Please Help!! The system has recovered from a serious error.

I am new here and need help desperately!!!! My computer randomly shuts off and restarts. When it reboots I get this message.... System has recovered from a serious error.

The system has recovered from a serious error.

BCCode : 1000000a BCP1 : FFFE8080 BCP2 : 00000002 BCP3 : 00000001
BCP4 : 806F12DC OSVer : 5_1_2600 SP : 3_0 Product : 256_1


C:\DOCUME~1\KENNET~1\LOCALS~1\Temp\WER2760.dir00\Mini060511-01.dmp
C:\DOCUME~1\KENNET~1\LOCALS~1\Temp\WER2760.dir00\sysdata.xml


I saw on another post someone helping asked for the .dmp file in compressed form, so I am attaching that too. Thanks in advance for the help.

 

Hi and welcome to MG,

Can you download and install the following? CCleaner

If prompted to make a regbackup, go ahead and say yes. Also make sure you have your browser windows closed before running this.

Now, open command prompt and type in the following command:

sfc /scannow

your BSOD log points to hal.dll as possibly being corrupted. sfc /scannow may be able to correct this issue.

 

Hiya Ken, welcome to Majorgeeks

Not sure I can put anything in the frame from this dmp, I'm afraid, looks like there's some Norton involvement which could be relevant though:

Code:

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: fffe8080, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, bitfield :
	bit 0 : value 0 = read operation, 1 = write operation
	bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: 806f12dc, address which referenced memory

Debugging Details:
------------------


WRITE_ADDRESS:  fffe8080 

CURRENT_IRQL:  2

FAULTING_IP: 
hal!KfLowerIrql+c
806f12dc 890d8000feff    mov     dword ptr ds:[0FFFE0080h],ecx

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  DRIVER_FAULT

BUGCHECK_STR:  0xA

PROCESS_NAME:  [B]ccSvcHst.exe[/B]

LAST_CONTROL_TRANSFER:  from 804e4949 to 806f12dc

STACK_TEXT:  
adc68cdc 804e4949 00000000 87e294a0 00000000 hal!KfLowerIrql+0xc
adc68cf0 80566566 00000000 00000001 00000000 nt!KeReleaseMutant+0xbb
adc68d54 804de7ec 000020dc 00000000 0abbf6ac nt!NtReleaseMutant+0x76
adc68d54 7c90e514 000020dc 00000000 0abbf6ac nt!KiFastCallEntry+0xf8
WARNING: Frame IP not in any known module. Following frames may be wrong.
0abbf6ac 00000000 00000000 00000000 00000000 0x7c90e514


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt!KeReleaseMutant+bb
804e4949 8b4508          mov     eax,dword ptr [ebp+8]

SYMBOL_STACK_INDEX:  1

SYMBOL_NAME:  nt!KeReleaseMutant+bb

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntoskrnl.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  4d00dbda

FAILURE_BUCKET_ID:  0xA_nt!KeReleaseMutant+bb

BUCKET_ID:  0xA_nt!KeReleaseMutant+bb

Followup: MachineOwner

From carrona.org, most likely causes for this BSOD:

If you can force another BSOD and upload the dump from that, we may get more to work with.

 

thanks for the replies. I am working on doing the CCleaner now. just about to install. I have seen BSOD in both replies now, what does that mean? Is that anopther crash? or the .dmp File?

 

BSOD = Blue screen of death ^^ = the creator of the dumps

 

You may have an infection, last time I saw 0x0A it was virus related.

 

ok, sorry it took so long. I stepped away, and my computer restarted, and when it did it looked like it was in safe mode, but it told me my grafix display was out dated now, so I had to down load a new one. Anyway, it also said it recovered from another serious issue. And I got another .dmp file. so I will upload the new one. Also, if this is some sort of virus, how do I fix it, since apparently norton is not detecting it?

