ok having major problems with bsod. already have done some reading and checking things out already. ill post the problems and things ive already done below
so get the bsod, then the pc begins to reboot. when rebooting, it stops at the first screen the the red compaq with <f10 = setip> <f11=sys recov> <esc=boot menu>. pressing f10, f11, esc doesnt work. alt-ctrl-del rebooted the pc and got passed the screen with the red compaq letters. now i get to select safe mode and press enter. then i get the bsod again. so pc begins to reboot itself and freezes at the red compag letter screen. cant press any key and alt-ctrl-del doesnt work. have to physically press and hold the power on/off button to reboot the pc.
so i turn off and on the pc. gets passes the red compag letters, and i select "launch system repair". now i get the windows screen with the scrolling green bar. then i get to start up repair.
after selecting start up repair i get this error:
startrep.exe application error
the instructions @ 0x775a59c3 referenced memory @ 0x0210c7cc. the memory could not be read. click ok to terminate the program.
after that i get to the menu where i can select system recovery options.. it asks me to select a keyboard layout and i select US and press next. so now im at the system recovery tool menu. i clicked startup repair and i get this message. startup repair cant repair this computer automatically. if i view problem details is shows this:
problem signature
problem event name: start up repair v2
prob sign 01: autofailove
prob sign 02: 6.0.6001.18000.6.0.6001.18000
prob sign 03: 0
prob sign 04: 65537
prob sign 05: unknown
prob sign 06: corrupt registry
prob sign 07: 32
prob sign 08: 3
prob sign 09: rollbackregistry
prob sign 10: 32
os version: 6.0.6.001.2.1.0.256.1
locale id: 1033
after viewing this i clicked on check for solution. when looking at diag & repair details:
everything result: completed successfully
root cause found:
registry is corrupt
i also was in the recovery manager. went into hardware diagnostic tools (run a computer checkup) and tested everything there (cpu & memory test, optical drive, hard drive test) all pass and had no errors. (so am correct in assuming that all the ram and hardware is ok if it passed all these tests???? or should i do that memory test that i have seen recommended in previous postings, memtest86)
so i exit this and click on restart the computer. unfortunately it freezes at the window with the red compaq lettering again.
so after turning the pc off and on about 4-5 times i was able to get a normal start up and windows loaded. then i was able to do a few more things. first, downloaded Malwarebytes' Anti-Malware and updated it. ran it and this is the results:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 7921
Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421
10/11/2011 3:28:10 AM
mbam-log-2011-10-11 (03-28-10).txt
Scan type: Full scan (C:\|)
Objects scanned: 383395
Time elapsed: 1 hour(s), 19 minute(s), 37 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
ive also attached the sfc /scannow results as an attachment: cbs.zip
listed blown are the minidumps for the crashes. ive listed two of them. the first one i have received 2-3 times and the 2nd only one so far.
1st mini dump:
2nd mini dump:
so get the bsod, then the pc begins to reboot. when rebooting, it stops at the first screen the the red compaq with <f10 = setip> <f11=sys recov> <esc=boot menu>. pressing f10, f11, esc doesnt work. alt-ctrl-del rebooted the pc and got passed the screen with the red compaq letters. now i get to select safe mode and press enter. then i get the bsod again. so pc begins to reboot itself and freezes at the red compag letter screen. cant press any key and alt-ctrl-del doesnt work. have to physically press and hold the power on/off button to reboot the pc.
so i turn off and on the pc. gets passes the red compag letters, and i select "launch system repair". now i get the windows screen with the scrolling green bar. then i get to start up repair.
after selecting start up repair i get this error:
startrep.exe application error
the instructions @ 0x775a59c3 referenced memory @ 0x0210c7cc. the memory could not be read. click ok to terminate the program.
after that i get to the menu where i can select system recovery options.. it asks me to select a keyboard layout and i select US and press next. so now im at the system recovery tool menu. i clicked startup repair and i get this message. startup repair cant repair this computer automatically. if i view problem details is shows this:
problem signature
problem event name: start up repair v2
prob sign 01: autofailove
prob sign 02: 6.0.6001.18000.6.0.6001.18000
prob sign 03: 0
prob sign 04: 65537
prob sign 05: unknown
prob sign 06: corrupt registry
prob sign 07: 32
prob sign 08: 3
prob sign 09: rollbackregistry
prob sign 10: 32
os version: 6.0.6.001.2.1.0.256.1
locale id: 1033
after viewing this i clicked on check for solution. when looking at diag & repair details:
everything result: completed successfully
root cause found:
registry is corrupt
i also was in the recovery manager. went into hardware diagnostic tools (run a computer checkup) and tested everything there (cpu & memory test, optical drive, hard drive test) all pass and had no errors. (so am correct in assuming that all the ram and hardware is ok if it passed all these tests???? or should i do that memory test that i have seen recommended in previous postings, memtest86)
so i exit this and click on restart the computer. unfortunately it freezes at the window with the red compaq lettering again.
so after turning the pc off and on about 4-5 times i was able to get a normal start up and windows loaded. then i was able to do a few more things. first, downloaded Malwarebytes' Anti-Malware and updated it. ran it and this is the results:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 7921
Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421
10/11/2011 3:28:10 AM
mbam-log-2011-10-11 (03-28-10).txt
Scan type: Full scan (C:\|)
Objects scanned: 383395
Time elapsed: 1 hour(s), 19 minute(s), 37 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
ive also attached the sfc /scannow results as an attachment: cbs.zip
listed blown are the minidumps for the crashes. ive listed two of them. the first one i have received 2-3 times and the 2nd only one so far.
