New
#21
At 1.7K, there's no way that .zip file contains dumps. You might want to try again.
Sorry bout that had trouble getting the file to copy and paste properly. Hopefully this time it will work.
I apologize for being so late in seeing this. I was away most of last week.
Error code F7, DRIVER_OVERRAN_STACK_BUFFER - usually caused by Device driver, Malware.
Error code A, IRQL_NOT_LESS_OR_EQUAL - usually caused by Kernel mode driver, System Service, BIOS, Windows, Virus scanner, Backup tool, compatibility.
The driver, nvlddmkm.sys, is implicated in the first dump along with memory. The second dump also blames nvlddmkm.sys and indicates possible malware.Code:Kernel base = 0xfffff800`02e62000 PsLoadedModuleList = 0xfffff800`0309fe50 Debug session time: Mon Aug 30 12:03:08.173 2010 (GMT-4) System Uptime: 0 days 0:00:09.952 Loading Kernel Symbols ............................................................... ................... Loading User Symbols ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck A, {0, 2, 0, fffff80002ef2183} Unable to load image nvlddmkm.sys, Win32 error 0n2 *** WARNING: Unable to verify timestamp for nvlddmkm.sys *** ERROR: Module load completed but symbols could not be loaded for nvlddmkm.sys Probably caused by : Pool_Corruption ( nt!ExFreePool+d4d ) Followup: Pool_corruption --------- 2: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* IRQL_NOT_LESS_OR_EQUAL (a) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If a kernel debugger is available get the stack backtrace. Arguments: Arg1: 0000000000000000, memory referenced Arg2: 0000000000000002, IRQL Arg3: 0000000000000000, bitfield : bit 0 : value 0 = read operation, 1 = write operation bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status) Arg4: fffff80002ef2183, address which referenced memory Debugging Details: ------------------ READ_ADDRESS: GetPointerFromAddress: unable to read from fffff8000310a0e0 0000000000000000 CURRENT_IRQL: 2 FAULTING_IP: nt!IopCompleteRequest+ae3 fffff800`02ef2183 488b09 mov rcx,qword ptr [rcx] CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT BUGCHECK_STR: 0xA PROCESS_NAME: System IRP_ADDRESS: ffffffffffffff89 TRAP_FRAME: fffff88002f68880 -- (.trap 0xfffff88002f68880) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=fffff88002f68f80 rbx=0000000000000000 rcx=0000000000000000 rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000 rip=fffff80002ef2183 rsp=fffff88002f68a10 rbp=fffff88002f68b60 r8=fffff88002f68b18 r9=fffff88002f68b10 r10=0000000000000002 r11=fffff80002ef16a0 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei pl nz na pe cy nt!IopCompleteRequest+0xae3: fffff800`02ef2183 488b09 mov rcx,qword ptr [rcx] ds:00000000`00000000=???????????????? Resetting default scope LOCK_ADDRESS: fffff800030d6400 -- (!locks fffff800030d6400) Resource @ nt!PiEngineLock (0xfffff800030d6400) Available WARNING: SystemResourcesList->Flink chain invalid. Resource may be corrupted, or already deleted. WARNING: SystemResourcesList->Blink chain invalid. Resource may be corrupted, or already deleted. 