BSOD-Maybe USB devices-need analysis

Page 1 of 3 123 LastLast

  1. Posts : 6
    Win 7 Professional
       #1

    BSOD-Maybe USB devices-need analysis


    Hello
    I have been researching this issue with not much luck. I have updated all drivers and the OS itself. Want some experts to give a look--
    Thanks

    Problem signature:
    Problem Event Name: BlueScreen
    OS Version: 6.1.7600.2.0.0.256.48
    Locale ID: 1033

    Additional information about the problem:
    BCCode: c5
    BCP1: 0000000300000009
    BCP2: 0000000000000002
    BCP3: 0000000000000000
    BCP4: FFFFF80002FB2000
    OS Version: 6_1_7600
    Service Pack: 0_0
    Product: 256_1

    Files that help describe the problem:
    C:\Windows\Minidump\122309-25100-01.dmp
    C:\Users\Andy\AppData\Local\Temp\WER-28906-0.sysdata.xml

    Attached Minidump
      My Computer


  2. Posts : 2,573
    Win7 Ultimate X64
       #2

    That is actually a dump he posted ^^^ without the txt filext

    Bugcheck 0xC5 Driver_Corrupted_Expool

    Looks like a driver issue

    Run system file check to verify your system files
    type cmd in search, right click run as admin, type SFC /SCANOW

    If you have any more dumps please post them as well, should make it easier to pinpoint your issue

    You could also try driver verifier to track down the rogue driver
      My Computer


  3. Posts : 34
    Windows 7, Ubuntu 9.10, Vista
       #3

    Below is analysis of your crash log. It does actually state it is a driver error, but how true this is, I don't know!


    Loading Dump File [C:\Users\Jamie\Desktop\122309-25100-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available

    Symbol search path is: *** Invalid ***
    ****************************************************************************
    * Symbol loading may be unreliable without a symbol search path. *
    * Use .symfix to have the debugger choose a symbol path. *
    * After setting your symbol path, use .reload to refresh symbol locations. *
    ****************************************************************************
    Executable search path is:
    *********************************************************************
    * Symbols can not be loaded because symbol path is not initialized. *
    * *
    * The Symbol Path can be set by: *
    * using the _NT_SYMBOL_PATH environment variable. *
    * using the -y <symbol_path> argument when starting the debugger. *
    * using .sympath and .sympath+ *
    *********************************************************************
    Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for ntoskrnl.exe
    *** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
    Windows 7 Kernel Version 7600 MP (4 procs) Free x64
    Product: WinNt, suite: TerminalServer SingleUserTS
    Built by: 7600.16385.amd64fre.win7_rtm.090713-1255
    Machine Name:
    Kernel base = 0xfffff800`02e0e000 PsLoadedModuleList = 0xfffff800`0304be50
    Debug session time: Wed Dec 23 22:32:00.946 2009 (GMT+0)
    System Uptime: 0 days 14:43:05.006
    *********************************************************************
    * Symbols can not be loaded because symbol path is not initialized. *
    * *
    * The Symbol Path can be set by: *
    * using the _NT_SYMBOL_PATH environment variable. *
    * using the -y <symbol_path> argument when starting the debugger. *
    * using .sympath and .sympath+ *
    *********************************************************************
    Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for ntoskrnl.exe
    *** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    .....................
    Loading User Symbols
    Loading unloaded module list
    .....
    *******************************************************************************
    * *
    * Bugcheck Analysis *
    * *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck C5, {300000009, 2, 0, fffff80002fb2000}

