Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Need help from Heir, virus causing computer to freeze and cause blue s


  • This topic is locked This topic is locked

#121
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No problem, is Comodo backup still enabled or have you disabled that ?
  • 0

Advertisements


#122
groch

groch

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 180 posts
I believe it's still enabled. I'm out of town, I'll check when u get back
  • 0

#123
groch

groch

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 180 posts
Hello again Essexboy
I returned home, downloaded Windows Debugger Tool and analyzed the last Windows minidump.
Results are attached. Might you or your colleagues be able to help with these results?

Microsoft ® Windows Debugger Version 6.12.0002.633 AMD64
Copyright © Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\Minidump\062613-41917-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*C:\debug_symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.18113.amd64fre.win7sp1_gdr.130318-1533
Machine Name:
Kernel base = 0xfffff800`03805000 PsLoadedModuleList = 0xfffff800`03a48670
Debug session time: Tue Jun 25 10:32:22.743 2013 (UTC - 5:00)
System Uptime: 0 days 0:00:34.413
Loading Kernel Symbols
..............................................Unable to load image Unknown_Module_00000000`00000000, Win32 error 0n2
*** WARNING: Unable to verify timestamp for Unknown_Module_00000000`00000000
Unable to add module at 00000000`00000000

Loading User Symbols
Missing image name, possible paged-out or corrupt data.
Loading unloaded module list
.Missing image name, possible paged-out or corrupt data.
..Missing image name, possible paged-out or corrupt data.
.Missing image name, possible paged-out or corrupt data.
.Missing image name, possible paged-out or corrupt data.
..Missing image name, possible paged-out or corrupt data.
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck A, {fffff10003bb2d90, f, 0, fffff800038a4a0c}

Probably caused by : ntkrnlmp.exe ( nt!RtlLookupFunctionEntry+5c )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: fffff10003bb2d90, memory referenced
Arg2: 000000000000000f, IRQL
Arg3: 0000000000000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff800038a4a0c, address which referenced memory

Debugging Details:
------------------


READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80003ab2100
fffff10003bb2d90

CURRENT_IRQL: 0

FAULTING_IP:
nt!RtlLookupFunctionEntry+5c
fffff800`038a4a0c 65488b2c2520000000 mov rbp,qword ptr gs:[<Unloaded_Unknown_Module_00000000`00000000>+0x20 (00000000`00000020)]

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

BUGCHECK_STR: 0xA

PROCESS_NAME: System

LAST_CONTROL_TRANSFER: from fffff800038836f9 to fffff880043779c2

STACK_TEXT:
fffff800`00b9cc58 fffff800`038836f9 : 00000000`002f90aa fffffa80`063a0568 fffff800`03a03cc0 00000000`00000002 : 0xfffff880`043779c2
fffff800`00b9cc60 fffff800`038728dc : fffff800`039f5e80 fffff800`00000000 00000000`00000000 fffff880`01264414 : nt!PoIdle+0x52a
fffff800`00b9cd40 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiIdleLoop+0x2c


STACK_COMMAND: .bugcheck ; kb

FOLLOWUP_IP:
nt!RtlLookupFunctionEntry+5c
fffff800`038a4a0c 65488b2c2520000000 mov rbp,qword ptr gs:[<Unloaded_Unknown_Module_00000000`00000000>+0x20 (00000000`00000020)]

SYMBOL_NAME: nt!RtlLookupFunctionEntry+5c

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 5147d9c6

FAILURE_BUCKET_ID: X64_0xA_nt!RtlLookupFunctionEntry+5c

BUCKET_ID: X64_0xA_nt!RtlLookupFunctionEntry+5c

Followup: MachineOwner
---------
  • 0

#124
groch

groch

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 180 posts
This is the June 21st minidump. Previous post was June 26th mini dump

Microsoft ® Windows Debugger Version 6.12.0002.633 AMD64
Copyright © Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\Minidump\062113-37081-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*C:\debug_symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.18113.amd64fre.win7sp1_gdr.130318-1533
Machine Name:
Kernel base = 0xfffff800`0381b000 PsLoadedModuleList = 0xfffff800`03a5e670
Debug session time: Fri Jun 21 07:25:41.368 2013 (UTC - 5:00)
System Uptime: 0 days 0:07:14.913
Loading Kernel Symbols
...............................................................
................................................................
..........................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck A, {fffff10003863b10, f, 0, fffff800038baa0c}

