New
#11
Alright will do.
Code:BugCheck 3B, {c000001d, fffff80002ac6b4d, fffff88004e65140, 0} Unable to load image Unknown_Module_00000000`00000001, Win32 error 0n2 *** WARNING: Unable to verify timestamp for Unknown_Module_00000000`00000001 *** ERROR: Module load completed but symbols could not be loaded for Unknown_Module_00000000`00000001 Probably caused by : hardware ( nt!KeWaitForSingleObject+19d )Code:1: kd> !thread GetPointerFromAddress: unable to read from fffff80002cf5000 THREAD fffffa800fc4a590 Cid 0d90.1388 Teb: 000000007ef4d000 Win32Thread: 0000000000000000 RUNNING on processor 1 Not impersonating GetUlongFromAddress: unable to read from fffff80002c33ba4 Owning Process fffffa800d83b7b0 Image: <Unknown> Attached Process N/A Image: N/A fffff78000000000: Unable to get shared data Wait Start TickCount 1938895 Context Switch Count 131637 IdealProcessor: 0 ReadMemory error: Cannot get nt!KeMaximumIncrement value. UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x0000000001aa76b7 Stack Init fffff88004e65db0 Current fffff88004e65900 Base fffff88004e66000 Limit fffff88004e60000 Call 0 Priority 24 BasePriority 1 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`04e64878 fffff800`02abcde9 : 00000000`0000003b 00000000`c000001d fffff800`02ac6b4d fffff880`04e65140 : nt!KeBugCheckEx fffff880`04e64880 fffff800`02abc73c : fffff880`04e658d8 fffff880`04e65140 00000000`00000000 fffff800`02aeb820 : nt!KiBugCheckDispatch+0x69 fffff880`04e649c0 fffff800`02ae2fad : fffff800`02cdfb5c 00000000`00000000 fffff800`02a4e000 fffff880`04e658d8 : nt!KiSystemServiceHandler+0x7c fffff880`04e64a00 fffff800`02aea620 : fffff800`02c0d118 fffff880`04e64a78 fffff880`04e658d8 fffff800`02a4e000 : nt!RtlpExecuteHandlerForException+0xd fffff880`04e64a30 fffff800`02af76cf : fffff880`04e658d8 fffff880`04e65140 fffff880`00000000 fffffa80`0fc4a590 : nt!RtlDispatchException+0x410 fffff880`04e65110 fffff800`02abcec2 : fffff880`04e658d8 00000046`6c996aab fffff880`04e65980 fffffa80`0f4261b0 : nt!KiDispatchException+0x16f fffff880`04e657a0 fffff800`02abb01f : fffff880`04e65980 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiExceptionDispatch+0xc2 fffff880`04e65980 fffff800`02ac6b4d : 00000000`00000c58 00000000`00000000 00000000`000000cf 00000000`120becd0 : nt!KiInvalidOpcodeFault+0x11f (TrapFrame @ fffff880`04e65980) fffff880`04e65b10 fffff800`02db2ad2 : fffff880`04e65c00 fffffa80`00000006 00000000`00000001 fffff800`02ab9400 : nt!KeWaitForSingleObject+0x19d fffff880`04e65bb0 fffff800`02abcad3 : fffffa80`0fc4a590 00000000`00000c58 fffff880`04e65bf8 fffffa80`0f4261b0 : nt!NtWaitForSingleObject+0xb2 fffff880`04e65c20 00000000`747c2dd9 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`04e65c20) 00000000`120bec58 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x747c2dd9I believe we are looking at some memory misalignment boundary errors, which may have caused by invalid machine operation code.Code:.trap fffff880`04e65980 NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=0000000000000102 rbx=0000000000000000 rcx=0000000000000000 rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000 rip=fffff80002ac6b4d rsp=fffff88004e65b10 rbp=0000000000000000 r8=fffffa800d83b838 r9=0000000000000000 r10=fffffffffffffffd r11=0000000000000000 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei ng nz na po nc nt!KeWaitForSingleObject+0x19d: fffff800`02ac6b4d ff ???
Run Driver Verifier to scan for any corrupted drivers which may be causing problems, this program works by running various stress tests on drivers, in order to produce a BSOD which will locate the driver; run for least 24 hours:
InformationAdditional Help - Using Driver Verifier to identify issues with Drivers
Alright I did what you just told me to do, and it told me I had to restart my computer in order for it to run. Now my computer gets to the windows boot logo and gives me a bsod saying a driver is trying to access memory that has already been freed. I tried running the windows startup repair but it's not working.
Boot into Safe Mode, and then disable Driver Verifier. The instructions are in the link wrapped around the Information box. Please post the dump files afterwards.
My 2 cents try thee scanners too
http://www.superantispyware.com/
http://www.bleepingcomputer.com/download/adwcleaner/
(download from bleeping computer)
Personally I would try Hitman Pro too Home - SurfRight
There are more rootkit removers from here too I have used GMER and Sophos and Dr Web Cureit
Best Free Rootkit Scanner and Remover the GMER is a heavy duty thing I find and leave it to last if I have to.
Uh..how exactly do I get the dump files? They aren't showing up in bluescreenviewer...
Use the SF Diagnostic tool from this post. Blue Screen of Death (BSOD) Posting Instructions
The tool, Windbg, they use here is more comprehensive than Blue Screen Viewer.
Alright but the folder isn't showing the 3 bsods I got while driver verifier. But here you go.
As you have said, unfortunately, the Driver Verifier dump files are not there. I would suggest running Driver Verifier again.