18 Jun 2011   #1

Windows 7 Professional 32 bit
problem event name bluescreen

Hi there. this is my first post.

I installed Windows 7 Pro 32 about 1 month ago, upgrade from XP Pro. Everything was working great until yesterday when all programs stopped responding and the pc shutdown. every time a reboot and run in normal mode every program I open fails to respond, can't even browse the internet. I can only function in Safe Mode.

Problem Event Name: Bluescreen
OS Version: 6.1.7601.
Locale ID: 4105
BCCode: c5
BCP1: 0000FF00
BCP2: 00000002
BCP3: 00000000
BCP4: 82938795

OS Version: 6.1.7601
Servicepack: 1.0
Product: 256.1

I have noticed on other threads you asking for the .dmp file so I have uploaded as well.

Any help you can provide would be greatly appreciated.


18 Jun 2011   #2

Microsoft Community Contributor Award Recipient

Windows 7 x64

boot safe mode and run
SFC /SCANNOW Command - System File Checker

and can you verify that

Is located in C:\Windows\System32

Since it's not that much trouble after those two steps if you start safe mode with networking you can download and scan with .
Malwarebytes : Malwarebytes Anti-Malware is a free download that removes viruses and malware from your computer

Invalid system memory was referenced.  This cannot be protected by try-except,
it must be protected by a Probe.  Typically the address is just plain bad or it
is pointing at freed memory.
Arg1: fb810f72, memory referenced.
Arg2: 00000000, value 0 = read operation, 1 = write operation.
Arg3: 8292c795, If non-zero, the instruction address which referenced the bad memory
Arg4: 00000002, (reserved)

Debugging Details:

READ_ADDRESS: GetPointerFromAddress: unable to read from 82974848
Unable to read MiSystemVaType memory at 82953e20

8292c795 8b10            mov     edx,dword ptr [eax]





PROCESS_NAME:  svchost.exe


TRAP_FRAME:  9e027a14 -- (.trap 0xffffffff9e027a14)
ErrCode = 00000000
eax=fb810f72 ebx=000000e6 ecx=000001ff edx=84753b00 esi=84753b00 edi=84753280
eip=8292c795 esp=9e027a88 ebp=9e027ac0 iopl=0         nv up ei ng nz na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010286
8292c795 8b10            mov     edx,dword ptr [eax]  ds:0023:fb810f72=????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from 8284c3d8 to 8289940b

9e0279fc 8284c3d8 00000000 fb810f72 00000000 nt!MmAccessFault+0x106
9e0279fc 8292c795 00000000 fb810f72 00000000 nt!KiTrap0E+0xdc
9e027ac0 8292c35f 84753280 00000000 a0beda30 nt!ExDeferredFreePool+0x135
9e027b2c 82a74b3f a0b9fad8 00000000 00000140 nt!ExFreePoolWithTag+0x8a4
9e027b5c 82a70638 a0bed030 9e027bb8 9e027bd0 nt!ObSetSecurityDescriptorInfo+0x94
9e027b80 82a73a94 a0bed030 00000000 9e027bb8 nt!SeDefaultObjectMethod+0x79
9e027bac 82a76930 a0bed001 00000004 9e027bd0 nt!ObSetSecurityObjectByPointer+0x40
9e027c04 82a91458 a0bed030 9e027ce0 a0ab3490 nt!SepAppendAdminAceToTokenAcl+0x16d
9e027c3c 82a74933 a0abf7b8 00000002 9e027c6c nt!SeCopyClientToken+0x6a
9e027c58 82a77448 a0abf7b8 00000000 00000002 nt!SepCreateClientSecurity+0x74
9e027c88 82a6afc9 86c67d00 9e027ce0 00000000 nt!SeCreateClientSecurity+0x39
9e027cb8 82a8ac16 86175658 00000001 9e027ce0 nt!AlpcpCreateSecurityContext+0xa9
9e027d20 828491ea 000005c4 00000001 002dffa0 nt!NtAlpcCreateSecurityContext+0x111
9e027d20 772b70b4 000005c4 00000001 002dffa0 nt!KiFastCallEntry+0x12a
WARNING: Frame IP not in any known module. Following frames may be wrong.
02b0ea94 00000000 00000000 00000000 00000000 0x772b70b4


8292c795 8b10            mov     edx,dword ptr [eax]


