Hello, I am new to this,I am looking for some help, I keep getting the BSOD constantly. I am using Windows Vista. I am enclosing a copy of the last .dmp file. I keep getting the BSOD either saying, MEMORY_MANAGEMENT, PAGE_FAULT_IN NON_PAGED_ERROR or KERNEL_STACK_IN_PAGE_ERROR.
Microsoft (R) Windows Debugger Version 6.11.0001.402 X86 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [C:\Windows\Minidump\Mini020709-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: *** Invalid *** **************************************************************************** * Symbol loading may be unreliable without a symbol search path. * * Use .symfix to have the debugger choose a symbol path. * * After setting your symbol path, use .reload to refresh symbol locations. * **************************************************************************** Executable search path is: ********************************************************************* * Symbols can not be loaded because symbol path is not initialized. * * * * The Symbol Path can be set by: * * using the _NT_SYMBOL_PATH environment variable. * * using the -y <SYMBOL_PATH>argument when starting the debugger. * * using .sympath and .sympath+ * ********************************************************************* Unable to load image \SystemRoot\system32\ntkrnlpa.exe, Win32 error 0n2 *** WARNING: Unable to verify timestamp for ntkrnlpa.exe *** ERROR: Module load completed but symbols could not be loaded for ntkrnlpa.exe Windows Vista Kernel Version 6000 MP (2 procs) Free x86 compatible Product: WinNt, suite: TerminalServer SingleUserTS Personal Machine Name: Kernel base = 0x81c00000 PsLoadedModuleList = 0x81d11e10 Debug session time: Sat Feb 7 18:30:11.916 2009 (GMT-5) System Uptime: 0 days 0:20:55.639 ********************************************************************* * Symbols can not be loaded because symbol path is not initialized. * * * * The Symbol Path can be set by: * * using the _NT_SYMBOL_PATH environment variable. * * using the -y <SYMBOL_PATH>argument when starting the debugger. * * using .sympath and .sympath+ * ********************************************************************* Unable to load image \SystemRoot\system32\ntkrnlpa.exe, Win32 error 0n2 *** WARNING: Unable to verify timestamp for ntkrnlpa.exe *** ERROR: Module load completed but symbols could not be loaded for ntkrnlpa.exe Loading Kernel Symbols ............................................................... ................................................................ ..................... Loading User Symbols Loading unloaded module list ... 1: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* KERNEL_STACK_INPAGE_ERROR (77) The requested page of kernel data could not be read in. Caused by bad block in paging file or disk controller error. In the case when the first arguments is 0 or 1, the stack signature in the kernel stack was not found. Again, bad hardware. An I/O status of c000009c (STATUS_DEVICE_DATA_ERROR) or C000016AL (STATUS_DISK_OPERATION_FAILED) normally indicates the data could not be read from the disk due to a bad block. Upon reboot autocheck will run and attempt to map out the bad sector. If the status is C0000185 (STATUS_IO_DEVICE_ERROR) and the paging file is on a SCSI disk device, then the cabling and termination should be checked. See the knowledge base article on SCSI termination. Arguments: Arg1: 00000001, (page was retrieved from disk) Arg2: 00000000, value found in stack where signature should be Arg3: 00000000, 0 Arg4: 8240dc90, address of signature on kernel stack Debugging Details: ***** Kernel symbols are WRONG. Please fix symbols to do analysis. ************************************************************************* *** *** *** *** *** Your debugger is not using the correct symbols *** *** *** *** In order for this command to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Your debugger is not using the correct symbols *** *** *** *** In order for this command to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Your debugger is not using the correct symbols *** *** *** *** In order for this command to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Your debugger is not using the correct symbols *** *** *** *** In order for this command to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Your debugger is not using the correct symbols *** *** *** *** In order for this command to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Your debugger is not using the correct symbols *** *** *** *** In order for this command to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Your debugger is not using the correct symbols *** *** *** *** In order for this command to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Your debugger is not using the correct symbols *** *** *** *** In order for this command to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* ********************************************************************* * Symbols can not be loaded because symbol path is not initialized. * * * * The Symbol Path can be set by: * * using the _NT_SYMBOL_PATH environment variable. * * using the -y <SYMBOL_PATH>argument when starting the debugger. * * using .sympath and .sympath+ * ********************************************************************* ********************************************************************* * Symbols can not be loaded because symbol path is not initialized. * * * * The Symbol Path can be set by: * * using the _NT_SYMBOL_PATH environment variable. * * using the -y <SYMBOL_PATH>argument when starting the debugger. * * using .sympath and .sympath+ * ********************************************************************* ADDITIONAL_DEBUG_TEXT: Use '!findthebuild' command to search for the target build information. If the build information is available, run '!findthebuild -s ; .reload' to set symbol path and load symbols. MODULE_NAME: nt FAULTING_MODULE: 81c00000 nt DEBUG_FLR_IMAGE_TIMESTAMP: 48d1b550 ERROR_CODE: (NTSTATUS) 0x1 - STATUS_WAIT_1 BUGCHECK_STR: 0x77_1 CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT CURRENT_IRQL: 0 LAST_CONTROL_TRANSFER: from 81ccccb9 to 81cd8781 STACK_TEXT: WARNING: Stack unwind information not available. Following frames may be wrong. 826abcb4 81ccccb9 00000077 00000001 00000000 nt+0xd8781 826abd38 81cccd15 833623e8 826abd58 00000000 nt+0xcccb9 826abd6c 81cb3a57 83362458 00000000 826abdc0 nt+0xccd15 826abd7c 81e25556 00000000 826a0680 00000000 nt+0xb3a57 826abdc0 81c915fe 81cb39d4 00000000 00000000 nt+0x225556 00000000 00000000 00000000 00000000 00000000 nt+0x915fe
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
and then it begins dump of physical memory.
