Pinworms Posted August 21, 2012 Share Posted August 21, 2012 Hi, If anyone has any suggestions on fixing this problem I would love to here them. I have spent about a week working on this with little progress. I found I was infected with a couple Trojans one was the Trojan.Zeroaccess.C. Removed and or quarantine them. I seem to have less BSOD issues now. Currently, when the computer is awakened from hibernate by pushing the power button I am immediately told windows did not shut down properly and I have the option to start normally or in safe mode. Occasionally I will get a BSOD while doing random things in windows. There was two different reported causes for these blue screens according to windows. One is ntoskrnl.exe, I cant recall the other lesser problem causing file( the log file has be deleted). The computer usualy works fine. It restarts fine. Most of the time the only issue is when awakening from Hibernate and then random BSOD.I have a HP Pavilon dv6windows 7 x64all windows updates downloaded except bing desktopall drivers up to date according to windowsadditional updates downloaded from HP's webite to include BIOSfull virus scan by NortonI have tried performing a clean boot by disabling ALL services including all windows services in MSCONFIG. I had to allow one of the services to run so windows could use the Hibernate feature. Even with all the services disabled except that one and a couple other services that windows would automatically enable, I would still have the problem awakening form Hibernate.I have allowed windows to run the startup repair and restoring to when it thought everything was fine and dandy.I tried "open services and stop the Windows Management Instrumentation Service. Take ownership of the folder or the contents of the folder "C:\Windows\System32\wbem\Repository." .Delete the contents of the folder. Reboot. " which i read from another thread. Ive ran sfc, scan disk, disk defrag and the built in memory tester in my BIOS.Here is a save from Blue Screen View==================================================Dump File : 082012-32027-01.dmpCrash Time : 8/20/2012 5:56:30 PMBug Check String : KMODE_EXCEPTION_NOT_HANDLEDBug Check Code : 0x0000001eParameter 1 : ffffffff`c0000005Parameter 2 : fffff800`02eb97efParameter 3 : 00000000`00000000Parameter 4 : 00000000`7ef80000Caused By Driver : ntoskrnl.exeCaused By Address : ntoskrnl.exe+7f1c0File Description : NT Kernel & SystemProduct Name : Microsoft® Windows® Operating SystemCompany : Microsoft CorporationFile Version : 6.1.7601.17835 (win7sp1_gdr.120503-2030)Processor : x64Crash Address : ntoskrnl.exe+7f1c0Stack Address 1 : Stack Address 2 : Stack Address 3 : Computer Name : Full Path : C:\Windows\Minidump\082012-32027-01.dmpProcessors Count : 8Major Version : 15Minor Version : 7601Dump File Size : 262,144================================================== Link to comment Share on other sites More sharing options...
Tripredacus Posted August 21, 2012 Share Posted August 21, 2012 Uploading that minidump may be a good first step. Other users may want to see the full memory dump, which you can learn about here: Link to comment Share on other sites More sharing options...
