New
#1
BSOD right after startup
I have a customer's computer that is shutting down with BSOD right after it starts up. Looks like some of the services aren't starting correct for reasons unknown.
Anybody got a clue?
I have a customer's computer that is shutting down with BSOD right after it starts up. Looks like some of the services aren't starting correct for reasons unknown.
Anybody got a clue?
Install Service pack 1 and all other windows updates. Otherwise the system will remain vulnerable to threats.
Learn how to install Windows 7 Service Pack 1 (SP1)Code:Windows 7 Kernel Version 7600 MP (4 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Personal Built by: 7600.17273.amd64fre.win7_gdr.130318-1532
Service Pack Center - Microsoft Windows
Uninstall Trend Micro, at least as a test. Use Microsoft Security Essentials as your antivirus with windows inbuilt firewall, and free MBAM as the on demand scanner.
Download, install and update those, and then run full system scans with both of them, one by one.
Free up the startup. Windows does not need any other program to auto start with it, but the auto start programs often conflicts and causes various problems including BSODs.
- Click on the Start button
- Type “msconfig (without quotes), click the resulting link. It will open the System Configuration window.
- Select the “Startup” tab.
- Deselect all items other than the antivirus.
- Apply > OK
- Accept then restart.
Let us know how the computer is running after doing these three. If there are any more BSOD after doing those, post it following the Blue Screen of Death (BSOD) Posting Instructions.
Will decide our next steps depending on the situation.
___________________________________________________________________________
BSOD ANALYSIS:
Code:******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck A, {dd, 2, 1, fffff800048a01d5} Probably caused by : ntkrnlmp.exe ( nt!KeStackAttachProcess+115 ) Followup: MachineOwner --------- 1: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* IRQL_NOT_LESS_OR_EQUAL (a) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If a kernel debugger is available get the stack backtrace. Arguments: Arg1: 00000000000000dd, memory referenced Arg2: 0000000000000002, IRQL Arg3: 0000000000000001, bitfield : bit 0 : value 0 = read operation, 1 = write operation bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status) Arg4: fffff800048a01d5, address which referenced memory Debugging Details: ------------------ WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff80004afc0e0 GetUlongFromAddress: unable to read from fffff80004afc198 00000000000000dd Nonpaged pool CURRENT_IRQL: 2 FAULTING_IP: nt!KeStackAttachProcess+115 fffff800`048a01d5 f00fc186dc000000 lock xadd dword ptr [rsi+0DCh],eax CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT BUGCHECK_STR: 0xA PROCESS_NAME: System TRAP_FRAME: fffff88002db68b0 -- (.trap 0xfffff88002db68b0) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=0000000000000008 rbx=0000000000000000 rcx=fffffa8004f08bc0 rdx=fffff88002db6b98 rsi=0000000000000000 rdi=0000000000000000 rip=fffff800048a01d5 rsp=fffff88002db6a40 rbp=fffff88002db6b98 r8=fffffa8004f08bb0 r9=0000000000000130 r10=fffff880009eb0c0 r11=fffffa8004f08b60 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei pl zr na po nc nt!KeStackAttachProcess+0x115: fffff800`048a01d5 f00fc186dc000000 lock xadd dword ptr [rsi+0DCh],eax ds:00000000`000000dc=???????? Resetting default scope LAST_CONTROL_TRANSFER: from fffff800048c3de9 to fffff800048c4880 STACK_TEXT: fffff880`02db6768 fffff800`048c3de9 : 00000000`0000000a 00000000`000000dd 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx fffff880`02db6770 fffff800`048c2a60 : fffff880`02db68f0 fffffa80`04f08b60 00000000`000000e8 00000000`00000000 : nt!KiBugCheckDispatch+0x69 fffff880`02db68b0 fffff800`048a01d5 : 00000000`00000058 00000000`00000000 fffffa80`07348060 00000000`00000000 : nt!KiPageFault+0x260 fffff880`02db6a40 fffffa80`065979a4 : fffff880`02db6bc0 fffff880`00000010 00000000`00000000 fffffa80`00000003 : nt!KeStackAttachProcess+0x115 fffff880`02db6ac0 fffff880`02db6bc0 : fffff880`00000010 00000000`00000000 fffffa80`00000003 00000000`00000000 : 0xfffffa80`065979a4 fffff880`02db6ac8 fffff880`00000010 : 00000000`00000000 fffffa80`00000003 00000000`00000000 00000000`00020128 : 0xfffff880`02db6bc0 fffff880`02db6ad0 00000000`00000000 : fffffa80`00000003 00000000`00000000 00000000`00020128 fffff880`00000001 : 0xfffff880`00000010 STACK_COMMAND: kb FOLLOWUP_IP: nt!KeStackAttachProcess+115 fffff800`048a01d5 f00fc186dc000000 lock xadd dword ptr [rsi+0DCh],eax SYMBOL_STACK_INDEX: 3 SYMBOL_NAME: nt!KeStackAttachProcess+115 FOLLOWUP_NAME: MachineOwner MODULE_NAME: nt IMAGE_NAME: ntkrnlmp.exe DEBUG_FLR_IMAGE_TIMESTAMP: 5147dc36 FAILURE_BUCKET_ID: X64_0xA_nt!KeStackAttachProcess+115 BUCKET_ID: X64_0xA_nt!KeStackAttachProcess+115 Followup: MachineOwner ---------