Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unexpected Reboots, And Occasional Bsods


  • Please log in to reply
4 replies to this topic

#1 John Buchanan

John Buchanan

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:36 AM

Posted 03 August 2008 - 03:21 AM

Hi

A tricky one for my first post. Using a Dell Inspiron 530 running XP Pro SP2. various unexpected reboots and BSODs, but will focus on one specific BSOD which occurred on July 25.

User, not me, was working with MS Publisher.

Having followed instructions elsewhere on Bleepingcomputer, I offer the enclosed output from MS Windows Debugger:

[codebox]Microsoft ® Windows Debugger Version 6.9.0003.113 X86
Copyright © Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini072508-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_qfe.070227-2300
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055c700
Debug session time: Fri Jul 25 13:27:00.423 2008 (GMT+1)
System Uptime: 0 days 6:03:32.214
Loading Kernel Symbols
..................................................................................................................................................
Loading User Symbols
Loading unloaded module list
............................
ERROR: FindPlugIns 8007007b
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000008E, {c0000005, bf8a4fe1, a686ac48, 0}

Probably caused by : win32k.sys ( win32k!PUBLIC_PFTOBJ::pPFFGet+8 )

Followup: MachineOwner
---------

1: kd> !analyze -v
ERROR: FindPlugIns 8007007b
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: bf8a4fe1, The address that the exception occurred at
Arg3: a686ac48, Trap Frame
Arg4: 00000000

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

FAULTING_IP:
win32k!PUBLIC_PFTOBJ::pPFFGet+8
bf8a4fe1 ff760c push dword ptr [esi+0Ch]

TRAP_FRAME: a686ac48 -- (.trap 0xffffffffa686ac48)
ErrCode = 00000000
eax=a686ad10 ebx=a686ad2c ecx=a686ad2c edx=e180800c esi=00000000 edi=e5dc6008
eip=bf8a4fe1 esp=a686acbc ebp=a686acc0 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
win32k!PUBLIC_PFTOBJ::pPFFGet+0x8:
bf8a4fe1 ff760c push dword ptr [esi+0Ch] ds:0023:0000000c=????????
Resetting default scope

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x8E

PROCESS_NAME: spoolsv.exe

LAST_CONTROL_TRANSFER: from bf8dfec0 to bf8a4fe1

STACK_TEXT:
a686acc0 bf8dfec0 00000000 00000000 00000000 win32k!PUBLIC_PFTOBJ::pPFFGet+0x8
a686acfc bf80948b e5dc6008 00000000 8a0f50c8 win32k!PFTOBJ::bUnloadWorkhorse+0x8d
a686ad24 bf80d2a3 00000000 00000000 bf80faeb win32k!XDCOBJ::bDeleteDC+0xa5
a686ad3c bf80fb3c e6555008 00000000 00000000 win32k!bDeleteDCInternal+0x134
a686ad58 805409ac 12211789 00fff57c 7c90eb94 win32k!NtGdiDeleteObjectApp+0x88
a686ad58 7c90eb94 12211789 00fff57c 7c90eb94 nt!KiFastCallEntry+0xfc
WARNING: Frame IP not in any known module. Following frames may be wrong.
00fff57c 00000000 00000000 00000000 00000000 0x7c90eb94


STACK_COMMAND: kb

FOLLOWUP_IP:
win32k!PUBLIC_PFTOBJ::pPFFGet+8
bf8a4fe1 ff760c push dword ptr [esi+0Ch]

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: win32k!PUBLIC_PFTOBJ::pPFFGet+8

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: win32k

IMAGE_NAME: win32k.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 47e0e106

FAILURE_BUCKET_ID: 0x8E_win32k!PUBLIC_PFTOBJ::pPFFGet+8

BUCKET_ID: 0x8E_win32k!PUBLIC_PFTOBJ::pPFFGet+8

Followup: MachineOwner
---------[/codebox]

All indications are that there is a defective or out-of-date driver on the PC. This BSOD was more or less the same as the one on June 24.

But I can't figure out which driver to replace!

Yor expert advice welcomed.

John

BC AdBot (Login to Remove)

 


#2 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:07:36 PM

Posted 03 August 2008 - 06:42 AM

Thanks for the dump file, it'll help in narrowing down things. The crash occurred in win32k.sys - a core Windows system file. Although this is where the crash occurred, it's not necessarily the reason for the crash.

The parameter c0000005 indicates that the crash occurred due to a memory operation. The actual operation was that it was told to access a memory location that did not exist.

The process name that it's associated with is spoolsv.exe. This is the Microsoft Printer Spooler Service and is another critical part of the OS.

So, in short, there's a problem with a driver accessing memory that doesn't exist and the print spooler is involved in this. So, I'd suggest uninstalling your printer to see if the BSOD events stop. If they do, then download a new copy of your printer driver from the manufacturer's website and install that.

If they don't stop, then it's likely that either remnants of the driver remain (and are causing the BSOD) and need to be removed or that there's a corruption in the Microsoft Printer Spooler Service. If the latter, then we may have to resort to SFC.EXE /SCANNOW or a repair install to correct it.

Another option is to enable Driver Verifier (without uninstalling anything), and see if it'll force a BSOD which names the driver (you'd have to perform an analysis of the BSOD event to locate it). To enable Driver Verifier, use this link: http://support.microsoft.com/kb/244617
Two important points when using Driver Verifier:
1) Only verify unsigned drivers at first. Verifying all drivers will seriously slow the system down.
2) When done, run Driver Verifier and select "Delete existing settings" to stop it from running. If you don't do this, you'll experience some slowdown as Driver Verifier continually tries to verify your drivers.
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#3 John Buchanan

John Buchanan
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:36 AM

Posted 03 August 2008 - 12:08 PM

Hi

Thank you for prompt reply. The user tells me that the exact thing she was trying to do when the BSOD occurred was to print from MS Publisher to the "Cute PDF" printer simulator to create a PDF file. She has used this method both before and since without any BSOD.

I have attempted to attach a screenshot from the Event Viewer about an event which occurred just about the same time as the BSOD.
Contents of the screenshot in codebox also:


Event Type:	ErrorEvent Source:	PrintEvent Category:	NoneEvent ID:	6161Date:		25/07/2008Time:		14:16:21User:		NT AUTHORITY\SYSTEMComputer:	MARALYNSDELLDescription:The document Pilgrim August 2008.pub owned by Maralyn failed to print on printer CutePDF Writer. Data type: NT EMF 1.008. Size of the spool file in bytes: 16821052. Number of bytes printed: 0. Total number of pages in the document: 20. Number of pages printed: 0. Client machine: \\MARALYNSDELL. Win32 error code returned by the print processor: 6 (0x6). For more information, see Help and Support Center at [url="http://go.microsoft.com/fwlink/events.asp"]http://go.microsoft.com/fwlink/events.asp[/url].

Could this be a factor? Should I remove this and obtain a new copy before I do things with the drivers for my HP Deskjet 5440 printer?

I have run the Driver Verifier for a few hours, but on computer shutdown it decided to say rude things about aspects of my Zone Alarm security software, so I turned it off again. That's another story, let's deal with this one first.

Cheers

John

Attached Files


Edited by John Buchanan, 03 August 2008 - 12:15 PM.


#4 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:07:36 PM

Posted 03 August 2008 - 02:54 PM

I'd try fixing (uninstall, reboot, install a freshly downloaded copy) CutePDF first - as they tend to do strange things with printer drivers IME.
If that doesn't fix it, then move on to fix the printer drivers.
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#5 John Buchanan

John Buchanan
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:36 AM

Posted 04 August 2008 - 07:22 AM

Hello

I have uninstalled CutePDF Writer, downloaded clean copy and re-installed.

During the re-install I had to tell Zone Alarm to ignore its concerns about file _shfoldr.dll which it identified as "Not-a-virus: Monitor.Win32.SmartKeyStroke.b", otherwise the CutePDF install failed with message "Internal Error: Failed to get version numbers of _shfoldr.dll"

I ran a test of printing to the CutePDF writer, and this worked OK, although, according to the usual user, it now produces files which are larger than the original, whereas it used to produce smaller ones.

I will just have to wait and see whether I get any more BSODs.

Thank you for your advice.

John




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users