Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Constant BSODs after virus infection

28 Jan 2011   #1
Samyr

Windows 7 Professional x64
 
 
Constant BSODs after virus infection

Quote:
Is Windows 7 . . .
- x86 (32-bit) or x64 ? x64
- the original installed OS on the system? No, original was Windows XP (though this is a custom built machine, so XP was full retail as well)
- an OEM or full retail version? Full retail

- What is the age of system (hardware)? Approx 1.5 years
- What is the age of OS installation (have you re-installed the OS?) Approx 1 year, before that it was Windows XP
Hey guys. I got a virus two days ago (Avast claims it was a rootkit) and I've been hitting BSOD after BSOD. I've since scanned the PC with numerous programs (Avast, MBAM, Avira, Microsoft Security Essentials, Microsoft Malicious Software Removal Tool) and I'm fairly sure it's clean now.

However, I'm constantly getting BSODs, usually of the 0x0000000A "IRQL" variety, and I have no idea what to do to fix it.

Attached are the dumps as requested, but I couldn't get a perfmon /report on account that when I try, it crashes into a BSOD. I can barely run the PC in safe mode, and it's also running quite slowly. If you need more info, let me know.

Your advice is desperately needed and much appreciated. Thanks in advance.


My System SpecsSystem Spec
.
28 Jan 2011   #2
fimble

windows 7 ultimate
 
 

Hi Samyr and Welcome.

Suggest you download TDSSKiller and run it in Safe Mode to eliminate the RootKit theory.
My System SpecsSystem Spec
28 Jan 2011   #3
CarlTR6

Windows 7 Ultimate 32 bit
 
 

Hi, Sam; and welcome to the forum. I looked at your most recent dump and it shows sptd.sys was involved in the crash. I suggest you uninstall any CD virtualization programs such as Daemon Tools and Alcohol 120%. They use a driver, found in your dump, sptd.sys, that is notorious for causing BSODs. Use this SPTD uninstaller when you're done: DuplexSecure - Downloads. Select uninstall; do NOT select reinstall.

Here is a free alternative CD virtualization program that does not use the sptd.sys driver.
Freeware MagicISO Virtual CD/DVD-ROM(MagicDisc) Overview

Don't forget to follow Fimble's advice.

Four of your most recent dumps blame Windows system drivers and indicate memory corruption. sptd.sys can definitely cause memory corruption. All of your drivers appear to be up to date. Uninstall sptd.sys and reboot. Let's see how your system does. Post back and let us know. If you get another BSOD, upload it and we will go from there.
Code:
Windows 7 Kernel Version 7600 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16617.amd64fre.win7_gdr.100618-1621
Machine Name:
Kernel base = 0xfffff800`02209000 PsLoadedModuleList = 0xfffff800`02446e50
Debug session time: Fri Jan 28 14:48:17.033 2011 (GMT-5)
System Uptime: 0 days 0:02:34.923
Loading Kernel Symbols
...............................................................
.........................................................
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck D1, {fffff88008f643f8, 2, 0, fffff88000e0ac50}

Probably caused by : ataport.SYS ( ataport!IdeLogCrbActive+bc )

Followup: MachineOwner
---------

3: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: fffff88008f643f8, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
Arg4: fffff88000e0ac50, address which referenced memory

Debugging Details:
------------------


READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800024b10e0
 fffff88008f643f8 

CURRENT_IRQL:  2

FAULTING_IP: 
ataport!IdeLogCrbActive+bc
fffff880`00e0ac50 f30f6f4148      movdqu  xmm0,xmmword ptr [rcx+48h]

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0xD1

PROCESS_NAME:  System

TRAP_FRAME:  fffff88001ef64b0 -- (.trap 0xfffff88001ef64b0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffffa80050d82a0 rbx=0000000000000000 rcx=fffff88008f643b0
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff88000e0ac50 rsp=fffff88001ef6640 rbp=0000000000000001
 r8=0000000000000000  r9=0000000000000000 r10=fffffa8004894da0
r11=fffff88001ef6770 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei ng nz na pe nc
ataport!IdeLogCrbActive+0xbc:
fffff880`00e0ac50 f30f6f4148      movdqu  xmm0,xmmword ptr [rcx+48h] ds:0202:fffff880`08f643f8=????????????????????????????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff80002278ca9 to fffff80002279740

STACK_TEXT:  
fffff880`01ef6368 fffff800`02278ca9 : 00000000`0000000a fffff880`08f643f8 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff880`01ef6370 fffff800`02277920 : 00000000`002ce895 fffffa80`04964428 fffffa80`039391a0 fffff880`00e1f1a0 : nt!KiBugCheckDispatch+0x69
fffff880`01ef64b0 fffff880`00e0ac50 : 00000000`00000001 00000000`00000000 fffffa80`049621b0 00000000`00000001 : nt!KiPageFault+0x260
fffff880`01ef6640 fffff880`00e14c71 : fffffa80`04da3c68 fffffa80`039391a0 fffffa80`04da3b80 00000000`00000000 : ataport!IdeLogCrbActive+0xbc
fffff880`01ef6670 fffff800`027e99ce : fffffa80`04da3c68 00000000`00000018 00000000`00000000 00000000`00000001 : ataport!IdeStartIoCallBack+0xc9
fffff880`01ef67e0 fffff800`027ea13d : fffffa80`04941ac0 fffffa80`0483c860 fffffa80`0483c800 00000000`00000000 : hal!HalpAllocateAdapterCallback+0x146
fffff880`01ef6880 fffff800`027e971f : fffffa80`04da3c20 00000000`00000200 fffffa80`0483c860 fffffa80`0570a710 : hal!HalAllocateAdapterChannel+0x101
fffff880`01ef68c0 fffff880`00fd60d3 : fffffa80`04da3b80 fffff880`00fd612c fffffa80`000000a0 fffffa80`0483c860 : hal!HalBuildScatterGatherList+0x2f3
fffff880`01ef6930 fffff880`00e14b3b : fffffa80`04da3b80 fffffa80`049621b0 fffffa80`039391a0 fffffa80`04da3b80 : PCIIDEX!BmSetup+0x6b
fffff880`01ef6990 fffff880`00e137eb : fffffa80`0393a500 fffffa80`049621b0 fffffa80`0393a500 fffffa80`039391a0 : ataport!IdeDispatchChannelRequest+0xef
fffff880`01ef69c0 fffff880`00e1331e : 00000000`00000001 fffffa80`04da3b80 00000000`00000001 fffffa80`04da3b80 : ataport!IdeStartChannelRequest+0x113
fffff880`01ef6a40 fffff880`00e15582 : fffff880`01ece180 00000000`00000000 fffffa80`049621b0 fffffa80`05833010 : ataport!IdeStartNextDeviceRequest+0x18e
fffff880`01ef6ae0 fffff880`00e150ec : fffffa80`039391a0 00000000`00000000 fffffa80`039391a0 fffffa80`05833010 : ataport!IdeProcessCompletedRequests+0x26a
fffff880`01ef6c10 fffff800`02284bfc : fffff880`01ece180 fffff800`0238326e fffffa80`03939050 fffffa80`03939118 : ataport!IdePortCompletionDpc+0x1a8
fffff880`01ef6cd0 fffff800`02281eea : fffff880`01ece180 fffff880`01ed8fc0 00000000`00000000 fffff880`00e14f44 : nt!KiRetireDpcList+0x1bc
fffff880`01ef6d80 00000000`00000000 : fffff880`01ef7000 fffff880`01ef1000 fffff880`01ef6d40 00000000`00000000 : nt!KiIdleLoop+0x5a


