Windows 7: Constant BSODs! Please help!

southernkimchee · 22 Oct 2010

Hi, for the past few days, my laptop was running pretty sluggish and it took longer than usual to start it up.
Since yesterday, my computer would get the dreaded BSOD after it starts up.
I'm in safe mode right now and I tried doing a system restore, but the BSOD would still occur.

I'm thinking it might be a virus because my Microsoft Security Essentials did pick up a Ursnif Trojan, but it did say it cleaned it up. I've ran many virus scans with MSE and Malwarebytes but it would pick up nothing...

I seriously don't know what the problem is and I was hoping someone here would be able to identify through my memory dumps.

P.S. whenever I would type in perfmon /report, the performance monitor program would pop up and say it has in error, so I can't really include the report.

Is Windows 7 . . . 64bit
- the original installed OS
- full retail version?

- What is the age of system (hardware)? less than 4 months

CarlTR6 · 22 Oct 2010

Hi and welcome to the forum. Sorry you are having problems. I looked at your five dumps from today. All of them indicated memory problems and blamed core system driver which are highly unlikely to be the cause.

Quote:

Error code A (4X), IRQL_NOT_LESS_OR_EQUAL. Usual causes: Kernel mode driver, System Service, BIOS, Windows, Virus scanner, Backup tool, compatibility.

Error code 1E, KMODE_EXCEPTION_NOT_HANDLED. Usual causes: Device driver, hardware, System service, compatibility, Remote control programs, memory, BIOS

Code:

Windows 7 Kernel Version 7600 MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7600.16617.amd64fre.win7_gdr.100618-1621
Machine Name:
Kernel base = 0xfffff800`04006000 PsLoadedModuleList = 0xfffff800`04243e50
Debug session time: Fri Oct 22 19:19:07.068 2010 (GMT-4)
System Uptime: 0 days 0:03:03.003
Loading Kernel Symbols
...............................................................
................................................................
..............................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1E, {ffffffffc0000005, fffff8000436e72a, 1, 18}

Probably caused by : ntkrnlmp.exe ( nt!ObpCreateHandle+29a )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff8000436e72a, The address that the exception occurred at
Arg3: 0000000000000001, Parameter 0 of the exception
Arg4: 0000000000000018, Parameter 1 of the exception

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

FAULTING_IP: 
nt!ObpCreateHandle+29a
fffff800`0436e72a f0480fba6f1800  lock bts qword ptr [rdi+18h],0

EXCEPTION_PARAMETER1:  0000000000000001

EXCEPTION_PARAMETER2:  0000000000000018

WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff800042ae0e0
 0000000000000018 

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0x1E

PROCESS_NAME:  svchost.exe

CURRENT_IRQL:  0

EXCEPTION_RECORD:  fffff880083bbe98 -- (.exr 0xfffff880083bbe98)
ExceptionAddress: fffff8000436e72a (nt!ObpCreateHandle+0x000000000000029a)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 0000000000000001
   Parameter[1]: 0000000000000018
Attempt to write to address 0000000000000018

TRAP_FRAME:  fffff880083bbf40 -- (.trap 0xfffff880083bbf40)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=fffffa8006244b60
rdx=00000000000f001f rsi=0000000000000000 rdi=0000000000000000
rip=fffff8000436e72a rsp=fffff880083bc0d0 rbp=0000000000000000
 r8=fffff8a00423add0  r9=00000000000000e8 r10=0000000000000000
r11=fffff8a00423ad80 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei ng nz ac po nc
nt!ObpCreateHandle+0x29a:
fffff800`0436e72a f0480fba6f1800  lock bts qword ptr [rdi+18h],0 ds:00000000`00000018=????????????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff800040b0a39 to fffff80004076740

