bleujaegel
asked on
BSOD
I have a Toshiba laptop that was infected with viruses and spyware. After performing scans and removing everything, it now blue screens about three minutes after logging in.
Looking in the task manager, I found a svchost.exe SYSTEM process that continually uses up memory until it blue screens. If I shut down the process before it gets to about 25K, everything is fine.
The dumpchk file has pointed the finger at several different drivers, specifically related to nVidia (nv_mini.sys) and Intel (e100b325.sys). I have renamed these to filename.old and tried restarting, but it still blue screened.
Finally, I narrowed it down to a service causing the problem, because when I enabled only basic services and drivers to load, it wouldn't crash. From there I decided to disable 5 services at a time until it, hopefully, the problem disappeared. Well, it turned out that by disabling Automatic Updates, Windows no longer blue screened. I tested this loading Windows several times with Automatic updates enabled and disabled.
Now the problem is where to go from here. Below in the dumpchk file, it says 'Unable to load image ntoskrnl.exe, win32 error 2 WARNING: Unable to verify timestamp'. I need to find a way to determine if the Automatic Updates blue screen is a symptom of a problem with ntoskrnl.exe, or if I need to repair Automatic Updates (I have no idea how).
To summarize, I have basically 3 questions.
1. Is the 'Unable to verify timestamp for ntoskrnl.exe' something to worry about, or is this a common error?
2. What can be done if the ntoskrnl.exe file is damaged in some way?
3. Or if questions 1 & 2 don't apply, how to you repair the Automatic Updates service?
Thanks
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\program files\Debugging Tools for Windows>dumpchk !analyze -v -y c:\windows\s
ymbols c:\windows\minidump\mini11
Loading dump file c:\windows\minidump\mini11
Microsoft (R) Windows Debugger Version 6.6.0007.5
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [c:\windows\minidump\mini1
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: c:\windows\symbols
Executable search path is:
Unable to load image ntoskrnl.exe, Win32 error 2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055a420
Debug session time: Tue Nov 21 21:04:28.925 2006 (GMT-8)
System Uptime: 0 days 0:03:04.525
Unable to load image ntoskrnl.exe, Win32 error 2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Loading Kernel Symbols
..........................
..........................
Loading User Symbols
Loading unloaded module list
..........
**************************
* *
* Bugcheck Analysis *
* *
**************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000008E, {c0000005, f85bc80e, f71f8a20, 0}
*** WARNING: Unable to verify timestamp for nv4_mini.sys
Probably caused by : nv4_mini.sys ( nv4_mini!Legacy_dacTVConne
Followup: MachineOwner
---------
----- 32 bit Kernel Mini Dump Analysis
DUMP_HEADER32:
MajorVersion 0000000f
MinorVersion 00000a28
KdSecondaryVersion 00000000
DirectoryTableBase 0390a000
PfnDataBase 81000000
PsLoadedModuleList 8055a420
PsActiveProcessHead 805604d8
MachineImageType 0000014c
NumberProcessors 00000001
BugCheckCode 1000008e
BugCheckParameter1 c0000005
BugCheckParameter2 f85bc80e
BugCheckParameter3 f71f8a20
BugCheckParameter4 00000000
PaeEnabled 00000000
KdDebuggerDataBlock 8054c060
SecondaryDataState 00000000
ProductType 00000001
SuiteMask 00000310
MiniDumpFields 00000dff
TRIAGE_DUMP32:
ServicePackBuild 00000200
SizeOfDump 00010000
ValidOffset 0000fffc
ContextOffset 00000320
ExceptionOffset 000007d0
MmOffset 00001068
UnloadedDriversOffset 000010a0
PrcbOffset 00001878
ProcessOffset 000024c8
ThreadOffset 00002728
CallStackOffset 00002980
SizeOfCallStack 000005d0
DriverListOffset 000031e0
DriverCount 0000006d
StringPoolOffset 00005240
StringPoolSize 00000ed8
BrokenDriverOffset 00000000
TriageOptions 00000041
TopOfStack f71f8a30
DebuggerDataOffset 00002f50
DebuggerDataSize 00000290
DataBlocksOffset 00006118
DataBlocksCount 00000006
c0000000 - c0000fff at offset 00006178
f85bc000 - f85bcfff at offset 00007178
f71f8000 - f71f8fff at offset 00008178
f85c2000 - f85c2fff at offset 00009178
0101c000 - 0101cfff at offset 0000a178
804dd000 - 804ddfff at offset 0000b178
Max offset c178, 9e88 from end of file
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055a420
Debug session time: Tue Nov 21 21:04:28.925 2006 (GMT-8)
System Uptime: 0 days 0:03:04.525
start end module name
804d7000 806eb100 nt Tue Mar 01 16:59:37 2005 (42250FF9)
806ec000 806ffd80 hal Tue Aug 03 22:59:04 2004 (41107B28)
bac07000 bac17e00 psched Tue Aug 03 23:04:16 2004 (41107C60)
bac18000 bac2e680 ndiswan Tue Aug 03 23:14:30 2004 (41107EC6)
bac2f000 bac52980 portcls Tue Aug 03 23:15:47 2004 (41107F13)
bac53000 bac84880 yacxgc Thu Jul 18 21:25:56 2002 (3D3794D4)
bac85000 baca7680 ks Tue Aug 03 23:15:20 2004 (41107EF8)
baca8000 bacbb900 parport Tue Aug 03 22:59:04 2004 (41107B28)
bacbc000 bacd9400 e100b325 Fri Nov 16 14:07:28 2001 (3BF58E20)
bacda000 bacfce80 USBPORT Tue Aug 03 23:08:34 2004 (41107D62)
bacfd000 bad10780 VIDEOPRT Tue Aug 03 23:07:04 2004 (41107D08)
bad11000 bade58c0 nv4_mini Fri Apr 19 14:44:04 2002 (3CC08FA4)
bae2e000 bae48580 Mup Tue Aug 03 23:15:20 2004 (41107EF8)
bae49000 bae75a80 NDIS Tue Aug 03 23:14:27 2004 (41107EC3)
bae76000 baf02480 Ntfs Tue Aug 03 23:15:06 2004 (41107EEA)
baf03000 baf19780 KSecDD Tue Aug 03 22:59:45 2004 (41107B51)
baf1a000 baf2bf00 sr Tue Aug 03 23:06:22 2004 (41107CDE)
baf2c000 baf2d000 fltmgr unavailable (00000000)
baf4b000 baf62480 atapi Tue Aug 03 22:59:41 2004 (41107B4D)
baf63000 baf81880 ftdisk Fri Aug 17 13:52:41 2001 (3B7D8419)
baf82000 baf9f480 pcmcia Tue Aug 03 23:07:45 2004 (41107D31)
bafa0000 bafb0a80 pci Tue Aug 03 23:07:45 2004 (41107D31)
bafb1000 bafded80 ACPI Tue Aug 03 23:07:35 2004 (41107D27)
bf800000 bf9c0500 win32k Tue Mar 01 17:06:42 2005 (422511A2)
bf9c1000 bf9d2580 dxg Tue Aug 03 23:00:51 2004 (41107B93)
bf9d3000 bfd09a80 nv4_disp Fri Apr 19 14:48:39 2002 (3CC090B7)
f6948000 f6988280 HTTP Thu Mar 16 16:33:09 2006 (441A03C5)
f6c89000 f6cda300 srv Mon May 09 17:17:49 2005 (427FFDAD)
f6df0000 f6e04400 wdmaud Tue Aug 03 23:15:03 2004 (41107EE7)
f6e2d000 f6e59400 mrxdav Tue Aug 03 23:00:49 2004 (41107B91)
f7073000 f7088580 irda Tue Aug 03 23:00:50 2004 (41107B92)
f7109000 f7117d80 sysaudio Tue Aug 03 23:15:54 2004 (41107F1A)
f71a5000 f71a8280 ndisuio Tue Aug 03 23:03:10 2004 (41107C1E)
f83ea000 f8401480 dump_atapi Tue Aug 03 22:59:41 2004 (41107B4D)
f842a000 f844af00 ipnat Wed Sep 29 15:28:36 2004 (415B3714)
f844b000 f84b9a00 mrxsmb Fri May 05 02:41:42 2006 (445B1DD6)
f84ba000 f84e4a00 rdbss Fri May 05 02:47:55 2006 (445B1F4B)
f84e5000 f8506d00 afd Tue Aug 03 23:14:13 2004 (41107EB5)
f8507000 f852ec00 netbt Tue Aug 03 23:14:36 2004 (41107ECC)
f852f000 f8586d80 tcpip Wed May 25 12:04:00 2005 (4294CC20)
f8587000 f8599400 ipsec Tue Aug 03 23:14:27 2004 (41107EC3)
f96af000 f96b1900 Dxapi Fri Aug 17 13:53:19 2001 (3B7D843F)
f96cb000 f96fe200 update Tue Aug 03 22:58:32 2004 (41107B08)
f96ff000 f9813b80 AGRSM Fri Jun 21 08:47:54 2002 (3D134AAA)
f9814000 f981cc00 isapnp Fri Aug 17 13:58:01 2001 (3B7D8559)
f9824000 f982e500 MountMgr Tue Aug 03 22:58:29 2004 (41107B05)