SYMBOL_NAME:  nt!ExDeferredFreePool+135

FOLLOWUP_NAME:  Pool_corruption

IMAGE_NAME:  Pool_Corruption


MODULE_NAME: Pool_Corruption

FAILURE_BUCKET_ID:  0x50_nt!ExDeferredFreePool+135

BUCKET_ID:  0x50_nt!ExDeferredFreePool+135

Followup: Pool_corruption

1: kd> lm t n
start    end        module name
80bc8000 80bd0000   kdcom    kdcom.dll    Mon Jul 13 20:08:58 2009 (4A5BDAAA)
820a0000 822ee000   win32k   win32k.sys   Wed Mar 02 21:42:10 2011 (4D6F0E12)
82300000 82309000   TSDDD    TSDDD.dll    Mon Jul 13 19:01:40 2009 (4A5BCAE4)
82330000 8234e000   cdd      cdd.dll      unavailable (00000000)
8280b000 82c1d000   nt       ntkrpamp.exe Fri Apr 08 22:49:39 2011 (4D9FD753)
82c1d000 82c54000   hal      halmacpi.dll Sat Nov 20 02:37:38 2010 (4CE788D2)
82e2b000 82e36000   mcupdate_AuthenticAMD mcupdate_AuthenticAMD.dll Mon Jul 13 18:13:13 2009 (4A5BBF89)
82e36000 82e47000   PSHED    PSHED.dll    Mon Jul 13 20:09:36 2009 (4A5BDAD0)
82e47000 82e4f000   BOOTVID  BOOTVID.dll  Mon Jul 13 20:04:34 2009 (4A5BD9A2)
82e4f000 82e91000   CLFS     CLFS.SYS     Mon Jul 13 18:11:10 2009 (4A5BBF0E)
82e91000 82f3c000   CI       CI.dll       Sat Nov 20 06:05:17 2010 (4CE7B97D)
82f3c000 82fad000   Wdf01000 Wdf01000.sys Mon Jul 13 18:11:36 2009 (4A5BBF28)
82fad000 82fbb000   WDFLDR   WDFLDR.SYS   Mon Jul 13 18:11:25 2009 (4A5BBF1D)
82fbb000 82fd2000   rassstp  rassstp.sys  Mon Jul 13 18:54:57 2009 (4A5BC951)
82fd2000 82fdd000   monitor  monitor.sys  Mon Jul 13 18:25:58 2009 (4A5BC286)
82fdd000 82ff8000   luafv    luafv.sys    Mon Jul 13 18:15:44 2009 (4A5BC020)
88000000 8800c000   discache discache.sys Mon Jul 13 18:24:04 2009 (4A5BC214)
8800c000 88019000   mouclass mouclass.sys Mon Jul 13 18:11:15 2009 (4A5BBF13)
8801e000 88066000   ACPI     ACPI.sys     Sat Nov 20 02:37:52 2010 (4CE788E0)
88066000 8806f000   WMILIB   WMILIB.SYS   Mon Jul 13 18:11:22 2009 (4A5BBF1A)
8806f000 88077000   msisadrv msisadrv.sys Mon Jul 13 18:11:09 2009 (4A5BBF0D)
88077000 880a1000   pci      pci.sys      Sat Nov 20 02:37:57 2010 (4CE788E5)
880a1000 880ac000   vdrvroot vdrvroot.sys Mon Jul 13 18:46:19 2009 (4A5BC74B)
880ac000 880bd000   partmgr  partmgr.sys  Sat Nov 20 02:38:14 2010 (4CE788F6)
880bd000 880cd000   volmgr   volmgr.sys   Sat Nov 20 02:38:06 2010 (4CE788EE)
880cd000 88118000   volmgrx  volmgrx.sys  Mon Jul 13 18:11:41 2009 (4A5BBF2D)
88118000 8811f000   pciide   pciide.sys   Mon Jul 13 18:11:19 2009 (4A5BBF17)
8811f000 8812d000   PCIIDEX  PCIIDEX.SYS  Mon Jul 13 18:11:15 2009 (4A5BBF13)
