BSOD - Please Help (ntoskrnl.exe)
Hi, I have a few computers that have started to BSOD
No new applications \ software have been installed, ive run a full memory check (memtest86) and chkdsk'd the disks all come back with no errors, the BSOD's seem to happen randomly. (Win7 64bit)
Here is the dump file if anyboady can help it would be greatly appreciated!
----------------------------------------------------------------------------------------------------
Microsoft (R) Windows Debugger Version 6.2.8400.0 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [F:\\070612-19921-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: C:\Symbols
Executable search path is:
Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17835.amd64fre.win7sp1_gdr.120503-2030
Machine Name:
Kernel base = 0xfffff800`02c02000 PsLoadedModuleList = 0xfffff800`02e46670
Debug session time: Thu Jul 5 17:06:55.001 2012 (UTC + 1:00)
System Uptime: 0 days 0:01:23.007
Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Loading Kernel Symbols
...............................................................
................................................................
.................................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck C4, {91, 1, fffffa8006b8bb50, 0}
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*************************************************************************
***
***
***
***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
***
***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
***
***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work.
***
***
***
*** Type referenced: nt!_KPRCB
***
***
***
*************************************************************************
*************************************************************************
***
***
***
***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
***
***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
***
***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work.
***
***
***
*** Type referenced: nt!KPRCB
***
***
***
*************************************************************************
*************************************************************************
***
***
***
***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
***
***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
***
***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work.
***
***
***
*** Type referenced: nt!_KPRCB
***
***
***
*************************************************************************
*************************************************************************
***
***
***
***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
***
***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
***
***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work.
***
***
***
*** Type referenced: nt!KPRCB
***
***
***
*************************************************************************
*************************************************************************
***
***
***
***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
***
***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
***
***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work.
***
***
***
*** Type referenced: nt!_KPRCB
***
***
***
*************************************************************************
*************************************************************************
***
***
***
***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
***
***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
***
***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work.
***
***
***
*** Type referenced: nt!_KPRCB
***
***
***
*************************************************************************
*************************************************************************
***
***
***
***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
***
***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
***
***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work.
***
***
***
*** Type referenced: nt!_KPRCB
***
***
***
*************************************************************************
*************************************************************************
***
***
***
***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
***
***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
***
***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work.
***
***
***
*** Type referenced: nt!_KPRCB
***
***
***
*************************************************************************
Probably caused by : ntoskrnl.exe ( nt+7f1c0 )
Followup: MachineOwner
---------
July 9th, 2012 9:27am
Please Upload the 070612-19921-01.dmp into
SkyDrive.
path : c:\Windows\Minidump
Regards,
MCT / MCITP / MCTS / MCSA / C|EH
Free Windows Admin Tool Kit Click here and download it now
July 9th, 2012 11:26am
Thank you for your reply, I have uploaded the dump file to the public folder on my skydrive account, I have also included the other dump files from the computer.
https://skydrive.live.com/?cid=044CE4052077622C&id=44CE4052077622C%21108
Regards
Mark
July 9th, 2012 11:43am
yes, and copy the Link and paste it here
Regards,
MCT / MCITP / MCTS / MCSA / C|EH
Free Windows Admin Tool Kit Click here and download it now
July 9th, 2012 11:54am
Here you go...
https://skydrive.live.com/?cid=044CE4052077622C&id=44CE4052077622C%21108
I have also included the other dump files from the computer.
Many thanks for your help!
regards
Mark
July 9th, 2012 12:05pm
Mark
What is your computer make and model? If not a branded computer what is your motherboard make and model?
Type System information in the Search Box above the start Button and press the ENTER key. What is your BIOS version and date?
Is your Windows 7 32 bit or 64 bit?Hope this helps, Gerry
Free Windows Admin Tool Kit Click here and download it now
July 9th, 2012 2:33pm
Hi,
DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
A device driver attempting to corrupt the system has been caught. This is because the driver was specified in the registry as being suspect (by the administrator) and the kernel has enabled substantial checking of this driver. If the driver attempts to
corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will be among the most commonly seen crashes.
