Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Blue Screen Nightmare


  • This topic is locked This topic is locked
5 replies to this topic

#1 aklaide

aklaide

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 30 April 2010 - 07:06 AM

Hello!

I'm a new bee.

My computer got infected recently, I successfully got rid of the virus however I now have this blue screen problem.

I followed the instructions from the post and the dump file analysis report is below:

My laptop is a sony vaio (vgn-sz583n).

Please help me!!! Thanks smile.gif

Microsoft ® Windows Debugger Version 6.9.0003.113 X86
Copyright © Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\AKANMODE\Desktop\Mini043010-09.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Server 2008 Kernel Version 6001 (Service Pack 1) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 6001.18377.x86fre.vistasp1_gdr.091208-0542
Kernel base = 0x82440000 PsLoadedModuleList = 0x82557c70
Debug session time: Fri Apr 30 10:51:52.675 2010 (GMT+1)
System Uptime: 0 days 0:01:21.500
Loading Kernel Symbols
...............................................................................................................................................................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 50, {f0fc7fff, 0, 825e9ae6, 2}

Probably caused by : pci.sys ( pci!PciQueryDeviceText+152 )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: f0fc7fff, memory referenced.
Arg2: 00000000, value 0 = read operation, 1 = write operation.
Arg3: 825e9ae6, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 00000002, (reserved)

Debugging Details:
------------------


READ_ADDRESS: GetPointerFromAddress: unable to read from 82577868
Unable to read MiSystemVaType memory at 82557420
f0fc7fff

FAULTING_IP:
nt!LdrpCompareResourceNames_U+26
825e9ae6 0fb706 movzx eax,word ptr [esi]

MM_INTERNAL_CODE: 2

CUSTOMER_CRASH_COUNT: 9

DEFAULT_BUCKET_ID: COMMON_SYSTEM_FAULT

BUGCHECK_STR: 0x50

PROCESS_NAME: System

CURRENT_IRQL: 0

TRAP_FRAME: 88fc466c -- (.trap 0xffffffff88fc466c)
ErrCode = 00000000
eax=f0fc7fff ebx=00000a0e ecx=8249cd50 edx=00000000 esi=f0fc7fff edi=8249cd50
eip=825e9ae6 esp=88fc46e0 ebp=88fc46e8 iopl=0 nv up ei ng nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010286
nt!LdrpCompareResourceNames_U+0x26:
825e9ae6 0fb706 movzx eax,word ptr [esi] ds:0023:f0fc7fff=????
Resetting default scope

LOCK_ADDRESS: 825745e0 -- (!locks 825745e0)

Resource @ nt!PiEngineLock (0x825745e0) Available

WARNING: SystemResourcesList->Flink chain invalid. Resource may be corrupted, or already deleted.


WARNING: SystemResourcesList->Blink chain invalid. Resource may be corrupted, or already deleted.

1 total locks

PNP_TRIAGE:
Lock address : 0x825745e0
Thread Count : 0
Thread address: 0x00000000
Thread wait : 0x0