1st mini dump:
Code:
Microsoft (R) Windows Debugger Version 6.12.0002.633 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\Bob\Desktop\Mini101111-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path. *
* Use .symfix to have the debugger choose a symbol path.
*
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is:
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger.
*
* using .sympath and .sympath+ *
*********************************************************************
Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for
ntoskrnl.exe
Windows Server 2008/Windows Vista Kernel Version 6002 (Service Pack 2) MP (2
procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Machine Name:
Kernel base = 0x8243d000 PsLoadedModuleList = 0x8254a930
Debug session time: Tue Oct 11 00:06:44.882 2011 (UTC - 10:00)
System Uptime: 0 days 0:00:25.429
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger.
*
* using .sympath and .sympath+ *
*********************************************************************
Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for
ntoskrnl.exe
Loading Kernel Symbols
...............................................................
..........................................................
Loading User Symbols
Loading unloaded module list
....
*** WARNING: Unable to verify timestamp for hal.dll
*** ERROR: Module load completed but symbols could not be loaded for
hal.dll
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck A, {400360c, 2, 1, 8240dede}
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols
***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information.
***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work.
***
*** ***
*** Type referenced: nt!_KPRCB
***
***
***
*************************************************************************
*************************************************************************
*** ***
***
***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information.
***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work.
***
*** ***
*** Type referenced: nt!_KPRCB
***
***
***
*************************************************************************
*************************************************************************
*** ***
***
***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information.
***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work.
***
*** ***
*** Type referenced: nt!_KPRCB
***
*** ***
*************************************************************************
Probably caused by : ntoskrnl.exe ( nt+5acc9 )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at
an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0400360c, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only
on chips which support this level of status)
Arg4: 8240dede, address which referenced memory
Debugging Details:
------------------
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*************************************************************************
***
***
*** ***
*** Your debugger is not using the correct symbols
***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information.
***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work.
***
*** ***
*** Type referenced: nt!_KPRCB
***
***
***
*************************************************************************
*************************************************************************
*** ***
***
***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information.
***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work.
***
*** ***
*** Type referenced: nt!_KPRCB
***
***
***
*************************************************************************
*************************************************************************
*** ***
***
***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information.
***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work.
***
*** ***
*** Type referenced: nt!_KPRCB
***
*** ***
*************************************************************************
ADDITIONAL_DEBUG_TEXT:
Use '!findthebuild' command to search for the target build information.
If the build information is available, run '!findthebuild -s ; .reload' to
set symbol path and load symbols.
MODULE_NAME: nt
FAULTING_MODULE: 8243d000 nt
DEBUG_FLR_IMAGE_TIMESTAMP: 4dfb55f3
WRITE_ADDRESS: unable to get nt!MmSpecialPoolStart
unable to get nt!MmSpecialPoolEnd
unable to get nt!MmPoolCodeStart
unable to get nt!MmPoolCodeEnd
0400360c
CURRENT_IRQL: 0
FAULTING_IP:
hal+3ede
8240dede ?? ???
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xA
LAST_CONTROL_TRANSFER: from 8240dede to 82497cc9
STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be
wrong.
8904fc20 8240dede badb0d00 00000000 ffd070f0 nt+0x5acc9
8904fd7c 825e55ed 84a83540 6c43ff71 00000000 hal+0x3ede
8904fdc0 824cc64e 84a795ce 84a83540 00000000 nt+0x1a85ed
00000000 00000000 00000000 00000000 00000000 nt+0x8f64e
STACK_COMMAND: kb
FOLLOWUP_IP:
nt+5acc9
82497cc9 833dc016568200 cmp dword ptr [nt+0x1246c0 (825616c0)],0
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt+5acc9
FOLLOWUP_NAME: MachineOwner
IMAGE_NAME: ntoskrnl.exe
BUCKET_ID: WRONG_SYMBOLS
Followup: MachineOwner2nd mini dump:
Code:
Loading Dump File [C:\Users\Bob\Desktop\Mini101011-03.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path.
*
* Use .symfix to have the debugger choose a symbol path.
*
* After setting your symbol path, use .reload to refresh symbol locations.
*
****************************************************************************
Executable search path is:
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger.
*
* using .sympath and .sympath+ *
*********************************************************************
Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for
ntoskrnl.exe
Windows Server 2008/Windows Vista Kernel Version 6002 (Service Pack 2) MP (2
procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Machine Name:
Kernel base = 0x8244f000 PsLoadedModuleList = 0x8255c930
Debug session time: Mon Oct 10 14:21:18.978 2011 (UTC - 10:00)
System Uptime: 0 days 0:00:13.650
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger.
*
* using .sympath and .sympath+ *
*********************************************************************
Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for
ntoskrnl.exe
Loading Kernel Symbols
...............................................................
............
Loading User Symbols
Loading unloaded module list
.
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck D4, {912cc3c4, 1f, 1, 8245c6e2}
*** WARNING: Unable to verify timestamp for mssmbios.sys
*** ERROR: Module load completed but symbols could not be loaded for
mssmbios.sys
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols
***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information.
***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work.
***
*** ***
*** Type referenced: nt!_KPRCB
***
***
***
*************************************************************************
*************************************************************************
*** ***
***
***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information.
***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work.
***
*** ***
*** Type referenced: nt!_KPRCB
***
***
***
*************************************************************************
*************************************************************************
*** ***
***
***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information.
***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work.
***
*** ***
*** Type referenced: nt!_KPRCB
***
*** ***
*************************************************************************
Probably caused by : mssmbios.sys ( mssmbios+1f51 )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************
SYSTEM_SCAN_AT_RAISED_IRQL_CAUGHT_IMPROPER_DRIVER_UNLOAD (d4)
A driver unloaded without cancelling lookaside lists, DPCs, worker threads,
etc.
The broken driver's name is displayed on the screen.
When possible, the guilty driver's name (Unicode string) is printed on
the bugcheck screen and saved in KiBugCheckDriver.
An attempt was made to access the driver at raised IRQL after it
unloaded.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 912cc3c4, memory referenced
Arg2: 0000001f, IRQL
Arg3: 00000001, value 0 = read operation, 1 = write operation
Arg4: 8245c6e2, address which referenced memory
Debugging Details:
------------------
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*************************************************************************
***
***
*** ***
*** Your debugger is not using the correct symbols
***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information.
***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work.
***
*** ***
*** Type referenced: nt!_KPRCB
***
***
***
*************************************************************************
*************************************************************************
*** ***
***
***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information.
***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work.
***
*** ***
*** Type referenced: nt!_KPRCB
***
***
***
*************************************************************************
*************************************************************************
*** ***
***
***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information.
***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work.
***
*** ***
*** Type referenced: nt!_KPRCB
***
*** ***
*************************************************************************
ADDITIONAL_DEBUG_TEXT:
Use '!findthebuild' command to search for the target build information.
If the build information is available, run '!findthebuild -s ; .reload' to
set symbol path and load symbols.
FAULTING_MODULE: 8244f000 nt
DEBUG_FLR_IMAGE_TIMESTAMP: 47918b87
WRITE_ADDRESS: unable to get nt!MmSpecialPoolStart
unable to get nt!MmSpecialPoolEnd
unable to get nt!MmPoolCodeStart
unable to get nt!MmPoolCodeEnd
912cc3c4
CURRENT_IRQL: 0
FAULTING_IP:
nt+d6e2
8245c6e2 ?? ???
CUSTOMER_CRASH_COUNT: 3
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xD4
LAST_CONTROL_TRANSFER: from 8245c6e2 to 824a9cc9
STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be
wrong.
8075c668 8245c6e2 badb0d00 1c8050ca 00000000 nt+0x5acc9
8075c6e8 8e401f51 8e4054e0 8e401e06 00000002 nt+0xd6e2
8075c710 825b2b83 8a970f38 8a976000 8075ca98 mssmbios+0x1f51
8075c8f4 825a763e 00000000 8075c900 8075c924 nt+0x163b83
8075c938 825f8972 889b8888 00000001 889b8874 nt+0x15863e
8075c974 825f8d9f 8075ca98 8075c9c8 878f8f00 nt+0x1a9972
8075ca0c 825a7041 40000000 80000058 8075ca40 nt+0x1a9d9f
8075caf0 825a670e 00000000 8075cd38 82576f90 nt+0x158041
8075ccec 8245cd99 83ff4620 8a4fce00 8075cd38 nt+0x15770e
8075cd44 824aa706 00000000 00000000 83fed2d8 nt+0xdd99
8075cd7c 825f75ed 00000000 c44b8fe3 00000000 nt+0x5b706
8075cdc0 824de64e 824aa609 00000001 00000000 nt+0x1a85ed
00000000 00000000 00000000 00000000 00000000 nt+0x8f64e
STACK_COMMAND: kb
FOLLOWUP_IP:
mssmbios+1f51
8e401f51 ?? ???
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: mssmbios+1f51
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: mssmbios
IMAGE_NAME: mssmbios.sys
BUCKET_ID: WRONG_SYMBOLS
Followup: MachineOwner
Last edited by a moderator:
