Navigation section

Windows 7 Plague of BSOD leave me with an unusable system

BobbleHead

BobbleHead

New Member
Joined
Jun 27, 2011
Messages
8
Hello everyone,

Earlier tonight my computer crashed, BSOD, while web browsing. Following this crash I haven't been able to use my computer at all because it's either BSOD during startup or within minutes of windows booting. I tried system restore and the BSOD persist. I've zipped all of the minidump files and attached them.

Link Removed

Any help would be extremely appreciated. Thanks everyone.:D

I'm running x64 win7

-Mike
 


Last edited:
Solution
Elmer
Hi Bobblehead (I'm sure you're not really!! :) ) and Welcome to The Forum. Just to get you started....
Not a comment on your surfing habits, but do you visit sites that may be considered dubious? Just the way you describe your bluescreening sort of points to you having picked up a bug.

There's a rootkit that's been doing the rounds since last December.
It usually starts by blue screening/freezing on random programs, then when booting to Normal Mode, then when you try to boot to Safe Mode. Eventually it will allow no access whatsoever.

If this sounds familar, Download TDSSKiller and run it in Safe Mode. Just to rule out the rootkit.
As long as you can keep Safe Mode open for 30 seconds or so it will be enough to run...
Click to expand...
Sort by date Sort by votes
Hi Bobblehead (I'm sure you're not really!! :) ) and Welcome to The Forum. Just to get you started....
Not a comment on your surfing habits, but do you visit sites that may be considered dubious? Just the way you describe your bluescreening sort of points to you having picked up a bug.

There's a rootkit that's been doing the rounds since last December.
It usually starts by blue screening/freezing on random programs, then when booting to Normal Mode, then when you try to boot to Safe Mode. Eventually it will allow no access whatsoever.

If this sounds familar, Download TDSSKiller and run it in Safe Mode. Just to rule out the rootkit.
As long as you can keep Safe Mode open for 30 seconds or so it will be enough to run TDSSKiller and remove the rootkit if present.
Click to expand...

I'd also download, install and update Malwarebytes' Free. Then run a full scan in Safe Mode.

ASACPI.sys Mon Mar 28 03:30:36 2005 This driver is notorious for causing BSOD's. There is an update here: Asus ATK0110 driver. Look under the sub-heading: Utilities. Approx. 12th one down.

Driver Install - Manual method (If required)

  1. Download the driver and extract it to a folder.
  2. Open the Device Manager.
  3. Right click the device you wish to change the drivers for. You can select Properties > Driver > Driver Details to check you have the right device.
  4. Choose Update Driver Software.
  5. Select Browse My Computer For Driver Software.
  6. Select Let me pick from a list of device drivers on my computer.
  7. Select Have disk...
  8. Select Browse..
  9. Navigate to the extracted folder and double click on the .inf file
  10. Hit OK, then Next and the driver(s) will then begin to install.
  11. After it has installed, GoTo C:\Windows\System32\Drivers. Locate the Asacpi.sys driver, right click it and check the dates under its properties. You'll be looking for a "Modified" date of 2009 or 2010. On rare occasions it's a right pig to update.

Code: 
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1A, {41790, fffffa80038d92a0, ffff, 0}

Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+36024 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

MEMORY_MANAGEMENT (1a)
    # Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 0000000000041790, The subtype of the bugcheck.
Arg2: fffffa80038d92a0
Arg3: 000000000000ffff
Arg4: 0000000000000000

Debugging Details:
------------------


BUGCHECK_STR:  0x1a_41790

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

PROCESS_NAME:  mmc.exe

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from fffff80002309e40 to fffff8000229bd00

STACK_TEXT:  
fffff880`04297828 fffff800`02309e40 : 00000000`0000001a 00000000`00041790 fffffa80`038d92a0 00000000`0000ffff : nt!KeBugCheckEx
fffff880`04297830 fffff800`022cf5d9 : 00000000`00000000 00000000`71715fff fffffa80`00000000 fffffa80`0966f010 : nt! ?? ::FNODOBFM::`string'+0x36024
fffff880`042979f0 fffff800`025b28b1 : fffffa80`09632c10 00000000`00000000 00000000`00000000 00000000`00000000 : nt!MiRemoveMappedView+0xd9
fffff880`04297b10 fffff800`025b2cb3 : 00000000`00000000 00000000`703c0000 fffffa80`00000001 fffffa80`08737330 : nt!MiUnmapViewOfSection+0x1b1
fffff880`04297bd0 fffff800`0229af93 : fffffa80`09214060 fffff880`04297ca0 fffffa80`08425060 00000000`03178470 : nt!NtUnmapViewOfSection+0x5f
fffff880`04297c20 00000000`76db15ba : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0014bfe8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x76db15ba


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt! ?? ::FNODOBFM::`string'+36024
fffff800`02309e40 cc              int     3

SYMBOL_STACK_INDEX:  1

SYMBOL_NAME:  nt! ?? ::FNODOBFM::`string'+36024

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  4d9fdd5b

FAILURE_BUCKET_ID:  X64_0x1a_41790_nt!_??_::FNODOBFM::_string_+36024

BUCKET_ID:  X64_0x1a_41790_nt!_??_::FNODOBFM::_string_+36024

Followup: MachineOwner
---------

0: kd> lmsmtn
start             end                 module name
fffff880`00f29000 fffff880`00f80000   ACPI     ACPI.sys     Sat Nov 20 09:19:16 2010 (4CE79294)
fffff880`01072000 fffff880`0107d000   amdxata  amdxata.sys  Fri Mar 19 16:18:18 2010 (4BA3A3CA)
fffff880`02f2e000 fffff880`02f36000   ASACPI   ASACPI.sys   Mon Mar 28 03:30:36 2005 (42476C4C)
fffff880`00df1000 fffff880`00dfa000   atapi    atapi.sys    Tue Jul 14 00:19:47 2009 (4A5BC113)
fffff880`0103d000 fffff880`01067000   ataport  ataport.SYS  Sat Nov 20 09:19:15 2010 (4CE79293)
fffff960`00b10000 fffff960`00b71000   ATMFD    ATMFD.DLL    Sat Feb 19 09:00:32 2011 (4D5F86B0)
fffff880`0163f000 fffff880`01646000   Beep     Beep.SYS     Tue Jul 14 01:00:13 2009 (4A5BCA8D)
fffff880`02f36000 fffff880`02f47000   blbdrive blbdrive.sys Tue Jul 14 00:35:59 2009 (4A5BC4DF)
fffff880`02ef7000 fffff880`02f21000   cdrom    cdrom.sys    Sat Nov 20 09:19:20 2010 (4CE79298)
fffff880`00c00000 fffff880`00cc0000   CI       CI.dll       Sat Nov 20 13:12:36 2010 (4CE7C944)
fffff880`019c9000 fffff880`019f9000   CLASSPNP CLASSPNP.SYS Sat Nov 20 09:19:23 2010 (4CE7929B)
fffff880`00d29000 fffff880`00d87000   CLFS     CLFS.SYS     Tue Jul 14 00:19:57 2009 (4A5BC11D)
fffff880`0113b000 fffff880`011ad000   cng      cng.sys      Sat Nov 20 10:08:45 2010 (4CE79E2D)
fffff880`02f47000 fffff880`02f57000   CompositeBus CompositeBus.sys Sat Nov 20 10:33:17 2010 (4CE7A3ED)
fffff880`02c14000 fffff880`02c22000   crashdmp crashdmp.sys Tue Jul 14 01:01:01 2009 (4A5BCABD)
fffff880`019b3000 fffff880`019c9000   disk     disk.sys     Tue Jul 14 00:19:57 2009 (4A5BC11D)
fffff880`02c2e000 fffff880`02c37000   dump_atapi dump_atapi.sys Tue Jul 14 00:19:47 2009 (4A5BC113)
fffff880`02c22000 fffff880`02c2e000   dump_dumpata dump_dumpata.sys Tue Jul 14 00:19:47 2009 (4A5BC113)
fffff880`02c37000 fffff880`02c4a000   dump_dumpfve dump_dumpfve.sys Tue Jul 14 00:21:51 2009 (4A5BC18F)
fffff880`02c4a000 fffff880`02c56000   Dxapi    Dxapi.sys    Tue Jul 14 00:38:28 2009 (4A5BC574)
fffff960`00590000 fffff960`005ae000   dxg      dxg.sys      Tue Jul 14 00:38:28 2009 (4A5BC574)
fffff880`010c9000 fffff880`010dd000   fileinfo fileinfo.sys Tue Jul 14 00:34:25 2009 (4A5BC481)
fffff880`0107d000 fffff880`010c9000   fltmgr   fltmgr.sys   Sat Nov 20 09:19:24 2010 (4CE7929C)
fffff960`00870000 fffff960`00879000   framebuf framebuf.dll Tue Jul 14 00:38:47 2009 (4A5BC587)
fffff880`01211000 fffff880`0121b000   Fs_Rec   Fs_Rec.sys   Tue Jul 14 00:19:45 2009 (4A5BC111)
fffff880`01979000 fffff880`019b3000   fvevol   fvevol.sys   Sat Nov 20 09:24:06 2010 (4CE793B6)
fffff880`01876000 fffff880`018c0000   fwpkclnt fwpkclnt.sys Sat Nov 20 09:21:37 2010 (4CE79321)
fffff880`02f21000 fffff880`02f2e000   GEARAspiWDM GEARAspiWDM.sys Mon May 18 13:17:04 2009 (4A1151C0)
fffff800`02805000 fffff800`0284e000   hal      hal.dll      Sat Nov 20 13:00:25 2010 (4CE7C669)