STACK_TEXT:  
fffff880`083bb6c8 fffff800`040b0a39 : 00000000`0000001e ffffffff`c0000005 fffff800`0436e72a 00000000`00000001 : nt!KeBugCheckEx
fffff880`083bb6d0 fffff800`04075d82 : fffff880`083bbe98 00000000`00000000 fffff880`083bbf40 fffffa80`06244b60 : nt!KiDispatchException+0x1b9
fffff880`083bbd60 fffff800`040748fa : 00000000`00000001 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiExceptionDispatch+0xc2
fffff880`083bbf40 fffff800`0436e72a : 00000000`00000000 fffff880`083bc120 fffffa80`058ff060 fffff8a0`0423add0 : nt!KiPageFault+0x23a
fffff880`083bc0d0 fffff800`0436722c : 00000000`00000000 fffff8a0`0423add0 00000000`000f001f fffff8a0`04352200 : nt!ObpCreateHandle+0x29a
fffff880`083bc1e0 fffff800`043670a0 : fffffa80`058ddb60 fffff880`083bc590 fffffa80`05a77830 00000000`08000000 : nt!ObInsertObjectEx+0xec
fffff880`083bc420 fffff800`04075993 : fffffa80`06244b60 fffff880`083bc6c8 fffff880`083bc4b8 fffff880`086c48d0 : nt!NtCreateSection+0x1ef
fffff880`083bc4a0 fffff800`04071f30 : fffffa80`043cdb5c fffff880`083bc7b0 00000000`000001da fffffa80`043d2260 : nt!KiSystemServiceCopyEnd+0x13
fffff880`083bc6a8 fffffa80`043cdb5c : fffff880`083bc7b0 00000000`000001da fffffa80`043d2260 00000000`00000000 : nt!KiServiceLinkage
fffff880`083bc6b0 fffff880`083bc7b0 : 00000000`000001da fffffa80`043d2260 00000000`00000000 00000000`00000000 : 0xfffffa80`043cdb5c
fffff880`083bc6b8 00000000`000001da : fffffa80`043d2260 00000000`00000000 00000000`00000000 00000000`00000000 : 0xfffff880`083bc7b0
fffff880`083bc6c0 fffffa80`043d2260 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x1da
fffff880`083bc6c8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0xfffffa80`043d2260


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt!ObpCreateHandle+29a
fffff800`0436e72a f0480fba6f1800  lock bts qword ptr [rdi+18h],0

SYMBOL_STACK_INDEX:  4

SYMBOL_NAME:  nt!ObpCreateHandle+29a

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  4c1c44a9

FAILURE_BUCKET_ID:  X64_0x1E_nt!ObpCreateHandle+29a

BUCKET_ID:  X64_0x1E_nt!ObpCreateHandle+29a

Followup: MachineOwner
---------

Kernel base = 0xfffff800`04058000 PsLoadedModuleList = 0xfffff800`04295e50
Debug session time: Fri Oct 22 19:25:02.045 2010 (GMT-4)
System Uptime: 0 days 0:04:01.980
Loading Kernel Symbols
...............................................................
................................................................
...............................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck A, {0, 2, 0, fffff800040cc79f}

Probably caused by : ntkrnlmp.exe ( nt!KeSetEvent+10f )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0000000000000000, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, bitfield :
    bit 0 : value 0 = read operation, 1 = write operation
    bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff800040cc79f, address which referenced memory

Debugging Details:
------------------


READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800043000e0
 0000000000000000 

CURRENT_IRQL:  2

FAULTING_IP: 
nt!KeSetEvent+10f
fffff800`040cc79f 488b09          mov     rcx,qword ptr [rcx]

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0xA

PROCESS_NAME:  System

TRAP_FRAME:  fffff88006ee2810 -- (.trap 0xfffff88006ee2810)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffff88004734918 rbx=0000000000000000 rcx=0000000000000000
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff800040cc79f rsp=fffff88006ee29a0 rbp=0000000000000000
 r8=0000000000000000  r9=0000000000000530 r10=fffff80004058000
r11=fffffa8005ed2040 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl nz ac po cy
nt!KeSetEvent+0x10f:
fffff800`040cc79f 488b09          mov     rcx,qword ptr [rcx] ds:6b80:00000000`00000000=????????????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff800040c7ca9 to fffff800040c8740

STACK_TEXT:  
fffff880`06ee26c8 fffff800`040c7ca9 : 00000000`0000000a 00000000`00000000 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff880`06ee26d0 fffff800`040c6920 : fffffa80`05ed2040 fffff880`04734910 00000000`00000818 fffffa80`0340fb30 : nt!KiBugCheckDispatch+0x69
fffff880`06ee2810 fffff800`040cc79f : fffffa80`00000001 00000000`00000000 fffff880`047348d0 fffff880`047348d0 : nt!KiPageFault+0x260
fffff880`06ee29a0 fffffa80`043bf0fd : fffff880`00000000 fffffa80`00000000 fffffa80`00000000 ffffffff`800008c4 : nt!KeSetEvent+0x10f
fffff880`06ee2a10 fffff880`00000000 : fffffa80`00000000 fffffa80`00000000 ffffffff`800008c4 00000000`00000000 : 0xfffffa80`043bf0fd
fffff880`06ee2a18 fffffa80`00000000 : fffffa80`00000000 ffffffff`800008c4 00000000`00000000 00000000`00000001 : 0xfffff880`00000000
fffff880`06ee2a20 fffffa80`00000000 : ffffffff`800008c4 00000000`00000000 00000000`00000001 00000000`00000890 : 0xfffffa80`00000000
fffff880`06ee2a28 ffffffff`800008c4 : 00000000`00000000 00000000`00000001 00000000`00000890 00000000`00000000 : 0xfffffa80`00000000
fffff880`06ee2a30 00000000`00000000 : 00000000`00000001 00000000`00000890 00000000`00000000 00000000`00000030 : 0xffffffff`800008c4