STACK_COMMAND:  kb

FOLLOWUP_IP: 
ataport!IdeLogCrbActive+bc
fffff880`00e0ac50 f30f6f4148      movdqu  xmm0,xmmword ptr [rcx+48h]

SYMBOL_STACK_INDEX:  3

SYMBOL_NAME:  ataport!IdeLogCrbActive+bc

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: ataport

IMAGE_NAME:  ataport.SYS

DEBUG_FLR_IMAGE_TIMESTAMP:  4a5bc118

FAILURE_BUCKET_ID:  X64_0xD1_ataport!IdeLogCrbActive+bc

BUCKET_ID:  X64_0xD1_ataport!IdeLogCrbActive+bc

Followup: MachineOwner
---------

Debug session time: Fri Jan 28 03:13:13.879 2011 (GMT-5)
System Uptime: 0 days 0:04:49.595
Loading Kernel Symbols
...............................................................
................................................................
..............
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck A, {1bc000, 2, 0, fffff80002ef32b3}

Probably caused by : ntkrnlmp.exe ( nt!KiPageFault+260 )

Followup: MachineOwner
---------

3: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 00000000001bc000, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, bitfield :
    bit 0 : value 0 = read operation, 1 = write operation
    bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff80002ef32b3, address which referenced memory

Debugging Details:
------------------


READ_ADDRESS: GetPointerFromAddress: unable to read from fffff8000310b0e0
 00000000001bc000 

CURRENT_IRQL:  2

FAULTING_IP: 
nt!IopCompleteRequest+ae3
fffff800`02ef32b3 488b09          mov     rcx,qword ptr [rcx]

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0xA

PROCESS_NAME:  wow_helper.exe

IRP_ADDRESS:  ffffffffffffff89

TRAP_FRAME:  fffff88005e4d6e0 -- (.trap 0xfffff88005e4d6e0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffff880021cb428 rbx=0000000000000000 rcx=00000000001bc000
rdx=00000000001bc000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002ef32b3 rsp=fffff88005e4d870 rbp=0000000000000000
 r8=fffffa8005f50d90  r9=fffff88005e4d970 r10=0000000000000002
r11=fffffa8005f2f930 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl nz ac po cy
nt!IopCompleteRequest+0xae3:
fffff800`02ef32b3 488b09          mov     rcx,qword ptr [rcx] ds:4180:00000000`001bc000=????????????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff80002ed2ca9 to fffff80002ed3740

STACK_TEXT:  
fffff880`05e4d598 fffff800`02ed2ca9 : 00000000`0000000a 00000000`001bc000 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff880`05e4d5a0 fffff800`02ed1920 : 00000000`00000000 fffffa80`05eedba0 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
fffff880`05e4d6e0 fffff800`02ef32b3 : fffffa80`00000000 fffff800`0304de80 00000000`00000000 fffff800`02edb1aa : nt!KiPageFault+0x260
fffff880`05e4d870 fffff800`02eb00c7 : 00000000`00000001 00000000`0011f000 fffff8a0`00000000 00000000`00000000 : nt!IopCompleteRequest+0xae3
fffff880`05e4d940 fffff800`02e86bb5 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDeliverApc+0x1d7
fffff880`05e4d9c0 fffff800`03212cea : fffffa80`05292010 fffffa80`06c1fb30 fffff880`05e4db50 fffff880`05e4db48 : nt!KiCheckForKernelApcDelivery+0x25
fffff880`05e4d9f0 fffff800`031ed23f : 00000000`00000004 fffffa80`06c1fb30 fffff880`05e4db50 00000000`00000000 : nt! ?? ::NNGAKEGL::`string'+0x29c0e
fffff880`05e4dae0 fffff800`02ed2993 : 00000000`0000000c fffffa80`06c44b60 00000000`0012f0a8 00000000`0012f101 : nt!NtMapViewOfSection+0x2be
fffff880`05e4dbb0 00000000`77adffda : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0012f088 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x77adffda


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt!KiPageFault+260
fffff800`02ed1920 440f20c0        mov     rax,cr8

SYMBOL_STACK_INDEX:  2

SYMBOL_NAME:  nt!KiPageFault+260

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  4c1c44a9

FAILURE_BUCKET_ID:  X64_0xA_nt!KiPageFault+260

BUCKET_ID:  X64_0xA_nt!KiPageFault+260

Followup: MachineOwner
---------

Debug session time: Fri Jan 28 18:14:45.965 2011 (GMT-5)
System Uptime: 0 days 3:25:38.481
Loading Kernel Symbols
...............................................................
.........................................................
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 3B, {c0000005, fffff80002299448, fffff88008f06f60, 0}

