Page 1 of 2 12 Last
  1. #1
    Jonathan_King's Avatar
    Join Date
    Feb 2012
    Location
    Rednecksville
    Posts
    13

    BSOD Analysis - Getting Started

    So, you're interested in learning to solve BSODs? A satisfying goal, and there's good job security as there's an endless supply of BSOD threads.

    To be a good BSOD analyst, you don't need deep technical knowledge of how Windows works (though it doesn't hurt!). You do need a good "technician's knowledge" of computers, as there's so much more to it than "what driver was blamed?". As often as not, hardware is the cause, and you should be proficient in that regard. Instructing OPs how to swap out RAM, change memory voltages, and spot PSU problems is SO much easier when you are familiar with the processes already.

    Good surface knowledge of Windows is essential. What if that driver won't install right? What if Windows won't boot right? What if you suspect malware is the cause...do you know how to spot other signs of it? What if the OP wants to do a repair install but his DVD is giving him an error message? You could just farm stuff out, but it's better if you're capable of handling it all yourself.

    Perhaps even more important is a desire to get to the bottom of the case, no matter what it is. Good BSOD analysts don't feel the need to stick to the "rules" of the game. They exercise complete liberty to post whatever they want in the thread, no matter how unorthodox it might be. Feel like turning the OP into a guinea pig? Go for it! Try new things, learn what doesn't work, and remember what did work for next time. And when you see a thread someone else has solved, spend the 30 seconds and find out what symptoms the the OP was having, and what the solution was.


    Ready to proceed?

    Start by installing Windbg from the Windows SDK: Debugging Tools and Symbols: Getting Started

    Once installed, associate .dmp files with Windbg by entering the following in a command prompt:
    Code:
    "C:\Program Files (x86)\Debugging Tools for Windows (x64)\Debuggers\x64\windbg.exe" -IA
    If Windbg is installed in a different location, change the command accordingly. Just a heads-up, the -IA part is case sensitive. Confused the heck out of me when I first tried it, as most commands are not case sensitive.

    When done, open a copy of Windbg, go to File > Symbol file path, and copy/paste:
    Code:
    SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
    You can replace C:\symbols with any other path you'd like the symbol cache to be stored on. If you have a low-capacity SSD, be warned the folder can grow to a couple GBs.

    After that, you can just double-click on the dmps and it will open. If a driver or program is the cause of the BSODs, it will usually show up in the Probably Caused By line.
    Code:
    Probably caused by: e1c62x64.sys
    You can look up the drivers it blames here: Driver Reference Table

    A couple other tips:

    If a Windows/system driver is blamed, it's not the real problem. Use your powers of reasoning: if tcpip.sys is blamed, perhaps the network adapter drivers are at fault?

    You can use Driver Verifier to try to get 3rd-party drivers blamed: Driver Verifier - BSOD related - Windows 10, 8.1, 8, 7 & Vista - Sysnative Forums

    If Verifier_Enabled dumps continue to point to system drivers, hardware is most likely the cause. The most common cause is RAM, though CPU, motherboard, PSU, video card, hard drive, and sometimes some funky ones (monitor, USB devices) can also cause problems. I wrote up some tutorials to diagnostics we use often:

    http://www.sysnative.com/forums/hard...memtest86.html

    http://www.sysnative.com/forums/hard...s-testing.html

    To get a list of the running drivers on the system at the time of the crash, run from Windbg:
    Code:
    lmntsm
    Spend some time looking up those drivers on the Driver Reference Table until you can quickly glance down the list and pick out the 3rd-party ones. The Windows drivers are rarely of any consequence, but you should still know what they do. One word of warning, however: don't fall into the same pitfall all too many people do, and that is putting too much emphasis on the date of the driver. Is it true that older drivers can have compatibility problems, and should be updated, but few things that I see BSOD analysts doing irritate me more than lists of drivers to update. If a 3rd-party driver is the cause, 95% of the time it will be blamed directly.

    I'd be a fool not to at least mention the !analyze -v command. Try running that on a dump, see what kind of information it reveals. PROCESS_NAME shows which process was running at the time of the crash; usually not enough to make any conclusions, but when taken from many dumps from the same system, may reveal some circumstantial evidence. FAILURE_BUCKET_ID and BUCKET ID can sometimes reveal culprit drivers that are not blamed in the Probably Caused By line.

    And one last command I rarely see any other BSOD analysts on the volunteer forums using: the !sysinfo commands. !sysinfo machineid shows information about the motherboard and OEM. !sysinfo smbios reveals a wealth of information about the motherboard configuration. Want to know what size DIMMs are installed in which slots, and what speed they're running at? Give it a whirl! Or run the generic !sysinfo command for a list of supported arguments and try them out.


    Finally, we ask for a full BSOD report for a reason; dumps alone are often inadequate, and the problem can often be solved faster when you have access to other information. Digging deeper into the jcgriff2 report is beyond the scope of this "getting started" guide, but I encourage you to poke into it on your own.



    • MSINFO32 is good for getting hardware information and a list of installed programs. Plus a bunch of other things.
    • $systeminfo.txt overlaps with MSINFO32 a fair bit, which is nice when MSINFO32 is corrupted or missing. It also contains a list of installed Windows Updates, and the date the OS was installed.
    • Event Logs are priceless for BSOD analysts, especially the System one ($evtx_sys_dump.txt). Tip: do a Find for keyword "Error". When no dumps are available, this becomes your #1 resource.
    • $sys_list.txt and driverq_v.txt are both good for finding information on drivers; such as, which ones are loading, what their dates are, and where they are located.


    Get to know what information you have access to. Once you do, you will no longer be content to simply use the dumps. I resigned from a Moderator position and left another forum once, among other reasons, but a major part was they didn't see the point in asking for the other info, and weren't on board with my attempts to get some instructions stickied.


    That's the basic idea of what we do. As you go along, you'll have dozens (if not more!) of questions; by all means, post them below, or start a new thread in the BSOD Analysis forum.
    Good luck!
    Last edited by jcgriff2; 12-08-2014 at 02:34 AM.


    • Ad Bot

      advertising
      Beep.

        
       

  2. #2
    Cayden's Avatar
    Join Date
    Jul 2012
    Location
    Toronto
    Posts
    196
    • specs System Specs
      • Manufacturer:
        Self-built
      • Motherboard:
        Asus M5A97 R2
      • CPU:
        FX 9370 4.4 GHz
      • Memory:
        8Gb G. Skill Ripjaws 1600
      • Graphics:
        AMD R9 290X 4Gb
      • Hard Drives:
        Samsung Evo 850 / Seagate 1TB
      • Power Supply:
        Seasonic G Series 650W
      • Case:
        Corsair Obsidian 450D
      • Cooling:
        Arctic 320w air cooler
      • Display:
        Sansung 22 inch
      • Operating System:
        Windows 7 HP

    Re: BSOD Analysis - Getting Started

    I can't seem to get my symbol file to load properly. I downloaded the 'checked' symbol file for Windows 7 from MS's site and entered the command you mentioned, but it never seems to work. It doesn't seem like it saves either.

  3. #3
    Shintaro's Avatar
    Join Date
    Jun 2012
    Location
    Brisbane, Australia
    Age
    48
    Posts
    175

    Re: BSOD Analysis - Getting Started

    If you downloaded the Checked symbols they are the wrong ones. "Checked" is for the special "Checked Build" version of windows. You probably want the "Retail" version.

    Explained here: http://msdn.microsoft.com/en-us/libr...=vs.85%29.aspx

    Source: http://www.osronline.com/DDKx/ddtools/checked_6dir.htm
    Checked and Free Build Differences

    Two distinct builds of the NT-based operating systems are available:
    The free build (or retail build)The free build of Microsoft® Windows® is used in production environments. The free build of the operating system is built with full compiler optimizations. When the free build discovers correctable problems, it continues to run. Distribution media containing the free build of the operating system do not have any special labels — in other words, the CD containing the free build will just be labeled with the Windows version name, and no reference to the type of build.
    The checked build (or debug build)The purpose of the checked build of Microsoft Windows is to make identifying and diagnosing operating-system-level problems easier. The checked build differs from the free build in the following ways:
    • Many compiler optimizations (such as stack frame elimination) are disabled in the checked build. Disabling such optimizations makes it easier to understand disassembled machine instructions, and therefore it is easier to trace the cause of problems in system software.
    • The checked build enables a large number of debugging checks in the operating system code and system-provided drivers. This helps the checked build identify internal inconsistencies and problems as soon as they occur.

    Distribution media containing the checked build are clearly labeled “Debug/Checked Build.” The checked build distribution medium contains the checked version of the operating system, plus checked versions of HALs, drivers, file systems, and even many user-mode components. For information on obtaining this build, see Obtaining the Checked Build.
    Because the checked build contains fewer optimizations and more debugging checks than the free build, the checked build is both larger in size and slower to execute than the free build. As a result, the free build is used in production environments unless it is necessary to use the checked build to identify serious problems.
    Last edited by Shintaro; 08-01-2012 at 09:41 PM. Reason: Added information
    Try to live an ordinary life, in a non-ordinary way.

  4. #4
    Cayden's Avatar
    Join Date
    Jul 2012
    Location
    Toronto
    Posts
    196
    • specs System Specs
      • Manufacturer:
        Self-built
      • Motherboard:
        Asus M5A97 R2
      • CPU:
        FX 9370 4.4 GHz
      • Memory:
        8Gb G. Skill Ripjaws 1600
      • Graphics:
        AMD R9 290X 4Gb
      • Hard Drives:
        Samsung Evo 850 / Seagate 1TB
      • Power Supply:
        Seasonic G Series 650W
      • Case:
        Corsair Obsidian 450D
      • Cooling:
        Arctic 320w air cooler
      • Display:
        Sansung 22 inch
      • Operating System:
        Windows 7 HP

    Re: BSOD Analysis - Getting Started

    Oh I figured it was for OEM Retail discs, my copy is pre-installed so I didn't think it counted.

  5. #5
    Shintaro's Avatar
    Join Date
    Jun 2012
    Location
    Brisbane, Australia
    Age
    48
    Posts
    175

    Re: BSOD Analysis - Getting Started

    Is it working now??
    Try to live an ordinary life, in a non-ordinary way.

  6. #6
    Cayden's Avatar
    Join Date
    Jul 2012
    Location
    Toronto
    Posts
    196
    • specs System Specs
      • Manufacturer:
        Self-built
      • Motherboard:
        Asus M5A97 R2
      • CPU:
        FX 9370 4.4 GHz
      • Memory:
        8Gb G. Skill Ripjaws 1600
      • Graphics:
        AMD R9 290X 4Gb
      • Hard Drives:
        Samsung Evo 850 / Seagate 1TB
      • Power Supply:
        Seasonic G Series 650W
      • Case:
        Corsair Obsidian 450D
      • Cooling:
        Arctic 320w air cooler
      • Display:
        Sansung 22 inch
      • Operating System:
        Windows 7 HP

    Re: BSOD Analysis - Getting Started

    No, it still says I'm using the wrong symbols.

  7. #7

    Join Date
    Mar 2012
    Posts
    469

    Re: BSOD Analysis - Getting Started

    Can you show us the exact typed in path you have for the symbols for Windbg? Also, print out what you see from typing .reload /f /o /v in Windbg. Make sure to use [code] tags in your post so you don't have a several-page-long post on this thread.

  8. #8
    Cayden's Avatar
    Join Date
    Jul 2012
    Location
    Toronto
    Posts
    196
    • specs System Specs
      • Manufacturer:
        Self-built
      • Motherboard:
        Asus M5A97 R2
      • CPU:
        FX 9370 4.4 GHz
      • Memory:
        8Gb G. Skill Ripjaws 1600
      • Graphics:
        AMD R9 290X 4Gb
      • Hard Drives:
        Samsung Evo 850 / Seagate 1TB
      • Power Supply:
        Seasonic G Series 650W
      • Case:
        Corsair Obsidian 450D
      • Cooling:
        Arctic 320w air cooler
      • Display:
        Sansung 22 inch
      • Operating System:
        Windows 7 HP

    Re: BSOD Analysis - Getting Started

    It's taking a while to finish processing the command, for now I'll tell you I installed into C:\Symbols and I use the exact SRV*c:\symbols*http://msdl.microsoft.com/download/symbols​ path.

    edit:

    Code:
    Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.
    
    
    
    
    Loading Dump File [C:\Users\Cayden\Desktop\crap\Random stuff\102411-28111-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available
    
    
    Symbol search path is: *** Invalid ***
    ****************************************************************************
    * Symbol loading may be unreliable without a symbol search path.           *
    * Use .symfix to have the debugger choose a symbol path.                   *
    * After setting your symbol path, use .reload to refresh symbol locations. *
    ****************************************************************************
    Executable search path is: 
    *********************************************************************
    * Symbols can not be loaded because symbol path is not initialized. *
    *                                                                   *
    * The Symbol Path can be set by:                                    *
    *   using the _NT_SYMBOL_PATH environment variable.                 *
    *   using the -y <symbol_path> argument when starting the debugger. *
    *   using .sympath and .sympath+                                    *
    *********************************************************************
    Unable to load image ntoskrnl.exe, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for ntoskrnl.exe
    *** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
    Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
    Product: WinNt, suite: TerminalServer SingleUserTS Personal
    Machine Name:
    Kernel base = 0xfffff800`02a14000 PsLoadedModuleList = 0xfffff800`02c59670
    Debug session time: Tue Oct 25 01:20:17.420 2011 (UTC - 4:00)
    System Uptime: 0 days 2:06:36.012
    *********************************************************************
    * Symbols can not be loaded because symbol path is not initialized. *
    *                                                                   *
    * The Symbol Path can be set by:                                    *
    *   using the _NT_SYMBOL_PATH environment variable.                 *
    *   using the -y <symbol_path> argument when starting the debugger. *
    *   using .sympath and .sympath+                                    *
    *********************************************************************
    Unable to load image ntoskrnl.exe, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for ntoskrnl.exe
    *** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    ..........................
    Loading User Symbols
    Loading unloaded module list
    .....
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    
    Use !analyze -v to get detailed debugging information.
    
