blue screen of death: Stop: c000021a

Hello good people, I am in need of some help.

Intermittently, for the last 3 weeks,
I get the" blue screen of death"
I then reboot and all is fine and working without a problem.

Here is the message I get:

Stop: c000021a {fatal system error}
The windows Logon process system process terminated unexpectedly
With a status of 0x00000402 (0x00000000)
The system ha been shut down.

Some of you may remember that a couple of month ago I did an upgrade to my computer. I installed a new cpu (from AMD 2000 to AMD 3000 Mobil) and a USB2/Fire wire card and a new video card. I also upgraded my CD-RW to a DVD-RW and I added 512 megs of ram for a total of 1024 megs.

The system was running great and stable. The only thing I did is install and uninstall some software that I come across.

I searched my files for a .dmp file as suggested in the other thread, but I have none.

I am running windows XP home sp2

Anyone know what the problem might be?

Thanks
Sven

 

Did you get any sort of wording like STATUS_SYSTEM_PROCESS_TERMINATED or some other with the words in ALL_CAPS and the underscore between words?

Most of this sort of stop error is hardware related but C000021A is sort of an oddball that can have software causes.

Also a check of your event logs for more information could possibly help.

 

Newt,
The only error I get is the one in my first message.
Nothing in caps with _ between the words.

How do I get to the event log?

In the beginning it starts up normally and windows starts loading and then just before the welcome screen come up I get this error.
Like windows can’t finish loading for some reason.


Sven

 

Hi all,

Newt suggested in his post that the error I get might be software related and because of that I finally decided to do a repair install of XP.

The install went fine and I have not gotten the Blue screen for a couple of days. I hope that it is gone for good.

Thanks for pointing me in the right direction, Newt.

Sven

 

Thanks Arie for the info.

I checked the event log and I have a lot (About 20) of all the same error:

Under Application

Typ - ----- ----- --- ---- Source - category - event - user
Warning - Date - Time "“ Userenv "“ None "“-- 1517 "“ System

Under System:

Error -- -- Date - Time - W32Time -- None -- 29 -- N/A

These are clustered together in groups of 3 to 5 and then there is 11-2-05 where there are 60 errors and the source is CDROM, event 7.


Can anybody make heads or tails of this?
Thanks
Sven

 

SVEN - when you have an event open, click on the icon below the up/down arrows to send a text copy of the error to your clipboard and then in a reply here, just paste that into the reply box. Fine to do both the ones that you mention.

They are much easier to deal with in that format.

 

Newt here it is.

Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1517
Date: 11/16/2005
Time: 23:13:00
User: NT AUTHORITY\SYSTEM
Computer: SVENALBRECHT
Description:
Windows saved user SVENALBRECHT\Sven Albrecht registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10005
Date: 11/12/2005
Time: 13:36:18
User: NT AUTHORITY\SYSTEM
Computer: SVENALBRECHT
Description:
DCOM got error "The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. " attempting to start the service SENS with arguments " " in order to run the server:
{D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


Event Type: Error
Event Source: W32Time
Event Category: None
Event ID: 17
Date: 11/12/2005
Time: 7:56:59
User: N/A
Computer: SVENALBRECHT
Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.nist.gov,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


let me know what i can do.
Sven

 

Nothing in those events that would cause the behavior you are seeing.

Event Source: Userenv
Event Category: None
Event ID: 1517
This one is fairly common and isn't really worth trying to cure. It is harmless and when you reboot, everything is back to normal with the needed changes done.

Event Source: DCOM
Event Category: None
Event ID: 10005
DCOM isn't able to load Sens.dll which is needed to give you some event notifications. Check in your services (click on start, on run, key in services.msc and click OK) for System Event Notification. It should be set to autostart. If not, you can set it that way but in any case, the error is a minor matter.

Event Source: W32Time
Event Category: None
Event ID: 17
This one is telling you that your PC has problems locating an internet time server so it can automatically sync time with that server. Nice to fix but if you only get them occasionally, you probably do get the time update often enough to keep you accurate. If not, you can set your time manually or if you wish, post a new topic with just this failure and we can try to troubleshoot why w32time updates are failing.

As for the Stop: c000021a {fatal system error}, the causes seem to be all over the place.

Are you running a fully patched system with SP2 and all the hotfixes that followed that?

XP-home or XP-pro?

 

Newt,
Thanks for your response,

Yes, I am running XP sp2 fully patched.
I have it set to automatic updates.
After my repair install, every thing is running fine and I have not received a blue screen since.

System Event Notification is set to autostart
Thanks for your help.
Sven

 

Hi all,
After receiving more Blue screens even after I repair installed windows, I did a complete fresh install of every thing. I wiped my second hard drive and use it now as C:\

During the install of windows and all other programs I had to reboot several times without a problem. So I hoped every thing was fine. The last thing I installed was Nero 6.6 and then I shut down the Computer.

This morning I started the Computer and get the Blue screen and a reboot. Following a successful boot I get the error:

The System has recovered from a serious error. Please tell MS about the problem

Error Signature:
BBCode: c000021a BCP1: E179B800 BCP2: 00000402 BCP3: 00000000
BCP4: 00000000 OSVer: 5_1_2600 SP:2_0 Product: 768_1


Technical Information about the error:
C:\Docume~1\Svenal~1\Temp\WERec42.dir00\Mini1125-01.dmp
C:\Docume~1\Svenal~1\Temp\WERec42.dir00\sysdata.xml

After sending the report to MS I got this back:
Stop error caused by a device driver
Symptoms
You are receiving this message because a device driver installed on your computer caused a stop error message. This error message required a restart of your computer. After the restart your computer should continue to operate normally, however the error may re-occur until the problem is corrected.
Cause
A stop error occurs when your computer encounters an error from which it cannot recover. This is usually caused by a device driver which encounters an unhandled exception or performs an illegal operation. When the operating system detects this situation it is stopped to prevent further problems, such as data loss or further system instability.
Resolution
Your error report has been computer analyzed and is unable to determine the exact cause of the error at this time. Since a cause and resolution has not been found your error report will be analyzed by Microsoft and any associated vendors to determine the cause of the error. After a cause has been found and corrected you will receive an updated message the next time you receive this same error with instructions on resolving the problem. We apologize for any inconvenience this error has caused and are working to resolve it as quickly as possible.
Please note it is important you continue to report errors so analysts will have data to analyze and correct the problem as quickly as possible. We appreciate your patience and assistance while we work to resolve your error.

Should I uninstall Nero?

Thanks for any help

Sven

 

Hi Sven,

Can you attach the kd debug report here. I hope I can find out more clues from the debug report.

Proceudre
1) Create folder c:\symbols
2) Download and install the http://www.microsoft.com/whdc/devtools/debugging/installx86.mspx
3) Locate your latest memory.dmp file- C:\Docume~1\Svenal~1\Temp\WERec42.dir00\Mini1125-01.dmp or whatever
4) open a CMD prompt and cd\program files\debugging tools for windows\
5) type the following stuff:

Code:
c:\program files\debugging tools>kd -z C:\Docume~1\Svenal~1\Temp\WERec42.dir00\Mini1125-01.dmp
kd> .logopen c:\debuglog.txt
kd> .sympath srv*c:\symbols*http://msdl.microsoft.com/download/symbols
kd> .reload;!analyze -v;r;!thread;lmnt;.logclose;q

You now have a debuglog.txt in c:\, open it in notepad and post to this thread.

 

cpc2004,

Thanks for the link.

I will Download later and try to do what you told me.

BTW, I uninstalled " IN CD " from Nero, and have not gotten any error since then.

Sven

 

cpc2004,

Here is what i got:

Microsoft (R) Windows Debugger Version 6.5.0003.7
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini112505-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: C:\Symbol
Executable search path is:
Unable to load image ntoskrnl.exe, Win32 error 2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055a420
Debug session time: Fri Nov 25 10:11:34.630 2005 (GMT-8)
System Uptime: 0 days 0:00:35.200
Unable to load image ntoskrnl.exe, Win32 error 2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Loading Kernel Symbols
....................................................................................................................
Loading unloaded module list
..
Loading User Symbols
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck C000021A, {e179b800, 402, 0, 0}

***** Kernel symbols are WRONG. Please fix symbols to do analysis.


Followup: MachineOwner
---------

Nothing happens when i click on the second link.??

Sven

 

Hi Sven.

You only specify c:\symbol and forget to specify microsoft symbolic server. Refer the my original post.

<<
.sympath srv*c:\symbols*http://msdl.microsoft.com/download/symbols
>>

Re-run and the symbol will be resolved.

 

cpc2004
Getting lots of errors and warnings. Tells me wrong symbols
I'm at a loss.
Also, i cut the top part of the file because od the 20000 character limit

