Использование Javascript отключено

Javascript отключен. В результате, некоторые функции могут не работать. Для возобновления полноценного функционирования форума, включите Javascript.

Drweb Cureit Blue Screen

Автор WellDW , фев 21 2011 10:55

Please log in to reply

8 ответов в этой теме

#1 WellDW

Newbie

Posters
4 Сообщений:

Отправлено 21 Февраль 2011 - 10:55

running cureit to scan computer. After one hour or two, it became blue screen.
I have tired for several times, and this happened every time.

Наверх

#2 Borka

Забанен за флуд

Members
19 512 Сообщений:

Отправлено 21 Февраль 2011 - 13:05

running cureit to scan computer. After one hour or two, it became blue screen.
I have tired for several times, and this happened every time.

Can you provide dump-file?

С уважением,
Борис А. Чертенко aka Borka.

Наверх

#3 WellDW

Newbie

Posters
4 Сообщений:

Отправлено 21 Февраль 2011 - 14:16

Here it is. Thanks for helping.

Прикрепленные файлы:

022111_31059_01.zip 26,77К 36 Скачано раз

Наверх

#4 Borka

Забанен за флуд

Members
19 512 Сообщений:

Отправлено 21 Февраль 2011 - 15:22

Bugcheck points on SRTSP.SYS

*******************************************************************************
*																			 *
*						Bugcheck Analysis									*
*																			 *
*******************************************************************************

BAD_POOL_HEADER &#40;19&#41;
The pool is already corrupt at the time of the current request.
This may or may not be due to the caller.
The internal pool links must be walked to figure out a possible cause of
the problem, and then special pool applied to the suspect tags or the driver
verifier to a suspect driver.
Arguments&#58;
Arg1&#58; 00000021, 
Arg2&#58; b75a7000
Arg3&#58; 00002258
Arg4&#58; 00000000

Debugging Details&#58;
------------------

BUGCHECK_STR&#58;  0x19_21

POOL_ADDRESS&#58; GetPointerFromAddress&#58; unable to read from 84378718
Unable to read MiSystemVaType memory at 84358160
 b75a7000 

CUSTOMER_CRASH_COUNT&#58;  1

DEFAULT_BUCKET_ID&#58;  VISTA_RC

PROCESS_NAME&#58;  f10cf_xp.exe

CURRENT_IRQL&#58;  0

LAST_CONTROL_TRANSFER&#58;  from 8d9931d5 to 8432f1b6

STACK_TEXT&#58;  
8ef13430 8d9931d5 b75a7000 00000000 8ef13454 nt!ExFreePoolWithTag+0x1b1
WARNING&#58; Stack unwind information not available. Following frames may be wrong.
8ef13440 8d9aa9c0 b75a7000 8ef134b0 8d959e60 SRTSP+0x581d5
8ef13454 8d992730 b75a7000 00000000 e6bee748 SRTSP+0x6f9c0
8ef1349c 8d98192d e6bee928 e6bee748 00000005 SRTSP+0x57730
8ef1351c 8d982c30 00000001 00000002 e6bee748 SRTSP+0x4692d
8ef13534 8d983aa0 8e39eaf8 e6bee748 842cb132 SRTSP+0x47c30
8ef13550 8d983b73 e6bee748 8ef135e4 00000000 SRTSP+0x48aa0
8ef13574 8d960433 8e7ca2e3 d01f7c68 d01f7d20 SRTSP+0x48b73
8ef135c0 8d1a3324 d01f7cc8 8ef135e4 00000000 SRTSP+0x25433
8ef13628 8d1a6512 001f7c68 d01f7c68 1000000c fltmgr!FltpPerformPostCallbacks+0x24a
8ef1363c 8d1a6b46 d01f7c68 d01b0bd0 8ef1367c fltmgr!FltpProcessIoCompletion+0x10
8ef1364c 8d1a729c 87b1ea38 d01b0bd0 d01f7c68 fltmgr!FltpPassThroughCompletion+0x98
8ef1367c 8d1ba8c9 8ef1369c 00000000 00000000 fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x33a
8ef136c8 8424c4ac 87b1ea38 87b1e4f8 898519d0 fltmgr!FltpCreate+0x2db
8ef136e0 b681f09b 89b58630 898519d0 d01b0bd0 nt!IofCallDriver+0x63
8ef1376c b681eb6f 898519d0 d01b0bd0 89b58630 ksafefilemon+0x609b
8ef137b0 b681dea2 898519d0 d01b0bd0 00000000 ksafefilemon+0x5b6f
8ef137c4 8424c4ac 898519d0 d01b0bd0 8752e140 ksafefilemon+0x4ea2
8ef137dc baf69bc9 8ef13804 baf716d5 8752e140 nt!IofCallDriver+0x63
8ef137e4 baf716d5 8752e140 d01b0bd0 8752e140 dwprot+0xbc9
8ef13804 baf69fcb 8752e140 d01b0bd0 8ef13828 dwprot+0x86d5
8ef13814 baf69c4d 8752e140 d01b0bd0 8752e140 dwprot+0xfcb
8ef13828 8424c4ac 8752e140 d01b0bd0 89b5868c dwprot+0xc4d
8ef13840 84450afd a6fef01d 8ef139e8 00000000 nt!IofCallDriver+0x63
8ef13918 d142157b 87ada928 84b98f78 d04c0a38 nt!IopParseDevice+0xed7
8ef13994 d1447729 00000000 8ef139e8 00000040 0xd142157b
8ef139f0 d143fa7b 0333f180 86b98f78 00000000 0xd1447729
8ef13a6c d144b392 0333f164 80100080 0333f180 0xd143fa7b
8ef13ab8 d124343a 0333f164 80100080 0333f180 0xd144b392
8ef13aec d1240ecd badb0d00 8ef13b64 00000001 0xd124343a
8ef13be8 baf9288c 87165408 880526a0 00000000 0xd1240ecd
8ef13bfc d123c4ac 880526a0 893cb798 893cb798 42E9LjT5+0x888c
8ef13d04 8425343a 000002c8 00000000 00000000 0xd123c4ac
8ef13d04 00000001 000002c8 00000000 00000000 nt!KiFastCallEntry+0x12a
00000000 00000000 00000000 00000000 00000000 0x1

STACK_COMMAND&#58;  kb

FOLLOWUP_IP&#58; 
SRTSP+581d5
8d9931d5 ??			  ???

SYMBOL_STACK_INDEX&#58;  1

FOLLOWUP_NAME&#58;  MachineOwner

MODULE_NAME&#58; SRTSP

IMAGE_NAME&#58;  SRTSP.SYS

DEBUG_FLR_IMAGE_TIMESTAMP&#58;  4ce7126a

SYMBOL_NAME&#58;  SRTSP+581d5

FAILURE_BUCKET_ID&#58;  0x19_21_SRTSP+581d5

BUCKET_ID&#58;  0x19_21_SRTSP+581d5

Followup&#58; MachineOwner
---------

0&#58; kd> lmvm SRTSP
start	end		module name
8d93b000 8d9c0000   SRTSP	T &#40;no symbols&#41;		   
	Loaded symbol image file&#58; SRTSP.SYS
	Image path&#58; SRTSP.SYS
	Image name&#58; SRTSP.SYS
	Timestamp&#58;		Sat Nov 20 02&#58;12&#58;26 2010 &#40;4CE7126A&#41;
	CheckSum&#58;		 0008BF58
	ImageSize&#58;		00085000
	Translations&#58;	 0000.04b0 0000.04e0 0409.04b0 0409.04e0

С уважением,
Борис А. Чертенко aka Borka.

Наверх

#5 WellDW

Newbie

Posters
4 Сообщений:

Отправлено 21 Февраль 2011 - 17:26

Thanks!
This file is in my security software folder...
So I think cureit is not compatible with it...
Though I thought non-install scanner would not meet compatible problem before...

Наверх

#6 Borka

Забанен за флуд

Members
19 512 Сообщений:

Отправлено 21 Февраль 2011 - 17:29

Ask Support for assistance.

С уважением,
Борис А. Чертенко aka Borka.

Наверх

#7 WellDW

Newbie

Posters
4 Сообщений:

Отправлено 22 Февраль 2011 - 15:06

blue screen again even I run cureit in safe mode.
I think in safe mode, my security software will not run on start up.
Maybe this time it is caused by other problem?
Can you help me with the new dump file?

Прикрепленные файлы:

022211_28906_01.zip 20,06К 31 Скачано раз

Наверх

#8 Borka

Забанен за флуд

Members
19 512 Сообщений:

Отправлено 22 Февраль 2011 - 15:23

blue screen again even I run cureit in safe mode.
I think in safe mode, my security software will not run on start up.
Maybe this time it is caused by other problem?
Can you help me with the new dump file?

As I see DrWeb's Shield had crashed:

Microsoft ® Windows Debugger  Version 6.6.0007.5Copyright © Microsoft Corporation. All rights reserved.Loading Dump File [D:\2&#92;&#48;22211-28906-01.dmp]Mini Kernel Dump File: Only registers and stack trace are availableSymbol search path is: srv*e:\symbols*http://msdl.microsoft.com/download/symbolsExecutable search path is: Windows Vista Kernel Version 7600 MP (4 procs) Free x86 compatibleProduct: WinNt, suite: TerminalServer SingleUserTSBuilt by: 7600.16695.x86fre.win7_gdr.101026-1503Kernel base = 0x82217000 PsLoadedModuleList = 0x8235f810Debug session time: Mon Feb 21 23:35:53.603 2011 (GMT+2)System Uptime: 0 days 0:58:12.493Loading Kernel Symbols................................................................................................Loading User SymbolsLoading unloaded module list.....3: kd> !analyze -v********************************************************************************                                                                             **                        Bugcheck Analysis                                    **                                                                             ********************************************************************************PFN_LIST_CORRUPT (4e)Typically caused by drivers passing bad memory descriptor lists (ie: callingMmUnlockPages twice with the same list, etc).  If a kernel debugger isavailable get the stack trace.Arguments:Arg1: 00000099, A PTE or PFN is corruptArg2: 00000000, page frame numberArg3: 00000000, current page stateArg4: 00000000, 0Debugging Details:------------------*** WARNING: Unable to verify timestamp for QJfwLh8U.sys*** ERROR: Module load completed but symbols could not be loaded for QJfwLh8U.sysCUSTOMER_CRASH_COUNT:  1DEFAULT_BUCKET_ID:  VISTA_RCBUGCHECK_STR:  0x4EPROCESS_NAME:  f10cf_xp.exeCURRENT_IRQL:  1LAST_CONTROL_TRANSFER:  from 874817c4 to 87474dfcSTACK_TEXT:  WARNING: Frame IP not in any known module. Following frames may be wrong.9b194850 874817c4 0000004e 00000099 00000000 0x87474dfc9b194988 822534ac 00000000 8620d448 8620d448 0x874817c49b194a28 8262cba9 86622a88 00000000 9b194a6c nt!IofCallDriver+0x639b194a00 875f5467 0020d488 9b194a3c 9b194a6c hal!KfLowerIrql+0x619b194ad0 8225a43a 011b6e04 027ef590 000da008 0x875f54679b194ad0 82258bb1 011b6e04 027ef590 000da008 nt!KiFastCallEntry+0x12a9b194b5c a6223106 000002dc 027ef590 080da008 nt!ZwQueryInformationFile+0x119b194be8 a621f8a8 86842eb8 8688dc40 00000000 QJfwLh8U+0xc1069b194bfc 873d44ac 8688dc40 86301d68 86301d68 QJfwLh8U+0x88a89b194d04 8225a43a 0000026c 00000000 00000000 0x873d44ac9b194d04 875ddc01 0000026c 00000000 00000000 nt!KiFastCallEntry+0x12a87400ff0 00000000 00000000 00000000 00000000 0x875ddc01STACK_COMMAND:  kbFOLLOWUP_IP: QJfwLh8U+c106a6223106 ??              ???SYMBOL_STACK_INDEX:  7SYMBOL_NAME:  QJfwLh8U+c106FOLLOWUP_NAME:  MachineOwnerMODULE_NAME: QJfwLh8UIMAGE_NAME:  QJfwLh8U.sysDEBUG_FLR_IMAGE_TIMESTAMP:  4c7d14bfFAILURE_BUCKET_ID:  0x4E_QJfwLh8U+c106BUCKET_ID:  0x4E_QJfwLh8U+c106Followup: MachineOwner---------3: kd> lmvm QJfwLh8Ustart    end        module namea6217000 a6248c80   QJfwLh8U T (no symbols)               Loaded symbol image file: QJfwLh8U.sys    Image path: QJfwLh8U.sys    Image name: QJfwLh8U.sys    Timestamp:        Tue Aug 31 17:42:07 2010 (4C7D14BF)    CheckSum:         00035225    ImageSize:        00031C80    Translations:     0000.04b0 0000.04e0 0409.04b0 0409.04e0

С уважением,
Борис А. Чертенко aka Borka.