New
#1
Windows7 randoms bsod
it's randomly crashes
Welcome aboard.
Scan the system for possible virus infection.Code:******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 7A, {fffff6fc40006168, ffffffffc0000185, a6ff1860, fffff88000c2d008} GetPointerFromAddress: unable to read from fffff800036cc278 *** WARNING: Unable to verify timestamp for win32k.sys *** ERROR: Module load completed but symbols could not be loaded for win32k.sys Probably caused by : memory_corruption Followup: memory_corruption --------- 4: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* KERNEL_DATA_INPAGE_ERROR (7a) The requested page of kernel data could not be read in. Typically caused by a bad block in the paging file or disk controller error. Also see KERNEL_STACK_INPAGE_ERROR. If the error status is 0xC000000E, 0xC000009C, 0xC000009D or 0xC0000185, it means the disk subsystem has experienced a failure. If the error status is 0xC000009A, then it means the request failed because a filesystem failed to make forward progress. Arguments: Arg1: fffff6fc40006168, lock type that was held (value 1,2,3, or PTE address) Arg2: ffffffffc0000185, error status (normally i/o status code) Arg3: 00000000a6ff1860, current process (virtual address for lock type 3, or PTE) Arg4: fffff88000c2d008, virtual address that could not be in-paged (or PTE contents if arg1 is a PTE address) Debugging Details: ------------------ ERROR_CODE: (NTSTATUS) 0xc0000185 - The I/O device reported an I/O error. DISK_HARDWARE_ERROR: There was error with disk hardware BUGCHECK_STR: 0x7a_c0000185 CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: CODE_CORRUPTION PROCESS_NAME: System CURRENT_IRQL: 0 TRAP_FRAME: fffff8800357e950 -- (.trap 0xfffff8800357e950) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=0000000000000001 rbx=0000000000000000 rcx=fffffa800436f1a0 rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000 rip=fffff88000c2d008 rsp=fffff8800357eae8 rbp=fffff8000363a200 r8=fffffa8006fa2320 r9=fffffa8003535be8 r10=0000000000000000 r11=fffff8800357ea80 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei pl nz na pe nc ataport!IdePortScanChannel: fffff880`00c2d008 0000 add byte ptr [rax],al ds:00000000`00000001=?? Resetting default scope LAST_CONTROL_TRANSFER: from fffff8000350a552 to fffff8000349cfc0 STACK_TEXT: fffff880`0357e638 fffff800`0350a552 : 00000000`0000007a fffff6fc`40006168 ffffffff`c0000185 00000000`a6ff1860 : nt!KeBugCheckEx fffff880`0357e640 fffff800`034c3cbf : fffffa80`0541be90 fffff880`0357e7b0 fffff800`036cf540 fffffa80`0541be90 : nt! ?? ::FNODOBFM::`string'+0x36bea fffff880`0357e720 fffff800`034aa589 : 00000000`00000000 00000000`00000008 ffffffff`ffffffff 00000000`00000000 : nt!MiIssueHardFault+0x28b fffff880`0357e7f0 fffff800`0349b0ee : 00000000`00000008 fffff880`00c2d008 00000000`00000000 00000000`00000004 : nt!MmAccessFault+0x1399 fffff880`0357e950 fffff880`00c2d008 : fffff880`00c32ea4 00000000`00000004 fffff800`0363a200 fffffa80`0436f1a0 : nt!KiPageFault+0x16e fffff880`0357eae8 fffff880`00c32ea4 : 00000000`00000004 fffff800`0363a200 fffffa80`0436f1a0 fffff880`07739d34 : ataport!IdePortScanChannel fffff880`0357eaf0 fffff800`0378f583 : 00000000`00000001 00000000`00000004 00000000`00000000 fffff880`0357eb50 : ataport!ChannelQueryBusRelation+0xa0 fffff880`0357eb40 fffff800`034a6641 : fffff800`038ae800 fffff800`0363a201 fffffa80`0354e000 fffffa80`07a38210 : nt!IopProcessWorkItem+0x23 fffff880`0357eb70 fffff800`03733e5a : a9e6e882`6ef1a6e6 fffffa80`0354e040 00000000`00000080 fffffa80`035359e0 : nt!ExpWorkerThread+0x111 fffff880`0357ec00 fffff800`0348dd26 : fffff880`0336a180 fffffa80`0354e040 fffff880`033750c0 c6698044`7cc1cb3c : nt!PspSystemThreadStartup+0x5a fffff880`0357ec40 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 STACK_COMMAND: kb CHKIMG_EXTENSION: !chkimg -lo 50 -d !ataport fffff88000c2d008-fffff88000c2d01a 19 bytes - ataport!IdePortScanChannel [ 4c 8b dc 49 89 5b 18 49:00 00 00 00 00 00 00 00 ] fffff88000c2d01e-fffff88000c2d027 10 bytes - ataport!IdePortScanChannel+16 (+0x16) [ 33 ed 48 8b f9 4c 8d 05:00 00 00 00 00 00 00 00 ] fffff88000c2d02a-fffff88000c2d041 24 bytes - ataport!IdePortScanChannel+22 (+0x0c) [ 48 21 6c 24 30 48 21 6c:00 00 00 00 00 00 00 00 ] fffff88000c2d044-fffff88000c2d048 5 bytes - ataport!IdePortScanChannel+3c (+0x1a) [ 48 8d 0d d5 9a:00 00 00 00 00 ] fffff88000c2d04b-fffff88000c2d059 15 bytes - ataport!IdePortScanChannel+43 (+0x07) [ 48 89 4c 24 40 48 89 4c:00 00 00 00 00 00 00 00 ] fffff88000c2d05c-fffff88000c2d060 5 bytes - ataport!IdePortScanChannel+54 (+0x11) [ 48 8d 05 7d 9a:00 00 00 00 00 ] fffff88000c2d063-fffff88000c2d070 14 bytes - ataport!IdePortScanChannel+5b (+0x07) [ 4d 8d 4b 10 48 89 44 24:00 00 00 00 00 00 00 00 ] fffff88000c2d073-fffff88000c2d094 34 bytes - ataport!IdePortScanChannel+6b (+0x10) [ 48 89 44 24 58 49 21 6b:00 00 00 00 00 00 00 00 ] fffff88000c2d097-fffff88000c2d0a7 17 bytes - ataport!IdePortScanChannel+8f (+0x24) [ 49 89 53 80 49 89 43 90:00 00 00 00 00 00 00 00 ] fffff88000c2d0aa-fffff88000c2d0bb 18 bytes - ataport!IdePortScanChannel+a2 (+0x13) [ 49 89 4b 98 4d 89 43 a0:00 00 00 00 00 00 00 00 ] fffff88000c2d0bd - ataport!IdePortScanChannel+b5 (+0x13) [ 02:00 ] fffff88000c2d0bf-fffff88000c2d0d4 22 bytes - ataport!IdePortScanChannel+b7 (+0x02) [ 48 8b cb 49 89 43 b0 ff:00 00 00 00 00 00 00 00 ] fffff88000c2d0d8-fffff88000c2d0e5 14 bytes - ataport!IdePortScanChannel+d0 (+0x19) [ 48 8d 54 24 30 44 8b c0:00 00 00 00 00 00 00 00 ] fffff88000c2d0e8 - ataport!IdePortScanChannel+e0 (+0x10) [ be:00 ] fffff88000c2d0ea - ataport!IdePortScanChannel+e2 (+0x02) [ 10:00 ] fffff88000c2d0ed-fffff88000c2d117 43 bytes - ataport!IdePortScanChannel+e5 (+0x03) [ 41 b8 49 64 65 50 33 c9:00 00 00 00 00 00 00 00 ] fffff88000c2d11a-fffff88000c2d121 8 bytes - ataport!IdePortScanChannel+112 (+0x2d) [ 44 88 5b 02 8a 8f 30 12:00 00 00 00 00 00 00 00 ] fffff88000c2d124-fffff88000c2d129 6 bytes - ataport!IdePortScanChannel+11c (+0x0a) [ 88 0b ff 87 a0 01:00 00 00 00 00 00 ] fffff88000c2d12c-fffff88000c2d130 5 bytes - ataport!IdePortScanChannel+124 (+0x08) [ 48 89 9f 90 01:00 00 00 00 00 ] fffff88000c2d133-fffff88000c2d139 7 bytes - ataport!IdePortScanChannel+12b (+0x07) [ 48 85 db 0f 84 aa 02:00 00 00 00 00 00 00 ] fffff88000c2d13c-fffff88000c2d13f 4 bytes - ataport!IdePortScanChannel+134 (+0x09) [ 21 ac 24 f0:00 00 00 00 ] fffff88000c2d143-fffff88000c2d147 5 bytes - ataport!IdePortScanChannel+13b (+0x07) [ 4c 8d 8c 24 f0:00 00 00 00 00 ] fffff88000c2d14b-fffff88000c2d159 15 bytes - ataport!IdePortScanChannel+143 (+0x08) [ 4c 8d 05 be a5 ff ff b2:00 00 00 00 00 00 00 00 ] fffff88000c2d15c-fffff88000c2d15f 4 bytes - ataport!IdePortScanChannel+154 (+0x11) [ 8a 84 24 f0:00 00 00 00 ] fffff88000c2d163-fffff88000c2d165 3 bytes - ataport!IdePortScanChannel+15b (+0x07) [ 49 bf 08:00 00 00 ] fffff88000c2d169-fffff88000c2d1ab 67 bytes - ataport!IdePortScanChannel+161 (+0x06) [ 80 f7 ff ff 88 43 03 48:00 00 00 00 00 00 00 00 ] fffff88000c2d1ae-fffff88000c2d1b3 6 bytes - ataport!IdePortScanChannel+1a6 (+0x45) [ 44 0f b6 8f 38 12:00 00 00 00 00 00 ] fffff88000c2d1b6-fffff88000c2d1c2 13 bytes - ataport!IdePortScanChannel+1ae (+0x08) [ 48 8b 49 18 4c 8d 05 f7:00 00 00 00 00 00 00 00 ] fffff88000c2d1c6-fffff88000c2d222 93 bytes - ataport!IdePortScanChannel+1be (+0x10) [ 89 44 24 20 e8 99 90 fe:00 00 00 00 00 00 00 00 ] fffff88000c2d225-fffff88000c2d239 21 bytes - ataport!IdePortScanChannel+21d (+0x5f) [ 48 8b 49 18 49 8b c0 48:00 00 00 00 00 00 00 00 ] fffff88000c2d23c-fffff88000c2d240 5 bytes - ataport!IdePortScanChannel+234 (+0x17) [ 4c 8b c2 ba 0b:00 00 00 00 00 ] fffff88000c2d244-fffff88000c2d2a9 102 bytes - ataport!IdePortScanChannel+23c (+0x08) [ 49 c1 e8 0b 4c 89 44 24:00 00 00 00 00 00 00 00 ] fffff88000c2d2ac-fffff88000c2d2c7 28 bytes - ataport!IdePortScanChannel+2a4 (+0x68) [ 48 8b 49 18 48 8b d6 48:00 00 00 00 00 00 00 00 ] fffff88000c2d2ca-fffff88000c2d2ce 5 bytes - ataport!IdePortScanChannel+2c2 (+0x1e) [ 4c 8b c2 ba 0c:00 00 00 00 00 ] fffff88000c2d2d2-fffff88000c2d2f6 37 bytes - ataport!IdePortScanChannel+2ca (+0x08) [ 49 c1 e8 0b 4c 89 44 24:00 00 00 00 00 00 00 00 ] fffff88000c2d2f9-fffff88000c2d337 63 bytes - ataport!IdePortScanChannel+2f1 (+0x27) [ 4c 8b 1d 28 ce ff ff 41:00 00 00 00 00 00 00 00 ] fffff88000c2d33a-fffff88000c2d359 32 bytes - ataport!IdePortScanChannel+332 (+0x41) [ 48 8b 49 18 48 2b d5 48:00 00 00 00 00 00 00 00 ] fffff88000c2d35c-fffff88000c2d360 5 bytes - ataport!IdePortScanChannel+354 (+0x22) [ 4c 8b d2 ba 0d:00 00 00 00 00 ] fffff88000c2d364-fffff88000c2d37e 27 bytes - ataport!IdePortScanChannel+35c (+0x08) [ 49 c1 ea 0b 4c 89 54 24:00 00 00 00 00 00 00 00 ] fffff88000c2d382-fffff88000c2d39a 25 bytes - ataport!IdePortScanChannel+37a (+0x1e) [ eb 08 44 0f b6 4b 03 41:00 00 00 00 00 00 00 00 ] fffff88000c2d39d-fffff88000c2d3a9 13 bytes - ataport!IdePortScanChannel+395 (+0x1b) [ 40 32 ff 40 0f b6 c7 48:00 00 00 00 00 00 00 00 ] fffff88000c2d3ad-fffff88000c2d3b7 11 bytes - ataport!IdePortScanChannel+3a5 (+0x10) [ 74 0b 40 8a d7 48 8b cb:00 00 00 00 00 00 00 00 ] fffff88000c2d3ba-fffff88000c2d3d7 30 bytes - ataport!IdePortScanChannel+3b2 (+0x0d) [ 40 fe c7 40 3a 7b 02 76:00 00 00 00 00 00 00 00 ] fffff88000c2d3d9-fffff88000c2d3e9 17 bytes - ataport!IdePortScanChannel+3d1 (+0x1f) [ 33 d2 48 8b cb ff 15 64:00 00 00 00 00 00 00 00 ] fffff88000c2d3ec-fffff88000c2d3f0 5 bytes - ataport!IdePortScanChannel+3e4 (+0x13) [ 01 83 8f 9c 01:00 00 00 00 00 ] fffff88000c2d3f3-fffff88000c2d3f8 6 bytes - ataport!IdePortScanChannel+3eb (+0x07) [ 01 4c 8d 9c 24 d0:00 00 00 00 00 00 ] fffff88000c2d3fc-fffff88000c2d42a 47 bytes - ataport!IdePortScanChannel+3f4 (+0x09) [ 49 8b 5b 30 49 8b 6b 38:00 00 00 00 00 00 00 00 ] fffff88000c2d42c-fffff88000c2d437 12 bytes - ataport!IdeEnumerateLuns+18 (+0x30) [ 48 8b ea 48 8b f9 75 10:00 00 00 00 00 00 00 00 ] fffff88000c2d43a-fffff88000c2d43e 5 bytes - ataport!IdeEnumerateLuns+26 (+0x0e) [ 20 83 89 9c 01:00 00 00 00 00 ] fffff88000c2d441-fffff88000c2d450 16 bytes - ataport!IdeEnumerateLuns+2d (+0x07) [ 20 eb 4a 40 32 f6 40 0f:00 00 00 00 00 00 00 00 ] WARNING: !chkimg output was truncated to 50 lines. Invoke !chkimg without '-lo [num_lines]' to view entire output. 3555 errors : !ataport (fffff88000c2d008-fffff88000c2dfff) MODULE_NAME: memory_corruption IMAGE_NAME: memory_corruption FOLLOWUP_NAME: memory_corruption DEBUG_FLR_IMAGE_TIMESTAMP: 0 MEMORY_CORRUPTOR: LARGE FAILURE_BUCKET_ID: X64_MEMORY_CORRUPTION_LARGE BUCKET_ID: X64_MEMORY_CORRUPTION_LARGE Followup: memory_corruption ---------
Let us know the results.
with the TDSSKiller all clean
didnt did the windows defender offline yet
Sorry, explain please? Did it found anything there?
If found, the computer should behave normal now.
If not, run WDO as suggested earlier, and then test your RAM modules for possible errors.
How to Test and Diagnose RAM Issues with Memtest86+
Run memtest for at least 8 passes, preferably overnight, per RAM module per slot.
i'll do the WDO and memory test later today
but how i'll kno if found any issues with 'em?
idk with of the memory is to download and wdo is the 32 or 64