BSOD - Please Help (ntoskrnl.exe)
Hi, I have a few computers that have started to BSOD No new applications \ software have been installed, ive run a full memory check (memtest86) and chkdsk'd the disks all come back with no errors, the BSOD's seem to happen randomly. (Win7 64bit) Here is the dump file if anyboady can help it would be greatly appreciated! ---------------------------------------------------------------------------------------------------- Microsoft (R) Windows Debugger Version 6.2.8400.0 AMD64 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [F:\\070612-19921-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: C:\Symbols Executable search path is: Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2 *** WARNING: Unable to verify timestamp for ntoskrnl.exe *** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Built by: 7601.17835.amd64fre.win7sp1_gdr.120503-2030 Machine Name: Kernel base = 0xfffff800`02c02000 PsLoadedModuleList = 0xfffff800`02e46670 Debug session time: Thu Jul 5 17:06:55.001 2012 (UTC + 1:00) System Uptime: 0 days 0:01:23.007 Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2 *** WARNING: Unable to verify timestamp for ntoskrnl.exe *** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe Loading Kernel Symbols ............................................................... ................................................................ ................................. Loading User Symbols Loading unloaded module list .... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck C4, {91, 1, fffffa8006b8bb50, 0} ***** Kernel symbols are WRONG. Please fix symbols to do analysis. ************************************************************************* *** *** *** *** *** Either you specified an unqualified symbol, or your debugger *** *** doesn't have full symbol information. Unqualified symbol *** *** resolution is turned off by default. Please either specify a *** *** fully qualified symbol module!symbolname, or enable resolution *** *** of unqualified symbols by typing ".symopt- 100". Note that *** *** enabling unqualified symbol resolution with network symbol *** *** server shares in the symbol path may cause the debugger to *** *** appear to hang for long periods of time when an incorrect *** *** symbol name is typed or the network symbol server is down. *** *** *** *** For some commands to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Either you specified an unqualified symbol, or your debugger *** *** doesn't have full symbol information. Unqualified symbol *** *** resolution is turned off by default. Please either specify a *** *** fully qualified symbol module!symbolname, or enable resolution *** *** of unqualified symbols by typing ".symopt- 100". Note that *** *** enabling unqualified symbol resolution with network symbol *** *** server shares in the symbol path may cause the debugger to *** *** appear to hang for long periods of time when an incorrect *** *** symbol name is typed or the network symbol server is down. *** *** *** *** For some commands to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Either you specified an unqualified symbol, or your debugger *** *** doesn't have full symbol information. Unqualified symbol *** *** resolution is turned off by default. Please either specify a *** *** fully qualified symbol module!symbolname, or enable resolution *** *** of unqualified symbols by typing ".symopt- 100". Note that *** *** enabling unqualified symbol resolution with network symbol *** *** server shares in the symbol path may cause the debugger to *** *** appear to hang for long periods of time when an incorrect *** *** symbol name is typed or the network symbol server is down. *** *** *** *** For some commands to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Either you specified an unqualified symbol, or your debugger *** *** doesn't have full symbol information. Unqualified symbol *** *** resolution is turned off by default. Please either specify a *** *** fully qualified symbol module!symbolname, or enable resolution *** *** of unqualified symbols by typing ".symopt- 100". Note that *** *** enabling unqualified symbol resolution with network symbol *** *** server shares in the symbol path may cause the debugger to *** *** appear to hang for long periods of time when an incorrect *** *** symbol name is typed or the network symbol server is down. *** *** *** *** For some commands to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Either you specified an unqualified symbol, or your debugger *** *** doesn't have full symbol information. Unqualified symbol *** *** resolution is turned off by default. Please either specify a *** *** fully qualified symbol module!symbolname, or enable resolution *** *** of unqualified symbols by typing ".symopt- 100". Note that *** *** enabling unqualified symbol resolution with network symbol *** *** server shares in the symbol path may cause the debugger to *** *** appear to hang for long periods of time when an incorrect *** *** symbol name is typed or the network symbol server is down. *** *** *** *** For some commands to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Either you specified an unqualified symbol, or your debugger *** *** doesn't have full symbol information. Unqualified symbol *** *** resolution is turned off by default. Please either specify a *** *** fully qualified symbol module!symbolname, or enable resolution *** *** of unqualified symbols by typing ".symopt- 100". Note that *** *** enabling unqualified symbol resolution with network symbol *** *** server shares in the symbol path may cause the debugger to *** *** appear to hang for long periods of time when an incorrect *** *** symbol name is typed or the network symbol server is down. *** *** *** *** For some commands to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Either you specified an unqualified symbol, or your debugger *** *** doesn't have full symbol information. Unqualified symbol *** *** resolution is turned off by default. Please either specify a *** *** fully qualified symbol module!symbolname, or enable resolution *** *** of unqualified symbols by typing ".symopt- 100". Note that *** *** enabling unqualified symbol resolution with network symbol *** *** server shares in the symbol path may cause the debugger to *** *** appear to hang for long periods of time when an incorrect *** *** symbol name is typed or the network symbol server is down. *** *** *** *** For some commands to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Either you specified an unqualified symbol, or your debugger *** *** doesn't have full symbol information. Unqualified symbol *** *** resolution is turned off by default. Please either specify a *** *** fully qualified symbol module!symbolname, or enable resolution *** *** of unqualified symbols by typing ".symopt- 100". Note that *** *** enabling unqualified symbol resolution with network symbol *** *** server shares in the symbol path may cause the debugger to *** *** appear to hang for long periods of time when an incorrect *** *** symbol name is typed or the network symbol server is down. *** *** *** *** For some commands to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* Probably caused by : ntoskrnl.exe ( nt+7f1c0 ) Followup: MachineOwner ---------
July 9th, 2012 9:27am

Please Upload the 070612-19921-01.dmp into SkyDrive. path : c:\Windows\Minidump Regards, MCT / MCITP / MCTS / MCSA / C|EH
Free Windows Admin Tool Kit Click here and download it now
July 9th, 2012 11:26am

Thank you for your reply, I have uploaded the dump file to the public folder on my skydrive account, I have also included the other dump files from the computer. https://skydrive.live.com/?cid=044CE4052077622C&id=44CE4052077622C%21108 Regards Mark
July 9th, 2012 11:43am

yes, and copy the Link and paste it here Regards, MCT / MCITP / MCTS / MCSA / C|EH
Free Windows Admin Tool Kit Click here and download it now
July 9th, 2012 11:54am

Here you go... https://skydrive.live.com/?cid=044CE4052077622C&id=44CE4052077622C%21108 I have also included the other dump files from the computer. Many thanks for your help! regards Mark
July 9th, 2012 12:05pm

Mark What is your computer make and model? If not a branded computer what is your motherboard make and model? Type System information in the Search Box above the start Button and press the ENTER key. What is your BIOS version and date? Is your Windows 7 32 bit or 64 bit?Hope this helps, Gerry
Free Windows Admin Tool Kit Click here and download it now
July 9th, 2012 2:33pm

Hi, DRIVER_VERIFIER_DETECTED_VIOLATION (c4) A device driver attempting to corrupt the system has been caught. This is because the driver was specified in the registry as being suspect (by the administrator) and the kernel has enabled substantial checking of this driver. If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will be among the most commonly seen crashes. Arguments: Arg1: 0000000000000091, A driver switched stacks using a method that is not supported by the operating system. The only supported way to extend a kernel mode stack is by using KeExpandKernelStackAndCallout. DEBUG_FLR_IMAGE_TIMESTAMP: 4fa390f3 BUGCHECK_STR: 0xc4_91 CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT ------------------------------------------------------------------- These actions might prevent an error like this from happening again: Download and install updates and device drivers for your computer from Windows Update. Scan your computer for computer viruses. Check your hard disk for errors. Bug Check 0xC4: DRIVER_VERIFIER_DETECTED_VIOLATION http://msdn.microsoft.com/en-us/library/windows/hardware/ff560187(v=vs.85).aspxIvan-Liu TechNet Community Support
July 10th, 2012 3:29am

Hi Gerry, Thanks for your email, here you go... Lenovo ThinkCentre M71Z (1741A7G) Bios Version - 9PKT27AUS (11/01/2011) running latest bios and drivers from Lenovo website Windows 7 64bit Reagrds Mark
Free Windows Admin Tool Kit Click here and download it now
July 10th, 2012 4:22am

Hi Ivan, I'm running the latest updates form microsoft and the latest drivers from the computer manafuctures (Lenovo) website, I have scanned my drive using chkdsk and checked my memory using memtest86, and scanned my drive for virus's all reported no issues! Kind Regards Mark
July 10th, 2012 4:28am

Mark BIOS dated 16 April 2012 (also available on UK site) http://support.lenovo.com/en_US/downloads/default.page? Hope this helps, Gerry
Free Windows Admin Tool Kit Click here and download it now
July 10th, 2012 5:24pm

Thanks for the reply Gerry, I did run the latest bios update from the UK lenovo site dated 16th April 2012, (9pjy27usa.exe) the flash bios run correctly. The bios reads.. 9P27AAUS BIOS REVISION LEVEL 9P27A BOOT BLOACK REVISION LEVEL 11/01/2011 BIOS DATE Regards Mark
July 11th, 2012 5:11am

In one of the errors the process that crashed was the FSRT.exe and the f101fs.sys appeared to cause the DRIVER_VERIFIER_DETECTED_VIOLATION error. Theses appear to be components of Fortres Grand software. What Fortres Grand software is installed? There appears to be an issue with this software. Also, did you enable the Driver Verifier and, if so, why? What I would suggest at this point is to "turn off" the Driver Verifier: Start > type verifier in the Search programs and files box and press "Enter" > Delete existing settings > Finish Restart the computer If you experience further BSODs please provide the resulting minidump file(s). Also, in your first post the Windows Debugger needs to have the symbol file path set to properly read a minidump file: Open WinDbg > File > Symbol File Path and then paste the following under "Symbol path": SRV*c:\symbols*http://msdl.microsoft.com/download/symbols then click "OK" Then close WinDbg and answer "Yes" to the "Save information for workspace" question Then run or rerun any minidump anaylsis.
Free Windows Admin Tool Kit Click here and download it now
July 11th, 2012 7:05am

Thanks for your reply, Yes I did temporarily have the driver verifier switched on for testing purposes, it did flag up f101fs.sys as the cause of the blue screen. We use fortres101 on our computers, I have just spoken to Fortres Grand technical support, they recognise this as a known problem on the latest build of the software, and are working on a new build to fix the bsod issue. I have just removed fortres from the effected machines and currently testing so far no bsod's! So hopefully have found the cause, tho not all the dump files relate to this driver as being the problem? so will continue to test and monitor if any more bsod's I will post (and set the symbol file path correctly). Thank you again for your help! Mark
July 11th, 2012 8:02am

You're welcome, and good luck! Although some of the dump files may not have shown direct involvement of the f101fs.sys the f101fs.sys may still have been the cause.
Free Windows Admin Tool Kit Click here and download it now
July 12th, 2012 12:31am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics