Constant & intermittent BSOD


  1. Posts : 3
    Windows 7 home Premium 64x
       #1

    Constant & intermittent BSOD


    Please I appeal for help for my sons PC.
    The problem seemed to start with a Wndows update sometime mid April. Crashes always on installing updates. Sometimes it will install the updates - restart and then say they all failed.
    Have run memory check which returns okay.

    PackardBell Touch screen
    Windows 7 Home Premium x64
    Oem pre-installed - never re-installed.
    New system 5 months old.

    Windows_nt6 and permon attached

    Thank you
      My Computer


  2. Posts : 2,009
    Windows 7 Ultimate x86
       #2

    Hi Roger and welcome to SF
    Most dumps blame
    Code:
    ataport.SYS  Mon Jul 13 19:19:52 2009 (4A5BC118)
    for the crash, Which is the ATAPI Port Extension which seem to indicate defective hardware (most likely RAM).

    I would first install SP1 (if update fails, download the standalone version.)

    Learn how to install Windows 7 Service Pack 1 (SP1)

    and then run a memory check with this (just do 1 RAM stick at a time like explained in point 3)

    RAM - Test with Memtest86+

    Code:
    Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
    Copyright (c) Microsoft Corporation. All rights reserved.
    
    
    Loading Dump File [C:\Users\David\Desktop\BSODs\RogerD\052011-20436-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available
    
    Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
    Executable search path is: 
    Windows 7 Kernel Version 7600 MP (2 procs) Free x64
    Product: WinNt, suite: TerminalServer SingleUserTS Personal
    Built by: 7600.16792.amd64fre.win7_gdr.110408-1633
    Machine Name:
    Kernel base = 0xfffff800`02a10000 PsLoadedModuleList = 0xfffff800`02c4de50
    Debug session time: Thu May 19 19:16:04.621 2011 (GMT-4)
    System Uptime: 0 days 0:33:30.588
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    ................
    Loading User Symbols
    Loading unloaded module list
    .....
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    Use !analyze -v to get detailed debugging information.
    
    BugCheck D1, {fffff8800a6ed3e8, 2, 1, fffff88000dbc074}
    
    Probably caused by : ataport.SYS ( ataport!memmove+64 )
    
    Followup: MachineOwner
    ---------
    
    1: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
    An attempt was made to access a pageable (or completely invalid) address at an
    interrupt request level (IRQL) that is too high.  This is usually
    caused by drivers using improper addresses.
    If kernel debugger is available get stack backtrace.
    Arguments:
    Arg1: fffff8800a6ed3e8, memory referenced
    Arg2: 0000000000000002, IRQL
    Arg3: 0000000000000001, value 0 = read operation, 1 = write operation
    Arg4: fffff88000dbc074, address which referenced memory
    
    Debugging Details:
    ------------------
    
    
    WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff80002cb80e0
     fffff8800a6ed3e8 
    
    CURRENT_IRQL:  2
    
    FAULTING_IP: 
    ataport!memmove+64
    fffff880`00dbc074 488901          mov     qword ptr [rcx],rax
    
    CUSTOMER_CRASH_COUNT:  1
    
    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
    
    BUGCHECK_STR:  0xD1
    
    PROCESS_NAME:  System
    
    TRAP_FRAME:  fffff88002f1b900 -- (.trap 0xfffff88002f1b900)
    NOTE: The trap frame does not contain all registers.
    Some register values may be zeroed or incorrect.
    rax=0000000000000000 rbx=0000000000000000 rcx=fffff8800a6ed3e8
    rdx=000001fffa125d20 rsi=0000000000000000 rdi=0000000000000000
    rip=fffff88000dbc074 rsp=fffff88002f1ba98 rbp=fffffa800473b1b0
     r8=0000000000000012  r9=0000000000000002 r10=fffffa800479d610
    r11=fffff8800a6ed3e8 r12=0000000000000000 r13=0000000000000000
    r14=0000000000000000 r15=0000000000000000
    iopl=0         nv up ei pl nz na pe nc
    ataport!memmove+0x64:
    fffff880`00dbc074 488901          mov     qword ptr [rcx],rax ds:d6a8:fffff880`0a6ed3e8=????????????????
    Resetting default scope
    
    LAST_CONTROL_TRANSFER:  from fffff80002a7fc69 to fffff80002a80700
    
    STACK_TEXT:  
    fffff880`02f1b7b8 fffff800`02a7fc69 : 00000000`0000000a fffff880`0a6ed3e8 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
    fffff880`02f1b7c0 fffff800`02a7e8e0 : fffffa80`04c75800 00000000`00000002 00000000`0001f6f5 00000000`00000001 : nt!KiBugCheckDispatch+0x69
    fffff880`02f1b900 fffff880`00dbc074 : fffff880`00db54a5 fffffa80`0479c1a0 fffffa80`04c75800 00000000`00000000 : nt!KiPageFault+0x260
    fffff880`02f1ba98 fffff880`00db54a5 : fffffa80`0479c1a0 fffffa80`04c75800 00000000`00000000 ffffffff`ffffffff : ataport!memmove+0x64
    fffff880`02f1baa0 fffff880`00db50ec : fffffa80`0479c1a0 00000000`00000000 fffffa80`0479c1a0 fffffa80`04e4bb80 : ataport!IdeProcessCompletedRequests+0x18d
    fffff880`02f1bbd0 fffff800`02a8bc0c : fffff880`009e7180 00000001`0d3a508a fffffa80`0479c050 fffffa80`0479c118 : ataport!IdePortCompletionDpc+0x1a8
    fffff880`02f1bc90 fffff800`02a88eea : fffff880`009e7180 fffff880`009f1f40 00000000`00000000 fffff880`00db4f44 : nt!KiRetireDpcList+0x1bc
    fffff880`02f1bd40 00000000`00000000 : fffff880`02f1c000 fffff880`02f16000 fffff880`02f1bd00 00000000`00000000 : nt!KiIdleLoop+0x5a
    
    
    STACK_COMMAND:  kb
    
    FOLLOWUP_IP: 
    ataport!memmove+64
    fffff880`00dbc074 488901          mov     qword ptr [rcx],rax
    
    SYMBOL_STACK_INDEX:  3
    
    SYMBOL_NAME:  ataport!memmove+64
    
    FOLLOWUP_NAME:  MachineOwner
    
    MODULE_NAME: ataport
    
    IMAGE_NAME:  ataport.SYS
    
    DEBUG_FLR_IMAGE_TIMESTAMP:  4a5bc118
    
    FAILURE_BUCKET_ID:  X64_0xD1_ataport!memmove+64
    
    BUCKET_ID:  X64_0xD1_ataport!memmove+64
    
    Followup: MachineOwner
    ---------
    
    1: kd> lmntsm
    start             end                 module name
    fffff880`00e00000 fffff880`00e57000   ACPI     ACPI.sys     Mon Jul 13 19:19:34 2009 (4A5BC106)
    fffff880`02cc4000 fffff880`02d4e000   afd      afd.sys      Mon Jul 13 19:21:40 2009 (4A5BC184)
    fffff880`045e7000 fffff880`045fd000   AgileVpn AgileVpn.sys Mon Jul 13 20:10:24 2009 (4A5BCCF0)
    fffff880`00dee000 fffff880`00df9000   amdxata  amdxata.sys  Tue May 19 13:56:59 2009 (4A12F2EB)
    fffff880`00ff1000 fffff880`00ffa000   atapi    atapi.sys    Mon Jul 13 19:19:47 2009 (4A5BC113)
    fffff880`00da9000 fffff880`00dd3000   ataport  ataport.SYS  Mon Jul 13 19:19:52 2009 (4A5BC118)
    fffff880`01948000 fffff880`0194f000   Beep     Beep.SYS     Mon Jul 13 20:00:13 2009 (4A5BCA8D)
    fffff880`02de7000 fffff880`02df8000   blbdrive blbdrive.sys Mon Jul 13 19:35:59 2009 (4A5BC4DF)
    fffff880`0278e000 fffff880`027ac000   bowser   bowser.sys   Mon Jul 13 19:23:50 2009 (4A5BC206)
    fffff960`00770000 fffff960`00797000   cdd      cdd.dll      unavailable (00000000)
    fffff880`018e4000 fffff880`0190e000   cdrom    cdrom.sys    Mon Jul 13 19:19:54 2009 (4A5BC11A)
    fffff880`00e7e000 fffff880`00f3e000   CI       CI.dll       Mon Jul 13 21:32:13 2009 (4A5BE01D)
    fffff880`0187c000 fffff880`018ac000   CLASSPNP CLASSPNP.SYS Mon Jul 13 19:19:58 2009 (4A5BC11E)
    fffff880`00cee000 fffff880`00d4c000   CLFS     CLFS.SYS     Mon Jul 13 19:19:57 2009 (4A5BC11D)
    fffff880`0113b000 fffff880`011ae000   cng      cng.sys      Mon Jul 13 19:49:40 2009 (4A5BC814)
    fffff880`049db000 fffff880`049eb000   CompositeBus CompositeBus.sys Mon Jul 13 20:00:33 2009 (4A5BCAA1)
    fffff880`06b15000 fffff880`06b23000   crashdmp crashdmp.sys Mon Jul 13 20:01:01 2009 (4A5BCABD)
    fffff880`02ca6000 fffff880`02cc4000   dfsc     dfsc.sys     Mon Jul 13 19:23:44 2009 (4A5BC200)
    fffff880`02c97000 fffff880`02ca6000   discache discache.sys Mon Jul 13 19:37:18 2009 (4A5BC52E)
    fffff880`0121b000 fffff880`01231000   disk     disk.sys     Mon Jul 13 19:19:57 2009 (4A5BC11D)
    fffff880`06ae1000 fffff880`06b03000   drmk     drmk.sys     Mon Jul 13 21:01:25 2009 (4A5BD8E5)
    fffff880`06b23000 fffff880`06b2f000   dump_dumpata dump_dumpata.sys Mon Jul 13 19:19:47 2009 (4A5BC113)
    fffff880`06b3a000 fffff880`06b4d000   dump_dumpfve dump_dumpfve.sys Mon Jul 13 19:21:51 2009 (4A5BC18F)
    fffff880`06b2f000 fffff880`06b3a000   dump_msahci dump_msahci.sys Mon Jul 13 20:01:01 2009 (4A5BCABD)