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt!KeSetEvent+10f
fffff800`040cc79f 488b09          mov     rcx,qword ptr [rcx]

SYMBOL_STACK_INDEX:  3

SYMBOL_NAME:  nt!KeSetEvent+10f

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  4c1c44a9

FAILURE_BUCKET_ID:  X64_0xA_nt!KeSetEvent+10f

BUCKET_ID:  X64_0xA_nt!KeSetEvent+10f

Followup: MachineOwner
---------

1: kd> lmtsmn
start             end                 module name
fffff880`01000000 fffff880`01057000   ACPI     ACPI.sys     Mon Jul 13 19:19:34 2009 (4A5BC106)
fffff880`02c0d000 fffff880`02c97000   afd      afd.sys      Mon Jul 13 19:21:40 2009 (4A5BC184)
fffff880`03c55000 fffff880`03c6b000   AgileVpn AgileVpn.sys Mon Jul 13 20:10:24 2009 (4A5BCCF0)
fffff880`03c00000 fffff880`03c45000   al80q3gk al80q3gk.SYS Tue Jul 14 17:12:55 2009 (4A5CF4D7)
fffff880`03b88000 fffff880`03b9d000   amdppm   amdppm.sys   Mon Jul 13 19:19:25 2009 (4A5BC0FD)
fffff880`00ec0000 fffff880`00ed4000   amdsata  amdsata.sys  Wed Oct 07 16:13:09 2009 (4ACCF655)
fffff880`00fd5000 fffff880`00fe0000   amdxata  amdxata.sys  Wed Oct 07 16:13:10 2009 (4ACCF656)
fffff880`045b6000 fffff880`045fd000   Apfiltr  Apfiltr.sys  Thu Sep 03 22:46:48 2009 (4AA07F98)
fffff880`00e8d000 fffff880`00e96000   atapi    atapi.sys    Mon Jul 13 19:19:47 2009 (4A5BC113)
fffff880`00e96000 fffff880`00ec0000   ataport  ataport.SYS  Mon Jul 13 19:19:52 2009 (4A5BC118)
fffff880`04a53000 fffff880`04bd2000   athrx    athrx.sys    Fri Nov 06 15:56:02 2009 (4AF48D62)
fffff880`03b9d000 fffff880`03bd1000   atikmpag atikmpag.sys Tue Mar 02 22:07:33 2010 (4B8DD275)
fffff880`017ec000 fffff880`017f4000   AtiPcie  AtiPcie.sys  Tue May 05 11:00:22 2009 (4A005486)
fffff880`03cee000 fffff880`0435d000   atipmdag atipmdag.sys Tue Mar 02 22:47:08 2010 (4B8DDBBC)
fffff880`0108c000 fffff880`01098000   BATTC    BATTC.SYS    Mon Jul 13 19:31:01 2009 (4A5BC3B5)
fffff880`02d5e000 fffff880`02d65000   Beep     Beep.SYS     Mon Jul 13 20:00:13 2009 (4A5BCA8D)
fffff880`03b51000 fffff880`03b62000   blbdrive blbdrive.sys Mon Jul 13 19:35:59 2009 (4A5BC4DF)
fffff880`035b1000 fffff880`035cf000   bowser   bowser.sys   Mon Jul 13 19:23:50 2009 (4A5BC206)
fffff960`00750000 fffff960`00777000   cdd      cdd.dll      unavailable (00000000)
fffff880`02cfe000 fffff880`02d28000   cdrom    cdrom.sys    Mon Jul 13 19:19:54 2009 (4A5BC11A)
fffff880`00c9f000 fffff880`00d5f000   CI       CI.dll       Mon Jul 13 21:32:13 2009 (4A5BE01D)
fffff880`00dc1000 fffff880`00df1000   CLASSPNP CLASSPNP.SYS Mon Jul 13 19:19:58 2009 (4A5BC11E)
fffff880`00c41000 fffff880`00c9f000   CLFS     CLFS.SYS     Mon Jul 13 19:19:57 2009 (4A5BC11D)
fffff880`04a4e000 fffff880`04a52500   CmBatt   CmBatt.sys   Mon Jul 13 19:31:03 2009 (4A5BC3B7)
fffff880`0133e000 fffff880`013b1000   cng      cng.sys      Mon Jul 13 19:49:40 2009 (4A5BC814)
fffff880`01083000 fffff880`0108c000   compbatt compbatt.sys Mon Jul 13 19:31:02 2009 (4A5BC3B6)
fffff880`03c45000 fffff880`03c55000   CompositeBus CompositeBus.sys Mon Jul 13 20:00:33 2009 (4A5BCAA1)
fffff880`067a5000 fffff880`067b3000   crashdmp crashdmp.sys Mon Jul 13 20:01:01 2009 (4A5BCABD)