    
    BugCheck A, {fffffa80ff462778, 2, 1, fffff80002a9c2b2}
    
    
    ***** Kernel symbols are WRONG. Please fix symbols to do analysis.
    
    
    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Your debugger is not using the correct symbols                 ***
    ***                                                                   ***
    ***    In order for this command to work properly, your symbol path   ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: nt!_KPRCB                                     ***
    ***                                                                   ***
    *************************************************************************
    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Your debugger is not using the correct symbols                 ***
    ***                                                                   ***
    ***    In order for this command to work properly, your symbol path   ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: nt!_KPRCB                                     ***
    ***                                                                   ***
    *************************************************************************
    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Your debugger is not using the correct symbols                 ***
    ***                                                                   ***
    ***    In order for this command to work properly, your symbol path   ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: nt!_KPRCB                                     ***
    ***                                                                   ***
    *************************************************************************
    Probably caused by : ntoskrnl.exe ( nt+882b2 )
    
    
    Followup: MachineOwner
    ---------
    
    
    WARNING: Whitespace at end of path element
    1: kd> .reload /f /o /v
    Loading Kernel Symbols
    AddImage: hal.dll
     DllBase  = fffff800`02ffd000
     Size     = 00049000
     Checksum = 000404c3
     TimeDateStamp = 4ce7c669
    AddImage: kdcom.dll
     DllBase  = fffff800`00baa000
     Size     = 0000a000
     Checksum = 0000f59b
     TimeDateStamp = 4d4d8061
    AddImage: mcupdate.dll
     DllBase  = fffff880`00c9e000
     Size     = 0000d000
     Checksum = 0000babc
     TimeDateStamp = 4a5bdf65
    Unable to load image mcupdate.dll, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for mcupdate.dll
    *** ERROR: Module load completed but symbols could not be loaded for mcupdate.dll
    AddImage: PSHED.dll
     DllBase  = fffff880`00cab000
     Size     = 00014000
     Checksum = 0000f762
     TimeDateStamp = 4a5be027
    AddImage: CLFS.SYS
     DllBase  = fffff880`00cbf000
     Size     = 0005e000
     Checksum = 00065c46
     TimeDateStamp = 4a5bc11d
    AddImage: CI.dll
     DllBase  = fffff880`00d1d000
     Size     = 000c0000
     Checksum = 000cb0f6
     TimeDateStamp = 4ce7c944
    AddImage: Wdf01000.sys
     DllBase  = fffff880`00e26000
     Size     = 000a4000
     Checksum = 000a2e74
     TimeDateStamp = 4a5bc19f
    AddImage: WDFLDR.SYS
     DllBase  = fffff880`00eca000
     Size     = 0000f000
     Checksum = 00011010
     TimeDateStamp = 4a5bc11a
    AddImage: ACPI.sys
     DllBase  = fffff880`00ed9000
     Size     = 00057000
     Checksum = 0005acf6
     TimeDateStamp = 4ce79294
    AddImage: WMILIB.SYS
     DllBase  = fffff880`00f30000
     Size     = 00009000
     Checksum = 00005007
     TimeDateStamp = 4a5bc117
    AddImage: msisadrv.sys
     DllBase  = fffff880`00f39000
     Size     = 0000a000
     Checksum = 0001320d
     TimeDateStamp = 4a5bc0fe
    AddImage: pci.sys
     DllBase  = fffff880`00f43000
     Size     = 00033000
     Checksum = 00033150
     TimeDateStamp = 4ce7928f
    AddImage: vdrvroot.sys
     DllBase  = fffff880`00f76000
     Size     = 0000d000
     Checksum = 0000c04b
     TimeDateStamp = 4a5bcadb
    AddImage: partmgr.sys
     DllBase  = fffff880`00f83000
     Size     = 00015000
     Checksum = 000209b5
     TimeDateStamp = 4ce792c0
    AddImage: volmgr.sys
     DllBase  = fffff880`00f98000
     Size     = 00015000
     Checksum = 00019f72
     TimeDateStamp = 4ce792a0
    AddImage: volmgrx.sys
     DllBase  = fffff880`00c00000
     Size     = 0005c000
     Checksum = 00065f6d
     TimeDateStamp = 4ce792eb
    AddImage: mountmgr.sys
     DllBase  = fffff880`00fad000
     Size     = 0001a000
     Checksum = 00022621
     TimeDateStamp = 4ce79299
    AddImage: amdsbs.sys
     DllBase  = fffff880`0101f000
     Size     = 00047000
     Checksum = 0003938a
     TimeDateStamp = 49c3e213
    Unable to load image amdsbs.sys, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for amdsbs.sys
    *** ERROR: Module load completed but symbols could not be loaded for amdsbs.sys
    AddImage: storport.sys
     DllBase  = fffff880`01066000
     Size     = 00063000
     Checksum = 000309fa
     TimeDateStamp = 4d79a55f
    AddImage: amdxata.sys
     DllBase  = fffff880`010c9000
     Size     = 0000b000
     Checksum = 00007a58
     TimeDateStamp = 4accf656
    Unable to load image amdxata.sys, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for amdxata.sys
    *** ERROR: Module load completed but symbols could not be loaded for amdxata.sys
    AddImage: fltmgr.sys
     DllBase  = fffff880`010d4000
     Size     = 0004c000
     Checksum = 0005452d
     TimeDateStamp = 4ce7929c
    AddImage: fileinfo.sys
     DllBase  = fffff880`01120000
     Size     = 00014000
     Checksum = 00015644
     TimeDateStamp = 4a5bc481
    
    
    
    
    Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
    Run !sym noisy before .reload to track down problems loading symbols.
    
    
    AddImage: Ntfs.sys
     DllBase  = fffff880`0122c000
     Size     = 001a3000
     Checksum = 0019968a
     TimeDateStamp = 4d79997b
    AddImage: msrpc.sys
     DllBase  = fffff880`01134000
     Size     = 0005e000
     Checksum = 0005e9e7
     TimeDateStamp = 4ce79334
    AddImage: ksecdd.sys
     DllBase  = fffff880`013cf000
     Size     = 0001b000
     Checksum = 0001e184
     TimeDateStamp = 4ce7930b
    AddImage: cng.sys
     DllBase  = fffff880`0147a000
     Size     = 00072000
     Checksum = 00078106
     TimeDateStamp = 4ce79e2d
    AddImage: pcw.sys
     DllBase  = fffff880`014ec000
     Size     = 00011000
     Checksum = 00014b5e
     TimeDateStamp = 4a5bc0ff
    AddImage: Fs_Rec.sys
     DllBase  = fffff880`014fd000
     Size     = 0000a000
     Checksum = 0001398a
     TimeDateStamp = 4a5bc111
    AddImage: ndis.sys
     DllBase  = fffff880`01507000
     Size     = 000f3000
     Checksum = 000e8ac1
     TimeDateStamp = 4ce79392
    AddImage: NETIO.SYS
     DllBase  = fffff880`01400000
     Size     = 00060000
     Checksum = 00066d17
     TimeDateStamp = 4ce79381
    AddImage: ksecpkg.sys
     DllBase  = fffff880`01200000
     Size     = 0002b000
     Checksum = 00030edb
     TimeDateStamp = 4ce79e9a
    AddImage: tcpip.sys
     DllBase  = fffff880`0164d000
     Size     = 00204000
     Checksum = 001e3a3e
     TimeDateStamp = 4e001123
    AddImage: fwpkclnt.sys
     DllBase  = fffff880`01851000
     Size     = 0004a000
     Checksum = 0004ab00
     TimeDateStamp = 4ce79321
    AddImage: epfwwfp.sys
     DllBase  = fffff880`0189b000
     Size     = 00015000
     Checksum = 00017992
     TimeDateStamp = 4e098300
    Unable to load image epfwwfp.sys, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for epfwwfp.sys
    *** ERROR: Module load completed but symbols could not be loaded for epfwwfp.sys
    AddImage: volsnap.sys
     DllBase  = fffff880`018b0000
     Size     = 0004c000
     Checksum = 000527ed
     TimeDateStamp = 4ce792c8
    AddImage: spldr.sys
     DllBase  = fffff880`018fc000
     Size     = 00008000
     Checksum = 0000e0e9
     TimeDateStamp = 4a0858bb
    Unable to load image spldr.sys, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for spldr.sys
    *** ERROR: Module load completed but symbols could not be loaded for spldr.sys
    AddImage: speedfan.sys
     DllBase  = fffff880`01904000
     Size     = 0000a000
     Checksum = 0000a6ad
     TimeDateStamp = 4d83838e
    Unable to load image speedfan.sys, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for speedfan.sys
    *** ERROR: Module load completed but symbols could not be loaded for speedfan.sys
    AddImage: rdyboost.sys
     DllBase  = fffff880`0190e000
     Size     = 0003a000
     Checksum = 00037356
     TimeDateStamp = 4ce7982e
    AddImage: mup.sys
     DllBase  = fffff880`01948000
     Size     = 00012000
     Checksum = 00015dfd
     TimeDateStamp = 4a5bc201
    AddImage: hwpolicy.sys
     DllBase  = fffff880`0195a000
     Size     = 00009000
     Checksum = 0000d9f4
     TimeDateStamp = 4ce7927e
    AddImage: fvevol.sys
     DllBase  = fffff880`01963000
     Size     = 0003a000
     Checksum = 000389bc
     TimeDateStamp = 4ce793b6
    AddImage: disk.sys
     DllBase  = fffff880`0199d000
     Size     = 00016000
     Checksum = 0001ff1d
     TimeDateStamp = 4a5bc11d
    AddImage: CLASSPNP.SYS
     DllBase  = fffff880`019b3000
     Size     = 00030000
     Checksum = 000318be
     TimeDateStamp = 4ce7929b
    AddImage: AtiPcie64.sys
     DllBase  = fffff880`019e3000
     Size     = 00008000
     Checksum = 00010318
     TimeDateStamp = 4b97adc9
    Unable to load image AtiPcie64.sys, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for AtiPcie64.sys
    *** ERROR: Module load completed but symbols could not be loaded for AtiPcie64.sys
    AddImage: ahcix64s.sys
     DllBase  = fffff880`01192000
     Size     = 00050000
     Checksum = 00038ade
     TimeDateStamp = 49bf455b
    Unable to load image ahcix64s.sys, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for ahcix64s.sys
    *** ERROR: Module load completed but symbols could not be loaded for ahcix64s.sys
    AddImage: cdrom.sys
     DllBase  = fffff880`04870000
     Size     = 0002a000
     Checksum = 0002b742
     TimeDateStamp = 4ce79298
    AddImage: Null.SYS
     DllBase  = fffff880`0489a000
     Size     = 00009000
     Checksum = 0000e9db
     TimeDateStamp = 4a5bc109
    AddImage: Beep.SYS
     DllBase  = fffff880`048a3000
     Size     = 00007000
     Checksum = 000036eb
     TimeDateStamp = 4a5bca8d
    AddImage: ehdrv.sys
     DllBase  = fffff880`048aa000
     Size     = 00027000
     Checksum = 0002932f
     TimeDateStamp = 4e09840e
    Unable to load image ehdrv.sys, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for ehdrv.sys
    *** ERROR: Module load completed but symbols could not be loaded for ehdrv.sys
    AddImage: vga.sys
     DllBase  = fffff880`048d1000
     Size     = 0000e000
     Checksum = 00013e6f
     TimeDateStamp = 4a5bc587
    AddImage: VIDEOPRT.SYS
     DllBase  = fffff880`048df000
     Size     = 00025000
     Checksum = 00028fc7
     TimeDateStamp = 4a5bc58b
    AddImage: watchdog.sys
     DllBase  = fffff880`04904000
     Size     = 00010000
     Checksum = 00019cbe
     TimeDateStamp = 4a5bc53f
    AddImage: RDPCDD.sys
     DllBase  = fffff880`04914000
     Size     = 00009000
     Checksum = 0000ffac
     TimeDateStamp = 4a5bce62
    AddImage: rdpencdd.sys
     DllBase  = fffff880`0491d000
     Size     = 00009000
     Checksum = 000074d5
     TimeDateStamp = 4a5bce62
    AddImage: rdprefmp.sys
     DllBase  = fffff880`04926000
     Size     = 00009000
     Checksum = 0000abcd
     TimeDateStamp = 4a5bce63
    AddImage: Msfs.SYS
     DllBase  = fffff880`0492f000
     Size     = 0000b000
     Checksum = 00007126
     TimeDateStamp = 4a5bc113
    AddImage: Npfs.SYS
     DllBase  = fffff880`0493a000
     Size     = 00011000
     Checksum = 00019aed
     TimeDateStamp = 4a5bc114
    AddImage: tdx.sys
     DllBase  = fffff880`0494b000
     Size     = 00022000
     Checksum = 000288b2
     TimeDateStamp = 4ce79332
    AddImage: TDI.SYS
     DllBase  = fffff880`0496d000
     Size     = 0000d000
     Checksum = 00016255
     TimeDateStamp = 4ce7933e
    AddImage: afd.sys
     DllBase  = fffff880`04a87000
     Size     = 00089000
     Checksum = 00082518
     TimeDateStamp = 4db4dd96
    AddImage: netbt.sys
     DllBase  = fffff880`04b10000
     Size     = 00045000
     Checksum = 00041134
     TimeDateStamp = 4ce79386
    AddImage: wfplwf.sys
     DllBase  = fffff880`04b55000
     Size     = 00009000
     Checksum = 0000b17b
     TimeDateStamp = 4a5bccb6
    AddImage: pacer.sys
     DllBase  = fffff880`04b5e000
     Size     = 00026000
     Checksum = 00020dcf
     TimeDateStamp = 4ce7a862
    AddImage: vwififlt.sys
     DllBase  = fffff880`04b84000
     Size     = 00016000
     Checksum = 0001a7dc
     TimeDateStamp = 4a5bcc3a
    AddImage: EpfwLWF.sys
     DllBase  = fffff880`04b9a000
     Size     = 0000d000
     Checksum = 0000beb6
     TimeDateStamp = 4e1b229a
    Unable to load image EpfwLWF.sys, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for EpfwLWF.sys
    *** ERROR: Module load completed but symbols could not be loaded for EpfwLWF.sys
    AddImage: netbios.sys
     DllBase  = fffff880`04ba7000
     Size     = 0000f000
     Checksum = 00011668
     TimeDateStamp = 4a5bccb6
    AddImage: wanarp.sys
     DllBase  = fffff880`04bb6000
     Size     = 0001b000
     Checksum = 00017ccc
     TimeDateStamp = 4ce7a874
    AddImage: termdd.sys