LAST_CONTROL_TRANSFER: from 8249abf4 to 824e5195

STACK_TEXT:
88fc4654 8249abf4 00000000 f0fc7fff 00000000 nt!MmAccessFault+0x10a
88fc4654 825e9ae6 00000000 f0fc7fff 00000000 nt!KiTrap0E+0xdc
88fc46e8 825e96d5 80708000 5f875cab 806e5000 nt!LdrpCompareResourceNames_U+0x26
88fc476c 824569f4 806e5000 88fc4790 00000002 nt!LdrpSearchResourceSection_U+0x4ca
88fc47a4 8245680c 00000001 00000001 5f875c37 nt!LdrpGetMUIManifestEntry+0x52
88fc47f0 825e92f0 0000000b 5f8753b3 806e5000 nt!LdrpLocateResourceType+0x1f
88fc4874 825e9813 806e5000 88fc4898 00000003 nt!LdrpSearchResourceSection_U+0xeb
88fc48ac 806fda08 806e5000 0000000b 00000000 nt!RtlFindMessage+0x38
88fc48d8 806f990e 84c5e768 00000000 00000409 pci!PciQueryDeviceText+0x152
88fc48f0 806e90bf 87a9b130 87a9b1c4 84c5e768 pci!PciDevice_QueryDeviceText+0x1a
88fc4914 824fc0c3 84c5e768 87a9b130 8069667c pci!PciDispatchPnpPower+0xaf
88fc492c 806966a6 8069667c 88fc4968 80696e4b nt!IofCallDriver+0x63
88fc4938 80696e4b 84c5d6f0 87a9b130 87a9b130 acpi!ACPIDispatchForwardIrp+0x2a
88fc4968 824fc0c3 84c5d6f0 855ff008 88fc4a00 acpi!ACPIDispatchIrp+0xff
88fc4980 825f1856 c00000bb 88fc4aa8 84c618b0 nt!IofCallDriver+0x63
88fc49b4 825a8201 84c5e6b0 88fc49dc 88fc49d8 nt!IopSynchronousCall+0xce
88fc4a04 825a76f6 00000000 84c618b0 00000000 nt!PnpQueryDeviceText+0x4c
88fc4adc 825a248e 00c618b0 84c618b0 85b67c30 nt!PiProcessNewDeviceNode+0xf7
88fc4cd4 826bdcd9 84c618b0 85b67c30 88fc4d00 nt!PipProcessDevNodeTree+0x140
88fc4d08 8244bac6 8254213c 87c81230 82572500 nt!PiRestartDevice+0x8a
88fc4d44 82478445 00000000 00000000 87c81230 nt!PnpDeviceActionWorker+0x1bc
88fc4d7c 82615b22 00000000 5f875607 00000000 nt!ExpWorkerThread+0xfd
88fc4dc0 8246ea5e 82478348 80000001 00000000 nt!PspSystemThreadStartup+0x9d
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16


STACK_COMMAND: kb

FOLLOWUP_IP:
pci!PciQueryDeviceText+152
806fda08 85c0 test eax,eax

SYMBOL_STACK_INDEX: 8

SYMBOL_NAME: pci!PciQueryDeviceText+152

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: pci

IMAGE_NAME: pci.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 47918b89

FAILURE_BUCKET_ID: 0x50_pci!PciQueryDeviceText+152

BUCKET_ID: 0x50_pci!PciQueryDeviceText+152

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: f0fc7fff, memory referenced.
Arg2: 00000000, value 0 = read operation, 1 = write operation.
Arg3: 825e9ae6, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 00000002, (reserved)

Debugging Details:
------------------


READ_ADDRESS: GetPointerFromAddress: unable to read from 82577868
Unable to read MiSystemVaType memory at 82557420
f0fc7fff

FAULTING_IP:
nt!LdrpCompareResourceNames_U+26
825e9ae6 0fb706 movzx eax,word ptr [esi]

MM_INTERNAL_CODE: 2

CUSTOMER_CRASH_COUNT: 9

DEFAULT_BUCKET_ID: COMMON_SYSTEM_FAULT

BUGCHECK_STR: 0x50

PROCESS_NAME: System

CURRENT_IRQL: 0

TRAP_FRAME: 88fc466c -- (.trap 0xffffffff88fc466c)
ErrCode = 00000000
eax=f0fc7fff ebx=00000a0e ecx=8249cd50 edx=00000000 esi=f0fc7fff edi=8249cd50
eip=825e9ae6 esp=88fc46e0 ebp=88fc46e8 iopl=0 nv up ei ng nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010286
nt!LdrpCompareResourceNames_U+0x26:
825e9ae6 0fb706 movzx eax,word ptr [esi] ds:0023:f0fc7fff=????
Resetting default scope

LOCK_ADDRESS: 825745e0 -- (!locks 825745e0)

Resource @ nt!PiEngineLock (0x825745e0) Available

WARNING: SystemResourcesList->Flink chain invalid. Resource may be corrupted, or already deleted.


WARNING: SystemResourcesList->Blink chain invalid. Resource may be corrupted, or already deleted.

1 total locks

PNP_TRIAGE:
Lock address : 0x825745e0
Thread Count : 0
Thread address: 0x00000000
Thread wait : 0x0

