Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bsod's


  • Please log in to reply
53 replies to this topic

#1 CrisGer

CrisGer

  • Members
  • 306 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Colorado and California
  • Local time:07:29 AM

Posted 02 September 2008 - 11:33 PM

Hi there,
I have been getting BSOD's usually at the end of the day of work....my system is an XP SP2 AMD 3300 2.6 Ghz with FX 7600, and 400 GB HDrive

I have Outpost and AVG 7.5 (no i wont upgrade to 8.0) :thumbsup: and clean system, ran Malware to be sure....

i have had maybe 6 BSOD's in the past four or five days...i got the details of the two latest:

BCCode: 1000008e BCP1:C0000005 BCP2:805B06CD BCP3:F2CE7C58
BCP4: 00000000 OSVer:5_1_2600 SP:2_0 Product:256_1
C:\DOCUME~1\Chris\LOCALS~\Temp\WERd971.dir00\Mini090208-01.dmp
C:\DOCUME~1|Chris|LOCALS~Temp\WERd871.dir00\sysdata.xml


C:\DOCUME~1\Chris\LOCAL`Temp\816t_appcompat.txt
AppName iexplore.exe App Ver 6.0.2900.2180 ModName: mshtml.dll
ModVer. 6.0.2900.3395 Offset: 0006955d

ps...just had another one:

BCCode: 100000c5 BCP1:41504354 BCP2:00000002 BCP3:00000001
BCP4: 80543Z4C OSVer:5_1_2600 SP:2_0 Product:256_1



i will de frag tonight but wanted to ask advice..thanks for any help on this

i has bsod's a while ago, and the thought was it might be a memory module...but not sure that is what these arel...

thanks

Wednesday AM

Two More BSOD's..during download of files from archive on internet while runing other programs, maybe an overload.

here is one...

BCCode: 100000c5 BCP1:12C0005 BCP2:00000002 BCP3:00000001
BCP4:8054A5E OXVer:5_1_2600 SP:2_0 Product: 256_1

C:\DOCUME~1\Chris\LOCALS~1\Temp\WERcaeb.dir00\Mini090308-01.dmp
C:\DOCUME~1\Chris\LOCALS~1\Temp\WERcaeb.dir00\sysdata.xml

Edited by CrisGer, 03 September 2008 - 01:31 PM.

Game Researcher and Designer
http://3dworldandgamedevelopers.blogspot.com//
Admin
3D Worlds and Game Developers Group Linkedin

BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:10:29 AM

Posted 03 September 2008 - 02:17 PM

Here's an easy to use guide to help you along
http://www.bleepingcomputer.com/forums/top...tml#entry409491
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 CrisGer

CrisGer
  • Topic Starter

  • Members
  • 306 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Colorado and California
  • Local time:07:29 AM

Posted 05 September 2008 - 03:04 AM

Thank you i will check it out carefully. much appreciated.

Just had another bsod after a trouble free day. again many programs running so it may just be over heating :thumbsup:
Game Researcher and Designer
http://3dworldandgamedevelopers.blogspot.com//
Admin
3D Worlds and Game Developers Group Linkedin

#4 CrisGer

CrisGer
  • Topic Starter

  • Members
  • 306 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Colorado and California
  • Local time:07:29 AM

Posted 05 September 2008 - 04:06 AM

OK, i had the Debugging Tools and WinDbg installed and the symbols installed too. so i ran the last 10 error reports from the BSOD"s from the MiniDump folder and this was the result, the latest two were tongiht, and gong back, looks like two errors repeating, one massive list of dll's and one other error. I loaded a pack of old dlls a week ago or so trying to get an old game running (i am a game researcher) and that may be causing this problem) see what it looks like to you all. thanks
chris

Reports:

Number 1


Microsoft ® Windows Debugger Version 6.9.0003.113 X86
Copyright © Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini090508-02.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols;C:\WINDOWS\Symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_gdr.070227-2254
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805533a0
Debug session time: Fri Sep 5 02:10:07.953 2008 (GMT-6)
System Uptime: 0 days 0:12:39.593
Loading Kernel Symbols
............................................................................................................................................................
Loading User Symbols
Loading unloaded module list
...........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 100000C5, {52647541, 2, 1, 80543a5c}

Unable to load image ctaud2k.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ctaud2k.sys
*** ERROR: Module load completed but symbols could not be loaded for ctaud2k.sys
Probably caused by : Pool_Corruption ( nt!ExDeferredFreePool+156 )

Followup: Pool_corruption
---------

kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

DRIVER_CORRUPTED_EXPOOL (c5)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is
caused by drivers that have corrupted the system pool. Run the driver
verifier against any new (or suspect) drivers, and if that doesn't turn up
the culprit, then use gflags to enable special pool.
Arguments:
Arg1: 52647541, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, value 0 = read operation, 1 = write operation
Arg4: 80543a5c, address which referenced memory

Debugging Details:
------------------


BUGCHECK_STR: 0xC5_2

CURRENT_IRQL: 2

FAULTING_IP:
nt!ExDeferredFreePool+156
80543a5c 8913 mov dword ptr [ebx],edx

CUSTOMER_CRASH_COUNT: 2

DEFAULT_BUCKET_ID: DRIVER_FAULT

PROCESS_NAME: iexplore.exe

LAST_CONTROL_TRANSFER: from 8054406f to 80543a5c

STACK_TEXT:
b9cbb758 8054406f 84a80350 84a8a1a8 84a8a1a0 nt!ExDeferredFreePool+0x156
b9cbb798 80544277 84a8a1a0 00000000 b9cbb7b8 nt!ExFreePoolWithTag+0x489
b9cbb7a8 baa3dca7 84a8a1a0 84a8a1ac b9cbb7cc nt!ExFreePool+0xf
b9cbb7b8 baa3dd9a 00000001 00000000 861c7a08 portcls!CIrpStream::`scalar deleting destructor'+0x1a
b9cbb7cc baa3d870 84a8a1a8 b9cbb7f0 baa4ed55 portcls!CUnknown::NonDelegatingRelease+0x24
b9cbb7d8 baa4ed55 84a8a1a0 86051738 85f88240 portcls!CIrpStream::Release+0x11
b9cbb7f0 baa4e25a 00000000 86051680 88314f48 portcls!CPortPinWavePci::Close+0x116
b9cbb810 bab130fc 860b7038 88314f48 b9cbb838 portcls!DispatchClose+0x39
b9cbb820 baa4d880 86051680 88314f48 86051680 ks!KsDispatchIrp+0x71
b9cbb838 baa4d841 86051680 88314f48 b9cbb88c portcls!KsoDispatchIrp+0x43
b9cbb848 f66d64de 86051680 88314f48 8607ab10 portcls!PcDispatchIrp+0x5f
WARNING: Stack unwind information not available. Following frames may be wrong.
b9cbb88c 80577f46 84c1d160 84c1d150 00000000 ctaud2k+0x554de
b9cbb8c4 805af80f 00c1d178 84c1d160 00000000 nt!IopDeleteFile+0x132
b9cbb8e0 8052201d 84c1d178 00000000 80543be6 nt!ObpRemoveObjectRoutine+0xdf
b9cbb904 b8bf7a16 84ab3180 84b4e840 84bd4700 nt!ObfDereferenceObject+0x5f
b9cbb924 bab13737 84ab3180 88524f48 b9cbb968 kmixer!PinDispatchClose+0x336
b9cbb934 804edfe3 84ab3180 88524f48 806d02e8 ks!DispatchClose+0x32
b9cbb944 8064b8a8 88524f58 88524f48 84bd47d0 nt!IopfCallDriver+0x31
b9cbb968 80577f46 84bd47b8 84bd47a8 00000000 nt!IovCallDriver+0xa0
b9cbb9a0 805af80f 00bd47d0 84bd47b8 00000000 nt!IopDeleteFile+0x132
b9cbb9bc 8052201d 84bd47d0 00000000 80543be6 nt!ObpRemoveObjectRoutine+0xdf
b9cbb9e0 b8bf79ca 84ab3180 84b4e840 84b62e00 nt!ObfDereferenceObject+0x5f
b9cbba00 bab13737 84ab3180 87e12f48 b9cbba44 kmixer!PinDispatchClose+0x2ea
b9cbba10 804edfe3 84ab3180 87e12f48 806d02e8 ks!DispatchClose+0x32
b9cbba20 8064b8a8 87e12f58 87e12f48 84b62e78 nt!IopfCallDriver+0x31
b9cbba44 80577f46 84b62e60 84b62e50 00000000 nt!IovCallDriver+0xa0
b9cbba7c 805af80f 00b62e78 84b62e60 00000000 nt!IopDeleteFile+0x132
b9cbba98 8052201d 84b62e78 00000000 80521fbe nt!ObpRemoveObjectRoutine+0xdf
b9cbbabc f709a135 85e8c8d0 e66b6660 f7098ba2 nt!ObfDereferenceObject+0x5f
b9cbbac8 f7098ba2 8739ee90 b9cbbae4 f709935c sysaudio!CInstance::~CInstance+0x28
b9cbbad4 f709935c 00000001 85eedc38 b9cbbaf4 sysaudio!CPinInstance::`scalar deleting destructor'+0xd
b9cbbae4 bab13737 85e8c8d0 8739ee90 b9cbbb28 sysaudio!CPinInstance::PinDispatchClose+0x26
b9cbbaf4 804edfe3 85e8c8d0 8739ee90 806d02e8 ks!DispatchClose+0x32
b9cbbb04 8064b8a8 8739eea0 8739ee90 84c1d220 nt!IopfCallDriver+0x31
b9cbbb28 80577f46 84c1d208 84c1d1f8 00000000 nt!IovCallDriver+0xa0
b9cbbb60 805af80f 00c1d220 84c1d208 00000000 nt!IopDeleteFile+0x132
b9cbbb7c 8052201d 84c1d220 00000000 84aae000 nt!ObpRemoveObjectRoutine+0xdf
b9cbbba0 b9fb8e7f b9cbbbbc b9fb8e4e 84aae000 nt!ObfDereferenceObject+0x5f
b9cbbba8 b9fb8e4e 84aae000 84c1d220 84aae0ac wdmaud!CloseSysAudio+0xe
b9cbbbbc b9fb8ec3 864d2370 84a622e0 b9cbbbe8 wdmaud!CloseWavePin+0x1f
b9cbbbcc b9fb8e21 84aae08c 032b3a48 00000000 wdmaud!CloseTheWavePin+0x3e
b9cbbbe8 b9fb843e 87880f48 84aae000 00000000 wdmaud!Dispatch_ClosePin+0x82
b9cbbc10 804edfe3 00000000 84aae000 806d02e8 wdmaud!SoundDispatch+0x1d7
b9cbbc20 8064b8a8 84c18cf0 806d02d0 87880f48 nt!IopfCallDriver+0x31
b9cbbc44 80573dce 87880fdc 85fb5338 87880f48 nt!IovCallDriver+0xa0
b9cbbc58 80574c5d 85f24198 87880f48 85fb5338 nt!IopSynchronousServiceTail+0x60
b9cbbd00 8056d5ba 00000588 00000420 00000000 nt!IopXxxControlFile+0x5e7
b9cbbd34 8053ca28 00000588 00000420 00000000 nt!NtDeviceIoControlFile+0x2a
b9cbbd34 7c90eb94 00000588 00000420 00000000 nt!KiFastCallEntry+0xf8
06f1fd7c 00000000 00000000 00000000 00000000 0x7c90eb94


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!ExDeferredFreePool+156
80543a5c 8913 mov dword ptr [ebx],edx

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: nt!ExDeferredFreePool+156

FOLLOWUP_NAME: Pool_corruption

IMAGE_NAME: Pool_Corruption

DEBUG_FLR_IMAGE_TIMESTAMP: 0

MODULE_NAME: Pool_Corruption

FAILURE_BUCKET_ID: 0xC5_2_nt!ExDeferredFreePool+156

BUCKET_ID: 0xC5_2_nt!ExDeferredFreePool+156

Followup: Pool_corruption
---------



----------------------------------------------------------------------------------------------------------------------------------------------
number 2

Microsoft ® Windows Debugger Version 6.9.0003.113 X86
Copyright © Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini090508-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_gdr.070227-2254
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805533a0
Debug session time: Fri Sep 5 01:56:44.685 2008 (GMT-6)
System Uptime: 1 days 13:32:28.282
Loading Kernel Symbols
............................................................................................................................................................
Loading User Symbols
Loading unloaded module list
..................................................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 100000C5, {0, 2, 1, 80543a03}

Probably caused by : Pool_Corruption ( nt!ExDeferredFreePool+fd )

Followup: Pool_corruption
---------

kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

DRIVER_CORRUPTED_EXPOOL (c5)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is
caused by drivers that have corrupted the system pool. Run the driver
verifier against any new (or suspect) drivers, and if that doesn't turn up
the culprit, then use gflags to enable special pool.
Arguments:
Arg1: 00000000, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, value 0 = read operation, 1 = write operation
Arg4: 80543a03, address which referenced memory

Debugging Details:
------------------


BUGCHECK_STR: 0xC5_2

CURRENT_IRQL: 2

FAULTING_IP:
nt!ExDeferredFreePool+fd
80543a03 8913 mov dword ptr [ebx],edx

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

PROCESS_NAME: ctfmon.exe

LAST_CONTROL_TRANSFER: from 8054406f to 80543a03

STACK_TEXT:
ed3a7990 8054406f 849e33a8 84bea020 00000000 nt!ExDeferredFreePool+0xfd
ed3a79d0 805b5074 8482c918 00000000 ed3a7d64 nt!ExFreePoolWithTag+0x489
ed3a7d48 8053ca28 0000000e 000cf418 00000001 nt!NtWaitForMultipleObjects+0x300
ed3a7d48 7c90eb94 0000000e 000cf418 00000001 nt!KiFastCallEntry+0xf8
WARNING: Frame IP not in any known module. Following frames may be wrong.
0007fcc0 00000000 00000000 00000000 00000000 0x7c90eb94


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!ExDeferredFreePool+fd
80543a03 8913 mov dword ptr [ebx],edx

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: nt!ExDeferredFreePool+fd

FOLLOWUP_NAME: Pool_corruption

IMAGE_NAME: Pool_Corruption

DEBUG_FLR_IMAGE_TIMESTAMP: 0

MODULE_NAME: Pool_Corruption

FAILURE_BUCKET_ID: 0xC5_2_nt!ExDeferredFreePool+fd

BUCKET_ID: 0xC5_2_nt!ExDeferredFreePool+fd

Followup: Pool_corruption
---------



Microsoft ® Windows Debugger Version 6.9.0003.113 X86
Copyright © Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini090508-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_gdr.070227-2254
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805533a0
Debug session time: Fri Sep 5 01:56:44.685 2008 (GMT-6)
System Uptime: 1 days 13:32:28.282
Loading Kernel Symbols
............................................................................................................................................................
Loading User Symbols
Loading unloaded module list
..................................................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 100000C5, {0, 2, 1, 80543a03}

Probably caused by : Pool_Corruption ( nt!ExDeferredFreePool+fd )

Followup: Pool_corruption



Number 3



Microsoft ® Windows Debugger Version 6.9.0003.113 X86
Copyright © Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini090308-02.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_gdr.070227-2254
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805533a0
Debug session time: Wed Sep 3 12:23:41.531 2008 (GMT-6)
System Uptime: 0 days 0:14:52.169
Loading Kernel Symbols
...........................................................................................................................................................
Loading User Symbols
Loading unloaded module list
..........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000000A, {0, 2, 1, 805072a5}

Probably caused by : memory_corruption ( nt!MiSegmentDelete+2f )

Followup: MachineOwner
---------

kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 00000000, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: 805072a5, address which referenced memory

Debugging Details:
------------------


WRITE_ADDRESS: 00000000

CURRENT_IRQL: 2

FAULTING_IP:
nt!MiSegmentDelete+2f
805072a5 8932 mov dword ptr [edx],esi

CUSTOMER_CRASH_COUNT: 2

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0xA

PROCESS_NAME: System

LAST_CONTROL_TRANSFER: from 80508af6 to 805072a5

STACK_TEXT:
f78eed8c 80508af6 84cb05a0 00000000 865c0da8 nt!MiSegmentDelete+0x2f
f78eedac 805c4cce 00000000 00000000 00000000 nt!MiDereferenceSegmentThread+0x9e
f78eeddc 805411c2 80508a58 00000000 00000000 nt!PspSystemThreadStartup+0x34
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!MiSegmentDelete+2f
805072a5 8932 mov dword ptr [edx],esi

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: nt!MiSegmentDelete+2f

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

DEBUG_FLR_IMAGE_TIMESTAMP: 45e53f9c

IMAGE_NAME: memory_corruption

FAILURE_BUCKET_ID: 0xA_W_nt!MiSegmentDelete+2f

BUCKET_ID: 0xA_W_nt!MiSegmentDelete+2f

Followup: MachineOwner
---------

---------

Number 4


Microsoft ® Windows Debugger Version 6.9.0003.113 X86
Copyright © Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini090308-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_gdr.070227-2254
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805533a0
Debug session time: Wed Sep 3 12:08:05.656 2008 (GMT-6)
System Uptime: 0 days 0:42:15.281
Loading Kernel Symbols
............................................................................................................................................................
Loading User Symbols
Loading unloaded module list
........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 100000C5, {120c0005, 2, 1, 80543a5e}

Unable to load image sptd.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for sptd.sys
*** ERROR: Module load completed but symbols could not be loaded for sptd.sys
Probably caused by : Pool_Corruption ( nt!ExDeferredFreePool+158 )

Followup: Pool_corruption
---------

Number 5


Microsoft ® Windows Debugger Version 6.9.0003.113 X86
Copyright © Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini090208-02.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_gdr.070227-2254
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805533a0
Debug session time: Tue Sep 2 22:57:20.640 2008 (GMT-6)
System Uptime: 0 days 0:47:26.277
Loading Kernel Symbols
.............................................................................................................................................................
Loading User Symbols
Loading unloaded module list
..........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 100000C5, {41504354, 2, 1, 80543a5c}

Probably caused by : Pool_Corruption ( nt!ExDeferredFreePool+156 )

Followup: Pool_corruption
---------



Number 6



Microsoft ® Windows Debugger Version 6.9.0003.113 X86
Copyright © Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini090208-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_gdr.070227-2254
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805533a0
Debug session time: Tue Sep 2 22:09:08.140 2008 (GMT-6)
System Uptime: 0 days 13:38:08.782
Loading Kernel Symbols
.............................................................................................................................................................
Loading User Symbols
Loading unloaded module list
.................................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000008E, {c0000005, 805b06cd, f2ce7c58, 0}

Unable to load image X4HSX32.Sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for X4HSX32.Sys
*** ERROR: Module load completed but symbols could not be loaded for X4HSX32.Sys
GetUlongFromAddress: unable to read from 8055b8f0
GetUlongFromAddress: unable to read from 8055b8f0
Probably caused by : X4HSX32.Sys ( X4HSX32+1cdd )

Followup: MachineOwner
---------

kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 805b06cd, The address that the exception occurred at
Arg3: f2ce7c58, Trap Frame
Arg4: 00000000

Debugging Details:
------------------

GetUlongFromAddress: unable to read from 8055b8f0
GetUlongFromAddress: unable to read from 8055b8f0

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

FAULTING_IP:
nt!ObpCloseHandleTableEntry+13
805b06cd 83b9a800000000 cmp dword ptr [ecx+0A8h],0

TRAP_FRAME: f2ce7c58 -- (.trap 0xfffffffff2ce7c58)
ErrCode = 00000000
eax=e126a3d8 ebx=84f64020 ecx=3fdb6bca edx=8524f798 esi=8524f798 edi=e126a3d8
eip=805b06cd esp=f2ce7ccc ebp=f2ce7cd8 iopl=0 nv up ei ng nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010282
nt!ObpCloseHandleTableEntry+0x13:
805b06cd 83b9a800000000 cmp dword ptr [ecx+0A8h],0 ds:0023:3fdb6c72=????????
Resetting default scope

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x8E

PROCESS_NAME: iexplore.exe

LAST_CONTROL_TRANSFER: from 805b08a5 to 805b06cd

STACK_TEXT:
f2ce7cd8 805b08a5 e70b8438 e126a3d8 000009ec nt!ObpCloseHandleTableEntry+0x13
f2ce7d20 805b09dd 000009ec 00000001 00000000 nt!ObpCloseHandle+0x87
f2ce7d34 f7848cdd 000009ec f2ce7d64 0013e4e8 nt!NtClose+0x1d
WARNING: Stack unwind information not available. Following frames may be wrong.
f2ce7d58 8053ca28 000009ec 0013e4e8 7c90eb94 X4HSX32+0x1cdd
f2ce7d58 7c90eb94 000009ec 0013e4e8 7c90eb94 nt!KiFastCallEntry+0xf8
0013e4e8 00000000 00000000 00000000 00000000 0x7c90eb94


STACK_COMMAND: kb

FOLLOWUP_IP:
X4HSX32+1cdd
f7848cdd ?? ???

SYMBOL_STACK_INDEX: 3

SYMBOL_NAME: X4HSX32+1cdd

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: X4HSX32

IMAGE_NAME: X4HSX32.Sys

DEBUG_FLR_IMAGE_TIMESTAMP: 46f23356

FAILURE_BUCKET_ID: 0x8E_X4HSX32+1cdd

BUCKET_ID: 0x8E_X4HSX32+1cdd

Followup: MachineOwner
---------

kd> lmvm X4HSX32
start end module name
f7847000 f784d000 X4HSX32 T (no symbols)
Loaded symbol image file: X4HSX32.Sys
Image path: X4HSX32.Sys
Image name: X4HSX32.Sys
Timestamp: Thu Sep 20 02:46:14 2007 (46F23356)
CheckSum: 00007EED
ImageSize: 00006000
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0


Number 7


Microsoft ® Windows Debugger Version 6.9.0003.113 X86
Copyright © Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini083108-02.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_gdr.070227-2254
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805533a0
Debug session time: Sun Aug 31 02:00:22.515 2008 (GMT-6)
System Uptime: 0 days 0:21:37.166
Loading Kernel Symbols
............................................................................................................................................................
Loading User Symbols
Loading unloaded module list
............
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck C2, {7, c3e, 4347, 84b75d10}

GetUlongFromAddress: unable to read from 8055b8f0
*** WARNING: Unable to verify timestamp for ADBLOCK.DLL
*** ERROR: Module load completed but symbols could not be loaded for ADBLOCK.DLL
*** WARNING: Unable to verify timestamp for PROTECT.DLL
*** ERROR: Module load completed but symbols could not be loaded for PROTECT.DLL
*** WARNING: Unable to verify timestamp for atksgt.sys
*** ERROR: Module load completed but symbols could not be loaded for atksgt.sys
*** WARNING: Unable to verify timestamp for HTTPFILT.DLL
*** ERROR: Module load completed but symbols could not be loaded for HTTPFILT.DLL
*** WARNING: Unable to verify timestamp for MAILFILT.DLL
*** ERROR: Module load completed but symbols could not be loaded for MAILFILT.DLL
*** WARNING: Unable to verify timestamp for IMAPFILT.DLL
*** ERROR: Module load completed but symbols could not be loaded for IMAPFILT.DLL
*** WARNING: Unable to verify timestamp for ctoss2k.sys
*** ERROR: Module load completed but symbols could not be loaded for ctoss2k.sys
*** WARNING: Unable to verify timestamp for SI3112r.sys
*** ERROR: Module load completed but symbols could not be loaded for SI3112r.sys
*** WARNING: Unable to verify timestamp for nvatabus.sys
*** ERROR: Module load completed but symbols could not be loaded for nvatabus.sys
*** WARNING: Unable to verify timestamp for sptd.sys
*** ERROR: Module load completed but symbols could not be loaded for sptd.sys
*** WARNING: Unable to verify timestamp for nv4_disp.dll
*** ERROR: Module load completed but symbols could not be loaded for nv4_disp.dll
*** WARNING: Unable to verify timestamp for ATMFD.DLL
*** ERROR: Module load completed but symbols could not be loaded for ATMFD.DLL
*** WARNING: Unable to verify timestamp for dump_SI3112r.sys
*** ERROR: Module load completed but symbols could not be loaded for dump_SI3112r.sys
*** WARNING: Unable to verify timestamp for avg7core.sys
*** ERROR: Module load completed but symbols could not be loaded for avg7core.sys
*** WARNING: Unable to verify timestamp for lirsgt.sys
*** ERROR: Module load completed but symbols could not be loaded for lirsgt.sys
*** WARNING: Unable to verify timestamp for FILTNT.SYS
*** ERROR: Module load completed but symbols could not be loaded for FILTNT.SYS
*** WARNING: Unable to verify timestamp for ctac32k.sys
*** ERROR: Module load completed but symbols could not be loaded for ctac32k.sys
*** WARNING: Unable to verify timestamp for ctsfm2k.sys
*** ERROR: Module load completed but symbols could not be loaded for ctsfm2k.sys
*** WARNING: Unable to verify timestamp for emupia2k.sys
*** ERROR: Module load completed but symbols could not be loaded for emupia2k.sys
*** WARNING: Unable to verify timestamp for ha10kx2k.sys
*** ERROR: Module load completed but symbols could not be loaded for ha10kx2k.sys
*** WARNING: Unable to verify timestamp for hap16v2k.sys
*** ERROR: Module load completed but symbols could not be loaded for hap16v2k.sys
*** WARNING: Unable to verify timestamp for X4HSX32.Sys
*** ERROR: Module load completed but symbols could not be loaded for X4HSX32.Sys
*** WARNING: Unable to verify timestamp for NNTPFILT.DLL
*** ERROR: Module load completed but symbols could not be loaded for NNTPFILT.DLL
*** WARNING: Unable to verify timestamp for POP3FILT.DLL
*** ERROR: Module load completed but symbols could not be loaded for POP3FILT.DLL
*** WARNING: Unable to verify timestamp for a96dptt8.SYS
*** ERROR: Module load completed but symbols could not be loaded for a96dptt8.SYS
*** WARNING: Unable to verify timestamp for yk51x86.sys
*** ERROR: Module load completed but symbols could not be loaded for yk51x86.sys
*** WARNING: Unable to verify timestamp for ctaud2k.sys
*** ERROR: Module load completed but symbols could not be loaded for ctaud2k.sys
*** WARNING: Unable to verify timestamp for nv4_mini.sys
*** ERROR: Module load completed but symbols could not be loaded for nv4_mini.sys
*** WARNING: Unable to verify timestamp for drmk.sys
*** ERROR: Module load completed but symbols could not be loaded for drmk.sys
*** WARNING: Unable to verify timestamp for si3112.sys
*** ERROR: Module load completed but symbols could not be loaded for si3112.sys
*** WARNING: Unable to verify timestamp for PxHelp20.sys
*** ERROR: Module load completed but symbols could not be loaded for PxHelp20.sys
*** WARNING: Unable to verify timestamp for nv_agp.sys
*** ERROR: Module load completed but symbols could not be loaded for nv_agp.sys
*** WARNING: Unable to verify timestamp for ElbyCDIO.sys
*** ERROR: Module load completed but symbols could not be loaded for ElbyCDIO.sys
*** WARNING: Unable to verify timestamp for ElbyCDFL.sys
*** ERROR: Module load completed but symbols could not be loaded for ElbyCDFL.sys
*** WARNING: Unable to verify timestamp for GEARAspiWDM.sys
*** ERROR: Module load completed but symbols could not be loaded for GEARAspiWDM.sys
*** WARNING: Unable to verify timestamp for ctprxy2k.sys
*** ERROR: Module load completed but symbols could not be loaded for ctprxy2k.sys
*** WARNING: Unable to verify timestamp for avg7rsxp.sys
*** ERROR: Module load completed but symbols could not be loaded for avg7rsxp.sys
*** WARNING: Unable to verify timestamp for SiWinAcc.sys
*** ERROR: Module load completed but symbols could not be loaded for SiWinAcc.sys
*** WARNING: Unable to verify timestamp for tandpl.sys
*** ERROR: Module load completed but symbols could not be loaded for tandpl.sys
*** WARNING: Unable to verify timestamp for avg7rsw.sys
*** ERROR: Module load completed but symbols could not be loaded for avg7rsw.sys
*** WARNING: Unable to verify timestamp for HTMLFILT.DLL
*** ERROR: Module load completed but symbols could not be loaded for HTMLFILT.DLL
*** WARNING: Unable to verify timestamp for DNSCACHE.DLL
*** ERROR: Module load completed but symbols could not be loaded for DNSCACHE.DLL
*** WARNING: Unable to verify timestamp for FTPFILT.DLL
*** ERROR: Module load completed but symbols could not be loaded for FTPFILT.DLL
*** WARNING: Unable to verify timestamp for avgtdi.sys
*** ERROR: Module load completed but symbols could not be loaded for avgtdi.sys
*** WARNING: Unable to verify timestamp for enodpl.sys
*** ERROR: Module load completed but symbols could not be loaded for enodpl.sys
*** WARNING: Unable to verify timestamp for avgclean.sys
*** ERROR: Module load completed but symbols could not be loaded for avgclean.sys
*** WARNING: Unable to verify timestamp for CONTENT.DLL
*** ERROR: Module load completed but symbols could not be loaded for CONTENT.DLL
GetUlongFromAddress: unable to read from 8055b8f0
Probably caused by : ntkrnlpa.exe ( nt!ExFreePoolWithTag+2a0 )

Followup: MachineOwner
---------

Number 8


Microsoft ® Windows Debugger Version 6.9.0003.113 X86
Copyright © Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini083108-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_gdr.070227-2254
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805533a0
Debug session time: Sun Aug 31 01:37:57.984 2008 (GMT-6)
System Uptime: 0 days 13:45:56.620
Loading Kernel Symbols
............................................................................................................................................................
Loading User Symbols
Loading unloaded module list
......................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 100000C5, {1b, 2, 1, 80543a05}

Probably caused by : Pool_Corruption ( nt!ExDeferredFreePool+ff )

Followup: Pool_corruption
---------

Number 9



Microsoft ® Windows Debugger Version 6.9.0003.113 X86
Copyright © Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini083008-02.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_gdr.070227-2254
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805533a0
Debug session time: Sat Aug 30 00:59:10.812 2008 (GMT-6)
System Uptime: 0 days 0:54:14.446
Loading Kernel Symbols
............................................................................................................................................................
Loading User Symbols
Loading unloaded module list
..............
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck C2, {7, c3e, 44ba, 84a8a488}

GetUlongFromAddress: unable to read from 8055b8f0
*** WARNING: Unable to verify timestamp for PROTECT.DLL
*** ERROR: Module load completed but symbols could not be loaded for PROTECT.DLL
*** WARNING: Unable to verify timestamp for MAILFILT.DLL
*** ERROR: Module load completed but symbols could not be loaded for MAILFILT.DLL
*** WARNING: Unable to verify timestamp for ADBLOCK.DLL
*** ERROR: Module load completed but symbols could not be loaded for ADBLOCK.DLL
*** WARNING: Unable to verify timestamp for HTTPFILT.DLL
*** ERROR: Module load completed but symbols could not be loaded for HTTPFILT.DLL
*** WARNING: Unable to verify timestamp for atksgt.sys
*** ERROR: Module load completed but symbols could not be loaded for atksgt.sys
*** WARNING: Unable to verify timestamp for dump_SI3112r.sys
*** ERROR: Module load completed but symbols could not be loaded for dump_SI3112r.sys
*** WARNING: Unable to verify timestamp for SI3112r.sys
*** ERROR: Module load completed but symbols could not be loaded for SI3112r.sys
*** WARNING: Unable to verify timestamp for nvatabus.sys
*** ERROR: Module load completed but symbols could not be loaded for nvatabus.sys
*** WARNING: Unable to verify timestamp for sptd.sys
*** ERROR: Module load completed but symbols could not be loaded for sptd.sys
*** WARNING: Unable to verify timestamp for nv4_disp.dll
*** ERROR: Module load completed but symbols could not be loaded for nv4_disp.dll
*** WARNING: Unable to verify timestamp for ATMFD.DLL
*** ERROR: Module load completed but symbols could not be loaded for ATMFD.DLL
*** WARNING: Unable to verify timestamp for avg7core.sys
*** ERROR: Module load completed but symbols could not be loaded for avg7core.sys
*** WARNING: Unable to verify timestamp for avgtdi.sys
*** ERROR: Module load completed but symbols could not be loaded for avgtdi.sys
*** WARNING: Unable to verify timestamp for DNSCACHE.DLL
*** ERROR: Module load completed but symbols could not be loaded for DNSCACHE.DLL
*** WARNING: Unable to verify timestamp for HTMLFILT.DLL
*** ERROR: Module load completed but symbols could not be loaded for HTMLFILT.DLL
*** WARNING: Unable to verify timestamp for FILTNT.SYS
*** ERROR: Module load completed but symbols could not be loaded for FILTNT.SYS
*** WARNING: Unable to verify timestamp for avgclean.sys
*** ERROR: Module load completed but symbols could not be loaded for avgclean.sys
*** WARNING: Unable to verify timestamp for lirsgt.sys
*** ERROR: Module load completed but symbols could not be loaded for lirsgt.sys
*** WARNING: Unable to verify timestamp for ctac32k.sys
*** ERROR: Module load completed but symbols could not be loaded for ctac32k.sys
*** WARNING: Unable to verify timestamp for ctsfm2k.sys
*** ERROR: Module load completed but symbols could not be loaded for ctsfm2k.sys
*** WARNING: Unable to verify timestamp for emupia2k.sys
*** ERROR: Module load completed but symbols could not be loaded for emupia2k.sys
*** WARNING: Unable to verify timestamp for ha10kx2k.sys
*** ERROR: Module load completed but symbols could not be loaded for ha10kx2k.sys
*** WARNING: Unable to verify timestamp for hap16v2k.sys
*** ERROR: Module load completed but symbols could not be loaded for hap16v2k.sys
*** WARNING: Unable to verify timestamp for X4HSX32.Sys
*** ERROR: Module load completed but symbols could not be loaded for X4HSX32.Sys
*** WARNING: Unable to verify timestamp for atgqugx8.SYS
*** ERROR: Module load completed but symbols could not be loaded for atgqugx8.SYS
*** WARNING: Unable to verify timestamp for yk51x86.sys
*** ERROR: Module load completed but symbols could not be loaded for yk51x86.sys
*** WARNING: Unable to verify timestamp for ctoss2k.sys
*** ERROR: Module load completed but symbols could not be loaded for ctoss2k.sys
*** WARNING: Unable to verify timestamp for ctaud2k.sys
*** ERROR: Module load completed but symbols could not be loaded for ctaud2k.sys
*** WARNING: Unable to verify timestamp for nv4_mini.sys
*** ERROR: Module load completed but symbols could not be loaded for nv4_mini.sys
*** WARNING: Unable to verify timestamp for si3112.sys
*** ERROR: Module load completed but symbols could not be loaded for si3112.sys
*** WARNING: Unable to verify timestamp for PxHelp20.sys
*** ERROR: Module load completed but symbols could not be loaded for PxHelp20.sys
*** WARNING: Unable to verify timestamp for drmk.sys
*** ERROR: Module load completed but symbols could not be loaded for drmk.sys
*** WARNING: Unable to verify timestamp for nv_agp.sys
*** ERROR: Module load completed but symbols could not be loaded for nv_agp.sys
*** WARNING: Unable to verify timestamp for ElbyCDIO.sys
*** ERROR: Module load completed but symbols could not be loaded for ElbyCDIO.sys
*** WARNING: Unable to verify timestamp for ElbyCDFL.sys
*** ERROR: Module load completed but symbols could not be loaded for ElbyCDFL.sys
*** WARNING: Unable to verify timestamp for GEARAspiWDM.sys
*** ERROR: Module load completed but symbols could not be loaded for GEARAspiWDM.sys
*** WARNING: Unable to verify timestamp for ctprxy2k.sys
*** ERROR: Module load completed but symbols could not be loaded for ctprxy2k.sys
*** WARNING: Unable to verify timestamp for avg7rsxp.sys
*** ERROR: Module load completed but symbols could not be loaded for avg7rsxp.sys
*** WARNING: Unable to verify timestamp for SiWinAcc.sys
*** ERROR: Module load completed but symbols could not be loaded for SiWinAcc.sys
*** WARNING: Unable to verify timestamp for tandpl.sys
*** ERROR: Module load completed but symbols could not be loaded for tandpl.sys
*** WARNING: Unable to verify timestamp for NNTPFILT.DLL
*** ERROR: Module load completed but symbols could not be loaded for NNTPFILT.DLL
*** WARNING: Unable to verify timestamp for enodpl.sys
*** ERROR: Module load completed but symbols could not be loaded for enodpl.sys
*** WARNING: Unable to verify timestamp for avg7rsw.sys
*** ERROR: Module load completed but symbols could not be loaded for avg7rsw.sys
*** WARNING: Unable to verify timestamp for POP3FILT.DLL
*** ERROR: Module load completed but symbols could not be loaded for POP3FILT.DLL
*** WARNING: Unable to verify timestamp for IMAPFILT.DLL
*** ERROR: Module load completed but symbols could not be loaded for IMAPFILT.DLL
*** WARNING: Unable to verify timestamp for FTPFILT.DLL
*** ERROR: Module load completed but symbols could not be loaded for FTPFILT.DLL
*** WARNING: Unable to verify timestamp for CONTENT.DLL
*** ERROR: Module load completed but symbols could not be loaded for CONTENT.DLL
GetUlongFromAddress: unable to read from 8055b8f0
Probably caused by : ntkrnlpa.exe ( nt!ExFreePoolWithTag+2a0 )

Followup: MachineOwner
---------

kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

BAD_POOL_CALLER (c2)
The current thread is making a bad pool request. Typically this is at a bad IRQL level or double freeing the same allocation, etc.
Arguments:
Arg1: 00000007, Attempt to free pool which was already freed
Arg2: 00000c3e, (reserved)
Arg3: 000044ba, Memory contents of the pool block
Arg4: 84a8a488, Address of the block of pool being deallocated

Debugging Details:
------------------

GetUlongFromAddress: unable to read from 8055b8f0
GetUlongFromAddress: unable to read from 8055b8f0

POOL_ADDRESS: 84a8a488

BUGCHECK_STR: 0xc2_7

CUSTOMER_CRASH_COUNT: 2

DEFAULT_BUCKET_ID: DRIVER_FAULT

PROCESS_NAME: System

LAST_CONTROL_TRANSFER: from 80543e86 to 804f8aef

STACK_TEXT:
f78babbc 80543e86 000000c2 00000007 00000c3e nt!KeBugCheckEx+0x1b
f78bac0c 804e1849 84a8a488 00000000 84a8a488 nt!ExFreePoolWithTag+0x2a0
f78bac1c 804e1bb3 00000000 84b02170 84a8a488 nt!CcDeallocateBcb+0x1d
f78bac40 804e29da 00000000 00001000 f78bad40 nt!CcUnpinFileData+0x143
f78bac60 804e3989 84b02170 f78bacb0 00001000 nt!CcReleaseByteRangeFromWrite+0x72
f78bace8 804e3b80 00001000 00000000 00000001 nt!CcFlushCache+0x49d
f78bad2c 804e61aa 865c71e8 8055a3c0 865c67a8 nt!CcWriteBehind+0xdc
f78bad74 80533fe6 865c71e8 00000000 865c67a8 nt!CcWorkerThread+0x126
f78badac 805c4cce 865c71e8 00000000 00000000 nt!ExpWorkerThread+0x100
f78baddc 805411c2 80533ee6 00000000 00000000 nt!PspSystemThreadStartup+0x34
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!ExFreePoolWithTag+2a0
80543e86 8b45f8 mov eax,dword ptr [ebp-8]

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: nt!ExFreePoolWithTag+2a0

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntkrnlpa.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 45e53f9c

FAILURE_BUCKET_ID: 0xc2_7_nt!ExFreePoolWithTag+2a0

BUCKET_ID: 0xc2_7_nt!ExFreePoolWithTag+2a0

Followup: MachineOwner
---------

kd> lmvm nt
start end module name
804d7000 806cd580 nt # (pdb symbols) c:\symbols\ntkrnlpa.pdb\F612363DB38C423CB08559DDBCA9F2F71\ntkrnlpa.pdb
Loaded symbol image file: ntkrnlpa.exe
Mapped memory image file: c:\symbols\ntkrnlpa.exe\45E53F9C1f6580\ntkrnlpa.exe
Image path: ntkrnlpa.exe
Image name: ntkrnlpa.exe
Timestamp: Wed Feb 28 01:38:52 2007 (45E53F9C)
CheckSum: 00200031
ImageSize: 001F6580
File version: 5.1.2600.3093
Product version: 5.1.2600.3093
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 1.0 App
File date: 00000000.00000000
Translations: 0411.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: ntkrnlpa.exe
OriginalFilename: ntkrnlpa.exe
ProductVersion: 5.1.2600.3093
FileVersion: 5.1.2600.3093 (xpsp_sp2_gdr.070227-2254)
FileDescription: NT Kernel & System
LegalCopyright: © Microsoft Corporation. All rights reserved.



Number 10



Microsoft ® Windows Debugger Version 6.9.0003.113 X86
Copyright © Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini083008-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_gdr.070227-2254
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805533a0
Debug session time: Sat Aug 30 00:04:13.828 2008 (GMT-6)
System Uptime: 0 days 0:08:16.456
Loading Kernel Symbols
.............................................................................................................................................................
Loading User Symbols
Loading unloaded module list
.........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck C2, {7, c3e, 4419, 84a2b8c0}

