following is for information purposes only. My recommendations were given above. The drivers that follow belong to software or devices that were not developed by Microsoft.  You can find links to the driver information and where to update the drivers in the section after the code box:

**************************Sat Oct 22 18:58:01.904 2016 (UTC - 4:00)**************************
intelppm.sys                Mon Jul 13 19:19:25 2009 (4A5BC0FD)
amdxata.sys                 Fri Mar 19 12:18:18 2010 (4BA3A3CA)
athrx.sys                   Tue Feb 22 15:17:31 2011 (4D6419DB)
speedfan.sys                Sat Dec 29 15:59:35 2012 (50DF59B7)
lgcoretemp.sys              Tue Jun  9 12:52:10 2015 (557719BA)
dtlitescsibus.sys           Thu Sep 24 16:17:21 2015 (56045A51)
iusb3hub.sys                Fri Nov 20 08:09:31 2015 (564F1B8B)
iusb3xhc.sys                Fri Nov 20 08:09:33 2015 (564F1B8D)
iusb3hcs.sys                Fri Nov 20 08:10:26 2015 (564F1BC2)
dtliteusbbus.sys            Mon Dec 28 08:05:52 2015 (568133B0)
nvhda64v.sys                Tue May 10 04:59:01 2016 (5731A2D5)
networx.sys                 Tue May 31 11:52:50 2016 (574DB352)
LGVirHid.sys                Mon Jun 13 14:47:03 2016 (575EFFA7)
LGJoyXlCore.sys             Mon Jun 13 14:47:06 2016 (575EFFAA)
LGBusEnum.sys               Mon Jun 13 14:47:08 2016 (575EFFAC)
nvvad64v.sys                Fri Jul  1 09:12:29 2016 (57766C3D)
ladfGSS.sys                 Wed Aug  3 17:57:17 2016 (57A268BD)
MpFilter.sys                Mon Aug  8 19:01:17 2016 (57A90F3D)
nvlddmkm.sys                Sat Oct  1 15:06:38 2016 (57F0093E)

http://www.carrona.org/drivers/driver.php?id=intelppm.sys
http://www.carrona.org/drivers/driver.php?id=amdxata.sys
http://www.carrona.org/drivers/driver.php?id=athrx.sys
http://www.carrona.org/drivers/driver.php?id=speedfan.sys
http://www.carrona.org/drivers/driver.php?id=lgcoretemp.sys
http://www.carrona.org/drivers/driver.php?id=dtlitescsibus.sys
http://www.carrona.org/drivers/driver.php?id=iusb3hub.sys
http://www.carrona.org/drivers/driver.php?id=iusb3xhc.sys
http://www.carrona.org/drivers/driver.php?id=iusb3hcs.sys
dtliteusbbus.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
http://www.carrona.org/drivers/driver.php?id=nvhda64v.sys
http://www.carrona.org/drivers/driver.php?id=networx.sys
http://www.carrona.org/drivers/driver.php?id=LGVirHid.sys
http://www.carrona.org/drivers/driver.php?id=LGJoyXlCore.sys
http://www.carrona.org/drivers/driver.php?id=LGBusEnum.sys
http://www.carrona.org/drivers/driver.php?id=nvvad64v.sys
ladfGSS.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
http://www.carrona.org/drivers/driver.php?id=MpFilter.sys
http://www.carrona.org/drivers/driver.php?id=nvlddmkm.sys

XXXXX


Edited by usasma, 23 October 2016 - 05:15 AM.

My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#4 Skiizm

Skiizm
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 23 October 2016 - 05:53 AM

Thanks for that, how can I make the system legitimate if I buy a Win7 key? Someone set up my machine so I guess thats probably why, but I can easily buy a Win7 key. I just don't know how to apply it I guess.



#5 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:04:11 PM

Posted 24 October 2016 - 04:04 AM

https://miteshshah.github.io/windows/how-to-change-windows-7-product-key/


My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users