Probably caused by : ntkrnlmp.exe ( nt!KiSystemServiceHandler+7c )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff80002299448, Address of the exception record for the exception that caused the bugcheck
Arg3: fffff88008f06f60, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

FAULTING_IP: 
nt!IopCompleteRequest+c85
fffff800`02299448 488908          mov     qword ptr [rax],rcx

CONTEXT:  fffff88008f06f60 -- (.cxr 0xfffff88008f06f60)
rax=8b48c38b4024748b rbx=fffffa800a860ce0 rcx=4838246c8b48d88b
rdx=fffff88000fcd7f9 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002299448 rsp=fffff88008f07930 rbp=0000000000000000
 r8=0000000000000000  r9=fffff88008f07a30 r10=0000000000000002
r11=fffffa8003d9cab0 r12=fffff88008f71420 r13=0000000000000000
r14=fffffa8006ecab60 r15=fffff880009e8180
iopl=0         nv up ei ng nz na po cy
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010287
nt!IopCompleteRequest+0xc85:
fffff800`02299448 488908          mov     qword ptr [rax],rcx ds:002b:8b48c38b`4024748b=????????????????
Resetting default scope

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0x3B

PROCESS_NAME:  chrome.exe

CURRENT_IRQL:  2

LAST_CONTROL_TRANSFER:  from 0000000000000000 to fffff80002299448

STACK_TEXT:  
fffff880`08f06698 fffff800`02278ca9 : 00000000`0000003b 00000000`c0000005 fffff800`02299448 fffff880`08f06f60 : nt!KeBugCheckEx
fffff880`08f066a0 fffff800`022785fc : fffff880`08f076f8 fffff880`08f06f60 00000000`00000000 fffff800`022a7c90 : nt!KiBugCheckDispatch+0x69
fffff880`08f067e0 fffff800`0229f40d : fffff800`0249c348 00000000`00000000 fffff800`02209000 fffff880`08f076f8 : nt!KiSystemServiceHandler+0x7c
fffff880`08f06820 fffff800`022a6a90 : fffff800`023c91a0 fffff880`08f06898 fffff880`08f076f8 fffff800`02209000 : nt!RtlpExecuteHandlerForException+0xd
fffff880`08f06850 fffff800`022b39ef : fffff880`08f076f8 fffff880`08f06f60 fffff880`00000000 00000000`00000000 : nt!RtlDispatchException+0x410
fffff880`08f06f30 fffff800`02278d82 : fffff880`08f076f8 fffffa80`0a860ce0 fffff880`08f077a0 00000000`00000000 : nt!KiDispatchException+0x16f
fffff880`08f075c0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiExceptionDispatch+0xc2


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt!KiSystemServiceHandler+7c
fffff800`022785fc b801000000      mov     eax,1

SYMBOL_STACK_INDEX:  2

SYMBOL_NAME:  nt!KiSystemServiceHandler+7c

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  4c1c44a9

FAILURE_BUCKET_ID:  X64_0x3B_nt!KiSystemServiceHandler+7c

BUCKET_ID:  X64_0x3B_nt!KiSystemServiceHandler+7c

Followup: MachineOwner
---------

Debug session time: Fri Jan 28 05:23:02.054 2011 (GMT-5)
System Uptime: 0 days 0:03:22.786
Loading Kernel Symbols
...............................................................
................................................................
.........................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck A, {8, 2, 0, fffff80002eb3d29}

Unable to load image \SystemRoot\System32\Drivers\sptd.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for sptd.sys
*** ERROR: Module load completed but symbols could not be loaded for sptd.sys
Probably caused by : ataport.SYS ( ataport!IdeCompleteScsiIrp+62 )

Followup: MachineOwner
---------

2: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0000000000000008, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, bitfield :
    bit 0 : value 0 = read operation, 1 = write operation
    bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff80002eb3d29, address which referenced memory

Debugging Details:
------------------


READ_ADDRESS: GetPointerFromAddress: unable to read from fffff8000310f0e0
 0000000000000008 

CURRENT_IRQL:  2

FAULTING_IP: 
nt!KiInsertQueueApc+1e9
fffff800`02eb3d29 488b5108        mov     rdx,qword ptr [rcx+8]

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0xA

PROCESS_NAME:  System

TRAP_FRAME:  fffff88002f8c5b0 -- (.trap 0xfffff88002f8c5b0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000000
rdx=fffffa80063799c8 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002eb3d29 rsp=fffff88002f8c740 rbp=fffff88002f64180
 r8=0000000000000000  r9=0000000000000000 r10=0000000000000000
r11=0000000000000002 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl zr na po nc
nt!KiInsertQueueApc+0x1e9:
fffff800`02eb3d29 488b5108        mov     rdx,qword ptr [rcx+8] ds:00000000`00000008=????????????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff80002ed6ca9 to fffff80002ed7740

STACK_TEXT:  
fffff880`02f8c468 fffff800`02ed6ca9 : 00000000`0000000a 00000000`00000008 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff880`02f8c470 fffff800`02ed5920 : fffffa80`00000002 fffffa80`04112a50 fffffa80`03ce57a0 fffff880`00e3ee92 : nt!KiBugCheckDispatch+0x69
fffff880`02f8c5b0 fffff800`02eb3d29 : fffffa80`03ce5870 00000000`00001000 00000000`00000000 fffff800`02f8b0e4 : nt!KiPageFault+0x260
fffff880`02f8c740 fffff800`02eb6fec : fffffa80`04112a50 00000000`00000002 00000000`00000000 fffffa80`063799c8 : nt!KiInsertQueueApc+0x1e9
fffff880`02f8c770 fffff800`02eda55b : 00000000`00000000 00000000`a000000c 00000000`00000000 00000000`00000000 : nt!KeInsertQueueApc+0x80
fffff880`02f8c7d0 fffff880`00e3c41a : 00000000`00001000 00000000`00000001 fffffa80`03ce1b80 00000000`00000000 : nt!IopfCompleteRequest+0xbdb
fffff880`02f8c8b0 fffff880`00e3c242 : fffffa80`03ce1b80 fffff880`00e3eb3b fffffa80`03ce57a0 fffffa80`04a2f1b0 : ataport!IdeCompleteScsiIrp+0x62
fffff880`02f8c8e0 fffff880`00e36e32 : 00000000`00000000 00000000`00000000 fffffa80`0393a500 fffffa80`04a2f1b0 : ataport!IdeCommonCrbCompletion+0x5a
fffff880`02f8c910 fffff880`00e3f7ed : fffffa80`039391a0 fffffa80`03ce1b80 00000000`00000000 fffffa80`03ce1b80 : ataport!IdeTranslateCompletedRequest+0x236
fffff880`02f8ca40 fffff880`00e3f0ec : fffffa80`039391a0 00000000`00000000 fffffa80`039391a0 00000000`00000000 : ataport!IdeProcessCompletedRequests+0x4d5
fffff880`02f8cb70 fffff880`010aa4ce : fffffa80`046be000 fffff880`02f8cc58 fffffa80`03939050 fffffa80`046be750 : ataport!IdePortCompletionDpc+0x1a8
fffff880`02f8cc30 fffffa80`046be000 : fffff880`02f8cc58 fffffa80`03939050 fffffa80`046be750 fffff880`02f64180 : sptd+0x424ce
fffff880`02f8cc38 fffff880`02f8cc58 : fffffa80`03939050 fffffa80`046be750 fffff880`02f64180 00000000`00000000 : 0xfffffa80`046be000
fffff880`02f8cc40 fffffa80`03939050 : fffffa80`046be750 fffff880`02f64180 00000000`00000000 fffff880`02f68f40 : 0xfffff880`02f8cc58
fffff880`02f8cc48 fffffa80`046be750 : fffff880`02f64180 00000000`00000000 fffff880`02f68f40 00000000`00000022 : 0xfffffa80`03939050
fffff880`02f8cc50 fffff880`02f64180 : 00000000`00000000 fffff880`02f68f40 00000000`00000022 00000000`00000000 : 0xfffffa80`046be750
fffff880`02f8cc58 00000000`00000000 : fffff880`02f68f40 00000000`00000022 00000000`00000000 00000000`00000000 : 0xfffff880`02f64180


STACK_COMMAND:  kb

FOLLOWUP_IP: 
ataport!IdeCompleteScsiIrp+62
fffff880`00e3c41a 8bc3            mov     eax,ebx