    fffff880`06b09000 fffff880`06b15000   Dxapi    Dxapi.sys    Mon Jul 13 19:38:28 2009 (4A5BC574)
    fffff880`04439000 fffff880`0452d000   dxgkrnl  dxgkrnl.sys  Tue Jan 25 23:22:56 2011 (4D3FA1A0)
    fffff880`0452d000 fffff880`04573000   dxgmms1  dxgmms1.sys  Tue Jan 25 23:22:12 2011 (4D3FA174)
    fffff880`010c9000 fffff880`010dd000   fileinfo fileinfo.sys Mon Jul 13 19:34:25 2009 (4A5BC481)
    fffff880`0107d000 fffff880`010c9000   fltmgr   fltmgr.sys   Mon Jul 13 19:19:59 2009 (4A5BC11F)
    fffff880`01211000 fffff880`0121b000   Fs_Rec   Fs_Rec.sys   Mon Jul 13 19:19:45 2009 (4A5BC111)
    fffff880`0103a000 fffff880`01074000   fvevol   fvevol.sys   Mon Jul 13 19:22:15 2009 (4A5BC1A7)
    fffff880`0148b000 fffff880`014d5000   fwpkclnt fwpkclnt.sys Mon Jul 13 19:21:08 2009 (4A5BC164)
    fffff800`02fec000 fffff800`03035000   hal      hal.dll      Mon Jul 13 21:27:36 2009 (4A5BDF08)
    fffff880`04400000 fffff880`04424000   HDAudBus HDAudBus.sys Mon Jul 13 20:06:13 2009 (4A5BCBF5)
    fffff880`04a00000 fffff880`04a5c000   HdAudio  HdAudio.sys  Mon Jul 13 20:06:59 2009 (4A5BCC23)
    fffff880`06bb6000 fffff880`06bcf000   HIDCLASS HIDCLASS.SYS Mon Jul 13 20:06:21 2009 (4A5BCBFD)
    fffff880`06bcf000 fffff880`06bd7080   HIDPARSE HIDPARSE.SYS Mon Jul 13 20:06:17 2009 (4A5BCBF9)
    fffff880`06ba8000 fffff880`06bb6000   hidusb   hidusb.sys   Mon Jul 13 20:06:22 2009 (4A5BCBFE)
    fffff880`026c6000 fffff880`0278e000   HTTP     HTTP.sys     Mon Jul 13 19:22:16 2009 (4A5BC1A8)
    fffff880`015eb000 fffff880`015f4000   hwpolicy hwpolicy.sys Mon Jul 13 19:19:22 2009 (4A5BC0FA)
    fffff880`03a0e000 fffff880`043e5a80   igdkmd64 igdkmd64.sys Tue Mar 23 15:34:56 2010 (4BA917E0)
    fffff880`01826000 fffff880`0183c000   intelppm intelppm.sys Mon Jul 13 19:19:25 2009 (4A5BC0FD)
    fffff880`0483d000 fffff880`0489f000   itecir   itecir.sys   Tue Jul 13 05:50:47 2010 (4C3C36F7)
    fffff880`049c5000 fffff880`049d2000   ITECIRfilter ITECIRfilter.sys Tue Mar 22 03:24:41 2011 (4D884EB9)
    fffff880`0496f000 fffff880`04996000   jmcr     jmcr.sys     Thu Jul 09 08:45:19 2009 (4A55E65F)
    fffff880`04af9000 fffff880`04b08000   kbdclass kbdclass.sys Mon Jul 13 19:19:50 2009 (4A5BC116)
    fffff880`06bd8000 fffff880`06be6000   kbdhid   kbdhid.sys   Mon Jul 13 20:00:20 2009 (4A5BCA94)
    fffff800`00ba6000 fffff800`00ba9000   kdcom    kdcom.dll    Fri Apr 15 07:52:32 2011 (4DA83180)
    fffff880`04b19000 fffff880`04b5c000   ks       ks.sys       Mon Jul 13 20:00:31 2009 (4A5BCA9F)
    fffff880`013de000 fffff880`013f8000   ksecdd   ksecdd.sys   Mon Jul 13 19:20:54 2009 (4A5BC156)
    fffff880`01460000 fffff880`0148b000   ksecpkg  ksecpkg.sys  Mon Jul 13 19:50:34 2009 (4A5BC84A)
    fffff880`06b03000 fffff880`06b08200   ksthunk  ksthunk.sys  Mon Jul 13 20:00:19 2009 (4A5BCA93)
    fffff880`06a44000 fffff880`06a59000   lltdio   lltdio.sys   Mon Jul 13 20:08:50 2009 (4A5BCC92)
    fffff880`06a00000 fffff880`06a23000   luafv    luafv.sys    Mon Jul 13 19:26:13 2009 (4A5BC295)