LAST_CONTROL_TRANSFER: from 8249abf4 to 824e5195

STACK_TEXT:
88fc4654 8249abf4 00000000 f0fc7fff 00000000 nt!MmAccessFault+0x10a
88fc4654 825e9ae6 00000000 f0fc7fff 00000000 nt!KiTrap0E+0xdc
88fc46e8 825e96d5 80708000 5f875cab 806e5000 nt!LdrpCompareResourceNames_U+0x26
88fc476c 824569f4 806e5000 88fc4790 00000002 nt!LdrpSearchResourceSection_U+0x4ca
88fc47a4 8245680c 00000001 00000001 5f875c37 nt!LdrpGetMUIManifestEntry+0x52
88fc47f0 825e92f0 0000000b 5f8753b3 806e5000 nt!LdrpLocateResourceType+0x1f
88fc4874 825e9813 806e5000 88fc4898 00000003 nt!LdrpSearchResourceSection_U+0xeb
88fc48ac 806fda08 806e5000 0000000b 00000000 nt!RtlFindMessage+0x38
88fc48d8 806f990e 84c5e768 00000000 00000409 pci!PciQueryDeviceText+0x152
88fc48f0 806e90bf 87a9b130 87a9b1c4 84c5e768 pci!PciDevice_QueryDeviceText+0x1a
88fc4914 824fc0c3 84c5e768 87a9b130 8069667c pci!PciDispatchPnpPower+0xaf
88fc492c 806966a6 8069667c 88fc4968 80696e4b nt!IofCallDriver+0x63
88fc4938 80696e4b 84c5d6f0 87a9b130 87a9b130 acpi!ACPIDispatchForwardIrp+0x2a
88fc4968 824fc0c3 84c5d6f0 855ff008 88fc4a00 acpi!ACPIDispatchIrp+0xff
88fc4980 825f1856 c00000bb 88fc4aa8 84c618b0 nt!IofCallDriver+0x63
88fc49b4 825a8201 84c5e6b0 88fc49dc 88fc49d8 nt!IopSynchronousCall+0xce
88fc4a04 825a76f6 00000000 84c618b0 00000000 nt!PnpQueryDeviceText+0x4c
88fc4adc 825a248e 00c618b0 84c618b0 85b67c30 nt!PiProcessNewDeviceNode+0xf7
88fc4cd4 826bdcd9 84c618b0 85b67c30 88fc4d00 nt!PipProcessDevNodeTree+0x140
88fc4d08 8244bac6 8254213c 87c81230 82572500 nt!PiRestartDevice+0x8a
88fc4d44 82478445 00000000 00000000 87c81230 nt!PnpDeviceActionWorker+0x1bc
88fc4d7c 82615b22 00000000 5f875607 00000000 nt!ExpWorkerThread+0xfd
88fc4dc0 8246ea5e 82478348 80000001 00000000 nt!PspSystemThreadStartup+0x9d
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16


STACK_COMMAND: kb

FOLLOWUP_IP:
pci!PciQueryDeviceText+152
806fda08 85c0 test eax,eax

SYMBOL_STACK_INDEX: 8

SYMBOL_NAME: pci!PciQueryDeviceText+152

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: pci

IMAGE_NAME: pci.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 47918b89

FAILURE_BUCKET_ID: 0x50_pci!PciQueryDeviceText+152

BUCKET_ID: 0x50_pci!PciQueryDeviceText+152

Followup: MachineOwner
---------



BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:04 PM

Posted 30 April 2010 - 07:24 AM

Hi, could you please tell me when this BSOD occurs and if you can boot succesfully (if so, in which mode(s)).

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 aklaide

aklaide
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 30 April 2010 - 07:27 AM

Occurs when I turn on the computer and I'm about to login.

Most times I can only boot in safe mode. Occasionally I'm able to use the normal mode, but it takes loads of persistent trying.

Thanks.

Edited by aklaide, 30 April 2010 - 07:48 AM.


#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:04 PM

Posted 30 April 2010 - 08:04 AM

Lets see if we can find out a bit more about what is going on here.

I am moving this topic to a more appropriate forum for that.

OK this file is big Print these instruction out so that you know what you are doing

Two programs to download

First

ISOBurner this will allow you to burn OTLPE ISO to a cd and make it bootable. Just install the program, from there on in it is fairly automatic. Instructions

Second
  • Download OTLPE.iso and burn to a CD using ISO Burner. NOTE: This file is 292Mb in size so it may take some time to download.
  • When downloaded double click and this will then open ISOBurner to burn the file to CD
  • Reboot your system using the boot CD you just created.

    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the OTL.txt file in your reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:04 PM

Posted 04 May 2010 - 10:58 AM

Hi, are you still there?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:04 PM

Posted 12 May 2010 - 09:22 AM

Due to lack of feedback, this topic will now be closed.

If you are the original topic starter and you need this topic reopened, please send me a PM.

Everyone else, please start a new topic.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users