SYMBOL_STACK_INDEX:  6

SYMBOL_NAME:  ataport!IdeCompleteScsiIrp+62

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: ataport

IMAGE_NAME:  ataport.SYS

DEBUG_FLR_IMAGE_TIMESTAMP:  4a5bc118

FAILURE_BUCKET_ID:  X64_0xA_ataport!IdeCompleteScsiIrp+62

BUCKET_ID:  X64_0xA_ataport!IdeCompleteScsiIrp+62

Followup: MachineOwner
---------

2: kd> lmtsmn
start             end                 module name
fffff880`03fb5000 fffff880`03ff3000   1394ohci 1394ohci.sys Mon Jul 13 20:07:12 2009 (4A5BCC30)
fffff880`01000000 fffff880`01057000   ACPI     ACPI.sys     Mon Jul 13 19:19:34 2009 (4A5BC106)
fffff880`03e00000 fffff880`03e45000   adnt3wvr adnt3wvr.SYS Tue Jul 14 17:12:55 2009 (4A5CF4D7)
fffff880`02d22000 fffff880`02dac000   afd      afd.sys      Mon Jul 13 19:21:40 2009 (4A5BC184)
fffff880`04407000 fffff880`0441d000   AgileVpn AgileVpn.sys Mon Jul 13 20:10:24 2009 (4A5BCCF0)
fffff880`03f50000 fffff880`03f65000   amdppm   amdppm.sys   Mon Jul 13 19:19:25 2009 (4A5BC0FD)
fffff880`00e5d000 fffff880`00e68000   amdxata  amdxata.sys  Tue May 19 13:56:59 2009 (4A12F2EB)
fffff880`00e2a000 fffff880`00e33000   atapi    atapi.sys    Mon Jul 13 19:19:47 2009 (4A5BC113)
fffff880`00e33000 fffff880`00e5d000   ataport  ataport.SYS  Mon Jul 13 19:19:52 2009 (4A5BC118)
fffff880`045bf000 fffff880`045e1000   AtiHdmi  AtiHdmi.sys  Thu Jan 28 20:03:36 2010 (4B6233E8)
fffff880`04876000 fffff880`04fe4000   atikmdag atikmdag.sys Tue Aug 03 21:39:08 2010 (4C58C4BC)
fffff880`03f6e000 fffff880`03fb5000   atikmpag atikmpag.sys Tue Aug 03 21:15:45 2010 (4C58BF41)
fffff880`019f5000 fffff880`019fd000   AtiPcie  AtiPcie.sys  Mon Aug 24 04:25:26 2009 (4A924E76)
fffff880`01869000 fffff880`01870000   Beep     Beep.SYS     Mon Jul 13 20:00:13 2009 (4A5BCA8D)
fffff880`03f19000 fffff880`03f2a000   blbdrive blbdrive.sys Mon Jul 13 19:35:59 2009 (4A5BC4DF)
fffff880`0664e000 fffff880`0666c000   bowser   bowser.sys   Mon Jul 13 19:23:50 2009 (4A5BC206)
fffff960`00660000 fffff960`00687000   cdd      cdd.dll      unavailable (00000000)
fffff880`01836000 fffff880`01860000   cdrom    cdrom.sys    Mon Jul 13 19:19:54 2009 (4A5BC11A)
fffff880`00c00000 fffff880`00cc0000   CI       CI.dll       Mon Jul 13 21:32:13 2009 (4A5BE01D)
fffff880`019c5000 fffff880`019f5000   CLASSPNP CLASSPNP.SYS Mon Jul 13 19:19:58 2009 (4A5BC11E)
fffff880`00d14000 fffff880`00d72000   CLFS     CLFS.SYS     Mon Jul 13 19:19:57 2009 (4A5BC11D)
fffff880`01417000 fffff880`0148a000   cng      cng.sys      Mon Jul 13 19:49:40 2009 (4A5BC814)
fffff880`03e45000 fffff880`03e55000   CompositeBus CompositeBus.sys Mon Jul 13 20:00:33 2009 (4A5BCAA1)
fffff880`066d4000 fffff880`066dc000   cpuz132_x64 cpuz132_x64.sys Thu Mar 26 19:17:23 2009 (49CC0D03)
fffff880`0696e000 fffff880`0697c000   crashdmp crashdmp.sys Mon Jul 13 20:01:01 2009 (4A5BCABD)
fffff880`03e78000 fffff880`03efb000   csc      csc.sys      Mon Jul 13 19:24:26 2009 (4A5BC22A)
fffff880`03efb000 fffff880`03f19000   dfsc     dfsc.sys     Mon Jul 13 19:23:44 2009 (4A5BC200)
fffff880`03e69000 fffff880`03e78000   discache discache.sys Mon Jul 13 19:37:18 2009 (4A5BC52E)
fffff880`019af000 fffff880`019c5000   disk     disk.sys     Mon Jul 13 19:19:57 2009 (4A5BC11D)
fffff880`064fc000 fffff880`0651e000   drmk     drmk.sys     Mon Jul 13 21:01:25 2009 (4A5BD8E5)
fffff880`06988000 fffff880`06991000   dump_atapi dump_atapi.sys Mon Jul 13 19:19:47 2009 (4A5BC113)
fffff880`0697c000 fffff880`06988000   dump_dumpata dump_dumpata.sys Mon Jul 13 19:19:47 2009 (4A5BC113)
fffff880`06991000 fffff880`069a4000   dump_dumpfve dump_dumpfve.sys Mon Jul 13 19:21:51 2009 (4A5BC18F)
fffff880`069bf000 fffff880`069cb000   Dxapi    Dxapi.sys    Mon Jul 13 19:38:28 2009 (4A5BC574)
fffff880`040b0000 fffff880`041a4000   dxgkrnl  dxgkrnl.sys  Thu Oct 01 21:00:14 2009 (4AC5509E)
fffff880`041a4000 fffff880`041ea000   dxgmms1  dxgmms1.sys  Mon Jul 13 19:38:32 2009 (4A5BC578)
fffff880`00cc0000 fffff880`00cd4000   fileinfo fileinfo.sys Mon Jul 13 19:34:25 2009 (4A5BC481)
fffff880`00e68000 fffff880`00eb4000   fltmgr   fltmgr.sys   Mon Jul 13 19:19:59 2009 (4A5BC11F)
fffff880`0149b000 fffff880`014a5000   Fs_Rec   Fs_Rec.sys   Mon Jul 13 19:19:45 2009 (4A5BC111)
fffff880`01975000 fffff880`019af000   fvevol   fvevol.sys   Fri Sep 25 22:34:26 2009 (4ABD7DB2)
fffff880`01872000 fffff880`018bc000   fwpkclnt fwpkclnt.sys Mon Jul 13 19:21:08 2009 (4A5BC164)
fffff880`04070000 fffff880`0407d000   GEARAspiWDM GEARAspiWDM.sys Mon May 18 08:17:04 2009 (4A1151C0)
fffff800`02e1e000 fffff800`02e67000   hal      hal.dll      Mon Jul 13 21:27:36 2009 (4A5BDF08)
fffff880`04000000 fffff880`04024000   HDAudBus HDAudBus.sys Mon Jul 13 20:06:13 2009 (4A5BCBF5)
fffff880`06931000 fffff880`0694a000   HIDCLASS HIDCLASS.SYS Mon Jul 13 20:06:21 2009 (4A5BCBFD)
fffff880`0694a000 fffff880`06952080   HIDPARSE HIDPARSE.SYS Mon Jul 13 20:06:17 2009 (4A5BCBF9)
fffff880`06923000 fffff880`06931000   hidusb   hidusb.sys   Mon Jul 13 20:06:22 2009 (4A5BCBFE)
fffff880`06524000 fffff880`065ec000   HTTP     HTTP.sys     Mon Jul 13 19:22:16 2009 (4A5BC1A8)