 

While there's no hard evidence of malware, it's looking increasingly like it's at the root of this problem. I'd assume a rootkit or worse to be triggering this:

Code:

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000000A, {fffe8080, 2, 1, 806f12dc}

[B]*** WARNING: Unable to verify timestamp for SRTSP.SYS
*** ERROR: Module load completed but symbols could not be loaded for SRTSP.SYS
*** WARNING: Unable to verify timestamp for NAVEX15.SYS
*** ERROR: Module load completed but symbols could not be loaded for NAVEX15.SYS
Probably caused by : SRTSP.SYS[/B] ( SRTSP+2c928 )

Followup: MachineOwner
---------

kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: fffe8080, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, bitfield :
	bit 0 : value 0 = read operation, 1 = write operation
	bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: 806f12dc, address which referenced memory

Debugging Details:
------------------


WRITE_ADDRESS:  fffe8080 

CURRENT_IRQL:  2

FAULTING_IP: 
hal!KfLowerIrql+c
806f12dc 890d8000feff    mov     dword ptr ds:[0FFFE0080h],ecx

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  DRIVER_FAULT

BUGCHECK_STR:  0xA

PROCESS_NAME:  winlogon.exe

LAST_CONTROL_TRANSFER:  from 804e4949 to 806f12dc

STACK_TEXT:  
ad3897c4 804e4949 00000030 ad389808 00000001 hal!KfLowerIrql+0xc
ad3897d8 ade9f928 00000000 00000001 00000000 nt!KeReleaseMutant+0xbb
WARNING: Stack unwind information not available. Following frames may be wrong.
[B]ad3897f0 adc67985 88279ad8 adc67400 00000009 SRTSP+0x2c928
ad38980c adc672ef e1a9e88c 00000000 ad3898a8 NAVEX15+0x33985
ad389824 adc93a3d e1a9e88c 00000024 0000036d NAVEX15+0x332ef
ad389840 adc9444f 00000024 00000000 e78df108 NAVEX15+0x5fa3d
ad38985c adc94e6f 00000000 00000014 00000001 NAVEX15+0x6044f
ad389898 adc3b1ee e1a9e878 ad3899e8 add88150 NAVEX15+0x60e6f
ad3898d4 adc3bdf0 e6896820 ad389944 e6f9c3f8 NAVEX15+0x71ee
ad389948 adc3cbe1 00000000 adda3570 e6bab608 NAVEX15+0x7df0
ad3899c8 adc3cf6d e6bab608 00000003 e6c8ef10 NAVEX15+0x8be1
ad389a00 ade7c3c9 e6896820 e6c8ee78 e6bab008 NAVEX15+0x8f6d
ad389a38 ade9ceec 00000000 e6896820 e6c8ee78 SRTSP+0x93c9
ad389a7c ade9e32b e12f81f0 ad389ad8 e6896820 SRTSP+0x29eec
ad389ae4 ade967d1 ad389b14 e6c8ee78 e6c8ef08 SRTSP+0x2b32b
ad389b44 ade96ca4 ad389bc0 e6c8ee60 ade9716a SRTSP+0x237d1
ad389b64 ade88c89 ad9565c0 88122164 88122008 SRTSP+0x23ca4
ad389ba0 f747b888 019c4754 ad389bc0 ad389bf0 SRTSP+0x15c89[/B]
ad389c00 f747d2a0 00389c48 87f8a4fc ad389c48 fltmgr!FltpPerformPreCallbacks+0x2d4
ad389c14 f747dc48 ad389c48 00000000 88ee4ee8 fltmgr!FltpPassThroughInternal+0x32
ad389c30 f747e059 ad389c48 87f8a310 898a2380 fltmgr!FltpPassThrough+0x1c2
ad389c60 804e3807 88ee4ee8 87f8a300 87f8a300 fltmgr!FltpDispatch+0x10d
ad389c70 8056ebfe 87f70a50 898ef560 87f70a68 nt!IopfCallDriver+0x31
ad389ca4 805678a7 88785590 88ee4ee8 0012019f nt!IopCloseFile+0x27c
ad389cd4 80567a4f 88785590 00000001 898ef560 nt!ObpDecrementHandleCount+0xd4
ad389cfc 80567ac0 e179d0c8 87f70a68 00000cbc nt!ObpCloseHandleTableEntry+0x14d
ad389d44 80567b0a 00000cbc 00000001 00000000 nt!ObpCloseHandle+0x87
ad389d58 804de7ec 00000cbc 0158dec0 7c90e514 nt!NtClose+0x1d
ad389d58 7c90e514 00000cbc 0158dec0 7c90e514 nt!KiFastCallEntry+0xf8
0158dec0 00000000 00000000 00000000 00000000 0x7c90e514


STACK_COMMAND:  kb

FOLLOWUP_IP: 
SRTSP+2c928
ade9f928 ??              ???

SYMBOL_STACK_INDEX:  2

SYMBOL_NAME:  SRTSP+2c928

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: SRTSP

IMAGE_NAME:  SRTSP.SYS

DEBUG_FLR_IMAGE_TIMESTAMP:  4a4039f4

FAILURE_BUCKET_ID:  0xA_SRTSP+2c928

BUCKET_ID:  0xA_SRTSP+2c928

Followup: MachineOwner
---------

This time, 2 Norton files are corrupt and there's a lot of Norton activity in the Stack text.

Time for you to study then work your way through this post, Ken.

 

OK, so I studies that link, and I did everything on it to the point where it asks if everything is ok now. So I jumped on the internet, and lasted about 5 minutes before it rebooted this time, which is worse off than before. The only program I couldn't get to work was the RootRepeal. So now what do I do? do I have to start a new thread based on the logs I got? Or do I just attach them here? I will attach the Dump File I just got for now. Then let me know what else I should do.

 

0x9c, never heard of that one, but it's pointing to another very general file, hal.dll. My guess is you have viruses, I would head over to the malware forum and go through the Read and Run me first thread

 

0x9c is usually a hardware error, it's a very similar error to 0x124.

Code:

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

MACHINE_CHECK_EXCEPTION (9c)
A fatal Machine Check Exception has occurred.
KeBugCheckEx parameters;
    x86 Processors
        If the processor has ONLY MCE feature available (For example Intel
        Pentium), the parameters are:
        1 - Low  32 bits of P5_MC_TYPE MSR
        2 - Address of MCA_EXCEPTION structure
        3 - High 32 bits of P5_MC_ADDR MSR
        4 - Low  32 bits of P5_MC_ADDR MSR
        If the processor also has MCA feature available (For example Intel
        Pentium Pro), the parameters are:
        1 - Bank number
        2 - Address of MCA_EXCEPTION structure
        3 - High 32 bits of MCi_STATUS MSR for the MCA bank that had the error
        4 - Low  32 bits of MCi_STATUS MSR for the MCA bank that had the error
    IA64 Processors
        1 - Bugcheck Type
            1 - MCA_ASSERT
            2 - MCA_GET_STATEINFO
                SAL returned an error for SAL_GET_STATEINFO while processing MCA.
            3 - MCA_CLEAR_STATEINFO
                SAL returned an error for SAL_CLEAR_STATEINFO while processing MCA.
            4 - MCA_FATAL
                FW reported a fatal MCA.
            5 - MCA_NONFATAL
                SAL reported a recoverable MCA and we don't support currently
                support recovery or SAL generated an MCA and then couldn't
                produce an error record.
            0xB - INIT_ASSERT
            0xC - INIT_GET_STATEINFO
                  SAL returned an error for SAL_GET_STATEINFO while processing INIT event.
            0xD - INIT_CLEAR_STATEINFO
                  SAL returned an error for SAL_CLEAR_STATEINFO while processing INIT event.
            0xE - INIT_FATAL
                  Not used.
        2 - Address of log
        3 - Size of log
        4 - Error code in the case of x_GET_STATEINFO or x_CLEAR_STATEINFO
    AMD64 Processors
        1 - Bank number
        2 - Address of MCA_EXCEPTION structure
        3 - High 32 bits of MCi_STATUS MSR for the MCA bank that had the error
        4 - Low  32 bits of MCi_STATUS MSR for the MCA bank that had the error
Arguments:
Arg1: 00000000
Arg2: 8054e170
Arg3: c4024000
Arg4: 00000136

Debugging Details:
------------------

   NOTE:  This is a hardware error.  This error was reported by the CPU
   via Interrupt 18.  This analysis will provide more information about
   the specific error.  Please contact the manufacturer for additional
   information about this error and troubleshooting assistance.