8812d000 88143000   mountmgr mountmgr.sys Sat Nov 20 02:38:09 2010 (4CE788F1)
88143000 8814c000   atapi    atapi.sys    Mon Jul 13 18:11:15 2009 (4A5BBF13)
8814c000 8816f000   ataport  ataport.SYS  Sat Nov 20 02:38:00 2010 (4CE788E8)
8816f000 88178000   amdxata  amdxata.sys  Fri Mar 19 11:19:01 2010 (4BA3A3F5)
88178000 881ac000   fltmgr   fltmgr.sys   Mon Jul 13 18:11:13 2009 (4A5BBF11)
881ac000 881bd000   fileinfo fileinfo.sys Mon Jul 13 18:21:51 2009 (4A5BC18F)
881bd000 881fe000   rdbss    rdbss.sys    Sat Nov 20 02:42:44 2010 (4CE78A04)
88200000 8820a000   Dxapi    Dxapi.sys    Mon Jul 13 18:25:25 2009 (4A5BC265)
8820a000 88339000   Ntfs     Ntfs.sys     Sat Nov 20 02:39:08 2010 (4CE7892C)
88339000 88364000   msrpc    msrpc.sys    Mon Jul 13 18:11:59 2009 (4A5BBF3F)
88364000 88377000   ksecdd   ksecdd.sys   Sat Nov 20 02:38:54 2010 (4CE7891E)
88377000 883d4000   cng      cng.sys      Mon Jul 13 18:32:55 2009 (4A5BC427)
883d4000 883e2000   pcw      pcw.sys      Mon Jul 13 18:11:10 2009 (4A5BBF0E)
883e2000 883eb000   Fs_Rec   Fs_Rec.sys   Mon Jul 13 18:11:14 2009 (4A5BBF12)
883eb000 883fc000   termdd   termdd.sys   Sat Nov 20 04:21:10 2010 (4CE7A116)
88400000 8840a000   mssmbios mssmbios.sys Mon Jul 13 18:19:25 2009 (4A5BC0FD)
8840e000 884c5000   ndis     ndis.sys     Sat Nov 20 02:39:19 2010 (4CE78937)
884c5000 88503000   NETIO    NETIO.SYS    Sat Nov 20 02:40:03 2010 (4CE78963)
88503000 88528000   ksecpkg  ksecpkg.sys  Mon Jul 13 18:34:00 2009 (4A5BC468)
88528000 88538000   mup      mup.sys      Mon Jul 13 18:14:14 2009 (4A5BBFC6)
88538000 88540000   hwpolicy hwpolicy.sys Sat Nov 20 02:37:35 2010 (4CE788CF)
88540000 88572000   fvevol   fvevol.sys   Sat Nov 20 02:40:22 2010 (4CE78976)
88572000 88583000   disk     disk.sys     Mon Jul 13 18:11:28 2009 (4A5BBF20)
88583000 885a8000   CLASSPNP CLASSPNP.SYS Mon Jul 13 18:11:20 2009 (4A5BBF18)
885a8000 885b5000   crashdmp crashdmp.sys Mon Jul 13 18:45:50 2009 (4A5BC72E)
885b5000 885c0000   dump_dumpata dump_dumpata.sys Mon Jul 13 18:11:16 2009 (4A5BBF14)
885c0000 885c9000   dump_atapi dump_atapi.sys Mon Jul 13 18:11:15 2009 (4A5BBF13)
885c9000 885da000   dump_dumpfve dump_dumpfve.sys Mon Jul 13 18:12:47 2009 (4A5BBF6F)
885da000 885f9000   cdrom    cdrom.sys    Sat Nov 20 02:38:09 2010 (4CE788F1)
88600000 8862d000   rdyboost rdyboost.sys Sat Nov 20 03:00:07 2010 (4CE78E17)
88633000 8877d000   tcpip    tcpip.sys    Sun Apr 24 21:18:36 2011 (4DB4D9FC)
8877d000 887ae000   fwpkclnt fwpkclnt.sys Sat Nov 20 02:39:08 2010 (4CE7892C)
887ae000 887b6380   vmstorfl vmstorfl.sys Sat Nov 20 03:14:37 2010 (4CE7917D)
887b7000 887f6000   volsnap  volsnap.sys  Sat Nov 20 02:38:13 2010 (4CE788F5)
887f6000 887fe000   spldr    spldr.sys    Mon May 11 11:13:47 2009 (4A084EBB)
8e002000 8e072000   aswSnx   aswSnx.SYS   Tue May 10 07:03:53 2011 (4DC929A9)
8e072000 8e079000   Null     Null.SYS     Mon Jul 13 18:11:12 2009 (4A5BBF10)
8e079000 8e080000   Beep     Beep.SYS     Mon Jul 13 18:45:00 2009 (4A5BC6FC)
8e080000 8e08c000   vga      vga.sys      Mon Jul 13 18:25:50 2009 (4A5BC27E)
8e08c000 8e0ad000   VIDEOPRT VIDEOPRT.SYS Mon Jul 13 18:25:49 2009 (4A5BC27D)
8e0ad000 8e0ba000   watchdog watchdog.sys Mon Jul 13 18:24:10 2009 (4A5BC21A)
8e0ba000 8e0c2000   RDPCDD   RDPCDD.sys   Sat Nov 20 04:22:19 2010 (4CE7A15B)
8e0c2000 8e0ca000   rdpencdd rdpencdd.sys Mon Jul 13 19:01:39 2009 (4A5BCAE3)
8e0ca000 8e0d2000   rdprefmp rdprefmp.sys Mon Jul 13 19:01:41 2009 (4A5BCAE5)
8e0d2000 8e0dd000   Msfs     Msfs.SYS     Mon Jul 13 18:11:26 2009 (4A5BBF1E)
8e0dd000 8e0eb000   Npfs     Npfs.SYS     Mon Jul 13 18:11:31 2009 (4A5BBF23)
8e0eb000 8e102000   tdx      tdx.sys      Sat Nov 20 02:39:17 2010 (4CE78935)
8e102000 8e10e000   TDI      TDI.SYS      Sat Nov 20 02:39:18 2010 (4CE78936)
8e10e000 8e117f00   aswTdi   aswTdi.SYS   Tue May 10 07:02:35 2011 (4DC9295B)
8e118000 8e172000   afd      afd.sys      Sun Apr 24 21:18:00 2011 (4DB4D9D8)
8e172000 8e176200   aswRdr   aswRdr.SYS   Tue May 10 06:59:54 2011 (4DC928BA)
8e177000 8e1a9000   netbt    netbt.sys    Sat Nov 20 02:39:22 2010 (4CE7893A)
8e1a9000 8e1b0000   wfplwf   wfplwf.sys   Mon Jul 13 18:53:51 2009 (4A5BC90F)
8e1b0000 8e1cf000   pacer    pacer.sys    Mon Jul 13 18:53:58 2009 (4A5BC916)
8e1cf000 8e1dd000   netbios  netbios.sys  Mon Jul 13 18:53:54 2009 (4A5BC912)
8e1dd000 8e1f0000   wanarp   wanarp.sys   Sat Nov 20 04:07:45 2010 (4CE79DF1)
8e1f0000 8e1fa000   nsiproxy nsiproxy.sys Mon Jul 13 18:12:08 2009 (4A5BBF48)
8e800000 8e818000   raspppoe raspppoe.sys Mon Jul 13 18:54:53 2009 (4A5BC94D)
8e818000 8e82f000   raspptp  raspptp.sys  Mon Jul 13 18:54:47 2009 (4A5BC947)
8e82f000 8e839000   rdpbus   rdpbus.sys   Mon Jul 13 19:02:40 2009 (4A5BCB20)
8e839000 8e89d000   csc      csc.sys      Sat Nov 20 02:44:32 2010 (4CE78A70)
8e89d000 8e8b5000   dfsc     dfsc.sys     Sat Nov 20 02:42:32 2010 (4CE789F8)
8e8b5000 8e8c3000   blbdrive blbdrive.sys Mon Jul 13 18:23:04 2009 (4A5BC1D8)