Sven

Opened log file 'c:\debuglog.txt'
kd> sympath srv*c:\symbols*http://msdl.microsoft.com/download/symbols
*** ERROR: Module load completed but symbols could not be loaded for *** WARNING: Unable to verify timestamp for usbuhci.sys
*** ERROR: Module load completed but symbols could not be loaded for usbuhci.sys
*** WARNING: Unable to verify timestamp for usbehci.sys
*** ERROR: Module load completed but symbols could not be loaded for usbehci.sys
*** WARNING: Unable to verify timestamp for Modem.SYS
*** ERROR: Module load completed but symbols could not be loaded for Modem.SYS
*** WARNING: Unable to verify timestamp for InCDPass.sys
*** ERROR: Module load completed but symbols could not be loaded for InCDPass.sys
*** WARNING: Unable to verify timestamp for incdrm.SYS
*** ERROR: Module load completed but symbols could not be loaded for incdrm.SYS
*** WARNING: Unable to verify timestamp for fdc.sys
*** ERROR: Module load completed but symbols could not be loaded for fdc.sys
*** WARNING: Unable to verify timestamp for mouclass.sys
*** ERROR: Module load completed but symbols could not be loaded for mouclass.sys
*** WARNING: Unable to verify timestamp for kbdclass.sys
*** ERROR: Module load completed but symbols could not be loaded for kbdclass.sys
*** WARNING: Unable to verify timestamp for TDI.SYS
*** ERROR: Module load completed but symbols could not be loaded for TDI.SYS
*** WARNING: Unable to verify timestamp for ptilink.sys
*** ERROR: Module load completed but symbols could not be loaded for ptilink.sys
*** WARNING: Unable to verify timestamp for raspti.sys
*** ERROR: Module load completed but symbols could not be loaded for raspti.sys
*** WARNING: Unable to verify timestamp for flpydisk.sys
*** ERROR: Module load completed but symbols could not be loaded for flpydisk.sys
*** WARNING: Unable to verify timestamp for vga.sys
*** ERROR: Module load completed but symbols could not be loaded for vga.sys
*** WARNING: Unable to verify timestamp for Msfs.SYS
*** ERROR: Module load completed but symbols could not be loaded for Msfs.SYS
*** WARNING: Unable to verify timestamp for Npfs.SYS
*** ERROR: Module load completed but symbols could not be loaded for Npfs.SYS
*** WARNING: Unable to verify timestamp for avg7rsxp.sys
*** ERROR: Module load completed but symbols could not be loaded for avg7rsxp.sys
*** WARNING: Unable to verify timestamp for watchdog.sys
*** ERROR: Module load completed but symbols could not be loaded for watchdog.sys
*** WARNING: Unable to verify timestamp for BOOTVID.dll
*** ERROR: Module load completed but symbols could not be loaded for BOOTVID.dll
*** WARNING: Unable to verify timestamp for InCDrec.SYS
*** ERROR: Module load completed but symbols could not be loaded for InCDrec.SYS
*** WARNING: Unable to verify timestamp for rasacd.sys
*** ERROR: Module load completed but symbols could not be loaded for rasacd.sys
*** WARNING: Unable to verify timestamp for serenum.sys
*** ERROR: Module load completed but symbols could not be loaded for serenum.sys
*** WARNING: Unable to verify timestamp for gameenum.sys
*** ERROR: Module load completed but symbols could not be loaded for gameenum.sys
*** WARNING: Unable to verify timestamp for ndistapi.sys
*** ERROR: Module load completed but symbols could not be loaded for ndistapi.sys
*** WARNING: Unable to verify timestamp for mssmbios.sys
*** ERROR: Module load completed but symbols could not be loaded for mssmbios.sys
*** WARNING: Unable to verify timestamp for Dxapi.sys
*** ERROR: Module load completed but symbols could not be loaded for Dxapi.sys
*** WARNING: Unable to verify timestamp for kdcom.dll
*** ERROR: Module load completed but symbols could not be loaded for kdcom.dll
*** WARNING: Unable to verify timestamp for WMILIB.SYS
*** ERROR: Module load completed but symbols could not be loaded for WMILIB.SYS
*** WARNING: Unable to verify timestamp for viaide.sys
*** ERROR: Module load completed but symbols could not be loaded for viaide.sys
*** WARNING: Unable to verify timestamp for swenum.sys
*** ERROR: Module load completed but symbols could not be loaded for swenum.sys
*** WARNING: Unable to verify timestamp for USBD.SYS
*** ERROR: Module load completed but symbols could not be loaded for USBD.SYS
*** WARNING: Unable to verify timestamp for Fs_Rec.SYS
*** ERROR: Module load completed but symbols could not be loaded for Fs_Rec.SYS
*** WARNING: Unable to verify timestamp for Beep.SYS
*** ERROR: Module load completed but symbols could not be loaded for Beep.SYS
*** WARNING: Unable to verify timestamp for mnmdd.SYS
*** ERROR: Module load completed but symbols could not be loaded for mnmdd.SYS
*** WARNING: Unable to verify timestamp for RDPCDD.sys
*** ERROR: Module load completed but symbols could not be loaded for RDPCDD.sys
*** WARNING: Unable to verify timestamp for avg7rsw.sys
*** ERROR: Module load completed but symbols could not be loaded for avg7rsw.sys
*** WARNING: Unable to verify timestamp for dump_WMILIB.SYS
*** ERROR: Module load completed but symbols could not be loaded for dump_WMILIB.SYS
*** WARNING: Unable to verify timestamp for msmpu401.sys
*** ERROR: Module load completed but symbols could not be loaded for msmpu401.sys
*** WARNING: Unable to verify timestamp for audstub.sys
*** ERROR: Module load completed but symbols could not be loaded for audstub.sys
*** WARNING: Unable to verify timestamp for Null.SYS
*** ERROR: Module load completed but symbols could not be loaded for Null.SYS
*** WARNING: Unable to verify timestamp for dxgthk.sys
*** ERROR: Module load completed but symbols could not be loaded for dxgthk.sys
Couldn't resolve error at 'ympath srv*c:\symbols*http://msdl.microsoft.com/download/symbols '
kd> .reload;!analyze -v;r;!thread;lmnt;.logclose;q
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