f9834000 f9840c80 VolSnap Tue Aug 03 23:00:14 2004 (41107B6E)
f9844000 f984ce00 disk Tue Aug 03 22:59:53 2004 (41107B59)
f9854000 f9860200 CLASSPNP Tue Aug 03 23:14:26 2004 (41107EC2)
f9864000 f986e580 agp440 Tue Aug 03 23:07:40 2004 (41107D2C)
f98b4000 f98bd480 NDProxy Fri Aug 17 13:55:30 2001 (3B7D84C2)
f98c4000 f98d2100 usbhub Tue Aug 03 23:08:40 2004 (41107D68)
f9924000 f992c700 netbios Tue Aug 03 23:03:19 2004 (41107C27)
f9944000 f994c880 Fips Fri Aug 17 18:31:49 2001 (3B7DC585)
f9954000 f995c700 wanarp Tue Aug 03 23:04:57 2004 (41107C89)
f9974000 f9983900 Cdfs Tue Aug 03 23:14:09 2004 (41107EB1)
f99e4000 f99ecd00 intelppm Tue Aug 03 22:59:19 2004 (41107B37)
f99f4000 f9a00e00 i8042prt Tue Aug 03 23:14:36 2004 (41107ECC)
f9a04000 f9a0e380 Imapi Tue Aug 03 23:00:12 2004 (41107B6C)
f9a14000 f9a20180 cdrom Tue Aug 03 22:59:52 2004 (41107B58)
f9a24000 f9a32080 redbook Tue Aug 03 22:59:34 2004 (41107B46)
f9a34000 f9a42b80 drmk Tue Aug 03 23:07:54 2004 (41107D3A)
f9a44000 f9a50880 rasl2tp Tue Aug 03 23:14:21 2004 (41107EBD)
f9a54000 f9a5e200 raspppoe Tue Aug 03 23:05:06 2004 (41107C92)
f9a64000 f9a6fd00 raspptp Tue Aug 03 23:14:26 2004 (41107EC2)
f9a74000 f9a7c900 msgpc Tue Aug 03 23:04:11 2004 (41107C5B)
f9a84000 f9a8df00 termdd Tue Aug 03 22:58:52 2004 (41107B1C)
f9a94000 f9a9a200 PCIIDEX Tue Aug 03 22:59:40 2004 (41107B4C)
f9a9c000 f9aa0900 PartMgr Fri Aug 17 18:32:23 2001 (3B7DC5A7)
f9aa4000 f9aa8080 PxHelp20 Fri Jan 03 14:10:17 2003 (3E160A49)
f9acc000 f9acd000 flpydisk unavailable (00000000)
f9ae4000 f9ae9200 vga Tue Aug 03 23:07:06 2004 (41107D0A)
f9aec000 f9af0a80 Msfs Tue Aug 03 23:00:37 2004 (41107B85)
f9af4000 f9afb880 Npfs Tue Aug 03 23:00:38 2004 (41107B86)
f9b0c000 f9b10500 watchdog Tue Aug 03 23:07:32 2004 (41107D24)
f9b44000 f9b49000 usbuhci Tue Aug 03 23:08:34 2004 (41107D62)
f9b4c000 f9b52000 kbdclass Tue Aug 03 22:58:32 2004 (41107B08)
f9b54000 f9b59a00 mouclass Tue Aug 03 22:58:32 2004 (41107B08)
f9b5c000 f9b5d000 fdc unavailable (00000000)
f9b64000 f9b6b580 Modem Tue Aug 03 23:08:04 2004 (41107D44)
f9b6c000 f9b70c80 rasirda Fri Aug 17 13:51:29 2001 (3B7D83D1)
f9b74000 f9b78880 TDI Tue Aug 03 23:07:47 2004 (41107D33)
f9b7c000 f9b80580 ptilink Fri Aug 17 13:49:53 2001 (3B7D8371)
f9b84000 f9b88080 raspti Fri Aug 17 13:55:32 2001 (3B7D84C4)
f9c24000 f9c27000 BOOTVID Fri Aug 17 13:49:09 2001 (3B7D8345)
f9c28000 f9c2a480 compbatt Fri Aug 17 13:57:58 2001 (3B7D8556)
f9c2c000 f9c2f700 BATTC Fri Aug 17 13:57:52 2001 (3B7D8550)
f9cc8000 f9cca280 rasacd Fri Aug 17 13:55:39 2001 (3B7D84CB)
f9ccc000 f9ccef00 ws2ifsl Fri Aug 17 13:55:58 2001 (3B7D84DE)
f9ce4000 f9ce6b80 IPFilter Thu Apr 11 11:47:22 2002 (3CB5DA3A)
f9cf4000 f9cf7700 CmBatt Tue Aug 03 23:07:39 2004 (41107D2B)
f9cfc000 f9cfe580 ndistapi Fri Aug 17 13:55:29 2001 (3B7D84C1)
f9d00000 f9d03c80 mssmbios Tue Aug 03 23:07:47 2004 (41107D33)
f9d14000 f9d15b80 kdcom Fri Aug 17 13:49:10 2001 (3B7D8346)
f9d16000 f9d17100 WMILIB Fri Aug 17 14:07:23 2001 (3B7D878B)
f9d18000 f9d19580 intelide Tue Aug 03 22:59:40 2004 (41107B4C)
f9d1a000 f9d1b4c0 TVALG Thu Sep 13 03:53:01 2001 (3BA0900D)
f9d1c000 f9d1d240 TVALD Thu Aug 16 22:23:56 2001 (3B7CAA6C)
f9d44000 f9d45100 swenum Tue Aug 03 22:58:41 2004 (41107B11)
f9d4c000 f9d4d000 ParVdm unavailable (00000000)
f9d54000 f9d55280 USBD Fri Aug 17 14:02:58 2001 (3B7D8682)
f9d6c000 f9d6d000 Fs_Rec unavailable (00000000)
f9d6e000 f9d6f080 Beep Fri Aug 17 13:47:33 2001 (3B7D82E5)
f9d70000 f9d71080 mnmdd Fri Aug 17 13:57:28 2001 (3B7D8538)
f9d72000 f9d73080 RDPCDD Fri Aug 17 13:46:56 2001 (3B7D82C0)
f9d78000 f9d79100 dump_WMILIB Fri Aug 17 14:07:23 2001 (3B7D878B)
f9e11000 f9e11c00 audstub Fri Aug 17 13:59:40 2001 (3B7D85BC)
f9e68000 f9e69000 Null unavailable (00000000)
f9ed9000 f9ed9d00 dxgthk Fri Aug 17 13:53:12 2001 (3B7D8438)
Unloaded modules:
f6d03000 f6d2d000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f9e07000 f9e08000 drmkaud.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f99b4000 f99c1000 DMusic.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f6dcd000 f6df0000 aec.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f729a000 f72a8000 swmidi.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f9d58000 f9d5a000 splitter.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f7159000 f7169000 Serial.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
f9934000 f993d000 processr.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f9ad4000 f9ad9000 Cdaudio.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
f9cc4000 f9cc7000 Sfloppy.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
**************************
* *
* Bugcheck Analysis *
* *
**************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000008E, {c0000005, f85bc80e, f71f8a20, 0}
Probably caused by : nv4_mini.sys ( nv4_mini!Legacy_dacTVConne
Followup: MachineOwner
---------
Finished dump check
C:\program files\Debugging Tools for Windows>
Looking in the task manager, I found a svchost.exe SYSTEM process that continually uses up memory until it blue screens. If I shut down the process before it gets to about 25K, everything is fine.
The dumpchk file has pointed the finger at several different drivers, specifically related to nVidia (nv_mini.sys) and Intel (e100b325.sys). I have renamed these to filename.old and tried restarting, but it still blue screened.
Finally, I narrowed it down to a service causing the problem, because when I enabled only basic services and drivers to load, it wouldn't crash. From there I decided to disable 5 services at a time until it, hopefully, the problem disappeared. Well, it turned out that by disabling Automatic Updates, Windows no longer blue screened. I tested this loading Windows several times with Automatic updates enabled and disabled.
Now the problem is where to go from here. Below in the dumpchk file, it says 'Unable to load image ntoskrnl.exe, win32 error 2 WARNING: Unable to verify timestamp'. I need to find a way to determine if the Automatic Updates blue screen is a symptom of a problem with ntoskrnl.exe, or if I need to repair Automatic Updates (I have no idea how).
To summarize, I have basically 3 questions.
1. Is the 'Unable to verify timestamp for ntoskrnl.exe' something to worry about, or is this a common error?
2. What can be done if the ntoskrnl.exe file is damaged in some way?
3. Or if questions 1 & 2 don't apply, how to you repair the Automatic Updates service?
Thanks
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\program files\Debugging Tools for Windows>dumpchk !analyze -v -y c:\windows\s
ymbols c:\windows\minidump\mini11
Loading dump file c:\windows\minidump\mini11
Microsoft (R) Windows Debugger Version 6.6.0007.5
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [c:\windows\minidump\mini1
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: c:\windows\symbols
Executable search path is:
Unable to load image ntoskrnl.exe, Win32 error 2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055a420
Debug session time: Tue Nov 21 21:04:28.925 2006 (GMT-8)
System Uptime: 0 days 0:03:04.525
Unable to load image ntoskrnl.exe, Win32 error 2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Loading Kernel Symbols
..........................
..........................
Loading User Symbols
Loading unloaded module list
..........