Arguments:
Arg1: 0000000000000091, A driver switched stacks using a method that is not supported by the operating system. The only supported way to extend a kernel mode stack is by using KeExpandKernelStackAndCallout.
DEBUG_FLR_IMAGE_TIMESTAMP: 4fa390f3
BUGCHECK_STR: 0xc4_91
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
-------------------------------------------------------------------
These actions might prevent an error like this from happening again:
Download and install updates and device drivers for your computer from Windows Update.
Scan your computer for computer viruses.
Check your hard disk for errors.
Bug Check 0xC4: DRIVER_VERIFIER_DETECTED_VIOLATION
http://msdn.microsoft.com/en-us/library/windows/hardware/ff560187(v=vs.85).aspxIvan-Liu
TechNet Community Support
July 10th, 2012 3:29am
Hi Gerry,
Thanks for your email, here you go...
Lenovo ThinkCentre M71Z (1741A7G)
Bios Version - 9PKT27AUS (11/01/2011) running latest bios and drivers from Lenovo website
Windows 7 64bit
Reagrds
Mark
Free Windows Admin Tool Kit Click here and download it now
July 10th, 2012 4:22am
Hi Ivan,
I'm running the latest updates form microsoft and the latest drivers from the computer manafuctures (Lenovo) website, I have scanned my drive using chkdsk and checked my memory using memtest86, and scanned my drive for virus's all
reported no issues!
Kind Regards
Mark
July 10th, 2012 4:28am
Mark
BIOS dated 16 April 2012 (also available on UK site)
http://support.lenovo.com/en_US/downloads/default.page?
Hope this helps, Gerry
Free Windows Admin Tool Kit Click here and download it now
July 10th, 2012 5:24pm
Thanks for the reply Gerry,
I did run the latest bios update from the UK lenovo site dated 16th April 2012, (9pjy27usa.exe) the flash bios run correctly.
The bios reads..
9P27AAUS BIOS REVISION LEVEL
9P27A BOOT BLOACK REVISION LEVEL
11/01/2011 BIOS DATE
Regards
Mark
July 11th, 2012 5:11am
In one of the errors the process that crashed was the FSRT.exe and the f101fs.sys appeared to cause the DRIVER_VERIFIER_DETECTED_VIOLATION error.
Theses appear to be components of Fortres Grand software.
What Fortres Grand software is installed? There appears to be an issue with this software.
Also, did you enable the Driver Verifier and, if so, why?
What I would suggest at this point is to "turn off" the Driver Verifier:
Start > type verifier in the Search programs and files box and press "Enter" > Delete existing settings > Finish
Restart the computer
If you experience further BSODs please provide the resulting minidump file(s).
Also, in your first post the Windows Debugger needs to have the symbol file path set to properly read a minidump file:
Open WinDbg > File > Symbol File Path and then paste the following under "Symbol path":
SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
then click "OK"
Then close WinDbg and answer "Yes" to the "Save information for workspace" question
Then run or rerun any minidump anaylsis.
Free Windows Admin Tool Kit Click here and download it now
July 11th, 2012 7:05am
Thanks for your reply,
Yes I did temporarily have the driver verifier switched on for testing purposes, it did flag up f101fs.sys as the cause of the blue screen.
We use fortres101 on our computers, I have just spoken to Fortres Grand technical support, they recognise this as a known problem on the latest build of the software, and are
working on a new build to fix the bsod issue.
I have just removed fortres from the effected machines and currently testing so far no bsod's!
So hopefully have found the cause, tho not all the dump files relate to this driver as being the problem? so will continue to test and monitor if any more bsod's I will post (and set
the symbol file path correctly).
Thank you again for your help!
Mark
July 11th, 2012 8:02am
You're welcome, and good luck!
Although some of the dump files may not have shown direct involvement of the f101fs.sys the f101fs.sys may still have been the cause.
Free Windows Admin Tool Kit Click here and download it now
July 12th, 2012 12:31am