Registry Crashes System

Status
Not open for further replies.
Hope someone can help :)

Everytime I access the registry, try to backup the registry etc. I get the BSOD. I have managed to track the error to the following key:
[HKEY_USERS\S-1-5-21-507921405-606747145-682003330-1003
\Software\Microsoft\Windows\ShellNoRoam\Bags]
Unfortunately as soon as I click on the key, my machine crashes. I am running XP SP2 with all the latest patches. I have tested memory etc. I have tried various registry cleaners, but the same result, with the BSOD appearing almost at the end of the backup/clean. I have attached a few of the minidump files.
 
I have also included below my first attempt at windows debugging!


Microsoft (R) Windows Debugger Version 6.6.0007.5
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini091706-02.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: c:\localstore*http://msdl.microsoft.com/download/symbols

Executable search path is:
Unable to load image \WINDOWS\system32\ntoskrnl.exe, Win32 error 2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805624a0
Debug session time: Sun Sep 17 21:03:12.109 2006 (GMT+2)
System Uptime: 0 days 8:23:41.821
Unable to load image \WINDOWS\system32\ntoskrnl.exe, Win32 error 2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Loading Kernel Symbols
...........................................................................................................................................
Loading User Symbols
Loading unloaded module list
.................
ERROR: FindPlugIns 8007007b
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 50, {fbfffff8, 0, 80550211, 0}

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

Probably caused by : ntoskrnl.exe ( nt+79211 )

Followup: MachineOwner
---------

1: kd> .sympath http://msdl.microsoft.com/download/symbols
Symbol search path is: http://msdl.microsoft.com/download/symbols
1: kd> .reload
Map \WINDOWS\system32\ntoskrnl.exe:
Image region 80000:f7a00 does not fit in mapping
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Loading Kernel Symbols
...........................................................................................................................................
Loading User Symbols
Loading unloaded module list
.................
1: kd> !analyze -v
ERROR: FindPlugIns 8007007b
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: fbfffff8, memory referenced.
Arg2: 00000000, value 0 = read operation, 1 = write operation.
Arg3: 80550211, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 00000000, (reserved)

Debugging Details:
------------------

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

***** Kernel symbols are WRONG. Please fix symbols to do analysis.


MODULE_NAME: nt

FAULTING_MODULE: 804d7000 nt

DEBUG_FLR_IMAGE_TIMESTAMP: 42250f77

READ_ADDRESS: unable to get nt!MmSpecialPoolStart
unable to get nt!MmSpecialPoolEnd
unable to get nt!MmPoolCodeStart
unable to get nt!MmPoolCodeEnd
fbfffff8

FAULTING_IP:
nt+79211
80550211 ?? ???

MM_INTERNAL_CODE: 0

CUSTOMER_CRASH_COUNT: 2

DEFAULT_BUCKET_ID: WRONG_SYMBOLS

BUGCHECK_STR: 0x50

LAST_CONTROL_TRANSFER: from 00000000 to 805371aa

STACK_TEXT:
8ece6b24 00000000 fbfffff8 00000000 8ece6ba8 nt+0x601aa


STACK_COMMAND: .bugcheck ; kb

FOLLOWUP_IP:
nt+79211
80550211 ?? ???

FOLLOWUP_NAME: MachineOwner

IMAGE_NAME: ntoskrnl.exe

SYMBOL_NAME: nt+79211

BUCKET_ID: WRONG_SYMBOLS

Followup: MachineOwner
---------
 
Status
Not open for further replies.
Back