Blue Screen Error 0x70860002

phx

New Member
#1
Hello,

After downloading a possible virus, malware etc.-- from keygenguru.com -- , the system crashed and windows didnt load successfully ever after.

I'm getting a 0x70860002 error with blue screen when tried to boot with safe mode.

I can't get any dump as I can't have any access to files.

<< edited I managed to get th dump files >> View attachment dumpfiles.zip View attachment dumpfiles.zip Untitled2.gif Untitled.gif

I tried to recover the PC to an earlier time but it didnt help either.

I'm using Windows 7 Professional edition.
 


Last edited:

Captain Jack

Extraordinary Member
#2
Hello and Welcome to W7F !

Seems like iaStor.sys caused the System to crash. it's Intel Matrix Storage Manager driver go to here then see if that works. if not go to C:\Windows\System32\Drivers and rename the iaStor.sys ot iaStor.old and reboot the System.

Then SFC /SCANNOW Command - System File Checker - Windows 7 Forums

Code:
KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: 0000000000000000, The exception code that was not handled
Arg2: 0000000000000000, The address that the exception occurred at
Arg3: 0000000000000000, Parameter 0 of the exception
Arg4: 0000000000000000, Parameter 1 of the exception

Debugging Details:
------------------


EXCEPTION_CODE: (Win32) 0 (0) - The operation completed successfully.

FAULTING_IP: 
+1ae952f009bdfdc
00000000`00000000 ??              ???

EXCEPTION_PARAMETER1:  0000000000000000

EXCEPTION_PARAMETER2:  0000000000000000

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0x1E

PROCESS_NAME:  AtBroker.exe

CURRENT_IRQL:  2

EXCEPTION_RECORD:  fffff80000ba0a88 -- (.exr 0xfffff80000ba0a88)
ExceptionAddress: fffff88001278dc2 (iaStor+0x0000000000009dc2)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 0000000000000000
   Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff

TRAP_FRAME:  fffff80000ba0b30 -- (.trap 0xfffff80000ba0b30)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffef880029091b8 rbx=0000000000000000 rcx=0000000000000000
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff88001278dc2 rsp=fffff80000ba0cc0 rbp=fffff80000ba0d70
 r8=fffff80000ba0ce0  r9=0000000000000050 r10=fffffa8004320dc0
r11=0000000000000002 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl zr na po nc
iaStor+0x9dc2:
fffff880`01278dc2 ??              ???
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff80002e6946e to fffff80002e71710

STACK_TEXT:  
fffff800`00b9fb78 fffff800`02e6946e : 00000000`00000000 00000000`00000000 fffff800`00ba02f0 fffff800`02e9e668 : nt!KeBugCheck
fffff800`00b9fb80 fffff800`02e9740d : fffff800`0307fb7c fffff800`02fb9e84 fffff800`02e01000 fffff800`00ba0a88 : nt!KiKernelCalloutExceptionHandler+0xe
fffff800`00b9fbb0 fffff800`02e9ea90 : fffff800`02fc0a40 fffff800`00b9fc28 fffff800`00ba0a88 fffff800`02e01000 : nt!RtlpExecuteHandlerForException+0xd
fffff800`00b9fbe0 fffff800`02eab9ef : fffff800`00ba0a88 fffff800`00ba02f0 fffff800`00000000 00000000`00000000 : nt!RtlDispatchException+0x410
fffff800`00ba02c0 fffff800`02e70d82 : fffff800`00ba0a88 fffffa80`0434ac68 fffff800`00ba0b30 fffff800`00ba0d01 : nt!KiDispatchException+0x16f
fffff800`00ba0950 fffff800`02e6f68a : 00000000`00000000 00000000`00000002 fffffa80`0359e040 fffff800`02e5100e : nt!KiExceptionDispatch+0xc2
fffff800`00ba0b30 fffff880`01278dc2 : fffffa80`0434ac68 fffffa80`0434ac68 fffff800`00ba0d01 fffff880`049ca700 : nt!KiGeneralProtectionFault+0x10a
fffff800`00ba0cc0 fffffa80`0434ac68 : fffffa80`0434ac68 fffff800`00ba0d01 fffff880`049ca700 00000000`00000000 : iaStor+0x9dc2
fffff800`00ba0cc8 fffffa80`0434ac68 : fffff800`00ba0d01 fffff880`049ca700 00000000`00000000 fffffa80`04351408 : 0xfffffa80`0434ac68
fffff800`00ba0cd0 fffff800`00ba0d01 : fffff880`049ca700 00000000`00000000 fffffa80`04351408 fffffa80`0434ac02 : 0xfffffa80`0434ac68
fffff800`00ba0cd8 fffff880`049ca700 : 00000000`00000000 fffffa80`04351408 fffffa80`0434ac02 fffff880`0129d12c : 0xfffff800`00ba0d01
fffff800`00ba0ce0 00000000`00000000 : fffffa80`04351408 fffffa80`0434ac02 fffff880`0129d12c 00000000`00000000 : 0xfffff880`049ca700


STACK_COMMAND:  kb

FOLLOWUP_IP: 
iaStor+9dc2
fffff880`01278dc2 ??              ???

SYMBOL_STACK_INDEX:  7

SYMBOL_NAME:  iaStor+9dc2

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: iaStor

IMAGE_NAME:  iaStor.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4ac65b7a

FAILURE_BUCKET_ID:  X64_0x1E_iaStor+9dc2

BUCKET_ID:  X64_0x1E_iaStor+9dc2

Followup: MachineOwner
---------
 


phx

New Member
#3
thanks Captain, I actually implemented a fix stated in one of other forums as:

Bootrec.exe /FixMbr (then hit enter - wait for it to finish)
Bootrec.exe /FixBoot (then hit enter - wait for it to finish)

it solved the problems and now everything looks fine.
 


Captain Jack

Extraordinary Member
#4
Since that command fixed your problem I wonder it might be the Virus that corrupted the MBR. I think it's a good idea to Download and run Malwrebytes in Safe Mode to remove any infection. Also stay away from these crack or keygen software and websites it cause more damage to OS also those developers who build the software deserves some credit for the hard work and hours they put to build software.
 


phx

New Member
#5
fully agree. :cool:


thx.
 


Trouble

Noob Whisperer
#6
I would think that you're probably correct Cap'n Jack. Just went through this on two Vista Machines for a couple friends, had to boot from the media and fixboot and fixmbr just to get them to boot. As soon as they booted the malware was obvious and I used Malwarebytes and Spybot Search and Destroy updated the signatures and then ran them both in safemode and removed everything they found and then did a complete scan afterwards with MSE, both seem to be working fine now. Time will tell.
 


This website is not affiliated, owned, or endorsed by Microsoft Corporation. It is a member of the Microsoft Partner Program.