BSOD Coming Up After Booting - Win. 7, 64-Bit

Toggle sidebar Toggle sidebar
L

lakeober

Honorable
Jun 19, 2012
23
0
10,510
Hello,

I have a Dell desktop that I am taking a look at for a friend. The computer is only about 1.5 years old. It is running 64-bit Windows 7 (Professional). Whenever I boot the computer, and it opens to the Windows desktop... the BSOD comes up about 30 seconds after the desktop is displayed, and then the machine restarts. I can't get it to do anything beyond that. I wanted to do a debug of the dump files, but was unable to retrieve them on the computer. So, I took the HD out, and connected it to a working machine with a SATA to USB cable. After debugging a few of the dump files, it shows that the two culprits are: ntkrnlmp.exe and tcpip.sys. Is there anything I can do to resolve the issue?

Like I said, the machine shuts off very shortly after Windows loads to the desktop, so I can't really do anything on the machine itself. I have to pull the HD out and connect it to another machine. Any help is greatly appreciate. Thanks!
 
Sort by date Sort by votes
kenrivers

kenrivers

Illustrious
Dec 29, 2010
6,684
6
37,015
Are you able to boot into Safe Mode? If yes you can try running sfc /scannow from an elevated command prompt (Click on Start, type in cmd and when you see cmd.exe right click on it and choose Run as Administrator). http://pcsupport.about.com/od/toolsofthetrade/ht/sfc-scannow.htm
You may need the Windows install disc when you do this. Another option is to boot from the Windows 7 install disc and get to a repair console. This link will provide help on doing a Startup Repair: http://pcsupport.about.com/od/toolsofthetrade/ss/windows-7-startup-repair.htm
 
Upvote 0 Downvote
gamerk316

gamerk316

Glorious
Jul 8, 2008
13,234
131
44,840
First off, download BluescreenView and post all the "Bug_Check_Strings" and "Bug_Check_Code" fields. [Work filter limits my ability to see images]. From that, we can typically guess at whats going wrong.

A good secondary step in the meantime is to run memtest86+ to validate RAM. The majority of BSOD's can be caused by bad RAM, so checking that out is always a good first step.
 
Upvote 0 Downvote
L

lakeober

Honorable
Jun 19, 2012
23
0
10,510
Thanks for the help and ideas. I just ran the debug on 2 of the dump files, and got that following results:

*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 00000005000000dd, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff80002cc8405, address which referenced memory

Debugging Details:
------------------

TRIAGER: Could not open triage file : C:\Program Files (x86)\Windows Kits\8.0\Debuggers\x64\triage\modclass.ini, error 2

WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff80002ec7100
GetUlongFromAddress: unable to read from fffff80002ec71c0
00000005000000dd Nonpaged pool

CURRENT_IRQL: 2

FAULTING_IP:
nt!KeStackAttachProcess+115
fffff800`02cc8405 f00fc186dc000000 lock xadd dword ptr [rsi+0DCh],eax

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT

BUGCHECK_STR: 0xA

PROCESS_NAME: System

TRAP_FRAME: fffff88007f1d770 -- (.trap 0xfffff88007f1d770)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000008 rbx=0000000000000000 rcx=fffffa8003be2bb0
rdx=fffff88007f1da58 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002cc8405 rsp=fffff88007f1d900 rbp=fffff88007f1da58
r8=fffffa8003be2ba0 r9=0000000000000130 r10=fffff880031810c0
r11=fffffa8003be2b50 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
nt!KeStackAttachProcess+0x115:
fffff800`02cc8405 f00fc186dc000000 lock xadd dword ptr [rsi+0DCh],eax ds:00000000`000000dc=????????
Resetting default scope

LAST_CONTROL_TRANSFER: from fffff80002c97769 to fffff80002c981c0

STACK_TEXT:
fffff880`07f1d628 fffff800`02c97769 : 00000000`0000000a 00000005`000000dd 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
fffff880`07f1d630 fffff800`02c963e0 : fffff880`07f1d7b0 fffff8a0`041a9dd0 00000000`000000c2 fffffa80`03be2b50 : nt!KiBugCheckDispatch+0x69
fffff880`07f1d770 fffff800`02cc8405 : 00000000`00000000 fffffa80`03be2b50 fffffa80`03be2b50 fffff800`02f66953 : nt!KiPageFault+0x260
fffff880`07f1d900 fffffa80`050369c8 : fffff880`07f1da80 fffff880`0171e400 fffff880`07f1da60 fffffa80`03b14b50 : nt!KeStackAttachProcess+0x115
fffff880`07f1d980 fffff880`07f1da80 : fffff880`0171e400 fffff880`07f1da60 fffffa80`03b14b50 00000000`0000afd1 : 0xfffffa80`050369c8
fffff880`07f1d988 fffff880`0171e400 : fffff880`07f1da60 fffffa80`03b14b50 00000000`0000afd1 fffffa80`03b14b50 : 0xfffff880`07f1da80
fffff880`07f1d990 00000000`0000afd2 : 00000000`0000afd4 fffffa80`03b14a30 00000000`00000000 00000000`0000afd1 : tcpip!TcpCloseEndpoint+0x40
fffff880`07f1da00 00000000`0000afd4 : fffffa80`03b14a30 00000000`00000000 00000000`0000afd1 fffffa80`03b14b50 : 0xafd2
fffff880`07f1da08 fffffa80`03b14a30 : 00000000`00000000 00000000`0000afd1 fffffa80`03b14b50 fffff880`040e5715 : 0xafd4
fffff880`07f1da10 00000000`00000000 : 00000000`0000afd1 fffffa80`03b14b50 fffff880`040e5715 00000000`0000af00 : 0xfffffa80`03b14a30


STACK_COMMAND: kb

FOLLOWUP_IP:
tcpip!TcpCloseEndpoint+40
fffff880`0171e400 4885f6 test rsi,rsi

SYMBOL_STACK_INDEX: 6

SYMBOL_NAME: tcpip!TcpCloseEndpoint+40

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: tcpip

IMAGE_NAME: tcpip.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4f757012

FAILURE_BUCKET_ID: X64_0xA_tcpip!TcpCloseEndpoint+40

BUCKET_ID: X64_0xA_tcpip!TcpCloseEndpoint+40

Followup: MachineOwner
---------
Click to expand...