8e8c3000 8e90c180   aswSP    aswSP.SYS    Tue May 10 07:03:43 2011 (4DC9299F)
8e90d000 8e92e000   tunnel   tunnel.sys   Sat Nov 20 04:06:40 2010 (4CE79DB0)
8e92e000 8e940000   amdk8    amdk8.sys    Mon Jul 13 18:11:03 2009 (4A5BBF07)
8e940000 8e94b000   fdc      fdc.sys      Mon Jul 13 18:45:45 2009 (4A5BC729)
8e94b000 8e965000   serial   serial.sys   Mon Jul 13 18:45:33 2009 (4A5BC71D)
8e965000 8e96f000   serenum  serenum.sys  Mon Jul 13 18:45:27 2009 (4A5BC717)
8e96f000 8e987000   parport  parport.sys  Mon Jul 13 18:45:34 2009 (4A5BC71E)
8e987000 8e994000   CompositeBus CompositeBus.sys Sat Nov 20 03:50:21 2010 (4CE799DD)
8e994000 8e9a6000   AgileVpn AgileVpn.sys Mon Jul 13 18:55:00 2009 (4A5BC954)
8e9a6000 8e9be000   rasl2tp  rasl2tp.sys  Mon Jul 13 18:54:33 2009 (4A5BC939)
8e9be000 8e9c9000   ndistapi ndistapi.sys Mon Jul 13 18:54:24 2009 (4A5BC930)
8e9c9000 8e9eb000   ndiswan  ndiswan.sys  Sat Nov 20 04:07:48 2010 (4CE79DF4)
8e9eb000 8e9f8000   kbdclass kbdclass.sys Mon Jul 13 18:11:15 2009 (4A5BBF13)
8ea07000 8ee5b000   atikmdag atikmdag.sys Fri Apr 24 05:50:20 2009 (49F1996C)
8ee5b000 8ef12000   dxgkrnl  dxgkrnl.sys  Sat Nov 20 03:08:14 2010 (4CE78FFE)
8ef12000 8ef4b000   dxgmms1  dxgmms1.sys  Sat Nov 20 03:07:03 2010 (4CE78FB7)
8ef4b000 8ef70000   Rt86win7 Rt86win7.sys Thu Feb 26 03:04:22 2009 (49A65B16)
8ef70000 8ef75280   GEARAspiWDM GEARAspiWDM.sys Mon May 18 07:16:53 2009 (4A1151B5)
8ef76000 8ef80000   usbohci  usbohci.sys  Mon Jul 13 18:51:14 2009 (4A5BC872)
8ef80000 8efcb000   USBPORT  USBPORT.SYS  Sat Nov 20 03:59:49 2010 (4CE79C15)
8efcb000 8efda000   usbehci  usbehci.sys  Sat Nov 20 03:59:43 2010 (4CE79C0F)
8efda000 8eff9000   HDAudBus HDAudBus.sys Sat Nov 20 03:59:28 2010 (4CE79C00)
8eff9000 8effa380   swenum   swenum.sys   Mon Jul 13 18:45:08 2009 (4A5BC704)
8f800000 8f813b80   usbaudio usbaudio.sys Sat Nov 20 03:59:43 2010 (4CE79C0F)
8f814000 8f820000   kbdhid   kbdhid.sys   Sat Nov 20 03:50:10 2010 (4CE799D2)
8f820000 8f82b000   mouhid   mouhid.sys   Mon Jul 13 18:45:08 2009 (4A5BC704)
8f82b000 8f835000   DSI_SiUSBXp_3_1 DSI_SiUSBXp_3_1.sys Tue Feb 06 17:12:17 2007 (45C90B51)
8f83b000 8f86f000   ks       ks.sys       Sat Nov 20 03:50:17 2010 (4CE799D9)
8f86f000 8f87d000   umbus    umbus.sys    Sat Nov 20 04:00:23 2010 (4CE79C37)
8f87d000 8f8c1000   usbhub   usbhub.sys   Sat Nov 20 04:00:34 2010 (4CE79C42)
8f8c1000 8f8cb000   flpydisk flpydisk.sys Mon Jul 13 18:45:45 2009 (4A5BC729)
