Jump to content

Windows 7 BSOD/ Hibernate problem


Pinworms

Recommended Posts

Hi, If anyone has any suggestions on fixing this problem I would love to here them. I have spent about a week working on this with little progress. I found I was infected with a couple Trojans one was the Trojan.Zeroaccess.C. Removed and or quarantine them. I seem to have less BSOD issues now.

Currently, when the computer is awakened from hibernate by pushing the power button I am immediately told windows did not shut down properly and I have the option to start normally or in safe mode. Occasionally I will get a BSOD while doing random things in windows. There was two different reported causes for these blue screens according to windows. One is ntoskrnl.exe, I cant recall the other lesser problem causing file( the log file has be deleted). The computer usualy works fine. It restarts fine. Most of the time the only issue is when awakening from Hibernate and then random BSOD.

I have a HP Pavilon dv6

windows 7 x64

all windows updates downloaded except bing desktop

all drivers up to date according to windows

additional updates downloaded from HP's webite to include BIOS

full virus scan by Norton

I have tried performing a clean boot by disabling ALL services including all windows services in MSCONFIG. I had to allow one of the services to run so windows could use the Hibernate feature. Even with all the services disabled except that one and a couple other services that windows would automatically enable, I would still have the problem awakening form Hibernate.

I have allowed windows to run the startup repair and restoring to when it thought everything was fine and dandy.

I tried "open services and stop the Windows Management Instrumentation Service. Take ownership of the folder or the contents of the folder "C:\Windows\System32\wbem\Repository." .Delete the contents of the folder. Reboot. " which i read from another thread.

Ive ran sfc, scan disk, disk defrag and the built in memory tester in my BIOS.

Here is a save from Blue Screen View

==================================================

Dump File : 082012-32027-01.dmp

Crash Time : 8/20/2012 5:56:30 PM

Bug Check String : KMODE_EXCEPTION_NOT_HANDLED

Bug Check Code : 0x0000001e

Parameter 1 : ffffffff`c0000005

Parameter 2 : fffff800`02eb97ef

Parameter 3 : 00000000`00000000

Parameter 4 : 00000000`7ef80000

Caused By Driver : ntoskrnl.exe

Caused By Address : ntoskrnl.exe+7f1c0

File Description : NT Kernel & System

Product Name : Microsoft® Windows® Operating System

Company : Microsoft Corporation

File Version : 6.1.7601.17835 (win7sp1_gdr.120503-2030)

Processor : x64

Crash Address : ntoskrnl.exe+7f1c0

Stack Address 1 :

Stack Address 2 :

Stack Address 3 :

Computer Name :

Full Path : C:\Windows\Minidump\082012-32027-01.dmp

Processors Count : 8

Major Version : 15

Minor Version : 7601

Dump File Size : 262,144

==================================================

Link to comment
Share on other sites


I'm not sure what kind of dump file would be most useful. I tried to upload the dump file currently in my windows folder but it is too large. When I try to open it with the windows debugger tool this is what I get.

Microsoft ® Windows Debugger Version 6.12.0002.633 AMD64

Copyright © Microsoft Corporation. All rights reserved.

Loading Dump File [C:\Windows\MEMORY.DMP]

Kernel Summary Dump File: Only kernel address space is available

Symbol search path is: *** Invalid ***

****************************************************************************

* Symbol loading may be unreliable without a symbol search path. *

* Use .symfix to have the debugger choose a symbol path. *

* After setting your symbol path, use .reload to refresh symbol locations. *

****************************************************************************

Executable search path is:

*********************************************************************

* Symbols can not be loaded because symbol path is not initialized. *

* *

* The Symbol Path can be set by: *

* using the _NT_SYMBOL_PATH environment variable. *

* using the -y <symbol_path> argument when starting the debugger. *

* using .sympath and .sympath+ *

*********************************************************************

*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrnlmp.exe -

Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64

Product: WinNt, suite: TerminalServer SingleUserTS Personal

Built by: 7601.17835.amd64fre.win7sp1_gdr.120503-2030

Machine Name:

Kernel base = 0xfffff800`02e5a000 PsLoadedModuleList = 0xfffff800`0309e670

Debug session time: Mon Aug 20 17:50:16.925 2012 (UTC - 6:00)

System Uptime: 0 days 4:21:01.831

*********************************************************************

* Symbols can not be loaded because symbol path is not initialized. *

* *

* The Symbol Path can be set by: *

* using the _NT_SYMBOL_PATH environment variable. *

* using the -y <symbol_path> argument when starting the debugger. *

* using .sympath and .sympath+ *

*********************************************************************

*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrnlmp.exe -

Loading Kernel Symbols

...............................................................

................................................................

...................................................

Loading User Symbols

PEB is paged out (Peb.Ldr = 00000000`7efdf018). Type ".hh dbgerr001" for details

Loading unloaded module list

.........

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1E, {ffffffffc0000005, fffff80002eb97ef, 0, 7ef80000}

*** ERROR: Module load completed but symbols could not be loaded for mssmbios.sys

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

*************************************************************************

*** ***

*** ***

*** Your debugger is not using the correct symbols ***

*** ***

*** In order for this command to work properly, your symbol path ***

*** must point to .pdb files that have full type information. ***

*** ***

*** Certain .pdb files (such as the public OS symbols) do not ***

*** contain the required information. Contact the group that ***

*** provided you with these symbols if you need this command to ***

*** work. ***

*** ***

*** Type referenced: nt!_KPRCB ***

*** ***

*************************************************************************

*************************************************************************

*** ***

*** ***

*** Your debugger is not using the correct symbols ***

*** ***

*** In order for this command to work properly, your symbol path ***

*** must point to .pdb files that have full type information. ***

*** ***

*** Certain .pdb files (such as the public OS symbols) do not ***

*** contain the required information. Contact the group that ***

*** provided you with these symbols if you need this command to ***

*** work. ***

*** ***

*** Type referenced: nt!_KPRCB ***

*** ***

*************************************************************************

*************************************************************************

*** ***

*** ***

*** Your debugger is not using the correct symbols ***

*** ***

*** In order for this command to work properly, your symbol path ***

*** must point to .pdb files that have full type information. ***

*** ***

*** Certain .pdb files (such as the public OS symbols) do not ***

*** contain the required information. Contact the group that ***

*** provided you with these symbols if you need this command to ***

*** work. ***

*** ***

*** Type referenced: nt!_KPRCB ***

*** ***

*************************************************************************

Probably caused by : ntkrnlmp.exe ( nt!RtlInitEnumerationHashTable+2ab )

Followup: MachineOwner

---------

Link to comment
Share on other sites

the dump is not useful. Zip the Memory.dmp and upload it to your SkyDrive and post a link here.

iaStor.sys maybe the cause:

KMODE_EXCEPTION_NOT_HANDLED (1e)

This is a very common bugcheck. Usually the exception address pinpoints

the driver/function that caused the problem. Always note this address

as well as the link date of the driver/image that contains this address.

Arguments:

Arg1: ffffffffc0000005, The exception code that was not handled

Arg2: fffff80002eb97ef, The address that the exception occurred at

Arg3: 0000000000000000, Parameter 0 of the exception

Arg4: 000000007ef80000, Parameter 1 of the exception

Debugging Details:

Call Site

nt!KeBugCheckEx

nt! ?? ::FNODOBFM::`string'

nt!KiExceptionDispatch

nt!KiPageFault

nt!RtlImageNtHeaderEx

nt!RtlImageNtHeader

0x0

0x0

ffff880`03761f28 fffff800`02f23d88 nt! ?? ::FNODOBFM::`string'+0x48d3d

fffff880`03761f30 00000000`0000001e

fffff880`03761f38 ffffffff`c0000005

fffff880`03761f40 fffff800`02eb97ef nt!RtlImageNtHeaderEx+0x3f

fffff880`03761f48 00000000`00000000

fffff880`03761f50 00000000`7ef80000

fffff880`03761f58 fffff800`02ecbb01 nt!KiDeliverApc+0xf1

fffff880`03761f80 fffff880`03761ff8

fffff880`03761f88 fffff800`02ef3c87 nt!MmMapLockedPagesSpecifyCache+0x50c

fffff880`03761f90 00001f80`0010001f

fffff880`03762058 fffff800`02eb97ef nt!RtlImageNtHeaderEx+0x3f

fffff880`03762060 00000000`00000000

fffff880`03762068 fffff800`02edff8f nt!KeWaitForSingleObject+0x19f

fffff880`03762070 fffff880`03762100

fffff880`03762078 fffffa80`00001f80

fffff880`03762080 fffffa80`00000000

fffff880`03762088 fffffa80`08137000

fffff880`03762090 00000000`00000000

fffff880`03762098 fffff880`010aa106Unable to load image \SystemRoot\system32\DRIVERS\iaStor.sys, Win32 error 0n2

*** WARNING: Unable to verify timestamp for iaStor.sys

*** ERROR: Module load completed but symbols could not be loaded for iaStor.sys

iaStor+0x39106

fffff880`037620a0 00000000`00000000

4: kd> lmvm iaStor

start end module name

fffff880`01071000 fffff880`011c5000 iaStor T (no symbols)

Loaded symbol image file: iaStor.sys

Image path: \SystemRoot\system32\DRIVERS\iaStor.sys

Image name: iaStor.sys

Timestamp: Thu Jan 13 02:50:12 2011

so update the Intel SATA drivers.

Edited by MagicAndre1981
Link to comment
Share on other sites

I updated the Intel SATA drivers again. Ran chkdsk again. Still have the problem when after the computer hibernates. I am thinking the easiest fix now may be just to back up and reinstall windows.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...