GetUlongFromAddress: unable to read from 8055b8f0
*** WARNING: Unable to verify timestamp for MAILFILT.DLL
*** ERROR: Module load completed but symbols could not be loaded for MAILFILT.DLL
*** WARNING: Unable to verify timestamp for ADBLOCK.DLL
*** ERROR: Module load completed but symbols could not be loaded for ADBLOCK.DLL
*** WARNING: Unable to verify timestamp for HTTPFILT.DLL
*** ERROR: Module load completed but symbols could not be loaded for HTTPFILT.DLL
*** WARNING: Unable to verify timestamp for PROTECT.DLL
*** ERROR: Module load completed but symbols could not be loaded for PROTECT.DLL
*** WARNING: Unable to verify timestamp for atksgt.sys
*** ERROR: Module load completed but symbols could not be loaded for atksgt.sys
*** WARNING: Unable to verify timestamp for ctoss2k.sys
*** ERROR: Module load completed but symbols could not be loaded for ctoss2k.sys
*** WARNING: Unable to verify timestamp for SI3112r.sys
*** ERROR: Module load completed but symbols could not be loaded for SI3112r.sys
*** WARNING: Unable to verify timestamp for nvatabus.sys
*** ERROR: Module load completed but symbols could not be loaded for nvatabus.sys
*** WARNING: Unable to verify timestamp for sptd.sys
*** ERROR: Module load completed but symbols could not be loaded for sptd.sys
*** WARNING: Unable to verify timestamp for nv4_disp.dll
*** ERROR: Module load completed but symbols could not be loaded for nv4_disp.dll
*** WARNING: Unable to verify timestamp for ATMFD.DLL
*** ERROR: Module load completed but symbols could not be loaded for ATMFD.DLL
*** WARNING: Unable to verify timestamp for dump_SI3112r.sys
*** ERROR: Module load completed but symbols could not be loaded for dump_SI3112r.sys
*** WARNING: Unable to verify timestamp for avg7core.sys
*** ERROR: Module load completed but symbols could not be loaded for avg7core.sys
*** WARNING: Unable to verify timestamp for avg7rsxp.sys
*** ERROR: Module load completed but symbols could not be loaded for avg7rsxp.sys
*** WARNING: Unable to verify timestamp for FILTNT.SYS
*** ERROR: Module load completed but symbols could not be loaded for FILTNT.SYS
*** WARNING: Unable to verify timestamp for ctac32k.sys
*** ERROR: Module load completed but symbols could not be loaded for ctac32k.sys
*** WARNING: Unable to verify timestamp for ctsfm2k.sys
*** ERROR: Module load completed but symbols could not be loaded for ctsfm2k.sys
*** WARNING: Unable to verify timestamp for emupia2k.sys
*** ERROR: Module load completed but symbols could not be loaded for emupia2k.sys
*** WARNING: Unable to verify timestamp for ha10kx2k.sys
*** ERROR: Module load completed but symbols could not be loaded for ha10kx2k.sys
*** WARNING: Unable to verify timestamp for hap16v2k.sys
*** ERROR: Module load completed but symbols could not be loaded for hap16v2k.sys
*** WARNING: Unable to verify timestamp for X4HSX32.Sys
*** ERROR: Module load completed but symbols could not be loaded for X4HSX32.Sys
*** WARNING: Unable to verify timestamp for ElbyCDIO.sys
*** ERROR: Module load completed but symbols could not be loaded for ElbyCDIO.sys
*** WARNING: Unable to verify timestamp for tandpl.sys
*** ERROR: Module load completed but symbols could not be loaded for tandpl.sys
*** WARNING: Unable to verify timestamp for aq39348s.SYS
*** ERROR: Module load completed but symbols could not be loaded for aq39348s.SYS
*** WARNING: Unable to verify timestamp for yk51x86.sys
*** ERROR: Module load completed but symbols could not be loaded for yk51x86.sys
*** WARNING: Unable to verify timestamp for ctaud2k.sys
*** ERROR: Module load completed but symbols could not be loaded for ctaud2k.sys
*** WARNING: Unable to verify timestamp for nv4_mini.sys
*** ERROR: Module load completed but symbols could not be loaded for nv4_mini.sys
*** WARNING: Unable to verify timestamp for si3112.sys
*** ERROR: Module load completed but symbols could not be loaded for si3112.sys
*** WARNING: Unable to verify timestamp for PxHelp20.sys
*** ERROR: Module load completed but symbols could not be loaded for PxHelp20.sys
*** WARNING: Unable to verify timestamp for drmk.sys
*** ERROR: Module load completed but symbols could not be loaded for drmk.sys
*** WARNING: Unable to verify timestamp for nv_agp.sys
*** ERROR: Module load completed but symbols could not be loaded for nv_agp.sys
*** WARNING: Unable to verify timestamp for lirsgt.sys
*** ERROR: Module load completed but symbols could not be loaded for lirsgt.sys
*** WARNING: Unable to verify timestamp for ElbyCDFL.sys
*** ERROR: Module load completed but symbols could not be loaded for ElbyCDFL.sys
*** WARNING: Unable to verify timestamp for GEARAspiWDM.sys
*** ERROR: Module load completed but symbols could not be loaded for GEARAspiWDM.sys
*** WARNING: Unable to verify timestamp for ctprxy2k.sys
*** ERROR: Module load completed but symbols could not be loaded for ctprxy2k.sys
*** WARNING: Unable to verify timestamp for SiWinAcc.sys
*** ERROR: Module load completed but symbols could not be loaded for SiWinAcc.sys
*** WARNING: Unable to verify timestamp for avg7rsw.sys
*** ERROR: Module load completed but symbols could not be loaded for avg7rsw.sys
*** WARNING: Unable to verify timestamp for avgtdi.sys
*** ERROR: Module load completed but symbols could not be loaded for avgtdi.sys
*** WARNING: Unable to verify timestamp for enodpl.sys
*** ERROR: Module load completed but symbols could not be loaded for enodpl.sys
*** WARNING: Unable to verify timestamp for HTMLFILT.DLL
*** ERROR: Module load completed but symbols could not be loaded for HTMLFILT.DLL
*** WARNING: Unable to verify timestamp for DNSCACHE.DLL
*** ERROR: Module load completed but symbols could not be loaded for DNSCACHE.DLL
*** WARNING: Unable to verify timestamp for FTPFILT.DLL
*** ERROR: Module load completed but symbols could not be loaded for FTPFILT.DLL
*** WARNING: Unable to verify timestamp for POP3FILT.DLL
*** ERROR: Module load completed but symbols could not be loaded for POP3FILT.DLL
*** WARNING: Unable to verify timestamp for IMAPFILT.DLL
*** ERROR: Module load completed but symbols could not be loaded for IMAPFILT.DLL
*** WARNING: Unable to verify timestamp for NNTPFILT.DLL
*** ERROR: Module load completed but symbols could not be loaded for NNTPFILT.DLL
*** WARNING: Unable to verify timestamp for avgclean.sys
*** ERROR: Module load completed but symbols could not be loaded for avgclean.sys
*** WARNING: Unable to verify timestamp for CONTENT.DLL
*** ERROR: Module load completed but symbols could not be loaded for CONTENT.DLL
Probably caused by : afd.sys ( afd!AfdFreeBuffer+55 )

Followup: MachineOwner
---------

kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

BAD_POOL_CALLER (c2)
The current thread is making a bad pool request. Typically this is at a bad IRQL level or double freeing the same allocation, etc.
Arguments:
Arg1: 00000007, Attempt to free pool which was already freed
Arg2: 00000c3e, (reserved)
Arg3: 00004419, Memory contents of the pool block
Arg4: 84a2b8c0, Address of the block of pool being deallocated

Debugging Details:
------------------

GetUlongFromAddress: unable to read from 8055b8f0

POOL_ADDRESS: 84a2b8c0

BUGCHECK_STR: 0xc2_7

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

PROCESS_NAME: Idle

LAST_CONTROL_TRANSFER: from 80543e86 to 804f8aef

STACK_TEXT:
805487b8 80543e86 000000c2 00000007 00000c3e nt!KeBugCheckEx+0x1b
80548808 eb39903b 84a2b8c0 c2646641 84a2bfa0 nt!ExFreePoolWithTag+0x2a0
84a2bfc9 c0000000 c084a2b8 0184a2b9 0e000000 afd!AfdFreeBuffer+0x55
WARNING: Frame IP not in any known module. Following frames may be wrong.
84a2bfd1 0184a2b9 0e000000 00000200 01a8c035 0xc0000000
84a2bfd5 0e000000 00000200 01a8c035 00000001 0x184a2b9
84a2bfd9 00000000 01a8c035 00000001 00000000 0xe000000


STACK_COMMAND: kb

FOLLOWUP_IP:
afd!AfdFreeBuffer+55
eb39903b 5e pop esi

SYMBOL_STACK_INDEX: 2

SYMBOL_NAME: afd!AfdFreeBuffer+55

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: afd

IMAGE_NAME: afd.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 485b8a15

FAILURE_BUCKET_ID: 0xc2_7_afd!AfdFreeBuffer+55

BUCKET_ID: 0xc2_7_afd!AfdFreeBuffer+55

Followup: MachineOwner
---------

Edited by CrisGer, 05 September 2008 - 04:29 AM.

Game Researcher and Designer
http://3dworldandgamedevelopers.blogspot.com//
Admin
3D Worlds and Game Developers Group Linkedin

#5 CrisGer

CrisGer
  • Topic Starter

  • Members
  • 306 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Colorado and California
  • Local time:07:29 AM

Posted 05 September 2008 - 04:11 AM

did two more just to check....

number 11

Microsoft ® Windows Debugger Version 6.9.0003.113 X86
Copyright © Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini082908-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_gdr.070227-2254
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805533a0
Debug session time: Fri Aug 29 23:55:10.562 2008 (GMT-6)
System Uptime: 0 days 14:48:26.198
Loading Kernel Symbols
.............................................................................................................................................................
Loading User Symbols
Loading unloaded module list
.......................................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 100000C5, {61436d4d, 2, 1, 80543a5c}

Unable to load image SiWinAcc.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for SiWinAcc.sys
*** ERROR: Module load completed but symbols could not be loaded for SiWinAcc.sys
Unable to load image avg7rsxp.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for avg7rsxp.sys
*** ERROR: Module load completed but symbols could not be loaded for avg7rsxp.sys
Probably caused by : Pool_Corruption ( nt!ExDeferredFreePool+156 )

Followup: Pool_corruption
---------

number 12



Microsoft ® Windows Debugger Version 6.9.0003.113 X86
Copyright © Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini082208-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_gdr.070227-2254
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805533a0
Debug session time: Fri Aug 22 13:31:03.875 2008 (GMT-6)
System Uptime: 0 days 3:51:39.512
Loading Kernel Symbols
...........................................................................................................................................................
Loading User Symbols
Loading unloaded module list
...........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 100000C5, {0, 2, 1, 80543a03}

Unable to load image sptd.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for sptd.sys
*** ERROR: Module load completed but symbols could not be loaded for sptd.sys
Probably caused by : Pool_Corruption ( nt!ExDeferredFreePool+fd )

Followup: Pool_corruption
---------

kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

DRIVER_CORRUPTED_EXPOOL (c5)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is
caused by drivers that have corrupted the system pool. Run the driver
verifier against any new (or suspect) drivers, and if that doesn't turn up
the culprit, then use gflags to enable special pool.
Arguments:
Arg1: 00000000, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, value 0 = read operation, 1 = write operation
Arg4: 80543a03, address which referenced memory

Debugging Details:
------------------


BUGCHECK_STR: 0xC5_2

CURRENT_IRQL: 2

FAULTING_IP:
nt!ExDeferredFreePool+fd
80543a03 8913 mov dword ptr [ebx],edx

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

PROCESS_NAME: Idle

LAST_CONTROL_TRANSFER: from 8054406f to 80543a03

STACK_TEXT:
80548e44 8054406f 867b6dc0 8677a0ec 84f1d008 nt!ExDeferredFreePool+0xfd
80548e84 80544277 84f1d008 00000000 80548f00 nt!ExFreePoolWithTag+0x489
80548e94 bab36fb1 84f1d008 87548ed8 84f1d008 nt!ExFreePool+0xf
80548f00 bab37b57 84e3166c 00000000 8677a7d8 USBPORT!USBPORT_CompleteTransfer+0x43f
80548f30 bab38754 026e6f44 8677a0e0 8677a0e0 USBPORT!USBPORT_DoneTransfer+0x137
80548f68 bab39f6a 8677a028 80541ac8 8677a230 USBPORT!USBPORT_FlushDoneTransferList+0x16c
80548f94 bab47fb0 8677a028 80541ac8 8677a028 USBPORT!USBPORT_DpcWorker+0x224
80548fd0 bab48128 8677a028 00000001 86b6b52c USBPORT!USBPORT_IsrDpcWorker+0x37e
80548fec bae13a9e 8677a64c 6b755044 00000000 USBPORT!USBPORT_IsrDpc+0x166
WARNING: Stack unwind information not available. Following frames may be wrong.
8054902c 80540f7d 8677a64c 8677a028 00000000 sptd+0x11a9e
80549050 80540ef6 00000000 0000000e 00000000 nt!KiRetireDpcList+0x46
80549054 00000000 0000000e 00000000 00000000 nt!KiIdleLoop+0x26


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!ExDeferredFreePool+fd
80543a03 8913 mov dword ptr [ebx],edx

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: nt!ExDeferredFreePool+fd

FOLLOWUP_NAME: Pool_corruption

IMAGE_NAME: Pool_Corruption

DEBUG_FLR_IMAGE_TIMESTAMP: 0

MODULE_NAME: Pool_Corruption

FAILURE_BUCKET_ID: 0xC5_2_nt!ExDeferredFreePool+fd

BUCKET_ID: 0xC5_2_nt!ExDeferredFreePool+fd

Followup: Pool_corruption
---------

Edited by CrisGer, 05 September 2008 - 04:30 AM.

Game Researcher and Designer
http://3dworldandgamedevelopers.blogspot.com//
Admin
3D Worlds and Game Developers Group Linkedin

#6 CrisGer

CrisGer
  • Topic Starter

  • Members
  • 306 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Colorado and California
  • Local time:07:29 AM

Posted 05 September 2008 - 04:35 AM

Here are the bug reports both the originals and the analysis ones as zips

Attached Files


Game Researcher and Designer
http://3dworldandgamedevelopers.blogspot.com//
Admin
3D Worlds and Game Developers Group Linkedin

#7 CrisGer

CrisGer
  • Topic Starter

  • Members
  • 306 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Colorado and California
  • Local time:07:29 AM

Posted 05 September 2008 - 04:40 AM

I saw a bad pool call was noted in the bug reports and i went looking for in fo on this and found this.....

Bad Pool Caller Fix


BAD_POOL_CALLER is a stop error message that is caused because of problems with the memory management. The error is seen when the computer is started up and displays the blue screen of death and gives the following message: “A problem has been detected and windows has been shut down to prevent damage to your computer”.

BAD_POOL_CALLER. stop: 0x000000c2 (0x000000043, 0xc2528000, 0x00000000, 0x00000000) ”

Each of these stop error parameters is for a different problem. There is a list of more than thirty such causes that can give you this error message. If the stop error is consistent every time the system is rebooted, the following method will be effective in solving the problem:
The hardware and RAM should be checked initially.
Boot the system once again using the OS setup CD, or use a boot setup that has a GUI like BartPE.
With RunScanner it is possible to use a memory test tool.
Select a single account
If all the accounts open then the system registry hive might be the problem.
Locate the hive damaged and rename it, do not delete it.
Create another hive from the backup or from the restore point.
Initially uses the latest one and keep checking the restore points that come later.
Avoiding harvesting any replacement hives from the hard drive booted Windows.
After which compare the hives for differences.
This is one of the ways of fixing BAD_POOL_CALLER errors. Another method is to reinstall the OS but occasionally shows a disk read error or an error on the same lines. Switching the computer off for a minute or more and then switching it on can solve it since the error is only a slight glitch in the system operation.

The BAD_POOL_CALLER is seen for the first time after installing a hardware or software it is recommended that the computer be restarted. If it doesn’t solve the problem, the installation of the hardware or software should be checked for correction. The manufacture should also be contacted if there are any Windows updates required to correct the error. If the problem persists the installed hardware and software should be disabled, and the BIOS memory options like caching or shadowing should be disabled too. The safe mode can be used as well to remove or stop components. To enable the safe mode just press F8 when the machine is being restarted and select it from the Advance Startup options and correct the problem. The installation of the graphics card is another reason the BAD_POOL_CALLER error shows up. A simple reinstallation of the driver can solve the problem. Microsoft has also acknowledged that the BAD_POOL_CALLER Stop 0xC2 error pops up when trying to print a document that contains a corrupt font. A hot fix is available at www.support.microsoft.com, where the telephone number can be acquired to contact support. The call to the support team is charged except if the support team has resolved that the update will solve the problem. The error message with relation to this parameter of the BAD_POOL_CALLER error is seen only in the Win2000 Professional, Server and Advanced Server Operating Systems.

i dont know if this applies....i will look forward to any ideas or suggestions from you all, thanks so so much for any help. it really means a lot.

chris
Game Researcher and Designer
http://3dworldandgamedevelopers.blogspot.com//
Admin
3D Worlds and Game Developers Group Linkedin

#8 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:10:29 AM

Posted 05 September 2008 - 07:07 PM

A heck of a lot of info to digest - but most of the errors seem related to memory or drivers - and they crash mostly in well known Windows processes (with a couple of the crashes related to game stuff).

Most game stuff (IME) has to do with either video or audio drivers - so they're candidates for replacement IMO.

Since there's a lot of memory problems I'd suggest running this free memory tester: http://www.memtest86.com/
Let it run for a minimum of 3 passes (overnight is better) - if it starts giving errors, stop the test and post back here.

If the memory test passes, then try enabling Driver Verifier. (Article here: http://support.microsoft.com/kb/244617 )

To do this, go to Start...Run...and type in "verifier" (without the quotes) and press Enter
Click Next to Create Standard Settings
Click Next to Automatically select unsigned drivers
Click Finish to accept the drivers that were selected and close the dialog.
Reboot.

The system will either BSOD immediately, or you'll have to work on it a bit before it BSOD's (we're hoping for the immediate BSOD).

Capture the dump file in Safe Mode, and then go back into Driver Verifier and (in the first screen) select the option to Delete existing settings. That'll stop Driver Verifier from running and should let you boot back into normal mode.

Normally this will identify the driver and no further steps will be needed. But, in my brief experiences with this, I've had one "failure" and had to run Driver Verifier with more restrictive settings - unfortunately the customer decided to format and reinstall, so I never got to run it that way.
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#9 CrisGer

CrisGer
  • Topic Starter

  • Members
  • 306 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Colorado and California
  • Local time:07:29 AM

Posted 06 September 2008 - 03:28 AM

Ok thanks very much. good i appreciate your looking things over, i did the detailed analysis of 2/3 of the bug reports, there were several i did not do.

ok, you ask me to run the mem test, got that.

then..... do the driver select thing and hopefully get a BSOD, and then.....

Capture the dump file in Safe Mode,

so you mean start up in safe mode and go looking for the dump of the error in the mini dump folder in SYSTEM ?

or did you mean for me to capture the dump file some other way? i just wanted to be sure, and i like to ask if i dont understand something. thanks

i wont be reformating under any circumastances, there are programs i dont want to re install. So we will follow this trhu under your direction as you suggest. :thumbsup:

chris
Game Researcher and Designer
http://3dworldandgamedevelopers.blogspot.com//
Admin
3D Worlds and Game Developers Group Linkedin

#10 CrisGer

CrisGer
  • Topic Starter

  • Members
  • 306 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Colorado and California
  • Local time:07:29 AM

Posted 06 September 2008 - 04:08 AM

OK, i dl the ISO for the mem test and booted it up in normal mode, and it started running but stopped pretty quickly with a general protection fault: I do not remember where to find the log for the report and there is NO FAQ with the download, they need to provide that for us i think

anyway, i copied down the top lines of code:

0:01:25 1025 M 84k e820-std on of std 0 passes o errors


unexpected interrupt Halting

type Gen_Prot

eax 00000000

there were a bunch of individual entries

and then the stack report:

0001b904 fbfbfbfb 0001b934 00000003
0001b908 00000000 0001b938 00000001
0001b90c
0001b910
0001b914
0001b918
0001b91c
0001b920
00010028
1b92c

so it stoppped. heading for bed, will check in in the am and will try to run that other test then.
Game Researcher and Designer
http://3dworldandgamedevelopers.blogspot.com//
Admin
3D Worlds and Game Developers Group Linkedin

#11 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:10:29 AM

Posted 06 September 2008 - 06:30 AM

To rule out an incompatibility between MemTest and your system, try running these other memory tests (you'll have a nice diagnostic CD collection by the time we're done:

Here's 2 free one's:
http://www.memtest.org/#downiso
http://oca.microsoft.com/en/windiag.asp

Usually if there's a problem running MemTest it usually turns out that there's another hardware problem that's causing it to crash. In their documentation there are references to CPU issues causing problems with MemTest. Although memory testers are designed to test memory, their workings are processed through other parts of the system - and problems there can affect the results.

The most common issue that I've seen (of this type) is from bad memory slots. They'll give memory errors that mimick bad memory. The way to rule them out is by moving the RAM around in the slots in different combinations to isolate the issue.

The first thing to do to "capture the dump file" is to check and see if the dump file was captured to the Minidump folder (if that's how your system is set). If not, then the error report may contain information on where in your Temporary files it has been saved prior to sending it to Microsoft. The whole point here is that you want to know where the dump file is before doing anything else. If you don't have it, then don't Delete existing settings in Driver Verifier
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#12 hamluis

hamluis

    Moderator


  • Moderator
  • 55,391 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:09:29 AM

Posted 06 September 2008 - 07:59 AM

FWIW: When I ran Memtest and came up with those general protection faults...the problem was the fact that my bus speed, even though it matched the stated speed of the RAM...was too fast for the modules involved.

The system would run fine with PC2100 memory, but would produce all sorts of errors with PC3200...even though the motherboard specs supported running PC3200.

Since I did not want to use PC2100, I went into my BIOS and adjusted my memory clock speed/CPU bus down...from 200Mhz to 166Mhz. The system now runs fine at this lower setting, using the PC3200 modules which were previously problematical.

From what I read, this happens with some systems and RAM modules.

Louis

#13 CrisGer

CrisGer
  • Topic Starter

  • Members
  • 306 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Colorado and California
  • Local time:07:29 AM

Posted 06 September 2008 - 06:44 PM

thanks USAMA
good news, i changed the settings so all my de bug files are saved in the mini dump, not sent in.

i found the dump log will copy as soon as i analyze and will run those other tests once my day work is done (i must run my research business daily and monitor a chat and a group on Linkedin that I am admin for in the middle of all of this plus run several projects lol) multasking is so much fun.

ok, and i had two more BSOD's just now, and they look interesting as well

hamluis, thanks, ys i read that Athion has some problems with this mem test that mimic other things they note that in the read me....and moving mem slots and changing the speed are two things i read about in my research before coming here....tho i am not skilled enough to do either, i have a trusted tech that has saved this system three times already and i am sure he can follow suggestions from you guys...

ok, here is the general fault from last night running the memory test: looks like Pool Corruption


Microsoft ® Windows Debugger Version 6.9.0003.113 X86
Copyright © Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Documents and Settings\Chris\Desktop\Mini090508-02.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_gdr.070227-2254
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805533a0
Debug session time: Fri Sep 5 02:10:07.953 2008 (GMT-6)
System Uptime: 0 days 0:12:39.593
Loading Kernel Symbols
............................................................................................................................................................
Loading User Symbols
Loading unloaded module list
...........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 100000C5, {52647541, 2, 1, 80543a5c}

Unable to load image ctaud2k.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ctaud2k.sys
*** ERROR: Module load completed but symbols could not be loaded for ctaud2k.sys
Probably caused by : Pool_Corruption ( nt!ExDeferredFreePool+156 )

Followup: Pool_corruption
---------

kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

DRIVER_CORRUPTED_EXPOOL (c5)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is
caused by drivers that have corrupted the system pool. Run the driver
verifier against any new (or suspect) drivers, and if that doesn't turn up
the culprit, then use gflags to enable special pool.
Arguments:
Arg1: 52647541, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, value 0 = read operation, 1 = write operation
Arg4: 80543a5c, address which referenced memory

