Help
hello im still new here, but i had a problem a couple of days ago and the person who helped me was great so thanks to that person. so now to see if i can fix the dreaded bsod errors. i read over the post about what causes the bsod, and about the memory dump. i looked and looked and could not find that file on my computer, apparently you have to go in and set that up? i did so now i should get the memory dump like what was talked about. but the error memory management is what the last one said. generally the blue screen goes off to quickly. so under the event viewer though the only errors i see are under system this one says " Timeout(30000 milliseconds)waiting for roxio hard drive watcher 9 service to connect. the other is under application and it says loadperf the performance counter name string value in the registry is incorrectly formatted. the bogus string is 49. the bougus index value is the first d word in data section while the last valid index values are the second and the third dword in data section. now will these or are these errors causeing the bsod? i know that microsoft says to go to command promt and type lodctr /r to rebuild the string. is that like safe mode command prompt? or type cmd in the run box and do it there. this error has been around for awhile, theses two errors are the only two i see when the computer crashes and i goto the event viewer. im not that smart with the computer i just want it to run without crashing. any help would be awesome thank you mark
BSOD Help Split topic
Back to top
#2
- Computer Masochist
-
- Group: Staff Emeritus
- Posts: 27,809
- Joined: 27-January 07
- Location:Cleveland, Ohio
Posted 27 May 2009 - 05:33 PM
Split from another topic to it's own thread
Mark
why won't my laptop work?
Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter
why won't my laptop work?
Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter
#3
- Forum Addict
-
- Group: Moderator
- Posts: 31,425
- Joined: 03-September 05
- Gender:Male
- Location:Killeen, TX
Posted 27 May 2009 - 06:51 PM
Hi 
.
Let's just go back to the beginning.
Dump files...we need that information, otherwise this just turns into a big guessing game by persons intending to be helpful.
To find any dump files on your system, you must be able to view system/hidden files.
http://www.bleepingcomputer.com/tutorials/how-to-see-hidden-files-in-windows/
Once you are able to see all files, you need to do a Search (of All Files & Folers, including System and Hidden) for any/all .dmp files (Start/Search...select All Files & Folders...type *.dmp in the All Or Part Of The Filename box...push Search.
The path listed will show you where they are.
Help Diagnosing BSODs And Crashes (BC) - http://www.bleepingcomputer.com/forums/topic176011.html
<<...im not that smart with the computer i just want it to run without crashing.>>
We want the same thing, let's help each other.
Louis
.Let's just go back to the beginning
.Dump files...we need that information, otherwise this just turns into a big guessing game by persons intending to be helpful.
To find any dump files on your system, you must be able to view system/hidden files.
http://www.bleepingcomputer.com/tutorials/how-to-see-hidden-files-in-windows/
Once you are able to see all files, you need to do a Search (of All Files & Folers, including System and Hidden) for any/all .dmp files (Start/Search...select All Files & Folders...type *.dmp in the All Or Part Of The Filename box...push Search.
The path listed will show you where they are.
Help Diagnosing BSODs And Crashes (BC) - http://www.bleepingcomputer.com/forums/topic176011.html
<<...im not that smart with the computer i just want it to run without crashing.>>
We want the same thing, let's help each other.
Louis
#5
- New Member
-
- Group: Members
- Posts: 13
- Joined: 25-May 09
Posted 02 June 2009 - 12:05 PM
OK... maybe i'm stupid but i cant figure out how to out the report here i saved it to the clipboard, but where the crap is that at? but according to what it said its memory corruption. so please tell me how to find the clipboard, and ill post it. thanks guys you all are terrific here. there should be some kind of reward for you all here. you are providing an invaluable service, and i want to say thank you again.
#6
- New Member
-
- Group: Members
- Posts: 13
- Joined: 25-May 09
Posted 02 June 2009 - 12:11 PM
also i did look at the descriptions, the only one i saw was the irq not less or equal, the last bsod said memory management and was not there. but thank you
#7
- New Member
-
- Group: Members
- Posts: 13
- Joined: 25-May 09
Posted 02 June 2009 - 12:32 PM
ha!!!!! HA!!! i figured it out, um sorry here is the report from the debugger.
Microsoft ® Windows Debugger Version 6.11.0001.404 X86
Copyright © Microsoft Corporation. All rights reserved.
Loading Dump File [C:\WINDOWS\Minidump\Mini052609-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 3) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp3_gdr.090206-1234
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720
Debug session time: Tue May 26 11:32:18.171 2009 (GMT-5)
System Uptime: 0 days 0:01:19.906
Loading Kernel Symbols
...............................................................
................................................................
........................
Loading User Symbols
Loading unloaded module list
..............................................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1A, {41284, 5de00001, 0, c0883000}
Probably caused by : memory_corruption ( nt!MiLocateWsle+c1 )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
MEMORY_MANAGEMENT (1a)
# Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 00041284, A PTE or the working set list is corrupt.
Arg2: 5de00001
Arg3: 00000000
Arg4: c0883000
Debugging Details:
------------------
BUGCHECK_STR: 0x1a_41284
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
PROCESS_NAME: LULnchr.exe
LAST_CONTROL_TRANSFER: from 80523319 to 804f9f43
STACK_TEXT:
a0803b10 80523319 0000001a 00041284 5de00001 nt!KeBugCheckEx+0x1b
a0803b48 80523b9f 00000000 5de00000 c0601778 nt!MiLocateWsle+0xc1
a0803b7c 80523fb8 c02ef000 5de00000 00000000 nt!MiDeletePte+0x1fd
a0803c44 8051a1dd e1b87b48 5de87fff 00000000 nt!MiDeleteVirtualAddresses+0x164
a0803cf4 805b2d79 899a5a20 89ab9ad0 a0803d64 nt!MiRemoveMappedView+0x237
a0803d38 805b2e68 899ec3b8 8a2fc9e8 00000000 nt!MiUnmapViewOfSection+0x12b
a0803d54 8054162c ffffffff 899a5a20 0012d40c nt!NtUnmapViewOfSection+0x54
a0803d54 7c90e514 ffffffff 899a5a20 0012d40c nt!KiFastCallEntry+0xfc
WARNING: Frame IP not in any known module. Following frames may be wrong.
0012d40c 00000000 00000000 00000000 00000000 0x7c90e514
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!MiLocateWsle+c1
80523319 2b45f0 sub eax,dword ptr [ebp-10h]
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!MiLocateWsle+c1
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
DEBUG_FLR_IMAGE_TIMESTAMP: 498c11d3
IMAGE_NAME: memory_corruption
FAILURE_BUCKET_ID: 0x1a_41284_nt!MiLocateWsle+c1
BUCKET_ID: 0x1a_41284_nt!MiLocateWsle+c1
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
MEMORY_MANAGEMENT (1a)
# Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 00041284, A PTE or the working set list is corrupt.
Arg2: 5de00001
Arg3: 00000000
Arg4: c0883000
Debugging Details:
------------------
BUGCHECK_STR: 0x1a_41284
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
PROCESS_NAME: LULnchr.exe
LAST_CONTROL_TRANSFER: from 80523319 to 804f9f43
STACK_TEXT:
a0803b10 80523319 0000001a 00041284 5de00001 nt!KeBugCheckEx+0x1b
a0803b48 80523b9f 00000000 5de00000 c0601778 nt!MiLocateWsle+0xc1
a0803b7c 80523fb8 c02ef000 5de00000 00000000 nt!MiDeletePte+0x1fd
a0803c44 8051a1dd e1b87b48 5de87fff 00000000 nt!MiDeleteVirtualAddresses+0x164
a0803cf4 805b2d79 899a5a20 89ab9ad0 a0803d64 nt!MiRemoveMappedView+0x237
a0803d38 805b2e68 899ec3b8 8a2fc9e8 00000000 nt!MiUnmapViewOfSection+0x12b
a0803d54 8054162c ffffffff 899a5a20 0012d40c nt!NtUnmapViewOfSection+0x54
a0803d54 7c90e514 ffffffff 899a5a20 0012d40c nt!KiFastCallEntry+0xfc
WARNING: Frame IP not in any known module. Following frames may be wrong.
0012d40c 00000000 00000000 00000000 00000000 0x7c90e514
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!MiLocateWsle+c1
80523319 2b45f0 sub eax,dword ptr [ebp-10h]
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!MiLocateWsle+c1
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
DEBUG_FLR_IMAGE_TIMESTAMP: 498c11d3
IMAGE_NAME: memory_corruption
FAILURE_BUCKET_ID: 0x1a_41284_nt!MiLocateWsle+c1
BUCKET_ID: 0x1a_41284_nt!MiLocateWsle+c1
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
MEMORY_MANAGEMENT (1a)
# Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 00041284, A PTE or the working set list is corrupt.
