Jump to content

Toshiba Satelite Win7 64 Bit Will not boot

ichase

By ichase
in All Things Windows

 Share

Recommended Posts

  • Replies 80
  • Created
  • Last Reply

Top Posters In This Topic

  • ichase

    23

  • V.T. Eric Layton

    12

  • Corrine

    7

  • jcgriff2

    7

Popular Days

Top Posters In This Topic

Popular Days

Tushman

Tushman

Posted
Posted
All this work. :(

 

JUST NUKE IT! You know you want to. ;)

 

Here, let me help...

 

 

If the operating system will no longer boot, a complete re-install would probably be the quickest solution. However, analyzing a memory dump file could still be useful. Especially if the problem was originally caused by a buggy driver for instance. Knowing this will prevent future hiccups even if you were to do a fresh install.

Link to comment
Share on other sites
jcgriff2

jcgriff2

Posted
Posted (edited)

Hi -

 

The bugchecks on the 4 dumps -

 

(2) 0x1e (0xc0000005,,,) = kernel threw an exception; the excp = 1st parm = 0xc0000005 = memory access violation

(2) 0x109 (,,,0x1) = kernel corruption; modification of .pdata (code section function exception handling info)

 

The 0x109 BSODs both occurred on 29 January 2012; one just 14 seconds after boot; the other 29 seconds after boot. There are 3 basic ways for kernel corruption to occur -

1. driver modified kernel code (only Windows Updates can do this)

2. hardware failure (such as RAMs inability to hold kernel code)

3. driver developer hard-assert

 

#3 does not apply here, so either hardware failure occurred or a rogue driver exists - which could be an outdated driver or an infected one

 

kdcom.dll does appear in the 0x109 dumps, likely due to recent Windows Updates and kdcom has not yet been added to the Microsoft MSDL symbol server - 

*** WARNING: Unable to verify timestamp for kdcom.dll
*** ERROR: Module load completed but symbols could not be loaded for kdcom.dll
Probably caused by : kdcom.dll ( kdcom+182c )

 

I have the same version of kdcom in my ststem and it tested fine (note the 18 Jan timestamp) - 

1: kd> lmvm kdcom
start             end                 module name
fffff800`00bbc000 fffff800`00bbf000   kdcom    T (no symbols)           
    Loaded symbol image file: kdcom.dll
    Image path: \SystemRoot\system32\kdcom.dll
    Image name: kdcom.dll
    Timestamp:        Wed Jan 18 18:31:51 2012 (4F175667)
    CheckSum:         0000F59B
    ImageSize:        00003000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4

 

The 2 0x1e (0xc5,,,) BSODs occurred on 30 Jan and 10 Feb. Exception 0xc5 (memory access violation) can be caused by RAM failure or a driver attempting to access memory that is off limits (access denied). I often see 0xc5 where 3rd party firewalls are installed on Windows 7 & Vista systems.

 

I noticed that NIS/N360 installation was updated before the 4th and final BSOD based on driver timestamps and am not sure if Norton was a contributing cause or not.

 

My reccomendations would have been to run memtest86+, run Driver Verifier and check Toshiba Support for a BIOS update - (check label for exact L505 model) -

BiosVersion = 1.40
BiosReleaseDate = 09/07/2009
SystemManufacturer = TOSHIBA
SystemProductName = Satellite L505

 

The kdcom symbol issue aside, all 4 dumps named the default NT Kernel as the probable cause, leaving us with no definitive cause.

 

I did not see any references to volsnap.sys as mentioned in prior posts.

 

Sorry that I could not be more helpful here.

 

 

Windbg Logs - http://sysnative.com/BSOD2012/jcgriff2logs..._02-20-2012.txt

 

Kind Regards. . .

 

John

 

 

`

 

BSOD SUMMARY 

Loading Dump File [C:\Users\PalmDesert\_jcgriff2_\dbug\__Kernel__\021012-36254-01.dmp]
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Debug session time: Fri Feb 10 11:58:26.822 2012 (GMT-5)
System Uptime: 0 days 18:34:45.649
Probably caused by : ntkrnlmp.exe ( nt!ObpCreateHandle+29a )
DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
BUGCHECK_STR:  0x1E
PROCESS_NAME:  rundll32.exe
FAILURE_BUCKET_ID:  X64_0x1E_nt!ObpCreateHandle+29a
Bugcheck code 0000001E
Arguments ffffffff`c0000005 fffff800`02f94a9a 00000000`00000001 00000000`00000018
BiosVersion = 1.40
BiosReleaseDate = 09/07/2009
SystemManufacturer = TOSHIBA
SystemProductName = Satellite L505
MaxSpeed:     2200
CurrentSpeed: 2194
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨
¨¨¨¨¨¨``
Loading Dump File [C:\Users\PalmDesert\_jcgriff2_\dbug\__Kernel__\013012-39156-01.dmp]
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Debug session time: Mon Jan 30 05:11:58.989 2012 (GMT-5)
System Uptime: 0 days 6:27:31.721
Probably caused by : ntkrnlmp.exe ( nt!ObpCreateHandle+29a )
DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
BUGCHECK_STR:  0x1E
PROCESS_NAME:  conhost.exe
FAILURE_BUCKET_ID:  X64_0x1E_nt!ObpCreateHandle+29a
Bugcheck code 0000001E
Arguments ffffffff`c0000005 fffff800`02fbea9a 00000000`00000001 00000000`00000018
BiosVersion = 1.40
BiosReleaseDate = 09/07/2009
SystemManufacturer = TOSHIBA
SystemProductName = Satellite L505
MaxSpeed:     2200
CurrentSpeed: 2194
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨
¨¨¨¨¨¨``
Loading Dump File [C:\Users\PalmDesert\_jcgriff2_\dbug\__Kernel__\012912-31044-01.dmp]
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Debug session time: Sun Jan 29 22:39:05.682 2012 (GMT-5)
System Uptime: 0 days 0:13:58.415
*** WARNING: Unable to verify timestamp for kdcom.dll
*** ERROR: Module load completed but symbols could not be loaded for kdcom.dll
Probably caused by : kdcom.dll ( kdcom+182c )
BUGCHECK_STR:  0x109
DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
PROCESS_NAME:  System
FAILURE_BUCKET_ID:  X64_0x109_kdcom+182c
Bugcheck code 00000109
Arguments a3a039d8`9a0aa5a8 b3b7465e`ec88def6 fffff800`00bd182c 00000000`00000001
BiosVersion = 1.40
BiosReleaseDate = 09/07/2009
SystemManufacturer = TOSHIBA
SystemProductName = Satellite L505
MaxSpeed:     2200
CurrentSpeed: 2194
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨
¨¨¨¨¨¨``
Loading Dump File [C:\Users\PalmDesert\_jcgriff2_\dbug\__Kernel__\012912-28017-01.dmp]
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Debug session time: Sun Jan 29 18:21:30.512 2012 (GMT-5)
System Uptime: 0 days 0:28:03.244
*** WARNING: Unable to verify timestamp for kdcom.dll
*** ERROR: Module load completed but symbols could not be loaded for kdcom.dll
Probably caused by : kdcom.dll ( kdcom+182c )
BUGCHECK_STR:  0x109
DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
PROCESS_NAME:  System
FAILURE_BUCKET_ID:  X64_0x109_kdcom+182c
Bugcheck code 00000109
Arguments a3a039d8`9a8856cd b3b7465e`ed06901b fffff800`00bbd82c 00000000`00000001
BiosVersion = 1.40
BiosReleaseDate = 09/07/2009
SystemManufacturer = TOSHIBA
SystemProductName = Satellite L505
MaxSpeed:     2200
CurrentSpeed: 2194
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨
¨¨¨¨¨¨``

Edited by jcgriff2
Link to comment
Share on other sites
V.T. Eric Layton

V.T. Eric Layton

Posted
Posted
Thanks J. C. for looking. No one could ask for more than that. And some insight was obtained from your analysis. :thumbsup:

 

Indeed! And welcome to Scot's, JC. Don't pay any attention to those silly Linux users from the peanut gallery. ;)

Link to comment
Share on other sites
ichase

ichase

Posted
  • Author
Posted

John,

I second Fran when she stated we could not ask for anything more in your analysis. Definitely gives me some direction in hopes of saving this one. I would rather not have the owner have to buy a new laptop or purchase Windows 7. Part that bugs me is the fact that I can't access the recovery partition. That would be nice and save the owner more money.

 

I will do some research to see if a BIOS update is available for this laptop. I already ran memtest86 and all scans came back clean. Looks like Driver Verifier could come in handy but does it run off an iso? With out any way to boot the OS, it would be the only way to run it.

 

Thanks again for the very thorough analysis not to mention your time in helping me with this one.

 

Ian

Link to comment
Share on other sites
jcgriff2

jcgriff2

Posted
Posted

Hi Ian...

 

I was re-reading the thread and noticed in post #1 you mentioned that system restore failed with error code 0x8000ffff, which = catastrophic failure occurred (not much help!).

 

I ran the dumps through 3 different versions of Windbg because each can give slightly different/ additional info -

- 6.11.0001.404

- 6.12.0002.633

- 6.2.8102.0 (Windows 8 WDDK)

 

In this case, all results were the same.

 

I just ran them through BlueScreenView and now see volsnap.sys listed in the 2 most recent dumps just below ntoskrnl.exe (Windows NT Kernel).

 

volsnap may be an indication of HDD failure. Did you run HDD diags, such as SeaTools for DOS, LONG test?

 

http://www.techsupportforum.com/2828431-post7.html

 

Also, if needed, you can purchase recovery media from Toshiba for ~$30 - http://forums.toshiba.com/t5/System-Recove.../m-p/9148#U9148

 

If you want to wipe the HDD and see if Windows 7 runs OK on the existing hardware, Microsoft offers Windows 7 Enterprise 90-day trial ISO -

 

http://technet.microsoft.com/en-us/evalcenter/cc442495

 

I would suggest using a DOS-based low-level format first - http://sysnative.com/0x1/killdisk_imgburn.html

 

Regards. . .

 

John

Link to comment
Share on other sites
Guest LilBambi

Guest LilBambi

Posted
Posted

If it could be hardware related issues, do you have SpinRite Ian? It is a non-destructive way to see if it can be recovered.

 

Great idea about the Seagate tools, too J.C. So volsnap can also mean hard drive failure?

 

Great idea on the Toshiba Restore Disks, J.C. Some of my clients have gone that route just to have a set available for times like these.

Link to comment
Share on other sites
ichase

ichase

Posted
  • Author
Posted

More great food for thought John and Fran. Thank you. I have not run either any HDD Diagnostic tools or SpinRite. I now have some great info to start moving forward with. I am sure there are many watching this post so I will reply back with results.

 

Thanks again all,

 

Ian

Link to comment
Share on other sites
ichase

ichase

Posted
  • Author
Posted

Well the thing is, if it does not, I have definitely learned a lot with this one laptop which I am always happy to do. Currently running SeaTools for DOS long version test and will move on from there. If for some reason I am lucky enough to get this up and running with out a full wipe I will definitely recommend to the customer to purchase the backup disks from Toshiba.

Either way, I have his most important data saved to external so that piece of mind is at least there at this point. I have found that most customers I deal with feel the data on the HDD is more valuable then the entire computer itself. I am sure you all can relate. ;)

 

I just wanted to thank you all again for taking the time to assist and give great Advice. Even you Eric :hysterical: I can tell you this, 1, if this was my laptop I would have used your nuke button a while back 2. The laptop would have had Linux on it eliminating the need for the nuke button in the first place. ;)

 

All the best,

 

Ian

Link to comment
Share on other sites
amenditman

amenditman

Posted
Posted
Well the thing is, if it does not, I have definitely learned a lot with this one laptop which I am always happy to do. Currently running SeaTools for DOS long version test and will move on from there. If for some reason I am lucky enough to get this up and running with out a full wipe I will definitely recommend to the customer to purchase the backup disks from Toshiba.

Either way, I have his most important data saved to external so that piece of mind is at least there at this point. I have found that most customers I deal with feel the data on the HDD is more valuable then the entire computer itself. I am sure you all can relate. ;)

 

I just wanted to thank you all again for taking the time to assist and give great Advice. Even you Eric :hysterical: I can tell you this, 1, if this was my laptop I would have used your nuke button a while back 2. The laptop would have had Linux on it eliminating the need for the nuke button in the first place. ;)

 

All the best,

 

Ian

Linux is definitely the solution to the world's nuclear disaster problem! :hysterical:

 

Link to comment
Share on other sites
V.T. Eric Layton

V.T. Eric Layton

Posted
Posted

There's an old saying down South,

 

"He needed killin'."

 

This is similar to one of my favorite sayings regarding repairing computer issues,

 

"Sometimes, ya' just gotta' NUKE 'em!"

 

World__s_Smallest_by_Zmann966.gif

Link to comment
Share on other sites
ichase

ichase

Posted
  • Author
Posted (edited)
So true, Eric! Sometimes you do have to Nuke'm. However, it doesn't mean we can't learn something along the way. ;)

Very True Fran. Let's face it. I don't make a ton of money at all and the computer repair I do on the side I do to supliment my income. If I can learn more that only results in more income to keep the roof over the head and food on the table for the family. ;)

Not to mention when I have a customer come to me after a fix and tell me how happy they are and how great their computer is running.....Well......That's a good feeling too. ;)

 

But with that being said, I have used the nuke option many times before. :thumbsup:

Edited by ichase
Link to comment
Share on other sites
ichase

ichase

Posted
  • Author
Posted

John, while I have you here, you mentioned Driver Analyser and I clicked on the link. With the inability to boot into the OS, can this be run from an ISO or from command prompt? I am able to get into command prompt from the Win7 Recovery CD. I used that at the beginning to run checkdsk /r

 

Thanks

Link to comment
Share on other sites
Guest LilBambi

Guest LilBambi

Posted
Posted

Ian, sometimes, it doesn't matter how well we can clean a computer, if it's not going to be trustworthy, because of massive rootkit infection and not being able to tell definitively that you got everything and you can't know for sure if there is a ticking timebomb that will go off sometime down the road, then boot'n'nuke can a really good thing.

 

I hate to give up on a system, but sometimes, as you say, it just makes sense so the computer is a trustworthy thing for the user.

Link to comment
Share on other sites
ichase

ichase

Posted
  • Author
Posted
Ian, sometimes, it doesn't matter how well we can clean a computer, if it's not going to be trustworthy, because of massive rootkit infection and not being able to tell definitively that you got everything and you can't know for sure if there is a ticking timebomb that will go off sometime down the road, then boot'n'nuke can a really good thing.

 

I hate to give up on a system, but sometimes, as you say, it just makes sense so the computer is a trustworthy thing for the user.

I can't agree with you more. I hate given up mainly because I am hard headed, but I do agree and have done it before where I have DBaN'd the HDD and installed the OS from scratch.

 

Hard headed or not, I definitely know when it is time to throw in the towel. With so much great advice through this thread, Eric's solution is sounding more and more like the correct end result. ;)

Link to comment
Share on other sites
ichase

ichase

Posted
  • Author
Posted

Update to this point

- Checked for updated BIOS. There is a BIOS update from the current 1.40 to 1.50 but what it provides is not going to help.

- Ran SeaTools for DOS - Long Test (2 hours 2 minutes) Test Passed,

- Ran MemTest86 - Test passed.

 

At this point, I will be leaving it up to the owner as to how he wants to proceed.

 

Thanks everyone for your help. It has been a great learning experience even if we did not get a full "end result" of the problem.

 

Ian

Link to comment
Share on other sites
amenditman

amenditman

Posted
Posted

ichase mentioned earlier in the thread that this computer was used for some NSFW adult web browsing.

As such, the problem is going to re-occur. Save the user's files to an external medium, instruct user to save future files to an external medium, NUKE it.

 

After re-install, I would recommend imaging the hdd with Clonezilla (on the PartedMagic Live distro or directly) prior to returning it to the user. That way, when you get it back in a few months you can charge full price for a full restore but save yourself a lot of aggravation.

Link to comment
Share on other sites
Guest LilBambi

Guest LilBambi

Posted
Posted

Excellent idea on imaging the drive before you give it back. Next time you will be able to just restore the system after backing up any current personal data (if any new stuff was added).

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...