    fffff880`00c96000 fffff880`00cda000   mcupdate_GenuineIntel mcupdate_GenuineIntel.dll Mon Jul 13 21:29:10 2009 (4A5BDF66)
    fffff880`06b4d000 fffff880`06b5b000   monitor  monitor.sys  Mon Jul 13 19:38:52 2009 (4A5BC58C)
    fffff880`04b08000 fffff880`04b17000   mouclass mouclass.sys Mon Jul 13 19:19:50 2009 (4A5BC116)
    fffff880`06be6000 fffff880`06bf3000   mouhid   mouhid.sys   Mon Jul 13 20:00:20 2009 (4A5BCA94)
    fffff880`00c5c000 fffff880`00c76000   mountmgr mountmgr.sys Mon Jul 13 19:19:54 2009 (4A5BC11A)
    fffff880`0190e000 fffff880`0193f000   MpFilter MpFilter.sys Tue Sep 14 20:19:28 2010 (4C901110)
    fffff880`027ac000 fffff880`027c4000   mpsdrv   mpsdrv.sys   Mon Jul 13 20:08:25 2009 (4A5BCC79)
    fffff880`027c4000 fffff880`027f1000   mrxsmb   mrxsmb.sys   Thu Jan 07 22:38:26 2010 (4B46A8B2)
    fffff880`02ac6000 fffff880`02b13000   mrxsmb10 mrxsmb10.sys Thu Jan 07 22:38:32 2010 (4B46A8B8)
    fffff880`02b13000 fffff880`02b36000   mrxsmb20 mrxsmb20.sys Mon Jul 13 19:24:05 2009 (4A5BC215)
    fffff880`00dd3000 fffff880`00dde000   msahci   msahci.sys   Mon Jul 13 20:01:01 2009 (4A5BCABD)
    fffff880`019ad000 fffff880`019b8000   Msfs     Msfs.SYS     Mon Jul 13 19:19:47 2009 (4A5BC113)
    fffff880`00e60000 fffff880`00e6a000   msisadrv msisadrv.sys Mon Jul 13 19:19:26 2009 (4A5BC0FE)
    fffff880`010dd000 fffff880`0113b000   msrpc    msrpc.sys    Mon Jul 13 19:21:32 2009 (4A5BC17C)
    fffff880`02c8c000 fffff880`02c97000   mssmbios mssmbios.sys Mon Jul 13 19:31:10 2009 (4A5BC3BE)
    fffff880`015d9000 fffff880`015eb000   mup      mup.sys      Mon Jul 13 19:23:45 2009 (4A5BC201)
    fffff880`014e7000 fffff880`015d9000   ndis     ndis.sys     Mon Jul 13 19:21:40 2009 (4A5BC184)
    fffff880`049eb000 fffff880`049f7000   ndistapi ndistapi.sys Mon Jul 13 20:10:00 2009 (4A5BCCD8)
    fffff880`0269b000 fffff880`026ae000   ndisuio  ndisuio.sys  Mon Jul 13 20:09:25 2009 (4A5BCCB5)
    fffff880`04a74000 fffff880`04aa3000   ndiswan  ndiswan.sys  Mon Jul 13 20:10:11 2009 (4A5BCCE3)
    fffff880`04bc8000 fffff880`04bdd000   NDProxy  NDProxy.SYS  Mon Jul 13 20:10:05 2009 (4A5BCCDD)
    fffff880`02dd8000 fffff880`02de7000   netbios  netbios.sys  Mon Jul 13 20:09:26 2009 (4A5BCCB6)
    fffff880`02d4e000 fffff880`02d93000   netbt    netbt.sys    Mon Jul 13 19:21:28 2009 (4A5BC178)
    fffff880`01400000 fffff880`01460000   NETIO    NETIO.SYS    Thu Apr 08 22:43:59 2010 (4BBE946F)
    fffff880`038a9000 fffff880`038be000   NisDrvWFP NisDrvWFP.sys Tue Sep 14 20:20:25 2010 (4C901149)
    fffff880`019b8000 fffff880`019c9000   Npfs     Npfs.SYS     Mon Jul 13 19:19:48 2009 (4A5BC114)
    fffff880`02c80000 fffff880`02c8c000   nsiproxy nsiproxy.sys Mon Jul 13 19:21:02 2009 (4A5BC15E)
    fffff800`02a10000 fffff800`02fec000   nt       ntkrnlmp.exe Sat Apr 09 00:14:44 2011 (4D9FDD34)
    fffff880`0123b000 fffff880`013de000   Ntfs     Ntfs.sys     Mon Jul 13 19:20:47 2009 (4A5BC14F)
    fffff880`0193f000 fffff880`01948000   Null     Null.SYS     Mon Jul 13 19:19:37 2009 (4A5BC109)