Probably caused by : ntkrnlmp.exe ( nt!RtlLookupFunctionEntry+5c )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: fffff10003863b10, memory referenced
Arg2: 000000000000000f, IRQL
Arg3: 0000000000000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff800038baa0c, address which referenced memory

Debugging Details:
------------------


READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80003ac8100
fffff10003863b10

CURRENT_IRQL: f

FAULTING_IP:
nt!RtlLookupFunctionEntry+5c
fffff800`038baa0c 65488b2c2520000000 mov rbp,qword ptr gs:[20h]

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

BUGCHECK_STR: 0xA

PROCESS_NAME: System

TRAP_FRAME: fffff88002e7b340 -- (.trap 0xfffff88002e7b340)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=000000000000000f rbx=0000000000000000 rcx=fffff800038bd7e4
rdx=fffff800038bd860 rsi=0000000000000000 rdi=0000000000000000
rip=fffff800038baa0c rsp=fffff88002e7b4d0 rbp=fffff88002e7b588
r8=fffff8000381b000 r9=0000000000000000 r10=fffff88000c400c4
r11=fffff88002e7b720 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz ac po cy
nt!RtlLookupFunctionEntry+0x5c:
fffff800`038baa0c 65488b2c2520000000 mov rbp,qword ptr gs:[20h] gs:00000000`00000020=????????????????
Resetting default scope

LAST_CONTROL_TRANSFER: from fffff800038901a9 to fffff80003890c00

STACK_TEXT:
fffff880`02e7b1f8 fffff800`038901a9 : 00000000`0000000a fffff100`03863b10 00000000`0000000f 00000000`00000000 : nt!KeBugCheckEx
fffff880`02e7b200 fffff800`0388ee20 : fffff8a0`0cff4e40 00000000`00000001 00000000`00000000 fffff800`038afa13 : nt!KiBugCheckDispatch+0x69
fffff880`02e7b340 fffff800`038baa0c : fffffa80`040b6c10 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x260
fffff880`02e7b4d0 fffff800`038ba1f0 : 00000000`00160016 fffff880`02e7b588 00000000`00000003 00000000`00000000 : nt!RtlLookupFunctionEntry+0x5c
fffff880`02e7b540 fffff800`038cb4d1 : fffff880`02e7c3f8 fffff880`02e7bc50 fffff880`00000000 00000000`00000000 : nt!RtlDispatchException+0xd0
fffff880`02e7bc20 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDispatchException+0x135


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!RtlLookupFunctionEntry+5c
fffff800`038baa0c 65488b2c2520000000 mov rbp,qword ptr gs:[20h]

SYMBOL_STACK_INDEX: 3

SYMBOL_NAME: nt!RtlLookupFunctionEntry+5c

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 5147d9c6

FAILURE_BUCKET_ID: X64_0xA_nt!RtlLookupFunctionEntry+5c

BUCKET_ID: X64_0xA_nt!RtlLookupFunctionEntry+5c

Followup: MachineOwner
---------
  • 0

#125
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK it will take me a bit to run through those :)
  • 0

#126
groch

groch

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 180 posts
Thank you!
  • 0

#127
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you confirm that the shop ran Memtest when they checked it out. As the references are for a memory error
  • 0

#128
groch

groch

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 180 posts
The shop invoice, and their verbal communication indicated no hardware issues. But I don't know specifically what they used to check. Is it a Windows test I can run?
  • 0

#129
groch

groch

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 180 posts
Found Memtest86 from a Google search. Created a USB image and currently running a test. Going to take while I see.
  • 0

#130
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes you will need at least 9 passes I am afraid
  • 0

Advertisements


#131
groch

groch

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 180 posts
Oh my! We're at 2 passes and at 90 minutes elapsed time. I'm sure it will test both CPU's.
  • 0

#132
groch

groch

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 180 posts
Do I let it run 9 passes or will it stop automatically after 9 passes?
  • 0

#133
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No it will continue to run until you stop it, has it detected any errors ?
  • 0

#134
groch

groch

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 180 posts
No errors after 11 passes.
  • 0

#135
groch

groch

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 180 posts
Plus had a unique start up this morning following a Windows update last night. After update, computer shut down. This morning it would not boot to Windows, giving 4 fast beeps, repeating. Restarted in Recovery mode automatically after I powered off and back on and froze in Recovery mode. Restarted in Safe mode successfully, restarted normally, and now up and running. I know there are codes for the beep messages, I'll research. Quite frustrating.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP