Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BSOD Help - Referred from Windows7 Forum


  • Please log in to reply
4 replies to this topic

#1 boosted

boosted

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:17 PM

Posted 12 May 2011 - 07:23 PM

Hello, please see my original post here:
http://www.bleepingcomputer.com/forums/topic397022.html


I have been having BSOD error crashes for the last month and need to stop them from recurring. I have followed the steps on the "How to receive help diagnosing Blue Screens and Windows crashes" thread, and this is the text that is generated from WinDbg.

Can someone please help me make some sense of it? I have no idea what I am looking at. Thank you

System:
ASUS M4A78-E
Phenom II X4 2.8ghz
6gb Patriot Viper DDR2 1066 (3x2gb)
BFG GeForce 9800 GTX+ OC
Windows 7 x64 Ultimate
Intel X25-V 40gb SSD with Windows install
Seagate 1TB HDD for files

--------------------------------------------------------------

Microsoft ® Windows Debugger Version 6.12.0002.633 AMD64
Copyright © Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\Minidump\051211-11247-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16695.amd64fre.win7_gdr.101026-1503
Machine Name:
Kernel base = 0xfffff800`02a5f000 PsLoadedModuleList = 0xfffff800`02c9ce50
Debug session time: Thu May 12 15:08:27.653 2011 (UTC - 4:00)
System Uptime: 1 days 18:55:21.105
Loading Kernel Symbols
...............................................................
................................................................
...................
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 109, {a3a039d89a5738c8, 0, fad470d4ba6ea2ed, 101}

Probably caused by : Unknown_Image ( ANALYSIS_INCONCLUSIVE )

Followup: MachineOwner
---------

2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

CRITICAL_STRUCTURE_CORRUPTION (109)
This bugcheck is generated when the kernel detects that critical kernel code or
data have been corrupted. There are generally three causes for a corruption:
1) A driver has inadvertently or deliberately modified critical kernel code
or data. See http://www.microsoft.com/whdc/driver/kernel/64bitPatching.mspx
2) A developer attempted to set a normal kernel breakpoint using a kernel
debugger that was not attached when the system was booted. Normal breakpoints,
"bp", can only be set if the debugger is attached at boot time. Hardware
breakpoints, "ba", can be set at any time.
3) A hardware corruption occurred, e.g. failing RAM holding kernel code or data.
Arguments:
Arg1: a3a039d89a5738c8, Reserved
Arg2: 0000000000000000, Reserved
Arg3: fad470d4ba6ea2ed, Failure type dependent information
Arg4: 0000000000000101, Type of corrupted region, can be
0 : A generic data region
1 : Modification of a function or .pdata
2 : A processor IDT
3 : A processor GDT
4 : Type 1 process list corruption
5 : Type 2 process list corruption
6 : Debug routine modification
7 : Critical MSR modification

Debugging Details:
------------------


BUGCHECK_STR: 0x109

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

PROCESS_NAME: System

CURRENT_IRQL: 0

LAST_CONTROL_TRANSFER: from 0000000000000000 to fffff80002acf740

STACK_TEXT:
fffff880`031a85d8 00000000`00000000 : 00000000`00000109 a3a039d8`9a5738c8 00000000`00000000 fad470d4`ba6ea2ed : nt!KeBugCheckEx


STACK_COMMAND: kb

SYMBOL_NAME: ANALYSIS_INCONCLUSIVE

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: Unknown_Module

IMAGE_NAME: Unknown_Image

DEBUG_FLR_IMAGE_TIMESTAMP: 0

BUCKET_ID: BAD_STACK

Followup: MachineOwner





-----------------------------------



Blue screen information:


==================================================
Dump File : 051211-11247-01.dmp
Crash Time : 5/12/2011 3:09:40 PM
Bug Check String :
Bug Check Code : 0x00000109
Parameter 1 : a3a039d8`9a5738c8
Parameter 2 : 00000000`00000000
Parameter 3 : fad470d4`ba6ea2ed
Parameter 4 : 00000000`00000101
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70740
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16695 (win7_gdr.101026-1503)
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\051211-11247-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 292,136
==================================================