Arg2: 5de00001
Arg3: 00000000
Arg4: c0883000
Debugging Details:
------------------
BUGCHECK_STR: 0x1a_41284
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
PROCESS_NAME: LULnchr.exe
LAST_CONTROL_TRANSFER: from 80523319 to 804f9f43
STACK_TEXT:
a0803b10 80523319 0000001a 00041284 5de00001 nt!KeBugCheckEx+0x1b
a0803b48 80523b9f 00000000 5de00000 c0601778 nt!MiLocateWsle+0xc1
a0803b7c 80523fb8 c02ef000 5de00000 00000000 nt!MiDeletePte+0x1fd
a0803c44 8051a1dd e1b87b48 5de87fff 00000000 nt!MiDeleteVirtualAddresses+0x164
a0803cf4 805b2d79 899a5a20 89ab9ad0 a0803d64 nt!MiRemoveMappedView+0x237
a0803d38 805b2e68 899ec3b8 8a2fc9e8 00000000 nt!MiUnmapViewOfSection+0x12b
a0803d54 8054162c ffffffff 899a5a20 0012d40c nt!NtUnmapViewOfSection+0x54
a0803d54 7c90e514 ffffffff 899a5a20 0012d40c nt!KiFastCallEntry+0xfc
WARNING: Frame IP not in any known module. Following frames may be wrong.
0012d40c 00000000 00000000 00000000 00000000 0x7c90e514
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!MiLocateWsle+c1
80523319 2b45f0 sub eax,dword ptr [ebp-10h]
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!MiLocateWsle+c1
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
DEBUG_FLR_IMAGE_TIMESTAMP: 498c11d3
IMAGE_NAME: memory_corruption
FAILURE_BUCKET_ID: 0x1a_41284_nt!MiLocateWsle+c1
BUCKET_ID: 0x1a_41284_nt!MiLocateWsle+c1
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
MEMORY_MANAGEMENT (1a)
# Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 00041284, A PTE or the working set list is corrupt.
Arg2: 5de00001
Arg3: 00000000
Arg4: c0883000
Debugging Details:
------------------
BUGCHECK_STR: 0x1a_41284
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
PROCESS_NAME: LULnchr.exe
LAST_CONTROL_TRANSFER: from 80523319 to 804f9f43
STACK_TEXT:
a0803b10 80523319 0000001a 00041284 5de00001 nt!KeBugCheckEx+0x1b
a0803b48 80523b9f 00000000 5de00000 c0601778 nt!MiLocateWsle+0xc1
a0803b7c 80523fb8 c02ef000 5de00000 00000000 nt!MiDeletePte+0x1fd
a0803c44 8051a1dd e1b87b48 5de87fff 00000000 nt!MiDeleteVirtualAddresses+0x164
a0803cf4 805b2d79 899a5a20 89ab9ad0 a0803d64 nt!MiRemoveMappedView+0x237
a0803d38 805b2e68 899ec3b8 8a2fc9e8 00000000 nt!MiUnmapViewOfSection+0x12b
a0803d54 8054162c ffffffff 899a5a20 0012d40c nt!NtUnmapViewOfSection+0x54
a0803d54 7c90e514 ffffffff 899a5a20 0012d40c nt!KiFastCallEntry+0xfc
WARNING: Frame IP not in any known module. Following frames may be wrong.
0012d40c 00000000 00000000 00000000 00000000 0x7c90e514
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!MiLocateWsle+c1
80523319 2b45f0 sub eax,dword ptr [ebp-10h]
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!MiLocateWsle+c1
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
DEBUG_FLR_IMAGE_TIMESTAMP: 498c11d3
IMAGE_NAME: memory_corruption
FAILURE_BUCKET_ID: 0x1a_41284_nt!MiLocateWsle+c1
BUCKET_ID: 0x1a_41284_nt!MiLocateWsle+c1
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
MEMORY_MANAGEMENT (1a)
# Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 00041284, A PTE or the working set list is corrupt.
Arg2: 5de00001
Arg3: 00000000
Arg4: c0883000
Debugging Details:
------------------
BUGCHECK_STR: 0x1a_41284
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
PROCESS_NAME: LULnchr.exe
LAST_CONTROL_TRANSFER: from 80523319 to 804f9f43
STACK_TEXT:
a0803b10 80523319 0000001a 00041284 5de00001 nt!KeBugCheckEx+0x1b
a0803b48 80523b9f 00000000 5de00000 c0601778 nt!MiLocateWsle+0xc1
a0803b7c 80523fb8 c02ef000 5de00000 00000000 nt!MiDeletePte+0x1fd
a0803c44 8051a1dd e1b87b48 5de87fff 00000000 nt!MiDeleteVirtualAddresses+0x164
a0803cf4 805b2d79 899a5a20 89ab9ad0 a0803d64 nt!MiRemoveMappedView+0x237
a0803d38 805b2e68 899ec3b8 8a2fc9e8 00000000 nt!MiUnmapViewOfSection+0x12b
a0803d54 8054162c ffffffff 899a5a20 0012d40c nt!NtUnmapViewOfSection+0x54
a0803d54 7c90e514 ffffffff 899a5a20 0012d40c nt!KiFastCallEntry+0xfc
WARNING: Frame IP not in any known module. Following frames may be wrong.
0012d40c 00000000 00000000 00000000 00000000 0x7c90e514
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!MiLocateWsle+c1
80523319 2b45f0 sub eax,dword ptr [ebp-10h]
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!MiLocateWsle+c1
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
DEBUG_FLR_IMAGE_TIMESTAMP: 498c11d3
IMAGE_NAME: memory_corruption
FAILURE_BUCKET_ID: 0x1a_41284_nt!MiLocateWsle+c1
BUCKET_ID: 0x1a_41284_nt!MiLocateWsle+c1
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
MEMORY_MANAGEMENT (1a)
# Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 00041284, A PTE or the working set list is corrupt.
Arg2: 5de00001
Arg3: 00000000
Arg4: c0883000
Debugging Details:
------------------
BUGCHECK_STR: 0x1a_41284
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
PROCESS_NAME: LULnchr.exe
LAST_CONTROL_TRANSFER: from 80523319 to 804f9f43
STACK_TEXT:
a0803b10 80523319 0000001a 00041284 5de00001 nt!KeBugCheckEx+0x1b
a0803b48 80523b9f 00000000 5de00000 c0601778 nt!MiLocateWsle+0xc1
a0803b7c 80523fb8 c02ef000 5de00000 00000000 nt!MiDeletePte+0x1fd
a0803c44 8051a1dd e1b87b48 5de87fff 00000000 nt!MiDeleteVirtualAddresses+0x164
a0803cf4 805b2d79 899a5a20 89ab9ad0 a0803d64 nt!MiRemoveMappedView+0x237
a0803d38 805b2e68 899ec3b8 8a2fc9e8 00000000 nt!MiUnmapViewOfSection+0x12b
a0803d54 8054162c ffffffff 899a5a20 0012d40c nt!NtUnmapViewOfSection+0x54
a0803d54 7c90e514 ffffffff 899a5a20 0012d40c nt!KiFastCallEntry+0xfc
WARNING: Frame IP not in any known module. Following frames may be wrong.
0012d40c 00000000 00000000 00000000 00000000 0x7c90e514
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!MiLocateWsle+c1
80523319 2b45f0 sub eax,dword ptr [ebp-10h]
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!MiLocateWsle+c1
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
DEBUG_FLR_IMAGE_TIMESTAMP: 498c11d3
IMAGE_NAME: memory_corruption
FAILURE_BUCKET_ID: 0x1a_41284_nt!MiLocateWsle+c1
BUCKET_ID: 0x1a_41284_nt!MiLocateWsle+c1
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
MEMORY_MANAGEMENT (1a)
# Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 00041284, A PTE or the working set list is corrupt.
Arg2: 5de00001
Arg3: 00000000
Arg4: c0883000
Debugging Details:
------------------
BUGCHECK_STR: 0x1a_41284
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
PROCESS_NAME: LULnchr.exe
LAST_CONTROL_TRANSFER: from 80523319 to 804f9f43
STACK_TEXT:
a0803b10 80523319 0000001a 00041284 5de00001 nt!KeBugCheckEx+0x1b
a0803b48 80523b9f 00000000 5de00000 c0601778 nt!MiLocateWsle+0xc1
a0803b7c 80523fb8 c02ef000 5de00000 00000000 nt!MiDeletePte+0x1fd
a0803c44 8051a1dd e1b87b48 5de87fff 00000000 nt!MiDeleteVirtualAddresses+0x164
a0803cf4 805b2d79 899a5a20 89ab9ad0 a0803d64 nt!MiRemoveMappedView+0x237
a0803d38 805b2e68 899ec3b8 8a2fc9e8 00000000 nt!MiUnmapViewOfSection+0x12b
a0803d54 8054162c ffffffff 899a5a20 0012d40c nt!NtUnmapViewOfSection+0x54
a0803d54 7c90e514 ffffffff 899a5a20 0012d40c nt!KiFastCallEntry+0xfc
WARNING: Frame IP not in any known module. Following frames may be wrong.
