Identical BSOD's on my two Win7 Machines (first system HTPC)

CommonCurt · November 6, 2017

Hi,

I've been getting BSOD's on two of my Win7 machines since about July. It seems to have started around the time that I upgraded to Malwarebytes 3.0, but I was never really sure because it was around that time that I did a Security Only windows update. Both systems of mine that are getting these sporadic BSOD's have Malwarebytes 3.+ and Microsoft Security Essentials. The BSOD's almost always happen around 7:30am - 8:00am. Which is the same time Malwarbytes does it's daily scan. The only thing I have been able to find out through "Who Crashed" is that it's a driver that is triggering the BSOD's (probably the IRST driver). "Who Crashed" says this is the case for both of my systems. I have tried every IRST update available, and still after a few days I wake up to one of my systems having been restarted because of a BSOD. I finally just went back to IRST version I had originally. Also, I have the most current BIOS available on both systems. Lastly, every few days (on both systems) I get some Event ID 2001 "Microsoft Antimalware has encountered an error trying to update signatures". Oh, and I already tried adding exclusions in both Malwarebytes & MSE.

I will make this thread about the first one which is my HTPC then open another thread for my other main Desktop. I didn't want to mention both systems in the same thread at first, but the problems/symptoms are exactly the same for both, and the BSOD's started happening at the same time.

Any help will be much appreciated. Thanks

perfmon report HTPC.zip

SysnativeFileCollectionApp.zip

Edited November 6, 2017 by CommonCurt

usasma · November 6, 2017

Late for work, will post more later.

Please start by running Driver Verifier according to these instructions: http://www.carrona.org/verifier.html

dump files blame iaStor.sys - the Intel storage controller driver. This is usually a pretty stable driver, so I wonder if there's another driver that's causing it to crash (hence the request for Driver Verifier)>

Also, please start with these free hardware diagnostics: http://www.carrona.org/hwdiag.html

CommonCurt · November 6, 2017

4 hours ago, usasma said:

Late for work, will post more later.

Please start by running Driver Verifier according to these instructions: http://www.carrona.org/verifier.html

dump files blame iaStor.sys - the Intel storage controller driver. This is usually a pretty stable driver, so I wonder if there's another driver that's causing it to crash (hence the request for Driver Verifier)>

Also, please start with these free hardware diagnostics: http://www.carrona.org/hwdiag.html

Hi, thanks for replying. I turned on Driver Verifier and rebooted. So far no BSOD's. I will post here if/when one happens.

The BSOD's have been almost always happening between 7:00am - 8:00am.

So Driver Verifier just keeps running in the background trying to see if it can trigger a BSOD?

I made another post regarding another PC of mine that is having the same exact issues that started around the same time. Only difference is that the BSOD's are a little more frequent on my other PC. Should I run Driver Verifier on that one as well?

Edited November 6, 2017 by CommonCurt

usasma · November 6, 2017

Yes (posting from work). Will give more info later on today/tomorrow AM

EDIT: Yes, it keeps running in the background until it causes a BSOD. And Yes, please run it on the other computer.

Most likely a driver issue, but the line between hardware and software is a bit fuzzy (so I also asked for the hardware diags).

Edited November 6, 2017 by usasma

usasma · November 7, 2017

OK, here's the full analysis....

No systeminfo.txt report, so I can't tell how many Windows Updates you have. Please double check for any new Windows Updates. It only takes one update to cause a problem, so it's essential that you have all of them. The actual number is not important. Rather it's important that you checked manually, installed any available updates, and didn't experience any errors when checking or updating.

Your UEFI/BIOS (version 1.11) dates from 2013. Please check at the manufacturer's website to see if there are any UEFI/BIOS updates available for your system. If you are able to install the update through Windows (without booting from an external drive), then go ahead and update it. WARNING - if the computer might shut down during this procedure, please don't do it, as this may physically damage the computer and prevent it from booting.
FYI - W8 and W10 communicate more with the UEFI/BIOS than previous versions of Windows, so it's important to ensure that the UEFI/BIOS is kept up to date (and the outdated UEFI/BIOS' may be the cause of some compatibility issues). This is not as critical for W7, but you should at least check to see what fixes are available.

You have an ASUS USB-N53 802.11a/b/g/n Network Adapter

Quote

I do not recommend using wireless USB network devices.

These wireless USB devices have many issues with Win7 and later systems - using older drivers with them is almost certain to cause a BSOD.
Should you want to keep using these devices, be sure to have the latest W7/8/8.1/10 drivers - DO NOT use older drivers!!!
An installable wireless PCI/PCIe card that's plugged into your motherboard is much more robust, reliable, and powerful.

The device is disabled, but this does not stop the drivers from loading when Windows boots up. I would suggest uninstalling the software for this device and physically removing it from the system (at least while we're testing).

As stated earlier, the dump files all blame iaStor.sys (actually iaStorA.sys). This is a driver for the storage controller that controls your drives on the system.
The possibilities are (in no particular order):
- hardware problems
- iaStorA.sys problems
- other driver problems
Driver Verifier will help to see if there are other driver problems and the hardware diagnostics will help to see if there's a hardware issue.
For the iaStorA.sys problems, have a look at this procedure: https://answers.microsoft.com/en-us/windows/wiki/windows_7-hardware/uninstalling-the-intelr-rapid-storage-technology/e3c4b6d6-56ba-4ac5-be50-89843c9d9b22?auth=1

Please update these older drivers. Links are provided in order to assist you with looking up the source of the drivers.
If unable to find an update, please uninstall the program that is responsible for that driver.

DO NOT manually delete/rename the driver as it may make the system unbootable!!!:

WinRing0x64.sys              Sat Jul 26 09:29:37 2008 (488B26C1) - Please UNINSTALL this one
many different programs that center around the using of the WinRing libraries (RealTemp, Corsair Link2 (known BSOD issues w/Win8), Razer GameBooster, Intel Processor Diagnostic Tool, Fusiontweaker (Google Code), etc) OEM - none at http://www.python.org/emacs/winring/
http://www.carrona.org/drivers/driver.php?id=WinRing0x64.sys

NTIOLib_X64.sys              Wed Oct 20 02:45:49 2010 (4CBE901D) - Please UNINSTALL this one
MSI Afterburner driver (known BSOD issues with Windows) Also found to be a part of MSI Live Update 5, MSI Super Charger & MSI Smart Utilities.[br]    [br] Recently (Nov 2014) there have been numerous instances of this driver in memory dumps. Analysis reveals that they are scattered throughout the filesystem by the installed MSI command utilities. For now I suggest uninstalling them all. http://event.msi.com/vga/afterburner/download.htm
http://www.carrona.org/drivers/driver.php?id=NTIOLib_X64.sys

Analysis:
The following is for information purposes only.
The following information contains the relevant information from the blue screen analysis:
**************************Sun Nov 5 07:43:04.546 2017 (UTC - 5:00)**************************
Loading Dump File [C:\Users\john\SysnativeBSODApps\110517-7472-01.dmp]
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Built by: 7601.23915.amd64fre.win7sp1_ldr.170913-0600
System Uptime:6 days 7:01:02.506
*** WARNING: Unable to verify timestamp for iaStorA.sys
*** ERROR: Module load completed but symbols could not be loaded for iaStorA.sys
Probably caused by :iaStorA.sys ( iaStorA+870a8 )
BugCheck D1, {10, 2, 1, fffff880013110a8}
BugCheck Info: DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
Arguments:
Arg1: 0000000000000010, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, value 0 = read operation, 1 = write operation
Arg4: fffff880013110a8, address which referenced memory
BUGCHECK_STR: 0xD1
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
PROCESS_NAME: System
FAILURE_BUCKET_ID: X64_0xD1_iaStorA+870a8
CPUID:        "Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz"
MaxSpeed:     3400
CurrentSpeed: 3392
BIOS Version                  V1.11
BIOS Release Date             10/24/2013
Manufacturer                  MSI
Product Name                  MS-7759
Baseboard Product             Z77MA-G45 (MS-7759)
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Fri Oct 20 06:32:25.672 2017 (UTC - 5:00)**************************
Loading Dump File [C:\Users\john\SysnativeBSODApps\102017-7534-01.dmp]
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Built by: 7601.23889.amd64fre.win7sp1_ldr.170810-1615
System Uptime:6 days 18:18:44.253
*** WARNING: Unable to verify timestamp for iaStorA.sys
*** ERROR: Module load completed but symbols could not be loaded for iaStorA.sys
Probably caused by :iaStorA.sys ( iaStorA+870a8 )
BugCheck D1, {10, 2, 1, fffff880013220a8}
BugCheck Info: DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
Arguments:
Arg1: 0000000000000010, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, value 0 = read operation, 1 = write operation
Arg4: fffff880013220a8, address which referenced memory
BUGCHECK_STR: 0xD1
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
PROCESS_NAME: System
FAILURE_BUCKET_ID: X64_0xD1_iaStorA+870a8
CPUID:        "Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz"
MaxSpeed:     3400
CurrentSpeed: 3392
BIOS Version                  V1.11
BIOS Release Date             10/24/2013
Manufacturer                  MSI
Product Name                  MS-7759
Baseboard Product             Z77MA-G45 (MS-7759)
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Tue Oct 10 06:34:24.922 2017 (UTC - 5:00)**************************
Loading Dump File [C:\Users\john\SysnativeBSODApps\101017-8283-01.dmp]
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Built by: 7601.23889.amd64fre.win7sp1_ldr.170810-1615
System Uptime:6 days 6:44:58.750
*** WARNING: Unable to verify timestamp for iaStorA.sys
*** ERROR: Module load completed but symbols could not be loaded for iaStorA.sys
Probably caused by :iaStorA.sys ( iaStorA+870a8 )
BugCheck D1, {10, 2, 1, fffff880013630a8}
BugCheck Info: DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
Arguments:
Arg1: 0000000000000010, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, value 0 = read operation, 1 = write operation
Arg4: fffff880013630a8, address which referenced memory
BUGCHECK_STR: 0xD1
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
PROCESS_NAME: System
FAILURE_BUCKET_ID: X64_0xD1_iaStorA+870a8
CPUID:        "Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz"
MaxSpeed:     3400
CurrentSpeed: 3392
BIOS Version                  V1.11
BIOS Release Date             10/24/2013
Manufacturer                  MSI
Product Name                  MS-7759
Baseboard Product             Z77MA-G45 (MS-7759)
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
The rest of the memory dump summaries are hidden in the Spoiler tag below. Click on "Show" to reveal them.

**************************Mon Oct 2 06:31:04.526 2017 (UTC - 5:00)**************************
Loading Dump File [C:\Users\john\SysnativeBSODApps\100217-7456-01.dmp]
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Built by: 7601.23864.amd64fre.win7sp1_ldr.170707-0600
System Uptime:6 days 19:07:05.251
*** WARNING: Unable to verify timestamp for iaStorA.sys
*** ERROR: Module load completed but symbols could not be loaded for iaStorA.sys
Probably caused by :iaStorA.sys ( iaStorA+870a8 )
BugCheck D1, {10, 2, 1, fffff8800132a0a8}
BugCheck Info: DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
Arguments:
Arg1: 0000000000000010, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, value 0 = read operation, 1 = write operation
Arg4: fffff8800132a0a8, address which referenced memory
BUGCHECK_STR: 0xD1
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
PROCESS_NAME: System
FAILURE_BUCKET_ID: X64_0xD1_iaStorA+870a8
CPUID:        "Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz"
MaxSpeed:     3400
CurrentSpeed: 3392
BIOS Version                  V1.11
BIOS Release Date             10/24/2013
Manufacturer                  MSI
Product Name                  MS-7759
Baseboard Product             Z77MA-G45 (MS-7759)
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Thu Sep 21 06:37:19.860 2017 (UTC - 5:00)**************************
Loading Dump File [C:\Users\john\SysnativeBSODApps\092117-7394-01.dmp]
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Built by: 7601.23864.amd64fre.win7sp1_ldr.170707-0600
System Uptime:7 days 21:12:09.756
*** WARNING: Unable to verify timestamp for iaStorA.sys
*** ERROR: Module load completed but symbols could not be loaded for iaStorA.sys
Probably caused by :iaStorA.sys ( iaStorA+870a8 )
BugCheck D1, {10, 2, 1, fffff880012c30a8}
BugCheck Info: DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
Arguments:
Arg1: 0000000000000010, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, value 0 = read operation, 1 = write operation
Arg4: fffff880012c30a8, address which referenced memory
BUGCHECK_STR: 0xD1
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
PROCESS_NAME: System
FAILURE_BUCKET_ID: X64_0xD1_iaStorA+870a8
CPUID:        "Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz"
MaxSpeed:     3400
CurrentSpeed: 3392
BIOS Version                  V1.11
BIOS Release Date             10/24/2013
Manufacturer                  MSI
Product Name                  MS-7759
Baseboard Product             Z77MA-G45 (MS-7759)
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Fri Sep 1 06:33:26.757 2017 (UTC - 5:00)**************************
Loading Dump File [C:\Users\john\SysnativeBSODApps\090117-7456-01.dmp]
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Built by: 7601.23807.amd64fre.win7sp1_ldr.170512-0600
System Uptime:11 days 12:19:44.800
*** WARNING: Unable to verify timestamp for iaStorA.sys
*** ERROR: Module load completed but symbols could not be loaded for iaStorA.sys
Probably caused by :iaStorA.sys ( iaStorA+870a8 )
BugCheck D1, {10, 2, 1, fffff880012e40a8}
BugCheck Info: DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
Arguments:
Arg1: 0000000000000010, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, value 0 = read operation, 1 = write operation
Arg4: fffff880012e40a8, address which referenced memory
BUGCHECK_STR: 0xD1
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
PROCESS_NAME: System
FAILURE_BUCKET_ID: X64_0xD1_iaStorA+870a8
CPUID:        "Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz"
MaxSpeed:     3400
CurrentSpeed: 3392
BIOS Version                  V1.11
BIOS Release Date             10/24/2013
Manufacturer                  MSI
Product Name                  MS-7759
Baseboard Product             Z77MA-G45 (MS-7759)
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Fri Aug 18 06:28:19.928 2017 (UTC - 5:00)**************************
Loading Dump File [C:\Users\john\SysnativeBSODApps\081817-8283-01.dmp]
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Built by: 7601.23807.amd64fre.win7sp1_ldr.170512-0600
System Uptime:11 days 21:19:50.756
*** WARNING: Unable to verify timestamp for iaStorA.sys
*** ERROR: Module load completed but symbols could not be loaded for iaStorA.sys
Probably caused by :iaStorA.sys ( iaStorA+870a8 )
BugCheck D1, {10, 2, 1, fffff880012ab0a8}
BugCheck Info: DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
Arguments:
Arg1: 0000000000000010, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, value 0 = read operation, 1 = write operation
Arg4: fffff880012ab0a8, address which referenced memory
BUGCHECK_STR: 0xD1
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
PROCESS_NAME: System
FAILURE_BUCKET_ID: X64_0xD1_iaStorA+870a8
CPUID:        "Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz"
MaxSpeed:     3400
CurrentSpeed: 3392
BIOS Version                  V1.11
BIOS Release Date             10/24/2013
Manufacturer                  MSI
Product Name                  MS-7759
Baseboard Product             Z77MA-G45 (MS-7759)
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Mon Jul 24 06:35:52.546 2017 (UTC - 5:00)**************************
Loading Dump File [C:\Users\john\SysnativeBSODApps\072417-8283-01.dmp]
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Built by: 7601.23807.amd64fre.win7sp1_ldr.170512-0600
System Uptime:11 days 5:57:36.780
*** WARNING: Unable to verify timestamp for iaStorA.sys
*** ERROR: Module load completed but symbols could not be loaded for iaStorA.sys
Probably caused by :iaStorA.sys ( iaStorA+877b8 )
BugCheck D1, {10, 2, 1, fffff880012f27b8}
BugCheck Info: DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
Arguments:
Arg1: 0000000000000010, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, value 0 = read operation, 1 = write operation
Arg4: fffff880012f27b8, address which referenced memory
BUGCHECK_STR: 0xD1
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
PROCESS_NAME: System
FAILURE_BUCKET_ID: X64_0xD1_iaStorA+877b8
CPUID:        "Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz"
MaxSpeed:     3400
CurrentSpeed: 3392
BIOS Version                  V1.11
BIOS Release Date             10/24/2013
Manufacturer                  MSI
Product Name                  MS-7759
Baseboard Product             Z77MA-G45 (MS-7759)
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``

3rd Party Drivers:
The following is for information purposes only.
My recommendations were given above. The drivers that follow belong to software or devices that were not developed by Microsoft. You can find links to the driver information and where to update the drivers in the section after the code box:

**************************Sun Nov  5 07:43:04.546 2017 (UTC - 5:00)**************************
MpKslbb0e039c.sys            Mon Feb 27 20:54:41 1989 (2409FBE1)
WinRing0x64.sys              Sat Jul 26 09:29:37 2008 (488B26C1)
intelppm.sys                 Mon Jul 13 19:19:25 2009 (4A5BC0FD)
MBfilt64.sys                 Thu Jul 30 23:40:32 2009 (4A7267B0)
amdxata.sys                  Fri Mar 19 12:18:18 2010 (4BA3A3CA)
NTIOLib_X64.sys              Wed Oct 20 02:45:49 2010 (4CBE901D)
vstor2-mntapi10-shared.sys   Tue Jul 12 12:35:21 2011 (4E1C77C9)
Rt64win7.sys                 Thu Feb 16 00:39:50 2012 (4F3C96A6)
vmci.sys                     Mon Apr 30 21:14:27 2012 (4F9F38F3)
vsock.sys                    Mon Apr 30 21:15:24 2012 (4F9F392C)
VMNET.SYS                    Sun Jul  8 03:58:34 2012 (4FF93DAA)
vmnetadapter.sys             Sun Jul  8 03:58:35 2012 (4FF93DAB)
vmnetbridge.sys              Sun Jul  8 03:59:19 2012 (4FF93DD7)
hcmon.sys                    Wed Aug  1 20:10:29 2012 (5019C575)
vmnetuserif.sys              Wed Aug 15 16:31:54 2012 (502C073A)
vmx86.sys                    Wed Aug 15 18:05:11 2012 (502C1D17)
RTKVHD64.sys                 Tue Sep 25 08:06:24 2012 (50619E40)
ISCTD64.sys                  Tue Nov 27 14:52:34 2012 (50B51A02)
HECIx64.sys                  Mon Dec 17 14:32:21 2012 (50CF7345)
iocbios2.sys                 Mon Jan  7 12:53:11 2013 (50EB0B87)
ICCWDT.sys                   Wed Jan 23 03:46:01 2013 (50FFA349)
iusb3hub.sys                 Fri Feb 22 07:33:42 2013 (512765A6)
iusb3xhc.sys                 Fri Feb 22 07:33:45 2013 (512765A9)
iusb3hcs.sys                 Fri Feb 22 07:36:29 2013 (5127664D)
ElbyCDIO.sys                 Mon Mar  4 04:21:51 2013 (513467AF)
VClone.sys                   Sun Mar 10 20:49:12 2013 (513D2A08)
cpuz136_x64.sys              Fri May 10 08:42:51 2013 (518CEB4B)
iaStorA.sys                  Mon Oct 28 17:15:26 2013 (526ED3EE)
iaStorF.sys                  Mon Oct 28 17:15:28 2013 (526ED3F0)
MpFilter.sys                 Mon Aug  8 19:01:17 2016 (57A90F3D)
mbae64.sys                   Wed Jan 11 12:08:00 2017 (58766670)
nvhda64v.sys                 Tue May 16 09:02:27 2017 (591AF863)
nvlddmkm.sys                 Wed Aug  9 17:54:13 2017 (598B8485)
farflt.sys                   Tue Sep  5 19:44:07 2017 (59AF36C7)
mbam.sys                     Wed Sep  6 08:40:25 2017 (59AFECB9)
mwac.sys                     Thu Sep  7 12:04:06 2017 (59B16DF6)
mbamswissarmy.sys            Fri Sep 22 09:27:25 2017 (59C50FBD)
MbamChameleon.sys            Mon Sep 25 17:29:08 2017 (59C97524)
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Fri Oct 20 06:32:25.672 2017 (UTC - 5:00)**************************
MpKsl2de99003.sys            Mon Feb 27 20:54:41 1989 (2409FBE1)
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Tue Oct 10 06:34:24.922 2017 (UTC - 5:00)**************************
MpKsl5a4ea858.sys            Mon Feb 27 20:54:41 1989 (2409FBE1)
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Mon Oct  2 06:31:04.526 2017 (UTC - 5:00)**************************
MpKslc8ffd135.sys            Mon Feb 27 20:54:41 1989 (2409FBE1)