is there any difference?
Please help as it is very annoying, i've had this problem for a very long time now and couldn't figure out why.
I have a Dell Dimension that gave this same error and I attempted this fix. However, when I attempted to "DISABLE PE386" in the Windows Recovery Console, as directed by Symantec, I recieved a notification that the service PE386 could not be located and to check the service name before trying again.
They symps for this unit are:
Will boot to this blue screen or will boot into Windows and then lock up, either on the XP splash or shortly there after. When I attempt to boot in Safe Mode, it locks on a black screen with SAFE MODE in the four corners and a single mouse cursor that will not move. I have run MHDD diags on the HDD and it is good. Memory tests ok and Burn-it overnight didn't cause problems which seems to indicate either a corrupt OS or a faulty driver. Ideas?
For the past two days I have worked on two machines at the shop that would just reboot on thier own, after shutting off the Automatic Restart option. That wonderful STOP: 0x0000008E (0xC0000005... BSOD appeared on the screen.
(Both machines worked fine till the users "Opened a file they received through msn messenger" :banghead: )
Safe Mode works fine, just reboots in Normal Mode.
From safe mode cmd prompt only I scanned with F-Prot, Ad-Aware, SpyBot & HijackThis... All things cleaned up or shutoff...
(Norton was on one of the machines but it was not working and you didn't have enough time to check anything in Normal mode.)
Rebooted and within a few minutes... STOP: 0x0000008E again... rebooted in safe mode again shut everything off in MSConfig, ran Rootkit Revealer from sysinternals which found nothing... rebooted and same BSOD again...
Searched Google for 0x0000008E errors and got the standard, "Ram problem, Driver Problem, PS Weak... Tested Ram with memtest, changed the power supply and still no go...
Another site was talking about posting minidumps for them to look at, so I looked into one of the minidumps and found:
Rustock rootkit v 1.2 Z:\NewProjects\spambot\new\driver\objfre\i386\driver.pdb
A little more Google revealed that this Rootkit, once installed is undetectable by anything, quite the amazing little piece of code...
This was it the B version... I followed the directions on Symantec's site to remove it by booting into recovery console from an XP CD. (You cannot detect it in Safe Mode)
Once there I used "Disable pe386" to shut off the rootkit... I looked while in safe mode for this service and it WAS NOT there... Since it loads with kernel / driver data, it hides everything about itself...
Rebooted in Normal mode and no more BSOD, reinstalled NAV and started it scanning when I left the shop... I will run ADSSpy again and see if it finds the alternate data stream now...
I realize that this is not the only cause of 0x8e errors but this was my problem, and since there were two machines in the shop with the same problem, I can see more of these coming in for repair...
Hope this helps those who have just recently developed STOP: 0x0000008E errors.
Install it on your computer, it will install in safe mode and run it. It won't be able to update in safe mode but the data file that comes with it is usually quite current.
Do a full scan of your computer and have it fix all that it finds, after your back up in normal mode update the Anti-Malware and run it again.
However, when I attempted to "DISABLE PE386" in the Windows Recovery Console, as directed by Symantec, I recieved a notification that the service PE386 could not be located and to check the service name before trying again.
Hey jtrupp!
If it couldn't find the PE386 Service then chances are you probably don't have that variation of the Rustock Rootkit...
With the computer BSOD'ing in normal mode and not booting in Safe mode, what you can do is very limited...
