Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fresh Windows install but constant crashing!


  • Please log in to reply
2 replies to this topic

#1 Dancin Homer

Dancin Homer

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 03 December 2012 - 09:10 AM

I just done a fresh clean install of Windows 7 (due to brand new WD Blue 500Gb HDD) on a PB EasyNote TS-13HR, all drivers are the latest from PB's website all Windows 7 updates done and MS Sec Essentials insatlled.

It crashes constantly but can then sometimes it'll be fine for hours :blink: I suspect a compatibilty issue with HDD, but not to sure really?

Below is the debug from memory.dmp - it seems to point at a registry error, which is new (older crash dumps didn't say that!)

Any help would be appreciated!


Microsoft ® Windows Debugger Version 6.2.9200.20512 AMD64
Copyright © Microsoft Corporation. All rights reserved.

Loading Dump File [M:\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.17944.amd64fre.win7sp1_gdr.120830-0333
Machine Name:
Kernel base = 0xfffff800`02c58000 PsLoadedModuleList = 0xfffff800`02e9c670
Debug session time: Mon Dec 3 12:57:23.184 2012 (UTC + 0:00)
System Uptime: 0 days 0:01:35.448
Loading Kernel Symbols
...............................................................
................................................................
......................
Loading User Symbols
PEB is paged out (Peb.Ldr = 000007ff`fffdf018). Type ".hh dbgerr001" for details
Loading unloaded module list
...
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 51, {1, fffff8a000023410, f0b000, 374}

Probably caused by : ntkrnlmp.exe ( nt! ?? ::NNGAKEGL::`string'+9eea )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

REGISTRY_ERROR (51)
Something has gone badly wrong with the registry. If a kernel debugger
is available, get a stack trace. It can also indicate that the registry got
an I/O error while trying to read one of its files, so it can be caused by
hardware problems or filesystem corruption.
It may occur due to a failure in a refresh operation, which is used only
in by the security system, and then only when resource limits are encountered.
Arguments:
Arg1: 0000000000000001, (reserved)
Arg2: fffff8a000023410, (reserved)
Arg3: 0000000000f0b000, depends on where Windows bugchecked, may be pointer to hive
Arg4: 0000000000000374, depends on where Windows bugchecked, may be return code of
HvCheckHive if the hive is corrupt.

Debugging Details:
------------------


DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT

BUGCHECK_STR: 0x51

PROCESS_NAME: services.exe

CURRENT_IRQL: 0

LAST_CONTROL_TRANSFER: from fffff80003002318 to fffff80002cd6fc0

STACK_TEXT:
fffff880`055db2b8 fffff800`03002318 : 00000000`00000051 00000000`00000001 fffff8a0`00023410 00000000`00f0b000 : nt!KeBugCheckEx
fffff880`055db2c0 fffff800`02f6b3a5 : 00000000`002d6d84 00000000`00007857 fffff8a0`00000001 20204d43`00000004 : nt! ?? ::NNGAKEGL::`string'+0x9eea
fffff880`055db320 fffff800`02f6b17c : fffff8a0`00023410 fffff8a0`00023410 fffff8a0`0002c020 00000000`00001000 : nt!HvMarkDirty+0x176
fffff880`055db380 fffff800`03006d00 : fffff8a0`00023410 00000000`00000000 fffff8a0`01142cbc fffff8a0`01142c0c : nt!HvMarkCellDirty+0x150
fffff880`055db3d0 fffff800`02f2c7c2 : 00000000`00000001 fffff8a0`00a67130 fffff8a0`00a8ef9c fffff8a0`00023410 : nt! ?? ::NNGAKEGL::`string'+0x11924
fffff880`055db410 fffff800`02f2c564 : fffff8a0`00a8ef9c 00000000`ffffffff fffff8a0`00a8ef9c fffff8a0`00023410 : nt!CmpMarkKeyValuesDirty+0x182
fffff880`055db4b0 fffff800`02f2bc6a : fffff8a0`00023410 00000000`ffffffff fffff8a0`00a8ef9c fffff8a0`00023410 : nt!CmpFreeKeyValues+0x24
fffff880`055db4e0 fffff800`02f2b998 : fffff8a0`00023410 00000000`0087a100 fffff8a0`00a8ef9c fffff8a0`00dbef98 : nt!CmpSyncKeyValues+0x7a
fffff880`055db5c0 fffff800`02f2dc5e : fffff8a0`030fb000 00000000`003fa3b8 fffffa80`00000000 00000000`00000000 : nt!CmpCopySyncTree2+0x2a8
fffff880`055db670 fffff800`02f2db77 : 00000000`00000000 00000000`00000002 fffff8a0`02afb1d0 fffff8a0`02ae4fa0 : nt!CmpCopySyncTree+0x6e
fffff880`055db6c0 fffff800`02f2d746 : 00000000`00000000 00000000`00000000 00000000`00000001 00000000`00000000 : nt!CmpSaveBootControlSet+0x307
fffff880`055db8a0 fffff800`02cd6253 : fffffa80`07722b50 00000000`00000000 fffff880`055db970 00000000`00000001 : nt!NtInitializeRegistry+0xc6
fffff880`055db8f0 fffff800`02cd2810 : fffff800`02f2d6ef 00000000`00000220 00000000`0027f498 00000000`0027f7c8 : nt!KiSystemServiceCopyEnd+0x13
fffff880`055dba88 fffff800`02f2d6ef : 00000000`00000220 00000000`0027f498 00000000`0027f7c8 00000000`000a001f : nt!KiServiceLinkage
fffff880`055dba90 fffff800`02cd6253 : fffffa80`07722b50 fffff880`055dbb60 fffff880`055dbb60 00000000`00000002 : nt!NtInitializeRegistry+0x6f
fffff880`055dbae0 00000000`779120ba : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0027f748 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x779120ba


STACK_COMMAND: kb

FOLLOWUP_IP:
nt! ?? ::NNGAKEGL::`string'+9eea
fffff800`03002318 cc int 3

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: nt! ?? ::NNGAKEGL::`string'+9eea

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 503f82be

FAILURE_BUCKET_ID: X64_0x51_nt!_??_::NNGAKEGL::_string_+9eea

BUCKET_ID: X64_0x51_nt!_??_::NNGAKEGL::_string_+9eea

Followup: MachineOwner

BC AdBot (Login to Remove)

 


#2 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:31 AM

Posted 04 December 2012 - 03:32 AM

For your info: Here . :thumbup2:

#3 Dancin Homer

Dancin Homer
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 05 December 2012 - 05:21 AM

Thanks sundavis, registry issue seems to be repaired now - however I'm pretty sure there is an underlying issue that caused this registry corruption so will be waiting on the next BSOD to occur (as it did before registry issue appeared).

Hopefully it won't but I'm sure I'll be posting issue soon :busy:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users