    fffff880`02648000 fffff880`0269b000   nwifi    nwifi.sys    Mon Jul 13 20:07:23 2009 (4A5BCC3B)
    fffff880`02d9c000 fffff880`02dc2000   pacer    pacer.sys    Mon Jul 13 20:09:41 2009 (4A5BCCC5)
    fffff880`00d7f000 fffff880`00d94000   partmgr  partmgr.sys  Mon Jul 13 19:19:58 2009 (4A5BC11E)
    fffff880`00d4c000 fffff880`00d7f000   pci      pci.sys      Mon Jul 13 19:19:51 2009 (4A5BC117)
    fffff880`00dde000 fffff880`00dee000   PCIIDEX  PCIIDEX.SYS  Mon Jul 13 19:19:48 2009 (4A5BC114)
    fffff880`01200000 fffff880`01211000   pcw      pcw.sys      Mon Jul 13 19:19:27 2009 (4A5BC0FF)
    fffff880`02b36000 fffff880`02bdc000   peauth   peauth.sys   Mon Jul 13 21:01:19 2009 (4A5BD8DF)
    fffff880`06aa4000 fffff880`06ae1000   portcls  portcls.sys  Mon Jul 13 20:06:27 2009 (4A5BCC03)
    fffff880`00cda000 fffff880`00cee000   PSHED    PSHED.dll    Mon Jul 13 21:32:23 2009 (4A5BE027)
    fffff880`0183c000 fffff880`01860000   rasl2tp  rasl2tp.sys  Mon Jul 13 20:10:11 2009 (4A5BCCE3)
    fffff880`04aa3000 fffff880`04abe000   raspppoe raspppoe.sys Mon Jul 13 20:10:17 2009 (4A5BCCE9)
    fffff880`04abe000 fffff880`04adf000   raspptp  raspptp.sys  Mon Jul 13 20:10:18 2009 (4A5BCCEA)
    fffff880`04adf000 fffff880`04af9000   rassstp  rassstp.sys  Mon Jul 13 20:10:25 2009 (4A5BCCF1)
    fffff880`02c2f000 fffff880`02c80000   rdbss    rdbss.sys    Mon Jul 13 19:24:09 2009 (4A5BC219)
    fffff880`01992000 fffff880`0199b000   RDPCDD   RDPCDD.sys   Mon Jul 13 20:16:34 2009 (4A5BCE62)
    fffff880`0199b000 fffff880`019a4000   rdpencdd rdpencdd.sys Mon Jul 13 20:16:34 2009 (4A5BCE62)
    fffff880`019a4000 fffff880`019ad000   rdprefmp rdprefmp.sys Mon Jul 13 20:16:35 2009 (4A5BCE63)
    fffff880`01000000 fffff880`0103a000   rdyboost rdyboost.sys Mon Jul 13 19:34:34 2009 (4A5BC48A)
    fffff880`026ae000 fffff880`026c6000   rspndr   rspndr.sys   Mon Jul 13 20:08:50 2009 (4A5BCC92)
    fffff880`04800000 fffff880`0483d000   Rt64win7 Rt64win7.sys Mon Jul 13 02:31:43 2009 (4A5AD4CF)
    fffff880`048a6000 fffff880`04962000   rtl8192se rtl8192se.sys Wed Jun 03 02:00:57 2009 (4A261199)
    fffff880`04996000 fffff880`049c5000   SCSIPORT SCSIPORT.SYS Mon Jul 13 20:01:04 2009 (4A5BCAC0)
    fffff880`02bdc000 fffff880`02be7000   secdrv   secdrv.SYS   Wed Sep 13 09:18:38 2006 (4508052E)
    fffff880`014d5000 fffff880`014dd000   spldr    spldr.sys    Mon May 11 12:56:27 2009 (4A0858BB)
    fffff880`03811000 fffff880`038a9000   srv      srv.sys      Tue Dec 08 03:32:55 2009 (4B1E0F37)
    fffff880`02a3f000 fffff880`02aa8000   srv2     srv2.sys     Mon Jul 13 19:25:02 2009 (4A5BC24E)
    fffff880`02a00000 fffff880`02a2d000   srvnet   srvnet.sys   Tue Dec 08 03:32:26 2009 (4B1E0F1A)
    fffff880`04b17000 fffff880`04b18480   swenum   swenum.sys   Mon Jul 13 20:00:18 2009 (4A5BCA92)
    fffff880`01603000 fffff880`01800000   tcpip    tcpip.sys    Thu Apr 08 22:45:54 2010 (4BBE94E2)
    fffff880`02a2d000 fffff880`02a3f000   tcpipreg tcpipreg.sys Mon Jul 13 20:09:49 2009 (4A5BCCCD)
    fffff880`019e7000 fffff880`019f4000   TDI      TDI.SYS      Mon Jul 13 19:21:18 2009 (4A5BC16E)
    fffff880`019c9000 fffff880`019e7000   tdx      tdx.sys      Mon Jul 13 19:21:15 2009 (4A5BC16B)
    fffff880`02c1b000 fffff880`02c2f000   termdd   termdd.sys   Mon Jul 13 20:16:36 2009 (4A5BCE64)
    fffff960`00470000 fffff960`0047a000   TSDDD    TSDDD.dll    unavailable (00000000)
    fffff880`01800000 fffff880`01826000   tunnel   tunnel.sys   Mon Jul 13 20:09:37 2009 (4A5BCCC1)
    fffff880`04b5c000 fffff880`04b6e000   umbus    umbus.sys    Mon Jul 13 20:06:56 2009 (4A5BCC20)
    fffff880`06b5b000 fffff880`06b78000   usbccgp  usbccgp.sys  Mon Jul 13 20:06:45 2009 (4A5BCC15)
    fffff880`06b78000 fffff880`06b79f00   USBD     USBD.SYS     Mon Jul 13 20:06:23 2009 (4A5BCBFF)
    fffff880`045d6000 fffff880`045e7000   usbehci  usbehci.sys  Mon Jul 13 20:06:30 2009 (4A5BCC06)
    fffff880`04b6e000 fffff880`04bc8000   usbhub   usbhub.sys   Mon Jul 13 20:07:09 2009 (4A5BCC2D)
    fffff880`04580000 fffff880`045d6000   USBPORT  USBPORT.SYS  Mon Jul 13 20:06:31 2009 (4A5BCC07)
    fffff880`04573000 fffff880`04580000   usbuhci  usbuhci.sys  Mon Jul 13 20:06:27 2009 (4A5BCC03)
    fffff880`06b7a000 fffff880`06ba7100   usbvideo usbvideo.sys Mon Jul 13 20:07:00 2009 (4A5BCC24)
    fffff880`00e6a000 fffff880`00e77000   vdrvroot vdrvroot.sys Mon Jul 13 20:01:31 2009 (4A5BCADB)
    fffff880`0194f000 fffff880`0195d000   vga      vga.sys      Mon Jul 13 19:38:47 2009 (4A5BC587)
    fffff880`0195d000 fffff880`01982000   VIDEOPRT VIDEOPRT.SYS Mon Jul 13 19:38:51 2009 (4A5BC58B)
    fffff880`00d94000 fffff880`00da9000   volmgr   volmgr.sys   Mon Jul 13 19:19:57 2009 (4A5BC11D)
    fffff880`00c00000 fffff880`00c5c000   volmgrx  volmgrx.sys  Mon Jul 13 19:20:33 2009 (4A5BC141)
    fffff880`011ae000 fffff880`011fa000   volsnap  volsnap.sys  Mon Jul 13 19:20:08 2009 (4A5BC128)
    fffff880`04962000 fffff880`0496f000   vwifibus vwifibus.sys Mon Jul 13 20:07:21 2009 (4A5BCC39)
    fffff880`02dc2000 fffff880`02dd8000   vwififlt vwififlt.sys Mon Jul 13 20:07:22 2009 (4A5BCC3A)
    fffff880`02c00000 fffff880`02c1b000   wanarp   wanarp.sys   Mon Jul 13 20:10:21 2009 (4A5BCCED)
    fffff880`01982000 fffff880`01992000   watchdog watchdog.sys Mon Jul 13 19:37:35 2009 (4A5BC53F)
    fffff880`00f3e000 fffff880`00fe2000   Wdf01000 Wdf01000.sys Mon Jul 13 19:22:07 2009 (4A5BC19F)
    fffff880`00fe2000 fffff880`00ff1000   WDFLDR   WDFLDR.SYS   Mon Jul 13 19:19:54 2009 (4A5BC11A)
    fffff880`02d93000 fffff880`02d9c000   wfplwf   wfplwf.sys   Mon Jul 13 20:09:26 2009 (4A5BCCB6)
    fffff960`00020000 fffff960`0032f000   win32k   win32k.sys   unavailable (00000000)
    fffff880`049d2000 fffff880`049db000   wmiacpi  wmiacpi.sys  Mon Jul 13 19:31:02 2009 (4A5BC3B6)
    fffff880`00e57000 fffff880`00e60000   WMILIB   WMILIB.SYS   Mon Jul 13 19:19:51 2009 (4A5BC117)
    fffff880`06a23000 fffff880`06a44000   WudfPf   WudfPf.sys   Mon Jul 13 20:05:37 2009 (4A5BCBD1)
    
    Unloaded modules:
    fffff880`038be000 fffff880`0392f000   spsys.sys
        Timestamp: unavailable (00000000)
        Checksum:  00000000
    fffff880`018ac000 fffff880`018ba000   crashdmp.sys
        Timestamp: unavailable (00000000)
        Checksum:  00000000
    fffff880`018ba000 fffff880`018c6000   dump_pciidex
        Timestamp: unavailable (00000000)
        Checksum:  00000000
    fffff880`018c6000 fffff880`018d1000   dump_msahci.
        Timestamp: unavailable (00000000)
        Checksum:  00000000
    fffff880`018d1000 fffff880`018e4000   dump_dumpfve
        Timestamp: unavailable (00000000)
        Checksum:  00000000
    post back with the results

    -DG
      My Computer


  3. Posts : 1,782
    Windows 7 Home Premium 64bit
       #3

    With ataport.sys being mentioned numerous times, you might have a rootkit infection. I would run a rootkit scan to rule that out.

    How to remove malware belonging to the family Rootkit.Win32.TDSS (aka Tidserv, TDSServ, Alureon)?


    BSOD BUGCHECK SUMMARY
    Code:
    
    Built by: 7600.16792.amd64fre.win7_gdr.110408-1633
    Debug session time: Thu May 19 19:16:04.621 2011 (UTC - 4:00)
    System Uptime: 0 days 0:33:30.588
    Probably caused by : ataport.SYS ( ataport!memmove+64 )
    BUGCHECK_STR:  0xD1
    PROCESS_NAME:  System
    FAILURE_BUCKET_ID:  X64_0xD1_ataport!memmove+64
    BiosReleaseDate = 11/09/2009
    SystemManufacturer = Packard Bell
    SystemProductName = ONETWO M3700
    ииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииии``
    Built by: 7600.16385.amd64fre.win7_rtm.090713-1255
    Debug session time: Mon May 16 06:08:27.612 2011 (UTC - 4:00)
    System Uptime: 0 days 0:01:12.454
    Probably caused by : ntkrnlmp.exe ( nt!ObpQueryNameString+4ed )
    BUGCHECK_STR:  0xA
    PROCESS_NAME:  wermgr.exe
    FAILURE_BUCKET_ID:  X64_0xA_nt!ObpQueryNameString+4ed
    BiosReleaseDate = 11/09/2009
    SystemManufacturer = Packard Bell
    SystemProductName = ONETWO M3700
    ииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииии``
    Built by: 7600.16385.amd64fre.win7_rtm.090713-1255
    Debug session time: Sun May 15 18:30:36.550 2011 (UTC - 4:00)
    System Uptime: 0 days 0:00:27.190
    Probably caused by : ataport.SYS ( ataport!IdeCompleteScsiIrp+62 )
    BUGCHECK_STR:  0xA
    PROCESS_NAME:  System
    FAILURE_BUCKET_ID:  X64_0xA_ataport!IdeCompleteScsiIrp+62
    BiosReleaseDate = 11/09/2009
    SystemManufacturer = Packard Bell
    SystemProductName = ONETWO M3700
    ииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииии``
    Built by: 7600.16385.amd64fre.win7_rtm.090713-1255
    Debug session time: Sun May 15 18:29:30.434 2011 (UTC - 4:00)
    System Uptime: 0 days 0:04:16.074
    Probably caused by : ataport.SYS ( ataport!memmove+64 )
    BUGCHECK_STR:  0xD1
    FAILURE_BUCKET_ID:  X64_0xD1_ataport!memmove+64
    BiosReleaseDate = 11/09/2009
    SystemManufacturer = Packard Bell
    SystemProductName = ONETWO M3700
    ииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииии``
    Built by: 7600.16385.amd64fre.win7_rtm.090713-1255
    Debug session time: Sun May 15 18:21:10.828 2011 (UTC - 4:00)
    System Uptime: 0 days 0:06:25.654
    Probably caused by : ataport.SYS ( ataport!IdeCompleteScsiIrp+62 )
    BUGCHECK_STR:  0xA
    PROCESS_NAME:  svchost.exe
    FAILURE_BUCKET_ID:  X64_0xA_ataport!IdeCompleteScsiIrp+62
    BiosReleaseDate = 11/09/2009
    SystemManufacturer = Packard Bell
    SystemProductName = ONETWO M3700
    ииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииии``
    Built by: 7600.16385.amd64fre.win7_rtm.090713-1255
    Debug session time: Sun May 15 18:13:29.533 2011 (UTC - 4:00)
    System Uptime: 0 days 0:07:39.461
    Probably caused by : ataport.SYS ( ataport!memmove+64 )
    BUGCHECK_STR:  0xD1
    PROCESS_NAME:  regsvr32.exe
    FAILURE_BUCKET_ID:  X64_0xD1_ataport!memmove+64
    BiosReleaseDate = 11/09/2009
    SystemManufacturer = Packard Bell
    SystemProductName = ONETWO M3700
    ииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииии``
    Built by: 7600.16385.amd64fre.win7_rtm.090713-1255
    Debug session time: Sun May 15 18:04:57.605 2011 (UTC - 4:00)
    System Uptime: 0 days 2:13:50.572
    Probably caused by : ataport.SYS ( ataport!memmove+64 )
    BUGCHECK_STR:  0xD1
    PROCESS_NAME:  explorer.exe
    FAILURE_BUCKET_ID:  X64_0xD1_ataport!memmove+64
    BiosReleaseDate = 11/09/2009
    SystemManufacturer = Packard Bell
    SystemProductName = ONETWO M3700
    ииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииии``
    Built by: 7600.16385.amd64fre.win7_rtm.090713-1255
    Debug session time: Sun May 15 15:50:19.135 2011 (UTC - 4:00)
    System Uptime: 0 days 0:46:12.102
    Probably caused by : ataport.SYS ( ataport!memmove+64 )
    BUGCHECK_STR:  0xD1
    PROCESS_NAME:  regsvr32.exe
    FAILURE_BUCKET_ID:  X64_0xD1_ataport!memmove+64
    BiosReleaseDate = 11/09/2009
    SystemManufacturer = Packard Bell
    SystemProductName = ONETWO M3700
    ииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииии``
    Built by: 7600.16385.amd64fre.win7_rtm.090713-1255
    Debug session time: Sun May 15 14:14:37.301 2011 (UTC - 4:00)