I see that you ran MHDD but I'd run chkdsk /p from the Recovery Console anyway... I've had that fix more machines that would not boot than anything else.
You really need to come up in Safe Mode to diagnose any further.
I've never had good luck with an upgrade install... Usually when things are this bad I throw in another hard drive and put a fresh copy of the OS on it...
Then drag all your stuff back off the non booting drive. Or take the non booting drive to another machine and burn your data off to dvd's then just fresh reload that drive.
Well the joys just continue with this Dell. Running chkdsk /p did reveal there were errors, but did not give details as to what they were or if they were fixed. When I rebooted into windows I got the same BSOD with the following info:
0x0000008e (0xc0000005, 0x6bf4efa0, 0xf961b3b4, 0x0000000). I am just about ready to wipe the drive and start over. I will need to snag the users personal files before I do that. From the recovery console can I copy files onto a flash drive?
If it couldn't find the PE386 Service then chances are you probably don't have that variation of the Rustock Rootkit...
With the computer BSOD'ing in normal mode and not booting in Safe mode, what you can do is very limited...
I see that you ran MHDD but I'd run chkdsk /p from the Recovery Console anyway... I've had that fix more machines that would not boot than anything else.
You really need to come up in Safe Mode to diagnose any further.
I've never had good luck with an upgrade install... Usually when things are this bad I throw in another hard drive and put a fresh copy of the OS on it...
Then drag all your stuff back off the non booting drive. Or take the non booting drive to another machine and burn your data off to dvd's then just fresh reload that drive.
Install it on your computer, it will install in safe mode and run it. It won't be able to update in safe mode but the data file that comes with it is usually quite current.
Do a full scan of your computer and have it fix all that it finds, after your back up in normal mode update the Anti-Malware and run it again.
It will not install in safe mode so Install it after your back online.
Good luck!
Hi Troll,
Thanks for the reply!!, For some reason, I haven't seen a BSOD lately, definitely will try the above tactics, and will let you know how it works out. thanks again.
Kevin
Would like to know if there's any help you can give me to rid a friends computer of it'sproblems? I'm attaching copies of the minidump and HijackThis logs for this ailing piece of work. This PC is having similar, persistant BSOD's as have been discussed in this forum, and I'm trying to get it back up and running.
On normal boot, the PC boots to windows, but about one minute after Windows (XP Home SP3) opens, (and while it's still loading stuff) it gives off a BSOD (STOP 0X0000008E (0X00000005, 0X805B4B2, 0XB208FB90, 0X00000000) The PC will boot into Safe Mode just fine. From Safe Mode, I've run several malware checks and have gotten rid of anything of suspicion. The problem still exists. Any help would be greatly appreciated.
I'm having this problem, too, and I think it's this same rootkit. However, I don't have Windows XP, I have 32bit Vista. For some reason, it doesn't have an option for System Restore, and when I put in the Vista disk the command prompt doesn't recognize the "DISABLE" command. Is there anyone with Vista who has solved this?
EDIT: Here are the error codes when I get the BSOD:
I've run Windows' Memory Diagnostics during startup and it hasn't found any errors, I did 5 passes with no problems. I checked the hard drive a couple of times, even though I'm pretty sure that's not the problem.
versusterminus19. I had to get a special program to burn the ISO image to a cd. I ran either vundofix or malware bytes in SAFE mode (maybe both). I forget which one. After it cleared these items up I ran the one I couldn't run in safe mode (if that was the case) in normal mode. After that was done I downloaded super antispyware and ran it in normal mode, All of this seem to correct the issue since I have not had it since, no more BSOD.
I ran the memtest and hard drive test and they were fine.
New to this forum Iv read through all this jibber jabber yet i have not found anything of use to my problem. Recently My computer has for no reason when i put it in sleep mode and later turn it on the blue screen will come up. I have marked down to the stop information thing:D.. Stop: 0x0000008E (0xc0000005, 0x82140f2f, 0xa12c28bc, 0x00000000. ? i have found no clues with what to do and im basically screwed. every so often my computer will work fine then suddenly Blue Screen:( I need HELPPPP:(
i just don't have enough time to research more about this and i've tried all as far as my manufacturer's guideline is concerned. i am now very disappointed of my manufacturer's response about my complain. please advice, i got two different bsod codes when i tried to operate my computer on two diferent times. so here are the codes: [0x0000007E (0xC0000005, 0x81124886,0x805993A0,0x8059909C) and 0x0000008E (0xC0000005,0x810FF96B,0x925A69FC,0x00000000)]. i tried to launch repair but it was unsuccessful returned back to blue screen, i tried to start on normal/safe-mode but both unsuccessful also returned back to blue screen, i runned the debugging mode but i just waited for nothing for more than hour, i runned diagnostics and it says memory integrity failed (error code:0123, msg: error code 2000-0123, location: DIMM_A). my gratitude for any help. more power and Godspeed.
