Posted by: wfaulk
Bluescreen troubleshooting - 16/03/2007 13:39
I have a computer at work that is bluescreening when you try to log into it. It does it for both domain and local accounts. It bluescreens with the same code every time. The code (0x0000008E, 0xc0000005, 0x8062BFBF, 0xAEEA0988, 0x00000000) indicates that a driver is trying to access invalid memory. The bluescreen doesn't specify which driver it is, so I'm supposed to track it down by using pstat.exe to find the driver at offset 0x8062BFBF, but I can't log in to use it. Safe mode allows you to log in, but it seems to fail to load the driver that's causing it to bluescreen. The Event Viewer gives me a list of what drivers weren't loaded, but I can't uninstall the associated programs from safe mode.
Any ideas how to proceed? I'd really rather not reinstall the system. I have the feeling that it's a problem with Symantec AntiVirus, but I could be wrong about that.
Posted by: tfabris
Re: Bluescreen troubleshooting - 16/03/2007 15:23
I say, do a logged boot.
When it bluescreens, go back to safe mode. Open the log. Whatever the last "Loading xxxxx.sys" line is in the log, that's yer bad boy.
Posted by: wfaulk
Re: Bluescreen troubleshooting - 16/03/2007 16:25
The thing is, though, it doesn't crash on boot. It only crashes once you type in your username and password. Is the bootlog still logging by the time it gets to that point?
And, if it is, should I just move the .SYS file out of the Windows folder and try to boot again?
If it's not still logging at that point, do you have any other suggestions?
Posted by: tfabris
Re: Bluescreen troubleshooting - 16/03/2007 18:28
If the crash doesn't happen until login, I'm unconvinced the culprit will be a SYS driver in that case. Don't they load before login?
Now, I'd instead look at what's in the "run" locations: Win.ini, HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run (etc) and whatever is in the startup folder for all users and for the current user.
Posted by: AndrewT
Re: Bluescreen troubleshooting - 16/03/2007 21:29
It may just be a regular RAM fault. Chances are that the OS's memory footprint changes somewhat at that stage of the startup process. Not that it's as conclusive as physically swapping or removing memory modules... you could try the /MAXMEM option in msconfig to limit the system RAM available to the OS.
Posted by: wfaulk
Re: Bluescreen troubleshooting - 17/03/2007 17:57
I didn't say it, but I did run memtest for quite some time with no errors. I feel pretty certain that it's not a memory problem, but I've been wrong before.
Posted by: wfaulk
Re: Bluescreen troubleshooting - 18/03/2007 14:59
Is there anything in Windows itself that would load a driver during login, or only an application that's run during login?
Knowing this would allow me to narrow it down to an at-login application or not.
Posted by: tfabris
Re: Bluescreen troubleshooting - 18/03/2007 17:33
Hey, Bitt, I'm sure you tried this already. But in case you haven't...
Try pulling every card out of the machine except the video card, and unplugging every peripheral except the power cord and the monitor. See if the machine boots without a bluescreen. (You might have to plug in a keyboard, but no more than that.)
Posted by: gbeer
Re: Bluescreen troubleshooting - 18/03/2007 19:23
Is this app of any use here? C:\WINDOWS\system32\verifer.exe
Not quite sure how it's used but it seems like it might be relevant.
Some MS KB numbers 244617 298690
Posted by: wfaulk
Re: Bluescreen troubleshooting - 18/03/2007 19:26
It's a laptop, so there's not really anything to pull out.