fffff880`03b33000 fffff880`03b51000   dfsc     dfsc.sys     Mon Jul 13 19:23:44 2009 (4A5BC200)
fffff880`03b24000 fffff880`03b33000   discache discache.sys Mon Jul 13 19:37:18 2009 (4A5BC52E)
fffff880`0141b000 fffff880`01431000   disk     disk.sys     Mon Jul 13 19:19:57 2009 (4A5BC11D)
fffff880`04d89000 fffff880`04dab000   drmk     drmk.sys     Mon Jul 13 21:01:25 2009 (4A5BD8E5)
fffff880`067bd000 fffff880`067d1000   dump_amdsata dump_amdsata.sys Wed Oct 07 16:13:09 2009 (4ACCF655)
fffff880`067b3000 fffff880`067bd000   dump_diskdump dump_diskdump.sys Mon Jul 13 20:01:00 2009 (4A5BCABC)
fffff880`067d1000 fffff880`067e4000   dump_dumpfve dump_dumpfve.sys Mon Jul 13 19:21:51 2009 (4A5BC18F)
fffff880`06799000 fffff880`067a5000   Dxapi    Dxapi.sys    Mon Jul 13 19:38:28 2009 (4A5BC574)
fffff880`04401000 fffff880`044f5000   dxgkrnl  dxgkrnl.sys  Thu Oct 01 21:00:14 2009 (4AC5509E)
fffff880`044f5000 fffff880`0453b000   dxgmms1  dxgmms1.sys  Mon Jul 13 19:38:32 2009 (4A5BC578)
fffff880`012c0000 fffff880`012d4000   fileinfo fileinfo.sys Mon Jul 13 19:34:25 2009 (4A5BC481)
fffff880`01274000 fffff880`012c0000   fltmgr   fltmgr.sys   Mon Jul 13 19:19:59 2009 (4A5BC11F)
fffff880`01411000 fffff880`0141b000   Fs_Rec   Fs_Rec.sys   Mon Jul 13 19:19:45 2009 (4A5BC111)
fffff880`0123a000 fffff880`01274000   fvevol   fvevol.sys   Fri Sep 25 22:34:26 2009 (4ABD7DB2)
fffff880`0168b000 fffff880`016d5000   fwpkclnt fwpkclnt.sys Mon Jul 13 19:21:08 2009 (4A5BC164)
fffff880`04bdf000 fffff880`04bec000   GEARAspiWDM GEARAspiWDM.sys Mon May 18 08:17:04 2009 (4A1151C0)
fffff800`0400f000 fffff800`04058000   hal      hal.dll      Mon Jul 13 21:27:36 2009 (4A5BDF08)
fffff880`0453b000 fffff880`0455f000   HDAudBus HDAudBus.sys Mon Jul 13 20:06:13 2009 (4A5BCBF5)
fffff880`066df000 fffff880`066f8000   HIDCLASS HIDCLASS.SYS Mon Jul 13 20:06:21 2009 (4A5BCBFD)
fffff880`066f8000 fffff880`06700080   HIDPARSE HIDPARSE.SYS Mon Jul 13 20:06:17 2009 (4A5BCBF9)
fffff880`066d1000 fffff880`066df000   hidusb   hidusb.sys   Mon Jul 13 20:06:22 2009 (4A5BCBFE)
fffff880`034e9000 fffff880`035b1000   HTTP     HTTP.sys     Mon Jul 13 19:22:16 2009 (4A5BC1A8)
fffff880`017e3000 fffff880`017ec000   hwpolicy hwpolicy.sys Mon Jul 13 19:19:22 2009 (4A5BC0FA)
fffff880`04a1e000 fffff880`04a3c000   i8042prt i8042prt.sys Mon Jul 13 19:19:57 2009 (4A5BC11D)
fffff880`04a3c000 fffff880`04a4b000   kbdclass kbdclass.sys Mon Jul 13 19:19:50 2009 (4A5BC116)
fffff800`00bb2000 fffff800`00bb5000   kdcom    kdcom.dll    Fri Oct 08 07:17:09 2010 (4CAEFDB5)
fffff880`04c51000 fffff880`04c94000   ks       ks.sys       Wed Mar 03 23:32:25 2010 (4B8F37D9)
fffff880`015da000 fffff880`015f4000   ksecdd   ksecdd.sys   Mon Jul 13 19:20:54 2009 (4A5BC156)
fffff880`01660000 fffff880`0168b000   ksecpkg  ksecpkg.sys  Fri Dec 11 01:03:32 2009 (4B21E0B4)
fffff880`04dab000 fffff880`04db0200   ksthunk  ksthunk.sys  Mon Jul 13 20:00:19 2009 (4A5BCA93)
fffff880`0644f000 fffff880`06464000   lltdio   lltdio.sys   Mon Jul 13 20:08:50 2009 (4A5BCC92)
fffff880`06400000 fffff880`06423000   luafv    luafv.sys    Mon Jul 13 19:26:13 2009 (4A5BC295)
fffff880`00c20000 fffff880`00c2d000   mcupdate_AuthenticAMD mcupdate_AuthenticAMD.dll Mon Jul 13 21:29:09 2009 (4A5BDF65)