WINLOGON_FATAL_ERROR (c000021a)
The Winlogon process terminated unexpectedly.
Arguments:
Arg1: e179b800, String that identifies the problem.
Arg2: 00000402, Error Code.
Arg3: 00000000
Arg4: 00000000

Debugging Details:
------------------

***** Kernel symbols are WRONG. Please fix symbols to do analysis.


MODULE_NAME: nt

FAULTING_MODULE: 804d7000 nt

DEBUG_FLR_IMAGE_TIMESTAMP: 42250ff9

ADDITIONAL_DEBUG_TEXT: Windows Logon Process

BUGCHECK_STR: 0xc000021a_402

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

LAST_CONTROL_TRANSFER: from 80629593 to 8053331e

STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
f742f934 80629593 0000004c c000021a f742f9b0 nt+0x5c31e
f742f970 806699c7 00000001 0000004c c000021a nt+0x152593
f742fb28 806461e8 c000021a 00000004 00000001 nt+0x1929c7
f742fcd4 80646631 c000021a 00000004 00000001 nt+0x16f1e8
f742fd44 804de7ec c000021a 00000004 00000001 nt+0x16f631
f742fd64 7c90eb94 badb0d00 0015fef8 00000000 nt+0x77ec
f742fd68 badb0d00 0015fef8 00000000 00000000 0x7c90eb94
f742fd6c 0015fef8 00000000 00000000 00000000 0xbadb0d00
f742fd70 00000000 00000000 00000000 00000000 0x15fef8