mbam.sys                     Wed Jun  7 10:26:58 2017 (59380D32)
farflt.sys                   Thu Jun 29 15:47:33 2017 (59555955)
MBAMSwissArmy.sys            Mon Jul 17 17:14:48 2017 (596D28C8)
mwac.sys                     Thu Aug  3 10:43:39 2017 (5983369B)
MBAMChameleon.sys            Mon Aug  7 17:35:52 2017 (5988DD38)
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Thu Sep 21 06:37:19.860 2017 (UTC - 5:00)**************************
MpKsl33435d3f.sys            Tue May 19 21:50:37 2015 (555BE86D)
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Fri Sep  1 06:33:26.757 2017 (UTC - 5:00)**************************
MpKsl46af9cbf.sys            Tue May 19 21:50:37 2015 (555BE86D)
mbae64.sys                   Fri Apr 29 06:10:09 2016 (57233301)
MBAMSwissArmy.sys            Fri Jun  2 16:46:01 2017 (5931CE89)
farflt.sys                   Wed Jun 14 09:21:34 2017 (5941385E)
mwac.sys                     Tue Jun 20 13:52:56 2017 (594960F8)
MBAMChameleon.sys            Tue Jun 27 14:22:06 2017 (5952A24E)
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Fri Aug 18 06:28:19.928 2017 (UTC - 5:00)**************************
MpKsl04ad0265.sys            Tue May 19 21:50:37 2015 (555BE86D)
nvhda64v.sys                 Wed Mar 15 08:48:41 2017 (58C93829)
nvlddmkm.sys                 Mon May  1 15:58:03 2017 (5907934B)
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Mon Jul 24 06:35:52.546 2017 (UTC - 5:00)**************************
iaStorA.sys                  Thu Aug  1 21:39:52 2013 (51FB0DE8)
iaStorF.sys                  Thu Aug  1 21:39:54 2013 (51FB0DEA)
MpKslbc6e01c1.sys            Tue May 19 21:50:37 2015 (555BE86D)

Edited November 7, 2017 by usasma

CommonCurt · November 15, 2017

Still running Driver Verifier on this system as there's still not been a BSOD yet. This system doesn't get them quite as often as my main system. Sometimes it can take more then days for a BSOD to be triggered.

I've also deleted the RealTemp folder just like the my other system.

CommonCurt · November 17, 2017

Okay, finally had a BSOD on this system when I woke up this morning. It looks like it's saying that it's iaStor.sys again just like the other system.

I went ahead and turned off Driver Verifier on this one now, but I didn't get another BSOD like on the other system during the restart.

The funny thing is that I had already deleted the RealTemp folder from this system about 2 days ago.

Guess I'll start disabling the Malwarebytes live protections now.

111717-13993-01.zip

usasma · November 18, 2017

There's no conclusive evidence of what's to blame here. I'm picking out the stuff that looks suspect and having you try that first.
Initially I suspected that these crashes were caused by the same thing on both systems.
Now I have to wonder if that is the case.

So, let's try by uninstalling the program that uses the NTIOLib_X64.sys driver
In this case the driver that was blamed was associated with the MSI Live Update program
I suggest uninstalling it for now - and reinstalling it AFTER we've finished troubleshooting if you'd like to keep it.
BUT!!! MSI uses this driver in many different locations throughout the system - so a search of the system should reveal several MSI programs that use it.
To keep us from having to hunt it down every time - I'd suggest uninstalling each of the programs for now (you can reinstall them later on).

I'd also either disable the MBAM ransomware component - or disable MBAM from loading and test to see if that helps stop the BSOD.

Please disable Driver Verifier:

1. Open verifier.exe (use the Run dialog)

2. Click on "Delete existing settings"
3. Click on "Finish" in the lower right corner of the verifier window
4. Reboot for the changes to take effect.

Analysis:
The following is for information purposes only.
The following information contains the relevant information from the blue screen analysis:
**************************Fri Nov 17 07:28:04.529 2017 (UTC - 5:00)**************************
Loading Dump File [C:\Users\john\SysnativeBSODApps\111717-13993-01.dmp]
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Built by: 7601.23915.amd64fre.win7sp1_ldr.170913-0600
System Uptime:8 days 6:24:26.501
*** WARNING: Unable to verify timestamp for iaStorA.sys
*** ERROR: Module load completed but symbols could not be loaded for iaStorA.sys
Probably caused by :iaStorA.sys ( iaStorA+870a8 )
BugCheck D1, {10, 2, 1, fffff880012b10a8}
BugCheck Info: DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
Arguments:
Arg1: 0000000000000010, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, value 0 = read operation, 1 = write operation
Arg4: fffff880012b10a8, address which referenced memory
BUGCHECK_STR: 0xD1
DEFAULT_BUCKET_ID: VERIFIER_ENABLED_VISTA_MINIDUMP
PROCESS_NAME: System
FAILURE_BUCKET_ID: X64_0xD1_VRF_iaStorA+870a8
CPUID:        "Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz"
MaxSpeed:     3400
CurrentSpeed: 3392
BIOS Version                  V1.11
BIOS Release Date             10/24/2013
Manufacturer                  MSI
Product Name                  MS-7759
Baseboard Product             Z77MA-G45 (MS-7759)
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``

3rd Party Drivers:
The following is for information purposes only.
My recommendations were given above. The drivers that follow belong to software or devices that were not developed by Microsoft. You can find links to the driver information and where to update the drivers in the section after the code box:
**************************Fri Nov 17 07:28:04.529 2017 (UTC - 5:00)**************************
MpKsl1d3c93db.sys            Mon Feb 27 20:54:41 1989 (2409FBE1)
intelppm.sys                 Mon Jul 13 19:19:25 2009 (4A5BC0FD)
MBfilt64.sys                 Thu Jul 30 23:40:32 2009 (4A7267B0)
amdxata.sys                  Fri Mar 19 12:18:18 2010 (4BA3A3CA)
NTIOLib_X64.sys              Wed Oct 20 02:45:49 2010 (4CBE901D)
ALSysIO64.sys                Sat Jul 9 20:27:45 2011 (4E18F201)
vstor2-mntapi10-shared.sys   Tue Jul 12 12:35:21 2011 (4E1C77C9)
Rt64win7.sys                 Thu Feb 16 00:39:50 2012 (4F3C96A6)
vmci.sys                     Mon Apr 30 21:14:27 2012 (4F9F38F3)
vsock.sys                    Mon Apr 30 21:15:24 2012 (4F9F392C)
VMNET.SYS                    Sun Jul 8 03:58:34 2012 (4FF93DAA)
vmnetadapter.sys             Sun Jul 8 03:58:35 2012 (4FF93DAB)
vmnetbridge.sys              Sun Jul 8 03:59:19 2012 (4FF93DD7)
hcmon.sys                    Wed Aug 1 20:10:29 2012 (5019C575)
vmnetuserif.sys              Wed Aug 15 16:31:54 2012 (502C073A)
vmx86.sys                    Wed Aug 15 18:05:11 2012 (502C1D17)
RTKVHD64.sys                 Tue Sep 25 08:06:24 2012 (50619E40)
ISCTD64.sys                  Tue Nov 27 14:52:34 2012 (50B51A02)
HECIx64.sys                  Mon Dec 17 14:32:21 2012 (50CF7345)
iocbios2.sys                 Mon Jan 7 12:53:11 2013 (50EB0B87)
ICCWDT.sys                   Wed Jan 23 03:46:01 2013 (50FFA349)
iusb3hub.sys                 Fri Feb 22 07:33:42 2013 (512765A6)
iusb3xhc.sys                 Fri Feb 22 07:33:45 2013 (512765A9)
iusb3hcs.sys                 Fri Feb 22 07:36:29 2013 (5127664D)
ElbyCDIO.sys                 Mon Mar 4 04:21:51 2013 (513467AF)
VClone.sys                   Sun Mar 10 20:49:12 2013 (513D2A08)
cpuz136_x64.sys              Fri May 10 08:42:51 2013 (518CEB4B)
iaStorA.sys                  Mon Oct 28 17:15:26 2013 (526ED3EE)
iaStorF.sys                  Mon Oct 28 17:15:28 2013 (526ED3F0)
MpFilter.sys                 Mon Aug 8 19:01:17 2016 (57A90F3D)
mbae64.sys                   Wed Jan 11 12:08:00 2017 (58766670)
nvhda64v.sys                 Tue May 16 09:02:27 2017 (591AF863)
nvlddmkm.sys                 Wed Aug 9 17:54:13 2017 (598B8485)
farflt.sys                   Tue Sep 5 19:44:07 2017 (59AF36C7)
mwac.sys                     Thu Sep 7 12:04:06 2017 (59B16DF6)
mbam.sys                     Thu Oct 12 11:23:13 2017 (59DF88E1)
mbamswissarmy.sys            Fri Oct 13 14:58:51 2017 (59E10CEB)
MbamChameleon.sys            Mon Oct 30 12:34:36 2017 (59F7549C)

CommonCurt · November 20, 2017

Okay, I uninstalled all MSI programs that I could see.

Also, Malwarebytes Ransomware was already turned off.

I went ahead and turned off Malwarebytes Exploit Protection just now to see if it might make a difference.

usasma · November 21, 2017

Copied from the other system's post:

While waiting for the BSOD from Driver Verifier, the next step is to start comparing the dumps from both systems looking for the same files in each.
This is the most likely way to find the offending driver - but it's not a 100% certain solution (for example, if the offending driver has exited already, it won't show up in the dumps).=
This also presumes that the cause of the crashes is the same for each system (if it's not, we'd have to expand the driver list to include all drivers listed in each ).

Here's the list (those with different versions aren't as likely to be to blame as those with the same version):

2nd system                                                                                            1st system
amdxata.sys Fri Mar 19 12:18:18 2010 (4BA3A3CA)               amdxata.sys Fri Mar 19 12:18:18 2010 (4BA3A3CA)
cpuz136_x64.sys Fri May 10 08:42:51 2013 (518CEB4B)           cpuz136_x64.sys Fri May 10 08:42:51 2013 (518CEB4B)
ElbyCDIO.sys Wed Dec 17 18:30:51 2014 (5492122B)              ElbyCDIO.sys Mon Mar 4 04:21:51 2013 (513467AF)                       Different version
iaStorA.sys Thu Aug 1 21:39:52 2013 (51FB0DE8)                    iaStorA.sys Mon Oct 28 17:15:26 2013 (526ED3EE)                       Different version
iaStorF.sys Thu Aug 1 21:39:54 2013 (51FB0DEA)   iaStorF.sys Mon Oct 28 17:15:28 2013 (526ED3F0)                       Different version
iusb3hcs.sys Mon May 21 03:23:42 2012 (4FB9ED7E)               iusb3hcs.sys Fri Feb 22 07:36:29 2013 (5127664D)                       Different version
iusb3hub.sys Mon May 21 03:21:36 2012 (4FB9ED00)               iusb3hub.sys Fri Feb 22 07:33:42 2013 (512765A6)                       Different version
iusb3xhc.sys Mon May 21 03:21:40 2012 (4FB9ED04)               iusb3xhc.sys Fri Feb 22 07:33:45 2013 (512765A9)                       Different version
mbae64.sys Wed Jan 11 12:08:00 2017 (58766670)                 mbae64.sys Wed Jan 11 12:08:00 2017 (58766670)
mbam.sys Thu Oct 12 11:23:13 2017 (59DF88E1)                    mbam.sys Thu Oct 12 11:23:13 2017 (59DF88E1)
MbamChameleon.sys Mon Oct 30 12:34:36 2017 (59F7549C)        MbamChameleon.sys Mon Oct 30 12:34:36 2017 (59F7549C)
mbamswissarmy.sys Fri Oct 13 14:58:51 2017 (59E10CEB)             mbamswissarmy.sys Fri Oct 13 14:58:51 2017 (59E10CEB)
MBfilt64.sys Thu Jul 30 23:40:32 2009 (4A7267B0)                      MBfilt64.sys Thu Jul 30 23:40:32 2009 (4A7267B0)
MpFilter.sys Mon Aug 8 19:01:17 2016 (57A90F3D)                      MpFilter.sys Mon Aug 8 19:01:17 2016 (57A90F3D)
mwac.sys Thu Sep 7 12:04:06 2017 (59B16DF6)                        mwac.sys Thu Sep 7 12:04:06 2017 (59B16DF6)
nvhda64v.sys Tue May 16 09:02:27 2017 (591AF863)                   nvhda64v.sys Tue May 16 09:02:27 2017 (591AF863)
nvlddmkm.sys Tue Jun 27 16:00:30 2017 (5952B95E)                   nvlddmkm.sys Wed Aug 9 17:54:13 2017 (598B8485)                       Different version
RTKVHD64.sys Wed Dec 10 02:53:17 2014 (5487FBED)                RTKVHD64.sys Tue Sep 25 08:06:24 2012 (50619E40)                       Different version
VClone.sys Sat Jan 15 11:21:04 2011 (4D31C970)                        VClone.sys Sun Mar 10 20:49:12 2013 (513D2A08)                       Different version

CommonCurt · December 8, 2017

Finally had another BSOD on this system.

