Jump to content
CompcoNate

Random BSODs - Seems to not be connected

Recommended Posts

Posted (edited)

Hello everyone,

I have a system here running a Ryzen 2600 and it is crashing. Ram checks out, drives are fine. No issues prior. Attached are the files requested. I will keep looking into things on my end, hopefully you guys can point me in the right direction. All seems fine. BSODs can happen when booting or just randomly while using system. 


What I have tried so far:
Verified drivers, reinstalled drivers, tried uninstalling latest windows update, memtest, prime 95, HDD testing, heaven benchmark running for a while. All looks fine. 

Windows 10 Pro 1909 64bit - Retail - Downloaded directly from microsoft
· x86 (32-bit) or x64 ?
Original OS was windows 10. 
Main hardware is less than a year old (Motherboard, processor, ram). Other parts are 2-4 years old (SSDs, HDD, PSU and video card)
Install is around 1 year. 
AMDRyzen 3600
EVGA GTX 1070
Gigabyte X570 Aorus Elite

Seasonic X760w 760W

System is a desktop
 

SysnativeFileCollectionApp.zip

Edited by CompcoNate

Share this post


Link to post
Share on other sites

@CompcoNate

If Malwarebytes Premium is installed it could be the web protection causing this.

Share this post


Link to post
Share on other sites

Really no kidding? What do I do to fix this? Disable web protection?

Share this post


Link to post
Share on other sites
2 minutes ago, CompcoNate said:

Disable web protection?

Since you a tech as well, I will say I am lucky to not have any clients with this issue.

 

If possible we would like to have a log from Malwarebytes as well.

Can you please follow the directions from the following KB article and post back your logs so that we can review

Upload Malwarebytes Support Tool logs manually

Solution, Disable web protection or,

You also have the option of reverting to an earlier component package version, which will allow you to keep Web Protection enabled.
You can download this from here: https://malwarebytes.box.com/s/z6cravnwptrzx5tyjw36jq6zt6c7apsx

Once installed, you will need to disable the two update options found in Settings -> General -> Application updates to prevent the product from updating back to the affected version.

I suggest using the following clean install guide.

Please do the following Uninstall and reinstall using the Malwarebytes Support Tool

Please have lots of patience with the tool.  The first phase is a cleanup and does require a Windows Restart.
After the Restart, it may take 2 - 3 - 4 minutes till the Support tool screen shows up.   Please be patient and have faith.  Wait for it, whatever it takes.
The 2nd phase is where it offers to do a new Install. Say no and use the download from my above link and install the old version and disable the update before you do anything else.

 Let me know if that clears up the issue or not.

Share this post


Link to post
Share on other sites

I just ran the logging stuff. Currently in the process of removing MBAM and installing the older client. 

mbst-grab-results.zip

Share this post


Link to post
Share on other sites

I would also be concerned with the following especally the last 2.

Quote

Quarantine Information
==================================
2020-04-30T02:55:47Z | D:\TempTorrents\X-Ways.WinHex.v18.4.Incl.Keymaker-ZWT\keygen.exe [file | RiskWare.Tool.CK]
2019-07-09T03:25:52Z | C:\Users\naaca\Desktop\Desktop\MGSR\MGR-PICKLES.EXE [file | Generic.Malware/Suspicious]
2020-03-17T05:29:04Z | C:\Users\naaca\Downloads\netpass\netpass.exe [file | Generic.Malware/Suspicious]
2020-04-05T00:56:08Z | C:\Users\naaca\Downloads\uTorrent.exe [file | PUP.Optional.BundleInstaller]
2020-01-04T04:18:19Z | C:\Users\naaca\AppData\Local\Temp\7zO489D1858\SimulatorSetup.exe [file | RiskWare.RansomSimulator]
2020-01-04T04:18:39Z | C:\Users\naaca\Desktop\SimulatorSetup.exe [file | RiskWare.RansomSimulator]
2020-03-29T08:07:11Z | C:\Users\naaca\Desktop\PCSX2\PCSX2-WideScreen-v1.0.5\WideScreen.exe [file | Malware.Heuristic.7]
2020-03-17T06:42:23Z | C:\$Recycle.Bin\S-1-5-21-739170217-1622852900-2357433632-1001\$RQ6UKG4\netpass.exe [file | Generic.Malware/Suspicious]
2020-03-17T06:42:23Z | C:\Users\naaca\Downloads\netpass.zip [file | Generic.Malware/Suspicious]
2020-04-16T09:27:11Z | C:\Users\naaca\AppData\Local\Temp\{73D911B0-2E28-4C36-80F2-CE2552844AE1}\{7F3AD00A-1819-4B15-BB7D-08B3586336D7}\AskInstallChecker.exe [file | PUP.Optional.ASK]
2020-01-04T04:20:05Z | C:\Users\naaca\AppData\Local\RSimulator\Starter.exe [file | RiskWare.RansomSimulator]
2020-01-04T04:20:18Z | C:\Users\naaca\AppData\Local\RSimulator\Collector.exe [file | RiskWare.RansomSimulator]
2020-03-24T06:44:34Z | C:\$Recycle.Bin\S-1-5-21-739170217-1622852900-2357433632-1001\$R8GJK0N.zip [file | Generic.Malware/Suspicious]
2020-03-24T06:44:34Z | C:\$Recycle.Bin\S-1-5-21-739170217-1622852900-2357433632-1001\$RY8HZOI.exe [file | Generic.Malware/Suspicious]
2020-04-05T00:59:13Z | C:\Users\naaca\Downloads\BitTorrent.exe [file | PUP.Optional.BundleInstaller]
2020-03-24T01:27:50Z | C:\Users\naaca\Downloads\mailpv.exe [file | Generic.Malware/Suspicious]
2020-04-04T23:55:25Z | C:\Users\naaca\Downloads\utweb_installer.exe [file | PUP.Optional.BundleInstaller]
2020-01-05T01:23:53Z | C:\Users\naaca\Desktop\SIMULATORSETUP.EXE [file | RiskWare.RansomSimulator]
2020-02-12T20:18:17Z | D:\Tools and Stuff\KMS Tools Portable 1.08.2019 - Ratiborus\Programs\KMSAuto Net 2016 v1.5.4 Portable\KMSAuto Net.exe [file | Generic.Malware/Suspicious]
2020-02-12T20:18:34Z | D:\Tools and Stuff\KMS Tools Portable 1.08.2019 - Ratiborus\Programs\KMSAuto Net 2016 v1.5.4 Portable\KMSAuto Net.exe [file | Generic.Malware/Suspicious]

 

Share this post


Link to post
Share on other sites
Posted (edited)

Yeah, I will have a conversation with the customer about those. I checked the Windows install, it is an actual genuine install. I have seen those last two before. They are for Windows cracks. The guy is running some VMs so maybe he used them in those. 

Edited by CompcoNate

Share this post


Link to post
Share on other sites
3 minutes ago, CompcoNate said:

Yeah, I will have a conversation with the customer about those. I checked the Windows install, it is an actual genuine install. 

Since I do not use or condone piracy I do not know if that is able to crack Office 365.

Also some clients are their own worst enemy.

Dont forget to turn off the updates right away on MB.

Also the user can not check for updates manually or it overrides the block settings.

 

2020-05-05_21h37_04.png

Share this post


Link to post
Share on other sites

Remember, I am just thinking MB has something to do with it. Were any of the blue screens related to mwac.sys?

Share this post


Link to post
Share on other sites
Posted (edited)

I had one that was related to the TCPIP.sys, not sure about the rest. 

As far as the updates, I got those turned off. Thanks again. 

And yeah, I am in the same boat with you there. Not exactly a big fan of piracy either. I took those files and put them into their own folder to have a conversation with the customer. The number of times I have seen people destroy their machines. haha. 

Either way, lets see if this stops it. 

Just a heads up:
2020-03-29T08:07:11Z | C:\Users\naaca\Desktop\PCSX2\PCSX2-WideScreen-v1.0.5\WideScreen.exe [file | Malware.Heuristic.7]
That is a false positive. It is for PCSX2, a playstation 2 emulator and that is to enable wide screen in PS2 games. The reason i know is because I use PCSX2 to play my old games  since my Playstation 2 died 2 years ago. 

Edited by CompcoNate

Share this post


Link to post
Share on other sites
2 minutes ago, CompcoNate said:

I had one that was related to the TCPIP.sys, not sure abotu the rest. 

Well after you downgrade and no BSOD's then you will know for sure. If not back to digging. I hate blue screens. I usually skip the hardware tests at first (except HD tests) and slap in my tester SSD and load Windows and see if the issues remain if not it a software issue and I start with the fresh install and reload data. Saves lots of hardware testing time since Windows 10 loads so fast on SSD.

Share this post


Link to post
Share on other sites
7 minutes ago, Porthos said:

Well after you downgrade and no BSOD's then you will know for sure. If not back to digging. I hate blue screens. I usually skip the hardware tests at first (except HD tests) and slap in my tester SSD and load Windows and see if the issues remain if not it a software issue and I start with the fresh install and reload data. Saves lots of hardware testing time since Windows 10 loads so fast on SSD.

Yeah I hear you. If this thing BSODs again I am going to do just that. My test SSD was fine. 

Share this post


Link to post
Share on other sites

Welp it crashed again. I am going to try taking the ram out of the system in the morning and see how it goes. I suspect it is the 2600 just being picky as hell. I know the first and second gen CPUs were picky sometimes. 3rd gen not so much. So maybe. 

Share this post


Link to post
Share on other sites

I am not a fan of Ryzen. I am an Intel person all the way. But we can pick client computers all of the time.

Share this post


Link to post
Share on other sites

Eh, AMD is doing some good work with those processors. The earlier ones had their issues. So far system seems to be stable. Thinking this has something to do with the ram upgrade he did. Still not 100% sure. Going to get more details from the guy. 

Share this post


Link to post
Share on other sites

So I ended up figuring out the issue. It was a compound of multiple problems:


Windows Update KB4959951 was the root cause. 

After uninstalling, found parts of Windows were damaged from the multiple BSODs. These further caused consistent BSODs, but were the same ones over and over again. 

After reinstalling windows, making sure the update was not installed, system continued to experience strange lockups and freezing during specific activities but were unique to issues with Ryzen 2600. Found a bios update that fixed this. 
 

Share this post


Link to post
Share on other sites
52 minutes ago, CompcoNate said:

Found a bios update that fixed this. 

Would have gone there along time ago.

 

Share this post


Link to post
Share on other sites
Posted (edited)
3 minutes ago, Porthos said:

Would have gone there along time ago.

 

Yeah the odd thing is the customers said things were fine till recently. So not sure what changed. Maybe the bios got corrupted partially or something?

Either way, every time I did something the pattern and type of BSODs changed until they became basically the same one. Then, after reinstalling windows I started experiencing the other issues. Bios update solved that. It was just weird at how many layers of the onion this thing hand. 

First an update and then windows being damaged. On top of that some oddball bios issues. Guess kinda how the windows blew. The guy was running the second to latest update as well. I think F10? F11 is the latest and only improves memory compatibility. 

Edited by CompcoNate

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.