BDOS help please.

EnforceTheMusic · 13 May 2011

i had some kind of virus posing as windows firewall, cant start computer or re-install windows so i use another hard-drive from another computer boot mine up with that with the faulty hard drive, install windows 7 over the faulty hard-drive i had a few technical problems BDOS wouldnt let me start up so i removed 1 stick of RAM and it loaded but i still bdos alot randomly.

Please help.

sorry, re-uploaded the appropriate info in .zip (didn't read the posting instructions)

zigzag3143 · 13 May 2011

EnforceTheMusic said:

i had some kind of virus posing as windows firewall, cant start computer or re-install windows so i use another hard-drive from another computer boot mine up with that with the faulty hard drive, install windows 7 over the faulty hard-drive i had a few technical problems BDOS wouldnt let me start up so i removed 1 stick of RAM and it loaded but i still bdos alot randomly.

Please help.

sorry, re-uploaded the appropriate info in .zip (didn't read the posting instructions)

This one could be either one of two things. Either a valid windows app, or you still have the virus. See pic.

I would first download malwarebytes and run it in safe mode to see if the virus is still present

Then when clean run a system file check to verify and repair OS files.

Run a system file check to verify and repair your system files.
To do this type cmd in search, then right click to run as administrator, then
SFC /SCANNOW

Read here for more information SFC /SCANNOW Command - System File Checker

Let us know the results from the report at the end.

Code:

Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\K\Desktop\Windows_NT6_BSOD_jcgriff2\051311-37721-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*C:\Symbols*http://msdl.microsoft.com/download/symbols;srv*e:\symbols
*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7600 MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16385.amd64fre.win7_rtm.090713-1255
Machine Name:
Kernel base = 0xfffff800`02a5c000 PsLoadedModuleList = 0xfffff800`02c99e50
Debug session time: Fri May 13 04:30:03.293 2011 (GMT-4)
System Uptime: 0 days 5:00:47.244
Loading Kernel Symbols
...............................................................
................................................................
.................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck A, {0, 2, 0, fffff80002aeda83}

Unable to load image \SystemRoot\System32\Drivers\msrpc.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for msrpc.sys
*** ERROR: Module load completed but symbols could not be loaded for msrpc.sys
Probably caused by : msrpc.sys ( msrpc+248cb )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0000000000000000, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, bitfield :
    bit 0 : value 0 = read operation, 1 = write operation
    bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff80002aeda83, address which referenced memory

Debugging Details:
------------------


READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002d040e0
 0000000000000000 

CURRENT_IRQL:  2

FAULTING_IP: 
nt!IopCompleteRequest+ae3
fffff800`02aeda83 488b09          mov     rcx,qword ptr [rcx]

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0xA

PROCESS_NAME:  slui.exe

IRP_ADDRESS:  ffffffffffffff89

TRAP_FRAME:  fffff88007011e70 -- (.trap 0xfffff88007011e70)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffff880070123f8 rbx=0000000000000000 rcx=0000000000000000
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002aeda83 rsp=fffff88007012000 rbp=fffff88007012150
 r8=fffffa8001386810  r9=fffff88007012100 r10=0000000000000002
r11=fffffa80041803c0 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl nz ac pe cy
nt!IopCompleteRequest+0xae3:
fffff800`02aeda83 488b09          mov     rcx,qword ptr [rcx] ds:00000000`00000000=????????????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff80002acd469 to fffff80002acdf00

STACK_TEXT:  
fffff880`07011d28 fffff800`02acd469 : 00000000`0000000a 00000000`00000000 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff880`07011d30 fffff800`02acc0e0 : 00000000`00000000 fffffa80`041b9160 fffffa80`02109a30 fffff880`00db4f37 : nt!KiBugCheckDispatch+0x69
fffff880`07011e70 fffff800`02aeda83 : fffff880`07012a30 fffff880`070129e0 00000000`00000000 fffff800`02d99ef4 : nt!KiPageFault+0x260
fffff880`07012000 fffff800`02aaa92f : 00000000`00000001 00000000`01e5e000 00000000`01de0000 00000000`00000000 : nt!IopCompleteRequest+0xae3
fffff880`070120d0 fffff800`02aaace7 : 00000000`0000000e 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDeliverApc+0x1d7
fffff880`07012150 fffff800`02d74391 : 00000000`00000000 fffff800`02ad41a2 fffffa80`00000001 00000000`00000000 : nt!KiApcInterrupt+0xd7
fffff880`070122e0 fffff800`02acd153 : fffffa80`0210b5b0 fffff880`070125a8 fffff880`07012398 fffff8a0`067d80c0 : nt!NtDuplicateToken+0x219
fffff880`07012380 fffff800`02ac96f0 : fffff880`0111c8cb 00000000`00000001 fffff880`0111e1f6 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
fffff880`07012588 fffff880`0111c8cb : 00000000`00000001 fffff880`0111e1f6 00000000`00000000 fffff8a0`00000000 : nt!KiServiceLinkage
fffff880`07012590 00000000`00000001 : fffff880`0111e1f6 00000000`00000000 fffff8a0`00000000 00000000`00000002 : msrpc+0x248cb
fffff880`07012598 fffff880`0111e1f6 : 00000000`00000000 fffff8a0`00000000 00000000`00000002 fffff880`070126b0 : 0x1
fffff880`070125a0 00000000`00000000 : fffff8a0`00000000 00000000`00000002 fffff880`070126b0 00000002`0000000c : msrpc+0x261f6


STACK_COMMAND:  kb

FOLLOWUP_IP: 
msrpc+248cb
fffff880`0111c8cb ??              ???