8f8cb000 8f8dc000   NDProxy  NDProxy.SYS  Sat Nov 20 04:07:39 2010 (4CE79DEB)
8f8dc000 8f92c000   HdAudio  HdAudio.sys  Sat Nov 20 04:00:19 2010 (4CE79C33)
8f92c000 8f95b000   portcls  portcls.sys  Mon Jul 13 18:51:00 2009 (4A5BC864)
8f95b000 8f974000   drmk     drmk.sys     Mon Jul 13 19:36:05 2009 (4A5BD2F5)
8f974000 8f98b000   usbccgp  usbccgp.sys  Sat Nov 20 04:00:08 2010 (4CE79C28)
8f98b000 8f98c700   USBD     USBD.SYS     Mon Jul 13 18:51:05 2009 (4A5BC869)
8f98d000 8f9a4000   USBSTOR  USBSTOR.SYS  Sat Nov 20 03:59:48 2010 (4CE79C14)
8f9a4000 8f9af000   hidusb   hidusb.sys   Sat Nov 20 03:59:38 2010 (4CE79C0A)
8f9af000 8f9c2000   HIDCLASS HIDCLASS.SYS Sat Nov 20 03:59:37 2010 (4CE79C09)
8f9c2000 8f9c8480   HIDPARSE HIDPARSE.SYS Mon Jul 13 18:50:59 2009 (4A5BC863)
8f9c9000 8f9ecc00   usbvideo usbvideo.sys Sat Nov 20 04:00:20 2010 (4CE79C34)
8f9ed000 8f9f8000   SiLib    SiLib.sys    Tue Feb 06 17:09:13 2007 (45C90A99)
90003000 9003b000   aswMonFlt aswMonFlt.sys Tue May 10 06:59:43 2011 (4DC928AF)
9003b000 9003db00   aswFsBlk aswFsBlk.SYS Tue May 10 06:59:33 2011 (4DC928A5)
9003e000 90058000   WudfPf   WudfPf.sys   Sat Nov 20 03:58:55 2010 (4CE79BDF)
90058000 90068000   lltdio   lltdio.sys   Mon Jul 13 18:53:18 2009 (4A5BC8EE)
90068000 9007b000   rspndr   rspndr.sys   Mon Jul 13 18:53:20 2009 (4A5BC8F0)
9007b000 90100000   HTTP     HTTP.sys     Sat Nov 20 02:40:17 2010 (4CE78971)
90100000 90119000   bowser   bowser.sys   Tue Feb 22 22:47:32 2011 (4D649164)
90119000 9012b000   mpsdrv   mpsdrv.sys   Mon Jul 13 18:52:52 2009 (4A5BC8D4)
9012b000 9014e000   mrxsmb   mrxsmb.sys   Tue Apr 26 21:17:20 2011 (4DB77CB0)
9014e000 90189000   mrxsmb10 mrxsmb10.sys Tue Apr 26 21:17:33 2011 (4DB77CBD)
90189000 901a4000   mrxsmb20 mrxsmb20.sys Tue Apr 26 21:17:26 2011 (4DB77CB6)
901a4000 901ab000   parvdm   parvdm.sys   Mon Jul 13 18:45:29 2009 (4A5BC719)
901ab000 901d5000   fastfat  fastfat.SYS  Mon Jul 13 18:14:01 2009 (4A5BBFB9)
9aa24000 9aabb000   peauth   peauth.sys   Mon Jul 13 19:35:44 2009 (4A5BD2E0)
9aabb000 9aac5000   secdrv   secdrv.SYS   Wed Sep 13 08:18:32 2006 (45080528)
9aac5000 9aae6000   srvnet   srvnet.sys   Thu Apr 28 21:46:08 2011 (4DBA2670)
9aae6000 9aaf3000   tcpipreg tcpipreg.sys Sat Nov 20 04:07:13 2010 (4CE79DD1)
9aaf3000 9ab43000   srv2     srv2.sys     Thu Apr 28 21:46:13 2011 (4DBA2675)
9ab43000 9ab95000   srv      srv.sys      Thu Apr 28 21:46:30 2011 (4DBA2686)
9ab95000 9abb5480   WUDFRd   WUDFRd.sys   Sat Nov 20 03:59:19 2010 (4CE79BF7)

