H
Hamo
Im getting a bsod and it appears my virus software has corrupted it - see
debug below. How do I restore it/obtain a new copy?
Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\Minidump\Mini042409-11.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is:
SRV*d:\Temp*http://msdl.microsoft.com/download/symbols;http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Server 2008/Windows Vista Kernel Version 6001 (Service Pack 1) MP (2
procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 6001.18226.x86fre.vistasp1_gdr.090302-1506
Machine Name:
Kernel base = 0x8280a000 PsLoadedModuleList = 0x82921c70
Debug session time: Fri Apr 24 21:16:10.026 2009 (GMT+10)
System Uptime: 0 days 0:04:08.876
Loading Kernel Symbols
................................................................
.................................................................
.....................................................
Loading User Symbols
Loading unloaded module list
.......
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck F4, {3, a000d750, a000d89c, 82a48400}
Probably caused by : wininit.exe
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************
CRITICAL_OBJECT_TERMINATION (f4)
A process or thread crucial to system operation has unexpectedly exited or
been
terminated.
Several processes and threads are necessary for the operation of the
system; when they are terminated (for any reason), the system can no
longer function.
Arguments:
Arg1: 00000003, Process
Arg2: a000d750, Terminating object
Arg3: a000d89c, Process image file name
Arg4: 82a48400, Explanatory message (ascii)
Debugging Details:
------------------
PROCESS_OBJECT: a000d750
DEBUG_FLR_IMAGE_TIMESTAMP: 0
MODULE_NAME: wininit
FAULTING_MODULE: 00000000
PROCESS_NAME: WerFault.exe
BUGCHECK_STR: 0xF4_WerFault.exe
CUSTOMER_CRASH_COUNT: 11
DEFAULT_BUCKET_ID: COMMON_SYSTEM_FAULT
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from 82a9f034 to 828d70e3
STACK_TEXT:
a2f8dccc 82a9f034 000000f4 00000003 a000d750 nt!KeBugCheckEx+0x1e
a2f8dcf0 829ecda8 82a48400 a000d89c a000d978 nt!PspCatchCriticalBreak+0x73
a2f8dd20 829ed141 a000d750 851dfd78 000000ff nt!PspTerminateAllThreads+0x2c
a2f8dd54 82861a1a 000000b4 000000ff 000fe2f0 nt!NtTerminateProcess+0x1c1
a2f8dd54 77169a94 000000b4 000000ff 000fe2f0 nt!KiFastCallEntry+0x12a
WARNING: Frame IP not in any known module. Following frames may be wrong.
000fe2f0 00000000 00000000 00000000 00000000 0x77169a94
STACK_COMMAND: kb
FOLLOWUP_NAME: MachineOwner
IMAGE_NAME: wininit.exe
FAILURE_BUCKET_ID: 0xF4_WerFault.exe_IMAGE_wininit.exe
BUCKET_ID: 0xF4_WerFault.exe_IMAGE_wininit.exe
Followup: MachineOwner
---------
debug below. How do I restore it/obtain a new copy?
Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\Minidump\Mini042409-11.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is:
SRV*d:\Temp*http://msdl.microsoft.com/download/symbols;http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Server 2008/Windows Vista Kernel Version 6001 (Service Pack 1) MP (2
procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 6001.18226.x86fre.vistasp1_gdr.090302-1506
Machine Name:
Kernel base = 0x8280a000 PsLoadedModuleList = 0x82921c70
Debug session time: Fri Apr 24 21:16:10.026 2009 (GMT+10)
System Uptime: 0 days 0:04:08.876
Loading Kernel Symbols
................................................................
.................................................................
.....................................................
Loading User Symbols
Loading unloaded module list
.......
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck F4, {3, a000d750, a000d89c, 82a48400}
Probably caused by : wininit.exe
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************
CRITICAL_OBJECT_TERMINATION (f4)
A process or thread crucial to system operation has unexpectedly exited or
been
terminated.
Several processes and threads are necessary for the operation of the
system; when they are terminated (for any reason), the system can no
longer function.
Arguments:
Arg1: 00000003, Process
Arg2: a000d750, Terminating object
Arg3: a000d89c, Process image file name
Arg4: 82a48400, Explanatory message (ascii)
Debugging Details:
------------------
PROCESS_OBJECT: a000d750
DEBUG_FLR_IMAGE_TIMESTAMP: 0
MODULE_NAME: wininit
FAULTING_MODULE: 00000000
PROCESS_NAME: WerFault.exe
BUGCHECK_STR: 0xF4_WerFault.exe
CUSTOMER_CRASH_COUNT: 11
DEFAULT_BUCKET_ID: COMMON_SYSTEM_FAULT
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from 82a9f034 to 828d70e3
STACK_TEXT:
a2f8dccc 82a9f034 000000f4 00000003 a000d750 nt!KeBugCheckEx+0x1e
a2f8dcf0 829ecda8 82a48400 a000d89c a000d978 nt!PspCatchCriticalBreak+0x73
a2f8dd20 829ed141 a000d750 851dfd78 000000ff nt!PspTerminateAllThreads+0x2c
a2f8dd54 82861a1a 000000b4 000000ff 000fe2f0 nt!NtTerminateProcess+0x1c1
a2f8dd54 77169a94 000000b4 000000ff 000fe2f0 nt!KiFastCallEntry+0x12a
WARNING: Frame IP not in any known module. Following frames may be wrong.
000fe2f0 00000000 00000000 00000000 00000000 0x77169a94
STACK_COMMAND: kb
FOLLOWUP_NAME: MachineOwner
IMAGE_NAME: wininit.exe
FAILURE_BUCKET_ID: 0xF4_WerFault.exe_IMAGE_wininit.exe
BUCKET_ID: 0xF4_WerFault.exe_IMAGE_wininit.exe
Followup: MachineOwner
---------