fffff880`067e4000 fffff880`067f2000   monitor  monitor.sys  Mon Jul 13 19:38:52 2009 (4A5BC58C)
fffff880`043b3000 fffff880`043c2000   mouclass mouclass.sys Mon Jul 13 19:19:50 2009 (4A5BC116)
fffff880`06703000 fffff880`06710000   mouhid   mouhid.sys   Mon Jul 13 20:00:20 2009 (4A5BCA94)
fffff880`00e73000 fffff880`00e8d000   mountmgr mountmgr.sys Mon Jul 13 19:19:54 2009 (4A5BC11A)
fffff880`02d28000 fffff880`02d55000   MpFilter MpFilter.sys Sat Mar 20 01:58:08 2010 (4BA463F0)
fffff880`035e7000 fffff880`035f7000   MpNWMon  MpNWMon.sys  Sat Mar 20 01:58:00 2010 (4BA463E8)
fffff880`035cf000 fffff880`035e7000   mpsdrv   mpsdrv.sys   Mon Jul 13 20:08:25 2009 (4A5BCC79)
fffff880`03400000 fffff880`0342d000   mrxsmb   mrxsmb.sys   Sat Feb 27 02:52:19 2010 (4B88CF33)
fffff880`04db1000 fffff880`04dff000   mrxsmb10 mrxsmb10.sys Sat Feb 27 02:52:28 2010 (4B88CF3C)
fffff880`0342d000 fffff880`03450000   mrxsmb20 mrxsmb20.sys Sat Feb 27 02:52:26 2010 (4B88CF3A)
fffff880`02dc3000 fffff880`02dce000   Msfs     Msfs.SYS     Mon Jul 13 19:19:47 2009 (4A5BC113)
fffff880`01057000 fffff880`01061000   msisadrv msisadrv.sys Mon Jul 13 19:19:26 2009 (4A5BC0FE)
fffff880`012e0000 fffff880`0133e000   msrpc    msrpc.sys    Mon Jul 13 19:21:32 2009 (4A5BC17C)
fffff880`03b19000 fffff880`03b24000   mssmbios mssmbios.sys Mon Jul 13 19:31:10 2009 (4A5BC3BE)
fffff880`016dd000 fffff880`016ef000   mup      mup.sys      Mon Jul 13 19:23:45 2009 (4A5BC201)
fffff880`016f1000 fffff880`017e3000   ndis     ndis.sys     Mon Jul 13 19:21:40 2009 (4A5BC184)
fffff880`03c8f000 fffff880`03c9b000   ndistapi ndistapi.sys Mon Jul 13 20:10:00 2009 (4A5BCCD8)
fffff880`034be000 fffff880`034d1000   ndisuio  ndisuio.sys  Mon Jul 13 20:09:25 2009 (4A5BCCB5)
fffff880`03c9b000 fffff880`03cca000   ndiswan  ndiswan.sys  Mon Jul 13 20:10:11 2009 (4A5BCCE3)
fffff880`04d00000 fffff880`04d15000   NDProxy  NDProxy.SYS  Mon Jul 13 20:10:05 2009 (4A5BCCDD)
fffff880`03a7e000 fffff880`03a8d000   netbios  netbios.sys  Mon Jul 13 20:09:26 2009 (4A5BCCB6)
fffff880`02c97000 fffff880`02cdc000   netbt    netbt.sys    Mon Jul 13 19:21:28 2009 (4A5BC178)
fffff880`01600000 fffff880`01660000   NETIO    NETIO.SYS    Mon Jul 13 19:21:46 2009 (4A5BC18A)
fffff880`02dce000 fffff880`02ddf000   Npfs     Npfs.SYS     Mon Jul 13 19:19:48 2009 (4A5BC114)
fffff880`03b0d000 fffff880`03b19000   nsiproxy nsiproxy.sys Mon Jul 13 19:21:02 2009 (4A5BC15E)
fffff800`04058000 fffff800`04634000   nt       ntkrnlmp.exe Sat Jun 19 00:16:41 2010 (4C1C44A9)
fffff880`01437000 fffff880`015da000   Ntfs     Ntfs.sys     Mon Jul 13 19:20:47 2009 (4A5BC14F)
fffff880`02d55000 fffff880`02d5e000   Null     Null.SYS     Mon Jul 13 19:19:37 2009 (4A5BC109)
fffff880`0346b000 fffff880`034be000   nwifi    nwifi.sys    Mon Jul 13 20:07:23 2009 (4A5BCC3B)
fffff880`03a42000 fffff880`03a68000   pacer    pacer.sys    Mon Jul 13 20:09:41 2009 (4A5BCCC5)
fffff880`0106e000 fffff880`01083000   partmgr  partmgr.sys  Mon Jul 13 19:19:58 2009 (4A5BC11E)
fffff880`00f8d000 fffff880`00fc0000   pci      pci.sys      Mon Jul 13 19:19:51 2009 (4A5BC117)
fffff880`00e5c000 fffff880`00e63000   pciide   pciide.sys   Mon Jul 13 19:19:49 2009 (4A5BC115)
fffff880`00e63000 fffff880`00e73000   PCIIDEX  PCIIDEX.SYS  Mon Jul 13 19:19:48 2009 (4A5BC114)
fffff880`01400000 fffff880`01411000   pcw      pcw.sys      Mon Jul 13 19:19:27 2009 (4A5BC0FF)
fffff880`06af3000 fffff880`06b99000   peauth   peauth.sys   Mon Jul 13 21:01:19 2009 (4A5BD8DF)
fffff880`04d4c000 fffff880`04d89000   portcls  portcls.sys  Mon Jul 13 20:06:27 2009 (4A5BCC03)
fffff880`00c2d000 fffff880`00c41000   PSHED    PSHED.dll    Mon Jul 13 21:32:23 2009 (4A5BE027)
fffff880`012d4000 fffff880`012dfe00   PxHlpa64 PxHlpa64.sys Tue Jun 23 19:16:35 2009 (4A416253)
fffff880`03c6b000 fffff880`03c8f000   rasl2tp  rasl2tp.sys  Mon Jul 13 20:10:11 2009 (4A5BCCE3)
fffff880`03cca000 fffff880`03ce5000   raspppoe raspppoe.sys Mon Jul 13 20:10:17 2009 (4A5BCCE9)
fffff880`043c2000 fffff880`043e3000   raspptp  raspptp.sys  Mon Jul 13 20:10:18 2009 (4A5BCCEA)
fffff880`043e3000 fffff880`043fd000   rassstp  rassstp.sys  Mon Jul 13 20:10:25 2009 (4A5BCCF1)
fffff880`03abc000 fffff880`03b0d000   rdbss    rdbss.sys    Mon Jul 13 19:24:09 2009 (4A5BC219)
fffff880`02da8000 fffff880`02db1000   RDPCDD   RDPCDD.sys   Mon Jul 13 20:16:34 2009 (4A5BCE62)
fffff880`02db1000 fffff880`02dba000   rdpencdd rdpencdd.sys Mon Jul 13 20:16:34 2009 (4A5BCE62)
fffff880`02dba000 fffff880`02dc3000   rdprefmp rdprefmp.sys Mon Jul 13 20:16:35 2009 (4A5BCE63)
fffff880`01200000 fffff880`0123a000   rdyboost rdyboost.sys Mon Jul 13 19:34:34 2009 (4A5BC48A)
fffff880`034d1000 fffff880`034e9000   rspndr   rspndr.sys   Mon Jul 13 20:08:50 2009 (4A5BCC92)
fffff880`0455f000 fffff880`045b6000   Rt64win7 Rt64win7.sys Thu Mar 04 08:42:52 2010 (4B8FB8DC)
fffff880`04d15000 fffff880`04d4bd80   RtHDMIVX RtHDMIVX.sys Tue Jan 26 22:04:58 2010 (4B5FAD5A)
fffff880`064a1000 fffff880`066d0800   RTKVHD64 RTKVHD64.sys Wed Mar 17 04:49:15 2010 (4BA0978B)
fffff880`0675b000 fffff880`06799000   RtsUStor RtsUStor.sys Thu Mar 11 22:23:06 2010 (4B99B39A)
fffff880`011cd000 fffff880`011fc000   SCSIPORT SCSIPORT.SYS Mon Jul 13 20:01:04 2009 (4A5BCAC0)
fffff880`06b99000 fffff880`06ba4000   secdrv   secdrv.SYS   Wed Sep 13 09:18:38 2006 (4508052E)
fffff880`04a4b000 fffff880`04a4df00   SFEP     SFEP.sys     Fri Nov 27 00:39:13 2009 (4B0F6601)
fffff880`06a00000 fffff880`06ab7000   Sftfslh  Sftfslh.sys  Fri Apr 23 15:20:30 2010 (4BD1F2FE)
fffff880`06ba4000 fffff880`06bf1000   Sftplaylh Sftplaylh.sys Fri Apr 23 15:20:28 2010 (4BD1F2FC)
fffff880`06423000 fffff880`0642e000   Sftvollh Sftvollh.sys Fri Apr 23 15:20:08 2010 (4BD1F2E8)
fffff880`016d5000 fffff880`016dd000   spldr    spldr.sys    Mon May 11 12:56:27 2009 (4A0858BB)
fffff880`0109e000 fffff880`011c4000   sptd     sptd.sys     Sun Oct 11 16:55:14 2009 (4AD24632)
fffff880`08547000 fffff880`085dd000   srv      srv.sys      Thu Aug 26 23:38:00 2010 (4C773318)
fffff880`084e0000 fffff880`08547000   srv2     srv2.sys     Thu Aug 26 23:37:46 2010 (4C77330A)
fffff880`06ab7000 fffff880`06ae4000   srvnet   srvnet.sys   Thu Aug 26 23:37:24 2010 (4C7732F4)
fffff880`00d5f000 fffff880`00dc1000   storport storport.sys Mon Jul 13 20:01:18 2009 (4A5BCACE)