1 total locks PNP_TRIAGE: Lock address : 0xfffff800030d6400 Thread Count : 0 Thread address: 0x0000000000000000 Thread wait : 0x0 LAST_CONTROL_TRANSFER: from fffff80002ed1b69 to fffff80002ed2600 STACK_TEXT: fffff880`02f68738 fffff800`02ed1b69 : 00000000`0000000a 00000000`00000000 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx fffff880`02f68740 fffff800`02ed07e0 : fffffa80`056f66e0 fffff980`02950ee0 00000000`00000004 fffff880`1490c228 : nt!KiBugCheckDispatch+0x69 fffff880`02f68880 fffff800`02ef2183 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x260 fffff880`02f68a10 fffff800`02eaefcf : 00000000`00000001 00000000`00000000 00000000`00000000 fffff800`00000000 : nt!IopCompleteRequest+0xae3 fffff880`02f68ae0 fffff800`02eaf387 : 00000000`00000120 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDeliverApc+0x1d7 fffff880`02f68b60 fffff800`03366df6 : 00000000`00000120 00000000`00000000 00000000`0000000d fffff800`02f95b6b : nt!KiApcInterrupt+0xd7 fffff880`02f68cf0 fffff800`0336d295 : 00000000`00000120 fffff880`02f6a000 00000000`00000000 00000000`00000801 : nt!VfDeadlockDeleteMemoryRange+0x36 fffff880`02f68d70 fffff800`0336dca5 : fffff8a0`004ccc60 00000000`00000012 00000000`00000001 00000000`00000003 : nt!VfFreeMemoryNotification+0x15 fffff880`02f68da0 fffff800`0300567c : fffff8a0`004ccc60 00000000`00000120 00000000`00000003 00000000`00000001 : nt!VfFreePoolNotification+0x55 fffff880`02f68dd0 fffff800`031ab464 : fffff8a0`004ccdc0 00000000`00000000 fffff8a0`004ccdc0 fffff800`031b3e12 : nt!ExFreePool+0xd4d fffff880`02f68e80 fffff800`031b0192 : 00000000`00000007 fffff880`02f690f0 fffffa80`04611501 fffff8a0`00000016 : nt!CmQueryKey+0x888 fffff880`02f69040 fffff800`02ed1853 : fffffa80`04602b60 fffff800`00000003 fffff880`02f693c8 fffffa80`05d78900 : nt!NtQueryKey+0x262 fffff880`02f691a0 fffff800`02ecddf0 : fffff880`03c6a75b 00000000`00000000 fffff800`03364a46 fffff8a0`004ba570 : nt!KiSystemServiceCopyEnd+0x13 fffff880`02f693a8 fffff880`03c6a75b : 00000000`00000000 fffff800`03364a46 fffff8a0`004ba570 fffff8a0`000015d0 : nt!KiServiceLinkage fffff880`02f693b0 fffff880`03ce1bd4 : 00000000`000000fc 00000000`00000000 00000000`00000000 ffffffff`80000120 : dxgkrnl!DpiGetDeviceRegistryPaths+0xdf fffff880`02f69430 fffff880`13d68986 : fffffa80`05d76bf0 fffffa80`05d831f0 fffffa80`05d831f0 fffffa80`05d831f0 : dxgkrnl!DpiAddDevice+0x4b4 fffff880`02f69690 fffffa80`05d76bf0 : fffffa80`05d831f0 fffffa80`05d831f0 fffffa80`05d831f0 fffff880`02f696f0 : nvlddmkm+0x87986 fffff880`02f69698 fffffa80`05d831f0 : fffffa80`05d831f0 fffffa80`05d831f0 fffff880`02f696f0 fffffa80`05d831f0 : 0xfffffa80`05d76bf0 fffff880`02f696a0 fffffa80`05d831f0 : fffffa80`05d831f0 fffff880`02f696f0 fffffa80`05d831f0 00000000`00000004 : 0xfffffa80`05d831f0 fffff880`02f696a8 fffffa80`05d831f0 : fffff880`02f696f0 fffffa80`05d831f0 00000000`00000004 fffff880`13d688e4 : 0xfffffa80`05d831f0 fffff880`02f696b0 fffff880`02f696f0 : fffffa80`05d831f0 00000000`00000004 fffff880`13d688e4 fffffa80`05d831f0 : 0xfffffa80`05d831f0 fffff880`02f696b8 fffffa80`05d831f0 : 00000000`00000004 fffff880`13d688e4 fffffa80`05d831f0 fffff800`02fd3825 : 0xfffff880`02f696f0 fffff880`02f696c0 00000000`00000004 : fffff880`13d688e4 fffffa80`05d831f0 fffff800`02fd3825 00000000`00000000 : 0xfffffa80`05d831f0 fffff880`02f696c8 fffff880`13d688e4 : fffffa80`05d831f0 fffff800`02fd3825 00000000`00000000 fffffa80`056f7060 : 0x4 fffff880`02f696d0 fffffa80`05d831f0 : fffff800`02fd3825 00000000`00000000 fffffa80`056f7060 00000000`00000000 : nvlddmkm+0x878e4 fffff880`02f696d8 fffff800`02fd3825 : 00000000`00000000 fffffa80`056f7060 00000000`00000000 fffff880`02f69704 : 0xfffffa80`05d831f0 fffff880`02f696e0 fffff800`032b6fb5 : 00000000`00000000 fffffa80`05d831f0 00000000`00000002 fffffa80`056f66e0 : nt!PpvUtilCallAddDevice+0x45 fffff880`02f69720 fffff800`032be461 : fffffa80`056f66e0 fffffa80`056f66e0 00000000`00000000 00000000`00000000 : nt!PnpCallAddDevice+0xd5 fffff880`02f697a0 fffff800`032bf9f2 : fffffa80`056ed910 fffffa80`056f66e0 00000000`00000002 fffffa80`056f7060 : nt!PipCallDriverAddDevice+0x661 fffff880`02f69950 fffff800`032bfe8c : fffffa80`05ddc260 00000000`00000000 00000000`00000000 00000000`00000000 : nt!PipProcessDevNodeTree+0x2b2 fffff880`02f69bc0 fffff800`02fd42d2 : 00000001`00000003 00000000`00000000 00000000`32706e50 00000000`00000084 : nt!PiProcessStartSystemDevices+0x7c fffff880`02f69c10 fffff800`02edf861 : fffff800`02fd3fd0 fffff800`0332a501 fffffa80`04602b00 00000000`00000000 : nt!PnpDeviceActionWorker+0x302 fffff880`02f69cb0 fffff800`03177a86 : ffffffff`ffffffff fffffa80`04602b60 00000000`00000080 fffffa80`03988b30 : nt!ExpWorkerThread+0x111 fffff880`02f69d40 fffff800`02eb0b06 : fffff880`02d64180 fffffa80`04602b60 fffff880`02d6ef80 00000000`00000000 : nt!PspSystemThreadStartup+0x5a fffff880`02f69d80 00000000`00000000 : fffff880`02f6a000 fffff880`02f64000 fffff880`02f68570 00000000`00000000 : nt!KxStartSystemThread+0x16 STACK_COMMAND: kb FOLLOWUP_IP: nt!ExFreePool+d4d fffff800`0300567c 90 nop SYMBOL_STACK_INDEX: 9 SYMBOL_NAME: nt!ExFreePool+d4d FOLLOWUP_NAME: Pool_corruption IMAGE_NAME: Pool_Corruption DEBUG_FLR_IMAGE_TIMESTAMP: 0 MODULE_NAME: Pool_Corruption FAILURE_BUCKET_ID: X64_0xA_nt!ExFreePool+d4d BUCKET_ID: X64_0xA_nt!ExFreePool+d4d Followup: Pool_corruption --------- Kernel base = 0xfffff800`02e61000 PsLoadedModuleList = 0xfffff800`0309ee50 Debug session time: Mon Aug 30 17:30:03.231 2010 (GMT-4) System Uptime: 0 days 0:00:13.010 Loading Kernel Symbols ............................................................... ................... Loading User Symbols Unable to load image nvlddmkm.sys, Win32 error 0n2 *** ERROR: Module load completed but symbols could not be loaded for nvlddmkm.sys ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck F7, {fffff88003161f98, 2b992ddfa232, ffffd466d2205dcd, 0} Probably caused by : nvlddmkm.sys ( nvlddmkm+16d3a6 ) Followup: MachineOwner --------- 0: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* DRIVER_OVERRAN_STACK_BUFFER (f7) A driver has overrun a stack-based buffer. This overrun could potentially allow a malicious user to gain control of this machine. DESCRIPTION A driver overran a stack-based buffer (or local variable) in a way that would have overwritten the function's return address and jumped back to an arbitrary address when the function returned. This is the classic "buffer overrun" hacking attack and the system has been brought down to prevent a malicious user from gaining complete control of it. Do a kb to get a stack backtrace -- the last routine on the stack before the buffer overrun handlers and bugcheck call is the one that overran its local variable(s). Arguments: Arg1: fffff88003161f98, Actual security check cookie from the stack Arg2: 00002b992ddfa232, Expected security check cookie Arg3: ffffd466d2205dcd, Complement