     DllBase  = fffff880`04bd1000
     Size     = 00014000
     Checksum = 00019e15
     TimeDateStamp = 4ce7ab0c
    AddImage: rdbss.sys
     DllBase  = fffff880`04a00000
     Size     = 00051000
     Checksum = 0004d76f
     TimeDateStamp = 4ce79497
    AddImage: nsiproxy.sys
     DllBase  = fffff880`04a51000
     Size     = 0000c000
     Checksum = 00013ed5
     TimeDateStamp = 4a5bc15e
    AddImage: mssmbios.sys
     DllBase  = fffff880`04a5d000
     Size     = 0000b000
     Checksum = 0000f474
     TimeDateStamp = 4a5bc3be
    AddImage: discache.sys
     DllBase  = fffff880`04a68000
     Size     = 0000f000
     Checksum = 00015f3f
     TimeDateStamp = 4a5bc52e
    AddImage: dfsc.sys
     DllBase  = fffff880`0497a000
     Size     = 0001e000
     Checksum = 0001d647
     TimeDateStamp = 4ce79447
    AddImage: blbdrive.sys
     DllBase  = fffff880`04be5000
     Size     = 00011000
     Checksum = 00019567
     TimeDateStamp = 4a5bc4df
    AddImage: tunnel.sys
     DllBase  = fffff880`04998000
     Size     = 00026000
     Checksum = 0002cd96
     TimeDateStamp = 4ce7a846
    AddImage: amdppm.sys
     DllBase  = fffff880`049be000
     Size     = 00015000
     Checksum = 0001ea42
     TimeDateStamp = 4a5bc0fd
    AddImage: atikmpag.sys
     DllBase  = fffff880`04ca3000
     Size     = 00051000
     Checksum = 0004fbb9
     TimeDateStamp = 4e68f2d9
    Unable to load image atikmpag.sys, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for atikmpag.sys
    *** ERROR: Module load completed but symbols could not be loaded for atikmpag.sys
    AddImage: atikmdag.sys
     DllBase  = fffff880`05600000
     Size     = 00a0e000
     Checksum = 009c90be
     TimeDateStamp = 4e68fab0
    Unable to load image atikmdag.sys, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for atikmdag.sys
    *** ERROR: Module load completed but symbols could not be loaded for atikmdag.sys
    AddImage: dxgkrnl.sys
     DllBase  = fffff880`0600e000
     Size     = 000f4000
     Checksum = 000fa948
     TimeDateStamp = 4ce799fa
    AddImage: dxgmms1.sys
     DllBase  = fffff880`06102000
     Size     = 00046000
     Checksum = 00047a89
     TimeDateStamp = 4ce799c1
    AddImage: HDAudBus.sys
     DllBase  = fffff880`06148000
     Size     = 00024000
     Checksum = 0002bfab
     TimeDateStamp = 4ce7a65e
    AddImage: netr28x.sys
     DllBase  = fffff880`04cf4000
     Size     = 000d6000
     Checksum = 000d2ef0
     TimeDateStamp = 4b2b764e
    Unable to load image netr28x.sys, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for netr28x.sys
    *** ERROR: Module load completed but symbols could not be loaded for netr28x.sys
    AddImage: vwifibus.sys
     DllBase  = fffff880`0616c000
     Size     = 0000d000
     Checksum = 0000c5fa
     TimeDateStamp = 4a5bcc39
    AddImage: Rt64win7.sys
     DllBase  = fffff880`06179000
     Size     = 00057000
     Checksum = 000611c5
     TimeDateStamp = 4b8fb8dc
    Unable to load image Rt64win7.sys, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for Rt64win7.sys
    *** ERROR: Module load completed but symbols could not be loaded for Rt64win7.sys
    AddImage: usbohci.sys
     DllBase  = fffff880`061d0000
     Size     = 0000b000
     Checksum = 00008443
     TimeDateStamp = 4d8c0bff
    AddImage: USBPORT.SYS
     DllBase  = fffff880`04c00000
     Size     = 00056000
     Checksum = 00056970
     TimeDateStamp = 4d8c0c08
    AddImage: usbfilter.sys
     DllBase  = fffff880`061db000
     Size     = 0000d000
     Checksum = 0000b1cd
     TimeDateStamp = 4acc46c8
    Unable to load image usbfilter.sys, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for usbfilter.sys
    *** ERROR: Module load completed but symbols could not be loaded for usbfilter.sys
    AddImage: USBD.SYS
     DllBase  = fffff880`061e8000
     Size     = 00001f00
     Checksum = 00005257
     TimeDateStamp = 4d8c0bfb
    AddImage: usbehci.sys
     DllBase  = fffff880`061ea000
     Size     = 00011000
     Checksum = 0000de59
     TimeDateStamp = 4d8c0c00
    AddImage: 1394ohci.sys
     DllBase  = fffff880`04c56000
     Size     = 0003e000
     Checksum = 0003b054
     TimeDateStamp = 4ce7a6a8
    AddImage: wmiacpi.sys
     DllBase  = fffff880`04c94000
     Size     = 00009000
     Checksum = 000042c0
     TimeDateStamp = 4a5bc3b6
    AddImage: CompositeBus.sys
     DllBase  = fffff880`04dca000
     Size     = 00010000
     Checksum = 0000983b
     TimeDateStamp = 4ce7a3ed
    AddImage: AgileVpn.sys
     DllBase  = fffff880`04dda000
     Size     = 00016000
     Checksum = 000192be
     TimeDateStamp = 4a5bccf0
    AddImage: rasl2tp.sys
     DllBase  = fffff880`049d3000
     Size     = 00024000
     Checksum = 0002cca3
     TimeDateStamp = 4ce7a872
    AddImage: ndistapi.sys
     DllBase  = fffff880`04df0000
     Size     = 0000c000
     Checksum = 000063ea
     TimeDateStamp = 4a5bccd8
    AddImage: ndiswan.sys
     DllBase  = fffff880`0160a000
     Size     = 0002f000
     Checksum = 0002bb81
     TimeDateStamp = 4ce7a870
    AddImage: raspppoe.sys
     DllBase  = fffff880`011e2000
     Size     = 0001b000
     Checksum = 00019a00
     TimeDateStamp = 4a5bcce9
    AddImage: raspptp.sys
     DllBase  = fffff880`00fc7000
     Size     = 00021000
     Checksum = 000251cb
     TimeDateStamp = 4ce7a86f
    AddImage: rassstp.sys
     DllBase  = fffff880`01460000
     Size     = 0001a000
     Checksum = 0002274b
     TimeDateStamp = 4a5bccf1
    AddImage: kbdclass.sys
     DllBase  = fffff880`04a77000
     Size     = 0000f000
     Checksum = 0001b4c5
     TimeDateStamp = 4a5bc116
    AddImage: mouclass.sys
     DllBase  = fffff880`01639000
     Size     = 0000f000
     Checksum = 0000e5de
     TimeDateStamp = 4a5bc116
    AddImage: swenum.sys
     DllBase  = fffff880`061fb000
     Size     = 00001480
     Checksum = 0000934e
     TimeDateStamp = 4a5bca92
    AddImage: ks.sys
     DllBase  = fffff880`04ec2000
     Size     = 00043000
     Checksum = 00045588
     TimeDateStamp = 4ce7a3f3
    AddImage: amdiox64.sys
     DllBase  = fffff880`04f05000
     Size     = 00014000
     Checksum = 00017588
     TimeDateStamp = 4b7d5a21
    Unable to load image amdiox64.sys, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for amdiox64.sys
    *** ERROR: Module load completed but symbols could not be loaded for amdiox64.sys
    AddImage: umbus.sys
     DllBase  = fffff880`04f19000
     Size     = 00012000
     Checksum = 0001af58
     TimeDateStamp = 4ce7a695
    AddImage: usbhub.sys
     DllBase  = fffff880`04f2b000
     Size     = 0005a000
     Checksum = 00054f31
     TimeDateStamp = 4d8c0c15
    AddImage: NDProxy.SYS
     DllBase  = fffff880`04f85000
     Size     = 00015000
     Checksum = 00019428
     TimeDateStamp = 4ce7a864
    AddImage: HdAudio.sys
     DllBase  = fffff880`04f9a000
     Size     = 0005c000
     Checksum = 000598da
     TimeDateStamp = 4ce7a687
    AddImage: portcls.sys
     DllBase  = fffff880`04e00000
     Size     = 0003d000
     Checksum = 00047a50
     TimeDateStamp = 4a5bcc03
    AddImage: drmk.sys
     DllBase  = fffff880`04e3d000
     Size     = 00022000
     Checksum = 0002966e
     TimeDateStamp = 4a5bd8e5
    Unable to load image drmk.sys, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for drmk.sys
    *** ERROR: Module load completed but symbols could not be loaded for drmk.sys
    AddImage: ksthunk.sys
     DllBase  = fffff880`04e5f000
     Size     = 00005200
     Checksum = 0000af92
     TimeDateStamp = 4a5bca93
    AddImage: RTKVHD64.sys
     DllBase  = fffff880`078a5000
     Size     = 0025cd00
     Checksum = 0026e60e
     TimeDateStamp = 4c861f43
    Unable to load image RTKVHD64.sys, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for RTKVHD64.sys
    *** ERROR: Module load completed but symbols could not be loaded for RTKVHD64.sys
    AddImage: win32k.sys
     DllBase  = fffff960`00000000
     Size     = 00313000
     Checksum = 0030d2b2
     TimeDateStamp = 4e658d5a
    AddImage: Dxapi.sys
     DllBase  = fffff880`07b02000
     Size     = 0000c000
     Checksum = 0001418e
     TimeDateStamp = 4a5bc574
    AddImage: cdfs.sys
     DllBase  = fffff880`07b0e000
     Size     = 0001d000
     Checksum = 00022c4f
     TimeDateStamp = 4a5bc112
    AddImage: monitor.sys
     DllBase  = fffff880`07b2b000
     Size     = 0000e000
     Checksum = 000092bf
     TimeDateStamp = 4a5bc58c
    AddImage: hidusb.sys
     DllBase  = fffff880`07b39000
     Size     = 0000e000
     Checksum = 00012706
     TimeDateStamp = 4ce7a665
    AddImage: HIDCLASS.SYS
     DllBase  = fffff880`07b47000
     Size     = 00019000
     Checksum = 00015d32
     TimeDateStamp = 4ce7a665
    AddImage: HIDPARSE.SYS
     DllBase  = fffff880`07b60000
     Size     = 00008080
     Checksum = 0000d669
     TimeDateStamp = 4a5bcbf9
    AddImage: usbccgp.sys
     DllBase  = fffff880`07b69000
     Size     = 0001d000
     Checksum = 0001b399
     TimeDateStamp = 4d8c0c0a
    AddImage: USBSTOR.SYS
     DllBase  = fffff880`07b86000
     Size     = 0001b000
     Checksum = 00026255
     TimeDateStamp = 4d79a6fc
    AddImage: mouhid.sys
     DllBase  = fffff880`07ba1000
     Size     = 0000d000
     Checksum = 00009604
     TimeDateStamp = 4a5bca94
    AddImage: crashdmp.sys
     DllBase  = fffff880`07bae000
     Size     = 0000e000
     Checksum = 000178c7
     TimeDateStamp = 4a5bcabd
    AddImage: dump_storport.sys
     DllBase  = fffff880`07bbc000
     Size     = 0000a000
     Checksum = 0000e8ab
     TimeDateStamp = 4db1df50
    Unable to load image dump_storport.sys, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for dump_storport.sys
    *** ERROR: Module load completed but symbols could not be loaded for dump_storport.sys
    AddImage: dump_ahcix64s.sys
     DllBase  = fffff880`07800000
     Size     = 00050000
     Checksum = 00038ade
     TimeDateStamp = 49bf455b
    Unable to load image dump_ahcix64s.sys, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for dump_ahcix64s.sys
    *** ERROR: Module load completed but symbols could not be loaded for dump_ahcix64s.sys
    AddImage: dump_dumpfve.sys
     DllBase  = fffff880`07850000
     Size     = 00013000
     Checksum = 00010dea
     TimeDateStamp = 4a5bc18f
    AddImage: kbdhid.sys
     DllBase  = fffff880`07863000
     Size     = 0000e000
     Checksum = 0000d561
     TimeDateStamp = 4ce7a3f5
    AddImage: TSDDD.dll
     DllBase  = fffff960`005c0000
     Size     = 0000a000
     Checksum = 00009e96
     TimeDateStamp = 4a5bce62
    AddImage: cdd.dll
     DllBase  = fffff960`006f0000
     Size     = 00027000
     Checksum = 0002d4f0
     TimeDateStamp = 4ce7c546
    AddImage: ATMFD.DLL
     DllBase  = fffff960`008d0000
     Size     = 00061000
     Checksum = 000606e3
     TimeDateStamp = 4d5f86b0
    *** ERROR: Module load completed but symbols could not be loaded for ATMFD.DLL
    AddImage: luafv.sys
     DllBase  = fffff880`07871000
     Size     = 00023000
     Checksum = 00027bf1
     TimeDateStamp = 4a5bc295
    AddImage: eamonm.sys
     DllBase  = fffff880`02a53000
     Size     = 000e2000
     Checksum = 0003db0b
     TimeDateStamp = 4e37c469
    Unable to load image eamonm.sys, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for eamonm.sys
    *** ERROR: Module load completed but symbols could not be loaded for eamonm.sys
    AddImage: WudfPf.sys
     DllBase  = fffff880`02b35000
     Size     = 00021000
     Checksum = 00021fc8
     TimeDateStamp = 4ce7a624
    AddImage: epfw.sys
     DllBase  = fffff880`02b56000
     Size     = 00031000
     Checksum = 0003466b
     TimeDateStamp = 4e098302
    Unable to load image epfw.sys, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for epfw.sys
    *** ERROR: Module load completed but symbols could not be loaded for epfw.sys
    AddImage: lltdio.sys
     DllBase  = fffff880`02b87000
     Size     = 00015000
     Checksum = 0001109d
     TimeDateStamp = 4a5bcc92
    AddImage: nwifi.sys
     DllBase  = fffff880`02b9c000
     Size     = 00053000
     Checksum = 00057b55
     TimeDateStamp = 4a5bcc3b
    AddImage: ndisuio.sys
     DllBase  = fffff880`02a00000
     Size     = 00013000
     Checksum = 0001d42d
     TimeDateStamp = 4ce7a7e0
    AddImage: rspndr.sys
     DllBase  = fffff880`02a13000
     Size     = 00018000
     Checksum = 0001656b
     TimeDateStamp = 4a5bcc92
    AddImage: HTTP.sys
     DllBase  = fffff880`05495000
     Size     = 000c9000
     Checksum = 000c56ee
     TimeDateStamp = 4ce793ce
    AddImage: bowser.sys
     DllBase  = fffff880`0555e000
     Size     = 0001e000
     Checksum = 00022d38
     TimeDateStamp = 4d649328
    AddImage: mpsdrv.sys
     DllBase  = fffff880`0557c000
     Size     = 00018000
     Checksum = 0001c76e
     TimeDateStamp = 4a5bcc79
    AddImage: mrxsmb.sys
     DllBase  = fffff880`05594000
     Size     = 0002d000
     Checksum = 00030225
     TimeDateStamp = 4db78226
    AddImage: mrxsmb10.sys
     DllBase  = fffff880`05400000
     Size     = 0004e000
     Checksum = 000503c4
     TimeDateStamp = 4e17c104
    AddImage: mrxsmb20.sys
     DllBase  = fffff880`0544e000
     Size     = 00024000
     Checksum = 0002d8bd
     TimeDateStamp = 4db781e9
    AddImage: AODDriver2.sys
     DllBase  = fffff880`055c1000
     Size     = 00031000
     Checksum = 00012df4
     TimeDateStamp = 4df86f8b
    Unable to load image AODDriver2.sys, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for AODDriver2.sys
    *** ERROR: Module load completed but symbols could not be loaded for AODDriver2.sys
    AddImage: peauth.sys
     DllBase  = fffff880`088c0000
     Size     = 000a6000
     Checksum = 000ab7c9
     TimeDateStamp = 4a5bd8df
    Unable to load image peauth.sys, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for peauth.sys
    *** ERROR: Module load completed but symbols could not be loaded for peauth.sys
    AddImage: secdrv.SYS
     DllBase  = fffff880`08966000
     Size     = 0000b000
     Checksum = 00010b40
     TimeDateStamp = 4508052e
    Unable to load image secdrv.SYS, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for secdrv.SYS
    *** ERROR: Module load completed but symbols could not be loaded for secdrv.SYS
    AddImage: srvnet.sys
     DllBase  = fffff880`08971000
     Size     = 00031000
     Checksum = 0003409f
     TimeDateStamp = 4dba2aff
    AddImage: tcpipreg.sys
     DllBase  = fffff880`089a2000
     Size     = 00012000
     Checksum = 0000f328
     TimeDateStamp = 4ce7a844
    AddImage: srv2.sys
     DllBase  = fffff880`08800000
     Size     = 00069000
     Checksum = 0006ca1e
     TimeDateStamp = 4dba2b0a
    AddImage: srv.sys
     DllBase  = fffff880`08ad2000
     Size     = 00098000
     Checksum = 0007c839
     TimeDateStamp = 4dba2b1e
    AddImage: WUDFRd.sys
     DllBase  = fffff880`08b6a000
     Size     = 00031000
     Checksum = 0002e568
     TimeDateStamp = 4ce7a654
    AddImage: ALSysIO64.sys
     DllBase  = fffff880`08a71000
     Size     = 00009000
     Checksum = 000069f7
     TimeDateStamp = 4e18f201
    Unable to load image ALSysIO64.sys, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for ALSysIO64.sys
    *** ERROR: Module load completed but symbols could not be loaded for ALSysIO64.sys
    