120717-8236-01.zip

usasma · December 9, 2017

Analysis:
The following is for information purposes only.
The following information contains the relevant information from the blue screen analysis:
**************************Thu Dec 7 07:40:07.430 2017 (UTC - 5:00)**************************
Loading Dump File [C:\Users\john\SysnativeBSODApps\120717-8236-01.dmp]
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Built by: 7601.23915.amd64fre.win7sp1_ldr.170913-0600
System Uptime:6 days 5:21:58.258
*** WARNING: Unable to verify timestamp for iaStorA.sys
*** ERROR: Module load completed but symbols could not be loaded for iaStorA.sys
Probably caused by :iaStorA.sys ( iaStorA+870a8 )
BugCheck D1, {10, 2, 1, fffff880012dc0a8}
BugCheck Info: DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
Arguments:
Arg1: 0000000000000010, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, value 0 = read operation, 1 = write operation
Arg4: fffff880012dc0a8, address which referenced memory
BUGCHECK_STR: 0xD1
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
PROCESS_NAME: System
FAILURE_BUCKET_ID: X64_0xD1_iaStorA+870a8
CPUID: "Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz"
MaxSpeed: 3400
CurrentSpeed: 3392
BIOS Version V1.11
BIOS Release Date 10/24/2013
Manufacturer MSI
Product Name MS-7759
Baseboard Product Z77MA-G45 (MS-7759)

3rd Party Drivers:
The following is for information purposes only.
My recommendations were given above. The drivers that follow belong to software or devices that were not developed by Microsoft. You can find links to the driver information and where to update the drivers in the section after the code box:
**************************Thu Dec 7 07:40:07.430 2017 (UTC - 5:00)**************************
MpKsl175451fe.sys Mon Feb 27 20:54:41 1989 (2409FBE1)
intelppm.sys Mon Jul 13 19:19:25 2009 (4A5BC0FD)
MBfilt64.sys Thu Jul 30 23:40:32 2009 (4A7267B0)
amdxata.sys Fri Mar 19 12:18:18 2010 (4BA3A3CA)
vstor2-mntapi10-shared.sys Tue Jul 12 12:35:21 2011 (4E1C77C9)
Rt64win7.sys Thu Feb 16 00:39:50 2012 (4F3C96A6)
vmci.sys Mon Apr 30 21:14:27 2012 (4F9F38F3)
vsock.sys Mon Apr 30 21:15:24 2012 (4F9F392C)
VMNET.SYS Sun Jul 8 03:58:34 2012 (4FF93DAA)
vmnetadapter.sys Sun Jul 8 03:58:35 2012 (4FF93DAB)
vmnetbridge.sys Sun Jul 8 03:59:19 2012 (4FF93DD7)
hcmon.sys Wed Aug 1 20:10:29 2012 (5019C575)
vmnetuserif.sys Wed Aug 15 16:31:54 2012 (502C073A)
vmx86.sys Wed Aug 15 18:05:11 2012 (502C1D17)
RTKVHD64.sys Tue Sep 25 08:06:24 2012 (50619E40)
ISCTD64.sys Tue Nov 27 14:52:34 2012 (50B51A02)
HECIx64.sys Mon Dec 17 14:32:21 2012 (50CF7345)
iusb3hub.sys Fri Feb 22 07:33:42 2013 (512765A6)
iusb3xhc.sys Fri Feb 22 07:33:45 2013 (512765A9)
iusb3hcs.sys Fri Feb 22 07:36:29 2013 (5127664D)
ElbyCDIO.sys Mon Mar 4 04:21:51 2013 (513467AF)
VClone.sys Sun Mar 10 20:49:12 2013 (513D2A08)
cpuz136_x64.sys Fri May 10 08:42:51 2013 (518CEB4B)
iaStorA.sys Mon Oct 28 17:15:26 2013 (526ED3EE)
iaStorF.sys Mon Oct 28 17:15:28 2013 (526ED3F0)
MpFilter.sys Mon Aug 8 19:01:17 2016 (57A90F3D)
nvhda64v.sys Tue May 16 09:02:27 2017 (591AF863)
nvlddmkm.sys Wed Aug 9 17:54:13 2017 (598B8485)
mwac.sys Thu Sep 7 12:04:06 2017 (59B16DF6)
mbam.sys Thu Oct 12 11:23:13 2017 (59DF88E1)
mbamswissarmy.sys Fri Oct 13 14:58:51 2017 (59E10CEB)
MbamChameleon.sys Mon Oct 30 12:34:36 2017 (59F7549C)

Same BSOD, different day

Just for the heck of it, could you uninstall MalwareBytes and see if that helps?

CommonCurt · December 12, 2017

Yeah, when I get some time in the next day or two I will uninstall it and see what happens.

Identical BSOD's on my two Win7 Machines (first system HTPC)

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Create an account or sign in to comment

Create an account

Sign in

Recently Browsing 0 members

Important Information