Debugging Details:
------------------


BUGCHECK_STR: 0xC5_2

CURRENT_IRQL: 2

FAULTING_IP:
nt!ExDeferredFreePool+156
80543a5c 8913 mov dword ptr [ebx],edx

CUSTOMER_CRASH_COUNT: 2

DEFAULT_BUCKET_ID: DRIVER_FAULT

PROCESS_NAME: iexplore.exe

LAST_CONTROL_TRANSFER: from 8054406f to 80543a5c

STACK_TEXT:
b9cbb758 8054406f 84a80350 84a8a1a8 84a8a1a0 nt!ExDeferredFreePool+0x156
b9cbb798 80544277 84a8a1a0 00000000 b9cbb7b8 nt!ExFreePoolWithTag+0x489
b9cbb7a8 baa3dca7 84a8a1a0 84a8a1ac b9cbb7cc nt!ExFreePool+0xf
b9cbb7b8 baa3dd9a 00000001 00000000 861c7a08 portcls!CIrpStream::`scalar deleting destructor'+0x1a
b9cbb7cc baa3d870 84a8a1a8 b9cbb7f0 baa4ed55 portcls!CUnknown::NonDelegatingRelease+0x24
b9cbb7d8 baa4ed55 84a8a1a0 86051738 85f88240 portcls!CIrpStream::Release+0x11
b9cbb7f0 baa4e25a 00000000 86051680 88314f48 portcls!CPortPinWavePci::Close+0x116
b9cbb810 bab130fc 860b7038 88314f48 b9cbb838 portcls!DispatchClose+0x39
b9cbb820 baa4d880 86051680 88314f48 86051680 ks!KsDispatchIrp+0x71
b9cbb838 baa4d841 86051680 88314f48 b9cbb88c portcls!KsoDispatchIrp+0x43
b9cbb848 f66d64de 86051680 88314f48 8607ab10 portcls!PcDispatchIrp+0x5f
WARNING: Stack unwind information not available. Following frames may be wrong.
b9cbb88c 80577f46 84c1d160 84c1d150 00000000 ctaud2k+0x554de
b9cbb8c4 805af80f 00c1d178 84c1d160 00000000 nt!IopDeleteFile+0x132
b9cbb8e0 8052201d 84c1d178 00000000 80543be6 nt!ObpRemoveObjectRoutine+0xdf
b9cbb904 b8bf7a16 84ab3180 84b4e840 84bd4700 nt!ObfDereferenceObject+0x5f
b9cbb924 bab13737 84ab3180 88524f48 b9cbb968 kmixer!PinDispatchClose+0x336
b9cbb934 804edfe3 84ab3180 88524f48 806d02e8 ks!DispatchClose+0x32
b9cbb944 8064b8a8 88524f58 88524f48 84bd47d0 nt!IopfCallDriver+0x31
b9cbb968 80577f46 84bd47b8 84bd47a8 00000000 nt!IovCallDriver+0xa0
b9cbb9a0 805af80f 00bd47d0 84bd47b8 00000000 nt!IopDeleteFile+0x132
b9cbb9bc 8052201d 84bd47d0 00000000 80543be6 nt!ObpRemoveObjectRoutine+0xdf
b9cbb9e0 b8bf79ca 84ab3180 84b4e840 84b62e00 nt!ObfDereferenceObject+0x5f
b9cbba00 bab13737 84ab3180 87e12f48 b9cbba44 kmixer!PinDispatchClose+0x2ea
b9cbba10 804edfe3 84ab3180 87e12f48 806d02e8 ks!DispatchClose+0x32
b9cbba20 8064b8a8 87e12f58 87e12f48 84b62e78 nt!IopfCallDriver+0x31
b9cbba44 80577f46 84b62e60 84b62e50 00000000 nt!IovCallDriver+0xa0
b9cbba7c 805af80f 00b62e78 84b62e60 00000000 nt!IopDeleteFile+0x132
b9cbba98 8052201d 84b62e78 00000000 80521fbe nt!ObpRemoveObjectRoutine+0xdf
b9cbbabc f709a135 85e8c8d0 e66b6660 f7098ba2 nt!ObfDereferenceObject+0x5f
b9cbbac8 f7098ba2 8739ee90 b9cbbae4 f709935c sysaudio!CInstance::~CInstance+0x28
b9cbbad4 f709935c 00000001 85eedc38 b9cbbaf4 sysaudio!CPinInstance::`scalar deleting destructor'+0xd
b9cbbae4 bab13737 85e8c8d0 8739ee90 b9cbbb28 sysaudio!CPinInstance::PinDispatchClose+0x26
b9cbbaf4 804edfe3 85e8c8d0 8739ee90 806d02e8 ks!DispatchClose+0x32
b9cbbb04 8064b8a8 8739eea0 8739ee90 84c1d220 nt!IopfCallDriver+0x31
b9cbbb28 80577f46 84c1d208 84c1d1f8 00000000 nt!IovCallDriver+0xa0
b9cbbb60 805af80f 00c1d220 84c1d208 00000000 nt!IopDeleteFile+0x132
b9cbbb7c 8052201d 84c1d220 00000000 84aae000 nt!ObpRemoveObjectRoutine+0xdf
b9cbbba0 b9fb8e7f b9cbbbbc b9fb8e4e 84aae000 nt!ObfDereferenceObject+0x5f
b9cbbba8 b9fb8e4e 84aae000 84c1d220 84aae0ac wdmaud!CloseSysAudio+0xe
b9cbbbbc b9fb8ec3 864d2370 84a622e0 b9cbbbe8 wdmaud!CloseWavePin+0x1f
b9cbbbcc b9fb8e21 84aae08c 032b3a48 00000000 wdmaud!CloseTheWavePin+0x3e
b9cbbbe8 b9fb843e 87880f48 84aae000 00000000 wdmaud!Dispatch_ClosePin+0x82
b9cbbc10 804edfe3 00000000 84aae000 806d02e8 wdmaud!SoundDispatch+0x1d7
b9cbbc20 8064b8a8 84c18cf0 806d02d0 87880f48 nt!IopfCallDriver+0x31
b9cbbc44 80573dce 87880fdc 85fb5338 87880f48 nt!IovCallDriver+0xa0
b9cbbc58 80574c5d 85f24198 87880f48 85fb5338 nt!IopSynchronousServiceTail+0x60
b9cbbd00 8056d5ba 00000588 00000420 00000000 nt!IopXxxControlFile+0x5e7
b9cbbd34 8053ca28 00000588 00000420 00000000 nt!NtDeviceIoControlFile+0x2a
b9cbbd34 7c90eb94 00000588 00000420 00000000 nt!KiFastCallEntry+0xf8
06f1fd7c 00000000 00000000 00000000 00000000 0x7c90eb94


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!ExDeferredFreePool+156
80543a5c 8913 mov dword ptr [ebx],edx

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: nt!ExDeferredFreePool+156

FOLLOWUP_NAME: Pool_corruption

IMAGE_NAME: Pool_Corruption

DEBUG_FLR_IMAGE_TIMESTAMP: 0

MODULE_NAME: Pool_Corruption

FAILURE_BUCKET_ID: 0xC5_2_nt!ExDeferredFreePool+156

BUCKET_ID: 0xC5_2_nt!ExDeferredFreePool+156

Followup: Pool_corruption
---------

kd> lmvm Pool_Corruption
start end module name




==============================================================

and here are the two BSOD's from today


Microsoft ® Windows Debugger Version 6.9.0003.113 X86
Copyright © Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Documents and Settings\Chris\Desktop\Mini090608-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_gdr.070227-2254
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805533a0
Debug session time: Sat Sep 6 17:14:40.843 2008 (GMT-6)
System Uptime: 0 days 5:24:49.487
Loading Kernel Symbols
............................................................................................................................................................
Loading User Symbols
Loading unloaded module list
..................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000000A, {d293232, 2, 0, 80533986}

Probably caused by : ntkrnlpa.exe ( nt!ExpGetProcessInformation+15c )

Followup: MachineOwner
---------

kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0d293232, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: 80533986, address which referenced memory

Debugging Details:
------------------


READ_ADDRESS: 0d293232

CURRENT_IRQL: 2

FAULTING_IP:
nt!ExpGetProcessInformation+15c
80533986 8b3f mov edi,dword ptr [edi]

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0xA

PROCESS_NAME: outpost.exe

LAST_CONTROL_TRANSFER: from 80606d0c to 80533986

STACK_TEXT:
f1807b04 80606d0c 000b2398 00008000 f1807d30 nt!ExpGetProcessInformation+0x15c
f1807d4c 8053ca28 00000005 000b2398 00008000 nt!NtQuerySystemInformation+0x728
f1807d4c 7c90eb94 00000005 000b2398 00008000 nt!KiFastCallEntry+0xf8
WARNING: Frame IP not in any known module. Following frames may be wrong.
003ef9dc 00000000 00000000 00000000 00000000 0x7c90eb94


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!ExpGetProcessInformation+15c
80533986 8b3f mov edi,dword ptr [edi]

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: nt!ExpGetProcessInformation+15c

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntkrnlpa.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 45e53f9c

FAILURE_BUCKET_ID: 0xA_nt!ExpGetProcessInformation+15c

BUCKET_ID: 0xA_nt!ExpGetProcessInformation+15c

Followup: MachineOwner
---------

kd> lmvm nt
start end module name
804d7000 806cd580 nt # (pdb symbols) c:\symbols\ntkrnlpa.pdb\F612363DB38C423CB08559DDBCA9F2F71\ntkrnlpa.pdb
Loaded symbol image file: ntkrnlpa.exe
Mapped memory image file: c:\symbols\ntkrnlpa.exe\45E53F9C1f6580\ntkrnlpa.exe
Image path: ntkrnlpa.exe
Image name: ntkrnlpa.exe
Timestamp: Wed Feb 28 01:38:52 2007 (45E53F9C)
CheckSum: 00200031
ImageSize: 001F6580
File version: 5.1.2600.3093
Product version: 5.1.2600.3093
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 1.0 App
File date: 00000000.00000000
Translations: 0411.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: ntkrnlpa.exe
OriginalFilename: ntkrnlpa.exe
ProductVersion: 5.1.2600.3093
FileVersion: 5.1.2600.3093 (xpsp_sp2_gdr.070227-2254)
FileDescription: NT Kernel & System
LegalCopyright: © Microsoft Corporation. All rights reserved.
=====================================================================



Microsoft ® Windows Debugger Version 6.9.0003.113 X86
Copyright © Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Documents and Settings\Chris\Desktop\Mini090608-02.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_gdr.070227-2254
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805533a0
Debug session time: Sat Sep 6 17:22:24.703 2008 (GMT-6)
System Uptime: 0 days 0:06:59.335
Loading Kernel Symbols
............................................................................................................................................................
Loading User Symbols
Loading unloaded module list
..........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck C2, {7, c3e, 5b55, 84bac4a8}