==================================================
Dump File : 051011-12542-01.dmp
Crash Time : 5/10/2011 8:13:19 PM
Bug Check String : KMODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x0000001e
Parameter 1 : 00000000`00000000
Parameter 2 : 00000000`00000000
Parameter 3 : 00000000`00000000
Parameter 4 : 00000000`00000000
Caused By Driver : tcpip.sys
Caused By Address : tcpip.sys+152ad8
File Description :
Product Name :
Company :
File Version :
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\051011-12542-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 292,144
==================================================

==================================================
Dump File : 050111-10545-01.dmp
Crash Time : 5/1/2011 9:55:46 PM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x00000050
Parameter 1 : fffff87f`939a56d4
Parameter 2 : 00000000`00000001
Parameter 3 : fffff960`000c66d2
Parameter 4 : 00000000`00000005
Caused By Driver : hal.dll
Caused By Address : hal.dll+7b7f
File Description :
Product Name :
Company :
File Version :
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\050111-10545-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 292,184
==================================================

==================================================
Dump File : 042611-12324-01.dmp
Crash Time : 4/26/2011 5:50:43 PM
Bug Check String : SYSTEM_SERVICE_EXCEPTION
Bug Check Code : 0x0000003b
Parameter 1 : 00000000`c0000005
Parameter 2 : fffff800`028c781a
Parameter 3 : fffff880`09522180
Parameter 4 : 00000000`00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70740
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16695 (win7_gdr.101026-1503)
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\042611-12324-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 292,200
==================================================

==================================================
Dump File : 041711-14414-01.dmp
Crash Time : 4/17/2011 2:42:01 PM
Bug Check String : SYSTEM_SERVICE_EXCEPTION
Bug Check Code : 0x0000003b
Parameter 1 : 00000000`c0000005
Parameter 2 : fffff960`00109354
Parameter 3 : fffff880`08ffd1d0
Parameter 4 : 00000000`00000000
Caused By Driver : atapi.sys
Caused By Address : atapi.sys+26d4
File Description :
Product Name :
Company :
File Version :
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\041711-14414-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 292,144
==================================================

==================================================
Dump File : 040311-9079-01.dmp
Crash Time : 4/3/2011 3:04:52 PM
Bug Check String : KMODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x0000001e
Parameter 1 : 00000000`00000000
Parameter 2 : 00000000`00000000
Parameter 3 : 00000000`00000000
Parameter 4 : 00000000`00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70710
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16695 (win7_gdr.101026-1503)
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\040311-9079-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 292,152
==================================================

==================================================
Dump File : 040211-10966-01.dmp
Crash Time : 4/2/2011 11:58:46 PM
Bug Check String : SYSTEM_SERVICE_EXCEPTION
Bug Check Code : 0x0000003b
Parameter 1 : 00000000`c0000005
Parameter 2 : fffff880`01404121
Parameter 3 : fffff880`0829c7f0
Parameter 4 : 00000000`00000000
Caused By Driver : NETIO.SYS
Caused By Address : NETIO.SYS+4121
File Description :
Product Name :
Company :
File Version :
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\040211-10966-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 292,200
==================================================

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,404 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:17 PM

Posted 12 May 2011 - 08:43 PM

Hello can we get 2 scan logs.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.5.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.



Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
[color=green]Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


Troubleshoot Malwarebytes' Anti-Malware
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 boosted

boosted
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:17 PM

Posted 15 May 2011 - 02:03 PM

Great, thanks for the quick reply. I scanned with TDSSKiller and Malwarebytes exactly as described, and both came back clean. Any other ideas to try? Thanks again for your help.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,404 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:17 PM

Posted 15 May 2011 - 03:36 PM

Hello, I do not think this is malware but more am issue with a driver update or conflict in your Graphic or Secure Digital (SD) card. At least from the last Dump file. Perhaps ask back in WIN7, again how /where to fix,replace them.
If this was an upgrade to 7 that may be where to start. Sorry this is not my area of expertise.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 boosted

boosted
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:17 PM

Posted 15 May 2011 - 05:33 PM

Okay, thank you very much for your time.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users