SYMBOL_STACK_INDEX:  9

SYMBOL_NAME:  msrpc+248cb

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: msrpc

IMAGE_NAME:  msrpc.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  0

FAILURE_BUCKET_ID:  X64_0xA_msrpc+248cb

BUCKET_ID:  X64_0xA_msrpc+248cb

Followup: MachineOwner
---------

1: kd> lmvm msrpc
start             end                 module name
fffff880`010f8000 fffff880`01156000   msrpc    T (no symbols)           
    Loaded symbol image file: msrpc.sys
    Image path: \SystemRoot\System32\Drivers\msrpc.sys
    Image name: msrpc.sys
    Timestamp:        unavailable (00000000)
    CheckSum:         00000000
    ImageSize:        0005E000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4

EnforceTheMusic · 14 May 2011

what about the ram? i mean it boots up now i took it out but, if i re-place the ram i took out back into the computer whilst running it just freezes.

EnforceTheMusic · 14 May 2011

Also when i tried installing Photoshop cs5 / vb net 2011 i BSOD im not sure if this is cause my ram usage is close to 100% due to the fact im running on 1Gb instead of 2gb because i took a stick out but could there be a seperate reason for this? i'll try what you suggested though, thanks.

installing malwarebytes now.

zigzag3143 · 14 May 2011

[QUOTE=EnforceTheMusic;1396282]what about the ram? i mean it boots up now i took it out but, if i re-pla

You gave us a DMP and we analyzed it.

You can check your ram by running memtest.

Download a copy of Memtest86 and burn the ISO to a CD using Iso Recorder or another ISO burning program. Memtest86.com - Memory Diagnostic

Boot from the CD, and leave it running for at least 5 or 6 passes.

Just remember, any time Memtest reports errors, it can be either bad RAM or a bad motherboard slot.

Test the sticks individually, and if you find a good one, test it in all slots.

EnforceTheMusic · 14 May 2011

Thanks, will do you're a life saver.

EnforceTheMusic · 14 May 2011

i've ran malwarebytes found 22 infected files, all deleted.
did the system os file check ect.
tried to install vb.net again BSOD
(i put my hard-drive into another, fully functioning semi-new computer and still BSOD, it must be something to do with my hard-drive and not my computers hardware)
i've uploaded the dump file

MarkJ · 14 May 2011

Keep running Malwarebytes until it comes up clean.

You should switch on automatic update as your system is not up to date, it should be on SP1.

When you put the RAM stick back into the PC when it was running you may have fried it completely and possibly caused other damage. You should never change anything in the system while the PC is running, there is no suprise it crashed. Run Memtest as suggested earlier on the one operational stick for at least 8 passes. You could even try your memory in the other PC you have access to, but switch it off before swapping the sticks and check that the voltage is correct in the Bios for your stick, run some games or play video to see how it performs.

I would also suggest, as a process of elimination to run diagnostics on the hard drive, follow this guide.

Identify the make of your hard drive and then use one of the links below to get the manufacturers diagnostic for ISO CD. Burn the image file to a CD, boot the PC with the disc in the drive and run the diagnostics. You first need to set the CD drive to 1st in the boot order in the Bios setup.
If you do not have an image burner use this free software to make the CD.
http://www.isoimageburner.com/

ExcelStor: http://www.excelstor.com/eng/support.php?sub_id=3
Hitachi/IBM: http://www.hitachigst.com/support/downloads/
Samsung: http://www.samsung.com/global/busine...ort_in_es.html
Toshiba Fujitsu: http://sdd.toshiba.com/main.aspx?Pat...ies#diagnostic
Seagate, Maxtor & Quantum:http://www.seagate.com/www/en-us/support/downloads
Western Digital:http://support.wdc.com/product/download.asp?lang=en

Finally, if boot up is still causing BSOD try using the Startup Repair option by booting from the windows disc. Followed by an Upgrade install which will re-install the operating system without loosing all your software or files, you can only do this once you get it to boot to the desktop and then put the disk in.

zigzag3143 · 14 May 2011

EnforceTheMusic said:

i've ran malwarebytes found 22 infected files, all deleted.
did the system os file check ect.
tried to install vb.net again BSOD
(i put my hard-drive into another, fully functioning semi-new computer and still BSOD, it must be something to do with my hard-drive and not my computers hardware)
i've uploaded the dump file

This one Related to nvmfdx64.sys NVIDIA nForce Networking. Yours is 3 years old. I would start by re-installing it.

We really need more than one DMP to follow a trend.

MarkJ · 14 May 2011

I am intrigued zigzag, where did you find a reference to that driver in the crash dump from post 7, secdrv.sys was the only driver I could see dated before mid 2009. May be I missed something but would like to learn what

.