    
    Loading User Symbols
    Loading unloaded module list
    .....
    it will then stay at Loading User symbols forever.

  9. #9
    Shintaro's Avatar
    Join Date
    Jun 2012
    Location
    Brisbane, Australia
    Age
    48
    Posts
    175

    Re: BSOD Analysis - Getting Started

    What happens when you type in .sympath

    You should get this:

    Code:
    3: kd> .sympath
    Symbol search path is: srv*c:\symbols*http://msdl.microsoft.com/download/symbols
    Expanded Symbol search path is: srv*c:\symbols*http://msdl.microsoft.com/download/symbols
    Try to live an ordinary life, in a non-ordinary way.

  10. #10
    Shintaro's Avatar
    Join Date
    Jun 2012
    Location
    Brisbane, Australia
    Age
    48
    Posts
    175

    Re: BSOD Analysis - Getting Started

    Did you add in windbg File-> Symbol File Path
    srv*c:\symbols*http://msdl.microsoft.com/download/symbols

    And then save? Then open the crash dump file?
    Try to live an ordinary life, in a non-ordinary way.

  11. #11
    Cayden's Avatar
    Join Date
    Jul 2012
    Location
    Toronto
    Posts
    196
    • specs System Specs
      • Manufacturer:
        Self-built
      • Motherboard:
        Asus M5A97 R2
      • CPU:
        FX 9370 4.4 GHz
      • Memory:
        8Gb G. Skill Ripjaws 1600
      • Graphics:
        AMD R9 290X 4Gb
      • Hard Drives:
        Samsung Evo 850 / Seagate 1TB
      • Power Supply:
        Seasonic G Series 650W
      • Case:
        Corsair Obsidian 450D
      • Cooling:
        Arctic 320w air cooler
      • Display:
        Sansung 22 inch
      • Operating System:
        Windows 7 HP

    Re: BSOD Analysis - Getting Started

    I tried both entering the SFP before opening a dump and after, neither worked and I've never seen a 'save' button only 'OK - Cancel - Help - Browse'.