im using vista so anything xp will not do any help. anyway for your info, here's my computer specs:
- Win Vista Home Premium 32 bit
- 2.0 Ghz, 2 MB Cache
- 4 gb ram (2 x 2 gb)
- 500 gb hd
- intel gma x3100 vcard
impt info: im using laptop, vista, 2 rams (2gb x 2)
for those who still having problem with these error codes (after referring to what have been already posted), i just recently found the answer (particularly to the post i recently posted):
if launch repair, other fixes from safe mode and/or even a reformat is not working--run diagnostics.
if you got the same result as: memory integrity test failed, look for the location
if you got the same location (particularly to those who have 2 rams installed)--location: dimm_a or b (you can see these locations in your ram slots as label stickers "most of the time")
and if your memory integrity test failed on dimm_a (like as mine--but this applies also for dimm_b), try to take out that ram--MAKE SURE YOUR POWER IS OFF
then turn on (boot)
if still error occurs (for my case i replaced first the defective a new one): run reformat (i just did this as a last resort because i can't still run my windows successfully)
but if your computer boots succesfully after taking-out the defective one, no need to reformat--just replaced that defective ram if you still want to use two rams
at first i didn't know that if you have defective ram you cannot reformat (yep, im not that technical when it comes to computers)
this is not a confirmed priority technical solution for these error codes but i hope this can help you especially, like me, as a last resort.
For the past two days I have worked on two machines at the shop that would just reboot on thier own, after shutting off the Automatic Restart option. That wonderful STOP: 0x0000008E (0xC0000005... BSOD appeared on the screen.
(Both machines worked fine till the users "Opened a file they received through msn messenger" :banghead: )
Safe Mode works fine, just reboots in Normal Mode.
From safe mode cmd prompt only I scanned with F-Prot, Ad-Aware, SpyBot & HijackThis... All things cleaned up or shutoff...
(Norton was on one of the machines but it was not working and you didn't have enough time to check anything in Normal mode.)
Rebooted and within a few minutes... STOP: 0x0000008E again... rebooted in safe mode again shut everything off in MSConfig, ran Rootkit Revealer from sysinternals which found nothing... rebooted and same BSOD again...
Searched Google for 0x0000008E errors and got the standard, "Ram problem, Driver Problem, PS Weak... Tested Ram with memtest, changed the power supply and still no go...
Another site was talking about posting minidumps for them to look at, so I looked into one of the minidumps and found:
Rustock rootkit v 1.2 Z:\NewProjects\spambot\new\driver\objfre\i386\driver.pdb
A little more Google revealed that this Rootkit, once installed is undetectable by anything, quite the amazing little piece of code...
This was it the B version... I followed the directions on Symantec's site to remove it by booting into recovery console from an XP CD. (You cannot detect it in Safe Mode)
Once there I used "Disable pe386" to shut off the rootkit... I looked while in safe mode for this service and it WAS NOT there... Since it loads with kernel / driver data, it hides everything about itself...
Rebooted in Normal mode and no more BSOD, reinstalled NAV and started it scanning when I left the shop... I will run ADSSpy again and see if it finds the alternate data stream now...
I realize that this is not the only cause of 0x8e errors but this was my problem, and since there were two machines in the shop with the same problem, I can see more of these coming in for repair...
Hope this helps those who have just recently developed STOP: 0x0000008E errors.
troll
are you sure you are not trying to advertise these softwares they dont always work.if you install a trojan there is no turning back no matter what software you use in safe mode search and destroy adaware zone alarm avg etc etc etc once your files are corrupted save your data if you can then just forget about it.dont trust symantec they make viruses i understand this procedure how ever ...when i came here this did not help me at all.with my error neither did the home page article....you will see this type of error again it seems files get corrupted moved deleted etc etc can also cause seroius hardware damage while this is happening.
maybe i just dont understand what you are saying.
so you are saying that if i follow these steps my pc will always be stable.
what about viruses/spyware/hijacker keyloggers etc etc cause these errors and programs.
sometimes you do a check and it recodnizes some and does not see others(malicious) and the other sees nothing catches some misses others etc etc...you can maybe save it once but not all the time....
And did you seriously just try to suggest that Symantec MAKES viruses? That's so, so wrong. Please do not mislead members and visitors with false information.