Unloaded modules:
885a8000 885b5000   crashdmp.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0000D000
885b5000 885c0000   dump_ataport
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0000B000
885c0000 885c9000   dump_atapi.s
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00009000
885c9000 885da000   dump_dumpfve
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00011000
19 Jun 2011   #3

Windows 7 Professional 32 bit

Thanks for the reply.

I ran sfc scannow, result was "Windows Resource Protection did not find any integrity violations."

I cannot find the file SiLiB.sys in C:\Windows\System32 - Should it be there??

I did a full system scan with Malwarebytes, it found 1 bad file and removed it. After rebooting I am still experiencing the same problems so I have gone back to safe mode.

I am not sure what to do with the code you provided, my technical knowledge is fairly limited...
19 Jun 2011   #4

Microsoft Community Contributor Award Recipient

Windows 7 x64

The code is just a capture of the minidump info I got from the debugger for reference purposes.

SiLiB.sys is loading on your system, I can not however determine what device (if any) it controls or really what it is doing there at all. I was actually kind of hoping malwarebytes might help answer that question for us.

I need a better crash dump to go on to keep shooting this from the software side.
Sadly I don't think even driver verifier is going to help us in this scenario since you can't get a boot anyway.
It can't hurt to try it at this point.
Driver Verifier - Enable and Disable

I also suggest unplugging anything extra from the computer for the moment. Just mouse, keyboard, and monitor.
19 Jun 2011   #5

Win 8 Release candidate 8400

This is SiLib.sys (support library for USBXpress 32 bit).
19 Jun 2011   #6

Windows 7 Professional 32 bit

Here is another dump, don't know if that helps.

I have unplugged all devices short of key/mouse, vga and network cable

I have turned on verifier.

I will run malwarebytes again.

I have never updated the bios on the motherboard, would that help? I tried installing the Asus updater but it failed to install saying no Asus MB detected.

Asus M2A-VM
20 Jun 2011   #7

Win 8 Release candidate 8400

Quote   Quote: Originally Posted by johnat View Post
Here is another dump, don't know if that helps.

I have unplugged all devices short of key/mouse, vga and network cable

I have turned on verifier.

I will run malwarebytes again.

I have never updated the bios on the motherboard, would that help? I tried installing the Asus updater but it failed to install saying no Asus MB detected.

Asus M2A-VM
This one (driver verified) caused by ASACPI.sys. Use the below links to re-install

ASUSTeK Computer Inc. -Support- Drivers and Download P7P55D LE

Scroll down to the Utilities category, then scroll down to the "ATK0110 driver for WindowsXP/Vista/Windows 7 32&64-bit" (it's about the 12th item down).
Download and install it.
Go to C:\Windows\System32\drivers to check and make sure that the ASACPI.sys file is date stamped from 2009 or 2010 (NOT 2005).

Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [C:\Users\K\Desktop\061911-215562-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*C:\Symbols*;srv*e:\symbols
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17592.x86fre.win7sp1_gdr.110408-1631
Machine Name:
Kernel base = 0x8280e000 PsLoadedModuleList = 0x829574d0
Debug session time: Sun Jun 19 16:02:19.805 2011 (GMT-4)
System Uptime: 0 days 0:03:40.740
Loading Kernel Symbols
Loading User Symbols
0: kd> !analyze -v
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *

The IO manager has caught a misbehaving driver.
Arg1: 0000022e, The caller has completed a successful IRP_MJ_PNP instead of passing it down.
Arg2: 8c9d5b46, The address in the driver's code where the error was detected.
Arg3: 94ceceb8, IRP address.
Arg4: 00000000

Debugging Details:

Unable to load image \SystemRoot\system32\DRIVERS\ASACPI.sys, Win32 error 0n2
*** ERROR: Module load completed but symbols could not be loaded for ASACPI.sys

BUGCHECK_STR:  0xc9_22e


8c9d5b46 55              push    ebp

8c9d5b46 55              push    ebp

IRP_ADDRESS:  94ceceb8






LOCK_ADDRESS:  82974be0 -- (!locks 82974be0)

Resource @ nt!PiEngineLock (0x82974be0)    Available

WARNING: SystemResourcesList->Flink chain invalid. Resource may be corrupted, or already deleted.

WARNING: SystemResourcesList->Blink chain invalid. Resource may be corrupted, or already deleted.

1 total locks

    Lock address  : 0x82974be0
    Thread Count  : 0
    Thread address: 0x00000000
    Thread wait   : 0x0

LAST_CONTROL_TRANSFER:  from 82b44f1f to 828ecf2c

8731b608 82b44f1f 000000c9 0000022e 8c9d5b46 nt!KeBugCheckEx+0x1e
8731b628 82b472e9 8c9d5b46 8731b660 8c9d5b46 nt!VerifierBugCheckIfAppropriate+0x30
8731b640 82b47346 0000022e 8c9d5b46 00000000 nt!ViErrorFinishReport+0xc9
8731b694 82b4da1a 0000022e 94ceceb8 94ceceb8 nt!VfErrorReport1+0x4d
8731b6bc 82b46f5f 8a585990 8c9d5b46 00000000 nt!VfPnpVerifyIrpStackUpward+0xa4
8731b6d4 82b458a7 89f41620 00000001 00000000 nt!VfMajorVerifyIrpStackUpward+0x3c
8731b708 82b3fbfe 00000000 8731b790 94cecfbb nt!IovpCompleteRequest2+0x8a
8731b734 82886933 8a519578 94ceceb8 8731b7a8 nt!IovpLocalCompletionRoutine+0x75
8731b778 82b3fb64 00000000 8a519ac8 94ceceb8 nt!IopfCompleteRequest+0x128
8731b7e0 8c9d5c2a 8a52dad0 94ceceb8 8a519a10 nt!IovCompleteRequest+0x133
WARNING: Stack unwind information not available. Following frames may be wrong.
8731b810 82b3f6c3 8a519a10 94ceceb8 94cecfd4 ASACPI+0xc2a
8731b834 8284554a 00000000 94cecff8 8a519a10 nt!IovCallDriver+0x258
8731b848 82b5122d 8a3a17f0 94ceceb8 8a519578 nt!IofCallDriver+0x1b
8731b860 82b3f6c3 8a519578 8a519a10 94ced000 nt!ViFilterDispatchPnp+0x120
8731b884 8284554a 00000000 8731b908 8a519578 nt!IovCallDriver+0x258
8731b898 829e6f95 8731b908 875d9e78 00000006 nt!IofCallDriver+0x1b
8731b8cc 82ad3bbc 849d4558 00000000 875d9e78 nt!IopSynchronousCall+0xc2
8731b90c 82acd3d9 00000006 875d9e78 82acd463 nt!IopQueryReconfiguration+0x7a
8731b918 82acd463 849856b8 875d9e78 8731b9a8 nt!PnpCancelStopDeviceNode+0x14
8731b92c 82acd46e 875d9e78 849ce890 849856b8 nt!PnpCancelStopDeviceSubtree+0x10
8731b944 82acd46e 849856b8 849c0330 849ce890 nt!PnpCancelStopDeviceSubtree+0x1b
8731b95c 82acd46e 849ce890 849c0008 849c0330 nt!PnpCancelStopDeviceSubtree+0x1b
8731b974 82acd46e 849c0330 9206b000 00000001 nt!PnpCancelStopDeviceSubtree+0x1b
8731b98c 82acd185 849c0008 875d6730 920689d8 nt!PnpCancelStopDeviceSubtree+0x1b
8731b9c8 829c2fe6 875d6658 920689d8 00000001 nt!PnpRebalance+0x1c0
8731ba30 829c2d45 00000000 920689d8 00000000 nt!PnpAllocateResources+0x287
8731ba8c 829cbad8 00000001 920689d8 8731bb08 nt!PnpAssignResourcesToDevices+0xaf
8731babc 829cad48 00000000 920689d8 8731bb08 nt!PnpProcessAssignResources+0xc9
8731bcbc 82822bdc 849c0008 00000000 8731bcf8 nt!PipProcessDevNodeTree+0x9d
8731bd00 8288baab 00000000 00000000 849b4798 nt!PnpDeviceActionWorker+0x120
8731bd50 82a16f64 00000001 a6f6070b 00000000 nt!ExpWorkerThread+0x10d
8731bd90 828bf219 8288b99e 00000001 00000000 nt!PspSystemThreadStartup+0x9e
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x19

STACK_COMMAND:  .bugcheck ; kb


FOLLOWUP_NAME:  MachineOwner





BUCKET_ID:  0xc9_22e_VRF_ASACPI+b46

Followup: MachineOwner
20 Jun 2011   #8

Windows 7 Professional 32 bit

ok, I have done this now, does this mean the driver is updated?

re-ran Malwarebytes, no problems detected.

system still only runs in safe mode.
20 Jun 2011   #9

Microsoft Community Contributor Award Recipient

Windows 7 x64

I'm honestly surprised sfc didn't get you booting again.
If you have a windows 7 disk you could do a repair install. It should preserve your data too.
Repair Install

the tutorial Brink made there will tell you anything you want to know about repair install.
22 Jun 2011   #10

Windows 7 Professional 32 bit

hmm.. I can't do a repair install in safe mode or from boot, have to be logged in as admin. I have tried a number of times now but still can't seem to get anything to function in normal mode.

I think I have to do a fresh install, hopefully that will work... I assume its not a hardware issue otherwise safe mode wouldn't function either...?

Thank you for the assistance, will let you know if it works out.