0012d40c 00000000 00000000 00000000 00000000 0x7c90e514
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!MiLocateWsle+c1
80523319 2b45f0 sub eax,dword ptr [ebp-10h]
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!MiLocateWsle+c1
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
DEBUG_FLR_IMAGE_TIMESTAMP: 498c11d3
IMAGE_NAME: memory_corruption
FAILURE_BUCKET_ID: 0x1a_41284_nt!MiLocateWsle+c1
BUCKET_ID: 0x1a_41284_nt!MiLocateWsle+c1
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
MEMORY_MANAGEMENT (1a)
# Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 00041284, A PTE or the working set list is corrupt.
Arg2: 5de00001
Arg3: 00000000
Arg4: c0883000
Debugging Details:
------------------
BUGCHECK_STR: 0x1a_41284
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
PROCESS_NAME: LULnchr.exe
LAST_CONTROL_TRANSFER: from 80523319 to 804f9f43
STACK_TEXT:
a0803b10 80523319 0000001a 00041284 5de00001 nt!KeBugCheckEx+0x1b
a0803b48 80523b9f 00000000 5de00000 c0601778 nt!MiLocateWsle+0xc1
a0803b7c 80523fb8 c02ef000 5de00000 00000000 nt!MiDeletePte+0x1fd
a0803c44 8051a1dd e1b87b48 5de87fff 00000000 nt!MiDeleteVirtualAddresses+0x164
a0803cf4 805b2d79 899a5a20 89ab9ad0 a0803d64 nt!MiRemoveMappedView+0x237
a0803d38 805b2e68 899ec3b8 8a2fc9e8 00000000 nt!MiUnmapViewOfSection+0x12b
a0803d54 8054162c ffffffff 899a5a20 0012d40c nt!NtUnmapViewOfSection+0x54
a0803d54 7c90e514 ffffffff 899a5a20 0012d40c nt!KiFastCallEntry+0xfc
WARNING: Frame IP not in any known module. Following frames may be wrong.
0012d40c 00000000 00000000 00000000 00000000 0x7c90e514
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!MiLocateWsle+c1
80523319 2b45f0 sub eax,dword ptr [ebp-10h]
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!MiLocateWsle+c1
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
DEBUG_FLR_IMAGE_TIMESTAMP: 498c11d3
IMAGE_NAME: memory_corruption
FAILURE_BUCKET_ID: 0x1a_41284_nt!MiLocateWsle+c1
BUCKET_ID: 0x1a_41284_nt!MiLocateWsle+c1
Followup: MachineOwner
---------
Microsoft ® Windows Debugger Version 6.11.0001.404 X86
Copyright © Microsoft Corporation. All rights reserved.
Loading Dump File [C:\WINDOWS\Minidump\Mini052609-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 3) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp3_gdr.090206-1234
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720
Debug session time: Tue May 26 11:32:18.171 2009 (GMT-5)
System Uptime: 0 days 0:01:19.906
Loading Kernel Symbols
...............................................................
................................................................
........................
Loading User Symbols
Loading unloaded module list
..............................................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1A, {41284, 5de00001, 0, c0883000}
Probably caused by : memory_corruption ( nt!MiLocateWsle+c1 )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
MEMORY_MANAGEMENT (1a)
# Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 00041284, A PTE or the working set list is corrupt.
Arg2: 5de00001
Arg3: 00000000
Arg4: c0883000
Debugging Details:
------------------
BUGCHECK_STR: 0x1a_41284
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
PROCESS_NAME: LULnchr.exe
LAST_CONTROL_TRANSFER: from 80523319 to 804f9f43
STACK_TEXT:
a0803b10 80523319 0000001a 00041284 5de00001 nt!KeBugCheckEx+0x1b
a0803b48 80523b9f 00000000 5de00000 c0601778 nt!MiLocateWsle+0xc1
a0803b7c 80523fb8 c02ef000 5de00000 00000000 nt!MiDeletePte+0x1fd
a0803c44 8051a1dd e1b87b48 5de87fff 00000000 nt!MiDeleteVirtualAddresses+0x164
a0803cf4 805b2d79 899a5a20 89ab9ad0 a0803d64 nt!MiRemoveMappedView+0x237
a0803d38 805b2e68 899ec3b8 8a2fc9e8 00000000 nt!MiUnmapViewOfSection+0x12b
a0803d54 8054162c ffffffff 899a5a20 0012d40c nt!NtUnmapViewOfSection+0x54
a0803d54 7c90e514 ffffffff 899a5a20 0012d40c nt!KiFastCallEntry+0xfc
WARNING: Frame IP not in any known module. Following frames may be wrong.
0012d40c 00000000 00000000 00000000 00000000 0x7c90e514
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!MiLocateWsle+c1
80523319 2b45f0 sub eax,dword ptr [ebp-10h]
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!MiLocateWsle+c1
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
DEBUG_FLR_IMAGE_TIMESTAMP: 498c11d3
IMAGE_NAME: memory_corruption
FAILURE_BUCKET_ID: 0x1a_41284_nt!MiLocateWsle+c1
BUCKET_ID: 0x1a_41284_nt!MiLocateWsle+c1
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
MEMORY_MANAGEMENT (1a)
# Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 00041284, A PTE or the working set list is corrupt.
Arg2: 5de00001
Arg3: 00000000
Arg4: c0883000
Debugging Details:
------------------
BUGCHECK_STR: 0x1a_41284
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
PROCESS_NAME: LULnchr.exe
LAST_CONTROL_TRANSFER: from 80523319 to 804f9f43
STACK_TEXT:
a0803b10 80523319 0000001a 00041284 5de00001 nt!KeBugCheckEx+0x1b
a0803b48 80523b9f 00000000 5de00000 c0601778 nt!MiLocateWsle+0xc1
a0803b7c 80523fb8 c02ef000 5de00000 00000000 nt!MiDeletePte+0x1fd
a0803c44 8051a1dd e1b87b48 5de87fff 00000000 nt!MiDeleteVirtualAddresses+0x164
a0803cf4 805b2d79 899a5a20 89ab9ad0 a0803d64 nt!MiRemoveMappedView+0x237
a0803d38 805b2e68 899ec3b8 8a2fc9e8 00000000 nt!MiUnmapViewOfSection+0x12b
a0803d54 8054162c ffffffff 899a5a20 0012d40c nt!NtUnmapViewOfSection+0x54
a0803d54 7c90e514 ffffffff 899a5a20 0012d40c nt!KiFastCallEntry+0xfc
WARNING: Frame IP not in any known module. Following frames may be wrong.
0012d40c 00000000 00000000 00000000 00000000 0x7c90e514
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!MiLocateWsle+c1
80523319 2b45f0 sub eax,dword ptr [ebp-10h]
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!MiLocateWsle+c1
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
DEBUG_FLR_IMAGE_TIMESTAMP: 498c11d3
IMAGE_NAME: memory_corruption
FAILURE_BUCKET_ID: 0x1a_41284_nt!MiLocateWsle+c1
BUCKET_ID: 0x1a_41284_nt!MiLocateWsle+c1
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
MEMORY_MANAGEMENT (1a)
# Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 00041284, A PTE or the working set list is corrupt.
Arg2: 5de00001
Arg3: 00000000
Arg4: c0883000
Debugging Details:
------------------
BUGCHECK_STR: 0x1a_41284
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
PROCESS_NAME: LULnchr.exe
LAST_CONTROL_TRANSFER: from 80523319 to 804f9f43
STACK_TEXT:
a0803b10 80523319 0000001a 00041284 5de00001 nt!KeBugCheckEx+0x1b
a0803b48 80523b9f 00000000 5de00000 c0601778 nt!MiLocateWsle+0xc1
a0803b7c 80523fb8 c02ef000 5de00000 00000000 nt!MiDeletePte+0x1fd
a0803c44 8051a1dd e1b87b48 5de87fff 00000000 nt!MiDeleteVirtualAddresses+0x164
a0803cf4 805b2d79 899a5a20 89ab9ad0 a0803d64 nt!MiRemoveMappedView+0x237
a0803d38 805b2e68 899ec3b8 8a2fc9e8 00000000 nt!MiUnmapViewOfSection+0x12b
a0803d54 8054162c ffffffff 899a5a20 0012d40c nt!NtUnmapViewOfSection+0x54
a0803d54 7c90e514 ffffffff 899a5a20 0012d40c nt!KiFastCallEntry+0xfc
WARNING: Frame IP not in any known module. Following frames may be wrong.
0012d40c 00000000 00000000 00000000 00000000 0x7c90e514
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!MiLocateWsle+c1
80523319 2b45f0 sub eax,dword ptr [ebp-10h]
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!MiLocateWsle+c1
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
DEBUG_FLR_IMAGE_TIMESTAMP: 498c11d3
IMAGE_NAME: memory_corruption
FAILURE_BUCKET_ID: 0x1a_41284_nt!MiLocateWsle+c1
BUCKET_ID: 0x1a_41284_nt!MiLocateWsle+c1
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
MEMORY_MANAGEMENT (1a)
# Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 00041284, A PTE or the working set list is corrupt.
Arg2: 5de00001
Arg3: 00000000
Arg4: c0883000
Debugging Details:
------------------
BUGCHECK_STR: 0x1a_41284
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
PROCESS_NAME: LULnchr.exe
LAST_CONTROL_TRANSFER: from 80523319 to 804f9f43
STACK_TEXT:
a0803b10 80523319 0000001a 00041284 5de00001 nt!KeBugCheckEx+0x1b
a0803b48 80523b9f 00000000 5de00000 c0601778 nt!MiLocateWsle+0xc1
a0803b7c 80523fb8 c02ef000 5de00000 00000000 nt!MiDeletePte+0x1fd
a0803c44 8051a1dd e1b87b48 5de87fff 00000000 nt!MiDeleteVirtualAddresses+0x164
a0803cf4 805b2d79 899a5a20 89ab9ad0 a0803d64 nt!MiRemoveMappedView+0x237
a0803d38 805b2e68 899ec3b8 8a2fc9e8 00000000 nt!MiUnmapViewOfSection+0x12b
a0803d54 8054162c ffffffff 899a5a20 0012d40c nt!NtUnmapViewOfSection+0x54
a0803d54 7c90e514 ffffffff 899a5a20 0012d40c nt!KiFastCallEntry+0xfc
WARNING: Frame IP not in any known module. Following frames may be wrong.
0012d40c 00000000 00000000 00000000 00000000 0x7c90e514
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!MiLocateWsle+c1
80523319 2b45f0 sub eax,dword ptr [ebp-10h]
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!MiLocateWsle+c1
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
DEBUG_FLR_IMAGE_TIMESTAMP: 498c11d3
IMAGE_NAME: memory_corruption
FAILURE_BUCKET_ID: 0x1a_41284_nt!MiLocateWsle+c1
BUCKET_ID: 0x1a_41284_nt!MiLocateWsle+c1
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
MEMORY_MANAGEMENT (1a)
# Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 00041284, A PTE or the working set list is corrupt.
Arg2: 5de00001
Arg3: 00000000
Arg4: c0883000
Debugging Details:
------------------
BUGCHECK_STR: 0x1a_41284
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
PROCESS_NAME: LULnchr.exe
LAST_CONTROL_TRANSFER: from 80523319 to 804f9f43
STACK_TEXT:
a0803b10 80523319 0000001a 00041284 5de00001 nt!KeBugCheckEx+0x1b
a0803b48 80523b9f 00000000 5de00000 c0601778 nt!MiLocateWsle+0xc1
a0803b7c 80523fb8 c02ef000 5de00000 00000000 nt!MiDeletePte+0x1fd
a0803c44 8051a1dd e1b87b48 5de87fff 00000000 nt!MiDeleteVirtualAddresses+0x164
a0803cf4 805b2d79 899a5a20 89ab9ad0 a0803d64 nt!MiRemoveMappedView+0x237
a0803d38 805b2e68 899ec3b8 8a2fc9e8 00000000 nt!MiUnmapViewOfSection+0x12b
a0803d54 8054162c ffffffff 899a5a20 0012d40c nt!NtUnmapViewOfSection+0x54
a0803d54 7c90e514 ffffffff 899a5a20 0012d40c nt!KiFastCallEntry+0xfc
WARNING: Frame IP not in any known module. Following frames may be wrong.
0012d40c 00000000 00000000 00000000 00000000 0x7c90e514
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!MiLocateWsle+c1
80523319 2b45f0 sub eax,dword ptr [ebp-10h]
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!MiLocateWsle+c1
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
DEBUG_FLR_IMAGE_TIMESTAMP: 498c11d3
IMAGE_NAME: memory_corruption
FAILURE_BUCKET_ID: 0x1a_41284_nt!MiLocateWsle+c1
BUCKET_ID: 0x1a_41284_nt!MiLocateWsle+c1
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
MEMORY_MANAGEMENT (1a)
# Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 00041284, A PTE or the working set list is corrupt.
Arg2: 5de00001
Arg3: 00000000
Arg4: c0883000
Debugging Details:
------------------
BUGCHECK_STR: 0x1a_41284
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
PROCESS_NAME: LULnchr.exe
LAST_CONTROL_TRANSFER: from 80523319 to 804f9f43
STACK_TEXT:
a0803b10 80523319 0000001a 00041284 5de00001 nt!KeBugCheckEx+0x1b
a0803b48 80523b9f 00000000 5de00000 c0601778 nt!MiLocateWsle+0xc1
a0803b7c 80523fb8 c02ef000 5de00000 00000000 nt!MiDeletePte+0x1fd
a0803c44 8051a1dd e1b87b48 5de87fff 00000000 nt!MiDeleteVirtualAddresses+0x164
a0803cf4 805b2d79 899a5a20 89ab9ad0 a0803d64 nt!MiRemoveMappedView+0x237
a0803d38 805b2e68 899ec3b8 8a2fc9e8 00000000 nt!MiUnmapViewOfSection+0x12b
a0803d54 8054162c ffffffff 899a5a20 0012d40c nt!NtUnmapViewOfSection+0x54
a0803d54 7c90e514 ffffffff 899a5a20 0012d40c nt!KiFastCallEntry+0xfc
WARNING: Frame IP not in any known module. Following frames may be wrong.
0012d40c 00000000 00000000 00000000 00000000 0x7c90e514
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!MiLocateWsle+c1
80523319 2b45f0 sub eax,dword ptr [ebp-10h]
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!MiLocateWsle+c1
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
DEBUG_FLR_IMAGE_TIMESTAMP: 498c11d3
IMAGE_NAME: memory_corruption
FAILURE_BUCKET_ID: 0x1a_41284_nt!MiLocateWsle+c1
BUCKET_ID: 0x1a_41284_nt!MiLocateWsle+c1
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
MEMORY_MANAGEMENT (1a)
# Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 00041284, A PTE or the working set list is corrupt.
Arg2: 5de00001
Arg3: 00000000
Arg4: c0883000
Debugging Details:
------------------
BUGCHECK_STR: 0x1a_41284
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
PROCESS_NAME: LULnchr.exe
LAST_CONTROL_TRANSFER: from 80523319 to 804f9f43
STACK_TEXT:
a0803b10 80523319 0000001a 00041284 5de00001 nt!KeBugCheckEx+0x1b
a0803b48 80523b9f 00000000 5de00000 c0601778 nt!MiLocateWsle+0xc1
a0803b7c 80523fb8 c02ef000 5de00000 00000000 nt!MiDeletePte+0x1fd
a0803c44 8051a1dd e1b87b48 5de87fff 00000000 nt!MiDeleteVirtualAddresses+0x164
a0803cf4 805b2d79 899a5a20 89ab9ad0 a0803d64 nt!MiRemoveMappedView+0x237
a0803d38 805b2e68 899ec3b8 8a2fc9e8 00000000 nt!MiUnmapViewOfSection+0x12b
a0803d54 8054162c ffffffff 899a5a20 0012d40c nt!NtUnmapViewOfSection+0x54
a0803d54 7c90e514 ffffffff 899a5a20 0012d40c nt!KiFastCallEntry+0xfc
WARNING: Frame IP not in any known module. Following frames may be wrong.
0012d40c 00000000 00000000 00000000 00000000 0x7c90e514
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!MiLocateWsle+c1
80523319 2b45f0 sub eax,dword ptr [ebp-10h]
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!MiLocateWsle+c1
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
DEBUG_FLR_IMAGE_TIMESTAMP: 498c11d3
IMAGE_NAME: memory_corruption
FAILURE_BUCKET_ID: 0x1a_41284_nt!MiLocateWsle+c1
BUCKET_ID: 0x1a_41284_nt!MiLocateWsle+c1
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
MEMORY_MANAGEMENT (1a)
# Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 00041284, A PTE or the working set list is corrupt.