fffff880`0196c000 fffff880`01975000   hwpolicy hwpolicy.sys Mon Jul 13 19:19:22 2009 (4A5BC0FA)
fffff880`04856000 fffff880`04874000   i8042prt i8042prt.sys Mon Jul 13 19:19:57 2009 (4A5BC11D)
fffff880`04fe4000 fffff880`04ff3000   kbdclass kbdclass.sys Mon Jul 13 19:19:50 2009 (4A5BC116)
fffff880`06960000 fffff880`0696e000   kbdhid   kbdhid.sys   Mon Jul 13 20:00:20 2009 (4A5BCA94)
fffff800`00ba3000 fffff800`00ba6000   kdcom    kdcom.dll    Fri Jan 21 08:17:13 2011 (4D398759)
fffff880`044fb000 fffff880`0453e000   ks       ks.sys       Mon Jul 13 20:00:31 2009 (4A5BCA9F)
fffff880`013d1000 fffff880`013eb000   ksecdd   ksecdd.sys   Mon Jul 13 19:20:54 2009 (4A5BC156)
fffff880`01200000 fffff880`0122b000   ksecpkg  ksecpkg.sys  Fri Dec 11 01:03:32 2009 (4B21E0B4)
fffff880`0651e000 fffff880`06523200   ksthunk  ksthunk.sys  Mon Jul 13 20:00:19 2009 (4A5BCA93)
fffff880`06621000 fffff880`06636000   lltdio   lltdio.sys   Mon Jul 13 20:08:50 2009 (4A5BCC92)
fffff880`069d9000 fffff880`069fc000   luafv    luafv.sys    Mon Jul 13 19:26:13 2009 (4A5BC295)
fffff880`00cf3000 fffff880`00d00000   mcupdate_AuthenticAMD mcupdate_AuthenticAMD.dll Mon Jul 13 21:29:09 2009 (4A5BDF65)
fffff880`069cb000 fffff880`069d9000   monitor  monitor.sys  Mon Jul 13 19:38:52 2009 (4A5BC58C)
fffff880`044ea000 fffff880`044f9000   mouclass mouclass.sys Mon Jul 13 19:19:50 2009 (4A5BC116)
fffff880`06953000 fffff880`06960000   mouhid   mouhid.sys   Mon Jul 13 20:00:20 2009 (4A5BCA94)
fffff880`00e10000 fffff880`00e2a000   mountmgr mountmgr.sys Mon Jul 13 19:19:54 2009 (4A5BC11A)
fffff880`06e71000 fffff880`06ea2000   MpFilter MpFilter.sys Tue Sep 14 20:19:28 2010 (4C901110)
fffff880`0666c000 fffff880`06684000   mpsdrv   mpsdrv.sys   Mon Jul 13 20:08:25 2009 (4A5BCC79)
fffff880`06684000 fffff880`066b1000   mrxsmb   mrxsmb.sys   Sat Feb 27 02:52:19 2010 (4B88CF33)
fffff880`06400000 fffff880`0644e000   mrxsmb10 mrxsmb10.sys Sat Feb 27 02:52:28 2010 (4B88CF3C)
fffff880`066b1000 fffff880`066d4000   mrxsmb20 mrxsmb20.sys Sat Feb 27 02:52:26 2010 (4B88CF3A)
fffff880`00cd4000 fffff880`00cdf000   Msfs     Msfs.SYS     Mon Jul 13 19:19:47 2009 (4A5BC113)
fffff880`01057000 fffff880`01061000   msisadrv msisadrv.sys Mon Jul 13 19:19:26 2009 (4A5BC0FE)
fffff880`00d72000 fffff880`00dd0000   msrpc    msrpc.sys    Mon Jul 13 19:21:32 2009 (4A5BC17C)
fffff880`02cde000 fffff880`02ce9000   mssmbios mssmbios.sys Mon Jul 13 19:31:10 2009 (4A5BC3BE)
fffff880`0195a000 fffff880`0196c000   mup      mup.sys      Mon Jul 13 19:23:45 2009 (4A5BC201)
fffff880`014a5000 fffff880`01597000   ndis     ndis.sys     Mon Jul 13 19:21:40 2009 (4A5BC184)
fffff880`04441000 fffff880`0444d000   ndistapi ndistapi.sys Mon Jul 13 20:10:00 2009 (4A5BCCD8)
fffff880`0444d000 fffff880`0447c000   ndiswan  ndiswan.sys  Mon Jul 13 20:10:11 2009 (4A5BCCE3)
fffff880`045aa000 fffff880`045bf000   NDProxy  NDProxy.SYS  Mon Jul 13 20:10:05 2009 (4A5BCCDD)
fffff880`02c26000 fffff880`02c35000   netbios  netbios.sys  Mon Jul 13 20:09:26 2009 (4A5BCCB6)
fffff880`02dac000 fffff880`02df1000   netbt    netbt.sys    Mon Jul 13 19:21:28 2009 (4A5BC178)
fffff880`01597000 fffff880`015f7000   NETIO    NETIO.SYS    Mon Jul 13 19:21:46 2009 (4A5BC18A)
fffff880`00cdf000 fffff880`00cf0000   Npfs     Npfs.SYS     Mon Jul 13 19:19:48 2009 (4A5BC114)
fffff880`02cd2000 fffff880`02cde000   nsiproxy nsiproxy.sys Mon Jul 13 19:21:02 2009 (4A5BC15E)
fffff800`02e67000 fffff800`03443000   nt       ntkrnlmp.exe Sat Jun 19 00:16:41 2010 (4C1C44A9)
fffff880`0122e000 fffff880`013d1000   Ntfs     Ntfs.sys     Mon Jul 13 19:20:47 2009 (4A5BC14F)
fffff880`01860000 fffff880`01869000   Null     Null.SYS     Mon Jul 13 19:19:37 2009 (4A5BC109)
fffff880`02c00000 fffff880`02c26000   pacer    pacer.sys    Mon Jul 13 20:09:41 2009 (4A5BCCC5)
fffff880`011d3000 fffff880`011e8000   partmgr  partmgr.sys  Mon Jul 13 19:19:58 2009 (4A5BC11E)
fffff880`00f69000 fffff880`00f9c000   pci      pci.sys      Mon Jul 13 19:19:51 2009 (4A5BC117)
fffff880`01061000 fffff880`01068000   pciide   pciide.sys   Mon Jul 13 19:19:49 2009 (4A5BC115)
fffff880`00e00000 fffff880`00e10000   PCIIDEX  PCIIDEX.SYS  Mon Jul 13 19:19:48 2009 (4A5BC114)
fffff880`0148a000 fffff880`0149b000   pcw      pcw.sys      Mon Jul 13 19:19:27 2009 (4A5BC0FF)
fffff880`06abf000 fffff880`06b65000   peauth   peauth.sys   Mon Jul 13 21:01:19 2009 (4A5BD8DF)
fffff880`064bf000 fffff880`064fc000   portcls  portcls.sys  Mon Jul 13 20:06:27 2009 (4A5BCC03)
fffff880`00d00000 fffff880`00d14000   PSHED    PSHED.dll    Mon Jul 13 21:32:23 2009 (4A5BE027)
fffff880`0441d000 fffff880`04441000   rasl2tp  rasl2tp.sys  Mon Jul 13 20:10:11 2009 (4A5BCCE3)
fffff880`0447c000 fffff880`04497000   raspppoe raspppoe.sys Mon Jul 13 20:10:17 2009 (4A5BCCE9)
fffff880`04497000 fffff880`044b8000   raspptp  raspptp.sys  Mon Jul 13 20:10:18 2009 (4A5BCCEA)
fffff880`044b8000 fffff880`044d2000   rassstp  rassstp.sys  Mon Jul 13 20:10:25 2009 (4A5BCCF1)
fffff880`02c81000 fffff880`02cd2000   rdbss    rdbss.sys    Mon Jul 13 19:24:09 2009 (4A5BC219)