  12. #12
    Shintaro's Avatar
    Join Date
    Jun 2012
    Location
    Brisbane, Australia
    Age
    48
    Posts
    175

    Re: BSOD Analysis - Getting Started

    Ok, so close windbg if you have it open.
    Open windbg
    File-> Symbol File Path
    Put in srv*c:\symbols*http://msdl.microsoft.com/download/symbols
    Click OK
    File -> Save Workspace.

    Now open a crash dump. File -> Open Crash Dump.

    Let us know how you go.
    Try to live an ordinary life, in a non-ordinary way.

  13. #13
    Cayden's Avatar
    Join Date
    Jul 2012
    Location
    Toronto
    Posts
    196
    • specs System Specs
      • Manufacturer:
        Self-built
      • Motherboard:
        Asus M5A97 R2
      • CPU:
        FX 9370 4.4 GHz
      • Memory:
        8Gb G. Skill Ripjaws 1600
      • Graphics:
        AMD R9 290X 4Gb
      • Hard Drives:
        Samsung Evo 850 / Seagate 1TB
      • Power Supply:
        Seasonic G Series 650W
      • Case:
        Corsair Obsidian 450D
      • Cooling:
        Arctic 320w air cooler
      • Display:
        Sansung 22 inch
      • Operating System:
        Windows 7 HP

    Re: BSOD Analysis - Getting Started

    it's working, confirm:

    Code:
    Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.
    
    
    
    
    Loading Dump File [C:\Users\Cayden\Desktop\crap\Random stuff\102411-28111-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available
    
    
    Symbol search path is: srv*c:\symbols*http://msdl.microsoft.com/download/symbols
    Executable search path is: 
    Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
    Product: WinNt, suite: TerminalServer SingleUserTS Personal
    Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
    Machine Name:
    Kernel base = 0xfffff800`02a14000 PsLoadedModuleList = 0xfffff800`02c59670
    Debug session time: Tue Oct 25 01:20:17.420 2011 (UTC - 4:00)
    System Uptime: 0 days 2:06:36.012
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    ..........................
    Loading User Symbols
    Loading unloaded module list
    .....
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    
    Use !analyze -v to get detailed debugging information.
    
    
    BugCheck A, {fffffa80ff462778, 2, 1, fffff80002a9c2b2}
    
    
    Probably caused by : ntkrnlmp.exe ( nt!KiTimerExpiration+f2 )
    
    
    Followup: MachineOwner
    ---------

  14. #14
    Shintaro's Avatar
    Join Date
    Jun 2012
    Location
    Brisbane, Australia
    Age
    48
    Posts
    175

    Re: BSOD Analysis - Getting Started

    Looks good, now the work starts.
    Try to live an ordinary life, in a non-ordinary way.

  15. #15

    Join Date
    Mar 2012
    Posts
    469

    Re: BSOD Analysis - Getting Started

    If you want a more permanent solution, you'll want to set an environment variable for the symbol path. Type "environment variables" in Windows Start Menu, select either option, and in the window that pops up, create a new system var named _NT_SYMBOL_PATH (don't forget the _ before NT) and have it exactly as you have it in Windbg. You should now be able to load up Windbg and go to File > Symbol File Path and see it automatically propagated with your entry.

  16. #16
    Ztruker's Avatar
    Join Date
    Oct 2012
    Location
    Space coast of Florida
    Posts
    38

    Re: BSOD Analysis - Getting Started

    When I double click on a .dmp file, I get the following error:

    Attachment 2202

    I can open the .dmp file from WinDbg okay.
    Rich
    The best place to find a helping hand is at the end of your arm.

  17. #17
    Shintaro's Avatar
    Join Date
    Jun 2012
    Location
    Brisbane, Australia
    Age
    48
    Posts
    175

    Re: BSOD Analysis - Getting Started

    Hope all is well over on "Geeks to Go".

    Open a command prompt.
    Change Directory to <the location of windbg.exe> (Unless the directory is in your path)
    Run: windbg -IA

    Hope this helps.
    Try to live an ordinary life, in a non-ordinary way.

  18. #18

    Join Date
    Mar 2012
    Posts
    469

    Re: BSOD Analysis - Getting Started

    Yah, by default it seems Windbg is designed that if it's pointed to a specific file, it assumes you mean to open it as a process (same as File > Open Executable). Running Windbg with -IA switch will cause Windbg to associate with dump files so it'll open them up properly.

  19. #19
    Ztruker's Avatar
    Join Date
    Oct 2012
    Location
    Space coast of Florida
    Posts
    38

    Re: BSOD Analysis - Getting Started

    Excellent, that fixed it. Many thanks.
    Rich
    The best place to find a helping hand is at the end of your arm.

  20. #20
    Deejay100six's Avatar
    Join Date
    Jan 2013
    Location
    England
    Posts
    106

    Re: BSOD Analysis - Getting Started

    Ok, I'm launching myself into learning about all this BSOD thing so I'm here to ask for guidance.

    I see that Jonathon King hasn't been active here for a while so if someone wants to suggest another thread for me to post in, fire away.

    I'll start from the beginning, downloading Windbg. I have always found this a little confusing, which link to click for the download? I did a reinstall of Windows 7 a few weeks ago so had to download Windbg again but I think I somehow ended up with the Windows 8 version. I've removed it with Revo so now I should be starting from scratch.

    I downloaded from this link; Download Microsoft Windows SDK 7.1 from Official Microsoft Download Center

    So far, so good. Now, when I try to install it, I get this message;

    Attachment 2947

    Do I need to install .net framework 4 or is it already installed? The wording of the message seems somewhat contradictory.

Page 1 of 2 12 Last

Similar Threads

  1. Most Notable BSOD Kernel Dump Analysis posts
    By jcgriff2 in forum BSOD Kernel Dump Analysis Debugging Information
    Replies: 48
    Last Post: 06-06-2015, 03:45 AM
  2. BSOD Kernel Dump Analysis Debugging Information
    By jcgriff2 in forum BSOD Kernel Dump Analysis Debugging Information
    Replies: 0
    Last Post: 11-28-2012, 01:06 AM
  3. BSOD and broken display in normal mode, all started because of crash midgame LoL
    By ThePraisedOne in forum BSOD, Crashes, Kernel Debugging
    Replies: 7
    Last Post: 07-30-2012, 08:46 AM
  4. [SOLVED] Using the script for BSOD analysis on other forums?
    By Patrick in forum BSOD Processing Apps Download | Information | Discussions
    Replies: 5
    Last Post: 06-13-2012, 06:00 PM

Log in

Log in