**************************
* *
* Bugcheck Analysis *
* *
**************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000008E, {c0000005, f85bc80e, f71f8a20, 0}
*** WARNING: Unable to verify timestamp for nv4_mini.sys
Probably caused by : nv4_mini.sys ( nv4_mini!Legacy_dacTVConne
Followup: MachineOwner
---------
----- 32 bit Kernel Mini Dump Analysis
DUMP_HEADER32:
MajorVersion 0000000f
MinorVersion 00000a28
KdSecondaryVersion 00000000
DirectoryTableBase 0390a000
PfnDataBase 81000000
PsLoadedModuleList 8055a420
PsActiveProcessHead 805604d8
MachineImageType 0000014c
NumberProcessors 00000001
BugCheckCode 1000008e
BugCheckParameter1 c0000005
BugCheckParameter2 f85bc80e
BugCheckParameter3 f71f8a20
BugCheckParameter4 00000000
PaeEnabled 00000000
KdDebuggerDataBlock 8054c060
SecondaryDataState 00000000
ProductType 00000001
SuiteMask 00000310
MiniDumpFields 00000dff
TRIAGE_DUMP32:
ServicePackBuild 00000200
SizeOfDump 00010000
ValidOffset 0000fffc
ContextOffset 00000320
ExceptionOffset 000007d0
MmOffset 00001068
UnloadedDriversOffset 000010a0
PrcbOffset 00001878
ProcessOffset 000024c8
ThreadOffset 00002728
CallStackOffset 00002980
SizeOfCallStack 000005d0
DriverListOffset 000031e0
DriverCount 0000006d
StringPoolOffset 00005240
StringPoolSize 00000ed8
BrokenDriverOffset 00000000
TriageOptions 00000041
TopOfStack f71f8a30
DebuggerDataOffset 00002f50
DebuggerDataSize 00000290
DataBlocksOffset 00006118
DataBlocksCount 00000006
c0000000 - c0000fff at offset 00006178
f85bc000 - f85bcfff at offset 00007178
f71f8000 - f71f8fff at offset 00008178
f85c2000 - f85c2fff at offset 00009178
0101c000 - 0101cfff at offset 0000a178
804dd000 - 804ddfff at offset 0000b178
Max offset c178, 9e88 from end of file
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055a420
Debug session time: Tue Nov 21 21:04:28.925 2006 (GMT-8)
System Uptime: 0 days 0:03:04.525
start end module name
804d7000 806eb100 nt Tue Mar 01 16:59:37 2005 (42250FF9)
806ec000 806ffd80 hal Tue Aug 03 22:59:04 2004 (41107B28)
bac07000 bac17e00 psched Tue Aug 03 23:04:16 2004 (41107C60)
bac18000 bac2e680 ndiswan Tue Aug 03 23:14:30 2004 (41107EC6)
bac2f000 bac52980 portcls Tue Aug 03 23:15:47 2004 (41107F13)
bac53000 bac84880 yacxgc Thu Jul 18 21:25:56 2002 (3D3794D4)
bac85000 baca7680 ks Tue Aug 03 23:15:20 2004 (41107EF8)
baca8000 bacbb900 parport Tue Aug 03 22:59:04 2004 (41107B28)
bacbc000 bacd9400 e100b325 Fri Nov 16 14:07:28 2001 (3BF58E20)
bacda000 bacfce80 USBPORT Tue Aug 03 23:08:34 2004 (41107D62)
bacfd000 bad10780 VIDEOPRT Tue Aug 03 23:07:04 2004 (41107D08)
bad11000 bade58c0 nv4_mini Fri Apr 19 14:44:04 2002 (3CC08FA4)
bae2e000 bae48580 Mup Tue Aug 03 23:15:20 2004 (41107EF8)
bae49000 bae75a80 NDIS Tue Aug 03 23:14:27 2004 (41107EC3)
bae76000 baf02480 Ntfs Tue Aug 03 23:15:06 2004 (41107EEA)
baf03000 baf19780 KSecDD Tue Aug 03 22:59:45 2004 (41107B51)
baf1a000 baf2bf00 sr Tue Aug 03 23:06:22 2004 (41107CDE)
baf2c000 baf2d000 fltmgr unavailable (00000000)
baf4b000 baf62480 atapi Tue Aug 03 22:59:41 2004 (41107B4D)
baf63000 baf81880 ftdisk Fri Aug 17 13:52:41 2001 (3B7D8419)
baf82000 baf9f480 pcmcia Tue Aug 03 23:07:45 2004 (41107D31)
bafa0000 bafb0a80 pci Tue Aug 03 23:07:45 2004 (41107D31)
bafb1000 bafded80 ACPI Tue Aug 03 23:07:35 2004 (41107D27)
bf800000 bf9c0500 win32k Tue Mar 01 17:06:42 2005 (422511A2)
bf9c1000 bf9d2580 dxg Tue Aug 03 23:00:51 2004 (41107B93)
bf9d3000 bfd09a80 nv4_disp Fri Apr 19 14:48:39 2002 (3CC090B7)
f6948000 f6988280 HTTP Thu Mar 16 16:33:09 2006 (441A03C5)
f6c89000 f6cda300 srv Mon May 09 17:17:49 2005 (427FFDAD)
f6df0000 f6e04400 wdmaud Tue Aug 03 23:15:03 2004 (41107EE7)
f6e2d000 f6e59400 mrxdav Tue Aug 03 23:00:49 2004 (41107B91)
f7073000 f7088580 irda Tue Aug 03 23:00:50 2004 (41107B92)
f7109000 f7117d80 sysaudio Tue Aug 03 23:15:54 2004 (41107F1A)
f71a5000 f71a8280 ndisuio Tue Aug 03 23:03:10 2004 (41107C1E)
f83ea000 f8401480 dump_atapi Tue Aug 03 22:59:41 2004 (41107B4D)
f842a000 f844af00 ipnat Wed Sep 29 15:28:36 2004 (415B3714)
f844b000 f84b9a00 mrxsmb Fri May 05 02:41:42 2006 (445B1DD6)
f84ba000 f84e4a00 rdbss Fri May 05 02:47:55 2006 (445B1F4B)
f84e5000 f8506d00 afd Tue Aug 03 23:14:13 2004 (41107EB5)
f8507000 f852ec00 netbt Tue Aug 03 23:14:36 2004 (41107ECC)
f852f000 f8586d80 tcpip Wed May 25 12:04:00 2005 (4294CC20)
f8587000 f8599400 ipsec Tue Aug 03 23:14:27 2004 (41107EC3)
f96af000 f96b1900 Dxapi Fri Aug 17 13:53:19 2001 (3B7D843F)
f96cb000 f96fe200 update Tue Aug 03 22:58:32 2004 (41107B08)
f96ff000 f9813b80 AGRSM Fri Jun 21 08:47:54 2002 (3D134AAA)
f9814000 f981cc00 isapnp Fri Aug 17 13:58:01 2001 (3B7D8559)
f9824000 f982e500 MountMgr Tue Aug 03 22:58:29 2004 (41107B05)
f9834000 f9840c80 VolSnap Tue Aug 03 23:00:14 2004 (41107B6E)
f9844000 f984ce00 disk Tue Aug 03 22:59:53 2004 (41107B59)
f9854000 f9860200 CLASSPNP Tue Aug 03 23:14:26 2004 (41107EC2)
f9864000 f986e580 agp440 Tue Aug 03 23:07:40 2004 (41107D2C)
f98b4000 f98bd480 NDProxy Fri Aug 17 13:55:30 2001 (3B7D84C2)
f98c4000 f98d2100 usbhub Tue Aug 03 23:08:40 2004 (41107D68)
f9924000 f992c700 netbios Tue Aug 03 23:03:19 2004 (41107C27)
f9944000 f994c880 Fips Fri Aug 17 18:31:49 2001 (3B7DC585)
f9954000 f995c700 wanarp Tue Aug 03 23:04:57 2004 (41107C89)
f9974000 f9983900 Cdfs Tue Aug 03 23:14:09 2004 (41107EB1)
f99e4000 f99ecd00 intelppm Tue Aug 03 22:59:19 2004 (41107B37)
f99f4000 f9a00e00 i8042prt Tue Aug 03 23:14:36 2004 (41107ECC)
f9a04000 f9a0e380 Imapi Tue Aug 03 23:00:12 2004 (41107B6C)
f9a14000 f9a20180 cdrom Tue Aug 03 22:59:52 2004 (41107B58)
f9a24000 f9a32080 redbook Tue Aug 03 22:59:34 2004 (41107B46)
f9a34000 f9a42b80 drmk Tue Aug 03 23:07:54 2004 (41107D3A)
f9a44000 f9a50880 rasl2tp Tue Aug 03 23:14:21 2004 (41107EBD)
f9a54000 f9a5e200 raspppoe Tue Aug 03 23:05:06 2004 (41107C92)
f9a64000 f9a6fd00 raspptp Tue Aug 03 23:14:26 2004 (41107EC2)
f9a74000 f9a7c900 msgpc Tue Aug 03 23:04:11 2004 (41107C5B)
f9a84000 f9a8df00 termdd Tue Aug 03 22:58:52 2004 (41107B1C)
f9a94000 f9a9a200 PCIIDEX Tue Aug 03 22:59:40 2004 (41107B4C)
f9a9c000 f9aa0900 PartMgr Fri Aug 17 18:32:23 2001 (3B7DC5A7)
f9aa4000 f9aa8080 PxHelp20 Fri Jan 03 14:10:17 2003 (3E160A49)
f9acc000 f9acd000 flpydisk unavailable (00000000)
f9ae4000 f9ae9200 vga Tue Aug 03 23:07:06 2004 (41107D0A)
f9aec000 f9af0a80 Msfs Tue Aug 03 23:00:37 2004 (41107B85)
f9af4000 f9afb880 Npfs Tue Aug 03 23:00:38 2004 (41107B86)
f9b0c000 f9b10500 watchdog Tue Aug 03 23:07:32 2004 (41107D24)
f9b44000 f9b49000 usbuhci Tue Aug 03 23:08:34 2004 (41107D62)
f9b4c000 f9b52000 kbdclass Tue Aug 03 22:58:32 2004 (41107B08)
f9b54000 f9b59a00 mouclass Tue Aug 03 22:58:32 2004 (41107B08)
f9b5c000 f9b5d000 fdc unavailable (00000000)
f9b64000 f9b6b580 Modem Tue Aug 03 23:08:04 2004 (41107D44)
f9b6c000 f9b70c80 rasirda Fri Aug 17 13:51:29 2001 (3B7D83D1)
f9b74000 f9b78880 TDI Tue Aug 03 23:07:47 2004 (41107D33)
f9b7c000 f9b80580 ptilink Fri Aug 17 13:49:53 2001 (3B7D8371)
f9b84000 f9b88080 raspti Fri Aug 17 13:55:32 2001 (3B7D84C4)
f9c24000 f9c27000 BOOTVID Fri Aug 17 13:49:09 2001 (3B7D8345)
f9c28000 f9c2a480 compbatt Fri Aug 17 13:57:58 2001 (3B7D8556)
f9c2c000 f9c2f700 BATTC Fri Aug 17 13:57:52 2001 (3B7D8550)
f9cc8000 f9cca280 rasacd Fri Aug 17 13:55:39 2001 (3B7D84CB)
f9ccc000 f9ccef00 ws2ifsl Fri Aug 17 13:55:58 2001 (3B7D84DE)
f9ce4000 f9ce6b80 IPFilter Thu Apr 11 11:47:22 2002 (3CB5DA3A)
f9cf4000 f9cf7700 CmBatt Tue Aug 03 23:07:39 2004 (41107D2B)
f9cfc000 f9cfe580 ndistapi Fri Aug 17 13:55:29 2001 (3B7D84C1)
f9d00000 f9d03c80 mssmbios Tue Aug 03 23:07:47 2004 (41107D33)
f9d14000 f9d15b80 kdcom Fri Aug 17 13:49:10 2001 (3B7D8346)
f9d16000 f9d17100 WMILIB Fri Aug 17 14:07:23 2001 (3B7D878B)
f9d18000 f9d19580 intelide Tue Aug 03 22:59:40 2004 (41107B4C)
f9d1a000 f9d1b4c0 TVALG Thu Sep 13 03:53:01 2001 (3BA0900D)
f9d1c000 f9d1d240 TVALD Thu Aug 16 22:23:56 2001 (3B7CAA6C)
f9d44000 f9d45100 swenum Tue Aug 03 22:58:41 2004 (41107B11)
f9d4c000 f9d4d000 ParVdm unavailable (00000000)
f9d54000 f9d55280 USBD Fri Aug 17 14:02:58 2001 (3B7D8682)
f9d6c000 f9d6d000 Fs_Rec unavailable (00000000)
f9d6e000 f9d6f080 Beep Fri Aug 17 13:47:33 2001 (3B7D82E5)
f9d70000 f9d71080 mnmdd Fri Aug 17 13:57:28 2001 (3B7D8538)
f9d72000 f9d73080 RDPCDD Fri Aug 17 13:46:56 2001 (3B7D82C0)
f9d78000 f9d79100 dump_WMILIB Fri Aug 17 14:07:23 2001 (3B7D878B)
f9e11000 f9e11c00 audstub Fri Aug 17 13:59:40 2001 (3B7D85BC)
f9e68000 f9e69000 Null unavailable (00000000)
f9ed9000 f9ed9d00 dxgthk Fri Aug 17 13:53:12 2001 (3B7D8438)
Unloaded modules:
f6d03000 f6d2d000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f9e07000 f9e08000 drmkaud.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f99b4000 f99c1000 DMusic.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f6dcd000 f6df0000 aec.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f729a000 f72a8000 swmidi.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f9d58000 f9d5a000 splitter.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f7159000 f7169000 Serial.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
f9934000 f993d000 processr.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f9ad4000 f9ad9000 Cdaudio.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
f9cc4000 f9cc7000 Sfloppy.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
**************************
* *
* Bugcheck Analysis *
* *
**************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000008E, {c0000005, f85bc80e, f71f8a20, 0}
Probably caused by : nv4_mini.sys ( nv4_mini!Legacy_dacTVConne
Followup: MachineOwner
---------
Finished dump check
C:\program files\Debugging Tools for Windows>
ASKER
Sorry, I forgot to mention I ran memtest, and sfc with no problems reported. I will try the bat file now. Thanks.
