Windows XP corrupts registry every several hours
There is a Dell XPS 400 with Windows Media Center installer.
It is installed on RAID (Intel Matrix Storage) which is built-in chipset south bridge.
Raid has two 150 Gb WDC drivers connected as mirror.
All drivers and updates are installed( sp3 and so on).
A week ago PC changed its video mode to 256 colors (like VESA mode) and after several moments I got BSOD: c000021a: 0xc0000005
Doctor watson did not create dump although it is installed as default debugger.
After reboot it said that config file is missing or corrupted. So, I boot to recovery console and found that registry file (config) is so small. I've replaced it with one from recovery point and windows booted sucessfully.
But after about 3 hrs -- it has crashed again in the same wat!
I look in event viewer: is said that Explorer.exe failed to open \global??\DLIAFS.
I look in winobj, and found that it is a device. I made "deny from everyone" for this device ACL, and after several hours my windows crashed.
I restored registry, boot again and there was no error about DLIAFS. I did full chkdsk and it did not found anything bad. But I found event about error paging to \Harddrive1\D. I do not have pagefile there, but I thought I should check my disk again. Unfortunatelly I cannt use smart tools for RAID, but I downloaded latest software from Intel (it can do the same things like RAID bios can but from windows).
It verified my disks, found some errors, fix them, than I rebooted. And it crashed again.
I am lost. What (except kernel debugging) could be done here?
Thanks
Hennes4 Answers
Sounds like bad ram to me, as Dan suggested get the Ultimate Boot CD and run memtest86+
I built a machine that kept killing the registry, anywhere between 1 minute after boot to an hour... Memtest86 showed a fault and half an hour later I had a new stick of RAM from the shop.
MokubaiSounds like bad hardware. Try booting from the Ultimate Windows Boot CD and run scans on the drives directly. One of them is most likely bad.
DanI look in event viewer: is said that Explorer.exe failed to open \global??\DLIAFS
It sounds an awful lot like an infection to me. First-generation malware did a great job of mucky-mucking things up, and getting explorer to play along with whatever crapware was inserted usually was the first indication something was wrong. Couple this with the system wanting to access some random 5 or 6 character string that was a program wedged somewhere on the boot drive and you have all the signs of an infection. I'd boot a live linux CD and run a scanner (clamav), or pull the drive and attach it to a machine with known-good antivirus/antimalware protection and scan it.
I restored registry, boot again and there was no error about DLIAFS. I did full chkdsk and it did not found anything bad. But I found event about error paging to \Harddrive1\D. I do not have pagefile there, but I thought I should check my disk again. Unfortunatelly I cannt use smart tools for RAID, but I downloaded latest software from Intel (it can do the same things like RAID bios can but from windows). It verified my disks, found some errors, fix them, than I rebooted. And it crashed again.
If the malware scan doesn't pay off, I'd look closely at your RAM. Unseated or bad RAM could cause this. Power the machine off, re-seat all of your memory (unlatch it, then re-latch it to the socket), and try again. If it persists, pull all of the sticks and place them back in one at a time (or in pairs if your system requires it), or better yet see if you can borrow some RAM from someone else.
Avery PayneHave you run a virus/trojan scan?
It's unusual (but not unknown) for malware to completely destroy your OS, as it's more useful (to the writer) to have your machine working for them.
ChrisFUser contributions licensed under CC BY-SA 3.0