And did you seriously just try to suggest that Symantec MAKES viruses? That's so, so wrong. Please do not mislead members and visitors with false information.
dont make accustions of misleading people when im trying to open their eyes you are the only one misleading here do not post over my reply if you have a short sentance that does not have anything to do with this post thrax... no offence but you are bullying me for no reason.
again i will say it to evry one dont bother with rootkit etc hijack this etc
just do reinstall for your own convenience.to keep things simple if you have other troubles then dig deeper plz anybody and evrybody dont talk bologna over this post.
It is 100% possible to remove spyware, etc with the proper software. Your statement "There is no turning back....." is 100% not true.
Also, that post was made in 2006, so I imagine a bit of the info could be outdated, being that it is 3 years old.
This thread has taken on many other problems since the original post, going on 7-8 pages now over the years.
you make it look like i dont know that....you make no sense iknow you can, but its not worth it for most people and it's not always the case where you can undo the bad.(the errors the viruses ,spyware hijackers....etc so yea you cannot fix every error and also you cannot fix these errors once and for all......etc etc do not post short meaningless reply's
And to the person that said i dont know how to speak or write english properly.
:tell somebody that cares if you can't understand what im saying then dont bother replying to me and asking what im saying just skip over my reply no harm done....
i speak and write fluent french and many other languages so dont bring that to me, i speak alot of other languages fluently you probably dont.(this is to the person who was making fun of the way i write)i dont have time.....
for every capslock, comma, period, semicolon, hiffen.
you should see how my lawyer write's and some doctors for that matter.
i bet they are just sick of writing all those years being sentenced to school it must be hard.
and again you guys and your short sentences building up the amount of posts you may have aquired; trying to gain seniority with the amount of short posts....lol you should be a shamed.....
a company ,forum or any other website wont survive if they are byus....there are alot of posts that mayhave been written by people who dont write so well or speak fluent english that doesnt mean you have to be racist you are rude....that's all there is to it english is not the only language that counts even though its my native tongue and its the way i speak in my mind.
ive been around.
i think it was thrax that was saying this to me you my freind are being rude....
this is a man's world but it would be nothing without a women or a girl...
3 Years ago when this post was made it pertained to the Rustock.B virus; I had multiple machines come into the shop with a STOP: 0x8E shutdown error directly related to Rustock.B.
I posted my findings after a few days of trying to figure out what the problem was. Since then it has helped a few people fix their problem, as they had a variation of the Rustock.B virus. Now that many cleaners and virus checkers detect this problem (back then there were none that I found) the info contained here is somewhat dated.
As you look back through the info you will find lots of posts of "I don't have this pe386 thing and the Rustock scanner found nothing..." problems had NOTHING to do with the initial post, but the excellent folks here at icrontic tried to help find solutions for their errors.
As RyderOCZ stated that this thread has taken on many different problems since it started.
I am sorry if you misunderstood the header of this post or found it misinformative, but it has been stated MANY times that the information contained was NOT in any way a fix for all STOP 0x8E errors!
I am also sorry that the information contained did not help you in any way. I would suggest you do a complete clean install of your OS. If that does not help then I would highly recommend that you take the computer to a professional to get repaired.
Comments
Microsoft (R) Windows Debugger Version 6.11.0001.402 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\Minidump\Mini020709-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path. *
* Use .symfix to have the debugger choose a symbol path. *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is:
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <SYMBOL_PATH>argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Unable to load image \SystemRoot\system32\ntkrnlpa.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntkrnlpa.exe
*** ERROR: Module load completed but symbols could not be loaded for ntkrnlpa.exe
Windows Vista Kernel Version 6000 MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Machine Name:
Kernel base = 0x81c00000 PsLoadedModuleList = 0x81d11e10
Debug session time: Sat Feb 7 18:30:11.916 2009 (GMT-5)
System Uptime: 0 days 0:20:55.639
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <SYMBOL_PATH>argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Unable to load image \SystemRoot\system32\ntkrnlpa.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntkrnlpa.exe
*** ERROR: Module load completed but symbols could not be loaded for ntkrnlpa.exe
Loading Kernel Symbols
...............................................................
................................................................
.....................
Loading User Symbols
Loading unloaded module list
...
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_STACK_INPAGE_ERROR (77)
The requested page of kernel data could not be read in. Caused by
bad block in paging file or disk controller error.
In the case when the first arguments is 0 or 1, the stack signature
in the kernel stack was not found. Again, bad hardware.
An I/O status of c000009c (STATUS_DEVICE_DATA_ERROR) or
C000016AL (STATUS_DISK_OPERATION_FAILED) normally indicates
the data could not be read from the disk due to a bad
block. Upon reboot autocheck will run and attempt to map out the bad
sector. If the status is C0000185 (STATUS_IO_DEVICE_ERROR) and the paging
file is on a SCSI disk device, then the cabling and termination should be
checked. See the knowledge base article on SCSI termination.
Arguments:
Arg1: 00000001, (page was retrieved from disk)
Arg2: 00000000, value found in stack where signature should be
Arg3: 00000000, 0
Arg4: 8240dc90, address of signature on kernel stack
Debugging Details:
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <SYMBOL_PATH>argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <SYMBOL_PATH>argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
ADDITIONAL_DEBUG_TEXT:
Use '!findthebuild' command to search for the target build information.
If the build information is available, run '!findthebuild -s ; .reload' to set symbol path and load symbols.
MODULE_NAME: nt
FAULTING_MODULE: 81c00000 nt
DEBUG_FLR_IMAGE_TIMESTAMP: 48d1b550
ERROR_CODE: (NTSTATUS) 0x1 - STATUS_WAIT_1
BUGCHECK_STR: 0x77_1
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from 81ccccb9 to 81cd8781
STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
826abcb4 81ccccb9 00000077 00000001 00000000 nt+0xd8781
826abd38 81cccd15 833623e8 826abd58 00000000 nt+0xcccb9
826abd6c 81cb3a57 83362458 00000000 826abdc0 nt+0xccd15
826abd7c 81e25556 00000000 826a0680 00000000 nt+0xb3a57
826abdc0 81c915fe 81cb39d4 00000000 00000000 nt+0x225556
00000000 00000000 00000000 00000000 00000000 nt+0x915fe
STACK_COMMAND: kb
FOLLOWUP_IP:
nt+d8781
81cd8781 8be5 mov esp,ebp
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt+d8781
FOLLOWUP_NAME: MachineOwner
IMAGE_NAME: ntkrnlpa.exe
BUCKET_ID: WRONG_SYMBOLS
Followup: MachineOwner
If someone can help, I would greatly appreciate it.
Thanks
http://www.microsoft.com/whdc/devtools/debugging/debugstart.mspx
So you dont get 8 paragraphs of:
Have you ran memtest yet?
Excellent instructions right here http://icrontic.com/articles/diagnose_with_memtest86
I also am getting a BSOD but it reads as follows:
Stop : 0x0000008e (0xc0000005, 0x8062be6d, 0xb0c9b418, 0x00000000)
and then it begins dump of physical memory.
is there any difference?
Please help as it is very annoying, i've had this problem for a very long time now and couldn't figure out why.
This is my system specs:
Intel Core 2 Duo E6300 Conroe 1.86GHz LGA 775 65W Dual-Core Processor Model BX80557E6300
ASUS P5N-E SLI LGA 775 NVIDIA nForce 650i SLI ATX Intel Motherboard
Kingston HyperX 1GB 240-Pin DDR2 SDRAM DDR2 800 (PC2 6400)
A-DATA 4GB (2 x 2GB) 240-Pin DDR2 SDRAM DDR2 800 (PC2 6400) Dual Channel Kit Desktop Memory Model ADQVE1B16K
FSP Group FX700-GLN 700W ATX12V V2.2/EPS12V SLI Certified CrossFire Ready Active PFC Power Supply
ASUS EN7300GT SILENT/HTD/256M GeForce 7300GT 256MB 128-bit GDDR2 PCI Express x16 SLI Supported Video Card
Creative Sound Blaster X-Fi Elite Pro 7.1 Channels PCI Interface Sound Card
ASUS 16X DVD±R DVD Burner with 12X DVD-RAM Write and LightScribe
MY OS is running on a Western Digital - WDC WD400BB-75DEA0
I'm lucky that the BSOD didn't pop up as I was writing this, Thanks in advance Troll.
- Kevin
They symps for this unit are:
Will boot to this blue screen or will boot into Windows and then lock up, either on the XP splash or shortly there after. When I attempt to boot in Safe Mode, it locks on a black screen with SAFE MODE in the four corners and a single mouse cursor that will not move. I have run MHDD diags on the HDD and it is good. Memory tests ok and Burn-it overnight didn't cause problems which seems to indicate either a corrupt OS or a faulty driver. Ideas?
Hey Kevinng328!
Have you ran memtest yet?
Excellent instructions right here http://icrontic.com/articles/diagnose_with_memtest86
What you might also need to do is get a copy of Malwarebytes' Anti-Malware from: http://www.malwarebytes.org/mbam.php
Install it on your computer, it will install in safe mode and run it. It won't be able to update in safe mode but the data file that comes with it is usually quite current.