fffff880`04bf7000 fffff880`04bf8480   swenum   swenum.sys   Mon Jul 13 20:00:18 2009 (4A5BCA92)
fffff880`01802000 fffff880`019ff000   tcpip    tcpip.sys    Sun Jun 13 23:39:04 2010 (4C15A458)
fffff880`03450000 fffff880`03462000   tcpipreg tcpipreg.sys Mon Jul 13 20:09:49 2009 (4A5BCCCD)
fffff880`02c00000 fffff880`02c0d000   TDI      TDI.SYS      Mon Jul 13 19:21:18 2009 (4A5BC16E)
fffff880`02ddf000 fffff880`02dfd000   tdx      tdx.sys      Mon Jul 13 19:21:15 2009 (4A5BC16B)
fffff880`03aa8000 fffff880`03abc000   termdd   termdd.sys   Mon Jul 13 20:16:36 2009 (4A5BCE64)
fffff960`00480000 fffff960`0048a000   TSDDD    TSDDD.dll    unavailable (00000000)
fffff880`03b62000 fffff880`03b88000   tunnel   tunnel.sys   Mon Jul 13 20:09:37 2009 (4A5BCCC1)
fffff880`04c94000 fffff880`04ca6000   umbus    umbus.sys    Mon Jul 13 20:06:56 2009 (4A5BCC20)
fffff880`06710000 fffff880`0672d000   usbccgp  usbccgp.sys  Mon Jul 13 20:06:45 2009 (4A5BCC15)
fffff880`06701000 fffff880`06702f00   USBD     USBD.SYS     Mon Jul 13 20:06:23 2009 (4A5BCBFF)
fffff880`04a0d000 fffff880`04a1e000   usbehci  usbehci.sys  Mon Jul 13 20:06:30 2009 (4A5BCC06)
fffff880`04a00000 fffff880`04a0d000   usbfilter usbfilter.sys Tue Dec 22 03:26:22 2009 (4B3082AE)
fffff880`04ca6000 fffff880`04d00000   usbhub   usbhub.sys   Mon Jul 13 20:07:09 2009 (4A5BCC2D)
fffff880`04bec000 fffff880`04bf7000   usbohci  usbohci.sys  Mon Jul 13 20:06:30 2009 (4A5BCC06)
fffff880`0435d000 fffff880`043b3000   USBPORT  USBPORT.SYS  Mon Jul 13 20:06:31 2009 (4A5BCC07)
fffff880`0672d000 fffff880`0675a200   usbvideo usbvideo.sys Wed Mar 03 23:40:57 2010 (4B8F39D9)
fffff880`01061000 fffff880`0106e000   vdrvroot vdrvroot.sys Mon Jul 13 20:01:31 2009 (4A5BCADB)
fffff880`02d65000 fffff880`02d73000   vga      vga.sys      Mon Jul 13 19:38:47 2009 (4A5BC587)
fffff880`02d73000 fffff880`02d98000   VIDEOPRT VIDEOPRT.SYS Mon Jul 13 19:38:51 2009 (4A5BC58B)
fffff880`00fc0000 fffff880`00fd5000   volmgr   volmgr.sys   Mon Jul 13 19:19:57 2009 (4A5BC11D)
fffff880`00e00000 fffff880`00e5c000   volmgrx  volmgrx.sys  Mon Jul 13 19:20:33 2009 (4A5BC141)
fffff880`013b1000 fffff880`013fd000   volsnap  volsnap.sys  Mon Jul 13 19:20:08 2009 (4A5BC128)
fffff880`04bd2000 fffff880`04bdf000   vwifibus vwifibus.sys Mon Jul 13 20:07:21 2009 (4A5BCC39)
fffff880`03a68000 fffff880`03a7e000   vwififlt vwififlt.sys Mon Jul 13 20:07:22 2009 (4A5BCC3A)
fffff880`03a8d000 fffff880`03aa8000   wanarp   wanarp.sys   Mon Jul 13 20:10:21 2009 (4A5BCCED)
fffff880`02d98000 fffff880`02da8000   watchdog watchdog.sys Mon Jul 13 19:37:35 2009 (4A5BC53F)
fffff880`00eda000 fffff880`00f7e000   Wdf01000 Wdf01000.sys Mon Jul 13 19:22:07 2009 (4A5BC19F)
fffff880`00f7e000 fffff880`00f8d000   WDFLDR   WDFLDR.SYS   Mon Jul 13 19:19:54 2009 (4A5BC11A)
fffff880`02cdc000 fffff880`02ce5000   wfplwf   wfplwf.sys   Mon Jul 13 20:09:26 2009 (4A5BCCB6)
fffff960`000b0000 fffff960`003bf000   win32k   win32k.sys   unavailable (00000000)
fffff880`011c4000 fffff880`011cd000   WMILIB   WMILIB.SYS   Mon Jul 13 19:19:51 2009 (4A5BC117)
fffff880`0642e000 fffff880`0644f000   WudfPf   WudfPf.sys   Mon Jul 13 20:05:37 2009 (4A5BCBD1)