    System Uptime: 0 days 0:06:21.267
    Probably caused by : ataport.SYS ( ataport!memmove+64 )
    BUGCHECK_STR:  0xD1
    PROCESS_NAME:  dwm.exe
    FAILURE_BUCKET_ID:  X64_0xD1_ataport!memmove+64
    BiosReleaseDate = 11/09/2009
    SystemManufacturer = Packard Bell
    SystemProductName = ONETWO M3700
    ииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииии``
    Built by: 7600.16385.amd64fre.win7_rtm.090713-1255
    Debug session time: Sun May 15 13:29:28.896 2011 (UTC - 4:00)
    System Uptime: 0 days 0:00:06.536
    Probably caused by : ntkrnlmp.exe ( nt!wcsstr+56 )
    BUGCHECK_STR:  0x50
    PROCESS_NAME:  smss.exe
    FAILURE_BUCKET_ID:  X64_0x50_nt!wcsstr+56
    BiosReleaseDate = 11/09/2009
    SystemManufacturer = Packard Bell
    SystemProductName = ONETWO M3700
    ииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииии``
    Built by: 7600.16385.amd64fre.win7_rtm.090713-1255
    Debug session time: Sun May 15 11:53:02.639 2011 (UTC - 4:00)
    System Uptime: 0 days 0:00:40.465
    Probably caused by : win32k.sys ( win32k!vCleanupUMWindowlessSprite+102 )
    BUGCHECK_STR:  0xA
    PROCESS_NAME:  OOTag.exe
    FAILURE_BUCKET_ID:  X64_0xA_win32k!vCleanupUMWindowlessSprite+102
    BiosReleaseDate = 11/09/2009
    SystemManufacturer = Packard Bell
    SystemProductName = ONETWO M3700
    ииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииии``
    Built by: 7600.16385.amd64fre.win7_rtm.090713-1255
    Debug session time: Sun May 15 11:20:15.942 2011 (UTC - 4:00)
    System Uptime: 0 days 0:02:16.908
    Probably caused by : ntkrnlmp.exe ( nt!KiTryUnwaitThread+28 )
    BUGCHECK_STR:  0xA
    PROCESS_NAME:  regsvr32.exe
    FAILURE_BUCKET_ID:  X64_0xA_nt!KiTryUnwaitThread+28
    BiosReleaseDate = 11/09/2009
    SystemManufacturer = Packard Bell
    SystemProductName = ONETWO M3700
    ииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииии``
    Built by: 7600.16385.amd64fre.win7_rtm.090713-1255
    Debug session time: Sun May 15 11:04:55.337 2011 (UTC - 4:00)
    System Uptime: 0 days 0:01:28.304
    Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+1056e )
    BUGCHECK_STR:  0xE4
    PROCESS_NAME:  System
    FAILURE_BUCKET_ID:  X64_0xE4_nt!_??_::FNODOBFM::_string_+1056e
    BiosReleaseDate = 11/09/2009
    SystemManufacturer = Packard Bell
    SystemProductName = ONETWO M3700
    ииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииии``
    Built by: 7600.16385.amd64fre.win7_rtm.090713-1255
    Debug session time: Sun May 15 09:26:34.204 2011 (UTC - 4:00)
    System Uptime: 0 days 0:04:08.171
    Probably caused by : ataport.SYS ( ataport!IdeCompleteScsiIrp+62 )
    BUGCHECK_STR:  0xA
    PROCESS_NAME:  System
    FAILURE_BUCKET_ID:  X64_0xA_ataport!IdeCompleteScsiIrp+62
    BiosReleaseDate = 11/09/2009
    SystemManufacturer = Packard Bell
    SystemProductName = ONETWO M3700
    ииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииии``
    Built by: 7600.16385.amd64fre.win7_rtm.090713-1255
    Debug session time: Sun May 15 09:21:45.871 2011 (UTC - 4:00)
    System Uptime: 0 days 0:04:15.838
    Probably caused by : ntkrnlmp.exe ( nt!KiPageFault+260 )
    BUGCHECK_STR:  0xA
    PROCESS_NAME:  wermgr.exe
    FAILURE_BUCKET_ID:  X64_0xA_nt!KiPageFault+260
    BiosReleaseDate = 11/09/2009
    SystemManufacturer = Packard Bell
    SystemProductName = ONETWO M3700
    ииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииии``
    Built by: 7600.16385.amd64fre.win7_rtm.090713-1255
    Debug session time: Sun May 15 09:03:23.276 2011 (UTC - 4:00)
    System Uptime: 0 days 0:00:29.242
    Probably caused by : win32k.sys ( win32k!GreAcquireSemaphore+1c )
    BUGCHECK_STR:  0xA
    PROCESS_NAME:  OOTag.exe
    FAILURE_BUCKET_ID:  X64_0xA_win32k!GreAcquireSemaphore+1c
    BiosReleaseDate = 11/09/2009
    SystemManufacturer = Packard Bell
    SystemProductName = ONETWO M3700
    ииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииии``
    Built by: 7600.16385.amd64fre.win7_rtm.090713-1255
    Debug session time: Sun May 15 09:02:12.794 2011 (UTC - 4:00)
    System Uptime: 0 days 0:03:23.760
    Probably caused by : ntkrnlmp.exe ( nt!KiPageFault+260 )
    BUGCHECK_STR:  0xA
    PROCESS_NAME:  wermgr.exe
    FAILURE_BUCKET_ID:  X64_0xA_nt!KiPageFault+260
    BiosReleaseDate = 11/09/2009
    SystemManufacturer = Packard Bell
    SystemProductName = ONETWO M3700
    ииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииии``
      
    
      My Computer


  4. Posts : 3
    Windows 7 home Premium 64x
    Thread Starter
       #4

    Thank you both.
    I tried to install SP1 from updates but it failed so will download the stand alone and do the memory check as suggested.

    I have run Malware bytes and MS security essentials both return clean but I will try Morgman's suggestion.

    I appreciate you assistance.
      My Computer


  5. Posts : 3
    Windows 7 home Premium 64x
    Thread Starter
       #5

    Solved


    Turned out it was tdss rootkit.

    Your assistance has been invaluable.

    Thank you indeed.
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

й Designer Media Ltd
All times are GMT -5. The time now is 09:58.
Find Us