Random BSOD, ntoskrnl.exe

[chrismarino]

Hi everyone,
I just started getting the BSOD yesterday on my Vaio laptop. I have done all of the standard cleaning procedures (reg clean, temp files etc) and I also updated a whole lot of outdated drivers. At first everything seemed fine but it BSODed again. I tried to read the minidump and all I can really understand from it is that ntoskrnl.exe service is corrupted somehow. I am in utter frustration and despiration. Please help me.

Here is the minidump viewed through WinDbg:
Ps: I hope I did this whole thing correctly. All help is deeply appreciated.


Microsoft (R) Windows Debugger Version 6.11.0001.402 X86
Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [C:\Windows\Minidump\042313-54506-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path. *
* Use .symfix to have the debugger choose a symbol path. *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is:
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.18113.amd64fre.win7sp1_gdr.130318-1533
Machine Name:
Kernel base = 0xfffff800`0325a000 PsLoadedModuleList = 0xfffff800`0349d670
Debug session time: Tue Apr 23 19:46:33.380 2013 (GMT-4)
System Uptime: 0 days 2:22:51.956
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Loading Kernel Symbols
...............................................................
................................................................
.........................................
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 50, {fffff900c2802000, 1, fffff960000e2344, 0}
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*** WARNING: Unable to verify timestamp for win32k.sys
*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Probably caused by : win32k.sys ( win32k+22344 )
Followup: MachineOwner
---------

 

[VistaKing]

Hi chrismarino welcome to SevenForums

Take a look at the link below

:ar: http://www.sevenforums.com/bsod-help-support/96879-blue-screen-death-bsod-posting-instructions.html

 

[chrismarino]

Hi VistaKing,
I just added the zip file.

 

[chrismarino]

Hi again.

I did several things while waiting for a reply.

I enabled the Driver Verifier to try and identify the issue.

Windows BSODed as soon as it started up.

The minidump yielded usbfilter.sys as the rogue driver.

I removed the file manually from c:\windows\system32\drivers\usbfilter.sys

The PC starts up now with the verified still on and it hasn't BSODed since.

However, all USB ports are not responding. Is there a proper way to remove the driver?

The usbfilter.sys file is sitting in the Recycle bin.
Thank you in advance!

 

[chrismarino]

One thing I noticed is the sound is staticy.

 

[VistaKing]

Hi chrismarino

I apologize for the late reply.

C:\Windows\system32\drivers\avgtpx64.sys - AVG Secure Search

Uninstall AVG Secure Search : How to remove/uninstall AVG Safe Search | AVG Worldwide

Disable AODDriver2.sys inside CCC the driver belongs to AMD Over Drive

Once you have done that. I would like for you to run SFC /SCANOW

Click on rb: button type CMD inside Search programs and files box. Right click on CMD under Programs (1) choose Run as administrator. On the User Access Control window click on the Yes button.

Command Prompt will open to path C:\Windows\Systeme32>_

Type the command below

SFC /SCANNOW

Press <ENTER>

If any corrupted files are located please upload the CBS.LOG file

Log is located in C:\Windows\Logs\CBS\CBS.LOG

 

[chrismarino]

Working on it...

 

[VistaKing]

Just an Idea . Have you created your Recovery Disc yet ? If not Might want to do that . Good thing to have in case your hard drive dies .

Should be able to create the Recovery disc inside VAIO Care


Added:

Update MSE and do a full scan .

After you had ran SFC /scannow and did a virus scan.

Lets do some other things.

Run Chkdsk :

Click on rb: button type CMD inside Search programs and files box. Right click on CMD under Programs (1) choose Run as administrator. On the User Access Control window click on the Yes button.

Command Prompt will open to path C:\Windows\Systeme32>_

Type the command below

chkdsk /f /r C:

Press <ENTER> . It will tell you that it will run on next restart do you want to Schedule a restart. Press the Y Key and press <Enter> Restart the PC manually

ADDED:

Curtesy from xBlueRobot

1: kd> [COLOR="SeaGreen"]lmvm atikmpag[/COLOR]
start             end                 module name
fffff880`02c89000 fffff880`02cbd000   atikmpag T (no symbols)           
    Loaded symbol image file: [COLOR="red"]atikmpag.sys[/COLOR]
    Image path: \SystemRoot\system32\DRIVERS\atikmpag.sys
    Image name: [COLOR="Red"]atikmpag.sys[/COLOR]
    Timestamp:        [COLOR="red"]Wed Mar 03 03:07:33 2010 [/COLOR](4B8DD275)
    CheckSum:         0003CFA0
    ImageSize:        00034000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4

You have a very old graphic card driver . I will see if I could locate an updated version .

Video Driver : Just install the driver not the entire Catalyst Software Suite


Download