Pinworms Posted August 21, 2012 Author Share Posted August 21, 2012 I'm not sure what kind of dump file would be most useful. I tried to upload the dump file currently in my windows folder but it is too large. When I try to open it with the windows debugger tool this is what I get.Microsoft ® Windows Debugger Version 6.12.0002.633 AMD64Copyright © Microsoft Corporation. All rights reserved.Loading Dump File [C:\Windows\MEMORY.DMP]Kernel Summary Dump File: Only kernel address space is availableSymbol search path is: *** Invalid ******************************************************************************** Symbol loading may be unreliable without a symbol search path. ** Use .symfix to have the debugger choose a symbol path. ** After setting your symbol path, use .reload to refresh symbol locations. *****************************************************************************Executable search path is: ********************************************************************** Symbols can not be loaded because symbol path is not initialized. ** ** The Symbol Path can be set by: ** using the _NT_SYMBOL_PATH environment variable. ** using the -y <symbol_path> argument when starting the debugger. ** using .sympath and .sympath+ ************************************************************************* ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrnlmp.exe - Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64Product: WinNt, suite: TerminalServer SingleUserTS PersonalBuilt by: 7601.17835.amd64fre.win7sp1_gdr.120503-2030Machine Name:Kernel base = 0xfffff800`02e5a000 PsLoadedModuleList = 0xfffff800`0309e670Debug session time: Mon Aug 20 17:50:16.925 2012 (UTC - 6:00)System Uptime: 0 days 4:21:01.831********************************************************************** Symbols can not be loaded because symbol path is not initialized. ** ** The Symbol Path can be set by: ** using the _NT_SYMBOL_PATH environment variable. ** using the -y <symbol_path> argument when starting the debugger. ** using .sympath and .sympath+ ************************************************************************* ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrnlmp.exe - Loading Kernel Symbols..................................................................................................................................................................................Loading User SymbolsPEB is paged out (Peb.Ldr = 00000000`7efdf018). Type ".hh dbgerr001" for detailsLoading unloaded module list.........******************************************************************************** ** Bugcheck Analysis ** ********************************************************************************Use !analyze -v to get detailed debugging information.BugCheck 1E, {ffffffffc0000005, fffff80002eb97ef, 0, 7ef80000}*** ERROR: Module load completed but symbols could not be loaded for mssmbios.sys***** Kernel symbols are WRONG. Please fix symbols to do analysis.**************************************************************************** ****** ****** Your debugger is not using the correct symbols ****** ****** In order for this command to work properly, your symbol path ****** must point to .pdb files that have full type information. ****** ****** Certain .pdb files (such as the public OS symbols) do not ****** contain the required information. Contact the group that ****** provided you with these symbols if you need this command to ****** work. ****** ****** Type referenced: nt!_KPRCB ****** ******************************************************************************************************************************************************** ****** ****** Your debugger is not using the correct symbols ****** ****** In order for this command to work properly, your symbol path ****** must point to .pdb files that have full type information. ****** ****** Certain .pdb files (such as the public OS symbols) do not ****** contain the required information. Contact the group that ****** provided you with these symbols if you need this command to ****** work. ****** ****** Type referenced: nt!_KPRCB ****** ******************************************************************************************************************************************************** ****** ****** Your debugger is not using the correct symbols ****** ****** In order for this command to work properly, your symbol path ****** must point to .pdb files that have full type information. ****** ****** Certain .pdb files (such as the public OS symbols) do not ****** contain the required information. Contact the group that ****** provided you with these symbols if you need this command to ****** work. ****** ****** Type referenced: nt!_KPRCB ****** ****************************************************************************Probably caused by : ntkrnlmp.exe ( nt!RtlInitEnumerationHashTable+2ab )Followup: MachineOwner--------- Link to comment Share on other sites More sharing options...
MagicAndre1981 Posted August 21, 2012 Share Posted August 21, 2012 zip the dmp file and attach it here Link to comment Share on other sites More sharing options...
Tripredacus Posted August 21, 2012 Share Posted August 21, 2012 This file can't be attached to the forum: C:\Windows\Memory.dmpThis file can be attached to the forum: C:\Windows\Minidump\082012-32027-01.dmp Link to comment Share on other sites More sharing options...
Pinworms Posted August 23, 2012 Author Share Posted August 23, 2012 (edited) Here is the mini dump file. I had to zip it cause I could not upload a .dmp file i guess. Thanks for the quick responses.082012-32027-01.zip Edited August 23, 2012 by Pinworms Link to comment Share on other sites More sharing options...