Do a full scan of your computer and have it fix all that it finds, after your back up in normal mode update the Anti-Malware and run it again.
Also a copy of SuperAntiSpyware wouldn't hurt if Malwarebytes found anything.
You ca get it here: http://www.superantispyware.com/download.html
It will not install in safe mode so Install it after your back online.
Good luck!
Hey jtrupp!
If it couldn't find the PE386 Service then chances are you probably don't have that variation of the Rustock Rootkit...
With the computer BSOD'ing in normal mode and not booting in Safe mode, what you can do is very limited...
I see that you ran MHDD but I'd run chkdsk /p from the Recovery Console anyway... I've had that fix more machines that would not boot than anything else.
You really need to come up in Safe Mode to diagnose any further.
I've never had good luck with an upgrade install... Usually when things are this bad I throw in another hard drive and put a fresh copy of the OS on it...
Then drag all your stuff back off the non booting drive. Or take the non booting drive to another machine and burn your data off to dvd's then just fresh reload that drive.
Well the joys just continue with this Dell. Running chkdsk /p did reveal there were errors, but did not give details as to what they were or if they were fixed. When I rebooted into windows I got the same BSOD with the following info:
0x0000008e (0xc0000005, 0x6bf4efa0, 0xf961b3b4, 0x0000000). I am just about ready to wipe the drive and start over. I will need to snag the users personal files before I do that. From the recovery console can I copy files onto a flash drive?
Thanks for your help.
Jason
Hi Troll,
Thanks for the reply!!, For some reason, I haven't seen a BSOD lately, definitely will try the above tactics, and will let you know how it works out. thanks again.
Kevin
Would like to know if there's any help you can give me to rid a friends computer of it'sproblems? I'm attaching copies of the minidump and HijackThis logs for this ailing piece of work. This PC is having similar, persistant BSOD's as have been discussed in this forum, and I'm trying to get it back up and running.
On normal boot, the PC boots to windows, but about one minute after Windows (XP Home SP3) opens, (and while it's still loading stuff) it gives off a BSOD (STOP 0X0000008E (0X00000005, 0X805B4B2, 0XB208FB90, 0X00000000) The PC will boot into Safe Mode just fine. From Safe Mode, I've run several malware checks and have gotten rid of anything of suspicion. The problem still exists. Any help would be greatly appreciated.
EDIT: Here are the error codes when I get the BSOD:
0x0000008E (0xC0000005, 0x9264D921, 0x8723F048, 0x00000000)
0x0000008E (0xC0000005, 0x92651921, 0x8BA4D048, 0x00000000)
I've run Windows' Memory Diagnostics during startup and it hasn't found any errors, I did 5 passes with no problems. I checked the hard drive a couple of times, even though I'm pretty sure that's not the problem.
I ran the memtest and hard drive test and they were fine.
I don't have vista on the problem computer, but
Stop: 0x00000085 (0xc0000005, 0x82242d3b, 0x99a4921c, 0x00000000)
can anyone help me??
Welcome to Icrontic
anyone:
i just don't have enough time to research more about this and i've tried all as far as my manufacturer's guideline is concerned. i am now very disappointed of my manufacturer's response about my complain. please advice, i got two different bsod codes when i tried to operate my computer on two diferent times. so here are the codes: [0x0000007E (0xC0000005, 0x81124886,0x805993A0,0x8059909C) and 0x0000008E (0xC0000005,0x810FF96B,0x925A69FC,0x00000000)]. i tried to launch repair but it was unsuccessful returned back to blue screen, i tried to start on normal/safe-mode but both unsuccessful also returned back to blue screen, i runned the debugging mode but i just waited for nothing for more than hour, i runned diagnostics and it says memory integrity failed (error code:0123, msg: error code 2000-0123, location: DIMM_A). my gratitude for any help. more power and Godspeed.
im using vista so anything xp will not do any help. anyway for your info, here's my computer specs:
- Win Vista Home Premium 32 bit
- 2.0 Ghz, 2 MB Cache
- 4 gb ram (2 x 2 gb)
- 500 gb hd
- intel gma x3100 vcard
here's my email: rongxuehe-one@yahoo.com
thanks a lot.
This is what you need to read: http://icrontic.com/articles/fix-the-0x0000008e-bsod-once-and-for-all
for those who still having problem with these error codes (after referring to what have been already posted), i just recently found the answer (particularly to the post i recently posted):
if launch repair, other fixes from safe mode and/or even a reformat is not working--run diagnostics.
if you got the same result as: memory integrity test failed, look for the location
if you got the same location (particularly to those who have 2 rams installed)--location: dimm_a or b (you can see these locations in your ram slots as label stickers "most of the time")
and if your memory integrity test failed on dimm_a (like as mine--but this applies also for dimm_b), try to take out that ram--MAKE SURE YOUR POWER IS OFF
then turn on (boot)
if still error occurs (for my case i replaced first the defective a new one): run reformat (i just did this as a last resort because i can't still run my windows successfully)
but if your computer boots succesfully after taking-out the defective one, no need to reformat--just replaced that defective ram if you still want to use two rams
at first i didn't know that if you have defective ram you cannot reformat (yep, im not that technical when it comes to computers)
this is not a confirmed priority technical solution for these error codes but i hope this can help you especially, like me, as a last resort.
are you sure you are not trying to advertise these softwares they dont always work.if you install a trojan there is no turning back no matter what software you use in safe mode search and destroy adaware zone alarm avg etc etc etc once your files are corrupted save your data if you can then just forget about it.dont trust symantec they make viruses i understand this procedure how ever ...when i came here this did not help me at all.with my error neither did the home page article....you will see this type of error again it seems files get corrupted moved deleted etc etc can also cause seroius hardware damage while this is happening.
maybe i just dont understand what you are saying.
so you are saying that if i follow these steps my pc will always be stable.
what about viruses/spyware/hijacker keyloggers etc etc cause these errors and programs.
sometimes you do a check and it recodnizes some and does not see others(malicious) and the other sees nothing catches some misses others etc etc...you can maybe save it once but not all the time....
It is 100% possible to remove spyware, etc with the proper software. Your statement "There is no turning back....." is 100% not true.
Also, that post was made in 2006, so I imagine a bit of the info could be outdated, being that it is 3 years old.
This thread has taken on many other problems since the original post, going on 7-8 pages now over the years.
dont make accustions of misleading people when im trying to open their eyes you are the only one misleading here do not post over my reply if you have a short sentance that does not have anything to do with this post thrax... no offence but you are bullying me for no reason.
again i will say it to evry one dont bother with rootkit etc hijack this etc
just do reinstall for your own convenience.to keep things simple if you have other troubles then dig deeper plz anybody and evrybody dont talk bologna over this post.
you make it look like i dont know that....you make no sense iknow you can, but its not worth it for most people and it's not always the case where you can undo the bad.(the errors the viruses ,spyware hijackers....etc so yea you cannot fix every error and also you cannot fix these errors once and for all......etc etc do not post short meaningless reply's
And to the person that said i dont know how to speak or write english properly.
:tell somebody that cares if you can't understand what im saying then dont bother replying to me and asking what im saying just skip over my reply no harm done....
i speak and write fluent french and many other languages so dont bring that to me, i speak alot of other languages fluently you probably dont.(this is to the person who was making fun of the way i write)i dont have time.....
for every capslock, comma, period, semicolon, hiffen.
you should see how my lawyer write's and some doctors for that matter.
i bet they are just sick of writing all those years being sentenced to school it must be hard.
and again you guys and your short sentences building up the amount of posts you may have aquired; trying to gain seniority with the amount of short posts....lol you should be a shamed.....
a company ,forum or any other website wont survive if they are byus....there are alot of posts that mayhave been written by people who dont write so well or speak fluent english that doesnt mean you have to be racist you are rude....that's all there is to it english is not the only language that counts even though its my native tongue and its the way i speak in my mind.
ive been around.
i think it was thrax that was saying this to me you my freind are being rude....
this is a man's world but it would be nothing without a women or a girl...
3 Years ago when this post was made it pertained to the Rustock.B virus; I had multiple machines come into the shop with a STOP: 0x8E shutdown error directly related to Rustock.B.
I posted my findings after a few days of trying to figure out what the problem was. Since then it has helped a few people fix their problem, as they had a variation of the Rustock.B virus. Now that many cleaners and virus checkers detect this problem (back then there were none that I found) the info contained here is somewhat dated.
As you look back through the info you will find lots of posts of "I don't have this pe386 thing and the Rustock scanner found nothing..." problems had NOTHING to do with the initial post, but the excellent folks here at icrontic tried to help find solutions for their errors.
As RyderOCZ stated that this thread has taken on many different problems since it started.
I am sorry if you misunderstood the header of this post or found it misinformative, but it has been stated MANY times that the information contained was NOT in any way a fix for all STOP 0x8E errors!
I am also sorry that the information contained did not help you in any way. I would suggest you do a complete clean install of your OS. If that does not help then I would highly recommend that you take the computer to a professional to get repaired.