AND THE OTHER IS:

*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff80002d1a813, The address that the exception occurred at
Arg3: 0000000000000000, Parameter 0 of the exception
Arg4: ffffffffffffffff, Parameter 1 of the exception

Debugging Details:
------------------

TRIAGER: Could not open triage file : C:\Program Files (x86)\Windows Kits\8.0\Debuggers\x64\triage\modclass.ini, error 2

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

FAULTING_IP:
nt!output_l+31b
fffff800`02d1a813 443801 cmp byte ptr [rcx],r8b

EXCEPTION_PARAMETER1: 0000000000000000

EXCEPTION_PARAMETER2: ffffffffffffffff

READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002f0a100
GetUlongFromAddress: unable to read from fffff80002f0a1c0
ffffffffffffffff

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

BUGCHECK_STR: 0x1e_c0000005

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT

PROCESS_NAME: System

CURRENT_IRQL: 0

LAST_CONTROL_TRANSFER: from fffff80002d25d88 to fffff80002cdb1c0

CONTEXT: e9cb2bf175c03b41 -- (.cxr 0xe9cb2bf175c03b41)
Unable to read context, Win32 error 0n30

STACK_TEXT:
fffff880`02b89da8 fffff800`02d25d88 : 00000000`0000001e ffffffff`c0000005 fffff800`02d1a813 00000000`00000000 : nt!KeBugCheckEx
fffff880`02b89db0 fffff800`02cda842 : fffff880`02b8a588 7e7ac1fe`2a57978c fffff880`02b8a630 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x48d3d
fffff880`02b8a450 fffff800`02cd914a : 00000000`00000001 fffff880`02b8aba8 fffffa80`039ac040 00000000`00000000 : nt!KiExceptionDispatch+0xc2
fffff880`02b8a630 fffff800`02d1a813 : 00000000`00860084 fffffa80`05059540 fffff8a0`04f48580 00000000`000000e0 : nt!KiGeneralProtectionFault+0x10a
fffff880`02b8a7c0 fffff800`02d28a48 : fffffa80`03e12040 fffff800`02e782d8 00000000`00000001 00000000`00000000 : nt!output_l+0x31b
fffff880`02b8aa80 fffffa80`05052fe6 : 00000000`00000001 fffff880`00000006 fffffa80`05056288 7e7ac1fe`2a57978c : nt!snprintf+0x78
fffff880`02b8ab00 00000000`00000001 : fffff880`00000006 fffffa80`05056288 7e7ac1fe`2a57978c 00000000`00000580 : 0xfffffa80`05052fe6
fffff880`02b8ab08 fffff880`00000006 : fffffa80`05056288 7e7ac1fe`2a57978c 00000000`00000580 00000000`00000000 : 0x1
fffff880`02b8ab10 fffffa80`05056288 : 7e7ac1fe`2a57978c 00000000`00000580 00000000`00000000 fffffa80`00000030 : 0xfffff880`00000006
fffff880`02b8ab18 7e7ac1fe`2a57978c : 00000000`00000580 00000000`00000000 fffffa80`00000030 00000000`00000000 : 0xfffffa80`05056288
fffff880`02b8ab20 00000000`00000580 : 00000000`00000000 fffffa80`00000030 00000000`00000000 00000000`00000000 : 0x7e7ac1fe`2a57978c
fffff880`02b8ab28 00000000`00000000 : fffffa80`00000030 00000000`00000000 00000000`00000000 00000000`00000200 : 0x580


FOLLOWUP_IP:
nt!output_l+31b
fffff800`02d1a813 443801 cmp byte ptr [rcx],r8b

SYMBOL_STACK_INDEX: 4

SYMBOL_NAME: nt!output_l+31b

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 4fa390f3

STACK_COMMAND: .cxr 0xe9cb2bf175c03b41 ; kb

FAILURE_BUCKET_ID: X64_0x1e_c0000005_nt!output_l+31b

BUCKET_ID: X64_0x1e_c0000005_nt!output_l+31b

Followup: MachineOwner
---------
Click to expand...

I am going to put the HD back into the machine now and see if it will boot in Safe Mode, and also if I am able to run a memory test before it shuts down. I'll post the results on here as soon as I get them. Thanks again.
 
Upvote 0 Downvote
L

lakeober

Honorable
Jun 19, 2012
23
0
10,510
Ok, I just tried to boot the machine into Safe Mode, and before it even got to the desktop, it gave me a BSOD. I then pulled out the HD, and rand a debug on that BSOD's dump file, and the culprit was once again: ntkrnlmp.exe

Any idea's? I would try to run a memory test, but can I even do that if I can't load up Windows?
 
Upvote 0 Downvote
mouse24

mouse24

Splendid
Nov 30, 2010
4,389
0
23,960


Yup, sure can. Download Memtest to a dvd and pop it in the dvd drive then set up the bios to boot from dvd :)

I always recommend having memtest + a copy of hirens boot cd handy.
 
Upvote 0 Downvote
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom