Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Had a BSOD

20 Sep 2010   #1
Gaz1701

Windows 7 Home Premium 64-bit (6.1, Build 7601)
 
 
Had a BSOD

I'm not sure whether I've still got this trojan or not (see this thread for details), but here's all the info you need

-Windows 7 X86
-Not the original OS (was Vista)
-Full retail (legally bought) version
-I bought my computer/hardware on 13th March 2007
-installed Win7 [only once] on 24th October 2009

Here's the Windows_NT6_BSOD_jcgriff2 folder & the PERFMON HTML zip file


My System SpecsSystem Spec
.
20 Sep 2010   #2
Tews

64-bit Windows 8.1 Pro
 
 

Please follow these instructions when asking for help... Blue Screen of Death (BSOD) Posting Instructions
My System SpecsSystem Spec
20 Sep 2010   #3
Gaz1701

Windows 7 Home Premium 64-bit (6.1, Build 7601)
 
 

I've edited it to comply with your instructions
My System SpecsSystem Spec
.

20 Sep 2010   #4
Tews

64-bit Windows 8.1 Pro
 
 

Your .dmp file is pointing to pxrts.sys ( Prevx Realtime Scanner, Prevx Edge.) as the probable cause of your crash. Uninstall Prevex and use DriverSweeper to remove pxrts.sys from your system...

You can disable driver verifier now..


Code:
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced.  This cannot be protected by try-except,
it must be protected by a Probe.  Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: b7dac0d4, memory referenced.
Arg2: 00000000, value 0 = read operation, 1 = write operation.
Arg3: 81ac87a8, If non-zero, the instruction address which referenced the bad memory
	address.
Arg4: 00000000, (reserved)

Debugging Details:
------------------

Unable to load image \SystemRoot\System32\drivers\pxrts.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for pxrts.sys
*** ERROR: Module load completed but symbols could not be loaded for pxrts.sys

READ_ADDRESS: GetPointerFromAddress: unable to read from 81b70718
Unable to read MiSystemVaType memory at 81b50160
 b7dac0d4 

FAULTING_IP: 
nt!PsGetThreadProcessId+8
81ac87a8 8b802c020000    mov     eax,dword ptr [eax+22Ch]

MM_INTERNAL_CODE:  0

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VERIFIER_ENABLED_VISTA_MINIDUMP

BUGCHECK_STR:  0x50

PROCESS_NAME:  RocketDock.exe

CURRENT_IRQL:  0

TRAP_FRAME:  9912fc68 -- (.trap 0xffffffff9912fc68)
ErrCode = 00000000
eax=b7dabea8 ebx=00000000 ecx=b7dabea8 edx=00000001 esi=00000f8c edi=00000488
eip=81ac87a8 esp=9912fcdc ebp=9912fcdc iopl=0         nv up ei pl zr na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010246
nt!PsGetThreadProcessId+0x8:
81ac87a8 8b802c020000    mov     eax,dword ptr [eax+22Ch] ds:0023:b7dac0d4=????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from 81a4e638 to 81a8d903

STACK_TEXT:  
9912fc50 81a4e638 00000000 b7dac0d4 00000000 nt!MmAccessFault+0x106
9912fc50 81ac87a8 00000000 b7dac0d4 00000000 nt!KiTrap0E+0xdc
9912fcdc 8bdc57fb b7dabea8 00000488 00000488 nt!PsGetThreadProcessId+0x8
WARNING: Stack unwind information not available. Following frames may be wrong.
9912fd10 8bdc1ca3 00000005 b7dabea8 0012fdb0 pxrts+0x57fb
9912fd24 81a4b44a 00000488 00000000 0012fdd8 pxrts+0x1ca3
9912fd24 776d64f4 00000488 00000000 0012fdd8 nt!KiFastCallEntry+0x12a
0012fdd8 00000000 00000000 00000000 00000000 0x776d64f4


STACK_COMMAND:  kb

FOLLOWUP_IP: 
pxrts+57fb
8bdc57fb ??              ???

SYMBOL_STACK_INDEX:  3

SYMBOL_NAME:  pxrts+57fb

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: pxrts

IMAGE_NAME:  pxrts.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4c909cd0

FAILURE_BUCKET_ID:  0x50_VRF_pxrts+57fb

BUCKET_ID:  0x50_VRF_pxrts+57fb

Followup: MachineOwner
---------
The following driver is out of date and should be updated..

Code:
nvm62x32.sys Fri Oct 17 17:00:39 2008 (48F8FCF7) ... nVidia Ethernet Networking Driver (nForce chipset driver) ... Drivers - Download NVIDIA Drivers
My System SpecsSystem Spec
Reply

 Had a BSOD




Thread Tools



Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 17:10.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App