MagicAndre1981 Posted August 23, 2012 Share Posted August 23, 2012 (edited) the dump is not useful. Zip the Memory.dmp and upload it to your SkyDrive and post a link here.iaStor.sys maybe the cause:KMODE_EXCEPTION_NOT_HANDLED (1e)This is a very common bugcheck. Usually the exception address pinpointsthe driver/function that caused the problem. Always note this addressas well as the link date of the driver/image that contains this address.Arguments:Arg1: ffffffffc0000005, The exception code that was not handledArg2: fffff80002eb97ef, The address that the exception occurred atArg3: 0000000000000000, Parameter 0 of the exceptionArg4: 000000007ef80000, Parameter 1 of the exceptionDebugging Details:Call Sitent!KeBugCheckExnt! ?? ::FNODOBFM::`string'nt!KiExceptionDispatchnt!KiPageFaultnt!RtlImageNtHeaderExnt!RtlImageNtHeader0x00x0ffff880`03761f28 fffff800`02f23d88 nt! ?? ::FNODOBFM::`string'+0x48d3dfffff880`03761f30 00000000`0000001efffff880`03761f38 ffffffff`c0000005fffff880`03761f40 fffff800`02eb97ef nt!RtlImageNtHeaderEx+0x3ffffff880`03761f48 00000000`00000000fffff880`03761f50 00000000`7ef80000fffff880`03761f58 fffff800`02ecbb01 nt!KiDeliverApc+0xf1fffff880`03761f80 fffff880`03761ff8fffff880`03761f88 fffff800`02ef3c87 nt!MmMapLockedPagesSpecifyCache+0x50cfffff880`03761f90 00001f80`0010001ffffff880`03762058 fffff800`02eb97ef nt!RtlImageNtHeaderEx+0x3ffffff880`03762060 00000000`00000000fffff880`03762068 fffff800`02edff8f nt!KeWaitForSingleObject+0x19ffffff880`03762070 fffff880`03762100fffff880`03762078 fffffa80`00001f80fffff880`03762080 fffffa80`00000000fffff880`03762088 fffffa80`08137000fffff880`03762090 00000000`00000000fffff880`03762098 fffff880`010aa106Unable to load image \SystemRoot\system32\DRIVERS\iaStor.sys, Win32 error 0n2*** WARNING: Unable to verify timestamp for iaStor.sys*** ERROR: Module load completed but symbols could not be loaded for iaStor.sys iaStor+0x39106fffff880`037620a0 00000000`000000004: kd> lmvm iaStorstart end module namefffff880`01071000 fffff880`011c5000 iaStor T (no symbols) Loaded symbol image file: iaStor.sys Image path: \SystemRoot\system32\DRIVERS\iaStor.sys Image name: iaStor.sys Timestamp: Thu Jan 13 02:50:12 2011so update the Intel SATA drivers. Edited August 23, 2012 by MagicAndre1981 Link to comment Share on other sites More sharing options...
Pinworms Posted August 24, 2012 Author Share Posted August 24, 2012 (edited) Here is a link to my memory.dmp file which is zipped and on skdrive. http://sdrv.ms/SttpPr Edited August 24, 2012 by Pinworms Link to comment Share on other sites More sharing options...
MagicAndre1981 Posted August 24, 2012 Share Posted August 24, 2012 it shows the same. Update the Intel driver and run chkdsk /r /f to detect and fix NTFS filesystem issues. Link to comment Share on other sites More sharing options...
Pinworms Posted August 27, 2012 Author Share Posted August 27, 2012 I updated the Intel SATA drivers again. Ran chkdsk again. Still have the problem when after the computer hibernates. I am thinking the easiest fix now may be just to back up and reinstall windows. Link to comment Share on other sites More sharing options...
MagicAndre1981 Posted August 27, 2012 Share Posted August 27, 2012 does it also happen if all 3rd party application are stopped (clean boot)? Link to comment Share on other sites More sharing options...
Pinworms Posted August 31, 2012 Author Share Posted August 31, 2012 Yes, I did a complete clean boot, prevented everything even most windows processes from starting and it still happened. I have not tried doing this from safe mode though. Link to comment Share on other sites More sharing options...
Pinworms Posted September 1, 2012 Author Share Posted September 1, 2012 Thank you all for the advice. I was not able to resolve the issue so today I did a complete re-install of windows. Now it works great. thanks for the effort. Link to comment Share on other sites More sharing options...
MagicAndre1981 Posted September 1, 2012 Share Posted September 1, 2012 ok, nice to hear this. Have you install the same drivers or newer ones? Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now