Unloaded modules:
fffff880`00fe0000 fffff880`00fee000   crashdmp.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
fffff880`017f4000 fffff880`017fe000   dump_storpor
    Timestamp: unavailable (00000000)
    Checksum:  00000000
fffff880`00c00000 fffff880`00c14000   dump_amdsata
    Timestamp: unavailable (00000000)
    Checksum:  00000000
fffff880`02ceb000 fffff880`02cfe000   dump_dumpfve
    Timestamp: unavailable (00000000)
    Checksum:  00000000

I find an almost guaranteed cause of BSOD's on your system:

Quote:

Please uninstall any CD virtualization programs such as Daemon Tools and Alcohol 120%. They use a driver, found in your dump, sptd.sys, that is notorious for causing BSODs. Use this SPTD uninstaller when you're done: DuplexSecure - Downloads. Select delete; do not select reinstall.
Here is an alternative virtualization program that does not user the sptd.sys driver:
Freeware MagicISO Virtual CD/DVD-ROM(MagicDisc) Overview

I find two outdated third party drivers loaded on your system. Older drivers can and do cause memory corruption and BSOD's. Update these drivers.

Quote:

AtiPcie.sys Tue May 05 11:00:22 2009 - ATI PCIE Driver for ATI PCIE chipset, Global Provider of Innovative Graphics, Processors and Media Solutions | AMD

PxHlpa64.sys Tue Jun 23 19:16:35 2009 - Sonic CD/DVD driver (used by many different CD/DVD programs) pxHelp20.sys programs
Go to C:\Windows\System32\drivers and rename PxHlpa64.sys to PxHlpa64.BAK
This will break your CD/DVD program, but can easily be renamed after we've finished.

Uninstall Daemon Tools, then uninstall sptd.sys, update the two drivers, reboot and let's see how your system does. If you get another BSOD, upload the dump to us and test your RAM with Memtest. Follow the instructions in this tutorial.

RAM - Test with Memtest86+

Post the results of Memtest.

southernkimchee · 25 Oct 2010

I'm not sure if I'm updating the AtiPcie.sys driver correctly. I went to my manufacturer's (Sony) website and downloaded the AMD USB filter driver, but in my device manager, the driver date states that it's still on 7/15/2009, when in fact the AtiPcie.sys in C:\Windows\system32\drivers states that it's been last modified in 4/6/2010.

I did go on to uninstalling my Daemon Tools though, but i continued to get BSODs.

I don't think my laptop is clean of viruses too because I think I have what people call, the "google redirect virus".
I did run scans with MSE and Malwarebyte's though, but it wouldn't pick up anything.

I'll be running the Memtest tonight when I go to sleep, but here are some dumps.

CarlTR6 · 25 Oct 2010

Good job on uninstalling Daemon Tools. I looked at your four dumps from today. They all have the same error code, A.

Quote:

Error code A (4X), IRQL_NOT_LESS_OR_EQUAL. Usual causes: Kernel mode driver, System Service, BIOS, Windows, Virus scanner, Backup tool, compatibility.

You dump is still showing AtiPcie.sys Tue May 05 11:00:22 2009. All of the rest of your drivers appear to be up to date. Before we start testing hardware, you should make sure your system is truly clean. To do that, I suggest you start another thread in the System Security section. You can give reference to this thread and give them the information about what infections you had and what you think you have. There are some real pros in that section. Once your system is clean, come back to this thread and we will start checking hardware.

southernkimchee · 26 Oct 2010

Alright, will do. Thanks for the quick replies!

CarlTR6 · 26 Oct 2010

You are welcome. When you come back to this thread and if I don't see your post, send me a Visitors Message or a Private Message. Wishing you the best.

Windows 7: Constant BSODs! Please help!

Constant BSODs! Please help! problems?