BleepingComputer.com: Vista BSOD

Long time reader, first time poster. So hello everyone!

This is a PC for a friend of mine, she claims it is BSOD quite frequently although I have not been able to reproduce a BSOD through normal use.

I have checked PC for Virus's and rootkits, all appear clean, malwarebytes, hitman, combofix all come back clean, and there is nothing strange to suggest virus related. My guess is it is driver or memory related. Ran memtest for several hours, no errors reported, chkdsk brings back no errors.

Any help would be appreciated. Thanks!

OS is Vista Home Premium SP2 on a Gateway GT5654.

Looking at one of the dumps contains the following, let me know should anyone need more information, thanks!!


Microsoft ® Windows Debugger Version 6.12.0002.633 X86
Copyright © Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Server 2008/Windows Vista Kernel Version 6002 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 6002.18267.x86fre.vistasp2_gdr.100608-0458
Machine Name:
Kernel base = 0x8201f000 PsLoadedModuleList = 0x82136c70
Debug session time: Thu Dec 23 15:44:27.091 2010 (UTC - 4:00)
System Uptime: 0 days 0:03:52.762
Loading Kernel Symbols
...............................................................
................................................................
...............
Loading User Symbols

Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck A, {88, 1b, 1, 820ce7f2}

Probably caused by : ntkrpamp.exe ( nt!KiAttachProcess+9 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 00000088, memory referenced
Arg2: 0000001b, IRQL
Arg3: 00000001, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: 820ce7f2, address which referenced memory

Debugging Details:
------------------


WRITE_ADDRESS: 00000088

CURRENT_IRQL: 1b

FAULTING_IP:
nt!KiAttachProcess+9
820ce7f2 ff436c inc dword ptr [ebx+6Ch]

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

BUGCHECK_STR: 0xA

PROCESS_NAME: System

TRAP_FRAME: 8a9677d4 -- (.trap 0xffffffff8a9677d4)
ErrCode = 00000002
eax=848abd78 ebx=0000001c ecx=82117d38 edx=821573c2 esi=848abd78 edi=0000001c
eip=820ce7f2 esp=8a967848 ebp=8a96784c iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
nt!KiAttachProcess+0x9:
820ce7f2 ff436c inc dword ptr [ebx+6Ch] ds:0023:00000088=????????
Resetting default scope

LAST_CONTROL_TRANSFER: from 820ce7f2 to 8206cfd9

STACK_TEXT:
8a9677d4 820ce7f2 badb0d00 821573c2 00100003 nt!KiTrap0E+0x2e1
8a96784c 820d0f6a 0000001c 8a96786c 848abecc nt!KiAttachProcess+0x9
8a9678bc 82067675 00000008 00000202 86cc6570 nt!KeStackAttachProcess+0xa0
8a9678f4 8224f047 8a603778 8a967d4c 848abd78 nt!ZwClose+0x11
8a967b68 823e6493 00000002 000000e1 8a967bc0 nt!SeReleaseSubjectContext+0x20
8a967d44 820c4e22 800005ec 00000000 848abd78 hal!HalRequestIpi+0x13
8a967d7c 821f4c42 8bfb6ba0 03d5a8c8 00000000 nt!ExpWorkerThread+0xfd
8a967dc0 8205df4e 820c4d25 00000001 00000000 nt!PspSystemThreadStartup+0x9d
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!KiAttachProcess+9
820ce7f2 ff436c inc dword ptr [ebx+6Ch]

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: nt!KiAttachProcess+9

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntkrpamp.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 4c0e557c

FAILURE_BUCKET_ID: 0xA_nt!KiAttachProcess+9

BUCKET_ID: 0xA_nt!KiAttachProcess+9

Followup: MachineOwner
---------

Download BlueScreenView:
http://www.nirsoft.net/utils/blue_screen_view.html
unzip downloaded file and double click on BlueScreenView.exe to run the program.
when scanning is done, go to EDIT - Select All
Go to FILE - SAVE Selected Items, and save the report as BSOD.txt
Open BSOD.txt in Notepad, copy all of the content, and paste it into your next reply

Ok, I had that installed, forgot to post. These dumps appear to be much older, although settings were set to overwrite any existing file in advanced system properties.

I noticed a BSOD the other day that is not appearing in bluescreenview, which I found odd.

If anyone else could take a look, would be much appreciated, thanks!

I asked you to cut and paste the report, not post an attachment, but okay.

The errors you are getting both point to possible device driver issues. Do you know what led up to these errors (what was new or different or changed just as the errors began appearing)? For example, was any new hw installed or any major apps or was a virus present or was a driver updated?

The usual first troubleshooting steps for these errors are as follows:

1) Update all major drivers (video, sound, nic). Obtain the drivers from the OEM websites, NOT from Windows Update
2) Check for a bios update
3) Run a diagnostic on the ram (you said you've already done that though)
4) Run checkdisk as follows: Right-click on a command prompt icon and open as administrator. In the command prompt window type:chkdsk /r (then press ENTER). You'll be told the disk is in use and asked if you want to run checkdisk on the next boot. Say yes, exit the command prompt window, and reboot.