fffff880`015c8000 fffff880`015ec000   HDAudBus HDAudBus.sys Sat Nov 20 10:43:42 2010 (4CE7A65E)
fffff880`02f5a000 fffff880`02f73000   HIDCLASS HIDCLASS.SYS Sat Nov 20 10:43:49 2010 (4CE7A665)
fffff880`02f73000 fffff880`02f7b080   HIDPARSE HIDPARSE.SYS Tue Jul 14 01:06:17 2009 (4A5BCBF9)
fffff880`02d77000 fffff880`02d85000   hidusb   hidusb.sys   Sat Nov 20 10:43:49 2010 (4CE7A665)
fffff880`01970000 fffff880`01979000   hwpolicy hwpolicy.sys Sat Nov 20 09:18:54 2010 (4CE7927E)
fffff880`02fa6000 fffff880`02fb5000   kbdclass kbdclass.sys Tue Jul 14 00:19:50 2009 (4A5BC116)
fffff880`02def000 fffff880`02dfd000   kbdhid   kbdhid.sys   Sat Nov 20 10:33:25 2010 (4CE7A3F5)
fffff800`00ba2000 fffff800`00bac000   kdcom    kdcom.dll    Sat Feb 05 16:52:49 2011 (4D4D8061)
fffff880`011ad000 fffff880`011f0000   ks       ks.sys       Sat Nov 20 10:33:23 2010 (4CE7A3F3)
fffff880`013da000 fffff880`013f5000   ksecdd   ksecdd.sys   Sat Nov 20 09:21:15 2010 (4CE7930B)
fffff880`01460000 fffff880`0148b000   ksecpkg  ksecpkg.sys  Sat Nov 20 10:10:34 2010 (4CE79E9A)
fffff880`02d85000 fffff880`02d9a000   LHidFilt LHidFilt.Sys Tue Aug 24 18:21:36 2010 (4C73FFA0)
fffff880`02c00000 fffff880`02c14000   LMouFilt LMouFilt.Sys Tue Aug 24 18:21:43 2010 (4C73FFA7)
fffff880`00cc6000 fffff880`00d15000   mcupdate_GenuineIntel mcupdate_GenuineIntel.dll Sat Nov 20 13:03:51 2010 (4CE7C737)
fffff880`02fb5000 fffff880`02fc4000   mouclass mouclass.sys Tue Jul 14 00:19:50 2009 (4A5BC116)
fffff880`02d45000 fffff880`02d52000   mouhid   mouhid.sys   Tue Jul 14 01:00:20 2009 (4A5BCA94)
fffff880`00d87000 fffff880`00da1000   mountmgr mountmgr.sys Sat Nov 20 09:19:21 2010 (4CE79299)
fffff880`01067000 fffff880`01072000   msahci   msahci.sys   Sat Nov 20 10:33:58 2010 (4CE7A416)
fffff880`01664000 fffff880`0166f000   Msfs     Msfs.SYS     Tue Jul 14 00:19:47 2009 (4A5BC113)
fffff880`00f89000 fffff880`00f93000   msisadrv msisadrv.sys Tue Jul 14 00:19:26 2009 (4A5BC0FE)
fffff880`010dd000 fffff880`0113b000   msrpc    msrpc.sys    Sat Nov 20 09:21:56 2010 (4CE79334)
fffff880`02f7c000 fffff880`02f87000   mssmbios mssmbios.sys Tue Jul 14 00:31:10 2009 (4A5BC3BE)
fffff880`0195e000 fffff880`01970000   mup      mup.sys      Tue Jul 14 00:23:45 2009 (4A5BC201)
fffff880`014d5000 fffff880`015c8000   ndis     ndis.sys     Sat Nov 20 09:23:30 2010 (4CE79392)
fffff880`01400000 fffff880`01460000   NETIO    NETIO.SYS    Sat Nov 20 09:23:13 2010 (4CE79381)
fffff880`014b0000 fffff880`014c1000   Npfs     Npfs.SYS     Tue Jul 14 00:19:48 2009 (4A5BC114)
fffff800`0221c000 fffff800`02805000   nt       ntkrnlmp.exe Sat Apr 09 05:15:23 2011 (4D9FDD5B)
fffff880`01237000 fffff880`013da000   Ntfs     Ntfs.sys     Fri Mar 11 03:39:39 2011 (4D79997B)
fffff880`01636000 fffff880`0163f000   Null     Null.SYS     Tue Jul 14 00:19:37 2009 (4A5BC109)
fffff880`02d2d000 fffff880`02d45000   nusb3hub nusb3hub.sys Fri Jan 22 03:22:18 2010 (4B5919EA)
fffff880`02ec5000 fffff880`02ef5000   nusb3xhc nusb3xhc.sys Fri Jan 22 03:22:21 2010 (4B5919ED)
fffff880`00fd3000 fffff880`00fe8000   partmgr  partmgr.sys  Sat Nov 20 09:20:00 2010 (4CE792C0)
fffff880`00f93000 fffff880`00fc6000   pci      pci.sys      Sat Nov 20 09:19:11 2010 (4CE7928F)
fffff880`00e5c000 fffff880`00e63000   pciide   pciide.sys   Tue Jul 14 00:19:49 2009 (4A5BC115)