Arg2: 5de00001
Arg3: 00000000
Arg4: c0883000
Debugging Details:
------------------
BUGCHECK_STR: 0x1a_41284
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
PROCESS_NAME: LULnchr.exe
LAST_CONTROL_TRANSFER: from 80523319 to 804f9f43
STACK_TEXT:
a0803b10 80523319 0000001a 00041284 5de00001 nt!KeBugCheckEx+0x1b
a0803b48 80523b9f 00000000 5de00000 c0601778 nt!MiLocateWsle+0xc1
a0803b7c 80523fb8 c02ef000 5de00000 00000000 nt!MiDeletePte+0x1fd
a0803c44 8051a1dd e1b87b48 5de87fff 00000000 nt!MiDeleteVirtualAddresses+0x164
a0803cf4 805b2d79 899a5a20 89ab9ad0 a0803d64 nt!MiRemoveMappedView+0x237
a0803d38 805b2e68 899ec3b8 8a2fc9e8 00000000 nt!MiUnmapViewOfSection+0x12b
a0803d54 8054162c ffffffff 899a5a20 0012d40c nt!NtUnmapViewOfSection+0x54
a0803d54 7c90e514 ffffffff 899a5a20 0012d40c nt!KiFastCallEntry+0xfc
WARNING: Frame IP not in any known module. Following frames may be wrong.
0012d40c 00000000 00000000 00000000 00000000 0x7c90e514
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!MiLocateWsle+c1
80523319 2b45f0 sub eax,dword ptr [ebp-10h]
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!MiLocateWsle+c1
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
DEBUG_FLR_IMAGE_TIMESTAMP: 498c11d3
IMAGE_NAME: memory_corruption
FAILURE_BUCKET_ID: 0x1a_41284_nt!MiLocateWsle+c1
BUCKET_ID: 0x1a_41284_nt!MiLocateWsle+c1
Followup: MachineOwner
---------
#8
- Forum Addict
-
- Group: Moderator
- Posts: 31,425
- Joined: 03-September 05
- Gender:Male
- Location:Killeen, TX
Posted 02 June 2009 - 03:08 PM
<<PROCESS_NAME: LULnchr.exe>>
Appears to be an updater related to Logitech Set Point, http://www.fixya.com/support/t242873-error...n_trying_update
It may be damaged, probably unnecessary...I would either disable from Logitech software configuration screen...or remove files by deletion. It's always better to try from the software first, IMO.
At the least...I would uninstall the Logitech application and then reinstall same, since it appears to be improperly accessing memory.
Louis
Appears to be an updater related to Logitech Set Point, http://www.fixya.com/support/t242873-error...n_trying_update
It may be damaged, probably unnecessary...I would either disable from Logitech software configuration screen...or remove files by deletion. It's always better to try from the software first, IMO.
At the least...I would uninstall the Logitech application and then reinstall same, since it appears to be improperly accessing memory.
Louis
#9
- New Member
-
- Group: Members
- Posts: 13
- Joined: 25-May 09
Posted 02 June 2009 - 06:36 PM
OK i deleted the two files well see if this works. man all this time i thought i had a bad hard drive or bad memory. thanks I'll let you know if this works.
#10
- New Member
-
- Group: Members
- Posts: 13
- Joined: 25-May 09
Posted 07 June 2009 - 09:03 PM
OK I'm back. i thought that deleting those files would have helped. maybe it did i don't know. it still crashes but more on my girl's profile than mine but here is the log from the debugger. this one and several others, again not sure what im looking at, but she was using opera explorer when it crashed on her the other times she was using word perfect.
Microsoft ® Windows Debugger Version 6.11.0001.404 X86
Copyright © Microsoft Corporation. All rights reserved.
Loading Dump File [C:\WINDOWS\Minidump\Mini060609-02.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 3) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp3_gdr.090206-1234
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720
Debug session time: Sat Jun 6 22:55:24.328 2009 (GMT-5)
System Uptime: 0 days 0:29:43.921
Loading Kernel Symbols
...............................................................
................................................................
............................
Loading User Symbols
Loading unloaded module list
.......................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 10000050, {ff868992, 0, 8054bfcb, 0}
Could not read faulting driver name
Probably caused by : win32k.sys ( win32k!HeavyAllocPool+74 )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: ff868992, memory referenced.
Arg2: 00000000, value 0 = read operation, 1 = write operation.
Arg3: 8054bfcb, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 00000000, (reserved)
Debugging Details:
------------------
Could not read faulting driver name
READ_ADDRESS: ff868992
FAULTING_IP:
nt!ExAllocatePoolWithTag+663
8054bfcb 8b06 mov eax,dword ptr [esi]
MM_INTERNAL_CODE: 0
CUSTOMER_CRASH_COUNT: 2
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0x50
PROCESS_NAME: explorer.exe
LAST_CONTROL_TRANSFER: from bf802abc to 8054bfcb
STACK_TEXT:
a56473c4 bf802abc 00000001 00000001 35306847 nt!ExAllocatePoolWithTag+0x663
a56473e4 bf81396d 0000047c 35306847 00000000 win32k!HeavyAllocPool+0x74
a56473f8 bf80592e 0000047c 35306847 a5647490 win32k!PALLOCMEM+0x18
a5647414 bf809481 0000047c 00000005 00000001 win32k!AllocateObject+0x9a
a564745c bf82e5f4 00000040 00000000 00000000 win32k!SURFMEM::bCreateDIB+0x1d4
a56474d8 bf8427f0 0101003a 00000000 00000000 win32k!GreCreateDIBitmapReal+0x2fb
a5647574 bf842a91 e16847a0 01c5f330 a56475b0 win32k!_InternalGetIconInfo+0xc7
a56475e4 8054162c 00020219 01c5f330 01c5f328 win32k!NtUserGetIconInfo+0xe6
a56475e4 7c90e514 00020219 01c5f330 01c5f328 nt!KiFastCallEntry+0xfc
WARNING: Frame IP not in any known module. Following frames may be wrong.
01c5f768 00000000 00000000 00000000 00000000 0x7c90e514
STACK_COMMAND: kb
FOLLOWUP_IP:
win32k!HeavyAllocPool+74
bf802abc 8bd0 mov edx,eax
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: win32k!HeavyAllocPool+74
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: win32k
IMAGE_NAME: win32k.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 49900fc9
FAILURE_BUCKET_ID: 0x50_win32k!HeavyAllocPool+74
BUCKET_ID: 0x50_win32k!HeavyAllocPool+74
Followup: MachineOwner
---------
1: kd> lmvm win32k
start end module name
bf800000 bf9c2e00 win32k # (pdb symbols) c:\symbols\win32k.pdb\1A1C4B4E82274D7D8294C4151FBA05772\win32k.pdb
Loaded symbol image file: win32k.sys
Mapped memory image file: c:\symbols\win32k.sys\49900FC91c2e00\win32k.sys
Image path: win32k.sys
Image name: win32k.sys
Timestamp: Mon Feb 09 05:13:13 2009 (49900FC9)
CheckSum: 001C576C
ImageSize: 001C2E00
File version: 5.1.2600.5756
Product version: 5.1.2600.5756
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0406.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operativsystem
InternalName: win32k.sys
OriginalFilename: win32k.sys
ProductVersion: 5.1.2600.5756
FileVersion: 5.1.2600.5756 (xpsp_sp3_gdr.090209-1237)
FileDescription: Win32-flerbrugerdriver
LegalCopyright: © Microsoft Corporation. Alle rettigheder forbeholdes.
here's one more
Microsoft ® Windows Debugger Version 6.11.0001.404 X86
Copyright © Microsoft Corporation. All rights reserved.
Loading Dump File [C:\WINDOWS\Minidump\Mini060609-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 3) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp3_gdr.090206-1234
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720
Debug session time: Sat Jun 6 22:25:02.406 2009 (GMT-5)
System Uptime: 0 days 0:30:49.148
Loading Kernel Symbols
...............................................................
................................................................
............................
Loading User Symbols
Loading unloaded module list
.......................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 10000050, {ff93998c, 1, 8054b168, 0}
Could not read faulting driver name
Unable to load image OADriver.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for OADriver.sys
*** ERROR: Module load completed but symbols could not be loaded for OADriver.sys
Probably caused by : Pool_Corruption ( nt!ExDeferredFreePool+162 )
Followup: Pool_corruption
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: ff93998c, memory referenced.
Arg2: 00000001, value 0 = read operation, 1 = write operation.
Arg3: 8054b168, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 00000000, (reserved)
Debugging Details:
------------------
Could not read faulting driver name
OVERLAPPED_MODULE: Address regions for 'Fastfat' and 'kmixer.sys' overlap
WRITE_ADDRESS: ff93998c
FAULTING_IP:
nt!ExDeferredFreePool+162
8054b168 893b mov dword ptr [ebx],edi
MM_INTERNAL_CODE: 0
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0x50
PROCESS_NAME: MsMpEng.exe
LAST_CONTROL_TRANSFER: from 8054b75f to 8054b168
STACK_TEXT:
a1236728 8054b75f 00000001 88a875f8 88a87688 nt!ExDeferredFreePool+0x162
a1236768 805c0c19 e3bfeeb8 00000000 805bbc62 nt!ExFreePoolWithTag+0x47f
a1236774 805bbc62 00000100 00000000 88ad7e70 nt!ObpFreeObjectNameBuffer+0x13
a123679c 80576033 00000000 00000000 23681401 nt!ObOpenObjectByName+0x370
a1236818 805769aa 0360f22c 00100080 0360f1cc nt!IopCreateFile+0x407
a1236874 805790b4 0360f22c 00100080 0360f1cc nt!IoCreateFile+0x8e
a12368b4 a9e3299f 0360f22c 00100080 0360f1cc nt!NtCreateFile+0x30
WARNING: Stack unwind information not available. Following frames may be wrong.
a1236d30 8054162c 0360f22c 00100080 0360f1cc OADriver+0x2799f
a1236d30 7c90e514 0360f22c 00100080 0360f1cc nt!KiFastCallEntry+0xfc
0360f224 00000000 00000000 00000000 00000000 0x7c90e514
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!ExDeferredFreePool+162
8054b168 893b mov dword ptr [ebx],edi
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!ExDeferredFreePool+162
FOLLOWUP_NAME: Pool_corruption
IMAGE_NAME: Pool_Corruption
DEBUG_FLR_IMAGE_TIMESTAMP: 0
MODULE_NAME: Pool_Corruption
FAILURE_BUCKET_ID: 0x50_nt!ExDeferredFreePool+162
BUCKET_ID: 0x50_nt!ExDeferredFreePool+162
Followup: Pool_corruption
---------
0: kd> lmvm Pool_Corruption
start end module name
0: kd> lmvm Pool_Corruption
start end module name
any help would be great i'm not sure, i just want the computer to stop crashing so i can enjoy it. thank you mark
Microsoft ® Windows Debugger Version 6.11.0001.404 X86
Copyright © Microsoft Corporation. All rights reserved.
Loading Dump File [C:\WINDOWS\Minidump\Mini060609-02.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 3) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp3_gdr.090206-1234
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720
Debug session time: Sat Jun 6 22:55:24.328 2009 (GMT-5)
System Uptime: 0 days 0:29:43.921
Loading Kernel Symbols
...............................................................
................................................................
............................
Loading User Symbols
Loading unloaded module list
.......................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 10000050, {ff868992, 0, 8054bfcb, 0}
Could not read faulting driver name
Probably caused by : win32k.sys ( win32k!HeavyAllocPool+74 )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: ff868992, memory referenced.
Arg2: 00000000, value 0 = read operation, 1 = write operation.
Arg3: 8054bfcb, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 00000000, (reserved)
Debugging Details:
------------------
Could not read faulting driver name
READ_ADDRESS: ff868992
FAULTING_IP:
nt!ExAllocatePoolWithTag+663
8054bfcb 8b06 mov eax,dword ptr [esi]
MM_INTERNAL_CODE: 0
CUSTOMER_CRASH_COUNT: 2
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0x50
PROCESS_NAME: explorer.exe
LAST_CONTROL_TRANSFER: from bf802abc to 8054bfcb
STACK_TEXT:
a56473c4 bf802abc 00000001 00000001 35306847 nt!ExAllocatePoolWithTag+0x663
a56473e4 bf81396d 0000047c 35306847 00000000 win32k!HeavyAllocPool+0x74
a56473f8 bf80592e 0000047c 35306847 a5647490 win32k!PALLOCMEM+0x18
a5647414 bf809481 0000047c 00000005 00000001 win32k!AllocateObject+0x9a
a564745c bf82e5f4 00000040 00000000 00000000 win32k!SURFMEM::bCreateDIB+0x1d4
a56474d8 bf8427f0 0101003a 00000000 00000000 win32k!GreCreateDIBitmapReal+0x2fb
a5647574 bf842a91 e16847a0 01c5f330 a56475b0 win32k!_InternalGetIconInfo+0xc7
a56475e4 8054162c 00020219 01c5f330 01c5f328 win32k!NtUserGetIconInfo+0xe6
a56475e4 7c90e514 00020219 01c5f330 01c5f328 nt!KiFastCallEntry+0xfc
WARNING: Frame IP not in any known module. Following frames may be wrong.
01c5f768 00000000 00000000 00000000 00000000 0x7c90e514
STACK_COMMAND: kb
FOLLOWUP_IP:
win32k!HeavyAllocPool+74
bf802abc 8bd0 mov edx,eax
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: win32k!HeavyAllocPool+74
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: win32k
IMAGE_NAME: win32k.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 49900fc9
FAILURE_BUCKET_ID: 0x50_win32k!HeavyAllocPool+74
BUCKET_ID: 0x50_win32k!HeavyAllocPool+74
Followup: MachineOwner
---------
1: kd> lmvm win32k
start end module name
bf800000 bf9c2e00 win32k # (pdb symbols) c:\symbols\win32k.pdb\1A1C4B4E82274D7D8294C4151FBA05772\win32k.pdb
Loaded symbol image file: win32k.sys
Mapped memory image file: c:\symbols\win32k.sys\49900FC91c2e00\win32k.sys
Image path: win32k.sys
Image name: win32k.sys
Timestamp: Mon Feb 09 05:13:13 2009 (49900FC9)
CheckSum: 001C576C
ImageSize: 001C2E00
File version: 5.1.2600.5756
Product version: 5.1.2600.5756
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0406.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operativsystem
InternalName: win32k.sys
OriginalFilename: win32k.sys
ProductVersion: 5.1.2600.5756
FileVersion: 5.1.2600.5756 (xpsp_sp3_gdr.090209-1237)
FileDescription: Win32-flerbrugerdriver
LegalCopyright: © Microsoft Corporation. Alle rettigheder forbeholdes.
here's one more
Microsoft ® Windows Debugger Version 6.11.0001.404 X86
Copyright © Microsoft Corporation. All rights reserved.
Loading Dump File [C:\WINDOWS\Minidump\Mini060609-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 3) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp3_gdr.090206-1234
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720
Debug session time: Sat Jun 6 22:25:02.406 2009 (GMT-5)
System Uptime: 0 days 0:30:49.148
Loading Kernel Symbols
...............................................................
................................................................
............................
Loading User Symbols
Loading unloaded module list
.......................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 10000050, {ff93998c, 1, 8054b168, 0}
Could not read faulting driver name
Unable to load image OADriver.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for OADriver.sys
*** ERROR: Module load completed but symbols could not be loaded for OADriver.sys
Probably caused by : Pool_Corruption ( nt!ExDeferredFreePool+162 )
Followup: Pool_corruption
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: ff93998c, memory referenced.
Arg2: 00000001, value 0 = read operation, 1 = write operation.
Arg3: 8054b168, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 00000000, (reserved)
Debugging Details:
------------------
Could not read faulting driver name
OVERLAPPED_MODULE: Address regions for 'Fastfat' and 'kmixer.sys' overlap
WRITE_ADDRESS: ff93998c
FAULTING_IP:
nt!ExDeferredFreePool+162
8054b168 893b mov dword ptr [ebx],edi
MM_INTERNAL_CODE: 0
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0x50
PROCESS_NAME: MsMpEng.exe
LAST_CONTROL_TRANSFER: from 8054b75f to 8054b168
STACK_TEXT:
a1236728 8054b75f 00000001 88a875f8 88a87688 nt!ExDeferredFreePool+0x162
a1236768 805c0c19 e3bfeeb8 00000000 805bbc62 nt!ExFreePoolWithTag+0x47f
a1236774 805bbc62 00000100 00000000 88ad7e70 nt!ObpFreeObjectNameBuffer+0x13
a123679c 80576033 00000000 00000000 23681401 nt!ObOpenObjectByName+0x370
a1236818 805769aa 0360f22c 00100080 0360f1cc nt!IopCreateFile+0x407
a1236874 805790b4 0360f22c 00100080 0360f1cc nt!IoCreateFile+0x8e
a12368b4 a9e3299f 0360f22c 00100080 0360f1cc nt!NtCreateFile+0x30
WARNING: Stack unwind information not available. Following frames may be wrong.
a1236d30 8054162c 0360f22c 00100080 0360f1cc OADriver+0x2799f
a1236d30 7c90e514 0360f22c 00100080 0360f1cc nt!KiFastCallEntry+0xfc
0360f224 00000000 00000000 00000000 00000000 0x7c90e514
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!ExDeferredFreePool+162
8054b168 893b mov dword ptr [ebx],edi
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!ExDeferredFreePool+162
FOLLOWUP_NAME: Pool_corruption
IMAGE_NAME: Pool_Corruption
DEBUG_FLR_IMAGE_TIMESTAMP: 0
MODULE_NAME: Pool_Corruption
FAILURE_BUCKET_ID: 0x50_nt!ExDeferredFreePool+162
BUCKET_ID: 0x50_nt!ExDeferredFreePool+162
Followup: Pool_corruption
---------
0: kd> lmvm Pool_Corruption
start end module name
0: kd> lmvm Pool_Corruption
start end module name
any help would be great i'm not sure, i just want the computer to stop crashing so i can enjoy it. thank you mark
#11
- Forum Addict
-
- Group: Moderator
- Posts: 31,425
- Joined: 03-September 05
- Gender:Male
- Location:Killeen, TX
Posted 08 June 2009 - 09:51 AM
Well...I'm not very hopeful after looking at various situations where BugCheck 10000050 were noted. Lots of guesses, no resolutions that I can see.
Anyway...from what I guess, it could be a driver conflicting with memory access. The report points to a Windows Defender problem of some sort...so I suggest uninstalling that and leaving it off. I suggest replacing it with either SUPERAntispyware or Malwarebytes.
Malwarebytes.org - http://www.malwarebytes.org/mbam.php
SUPERAntiSpyware.com - AntiAdware, AntiSpyware, AntiMalware! - http://www.superantispyware.com/
Is the system current with critical updates?
What SP2 level is currently installed?
Please...if you want to reference instructions/suggestions from a source that is not documented in your post...post a link to that source so that members can see what information you are trying to follow.
I suggest that you run the chkdsk /r command.
Start/Run...type chkdsk /r (with space between k and /) and hit Enter. Answer/type Y in response to onscreen query and hit Enter. Reboot the system and let the command run...system will reboot when it is complete.
Louis
Anyway...from what I guess, it could be a driver conflicting with memory access. The report points to a Windows Defender problem of some sort...so I suggest uninstalling that and leaving it off. I suggest replacing it with either SUPERAntispyware or Malwarebytes.
Malwarebytes.org - http://www.malwarebytes.org/mbam.php
SUPERAntiSpyware.com - AntiAdware, AntiSpyware, AntiMalware! - http://www.superantispyware.com/
Is the system current with critical updates?
What SP2 level is currently installed?
Please...if you want to reference instructions/suggestions from a source that is not documented in your post...post a link to that source so that members can see what information you are trying to follow.
I suggest that you run the chkdsk /r command.
Start/Run...type chkdsk /r (with space between k and /) and hit Enter. Answer/type Y in response to onscreen query and hit Enter. Reboot the system and let the command run...system will reboot when it is complete.
Louis
#12
- New Member
-
- Group: Members
- Posts: 13
- Joined: 25-May 09
Posted 23 June 2009 - 04:04 PM
i thought the computer was fixed. darn.. i deleted windows defender and i still get the bsod. ive ran malwarebytes and superantispyware. here is the latest debug info
Microsoft ® Windows Debugger Version 6.11.0001.404 X86
Copyright © Microsoft Corporation. All rights reserved.
Loading Dump File [C:\WINDOWS\Minidump\Mini062309-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 3) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp3_gdr.090206-1234
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720
Debug session time: Tue Jun 23 10:29:42.531 2009 (GMT-5)
System Uptime: 0 days 0:29:26.136
Loading Kernel Symbols
...............................................................
................................................................
...........................
Loading User Symbols
Loading unloaded module list
........................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1A, {41284, 6d615001, 0, c0883000}
Probably caused by : memory_corruption ( nt!MiLocateWsle+c1 )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
MEMORY_MANAGEMENT (1a)
# Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 00041284, A PTE or the working set list is corrupt.
Arg2: 6d615001
Arg3: 00000000
Arg4: c0883000
Debugging Details:
------------------
BUGCHECK_STR: 0x1a_41284
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
PROCESS_NAME: jqs.exe
LAST_CONTROL_TRANSFER: from 80523319 to 804f9f43
STACK_TEXT:
b50ebb10 80523319 0000001a 00041284 6d615001 nt!KeBugCheckEx+0x1b
b50ebb48 80523b9f 00000000 6d615000 c0601b58 nt!MiLocateWsle+0xc1
b50ebb7c 80523fb8 c036b0a8 6d615000 00000000 nt!MiDeletePte+0x1fd
b50ebc44 8051a1dd e2077588 6d622fff 00000000 nt!MiDeleteVirtualAddresses+0x164
b50ebcf4 805b2d79 88f84be0 8914d5f8 b50ebd64 nt!MiRemoveMappedView+0x237
b50ebd38 805b2e68 8a649638 8a515be8 00000000 nt!MiUnmapViewOfSection+0x12b
b50ebd54 8054162c ffffffff 88f84be0 00b8f678 nt!NtUnmapViewOfSection+0x54
b50ebd54 7c90e514 ffffffff 88f84be0 00b8f678 nt!KiFastCallEntry+0xfc
WARNING: Frame IP not in any known module. Following frames may be wrong.
00b8f678 00000000 00000000 00000000 00000000 0x7c90e514
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!MiLocateWsle+c1
80523319 2b45f0 sub eax,dword ptr [ebp-10h]
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!MiLocateWsle+c1
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
DEBUG_FLR_IMAGE_TIMESTAMP: 498c11d3
IMAGE_NAME: memory_corruption
FAILURE_BUCKET_ID: 0x1a_41284_nt!MiLocateWsle+c1
BUCKET_ID: 0x1a_41284_nt!MiLocateWsle+c1
Followup: MachineOwner
---------
1: kd> lmvm nt
start end module name
804d7000 806e4000 nt # (pdb symbols) c:\symbols\ntkrpamp.pdb\909FE6B806E4444B9230BAAF21EC5C271\ntkrpamp.pdb
Loaded symbol image file: ntkrpamp.exe
Mapped memory image file: c:\symbols\ntkrpamp.exe\498C11D320d000\ntkrpamp.exe
Image path: ntkrpamp.exe
Image name: ntkrpamp.exe
Timestamp: Fri Feb 06 04:32:51 2009 (498C11D3)
CheckSum: 001F9D43
ImageSize: 0020D000
File version: 5.1.2600.5755
Product version: 5.1.2600.5755
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 1.0 App
File date: 00000000.00000000
Translations: 0405.04b0
CompanyName: Microsoft Corporation
ProductName: Operační systém Microsoft® Windows®
InternalName: ntkrpamp.exe
OriginalFilename: ntkrpamp.exe
ProductVersion: 5.1.2600.5755
FileVersion: 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
FileDescription: NT Kernel & System
LegalCopyright: © Microsoft Corporation. Všechna práva vyhrazena.
and here is the last one today
Microsoft ® Windows Debugger Version 6.11.0001.404 X86
Copyright © Microsoft Corporation. All rights reserved.
Loading Dump File [C:\WINDOWS\Minidump\Mini062309-02.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 3) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp3_gdr.090206-1234
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720
Debug session time: Tue Jun 23 10:36:02.046 2009 (GMT-5)
System Uptime: 0 days 0:05:41.773
Loading Kernel Symbols
...............................................................
................................................................
............................
Loading User Symbols
Loading unloaded module list
.......................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000008E, {c0000005, 805a629e, ba257c40, 0}
Unable to load image NVNRM.SYS, Win32 error 0n2
*** WARNING: Unable to verify timestamp for NVNRM.SYS
*** ERROR: Module load completed but symbols could not be loaded for NVNRM.SYS
Probably caused by : ntkrpamp.exe ( nt!NtReplyWaitReceivePortEx+3fe )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 805a629e, The address that the exception occurred at
Arg3: ba257c40, Trap Frame
Arg4: 00000000
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".
FAULTING_IP:
nt!NtReplyWaitReceivePortEx+3fe
805a629e 3900 cmp dword ptr [eax],eax
TRAP_FRAME: ba257c40 -- (.trap 0xffffffffba257c40)
ErrCode = 00000000
eax=08000011 ebx=0000093c ecx=8055d0c0 edx=08000001 esi=8055d0c0 edi=e2e98f68
eip=805a629e esp=ba257cb4 ebp=ba257de9 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
nt!NtReplyWaitReceivePortEx+0x3fe:
805a629e 3900 cmp dword ptr [eax],eax ds:0023:08000011=????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 2
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0x8E
PROCESS_NAME: wmplayer.exe
LAST_CONTROL_TRANSFER: from 7f000000 to 805a629e
STACK_TEXT:
ba257de9 7f000000 00000002 00000600 00000000 nt!NtReplyWaitReceivePortEx+0x3fe
WARNING: Frame IP not in any known module. Following frames may be wrong.
ba257e01 25000000 ff00001f a80000ff ff7c9102 0x7f000000
00000000 00000000 00000000 00000000 00000000 0x25000000
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!NtReplyWaitReceivePortEx+3fe
805a629e 3900 cmp dword ptr [eax],eax
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!NtReplyWaitReceivePortEx+3fe
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrpamp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 498c11d3
FAILURE_BUCKET_ID: 0x8E_nt!NtReplyWaitReceivePortEx+3fe
BUCKET_ID: 0x8E_nt!NtReplyWaitReceivePortEx+3fe
Followup: MachineOwner
---------
looks like the last one was windows media player? but is there still something more sinister still at work here? thanks mark
Microsoft ® Windows Debugger Version 6.11.0001.404 X86
Copyright © Microsoft Corporation. All rights reserved.
Loading Dump File [C:\WINDOWS\Minidump\Mini062309-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 3) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp3_gdr.090206-1234
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720
Debug session time: Tue Jun 23 10:29:42.531 2009 (GMT-5)
System Uptime: 0 days 0:29:26.136
Loading Kernel Symbols
...............................................................
................................................................
...........................
Loading User Symbols
Loading unloaded module list
........................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1A, {41284, 6d615001, 0, c0883000}
Probably caused by : memory_corruption ( nt!MiLocateWsle+c1 )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
MEMORY_MANAGEMENT (1a)
# Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 00041284, A PTE or the working set list is corrupt.
Arg2: 6d615001
Arg3: 00000000
Arg4: c0883000
Debugging Details:
------------------
BUGCHECK_STR: 0x1a_41284
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
PROCESS_NAME: jqs.exe
LAST_CONTROL_TRANSFER: from 80523319 to 804f9f43
STACK_TEXT:
b50ebb10 80523319 0000001a 00041284 6d615001 nt!KeBugCheckEx+0x1b
b50ebb48 80523b9f 00000000 6d615000 c0601b58 nt!MiLocateWsle+0xc1
b50ebb7c 80523fb8 c036b0a8 6d615000 00000000 nt!MiDeletePte+0x1fd
b50ebc44 8051a1dd e2077588 6d622fff 00000000 nt!MiDeleteVirtualAddresses+0x164
b50ebcf4 805b2d79 88f84be0 8914d5f8 b50ebd64 nt!MiRemoveMappedView+0x237
b50ebd38 805b2e68 8a649638 8a515be8 00000000 nt!MiUnmapViewOfSection+0x12b
b50ebd54 8054162c ffffffff 88f84be0 00b8f678 nt!NtUnmapViewOfSection+0x54
b50ebd54 7c90e514 ffffffff 88f84be0 00b8f678 nt!KiFastCallEntry+0xfc
WARNING: Frame IP not in any known module. Following frames may be wrong.
00b8f678 00000000 00000000 00000000 00000000 0x7c90e514
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!MiLocateWsle+c1
80523319 2b45f0 sub eax,dword ptr [ebp-10h]
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!MiLocateWsle+c1
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
DEBUG_FLR_IMAGE_TIMESTAMP: 498c11d3
IMAGE_NAME: memory_corruption
FAILURE_BUCKET_ID: 0x1a_41284_nt!MiLocateWsle+c1
BUCKET_ID: 0x1a_41284_nt!MiLocateWsle+c1
Followup: MachineOwner
---------
1: kd> lmvm nt
start end module name
804d7000 806e4000 nt # (pdb symbols) c:\symbols\ntkrpamp.pdb\909FE6B806E4444B9230BAAF21EC5C271\ntkrpamp.pdb
Loaded symbol image file: ntkrpamp.exe
Mapped memory image file: c:\symbols\ntkrpamp.exe\498C11D320d000\ntkrpamp.exe
Image path: ntkrpamp.exe
Image name: ntkrpamp.exe
Timestamp: Fri Feb 06 04:32:51 2009 (498C11D3)
CheckSum: 001F9D43
ImageSize: 0020D000
File version: 5.1.2600.5755
Product version: 5.1.2600.5755
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 1.0 App
File date: 00000000.00000000
Translations: 0405.04b0
CompanyName: Microsoft Corporation
ProductName: Operační systém Microsoft® Windows®
InternalName: ntkrpamp.exe
OriginalFilename: ntkrpamp.exe
ProductVersion: 5.1.2600.5755
FileVersion: 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
FileDescription: NT Kernel & System
LegalCopyright: © Microsoft Corporation. Všechna práva vyhrazena.
and here is the last one today
Microsoft ® Windows Debugger Version 6.11.0001.404 X86
Copyright © Microsoft Corporation. All rights reserved.
Loading Dump File [C:\WINDOWS\Minidump\Mini062309-02.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 3) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp3_gdr.090206-1234
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720
Debug session time: Tue Jun 23 10:36:02.046 2009 (GMT-5)
System Uptime: 0 days 0:05:41.773
Loading Kernel Symbols
...............................................................
................................................................
............................
Loading User Symbols
Loading unloaded module list
.......................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000008E, {c0000005, 805a629e, ba257c40, 0}
Unable to load image NVNRM.SYS, Win32 error 0n2
*** WARNING: Unable to verify timestamp for NVNRM.SYS
*** ERROR: Module load completed but symbols could not be loaded for NVNRM.SYS
Probably caused by : ntkrpamp.exe ( nt!NtReplyWaitReceivePortEx+3fe )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 805a629e, The address that the exception occurred at
Arg3: ba257c40, Trap Frame
Arg4: 00000000
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".
FAULTING_IP:
nt!NtReplyWaitReceivePortEx+3fe
805a629e 3900 cmp dword ptr [eax],eax
TRAP_FRAME: ba257c40 -- (.trap 0xffffffffba257c40)
ErrCode = 00000000
eax=08000011 ebx=0000093c ecx=8055d0c0 edx=08000001 esi=8055d0c0 edi=e2e98f68
eip=805a629e esp=ba257cb4 ebp=ba257de9 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
nt!NtReplyWaitReceivePortEx+0x3fe:
805a629e 3900 cmp dword ptr [eax],eax ds:0023:08000011=????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 2
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0x8E
PROCESS_NAME: wmplayer.exe
LAST_CONTROL_TRANSFER: from 7f000000 to 805a629e
STACK_TEXT:
ba257de9 7f000000 00000002 00000600 00000000 nt!NtReplyWaitReceivePortEx+0x3fe
WARNING: Frame IP not in any known module. Following frames may be wrong.
ba257e01 25000000 ff00001f a80000ff ff7c9102 0x7f000000
00000000 00000000 00000000 00000000 00000000 0x25000000
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!NtReplyWaitReceivePortEx+3fe
805a629e 3900 cmp dword ptr [eax],eax
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!NtReplyWaitReceivePortEx+3fe
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrpamp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 498c11d3
FAILURE_BUCKET_ID: 0x8E_nt!NtReplyWaitReceivePortEx+3fe
BUCKET_ID: 0x8E_nt!NtReplyWaitReceivePortEx+3fe
Followup: MachineOwner
---------
looks like the last one was windows media player? but is there still something more sinister still at work here? thanks mark
#13
- Forum Addict
-
- Group: Moderator
- Posts: 31,425
- Joined: 03-September 05
- Gender:Male
- Location:Killeen, TX
Posted 23 June 2009 - 05:17 PM
I don't see any more than you do...at this point, I don't have anything to suggest.
You haven't provided any information on how your system got so messed up...and fighting BSODS based on what you have provided...just isn't leading anywhere, IMO.
If malware started all this, I'd say you need a clean install.
Louis
You haven't provided any information on how your system got so messed up...and fighting BSODS based on what you have provided...just isn't leading anywhere, IMO.
If malware started all this, I'd say you need a clean install.
Louis
#14
- New Member
-
- Group: Members
- Posts: 13
- Joined: 25-May 09
Posted 25 June 2009 - 06:50 PM
i'm sorry. i don't know what started it all. i'm thinking that it was a program she downloaded months ago. it was a virus so i deleted it. i came here with some malware issues but malwarebytes and super antispyware doesnt show anything. i was also thinking about a clean install, by wiping the hard drive in the comand prompt then installing windows again, or taking out the hard drive and getting it scanned somewhere else to check for malware or bad sectors. windows detects nothing, but maybe its what i need to do. i really want to think you for your time and help, i really do appreciate all you've done and helped with. mark
#15
- Forum Addict
-
- Group: Moderator
- Posts: 31,425
- Joined: 03-September 05
- Gender:Male
- Location:Killeen, TX
Posted 25 June 2009 - 07:47 PM
Sorry we could not do better...
Louis
Louis