ASKER
The regsvr was successful, however, it's still blue screening with the 0x0000008E stop error. It doesn't make any sense. I'll test the memory with another diagnostic tool and see what happens.
Here's information on the 0x0000008E stop error. It's stated as nearly always hardware compatibility issues (which sometimes means a driver issue or a need for a BIOS upgrade ..
http://aumha.org/win5/kbestop.htm
http://aumha.org/win5/kbestop.htm
ASKER
The thing that doesn't make any sense is that it didn't blue screen before the virus and spyware cleanup, so I'm not convinced it's a driver or bios issue. I guess I can try another stick of memory and see if that helps. It's passed memtest and Windows diagnostic tests so far.
ASKER
After replacing the memory, it still blue screened...
> STOP 0x0000008E (0XC0000005, ... <
A previous EE thread refers to a similar error. You could scroll to the bottom for more recent entries. Also check entry by LucF 06/17.
Replacing RAM has been suggested in other threads. Still investigating, nothing conclusive as yet ..
https://www.experts-exchange.com/questions/21028641/STOP-0x0000008E-Error-on-start-up-XP-Pro.html
A previous EE thread refers to a similar error. You could scroll to the bottom for more recent entries. Also check entry by LucF 06/17.
Replacing RAM has been suggested in other threads. Still investigating, nothing conclusive as yet ..
https://www.experts-exchange.com/questions/21028641/STOP-0x0000008E-Error-on-start-up-XP-Pro.html
did you try a repair install yet ? http://www.michaelstevenstech.com/XPrepairinstall.htm
you can also go to device manager, click show hidden devices, and delete the ones you do not want
Hi,
1. Is the 'Unable to verify timestamp for ntoskrnl.exe' something to worry about, or is this a common error?
Answer: Your kernel is not corrupted and it only tells you that the symbol file of windows kernel is not loaded. you have to specify this command to load windows kernel symbols
-y c:\windows\symbols*http://msdl.microsoft.com/download/symbols
2. What can be done if the ntoskrnl.exe file is damaged in some way?
Windows Repair install
3. Or if questions 1 & 2 don't apply, how to you repair the Automatic Updates service?
Your nVidia Display Card Driver is 4 years behind. Upgrade nVidia Display card will resolve the blue screen problem.
cpc2004
1. Is the 'Unable to verify timestamp for ntoskrnl.exe' something to worry about, or is this a common error?
Answer: Your kernel is not corrupted and it only tells you that the symbol file of windows kernel is not loaded. you have to specify this command to load windows kernel symbols
-y c:\windows\symbols*http://msdl.microsoft.com/download/symbols
2. What can be done if the ntoskrnl.exe file is damaged in some way?
Windows Repair install
3. Or if questions 1 & 2 don't apply, how to you repair the Automatic Updates service?
Your nVidia Display Card Driver is 4 years behind. Upgrade nVidia Display card will resolve the blue screen problem.
cpc2004
Hi,
Your debug report is incomplete (ie no stack trace and analysis report) . Use the following command to generate the debug report and post the output here
c:\program files\debugging tools>kd -z C:\WINOWDS\MINIDUMP\xxxxxx
kd> .logopen c:\debuglog.txt
kd> .sympath srv*c:\windows\symbols*http://msdl.microsoft.com/download/symbols
kd> .reload;!analyze -v;r;kv;lmnt;.logclose;q
cpc2004
Your debug report is incomplete (ie no stack trace and analysis report) . Use the following command to generate the debug report and post the output here
c:\program files\debugging tools>kd -z C:\WINOWDS\MINIDUMP\xxxxxx
kd> .logopen c:\debuglog.txt
kd> .sympath srv*c:\windows\symbols*http://msdl.microsoft.com/download/symbols
kd> .reload;!analyze -v;r;kv;lmnt;.logclose;q
cpc2004
Boot into safe mode and scan for virus. Sounds like you have something eating up your memory. If you can pull the HDD and put in a external tray and scan.
ASKER
Here is the debuglog file:
Opened log file 'c:\debuglog.txt'
kd> .sympath srv*c:\windows\symbols*http://msdl.microsoft.com/download/symbols
Symbol search path is: srv*c:\windows\symbols*http://msdl.microsoft.com/download/symbols
kd> .reload;!analyze -v;r;kv;lmnt;.logclose;q
Loading Kernel Symbols
..........................
Loading User Symbols
Loading unloaded module list
..........
**************************
* *
* Bugcheck Analysis *
* *
**************************
KERNEL_MODE_EXCEPTION_NOT_
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: fb26480e, The address that the exception occurred at
Arg3: f98f3a20, Trap Frame
Arg4: 00000000
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".
FAULTING_IP:
+fffffffffb26480e
fb26480e 8a1401 mov dl,byte ptr [ecx+eax]
TRAP_FRAME: f98f3a20 -- (.trap fffffffff98f3a20)
.trap fffffffff98f3a20
ErrCode = 00000000
eax=00000000 ebx=fb26a3d6 ecx=0101d000 edx=804dd22e esi=00001000 edi=0101c000
eip=fb26480e esp=f98f3a94 ebp=f98f3aa0 iopl=0 nv up ei pl nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010206
fb26480e 8a1401 mov dl,byte ptr [ecx+eax] ds:0023:0101d000=??
.trap
Resetting default scope
CUSTOMER_CRASH_COUNT: 2
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0x8E
PROCESS_NAME: WindowsXP-KB922
LAST_CONTROL_TRANSFER: from fb26670a to fb26480e
STACK_TEXT:
WARNING: Frame IP not in any known module. Following frames may be wrong.
f98f3aa0 fb26670a 0101c000 0000001e fb26a3d6 0xfb26480e
f98f3b78 805f9351 00000608 8b7c0da0 00000001 0xfb26670a
f98f3b58 fb266913 8b7c0da0 e1c135d0 811ba560 nt!PspCreateThread+0x3e3
f98f3b78 805f9351 00000608 8b7c0da0 00000001 0xfb266913
f98f3cc4 8057b2a3 00beecbc 001f03ff 00000000 nt!PspCreateThread+0x3e3
f98f3d3c 804de7ec 00beecbc 001f03ff 00000000 nt!NtCreateThread+0x118
f98f3d3c 7c90eb94 00beecbc 001f03ff 00000000 nt!KiFastCallEntry+0xf8
00bef338 00000000 00000000 00000000 00000000 0x7c90eb94
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!PspCreateThread+3e3
805f9351 57 push edi
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: nt!PspCreateThread+3e3
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntoskrnl.exe
DEBUG_FLR_IMAGE_TIMESTAMP:
FAILURE_BUCKET_ID: 0x8E_VRFK_nt!PspCreateThre
BUCKET_ID: 0x8E_VRFK_nt!PspCreateThre
Followup: MachineOwner
---------
eax=00000000 ebx=fb26a3d6 ecx=0101d000 edx=804dd22e esi=00001000 edi=0101c000
eip=fb26480e esp=f98f3a94 ebp=f98f3aa0 iopl=0 nv up ei pl nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010206
fb26480e 8a1401 mov dl,byte ptr [ecx+eax] ds:0023:0101d000=??
ChildEBP RetAddr Args to Child
WARNING: Frame IP not in any known module. Following frames may be wrong.
f98f3aa0 fb26670a 0101c000 0000001e fb26a3d6 0xfb26480e
f98f3b78 805f9351 00000608 8b7c0da0 00000001 0xfb26670a
f98f3b58 fb266913 8b7c0da0 e1c135d0 811ba560 nt!PspCreateThread+0x3e3 (FPO: [Non-Fpo])
f98f3b78 805f9351 00000608 8b7c0da0 00000001 0xfb266913
f98f3cc4 8057b2a3 00beecbc 001f03ff 00000000 nt!PspCreateThread+0x3e3 (FPO: [Non-Fpo])
f98f3d3c 804de7ec 00beecbc 001f03ff 00000000 nt!NtCreateThread+0x118 (FPO: [Non-Fpo])
f98f3d3c 7c90eb94 00beecbc 001f03ff 00000000 nt!KiFastCallEntry+0xf8 (FPO: [0,0] TrapFrame @ f98f3d64)
00bef338 00000000 00000000 00000000 00000000 0x7c90eb94
start end module name
804d7000 806eb100 nt ntoskrnl.exe Tue Mar 01 16:59:37 2005 (42250FF9)
806ec000 806ffd80 hal halacpi.dll Tue Aug 03 22:59:04 2004 (41107B28)
bac00000 bac31880 yacxgc yacxgc.sys Thu Jul 18 21:25:56 2002 (3D3794D4)
bac32000 bac54680 ks ks.sys Tue Aug 03 23:15:20 2004 (41107EF8)
bac55000 bac68900 parport parport.sys Tue Aug 03 22:59:04 2004 (41107B28)
bac69000 bac86400 e100b325 e100b325.sys Fri Nov 16 14:07:28 2001 (3BF58E20)
baca6000 bacd9200 update update.sys Tue Aug 03 22:58:32 2004 (41107B08)
bacda000 bacfce80 USBPORT USBPORT.SYS Tue Aug 03 23:08:34 2004 (41107D62)
bacfd000 bad10780 VIDEOPRT VIDEOPRT.SYS Tue Aug 03 23:07:04 2004 (41107D08)
bad11000 bade58c0 nv4_mini nv4_mini.sys Fri Apr 19 14:44:04 2002 (3CC08FA4)
bae2e000 bae48580 Mup Mup.sys Tue Aug 03 23:15:20 2004 (41107EF8)
bae49000 bae75a80 NDIS NDIS.sys Tue Aug 03 23:14:27 2004 (41107EC3)
bae76000 baf02480 Ntfs Ntfs.sys Tue Aug 03 23:15:06 2004 (41107EEA)
baf03000 baf19780 KSecDD KSecDD.sys Tue Aug 03 22:59:45 2004 (41107B51)
baf1a000 baf2bf00 sr sr.sys Tue Aug 03 23:06:22 2004 (41107CDE)
baf2c000 baf2d000 fltmgr fltmgr.sys unavailable (00000000)
baf4b000 baf62480 atapi atapi.sys Tue Aug 03 22:59:41 2004 (41107B4D)
baf63000 baf81880 ftdisk ftdisk.sys Fri Aug 17 13:52:41 2001 (3B7D8419)
baf82000 baf9f480 pcmcia pcmcia.sys Tue Aug 03 23:07:45 2004 (41107D31)
bafa0000 bafb0a80 pci pci.sys Tue Aug 03 23:07:45 2004 (41107D31)
bafb1000 bafded80 ACPI ACPI.sys Tue Aug 03 23:07:35 2004 (41107D27)
bf800000 bf9c0500 win32k win32k.sys Tue Mar 01 17:06:42 2005 (422511A2)
bf9c1000 bf9d2580 dxg dxg.sys Tue Aug 03 23:00:51 2004 (41107B93)
bf9d3000 bfd09a80 nv4_disp nv4_disp.dll Fri Apr 19 14:48:39 2002 (3CC090B7)
f9621000 f9661280 HTTP HTTP.sys Thu Mar 16 16:33:09 2006 (441A03C5)
f97ca000 f981b300 srv srv.sys Mon May 09 17:17:49 2005 (427FFDAD)
f9af1000 f9b05400 wdmaud wdmaud.sys Tue Aug 03 23:15:03 2004 (41107EE7)
f9b2e000 f9b5a400 mrxdav mrxdav.sys Tue Aug 03 23:00:49 2004 (41107B91)
f9c9b000 f9cb0580 irda irda.sys Tue Aug 03 23:00:50 2004 (41107B92)
fb092000 fb0a9480 dump_atapi dump_atapi.sys Tue Aug 03 22:59:41 2004 (41107B4D)
fb0d2000 fb0f2f00 ipnat ipnat.sys Wed Sep 29 15:28:36 2004 (415B3714)
fb0f3000 fb161a00 mrxsmb mrxsmb.sys Fri May 05 02:41:42 2006 (445B1DD6)
fb162000 fb18ca00 rdbss rdbss.sys Fri May 05 02:47:55 2006 (445B1F4B)
fb18d000 fb1aed00 afd afd.sys Tue Aug 03 23:14:13 2004 (41107EB5)
fb1af000 fb1d6c00 netbt netbt.sys Tue Aug 03 23:14:36 2004 (41107ECC)
fb1d7000 fb22ed80 tcpip tcpip.sys Wed May 25 12:04:00 2005 (4294CC20)
fb22f000 fb241400 ipsec ipsec.sys Tue Aug 03 23:14:27 2004 (41107EC3)
fb293000 fb295900 Dxapi Dxapi.sys Fri Aug 17 13:53:19 2001 (3B7D843F)
fc2af000 fc2bdd80 sysaudio sysaudio.sys Tue Aug 03 23:15:54 2004 (41107F1A)
fc35b000 fc36be00 psched psched.sys Tue Aug 03 23:04:16 2004 (41107C60)
fc36c000 fc382680 ndiswan ndiswan.sys Tue Aug 03 23:14:30 2004 (41107EC6)
fc383000 fc497b80 AGRSM AGRSM.sys Fri Jun 21 08:47:54 2002 (3D134AAA)
fc498000 fc4bb980 portcls portcls.sys Tue Aug 03 23:15:47 2004 (41107F13)
fc4bc000 fc4c4c00 isapnp isapnp.sys Fri Aug 17 13:58:01 2001 (3B7D8559)
fc4cc000 fc4d6500 MountMgr MountMgr.sys Tue Aug 03 22:58:29 2004 (41107B05)
fc4dc000 fc4e8c80 VolSnap VolSnap.sys Tue Aug 03 23:00:14 2004 (41107B6E)
fc4ec000 fc4f4e00 disk disk.sys Tue Aug 03 22:59:53 2004 (41107B59)
fc4fc000 fc508200 CLASSPNP CLASSPNP.SYS Tue Aug 03 23:14:26 2004 (41107EC2)
fc50c000 fc516580 agp440 agp440.sys Tue Aug 03 23:07:40 2004 (41107D2C)
fc53c000 fc54a100 usbhub usbhub.sys Tue Aug 03 23:08:40 2004 (41107D68)
fc58c000 fc594700 netbios netbios.sys Tue Aug 03 23:03:19 2004 (41107C27)
fc5ac000 fc5b4880 Fips Fips.SYS Fri Aug 17 18:31:49 2001 (3B7DC585)
fc5cc000 fc5d4700 wanarp wanarp.sys Tue Aug 03 23:04:57 2004 (41107C89)
fc5dc000 fc5eb900 Cdfs Cdfs.SYS Tue Aug 03 23:14:09 2004 (41107EB1)
fc66c000 fc674d00 intelppm intelppm.sys Tue Aug 03 22:59:19 2004 (41107B37)
fc67c000 fc688e00 i8042prt i8042prt.sys Tue Aug 03 23:14:36 2004 (41107ECC)
fc68c000 fc696380 Imapi Imapi.SYS Tue Aug 03 23:00:12 2004 (41107B6C)
fc69c000 fc6a8180 cdrom cdrom.sys Tue Aug 03 22:59:52 2004 (41107B58)
fc6ac000 fc6ba080 redbook redbook.sys Tue Aug 03 22:59:34 2004 (41107B46)
fc6bc000 fc6cab80 drmk drmk.sys Tue Aug 03 23:07:54 2004 (41107D3A)
fc6cc000 fc6d8880 rasl2tp rasl2tp.sys Tue Aug 03 23:14:21 2004 (41107EBD)
fc6dc000 fc6e6200 raspppoe raspppoe.sys Tue Aug 03 23:05:06 2004 (41107C92)
fc6ec000 fc6f7d00 raspptp raspptp.sys Tue Aug 03 23:14:26 2004 (41107EC2)
fc6fc000 fc704900 msgpc msgpc.sys Tue Aug 03 23:04:11 2004 (41107C5B)
fc70c000 fc715f00 termdd termdd.sys Tue Aug 03 22:58:52 2004 (41107B1C)
fc72c000 fc735480 NDProxy NDProxy.SYS Fri Aug 17 13:55:30 2001 (3B7D84C2)
fc73c000 fc742200 PCIIDEX PCIIDEX.SYS Tue Aug 03 22:59:40 2004 (41107B4C)
fc744000 fc748900 PartMgr PartMgr.sys Fri Aug 17 18:32:23 2001 (3B7DC5A7)
fc74c000 fc750080 PxHelp20 PxHelp20.sys Fri Jan 03 14:10:17 2003 (3E160A49)
fc76c000 fc773880 Npfs Npfs.SYS Tue Aug 03 23:00:38 2004 (41107B86)
fc7a4000 fc7a8500 watchdog watchdog.sys Tue Aug 03 23:07:32 2004 (41107D24)
fc7c4000 fc7c9000 usbuhci usbuhci.sys Tue Aug 03 23:08:34 2004 (41107D62)
fc7cc000 fc7d2000 kbdclass kbdclass.sys Tue Aug 03 22:58:32 2004 (41107B08)
fc7d4000 fc7d9a00 mouclass mouclass.sys Tue Aug 03 22:58:32 2004 (41107B08)
fc7dc000 fc7dd000 fdc fdc.sys unavailable (00000000)
fc7e4000 fc7eb580 Modem Modem.SYS Tue Aug 03 23:08:04 2004 (41107D44)
fc7ec000 fc7f0c80 rasirda rasirda.sys Fri Aug 17 13:51:29 2001 (3B7D83D1)
fc7f4000 fc7f8880 TDI TDI.SYS Tue Aug 03 23:07:47 2004 (41107D33)
fc804000 fc808580 ptilink ptilink.sys Fri Aug 17 13:49:53 2001 (3B7D8371)
fc80c000 fc810080 raspti raspti.sys Fri Aug 17 13:55:32 2001 (3B7D84C4)
fc8a4000 fc8a5000 flpydisk flpydisk.sys unavailable (00000000)
fc8bc000 fc8c1200 vga vga.sys Tue Aug 03 23:07:06 2004 (41107D0A)
fc8c4000 fc8c8a80 Msfs Msfs.SYS Tue Aug 03 23:00:37 2004 (41107B85)
fc8cc000 fc8cf000 BOOTVID BOOTVID.dll Fri Aug 17 13:49:09 2001 (3B7D8345)
fc8d0000 fc8d2480 compbatt compbatt.sys Fri Aug 17 13:57:58 2001 (3B7D8556)
fc8d4000 fc8d7700 BATTC BATTC.SYS Fri Aug 17 13:57:52 2001 (3B7D8550)
fc8e4000 fc8e7280 ndisuio ndisuio.sys Tue Aug 03 23:03:10 2004 (41107C1E)
fc950000 fc952280 rasacd rasacd.sys Fri Aug 17 13:55:39 2001 (3B7D84CB)
fc95c000 fc95ef00 ws2ifsl ws2ifsl.sys Fri Aug 17 13:55:58 2001 (3B7D84DE)
fc980000 fc982b80 IPFilter IPFilter.sys Thu Apr 11 11:47:22 2002 (3CB5DA3A)
fc990000 fc993700 CmBatt CmBatt.sys Tue Aug 03 23:07:39 2004 (41107D2B)
fc998000 fc99a580 ndistapi ndistapi.sys Fri Aug 17 13:55:29 2001 (3B7D84C1)
fc9a4000 fc9a7c80 mssmbios mssmbios.sys Tue Aug 03 23:07:47 2004 (41107D33)
fc9bc000 fc9bdb80 kdcom kdcom.dll Fri Aug 17 13:49:10 2001 (3B7D8346)
fc9be000 fc9bf100 WMILIB WMILIB.SYS Fri Aug 17 14:07:23 2001 (3B7D878B)
fc9c0000 fc9c1580 intelide intelide.sys Tue Aug 03 22:59:40 2004 (41107B4C)
fc9c2000 fc9c34c0 TVALG TVALG.SYS Thu Sep 13 03:53:01 2001 (3BA0900D)
fc9c4000 fc9c5240 TVALD TVALD.SYS Thu Aug 16 22:23:56 2001 (3B7CAA6C)
fc9e6000 fc9e7100 swenum swenum.sys Tue Aug 03 22:58:41 2004 (41107B11)
fc9ee000 fc9ef280 USBD USBD.SYS Fri Aug 17 14:02:58 2001 (3B7D8682)
fc9f6000 fc9f7000 Fs_Rec Fs_Rec.SYS unavailable (00000000)
fc9f8000 fc9f9080 Beep Beep.SYS Fri Aug 17 13:47:33 2001 (3B7D82E5)
fc9fa000 fc9fb080 mnmdd mnmdd.SYS Fri Aug 17 13:57:28 2001 (3B7D8538)
fc9fc000 fc9fd080 RDPCDD RDPCDD.sys Fri Aug 17 13:46:56 2001 (3B7D82C0)
fca00000 fca01100 dump_WMILIB dump_WMILIB.SYS Fri Aug 17 14:07:23 2001 (3B7D878B)
fca34000 fca35000 ParVdm ParVdm.SYS unavailable (00000000)
fcafb000 fcafbc00 audstub audstub.sys Fri Aug 17 13:59:40 2001 (3B7D85BC)
fcb9b000 fcb9c000 Null Null.SYS unavailable (00000000)
fcc0d000 fcc0dd00 dxgthk dxgthk.sys Fri Aug 17 13:53:12 2001 (3B7D8438)
Unloaded modules:
f9aa4000 f9ace000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
fcbfa000 fcbfb000 drmkaud.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
fb062000 fb06f000 DMusic.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
fb082000 fb090000 swmidi.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f9ace000 f9af1000 aec.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
fca18000 fca1a000 splitter.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
fb052000 fb062000 Serial.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
fc59c000 fc5a5000 processr.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
fc8ac000 fc8b1000 Cdaudio.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
fc94c000 fc94f000 Sfloppy.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
Closing open log file c:\debuglog.txt
Opened log file 'c:\debuglog.txt'
kd> .sympath srv*c:\windows\symbols*http://msdl.microsoft.com/download/symbols
Symbol search path is: srv*c:\windows\symbols*http://msdl.microsoft.com/download/symbols
kd> .reload;!analyze -v;r;kv;lmnt;.logclose;q
Loading Kernel Symbols
..........................
Loading User Symbols
Loading unloaded module list
..........
**************************
* *
* Bugcheck Analysis *
* *
**************************
KERNEL_MODE_EXCEPTION_NOT_
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: fb26480e, The address that the exception occurred at
Arg3: f98f3a20, Trap Frame
Arg4: 00000000
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".
FAULTING_IP:
+fffffffffb26480e
fb26480e 8a1401 mov dl,byte ptr [ecx+eax]
TRAP_FRAME: f98f3a20 -- (.trap fffffffff98f3a20)
.trap fffffffff98f3a20
ErrCode = 00000000
eax=00000000 ebx=fb26a3d6 ecx=0101d000 edx=804dd22e esi=00001000 edi=0101c000
eip=fb26480e esp=f98f3a94 ebp=f98f3aa0 iopl=0 nv up ei pl nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010206
fb26480e 8a1401 mov dl,byte ptr [ecx+eax] ds:0023:0101d000=??
.trap
Resetting default scope
CUSTOMER_CRASH_COUNT: 2
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0x8E
PROCESS_NAME: WindowsXP-KB922
LAST_CONTROL_TRANSFER: from fb26670a to fb26480e
STACK_TEXT:
WARNING: Frame IP not in any known module. Following frames may be wrong.
f98f3aa0 fb26670a 0101c000 0000001e fb26a3d6 0xfb26480e
f98f3b78 805f9351 00000608 8b7c0da0 00000001 0xfb26670a
f98f3b58 fb266913 8b7c0da0 e1c135d0 811ba560 nt!PspCreateThread+0x3e3
f98f3b78 805f9351 00000608 8b7c0da0 00000001 0xfb266913
f98f3cc4 8057b2a3 00beecbc 001f03ff 00000000 nt!PspCreateThread+0x3e3
f98f3d3c 804de7ec 00beecbc 001f03ff 00000000 nt!NtCreateThread+0x118
f98f3d3c 7c90eb94 00beecbc 001f03ff 00000000 nt!KiFastCallEntry+0xf8
00bef338 00000000 00000000 00000000 00000000 0x7c90eb94
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!PspCreateThread+3e3
805f9351 57 push edi
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: nt!PspCreateThread+3e3
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntoskrnl.exe
DEBUG_FLR_IMAGE_TIMESTAMP:
FAILURE_BUCKET_ID: 0x8E_VRFK_nt!PspCreateThre
BUCKET_ID: 0x8E_VRFK_nt!PspCreateThre
Followup: MachineOwner
---------
eax=00000000 ebx=fb26a3d6 ecx=0101d000 edx=804dd22e esi=00001000 edi=0101c000
eip=fb26480e esp=f98f3a94 ebp=f98f3aa0 iopl=0 nv up ei pl nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010206
fb26480e 8a1401 mov dl,byte ptr [ecx+eax] ds:0023:0101d000=??
ChildEBP RetAddr Args to Child
WARNING: Frame IP not in any known module. Following frames may be wrong.
f98f3aa0 fb26670a 0101c000 0000001e fb26a3d6 0xfb26480e
f98f3b78 805f9351 00000608 8b7c0da0 00000001 0xfb26670a
f98f3b58 fb266913 8b7c0da0 e1c135d0 811ba560 nt!PspCreateThread+0x3e3 (FPO: [Non-Fpo])
f98f3b78 805f9351 00000608 8b7c0da0 00000001 0xfb266913
f98f3cc4 8057b2a3 00beecbc 001f03ff 00000000 nt!PspCreateThread+0x3e3 (FPO: [Non-Fpo])
f98f3d3c 804de7ec 00beecbc 001f03ff 00000000 nt!NtCreateThread+0x118 (FPO: [Non-Fpo])
f98f3d3c 7c90eb94 00beecbc 001f03ff 00000000 nt!KiFastCallEntry+0xf8 (FPO: [0,0] TrapFrame @ f98f3d64)
00bef338 00000000 00000000 00000000 00000000 0x7c90eb94
start end module name
804d7000 806eb100 nt ntoskrnl.exe Tue Mar 01 16:59:37 2005 (42250FF9)
806ec000 806ffd80 hal halacpi.dll Tue Aug 03 22:59:04 2004 (41107B28)
bac00000 bac31880 yacxgc yacxgc.sys Thu Jul 18 21:25:56 2002 (3D3794D4)
bac32000 bac54680 ks ks.sys Tue Aug 03 23:15:20 2004 (41107EF8)
bac55000 bac68900 parport parport.sys Tue Aug 03 22:59:04 2004 (41107B28)
bac69000 bac86400 e100b325 e100b325.sys Fri Nov 16 14:07:28 2001 (3BF58E20)
baca6000 bacd9200 update update.sys Tue Aug 03 22:58:32 2004 (41107B08)
bacda000 bacfce80 USBPORT USBPORT.SYS Tue Aug 03 23:08:34 2004 (41107D62)
bacfd000 bad10780 VIDEOPRT VIDEOPRT.SYS Tue Aug 03 23:07:04 2004 (41107D08)
bad11000 bade58c0 nv4_mini nv4_mini.sys Fri Apr 19 14:44:04 2002 (3CC08FA4)
bae2e000 bae48580 Mup Mup.sys Tue Aug 03 23:15:20 2004 (41107EF8)
bae49000 bae75a80 NDIS NDIS.sys Tue Aug 03 23:14:27 2004 (41107EC3)
bae76000 baf02480 Ntfs Ntfs.sys Tue Aug 03 23:15:06 2004 (41107EEA)
baf03000 baf19780 KSecDD KSecDD.sys Tue Aug 03 22:59:45 2004 (41107B51)
baf1a000 baf2bf00 sr sr.sys Tue Aug 03 23:06:22 2004 (41107CDE)
baf2c000 baf2d000 fltmgr fltmgr.sys unavailable (00000000)
baf4b000 baf62480 atapi atapi.sys Tue Aug 03 22:59:41 2004 (41107B4D)
baf63000 baf81880 ftdisk ftdisk.sys Fri Aug 17 13:52:41 2001 (3B7D8419)
baf82000 baf9f480 pcmcia pcmcia.sys Tue Aug 03 23:07:45 2004 (41107D31)
bafa0000 bafb0a80 pci pci.sys Tue Aug 03 23:07:45 2004 (41107D31)
bafb1000 bafded80 ACPI ACPI.sys Tue Aug 03 23:07:35 2004 (41107D27)
bf800000 bf9c0500 win32k win32k.sys Tue Mar 01 17:06:42 2005 (422511A2)
bf9c1000 bf9d2580 dxg dxg.sys Tue Aug 03 23:00:51 2004 (41107B93)
bf9d3000 bfd09a80 nv4_disp nv4_disp.dll Fri Apr 19 14:48:39 2002 (3CC090B7)
f9621000 f9661280 HTTP HTTP.sys Thu Mar 16 16:33:09 2006 (441A03C5)
f97ca000 f981b300 srv srv.sys Mon May 09 17:17:49 2005 (427FFDAD)
f9af1000 f9b05400 wdmaud wdmaud.sys Tue Aug 03 23:15:03 2004 (41107EE7)
f9b2e000 f9b5a400 mrxdav mrxdav.sys Tue Aug 03 23:00:49 2004 (41107B91)
f9c9b000 f9cb0580 irda irda.sys Tue Aug 03 23:00:50 2004 (41107B92)
fb092000 fb0a9480 dump_atapi dump_atapi.sys Tue Aug 03 22:59:41 2004 (41107B4D)
fb0d2000 fb0f2f00 ipnat ipnat.sys Wed Sep 29 15:28:36 2004 (415B3714)
fb0f3000 fb161a00 mrxsmb mrxsmb.sys Fri May 05 02:41:42 2006 (445B1DD6)
fb162000 fb18ca00 rdbss rdbss.sys Fri May 05 02:47:55 2006 (445B1F4B)
fb18d000 fb1aed00 afd afd.sys Tue Aug 03 23:14:13 2004 (41107EB5)
fb1af000 fb1d6c00 netbt netbt.sys Tue Aug 03 23:14:36 2004 (41107ECC)
fb1d7000 fb22ed80 tcpip tcpip.sys Wed May 25 12:04:00 2005 (4294CC20)
fb22f000 fb241400 ipsec ipsec.sys Tue Aug 03 23:14:27 2004 (41107EC3)
fb293000 fb295900 Dxapi Dxapi.sys Fri Aug 17 13:53:19 2001 (3B7D843F)
fc2af000 fc2bdd80 sysaudio sysaudio.sys Tue Aug 03 23:15:54 2004 (41107F1A)
fc35b000 fc36be00 psched psched.sys Tue Aug 03 23:04:16 2004 (41107C60)
fc36c000 fc382680 ndiswan ndiswan.sys Tue Aug 03 23:14:30 2004 (41107EC6)
fc383000 fc497b80 AGRSM AGRSM.sys Fri Jun 21 08:47:54 2002 (3D134AAA)
fc498000 fc4bb980 portcls portcls.sys Tue Aug 03 23:15:47 2004 (41107F13)
fc4bc000 fc4c4c00 isapnp isapnp.sys Fri Aug 17 13:58:01 2001 (3B7D8559)
fc4cc000 fc4d6500 MountMgr MountMgr.sys Tue Aug 03 22:58:29 2004 (41107B05)
fc4dc000 fc4e8c80 VolSnap VolSnap.sys Tue Aug 03 23:00:14 2004 (41107B6E)
fc4ec000 fc4f4e00 disk disk.sys Tue Aug 03 22:59:53 2004 (41107B59)
fc4fc000 fc508200 CLASSPNP CLASSPNP.SYS Tue Aug 03 23:14:26 2004 (41107EC2)
fc50c000 fc516580 agp440 agp440.sys Tue Aug 03 23:07:40 2004 (41107D2C)