   This error is documented in the following publication:

      - Bios and Kernel Developers Guid for AMD Athlon(r) 64 and AMD Opteron(r) Processors
   Bit Mask:

       MA                           Model Specific       MCA
    O  ID      Other Information      Error Code     Error Code
   VV  SDP ___________|____________ _______|_______ _______|______
   AEUECRC|                        |               |              |
   LRCNVVC|                        |               |              |
   ^^^^^^^|                        |               |              |
      6         5         4         3         2         1
   3210987654321098765432109876543210987654321098765432109876543210
   ----------------------------------------------------------------
   1100010000000010010000000000000000000000000000000000000100110110


VAL   - MCi_STATUS register is valid
        Indicates that the information contained within the IA32_MCi_STATUS
        register is valid.  When this flag is set, the processor follows the
        rules given for the OVER flag in the IA32_MCi_STATUS register when
        overwriting previously valid entries.  The processor sets the VAL 
        flag and software is responsible for clearing it.

OVER  - Error Overflow
        Indicates that a machine check error occurred while the results of a
        previous error were still in the error-reporting register bank (that
        is, the VAL bit was already set in the IA32_MCi_STATUS register).
        the processor sets the OVER flag and software is responsible for 
        clearing it.  Enabled errors are written over disabled errors, and 
        uncorrected errors are written over corrected errors.  Uncorrected 
        errors are not written over previous valid uncorrected errors.

ADDRV - IA32_MCi_ADDR register valid
        Indicates that the IA32_MCi_ADDR register contains the address where
        the error occurred.

MEMHIRERR - Memory Hierarchy Error   {TT}CACHE{LL}_{RRRR}_ERR
        These errors match the format 0000 0001 RRRR TTLL



   Concatenated Error Code:
   --------------------------
   _VAL_OVER_ADDRV_MEMHIRERR_36

   This error code can be reported back to the manufacturer.
   They may be able to provide additional information based upon
   this error.  All questions regarding STOP 0x9C should be
   directed to the hardware manufacturer.

BUGCHECK_STR:  0x9C_AuthenticAMD

CUSTOMER_CRASH_COUNT:  2

DEFAULT_BUCKET_ID:  DRIVER_FAULT

PROCESS_NAME:  chrome.exe

LAST_CONTROL_TRANSFER:  from 806f48db to 80533846

STACK_TEXT:  
8054e148 806f48db 0000009c 00000000 8054e170 nt!KeBugCheckEx+0x1b
8054e274 806efc2e 80042000 00000000 00000000 hal!HalpMcaExceptionHandler+0xdd
8054e274 00000000 80042000 00000000 00000000 hal!HalpMcaExceptionHandlerWrapper+0x46


STACK_COMMAND:  kb

SYMBOL_NAME:  ANALYSIS_INCONCLUSIVE

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: Unknown_Module

IMAGE_NAME:  Unknown_Image

DEBUG_FLR_IMAGE_TIMESTAMP:  0

FAILURE_BUCKET_ID:  0x9C_AuthenticAMD_ANALYSIS_INCONCLUSIVE

BUCKET_ID:  0x9C_AuthenticAMD_ANALYSIS_INCONCLUSIVE

Followup: MachineOwner
---------

 

So, how can I decipher which hardware problem it could be? I have tried multiple times to run a test on my ram, but none of the stuff worked.

 

Well, if you drill down through the debug output, Authentic AMD crops up a few times, that would point towards CPU or Northbridge (motherboard) problems, possibly triggered by overheating or a failing PSU.

Whatever is causing this rapid decline, I'd get all valuable data copied away from this PC as soon as you can - like now.

When you get a few minutes, create a new thread in the malware forum, link to this thread and attach the required logs that you've already obtained from following the read me and run.

Try working through a search using 0x9C_AuthenticAMD_ANALYSIS_INCONCLUSIVE as the subject, I've been through about 12 or so and only found 1 that had a good outcome, the others seemed to be left hanging.

 

I think I have it fixed!!! :-D I found something here about over heating, and got to thinking it has been a while since I cleaned my case. So I pulled it out and opened it up and WHOA!!! I guess I should pay more attention to that if I want to have a computer. The back of the case, where you could put extra fans, looked like the lint trap from the dryer So I went to cleaning, and vacuuming. Then I took the fan off the heat sink and literally pulled the lint off just like the lint trap, so I would say it was most likely overheating. I have not had an issue in the last 24 hours, and before it was shutting down after 15 minutes to an hour. So now I just hope I didn't do any permanent damage. Thanks for all the hope to get it figured out!!