    ***** Kernel symbols are WRONG. Please fix symbols to do analysis.

    *************************************************************************
    *** ***
    *** ***
    *** Your debugger is not using the correct symbols ***
    *** ***
    *** In order for this command to work properly, your symbol path ***
    *** must point to .pdb files that have full type information. ***
    *** ***
    *** Certain .pdb files (such as the public OS symbols) do not ***
    *** contain the required information. Contact the group that ***
    *** provided you with these symbols if you need this command to ***
    *** work. ***
    *** ***
    *** Type referenced: nt!_KPRCB ***
    *** ***
    *************************************************************************
    *************************************************************************
    *** ***
    *** ***
    *** Your debugger is not using the correct symbols ***
    *** ***
    *** In order for this command to work properly, your symbol path ***
    *** must point to .pdb files that have full type information. ***
    *** ***
    *** Certain .pdb files (such as the public OS symbols) do not ***
    *** contain the required information. Contact the group that ***
    *** provided you with these symbols if you need this command to ***
    *** work. ***
    *** ***
    *** Type referenced: nt!_KPRCB ***
    *** ***
    *************************************************************************
    *************************************************************************
    *** ***
    *** ***
    *** Your debugger is not using the correct symbols ***
    *** ***
    *** In order for this command to work properly, your symbol path ***
    *** must point to .pdb files that have full type information. ***
    *** ***
    *** Certain .pdb files (such as the public OS symbols) do not ***
    *** contain the required information. Contact the group that ***
    *** provided you with these symbols if you need this command to ***
    *** work. ***
    *** ***
    *** Type referenced: nt!_KPRCB ***
    *** ***
    *************************************************************************
    *********************************************************************
    * Symbols can not be loaded because symbol path is not initialized. *
    * *
    * The Symbol Path can be set by: *
    * using the _NT_SYMBOL_PATH environment variable. *
    * using the -y <symbol_path> argument when starting the debugger. *
    * using .sympath and .sympath+ *
    *********************************************************************
    *********************************************************************
    * Symbols can not be loaded because symbol path is not initialized. *
    * *
    * The Symbol Path can be set by: *
    * using the _NT_SYMBOL_PATH environment variable. *
    * using the -y <symbol_path> argument when starting the debugger. *
    * using .sympath and .sympath+ *
    *********************************************************************
    Probably caused by : ntoskrnl.exe ( nt+1a4000 )

    Followup: MachineOwner
    ---------

    1: kd> !analyze -v
    *******************************************************************************
    * *
    * Bugcheck Analysis *
    * *
    *******************************************************************************

    DRIVER_CORRUPTED_EXPOOL (c5)
    An attempt was made to access a pageable (or completely invalid) address at an
    interrupt request level (IRQL) that is too high. This is
    caused by drivers that have corrupted the system pool. Run the driver
    verifier against any new (or suspect) drivers, and if that doesn't turn up
    the culprit, then use gflags to enable special pool.
    Arguments:
    Arg1: 0000000300000009, memory referenced
    Arg2: 0000000000000002, IRQL
    Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
    Arg4: fffff80002fb2000, address which referenced memory

    Debugging Details:
    ------------------

    ***** Kernel symbols are WRONG. Please fix symbols to do analysis.

    *************************************************************************
    *** ***
    *** ***
    *** Your debugger is not using the correct symbols ***
    *** ***
    *** In order for this command to work properly, your symbol path ***
    *** must point to .pdb files that have full type information. ***
    *** ***
    *** Certain .pdb files (such as the public OS symbols) do not ***
    *** contain the required information. Contact the group that ***
    *** provided you with these symbols if you need this command to ***
    *** work. ***
    *** ***
    *** Type referenced: nt!_KPRCB ***
    *** ***
    *************************************************************************
    *************************************************************************
    *** ***
    *** ***
    *** Your debugger is not using the correct symbols ***
    *** ***
    *** In order for this command to work properly, your symbol path ***
    *** must point to .pdb files that have full type information. ***
    *** ***
    *** Certain .pdb files (such as the public OS symbols) do not ***
    *** contain the required information. Contact the group that ***
    *** provided you with these symbols if you need this command to ***
    *** work. ***
    *** ***
    *** Type referenced: nt!_KPRCB ***
    *** ***
    *************************************************************************
    *************************************************************************
    *** ***
    *** ***
    *** Your debugger is not using the correct symbols ***
    *** ***
    *** In order for this command to work properly, your symbol path ***
    *** must point to .pdb files that have full type information. ***
    *** ***
    *** Certain .pdb files (such as the public OS symbols) do not ***
    *** contain the required information. Contact the group that ***
    *** provided you with these symbols if you need this command to ***
    *** work. ***
    *** ***
    *** Type referenced: nt!_KPRCB ***
    *** ***
    *************************************************************************
    *********************************************************************
    * Symbols can not be loaded because symbol path is not initialized. *
    * *
    * The Symbol Path can be set by: *
    * using the _NT_SYMBOL_PATH environment variable. *
    * using the -y <symbol_path> argument when starting the debugger. *
    * using .sympath and .sympath+ *
    *********************************************************************
    *********************************************************************
    * Symbols can not be loaded because symbol path is not initialized. *
    * *
    * The Symbol Path can be set by: *
    * using the _NT_SYMBOL_PATH environment variable. *
    * using the -y <symbol_path> argument when starting the debugger. *
    * using .sympath and .sympath+ *
    *********************************************************************