fffff880`00e63000 fffff880`00e73000   PCIIDEX  PCIIDEX.SYS  Tue Jul 14 00:19:48 2009 (4A5BC114)
fffff880`01200000 fffff880`01211000   pcw      pcw.sys      Tue Jul 14 00:19:27 2009 (4A5BC0FF)
fffff880`00d15000 fffff880`00d29000   PSHED    PSHED.dll    Tue Jul 14 02:32:23 2009 (4A5BE027)
fffff880`02f87000 fffff880`02f92000   rdpbus   rdpbus.sys   Tue Jul 14 01:17:46 2009 (4A5BCEAA)
fffff880`01924000 fffff880`0195e000   rdyboost rdyboost.sys Sat Nov 20 09:43:10 2010 (4CE7982E)
fffff880`02e00000 fffff880`02e2f000   SCSIPORT SCSIPORT.SYS Sat Nov 20 10:34:01 2010 (4CE7A419)
fffff880`02e2f000 fffff880`02e30480   swenum   swenum.sys   Tue Jul 14 01:00:18 2009 (4A5BCA92)
fffff880`01672000 fffff880`01876000   tcpip    tcpip.sys    Mon Apr 25 03:37:30 2011 (4DB4DE6A)
fffff880`02f92000 fffff880`02fa6000   termdd   termdd.sys   Sat Nov 20 11:03:40 2010 (4CE7AB0C)
fffff960`00660000 fffff960`0066a000   TSDDD    TSDDD.dll    unavailable (00000000)
fffff880`02d9a000 fffff880`02def000   udfs     udfs.sys     Sat Nov 20 09:26:11 2010 (4CE79433)
fffff880`02e31000 fffff880`02e43000   umbus    umbus.sys    Sat Nov 20 10:44:37 2010 (4CE7A695)
fffff880`02d5a000 fffff880`02d77000   usbccgp  usbccgp.sys  Fri Mar 25 03:29:14 2011 (4D8C0C0A)
fffff880`02ef5000 fffff880`02ef6f00   USBD     USBD.SYS     Fri Mar 25 03:28:59 2011 (4D8C0BFB)
fffff880`015ec000 fffff880`015fd000   usbehci  usbehci.sys  Fri Mar 25 03:29:04 2011 (4D8C0C00)
fffff880`02cd3000 fffff880`02d2d000   usbhub   usbhub.sys   Fri Mar 25 03:29:25 2011 (4D8C0C15)
fffff880`02e6f000 fffff880`02ec5000   USBPORT  USBPORT.SYS  Fri Mar 25 03:29:12 2011 (4D8C0C08)
fffff880`02fc4000 fffff880`02fd3000   VClone   VClone.sys   Sun Aug 09 22:25:45 2009 (4A7F3ED9)
fffff880`00fc6000 fffff880`00fd3000   vdrvroot vdrvroot.sys Tue Jul 14 01:01:31 2009 (4A5BCADB)
fffff880`01646000 fffff880`01654000   vga      vga.sys      Tue Jul 14 00:38:47 2009 (4A5BC587)
fffff880`0148b000 fffff880`014b0000   VIDEOPRT VIDEOPRT.SYS Tue Jul 14 00:38:51 2009 (4A5BC58B)
fffff880`00da1000 fffff880`00ddd000   vmbus    vmbus.sys    Sat Nov 20 09:57:29 2010 (4CE79B89)
fffff880`018c0000 fffff880`018d0000   vmstorfl vmstorfl.sys Sat Nov 20 09:57:30 2010 (4CE79B8A)
fffff880`00fe8000 fffff880`00ffd000   volmgr   volmgr.sys   Sat Nov 20 09:19:28 2010 (4CE792A0)
fffff880`00e00000 fffff880`00e5c000   volmgrx  volmgrx.sys  Sat Nov 20 09:20:43 2010 (4CE792EB)
fffff880`018d0000 fffff880`0191c000   volsnap  volsnap.sys  Sat Nov 20 09:20:08 2010 (4CE792C8)
fffff880`02d52000 fffff880`02d5a000   wacommousefilter wacommousefilter.sys Fri Feb 16 18:12:17 2007 (45D5F401)
fffff880`02f57000 fffff880`02f59a00   wacomvhid wacomvhid.sys Tue Sep 22 00:29:14 2009 (4AB80C4A)
fffff880`01654000 fffff880`01664000   watchdog watchdog.sys Tue Jul 14 00:37:35 2009 (4A5BC53F)
fffff880`00e76000 fffff880`00f1a000   Wdf01000 Wdf01000.sys Tue Jul 14 00:22:07 2009 (4A5BC19F)
fffff880`00f1a000 fffff880`00f29000   WDFLDR   WDFLDR.SYS   Tue Jul 14 00:19:54 2009 (4A5BC11A)
fffff960`000b0000 fffff960`003c2000   win32k   win32k.sys   Sat May 28 04:06:27 2011 (4DE066B3)
fffff880`00ddd000 fffff880`00df1000   winhv    winhv.sys    Sat Nov 20 09:20:02 2010 (4CE792C2)
fffff880`00f80000 fffff880`00f89000   WMILIB   WMILIB.SYS   Tue Jul 14 00:19:51 2009 (4A5BC117)
fffff880`02c56000 fffff880`02c77000   WudfPf   WudfPf.sys   Sat Nov 20 10:42:44 2010 (4CE7A624)

Unloaded modules:
fffff880`01600000 fffff880`0160e000   crashdmp.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0000E000
fffff880`0160e000 fffff880`0161a000   dump_ataport
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0000C000
fffff880`0161a000 fffff880`01623000   dump_atapi.s
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00009000
fffff880`01623000 fffff880`01636000   dump_dumpfve
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00013000
fffff880`0191c000 fffff880`01924000   spldr.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00008000
 


Last edited:
Upvote 0 Downvote
Solution
Thanks so much Elmer! I've downloaded all the files you mentioned (already have malware bytes installed) and I'll be going down your list right now trying each possible solution. I'll keep you updated. Fingers crossed... and here I go.

p.s. my head is rather large and I've been known to bobble wildly on occasion.
 


Upvote 0 Downvote
No rootkit. No malware. But since updating that driver I haven't seen a single bsod. Elmer, you are my hero and I vow to name my first born after you. *bows* Hopefully these BSOD stay gone.
 


Upvote 0 Downvote
Weird how that driver suddenly reared its ugly head, but life/Windows can sometimes be like that. Hope you are sorted.

And Elmer is a horrible name for a girl.


Ask my daughter!!
 


Upvote 0 Downvote
Elmer said:
Weird how that driver suddenly reared its ugly head, but life/Windows can sometimes be like that. Hope you are sorted.

And Elmer is a horrible name for a girl.


Ask my daughter!!
Click to expand...

End of day update:

BSOD has not reared it's ugly head again and after updating the driver my computer has been performing better than ever. Maybe it's all in my head but it seems like shutting down and booting up are quicker than before.

I don't know how you figured this out Elmer but I am grateful.
 


Upvote 0 Downvote
Good to hear and Thanks for the feedback. Give it a week to try all permutations of use, if no BSOD's, I'd say you can safely put the hammer away.
 


Last edited:
Upvote 0 Downvote
You must log in or register to reply here.
Back
Top