fc53c000 fc54a100 usbhub usbhub.sys Tue Aug 03 23:08:40 2004 (41107D68)
fc58c000 fc594700 netbios netbios.sys Tue Aug 03 23:03:19 2004 (41107C27)
fc5ac000 fc5b4880 Fips Fips.SYS Fri Aug 17 18:31:49 2001 (3B7DC585)
fc5cc000 fc5d4700 wanarp wanarp.sys Tue Aug 03 23:04:57 2004 (41107C89)
fc5dc000 fc5eb900 Cdfs Cdfs.SYS Tue Aug 03 23:14:09 2004 (41107EB1)
fc66c000 fc674d00 intelppm intelppm.sys Tue Aug 03 22:59:19 2004 (41107B37)
fc67c000 fc688e00 i8042prt i8042prt.sys Tue Aug 03 23:14:36 2004 (41107ECC)
fc68c000 fc696380 Imapi Imapi.SYS Tue Aug 03 23:00:12 2004 (41107B6C)
fc69c000 fc6a8180 cdrom cdrom.sys Tue Aug 03 22:59:52 2004 (41107B58)
fc6ac000 fc6ba080 redbook redbook.sys Tue Aug 03 22:59:34 2004 (41107B46)
fc6bc000 fc6cab80 drmk drmk.sys Tue Aug 03 23:07:54 2004 (41107D3A)
fc6cc000 fc6d8880 rasl2tp rasl2tp.sys Tue Aug 03 23:14:21 2004 (41107EBD)
fc6dc000 fc6e6200 raspppoe raspppoe.sys Tue Aug 03 23:05:06 2004 (41107C92)
fc6ec000 fc6f7d00 raspptp raspptp.sys Tue Aug 03 23:14:26 2004 (41107EC2)
fc6fc000 fc704900 msgpc msgpc.sys Tue Aug 03 23:04:11 2004 (41107C5B)
fc70c000 fc715f00 termdd termdd.sys Tue Aug 03 22:58:52 2004 (41107B1C)
fc72c000 fc735480 NDProxy NDProxy.SYS Fri Aug 17 13:55:30 2001 (3B7D84C2)
fc73c000 fc742200 PCIIDEX PCIIDEX.SYS Tue Aug 03 22:59:40 2004 (41107B4C)
fc744000 fc748900 PartMgr PartMgr.sys Fri Aug 17 18:32:23 2001 (3B7DC5A7)
fc74c000 fc750080 PxHelp20 PxHelp20.sys Fri Jan 03 14:10:17 2003 (3E160A49)
fc76c000 fc773880 Npfs Npfs.SYS Tue Aug 03 23:00:38 2004 (41107B86)
fc7a4000 fc7a8500 watchdog watchdog.sys Tue Aug 03 23:07:32 2004 (41107D24)
fc7c4000 fc7c9000 usbuhci usbuhci.sys Tue Aug 03 23:08:34 2004 (41107D62)
fc7cc000 fc7d2000 kbdclass kbdclass.sys Tue Aug 03 22:58:32 2004 (41107B08)
fc7d4000 fc7d9a00 mouclass mouclass.sys Tue Aug 03 22:58:32 2004 (41107B08)
fc7dc000 fc7dd000 fdc fdc.sys unavailable (00000000)
fc7e4000 fc7eb580 Modem Modem.SYS Tue Aug 03 23:08:04 2004 (41107D44)
fc7ec000 fc7f0c80 rasirda rasirda.sys Fri Aug 17 13:51:29 2001 (3B7D83D1)
fc7f4000 fc7f8880 TDI TDI.SYS Tue Aug 03 23:07:47 2004 (41107D33)
fc804000 fc808580 ptilink ptilink.sys Fri Aug 17 13:49:53 2001 (3B7D8371)
fc80c000 fc810080 raspti raspti.sys Fri Aug 17 13:55:32 2001 (3B7D84C4)
fc8a4000 fc8a5000 flpydisk flpydisk.sys unavailable (00000000)
fc8bc000 fc8c1200 vga vga.sys Tue Aug 03 23:07:06 2004 (41107D0A)
fc8c4000 fc8c8a80 Msfs Msfs.SYS Tue Aug 03 23:00:37 2004 (41107B85)
fc8cc000 fc8cf000 BOOTVID BOOTVID.dll Fri Aug 17 13:49:09 2001 (3B7D8345)
fc8d0000 fc8d2480 compbatt compbatt.sys Fri Aug 17 13:57:58 2001 (3B7D8556)
fc8d4000 fc8d7700 BATTC BATTC.SYS Fri Aug 17 13:57:52 2001 (3B7D8550)
fc8e4000 fc8e7280 ndisuio ndisuio.sys Tue Aug 03 23:03:10 2004 (41107C1E)
fc950000 fc952280 rasacd rasacd.sys Fri Aug 17 13:55:39 2001 (3B7D84CB)
fc95c000 fc95ef00 ws2ifsl ws2ifsl.sys Fri Aug 17 13:55:58 2001 (3B7D84DE)
fc980000 fc982b80 IPFilter IPFilter.sys Thu Apr 11 11:47:22 2002 (3CB5DA3A)
fc990000 fc993700 CmBatt CmBatt.sys Tue Aug 03 23:07:39 2004 (41107D2B)
fc998000 fc99a580 ndistapi ndistapi.sys Fri Aug 17 13:55:29 2001 (3B7D84C1)
fc9a4000 fc9a7c80 mssmbios mssmbios.sys Tue Aug 03 23:07:47 2004 (41107D33)
fc9bc000 fc9bdb80 kdcom kdcom.dll Fri Aug 17 13:49:10 2001 (3B7D8346)
fc9be000 fc9bf100 WMILIB WMILIB.SYS Fri Aug 17 14:07:23 2001 (3B7D878B)
fc9c0000 fc9c1580 intelide intelide.sys Tue Aug 03 22:59:40 2004 (41107B4C)
fc9c2000 fc9c34c0 TVALG TVALG.SYS Thu Sep 13 03:53:01 2001 (3BA0900D)
fc9c4000 fc9c5240 TVALD TVALD.SYS Thu Aug 16 22:23:56 2001 (3B7CAA6C)
fc9e6000 fc9e7100 swenum swenum.sys Tue Aug 03 22:58:41 2004 (41107B11)
fc9ee000 fc9ef280 USBD USBD.SYS Fri Aug 17 14:02:58 2001 (3B7D8682)
fc9f6000 fc9f7000 Fs_Rec Fs_Rec.SYS unavailable (00000000)
fc9f8000 fc9f9080 Beep Beep.SYS Fri Aug 17 13:47:33 2001 (3B7D82E5)
fc9fa000 fc9fb080 mnmdd mnmdd.SYS Fri Aug 17 13:57:28 2001 (3B7D8538)
fc9fc000 fc9fd080 RDPCDD RDPCDD.sys Fri Aug 17 13:46:56 2001 (3B7D82C0)
fca00000 fca01100 dump_WMILIB dump_WMILIB.SYS Fri Aug 17 14:07:23 2001 (3B7D878B)
fca34000 fca35000 ParVdm ParVdm.SYS unavailable (00000000)
fcafb000 fcafbc00 audstub audstub.sys Fri Aug 17 13:59:40 2001 (3B7D85BC)
fcb9b000 fcb9c000 Null Null.SYS unavailable (00000000)
fcc0d000 fcc0dd00 dxgthk dxgthk.sys Fri Aug 17 13:53:12 2001 (3B7D8438)
Unloaded modules:
f9aa4000 f9ace000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
fcbfa000 fcbfb000 drmkaud.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
fb062000 fb06f000 DMusic.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
fb082000 fb090000 swmidi.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f9ace000 f9af1000 aec.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
fca18000 fca1a000 splitter.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
fb052000 fb062000 Serial.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
fc59c000 fc5a5000 processr.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
fc8ac000 fc8b1000 Cdaudio.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
fc94c000 fc94f000 Sfloppy.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
Closing open log file c:\debuglog.txt
Hi,
From the stack trace, I believe that ram is the culprit.
f98f3aa0 fb26670a 0101c000 0000001e fb26a3d6 0xfb26480e
f98f3b78 805f9351 00000608 8b7c0da0 00000001 0xfb26670a <-- transfer to invalid address ?? faulty ram
f98f3b58 fb266913 8b7c0da0 e1c135d0 811ba560 nt!PspCreateThread+0x3e3
f98f3b78 805f9351 00000608 8b7c0da0 00000001 0xfb266913
f98f3cc4 8057b2a3 00beecbc 001f03ff 00000000 nt!PspCreateThread+0x3e3
f98f3d3c 804de7ec 00beecbc 001f03ff 00000000 nt!NtCreateThread+0x118
f98f3d3c 7c90eb94 00beecbc 001f03ff 00000000 nt!KiFastCallEntry+0xf8
00bef338 00000000 00000000 00000000 00000000 0x7c90eb94
cpc2004
From the stack trace, I believe that ram is the culprit.
f98f3aa0 fb26670a 0101c000 0000001e fb26a3d6 0xfb26480e
f98f3b78 805f9351 00000608 8b7c0da0 00000001 0xfb26670a <-- transfer to invalid address ?? faulty ram
f98f3b58 fb266913 8b7c0da0 e1c135d0 811ba560 nt!PspCreateThread+0x3e3
f98f3b78 805f9351 00000608 8b7c0da0 00000001 0xfb266913
f98f3cc4 8057b2a3 00beecbc 001f03ff 00000000 nt!PspCreateThread+0x3e3
f98f3d3c 804de7ec 00beecbc 001f03ff 00000000 nt!NtCreateThread+0x118
f98f3d3c 7c90eb94 00beecbc 001f03ff 00000000 nt!KiFastCallEntry+0xf8
00bef338 00000000 00000000 00000000 00000000 0x7c90eb94
cpc2004
Hi,
After you issue command to extract the windows kernel from Microsoft and it resolves the windows kernel timestamp issue.
>>>>>
.sympath srv*c:\windows\symbols*http://msdl.microsoft.com/download/symbols
Loading Kernel Symbols
..........................
>>>>>
cpc004
After you issue command to extract the windows kernel from Microsoft and it resolves the windows kernel timestamp issue.
>>>>>
.sympath srv*c:\windows\symbols*http://msdl.microsoft.com/download/symbols
Loading Kernel Symbols
..........................
>>>>>
cpc004
did you test the new ram? the old ram can have corrupted your files on the disk, so try running a scan disk for errors, or sfc /scannow from the run box
ASKER
I believe the problem has been solved. I will wait a day to confirm this, but to this point it appears to be Windows Automatic Updates were causing the blue screen.
As I'd mentioned earlier, there was a specific svchost process that appeared to execute with wuauclt.exe. If I killed this process, Windows would not crash. If I didn't it would consume memory until it crashed (this only applied with the Automatic Update service enabled). With Automatic Updates disabled, it would not blue screen. So I left Automatic Updates enabled, killed the svchost process, and when to Windows Update online to check for and download updates. It took forever, but after downloading and restarting, it hasn't blue screened yet, and it appears to be running normally.
I will post the results tomorrow, as I try not to jump to conclusions too early.
As I'd mentioned earlier, there was a specific svchost process that appeared to execute with wuauclt.exe. If I killed this process, Windows would not crash. If I didn't it would consume memory until it crashed (this only applied with the Automatic Update service enabled). With Automatic Updates disabled, it would not blue screen. So I left Automatic Updates enabled, killed the svchost process, and when to Windows Update online to check for and download updates. It took forever, but after downloading and restarting, it hasn't blue screened yet, and it appears to be running normally.
I will post the results tomorrow, as I try not to jump to conclusions too early.
ASKER
It has been confirmed. No more BSOD. Thanks for everyones help. It was a very strange and unexpected cause to say the least.
ok with me
Hi,
The problem owner iss concern that ntoskrnl.exe is corrupted. I confirm that it is windows kernel symbol issues and his kenel is not corupted. I should award points.
<<<<
To summarize, I have basically 3 questions.
1. Is the 'Unable to verify timestamp for ntoskrnl.exe' something to worry about, or is this a common error?
2. What can be done if the ntoskrnl.exe file is damaged in some way?
3. Or if questions 1 & 2 don't apply, how to you repair the Automatic Updates service?
<<<
cpc2004
The problem owner iss concern that ntoskrnl.exe is corrupted. I confirm that it is windows kernel symbol issues and his kenel is not corupted. I should award points.
<<<<
To summarize, I have basically 3 questions.
1. Is the 'Unable to verify timestamp for ntoskrnl.exe' something to worry about, or is this a common error?
2. What can be done if the ntoskrnl.exe file is damaged in some way?
3. Or if questions 1 & 2 don't apply, how to you repair the Automatic Updates service?
<<<
cpc2004
ASKER
cpc2004, I appreciate your help, but I don't feel that the problem would have been solved by any of your input except for 'Windows repair install'. In my opinion, that is a last resort, as it can cause other issues. One of your last comments you stated 'From the stack trace, I believe that ram is the culprit.' - which tells me it was just a best guess.
In some way, the Automatic Update service software was damaged, and was causing a BSOD. Going to Windows Update somehow solved this. If you can find a good explanation, or some links to how this can occur, I would be glad to reconsider awarding you points.
In some way, the Automatic Update service software was damaged, and was causing a BSOD. Going to Windows Update somehow solved this. If you can find a good explanation, or some links to how this can occur, I would be glad to reconsider awarding you points.
Hi,
When you open this problem, you ask three question3.
>>>>
1. Is the 'Unable to verify timestamp for ntoskrnl.exe' something to worry about, or is this a common error?
Answer: Your kernel is not corrupted and it only tells you that the symbol file of windows kernel is not loaded. you have to specify this command to load windows kernel symbols
-y c:\windows\symbols*http://msdl.microsoft.com/download/symbols
2. What can be done if the ntoskrnl.exe file is damaged in some way?
Windows Repair install
3. Or if questions 1 & 2 don't apply, how to you repair the Automatic Updates service?
Your nVidia Display Card Driver is 4 years behind. Upgrade nVidia Display card will resolve the blue screen problem.
>>>
Do you agree that I answer question 1 and question 2? Since your ntosknel is not corrupted, it is no need to repiar. If you only award points which only if question 3 is answered, I have no objection.
cpc2004
When you open this problem, you ask three question3.
>>>>
1. Is the 'Unable to verify timestamp for ntoskrnl.exe' something to worry about, or is this a common error?
Answer: Your kernel is not corrupted and it only tells you that the symbol file of windows kernel is not loaded. you have to specify this command to load windows kernel symbols
-y c:\windows\symbols*http://msdl.microsoft.com/download/symbols
2. What can be done if the ntoskrnl.exe file is damaged in some way?
Windows Repair install
3. Or if questions 1 & 2 don't apply, how to you repair the Automatic Updates service?
Your nVidia Display Card Driver is 4 years behind. Upgrade nVidia Display card will resolve the blue screen problem.
>>>
Do you agree that I answer question 1 and question 2? Since your ntosknel is not corrupted, it is no need to repiar. If you only award points which only if question 3 is answered, I have no objection.
cpc2004
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Hi,
The latest windbg version 6.6 and your version is 5.1. Install windbg 6.6
>>>
Microsoft Windows XP [Version 5.1.2600]
>>>>
cpc2004
The latest windbg version 6.6 and your version is 5.1. Install windbg 6.6
>>>
Microsoft Windows XP [Version 5.1.2600]
>>>>
cpc2004
Hi,
One sample output of windbg 6.6
PAGE_FAULT_IN_NONPAGED_ARE
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: e6167008, memory referenced.
Arg2: 00000000, value 0 = read operation, 1 = write operation.
Arg3: 8052d8f7, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 00000001, (reserved)
Debugging Details:
------------------
Could not read faulting driver name
READ_ADDRESS: e6167008
FAULTING_IP:
nt!RtlInitUnicodeString+1b
8052d8f7 f266af repne scas word ptr es:[edi]
MM_INTERNAL_CODE: 1
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0x50
PROCESS_NAME: Update.exe <-------------------------
LAST_CONTROL_TRANSFER: from 8054078c to 8052d8f7
cpc2004
One sample output of windbg 6.6
PAGE_FAULT_IN_NONPAGED_ARE
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: e6167008, memory referenced.
Arg2: 00000000, value 0 = read operation, 1 = write operation.
Arg3: 8052d8f7, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 00000001, (reserved)
Debugging Details:
------------------
Could not read faulting driver name
READ_ADDRESS: e6167008
FAULTING_IP:
nt!RtlInitUnicodeString+1b
8052d8f7 f266af repne scas word ptr es:[edi]
MM_INTERNAL_CODE: 1
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0x50
PROCESS_NAME: Update.exe <-------------------------
LAST_CONTROL_TRANSFER: from 8054078c to 8052d8f7
cpc2004
Hi,
I find out the running process from your 2nd debug log and it is WindowsXP-KB922. I search goggle and microsoft and no hit.
>>>
PROCESS_NAME: WindowsXP-KB922
>>>
I find out the running process from your 2nd debug log and it is WindowsXP-KB922. I search goggle and microsoft and no hit.
>>>
PROCESS_NAME: WindowsXP-KB922
>>>
ASKER
I'd love to install windbg to find out the problem, but it has already been fixed. I will award you the points for your hard work. I believe if I wouldn't have fixed it, you may have been able to pin point the problem. Thank you.
Hi,
Probably your problem is related to Microsoft KB922582. Search google KB922582 and BSOD and you will find a lot of hits.
cpc2004
Probably your problem is related to Microsoft KB922582. Search google KB922582 and BSOD and you will find a lot of hits.
cpc2004
ASKER
At the bottom of the screen, the last post has some interesting info:
http://groups.google.com/group/microsoft.public.windowsupdate/browse_thread/thread/155d503b2519643/523794d67cb70d4e?lnk=st&q=KB922582+bsod&rnum=3&hl=en#523794d67cb70d4e
There were some infections, so it is highly likely this was the source of the problem.
http://groups.google.com/group/microsoft.public.windowsupdate/browse_thread/thread/155d503b2519643/523794d67cb70d4e?lnk=st&q=KB922582+bsod&rnum=3&hl=en#523794d67cb70d4e
There were some infections, so it is highly likely this was the source of the problem.
Answer: If I am not mistaken I believe that this is a RAM error, I think it will more than likley go away after you resolve your virus.
2. What can be done if the ntoskrnl.exe file is damaged in some way?
Answer: click on RUN type sfc /scannow and have your CD handy.
3. Or if questions 1 & 2 don't apply, how to you repair the Automatic Updates service?
The Auto update service, Open notepad and paste code below, then save as wufix.bat
Once you have done that run this BAT file
net stop wuauserv
regsvr32 wuapi.dll /s
regsvr32 wups.dll /s
regsvr32 wuaueng.dll /s
regsvr32 wucltui.dll /s
regsvr32 wuweb.dll /s
regsvr32 msxml.dll /s
regsvr32 msxml2.dll /s
regsvr32 msxml3.dll /s
regsvr32 urlmon.dll /s
net start wuauserv
regsvr32 softpub.dll /s
regsvr32 initpki.dll /s
regsvr32 mssip32.dll /s
regsvr32 wintrust.dll /s
regsvr32 dssenh.dll /s
regsvr32 rsaenh.dll /s
regsvr32 gpkcsp.dll /s
regsvr32 sccbase.dll /s
regsvr32 slbcsp.dll /s
regsvr32 cryptdlg.dll /s
regsvr32 jscript.dll /s
regsvr32 vbscipt.dll /s