of the expected security check cookie Arg4: 0000000000000000, zero Debugging Details: ------------------ DEFAULT_BUCKET_ID: GS_FALSE_POSITIVE_MISSING_GSFRAME SECURITY_COOKIE: Expected 00002b992ddfa232 found fffff88003161f98 CUSTOMER_CRASH_COUNT: 1 BUGCHECK_STR: 0xF7 PROCESS_NAME: System CURRENT_IRQL: 0 LAST_CONTROL_TRANSFER: from fffff880140023a6 to fffff80002ed1600 STACK_TEXT: fffff880`03160df8 fffff880`140023a6 : 00000000`000000f7 fffff880`03161f98 00002b99`2ddfa232 ffffd466`d2205dcd : nt!KeBugCheckEx fffff880`03160e00 00000000`000000f7 : fffff880`03161f98 00002b99`2ddfa232 ffffd466`d2205dcd 00000000`00000000 : nvlddmkm+0x16d3a6 fffff880`03160e08 fffff880`03161f98 : 00002b99`2ddfa232 ffffd466`d2205dcd 00000000`00000000 fffff800`02efe39f : 0xf7 fffff880`03160e10 00002b99`2ddfa232 : ffffd466`d2205dcd 00000000`00000000 fffff800`02efe39f fffff880`146ec58c : 0xfffff880`03161f98 fffff880`03160e18 ffffd466`d2205dcd : 00000000`00000000 fffff800`02efe39f fffff880`146ec58c fffff880`140006ab : 0x2b99`2ddfa232 fffff880`03160e20 00000000`00000000 : fffff800`02efe39f fffff880`146ec58c fffff880`140006ab fffff880`03161e68 : 0xffffd466`d2205dcd STACK_COMMAND: kb FOLLOWUP_IP: nvlddmkm+16d3a6 fffff880`140023a6 ?? ??? SYMBOL_STACK_INDEX: 1 SYMBOL_NAME: nvlddmkm+16d3a6 FOLLOWUP_NAME: MachineOwner MODULE_NAME: nvlddmkm IMAGE_NAME: nvlddmkm.sys DEBUG_FLR_IMAGE_TIMESTAMP: 4c37918e FAILURE_BUCKET_ID: X64_0xF7_MISSING_GSFRAME_nvlddmkm+16d3a6 BUCKET_ID: X64_0xF7_MISSING_GSFRAME_nvlddmkm+16d3a6 Followup: MachineOwner ---------
I recommend that you download and install Malwarebytes. Up date it and run a quick scan. If i finds anything, let it clean up the nasties and then do a deep scan. That will take a while. You want to make sure you are not infected. Take care of this before you take any other steps.
You did a great job with the drivers; i only find one driver not up to date. Update this one if you can.
AtiPcie.sys Tue May 05 11:00:22 2009 - ATI PCIE Driver for ATI PCIE chipsetGlobal Provider of Innovative Graphics, Processors and Media Solutions | AMD
Since you have updated the drivers, try enabling Driver Verifier following this tutorial: Driver Verifier - Enable and Disable. Upload any dumps generated my Driver Verifier. Use you computer normally while Verifier is running.
I want to apologize for my delayed response. When school started I put this issue on the back burner. A few weeks ago, I finally had a need to get this comp up and running (Editor at a school paper and I wanted to install adobe software). I took it to a local computer shop where they infromed me after a few days that I had a ram problem. Apprently, the sticks I had were not in sync. When I did ram tests in the past, I did it with one stick each and got no problems. I never made the connection that it was BOTH running together that was causeing the problem.
I took my computer home after purchasing some new ram that worked and had a sad face when it showd me another BSOD. I felt like giving up completely. Fortunatly for me I looked through the clear side of my computer case and saw that the snaps that hold the RAM stick in place were not pushded down on one. After doing that, I have not had a BSOD for 3 weeks.
Just thought I would let you know and I wanted to thank you for your advice and efforts.