STACK_COMMAND: .bugcheck ; kb

FOLLOWUP_NAME: MachineOwner

BUCKET_ID: WRONG_SYMBOLS

Followup: MachineOwner
---------

eax=ffdff13c ebx=f742f9b0 ecx=00000000 edx=804dce11 esi=0000004c edi=c000021a
eip=8053331e esp=f742f91c ebp=f742f934 iopl=0 nv up ei ng nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000286
nt+0x5c31e:
8053331e 5d pop ebp
GetPointerFromAddress: unable to read from 8055ee34
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_ETHREAD ***
*** ***
*************************************************************************
865197e8: Unable to get thread contents
start end module name
804d7000 806eb100 nt ntoskrnl.exe Tue Mar 01 16:59:37 2005 (42250FF9)
806ec000 806ffd80 hal hal.dll Tue Aug 03 22:59:04 2004 (41107B28)
aac52000 aac69480 dump_atapi dump_atapi.sys Tue Aug 03 22:59:41 2004 (41107B4D)
aac92000 aacb5000 Fastfat Fastfat.SYS Tue Aug 03 23:14:15 2004 (41107EB7)
aacb5000 aad66640 avg7core avg7core.sys Sun Sep 18 17:09:57 2005 (432E01D5)
aad67000 aad87f00 ipnat ipnat.sys Wed Sep 29 15:28:36 2004 (415B3714)
aad88000 aadf6400 mrxsmb mrxsmb.sys Tue Jan 18 20:26:50 2005 (41EDE18A)
aadf7000 aae21a00 rdbss rdbss.sys Wed Oct 27 18:13:57 2004 (418047D5)
aae22000 aae43d00 afd afd.sys Tue Aug 03 23:14:13 2004 (41107EB5)
aae44000 aae6bc00 netbt netbt.sys Tue Aug 03 23:14:36 2004 (41107ECC)
aae6c000 aaec3d80 tcpip tcpip.sys Wed May 25 12:04:00 2005 (4294CC20)
aaec4000 aaed6400 ipsec ipsec.sys Tue Aug 03 23:14:27 2004 (41107EC3)
aaeff000 aaf17480 InCDfs InCDfs.SYS Mon Jan 03 02:33:41 2005 (41D91F85)
bf800000 bf9c1180 win32k win32k.sys Wed Oct 05 17:05:44 2005 (43446A58)
bf9c2000 bf9d3580 dxg dxg.sys Tue Aug 03 23:00:51 2004 (41107B93)
bf9d4000 bfa0c000 ati2dvag ati2dvag.dll Wed Aug 25 10:29:01 2004 (412CCC5D)
bfa0c000 bfa46000 ati2cqag ati2cqag.dll Wed Aug 25 10:10:18 2004 (412CC7FA)
bfa46000 bfa77000 atikvmag atikvmag.dll Tue Feb 22 18:23:15 2005 (421BE913)
bfa77000 bfc99b60 ati3duag ati3duag.dll Wed Aug 25 10:25:53 2004 (412CCBA1)
bfc9a000 bfd0e700 ativvaxx ativvaxx.dll Wed Aug 25 10:15:14 2004 (412CC922)
f72b1000 f72e4200 update update.sys Tue Aug 03 22:58:32 2004 (41107B08)
f72e5000 f72f5e00 psched psched.sys Tue Aug 03 23:04:16 2004 (41107C60)
f72f6000 f730c680 ndiswan ndiswan.sys Tue Aug 03 23:14:30 2004 (41107EC6)
f73ad000 f73c0900 parport parport.sys Tue Aug 03 22:59:04 2004 (41107B28)
f73c1000 f73e4980 portcls portcls.sys Tue Aug 03 23:15:47 2004 (41107F13)
f73e5000 f7427620 ALCXWDM ALCXWDM.SYS Mon Feb 04 00:35:39 2002 (3C5E47DB)
f7450000 f7472680 ks ks.sys Tue Aug 03 23:15:20 2004 (41107EF8)
f7473000 f7484300 Rtlnicxp Rtlnicxp.sys Thu Jul 15 23:19:52 2004 (40F77388)
f7485000 f74aa2e0 AmosNt AmosNt.SYS Thu Jul 12 05:46:21 2001 (3B4D9C1D)
f74ab000 f75318e0 HSF_CNXT HSF_CNXT.sys Thu Jul 12 05:54:18 2001 (3B4D9DFA)
f7532000 f7542f20 basic2 basic2.sys Thu Jul 12 05:49:31 2001 (3B4D9CDB)
f7543000 f7565e80 USBPORT USBPORT.SYS Tue Aug 03 23:08:34 2004 (41107D62)
f7566000 f7579780 VIDEOPRT VIDEOPRT.SYS Tue Aug 03 23:07:04 2004 (41107D08)
f757a000 f7655000 ati2mtag ati2mtag.sys Wed Aug 25 10:28:43 2004 (412CCC4B)
f7675000 f768f580 Mup Mup.sys Tue Aug 03 23:15:20 2004 (41107EF8)
f7690000 f76bca80 NDIS NDIS.sys Tue Aug 03 23:14:27 2004 (41107EC3)
f76bd000 f7749480 Ntfs Ntfs.sys Tue Aug 03 23:15:06 2004 (41107EEA)
f774a000 f7760780 KSecDD KSecDD.sys Tue Aug 03 22:59:45 2004 (41107B51)
f7761000 f777f780 fltMgr fltMgr.sys Tue Aug 03 23:01:17 2004 (41107BAD)
f7780000 f7797800 SCSIPORT SCSIPORT.SYS Tue Aug 03 22:59:39 2004 (41107B4B)
f7798000 f77af480 atapi atapi.sys Tue Aug 03 22:59:41 2004 (41107B4D)
f77b0000 f77ce880 ftdisk ftdisk.sys Fri Aug 17 13:52:41 2001 (3B7D8419)
f77cf000 f77dfa80 pci pci.sys Tue Aug 03 23:07:45 2004 (41107D31)
f77e0000 f780dd80 ACPI ACPI.sys Tue Aug 03 23:07:35 2004 (41107D27)
f782f000 f7837c00 isapnp isapnp.sys Fri Aug 17 13:58:01 2001 (3B7D8559)
f783f000 f784de80 ohci1394 ohci1394.sys Tue Aug 03 23:10:05 2004 (41107DBD)
f784f000 f785c000 1394BUS 1394BUS.SYS Tue Aug 03 23:10:03 2004 (41107DBB)
f785f000 f7869500 MountMgr MountMgr.sys Tue Aug 03 22:58:29 2004 (41107B05)
f786f000 f787bc80 VolSnap VolSnap.sys Tue Aug 03 23:00:14 2004 (41107B6E)
f787f000 f788ce80 aic78xx aic78xx.sys Thu May 10 13:23:40 2001 (3AFAF8CC)
f788f000 f7897e00 disk disk.sys Tue Aug 03 22:59:53 2004 (41107B59)
f789f000 f78ab200 CLASSPNP CLASSPNP.SYS Tue Aug 03 23:14:26 2004 (41107EC2)
f78af000 f78b9500 viaagp viaagp.sys Tue Aug 03 23:07:42 2004 (41107D2E)
f78df000 f78ed100 usbhub usbhub.sys Tue Aug 03 23:08:40 2004 (41107D68)
f790f000 f7917700 netbios netbios.sys Tue Aug 03 23:03:19 2004 (41107C27)
f791f000 f7927880 Fips Fips.SYS Fri Aug 17 18:31:49 2001 (3B7DC585)
f792f000 f7937700 wanarp wanarp.sys Tue Aug 03 23:04:57 2004 (41107C89)
f793f000 f794dd80 arp1394 arp1394.sys Tue Aug 03 22:58:28 2004 (41107B04)
f794f000 f7958200 amdk7 amdk7.sys Tue Aug 03 22:59:19 2004 (41107B37)
f795f000 f796e900 Cdfs Cdfs.SYS Tue Aug 03 23:14:09 2004 (41107EB1)
f797f000 f798e180 nic1394 nic1394.sys Tue Aug 03 22:58:28 2004 (41107B04)
f798f000 f7999e80 SOAR SOAR.SYS Thu Jul 12 05:45:26 2001 (3B4D9BE6)
f799f000 f79ad7e0 rksample rksample.sys Thu Jun 14 10:33:01 2001 (3B28F54D)
f79af000 f79bb180 cdrom cdrom.sys Tue Aug 03 22:59:52 2004 (41107B58)
f79bf000 f79cd080 redbook redbook.sys Tue Aug 03 22:59:34 2004 (41107B46)
f79cf000 f79d9380 imapi imapi.sys Tue Aug 03 23:00:12 2004 (41107B6C)
f79df000 f79edb80 drmk drmk.sys Tue Aug 03 23:07:54 2004 (41107D3A)
f79ef000 f79fed80 serial serial.sys Tue Aug 03 23:15:51 2004 (41107F17)
f79ff000 f7a0be00 i8042prt i8042prt.sys Tue Aug 03 23:14:36 2004 (41107ECC)
f7a0f000 f7a1b880 rasl2tp rasl2tp.sys Tue Aug 03 23:14:21 2004 (41107EBD)
f7a1f000 f7a29200 raspppoe raspppoe.sys Tue Aug 03 23:05:06 2004 (41107C92)
f7a2f000 f7a3ad00 raspptp raspptp.sys Tue Aug 03 23:14:26 2004 (41107EC2)
f7a3f000 f7a47900 msgpc msgpc.sys Tue Aug 03 23:04:11 2004 (41107C5B)
f7a4f000 f7a58f00 termdd termdd.sys Tue Aug 03 22:58:52 2004 (41107B1C)
f7a9f000 f7aa8480 NDProxy NDProxy.SYS Fri Aug 17 13:55:30 2001 (3B7D84C2)
f7aaf000 f7ab5200 PCIIDEX PCIIDEX.SYS Tue Aug 03 22:59:40 2004 (41107B4C)
f7ab7000 f7abb900 PartMgr PartMgr.sys Fri Aug 17 18:32:23 2001 (3B7DC5A7)
f7aef000 f7af4000 usbuhci usbuhci.sys Tue Aug 03 23:08:34 2004 (41107D62)
f7af7000 f7afd800 usbehci usbehci.sys Tue Aug 03 23:08:34 2004 (41107D62)
f7aff000 f7b06580 Modem Modem.SYS Tue Aug 03 23:08:04 2004 (41107D44)
f7b0f000 f7b16100 InCDPass InCDPass.sys Mon Jan 03 02:33:22 2005 (41D91F72)
f7b1f000 f7b25c80 incdrm incdrm.SYS Mon Jan 03 02:33:17 2005 (41D91F6D)
f7b27000 f7b28000 fdc fdc.sys unavailable (00000000)
f7b2f000 f7b34a00 mouclass mouclass.sys Tue Aug 03 22:58:32 2004 (41107B08)
f7b37000 f7b3d000 kbdclass kbdclass.sys Tue Aug 03 22:58:32 2004 (41107B08)
f7b3f000 f7b43880 TDI TDI.SYS Tue Aug 03 23:07:47 2004 (41107D33)
f7b47000 f7b4b580 ptilink ptilink.sys Fri Aug 17 13:49:53 2001 (3B7D8371)
f7b4f000 f7b53080 raspti raspti.sys Fri Aug 17 13:55:32 2001 (3B7D84C4)
f7b67000 f7b6c000 flpydisk flpydisk.sys Tue Aug 03 22:59:24 2004 (41107B3C)
f7b77000 f7b7c200 vga vga.sys Tue Aug 03 23:07:06 2004 (41107D0A)
f7b7f000 f7b83a80 Msfs Msfs.SYS Tue Aug 03 23:00:37 2004 (41107B85)
f7b87000 f7b8e880 Npfs Npfs.SYS Tue Aug 03 23:00:38 2004 (41107B86)
f7b97000 f7b9c880 avg7rsxp avg7rsxp.sys Fri Oct 21 01:43:38 2005 (4358AA3A)
f7bd7000 f7bdb500 watchdog watchdog.sys Tue Aug 03 23:07:32 2004 (41107D24)
f7c3f000 f7c42000 BOOTVID BOOTVID.dll Fri Aug 17 13:49:09 2001 (3B7D8345)
f7cb7000 f7cb9200 InCDrec InCDrec.SYS Mon Jan 03 02:33:46 2005 (41D91F8A)
f7cbb000 f7cbd280 rasacd rasacd.sys Fri Aug 17 13:55:39 2001 (3B7D84CB)
f7cd7000 f7cdac80 serenum serenum.sys Tue Aug 03 22:59:06 2004 (41107B2A)
f7cdb000 f7cdd980 gameenum gameenum.sys Tue Aug 03 23:08:20 2004 (41107D54)
f7cdf000 f7ce1580 ndistapi ndistapi.sys Fri Aug 17 13:55:29 2001 (3B7D84C1)
f7ce7000 f7ceac80 mssmbios mssmbios.sys Tue Aug 03 23:07:47 2004 (41107D33)
f7d1f000 f7d21900 Dxapi Dxapi.sys Fri Aug 17 13:53:19 2001 (3B7D843F)
f7d2f000 f7d30b80 kdcom kdcom.dll Fri Aug 17 13:49:10 2001 (3B7D8346)
f7d31000 f7d32100 WMILIB WMILIB.SYS Fri Aug 17 14:07:23 2001 (3B7D878B)
f7d33000 f7d34500 viaide viaide.sys Tue Aug 03 22:59:42 2004 (41107B4E)
f7d3f000 f7d40100 swenum swenum.sys Tue Aug 03 22:58:41 2004 (41107B11)
f7d43000 f7d44280 USBD USBD.SYS Fri Aug 17 14:02:58 2001 (3B7D8682)
f7d4f000 f7d50f00 Fs_Rec Fs_Rec.SYS Fri Aug 17 13:49:37 2001 (3B7D8361)
f7d51000 f7d52080 Beep Beep.SYS Fri Aug 17 13:47:33 2001 (3B7D82E5)
f7d53000 f7d54080 mnmdd mnmdd.SYS Fri Aug 17 13:57:28 2001 (3B7D8538)
f7d55000 f7d56080 RDPCDD RDPCDD.sys Fri Aug 17 13:46:56 2001 (3B7D82C0)
f7d57000 f7d580c0 avg7rsw avg7rsw.sys Sun Sep 18 17:09:31 2005 (432E01BB)
f7d69000 f7d6a100 dump_WMILIB dump_WMILIB.SYS Fri Aug 17 14:07:23 2001 (3B7D878B)
f7e07000 f7e07b80 msmpu401 msmpu401.sys Fri Aug 17 13:59:59 2001 (3B7D85CF)
f7e09000 f7e09c00 audstub audstub.sys Fri Aug 17 13:59:40 2001 (3B7D85BC)
f7e65000 f7e65b80 Null Null.SYS Fri Aug 17 13:47:39 2001 (3B7D82EB)
f7f72000 f7f72d00 dxgthk dxgthk.sys Fri Aug 17 13:53:12 2001 (3B7D8438)

Unloaded modules:
f7b6f000 f7b74000 Cdaudio.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
f7cb3000 f7cb6000 Sfloppy.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
Closing open log file c:\debuglog.txt

 

Hi Sven.


sympath is the dot command you have to type ".sympath "

.sympath srv*c:\symbols*http://msdl.microsoft.com/download/symbols
^

Re-run and the symbol will be resolved.

 

I think I've got it now.

Opened log file 'c:\debuglog.txt'
kd> .sympath srv*c:\symbols*http://msdl.microsoft.com/download/symbols
Symbol search path is: srv*c:\symbols*http://msdl.microsoft.com/download/symbols
WARNING: Whitespace at end of path element
kd> .reload;!analyze -v;r;!thread;lmnt;.logclose;q
Loading Kernel Symbols
....................................................................................................................
Loading unloaded module list
..
Loading User Symbols
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

WINLOGON_FATAL_ERROR (c000021a)
The Winlogon process terminated unexpectedly.
Arguments:
Arg1: e179b800, String that identifies the problem.
Arg2: 00000402, Error Code.
Arg3: 00000000
Arg4: 00000000

Debugging Details:
------------------


ADDITIONAL_DEBUG_TEXT: Windows Logon Process

BUGCHECK_STR: 0xc000021a_402

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

LAST_CONTROL_TRANSFER: from 80629593 to 8053331e

STACK_TEXT:
f742f934 80629593 0000004c c000021a f742f9b0 nt!KeBugCheckEx+0x1b
f742f970 806699c7 00000001 0000004c c000021a nt!PoShutdownBugCheck+0x5c
f742fb28 806461e8 c000021a 00000004 00000001 nt!ExpSystemErrorHandler+0x511
f742fcd4 80646631 c000021a 00000004 00000001 nt!ExpRaiseHardError+0x9a
f742fd44 804de7ec c000021a 00000004 00000001 nt!NtRaiseHardError+0x16b
f742fd44 7c90eb94 c000021a 00000004 00000001 nt!KiFastCallEntry+0xf8
WARNING: Frame IP not in any known module. Following frames may be wrong.
0015ff1c 00000000 00000000 00000000 00000000 0x7c90eb94


FOLLOWUP_IP:
nt!KiFastCallEntry+f8
804de7ec 8be5 mov esp,ebp

SYMBOL_STACK_INDEX: 5

FOLLOWUP_NAME: MachineOwner

SYMBOL_NAME: nt!KiFastCallEntry+f8

MODULE_NAME: nt

IMAGE_NAME: ntoskrnl.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 42250ff9

STACK_COMMAND: kb

FAILURE_BUCKET_ID: 0xc000021a_402_nt!KiFastCallEntry+f8

BUCKET_ID: 0xc000021a_402_nt!KiFastCallEntry+f8

Followup: MachineOwner
---------

eax=ffdff13c ebx=f742f9b0 ecx=00000000 edx=804dce11 esi=0000004c edi=c000021a
eip=8053331e esp=f742f91c ebp=f742f934 iopl=0 nv up ei ng nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000286
nt!KeBugCheckEx+0x1b:
8053331e 5d pop ebp
GetPointerFromAddress: unable to read from 8055ee34
THREAD 865197e8 Cid 01d4.01d8 Teb: 7ffdd000 Win32Thread: 00000000 RUNNING on processor 0
Not impersonating
GetUlongFromAddress: unable to read from 8055ee44
Owning Process 8651c220 Image: smss.exe
ffdf0000: Unable to get shared data
Wait Start TickCount 3515
Context Switch Count 152
ReadMemory error: Cannot get nt!KeMaximumIncrement value.
UserTime 00:00:00.0000
KernelTime 00:00:00.0000
Start Address 0x4858a4c8
Stack Init f7430000 Current f742f754 Base f7430000 Limit f742d000 Call 0
Priority 11 BasePriority 11 PriorityDecrement 0 DecrementCount 16
ChildEBP RetAddr Args to Child
f742f934 80629593 0000004c c000021a f742f9b0 nt!KeBugCheckEx+0x1b (FPO: [Non-Fpo])
f742f970 806699c7 00000001 0000004c c000021a nt!PoShutdownBugCheck+0x5c (FPO: [Non-Fpo])
f742fb28 806461e8 c000021a 00000004 00000001 nt!ExpSystemErrorHandler+0x511 (FPO: [Non-Fpo])
f742fcd4 80646631 c000021a 00000004 00000001 nt!ExpRaiseHardError+0x9a (FPO: [Non-Fpo])
f742fd44 804de7ec c000021a 00000004 00000001 nt!NtRaiseHardError+0x16b (FPO: [Non-Fpo])
f742fd44 7c90eb94 c000021a 00000004 00000001 nt!KiFastCallEntry+0xf8 (FPO: [0,0] TrapFrame @ f742fd64)
WARNING: Frame IP not in any known module. Following frames may be wrong.
0015ff1c 00000000 00000000 00000000 00000000 0x7c90eb94

start end module name
804d7000 806eb100 nt ntoskrnl.exe Tue Mar 01 16:59:37 2005 (42250FF9)
806ec000 806ffd80 hal halacpi.dll Tue Aug 03 22:59:04 2004 (41107B28)
aac52000 aac69480 dump_atapi dump_atapi.sys Tue Aug 03 22:59:41 2004 (41107B4D)
aac92000 aacb5000 Fastfat Fastfat.SYS Tue Aug 03 23:14:15 2004 (41107EB7)
aacb5000 aad66640 avg7core avg7core.sys Sun Sep 18 17:09:57 2005 (432E01D5)
aad67000 aad87f00 ipnat ipnat.sys Wed Sep 29 15:28:36 2004 (415B3714)
aad88000 aadf6400 mrxsmb mrxsmb.sys Tue Jan 18 20:26:50 2005 (41EDE18A)

Thanks for being patient with me

Sven