    ADDITIONAL_DEBUG_TEXT:
    Use '!findthebuild' command to search for the target build information.
    If the build information is available, run '!findthebuild -s ; .reload' to set symbol path and load symbols.

    MODULE_NAME: nt

    FAULTING_MODULE: fffff80002e0e000 nt

    DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bc600

    BUGCHECK_STR: 0xC5_2

    CURRENT_IRQL: 0

    FAULTING_IP:
    nt+1a4000
    fffff800`02fb2000 4c395008 cmp qword ptr [rax+8],r10

    CUSTOMER_CRASH_COUNT: 1

    DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

    LAST_CONTROL_TRANSFER: from fffff80002e7f469 to fffff80002e7ff00

    STACK_TEXT:
    fffff880`03193668 fffff800`02e7f469 : 00000000`0000000a 00000003`00000009 00000000`00000002 00000000`00000000 : nt+0x71f00
    fffff880`03193670 00000000`0000000a : 00000003`00000009 00000000`00000002 00000000`00000000 fffff800`02fb2000 : nt+0x71469
    fffff880`03193678 00000003`00000009 : 00000000`00000002 00000000`00000000 fffff800`02fb2000 fffffa80`00000001 : 0xa
    fffff880`03193680 00000000`00000002 : 00000000`00000000 fffff800`02fb2000 fffffa80`00000001 00000000`00000000 : 0x3`00000009
    fffff880`03193688 00000000`00000000 : fffff800`02fb2000 fffffa80`00000001 00000000`00000000 00000000`00000000 : 0x2


    STACK_COMMAND: .bugcheck ; kb

    FOLLOWUP_IP:
    nt+1a4000
    fffff800`02fb2000 4c395008 cmp qword ptr [rax+8],r10

    SYMBOL_NAME: nt+1a4000

    FOLLOWUP_NAME: MachineOwner

    IMAGE_NAME: ntoskrnl.exe

    BUCKET_ID: WRONG_SYMBOLS

    Followup: MachineOwner
    ---------
      My Computer


  4. Posts : 34
    Windows 7, Ubuntu 9.10, Vista
       #4

    That's from the analysis above. Definitely a driver..

    DRIVER_CORRUPTED_EXPOOL (c5)
    An attempt was made to access a pageable (or completely invalid) address at an
    interrupt request level (IRQL) that is too high. This is
    caused by drivers that have corrupted the system pool. Run the driver
    verifier against any new (or suspect) drivers, and if that doesn't turn up
    the culprit, then use gflags to enable special pool.
    Arguments:
    Arg1: 0000000300000009, memory referenced
    Arg2: 0000000000000002, IRQL
    Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
    Arg4: fffff80002fb2000, address which referenced memory
      My Computer


  5. Posts : 5,705
    Win7 x64 + x86
       #5

    How to do symbols (paragraph E): WinDbg Analysis Report

    Solving Pool Corruption issues is made easier with Driver Verifier. Please follow these instructions:
    Code:
    Using Driver Verifier is an iffy proposition. Most times it'll crash and it'll tell you what the driver is. But sometimes it'll crash and won't tell you the driver. Other times it'll crash before you can log in to Windows. If you can't get to Safe Mode, then you'll have to resort to offline editing of the registry to disable Driver Verifier. So, I'd suggest that you first backup your stuff and then make sure you've got access to another computer so you can contact us if problems arise. Then make a System Restore point (so you can restore the system using the Vista Startup Repair feature). Then, here's the procedure: - Go to Start and type in "verifier" (without the quotes) and press Enter - Select "Create custom settings (for code developers)" and click "Next" - Select "Select individual settings from a full list" and click "Next" - Select everything EXCEPT FOR "Low Resource Simulation" and click "Next" - Select "Select driver names from a list" and click "Next" Then select all drivers NOT provided by Microsoft and click "Next" - Select "Finish" on the next page. Reboot the system and waitfor it to crash to the Blue Screen. Continue to use your system normally, and if you know what causes the crash, do that repeatedly. The objective here is to get the system to crash because Driver Verifier is stressing the drivers out. Reboot into Windows (after the crash) and turn offDriver Verifier by going back in and selecting "Delete existing settings" on the first page, then locate and zip up the memory dump file and upload it with your next post. If you can't get into Windows because it crashes too soon, try it in Safe Mode. If you can't get into Safe Mode, try using System Restore from your installation DVD to set the system back to the previous restore point that you created. If that doesn't work, post back and we'll have to see about fixing the registry entry off-line. More info on this at this link: Using Driver Verifier to identify issues with Windows drivers for advanced users
      My Computer


  6. Posts : 6
    Win 7 Professional
    Thread Starter
       #6

    Update:
    Verified System files--Ok
    Ran driver verifier and crashed --said driver vbshield.sys was the problem. Associated it to vexira antivirus I was using. Uninstalled vexira in safe made--rebooted--came up ok.
    Need an antivirus program of course so I turned to AVG internet security. Installed and then rebooted--another crash. This time it listed avgidsdriver.sys as the problem. Rebooted in safe mode fine.
    I have to have an antivirus program. Using AVG on a win 7 laptop with no problem. Seems to just be a problem on this desktop.

    Next?

    And thanks for the steps. Merry Christmas.
      My Computer


  7. Posts : 34
    Windows 7, Ubuntu 9.10, Vista
       #7

    Bigdaddyflo said:
    Update:
    Verified System files--Ok
    Ran driver verifier and crashed --said driver vbshield.sys was the problem. Associated it to vexira antivirus I was using. Uninstalled vexira in safe made--rebooted--came up ok.
    Need an antivirus program of course so I turned to AVG internet security. Installed and then rebooted--another crash. This time it listed avgidsdriver.sys as the problem. Rebooted in safe mode fine.
    I have to have an antivirus program. Using AVG on a win 7 laptop with no problem. Seems to just be a problem on this desktop.

    Next?

    And thanks for the steps. Merry Christmas.
    Try Avast.

    FREE antivirus software with spyware protection: avast! Home Edition
      My Computer


  8. Posts : 845
    Windows 7 - Vista
       #8

    Hi -

    The thread title includes "Maybe USB..." - why did you mention USB?

    I ask because of this non-Microsoft driver found in the dump - it may be an AMD driver -
    Code:
    usbfilter.sys Fri Apr 03 07:39:51 2009 (49D5F587)
    Did you include it in the driver verifier runs?

    Happy Holidays!

    jcgriff2

    .
      My Computer


  9. Posts : 6
    Win 7 Professional
    Thread Starter
       #9

    RE: Mention usb


    In the beginning, anytime I did something with a usb port (plug in jump drive, access external drive, charge a ps3 controller/ps3 headset) it would reset with BSOD. I included all drivers in the verify. Problem is it did not do it EVERY time.
      My Computer


  10. Posts : 28,845
    Win 8 Release candidate 8400
       #10

    Bigdaddyflo said:
    Hello
    I have been researching this issue with not much luck. I have updated all drivers and the OS itself. Want some experts to give a look--
    Thanks

    Problem signature:
    Problem Event Name: BlueScreen
    OS Version: 6.1.7600.2.0.0.256.48
    Locale ID: 1033

    Additional information about the problem:
    BCCode: c5
    BCP1: 0000000300000009
    BCP2: 0000000000000002
    BCP3: 0000000000000000
    BCP4: FFFFF80002FB2000
    OS Version: 6_1_7600
    Service Pack: 0_0
    Product: 256_1

    Files that help describe the problem:
    C:\Windows\Minidump\122309-25100-01.dmp
    C:\Users\Andy\AppData\Local\Temp\WER-28906-0.sysdata.xml

    Attached Minidump

    Hi and welcome

    We really could use the dmp file so we can munge the data. use these to find and upload. https://www.sevenforums.com/crash-loc...d-problem.html

    Ken J_
      My Computer


 
Page 1 of 3 123 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 02:42.
Find Us