fffff880`044df000 fffff880`044ea000   rdpbus   rdpbus.sys   Mon Jul 13 20:17:46 2009 (4A5BCEAA)
fffff880`0140e000 fffff880`01417000   RDPCDD   RDPCDD.sys   Mon Jul 13 20:16:34 2009 (4A5BCE62)
fffff880`015f7000 fffff880`01600000   rdpencdd rdpencdd.sys Mon Jul 13 20:16:34 2009 (4A5BCE62)
fffff880`00df5000 fffff880`00dfe000   rdprefmp rdprefmp.sys Mon Jul 13 20:16:35 2009 (4A5BCE63)
fffff880`01920000 fffff880`0195a000   rdyboost rdyboost.sys Mon Jul 13 19:34:34 2009 (4A5BC48A)
fffff880`06636000 fffff880`0664e000   rspndr   rspndr.sys   Mon Jul 13 20:08:50 2009 (4A5BCC92)
fffff880`04024000 fffff880`04070000   Rt64win7 Rt64win7.sys Fri Nov 27 04:45:07 2009 (4B0F9FA3)
fffff880`066e4000 fffff880`06905e80   RTKVHD64 RTKVHD64.sys Tue Jan 19 05:42:09 2010 (4B558C81)
fffff880`01197000 fffff880`011c6000   SCSIPORT SCSIPORT.SYS Mon Jul 13 20:01:04 2009 (4A5BCAC0)
fffff880`06b65000 fffff880`06b70000   secdrv   secdrv.SYS   Wed Sep 13 09:18:38 2006 (4508052E)
fffff880`041ea000 fffff880`041f6000   serenum  serenum.sys  Mon Jul 13 20:00:33 2009 (4A5BCAA1)
fffff880`02c35000 fffff880`02c52000   serial   serial.sys   Mon Jul 13 20:00:40 2009 (4A5BCAA8)
fffff880`01918000 fffff880`01920000   spldr    spldr.sys    Mon May 11 12:56:27 2009 (4A0858BB)
fffff880`06e00000 fffff880`06e71000   spsys    spsys.sys    Mon May 11 13:20:58 2009 (4A085E7A)
fffff880`01068000 fffff880`0118e000   sptd     sptd.sys     Sun Oct 11 16:55:14 2009 (4AD24632)
fffff880`06ecf000 fffff880`06f65000   srv      srv.sys      Thu Aug 26 23:38:00 2010 (4C773318)
fffff880`06a00000 fffff880`06a67000   srv2     srv2.sys     Thu Aug 26 23:37:46 2010 (4C77330A)
fffff880`06b70000 fffff880`06b9d000   srvnet   srvnet.sys   Thu Aug 26 23:37:24 2010 (4C7732F4)
fffff880`044f9000 fffff880`044fa480   swenum   swenum.sys   Mon Jul 13 20:00:18 2009 (4A5BCA92)
fffff880`044d2000 fffff880`044df000   tap0901t tap0901t.sys Wed Sep 16 02:02:43 2009 (4AB07F83)
fffff880`01601000 fffff880`017fe000   tcpip    tcpip.sys    Sun Jun 13 23:39:04 2010 (4C15A458)
fffff880`06b9d000 fffff880`06baf000   tcpipreg tcpipreg.sys Mon Jul 13 20:09:49 2009 (4A5BCCCD)
fffff880`02d15000 fffff880`02d22000   TDI      TDI.SYS      Mon Jul 13 19:21:18 2009 (4A5BC16E)
fffff880`02cf7000 fffff880`02d15000   tdx      tdx.sys      Mon Jul 13 19:21:15 2009 (4A5BC16B)
fffff880`02c6d000 fffff880`02c81000   termdd   termdd.sys   Mon Jul 13 20:16:36 2009 (4A5BCE64)
fffff960`005e0000 fffff960`005ea000   TSDDD    TSDDD.dll    unavailable (00000000)
fffff880`03f2a000 fffff880`03f50000   tunnel   tunnel.sys   Mon Jul 13 20:09:37 2009 (4A5BCCC1)
fffff880`0453e000 fffff880`04550000   umbus    umbus.sys    Mon Jul 13 20:06:56 2009 (4A5BCC20)
fffff880`06906000 fffff880`06923000   usbccgp  usbccgp.sys  Mon Jul 13 20:06:45 2009 (4A5BCC15)
fffff880`04095000 fffff880`04096f00   USBD     USBD.SYS     Mon Jul 13 20:06:23 2009 (4A5BCBFF)
fffff880`04097000 fffff880`040a8000   usbehci  usbehci.sys  Mon Jul 13 20:06:30 2009 (4A5BCC06)
fffff880`04088000 fffff880`04095000   usbfilter usbfilter.sys Wed Oct 07 03:44:08 2009 (4ACC46C8)
fffff880`04550000 fffff880`045aa000   usbhub   usbhub.sys   Mon Jul 13 20:07:09 2009 (4A5BCC2D)
fffff880`0407d000 fffff880`04088000   usbohci  usbohci.sys  Mon Jul 13 20:06:30 2009 (4A5BCC06)
fffff880`04800000 fffff880`04856000   USBPORT  USBPORT.SYS  Mon Jul 13 20:06:31 2009 (4A5BCC07)
fffff880`069a4000 fffff880`069bf000   USBSTOR  USBSTOR.SYS  Mon Jul 13 20:06:34 2009 (4A5BCC0A)
fffff880`011c6000 fffff880`011d3000   vdrvroot vdrvroot.sys Mon Jul 13 20:01:31 2009 (4A5BCADB)
fffff880`01400000 fffff880`0140e000   vga      vga.sys      Mon Jul 13 19:38:47 2009 (4A5BC587)
fffff880`00dd0000 fffff880`00df5000   VIDEOPRT VIDEOPRT.SYS Mon Jul 13 19:38:51 2009 (4A5BC58B)
fffff880`018bc000 fffff880`018cc000   vmstorfl vmstorfl.sys Mon Jul 13 19:42:54 2009 (4A5BC67E)
fffff880`011e8000 fffff880`011fd000   volmgr   volmgr.sys   Mon Jul 13 19:19:57 2009 (4A5BC11D)
fffff880`00f9c000 fffff880`00ff8000   volmgrx  volmgrx.sys  Mon Jul 13 19:20:33 2009 (4A5BC141)
fffff880`018cc000 fffff880`01918000   volsnap  volsnap.sys  Mon Jul 13 19:20:08 2009 (4A5BC128)
fffff880`02c52000 fffff880`02c6d000   wanarp   wanarp.sys   Mon Jul 13 20:10:21 2009 (4A5BCCED)
fffff880`013eb000 fffff880`013fb000   watchdog watchdog.sys Mon Jul 13 19:37:35 2009 (4A5BC53F)
fffff880`00eb6000 fffff880`00f5a000   Wdf01000 Wdf01000.sys Mon Jul 13 19:22:07 2009 (4A5BC19F)
fffff880`00f5a000 fffff880`00f69000   WDFLDR   WDFLDR.SYS   Mon Jul 13 19:19:54 2009 (4A5BC11A)
fffff880`02df1000 fffff880`02dfa000   wfplwf   wfplwf.sys   Mon Jul 13 20:09:26 2009 (4A5BCCB6)
fffff960`000b0000 fffff960`003c0000   win32k   win32k.sys   unavailable (00000000)
fffff880`03f65000 fffff880`03f6e000   wmiacpi  wmiacpi.sys  Mon Jul 13 19:31:02 2009 (4A5BC3B6)
fffff880`0118e000 fffff880`01197000   WMILIB   WMILIB.SYS   Mon Jul 13 19:19:51 2009 (4A5BC117)
fffff880`06600000 fffff880`06621000   WudfPf   WudfPf.sys   Mon Jul 13 20:05:37 2009 (4A5BCBD1)
fffff880`06f65000 fffff880`06f96000   WUDFRd   WUDFRd.sys   Mon Jul 13 20:06:06 2009 (4A5BCBEE)

Unloaded modules:
fffff880`01800000 fffff880`0180e000   crashdmp.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
fffff880`0180e000 fffff880`0181a000   dump_ataport
    Timestamp: unavailable (00000000)
    Checksum:  00000000
fffff880`0181a000 fffff880`01823000   dump_atapi.s
    Timestamp: unavailable (00000000)
    Checksum:  00000000
fffff880`01823000 fffff880`01836000   dump_dumpfve
    Timestamp: unavailable (00000000)
    Checksum:  00000000
My System SpecsSystem Spec
.

30 Jan 2011   #4
Samyr

Windows 7 Professional x64
 
 

First off, thanks for the replies fimble and Carl.

I ran TDSSKiller in safe mode and it managed to find a rootkit that none of the others were able to find. It removed it on reboot.

I'm now able to start Windows in normal mode, so as soon as I logged in I uninstalled both Daemon Tools and SPTD, just to be safe.

So far, so good. Not a single BSOD yet. Thanks so much for your help, I am beyond grateful.
My System SpecsSystem Spec
30 Jan 2011   #5
CarlTR6

Windows 7 Ultimate 32 bit
 
 

You are welcome, Sam. That is the kind of news we like to hear! Glad your system is doing better. Great job of following suggestions. Please post back in a couple of days and update us. If you are still BSOD free, we will ask the mods to mark this thread as solved.
My System SpecsSystem Spec
01 Feb 2011   #6
Samyr

Windows 7 Professional x64
 
 

Just posting back to confirm that the issue was resolved and I haven't had any problems since. Thanks again.
My System SpecsSystem Spec
03 Feb 2011   #7
CarlTR6

Windows 7 Ultimate 32 bit
 
 

Sam, you are very welcome. I am glad we were able to help you. Thank you for reporting back. Happy computing!
My System SpecsSystem Spec
Reply

 Constant BSODs after virus infection




Thread Tools




Similar help and support threads
Thread Forum
Help me remove virus/infection
Hi Friends, I need some help removing the malware/virus please. I have tried MB but it stuck on Heuristic Analysis for a long time, I am unable to uninstall any programs, right click doesn't respond, I have been using AVG2014 for AV. Thanks in advance.
System Security
How to restore network and LAN configuration after virus infection?
Hello, Some times I have got any computer thatīs infected by some virus and internet is not working. Booting Linux, Internet is working, but in Windows it is not. I am sure itīs virus problem, because IP, and others adjust are OK. Sometimes after scanning Windows with some antivirus system,...
Network & Sharing
[WTA] Virus Infection from another Notebook
guys , sorry for a weird question, i want ask , when i lend my friends HDD External , lookslike his notebook have virus, then i ask him to format then safely remove, if like that , that virus will infect the HDD External after format ? and will infect too clean notebook if i plug-in to clean...
System Security
Infection by fake AV virus
Visiting a friend who is massively infected by fake AV scan. All of his files are hidden and nothing will run. I just ran bootable Windows Defender Offline which appears to have found nothing. System Restore is infected back a few days although there are more points to go back further. Any...
System Security
BSOD after virus infection and removal
Yesterday I had a virus infection on my computer, which brought up a fake "Anti virus Protection" tool. I've had these in the past, and I usually just restore from my Acronis True Image backup, which is scheduled to run each day and backup my entire C drive. The problem this time is that even...
BSOD Help and Support
Big virus infection going on here
i have a huge virus infection going on in my PC and i just reinstalled the windows:mad: i got the following ones: hotstopshield trojan.win32.Generic!BT backdoor.win32.hupigon everytime i scan i find them in here , but cant remove them , anyone?
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Đ Designer Media Ltd

All times are GMT -5. The time now is 10:28.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App