GetUlongFromAddress: unable to read from 8055b8f0
*** WARNING: Unable to verify timestamp for PROTECT.DLL
*** ERROR: Module load completed but symbols could not be loaded for PROTECT.DLL
*** WARNING: Unable to verify timestamp for HTTPFILT.DLL
*** ERROR: Module load completed but symbols could not be loaded for HTTPFILT.DLL
*** WARNING: Unable to verify timestamp for MAILFILT.DLL
*** ERROR: Module load completed but symbols could not be loaded for MAILFILT.DLL
*** WARNING: Unable to verify timestamp for ADBLOCK.DLL
*** ERROR: Module load completed but symbols could not be loaded for ADBLOCK.DLL
*** WARNING: Unable to verify timestamp for atksgt.sys
*** ERROR: Module load completed but symbols could not be loaded for atksgt.sys
*** WARNING: Unable to verify timestamp for SI3112r.sys
*** ERROR: Module load completed but symbols could not be loaded for SI3112r.sys
*** WARNING: Unable to verify timestamp for nvatabus.sys
*** ERROR: Module load completed but symbols could not be loaded for nvatabus.sys
*** WARNING: Unable to verify timestamp for sptd.sys
*** ERROR: Module load completed but symbols could not be loaded for sptd.sys
*** WARNING: Unable to verify timestamp for nv4_disp.dll
*** ERROR: Module load completed but symbols could not be loaded for nv4_disp.dll
*** WARNING: Unable to verify timestamp for ATMFD.DLL
*** ERROR: Module load completed but symbols could not be loaded for ATMFD.DLL
*** WARNING: Unable to verify timestamp for dump_SI3112r.sys
*** ERROR: Module load completed but symbols could not be loaded for dump_SI3112r.sys
*** WARNING: Unable to verify timestamp for avg7rsxp.sys
*** ERROR: Module load completed but symbols could not be loaded for avg7rsxp.sys
*** WARNING: Unable to verify timestamp for avg7core.sys
*** ERROR: Module load completed but symbols could not be loaded for avg7core.sys
*** WARNING: Unable to verify timestamp for FILTNT.SYS
*** ERROR: Module load completed but symbols could not be loaded for FILTNT.SYS
*** WARNING: Unable to verify timestamp for lirsgt.sys
*** ERROR: Module load completed but symbols could not be loaded for lirsgt.sys
*** WARNING: Unable to verify timestamp for X4HSX32.Sys
*** ERROR: Module load completed but symbols could not be loaded for X4HSX32.Sys
*** WARNING: Unable to verify timestamp for IMAPFILT.DLL
*** ERROR: Module load completed but symbols could not be loaded for IMAPFILT.DLL
*** WARNING: Unable to verify timestamp for DNSCACHE.DLL
*** ERROR: Module load completed but symbols could not be loaded for DNSCACHE.DLL
*** WARNING: Unable to verify timestamp for ElbyCDIO.sys
*** ERROR: Module load completed but symbols could not be loaded for ElbyCDIO.sys
*** WARNING: Unable to verify timestamp for ctac32k.sys
*** ERROR: Module load completed but symbols could not be loaded for ctac32k.sys
*** WARNING: Unable to verify timestamp for ctsfm2k.sys
*** ERROR: Module load completed but symbols could not be loaded for ctsfm2k.sys
*** WARNING: Unable to verify timestamp for NNTPFILT.DLL
*** ERROR: Module load completed but symbols could not be loaded for NNTPFILT.DLL
*** WARNING: Unable to verify timestamp for FTPFILT.DLL
*** ERROR: Module load completed but symbols could not be loaded for FTPFILT.DLL
*** WARNING: Unable to verify timestamp for POP3FILT.DLL
*** ERROR: Module load completed but symbols could not be loaded for POP3FILT.DLL
*** WARNING: Unable to verify timestamp for HTMLFILT.DLL
*** ERROR: Module load completed but symbols could not be loaded for HTMLFILT.DLL
*** WARNING: Unable to verify timestamp for emupia2k.sys
*** ERROR: Module load completed but symbols could not be loaded for emupia2k.sys
*** WARNING: Unable to verify timestamp for ha10kx2k.sys
*** ERROR: Module load completed but symbols could not be loaded for ha10kx2k.sys
*** WARNING: Unable to verify timestamp for hap16v2k.sys
*** ERROR: Module load completed but symbols could not be loaded for hap16v2k.sys
*** WARNING: Unable to verify timestamp for am9hz5q9.SYS
*** ERROR: Module load completed but symbols could not be loaded for am9hz5q9.SYS
*** WARNING: Unable to verify timestamp for yk51x86.sys
*** ERROR: Module load completed but symbols could not be loaded for yk51x86.sys
*** WARNING: Unable to verify timestamp for ctoss2k.sys
*** ERROR: Module load completed but symbols could not be loaded for ctoss2k.sys
*** WARNING: Unable to verify timestamp for ctaud2k.sys
*** ERROR: Module load completed but symbols could not be loaded for ctaud2k.sys
*** WARNING: Unable to verify timestamp for nv4_mini.sys
*** ERROR: Module load completed but symbols could not be loaded for nv4_mini.sys
*** WARNING: Unable to verify timestamp for drmk.sys
*** ERROR: Module load completed but symbols could not be loaded for drmk.sys
*** WARNING: Unable to verify timestamp for si3112.sys
*** ERROR: Module load completed but symbols could not be loaded for si3112.sys
*** WARNING: Unable to verify timestamp for PxHelp20.sys
*** ERROR: Module load completed but symbols could not be loaded for PxHelp20.sys
*** WARNING: Unable to verify timestamp for nv_agp.sys
*** ERROR: Module load completed but symbols could not be loaded for nv_agp.sys
*** WARNING: Unable to verify timestamp for ElbyCDFL.sys
*** ERROR: Module load completed but symbols could not be loaded for ElbyCDFL.sys
*** WARNING: Unable to verify timestamp for GEARAspiWDM.sys
*** ERROR: Module load completed but symbols could not be loaded for GEARAspiWDM.sys
*** WARNING: Unable to verify timestamp for ctprxy2k.sys
*** ERROR: Module load completed but symbols could not be loaded for ctprxy2k.sys
*** WARNING: Unable to verify timestamp for SiWinAcc.sys
*** ERROR: Module load completed but symbols could not be loaded for SiWinAcc.sys
*** WARNING: Unable to verify timestamp for avgtdi.sys
*** ERROR: Module load completed but symbols could not be loaded for avgtdi.sys
*** WARNING: Unable to verify timestamp for enodpl.sys
*** ERROR: Module load completed but symbols could not be loaded for enodpl.sys
*** WARNING: Unable to verify timestamp for tandpl.sys
*** ERROR: Module load completed but symbols could not be loaded for tandpl.sys
*** WARNING: Unable to verify timestamp for avg7rsw.sys
*** ERROR: Module load completed but symbols could not be loaded for avg7rsw.sys
*** WARNING: Unable to verify timestamp for CONTENT.DLL
*** ERROR: Module load completed but symbols could not be loaded for CONTENT.DLL
*** WARNING: Unable to verify timestamp for avgclean.sys
*** ERROR: Module load completed but symbols could not be loaded for avgclean.sys
GetUlongFromAddress: unable to read from 8055b8f0
Probably caused by : ntkrnlpa.exe ( nt!ExFreePoolWithTag+2a0 )

Followup: MachineOwner
---------

kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

BAD_POOL_CALLER (c2)
The current thread is making a bad pool request. Typically this is at a bad IRQL level or double freeing the same allocation, etc.
Arguments:
Arg1: 00000007, Attempt to free pool which was already freed
Arg2: 00000c3e, (reserved)
Arg3: 00005b55, Memory contents of the pool block
Arg4: 84bac4a8, Address of the block of pool being deallocated

Debugging Details:
------------------

GetUlongFromAddress: unable to read from 8055b8f0
GetUlongFromAddress: unable to read from 8055b8f0

POOL_ADDRESS: 84bac4a8

BUGCHECK_STR: 0xc2_7

CUSTOMER_CRASH_COUNT: 2

DEFAULT_BUCKET_ID: DRIVER_FAULT

PROCESS_NAME: wuauclt.exe

LAST_CONTROL_TRANSFER: from 80543e86 to 804f8aef

STACK_TEXT:
ba0c2ad8 80543e86 000000c2 00000007 00000c3e nt!KeBugCheckEx+0x1b
ba0c2b28 8050759f 84bac4a8 00000000 84caa020 nt!ExFreePoolWithTag+0x2a0
ba0c2b58 80507eb8 fffffffe 84b5ed30 84bac4a8 nt!MiSegmentDelete+0x329
ba0c2b7c 805166b9 84bac4a8 84caa020 84caa001 nt!MiCheckControlArea+0x1b4
ba0c2c24 8050fa73 84caa020 84b5ed30 84caa158 nt!MiRemoveMappedView+0x26d
ba0c2c60 805c74d4 01caa020 84cdb3c8 84cdb610 nt!MmCleanProcessAddressSpace+0x1fb
ba0c2d08 805c7696 00000000 84cdb3c8 00000000 nt!PspExitThread+0x680
ba0c2d28 805c7871 84cdb3c8 00000000 ba0c2d64 nt!PspTerminateThreadByPointer+0x52
ba0c2d54 8053ca28 00000000 00000000 0007fef4 nt!NtTerminateProcess+0x105
ba0c2d54 7c90eb94 00000000 00000000 0007fef4 nt!KiFastCallEntry+0xf8
WARNING: Frame IP not in any known module. Following frames may be wrong.
0007fef4 00000000 00000000 00000000 00000000 0x7c90eb94


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!ExFreePoolWithTag+2a0
80543e86 8b45f8 mov eax,dword ptr [ebp-8]

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: nt!ExFreePoolWithTag+2a0

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntkrnlpa.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 45e53f9c

FAILURE_BUCKET_ID: 0xc2_7_nt!ExFreePoolWithTag+2a0

BUCKET_ID: 0xc2_7_nt!ExFreePoolWithTag+2a0

Followup: MachineOwner
---------

kd> lmvm nt
start end module name
804d7000 806cd580 nt # (pdb symbols) c:\symbols\ntkrnlpa.pdb\F612363DB38C423CB08559DDBCA9F2F71\ntkrnlpa.pdb
Loaded symbol image file: ntkrnlpa.exe
Mapped memory image file: c:\symbols\ntkrnlpa.exe\45E53F9C1f6580\ntkrnlpa.exe
Image path: ntkrnlpa.exe
Image name: ntkrnlpa.exe
Timestamp: Wed Feb 28 01:38:52 2007 (45E53F9C)
CheckSum: 00200031
ImageSize: 001F6580
File version: 5.1.2600.3093
Product version: 5.1.2600.3093
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 1.0 App
File date: 00000000.00000000
Translations: 0411.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: ntkrnlpa.exe
OriginalFilename: ntkrnlpa.exe
ProductVersion: 5.1.2600.3093
FileVersion: 5.1.2600.3093 (xpsp_sp2_gdr.070227-2254)
FileDescription: NT Kernel & System
LegalCopyright: © Microsoft Corporation. All rights reserved.
Game Researcher and Designer
http://3dworldandgamedevelopers.blogspot.com//
Admin
3D Worlds and Game Developers Group Linkedin

#14 CrisGer

CrisGer
  • Topic Starter

  • Members
  • 306 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Colorado and California
  • Local time:07:29 AM

Posted 06 September 2008 - 06:52 PM

the faults occur when i try to run too many programs at once. At least the first main fault does. Then like today, when i just ran IE, it faulted a second time, with only normal systems ops.

the only major thing i did that may have triggered this was load a package of about 30 old dll's for trying to run some older game titles. that was a mistake i think, and i may have to weed them out. I see some dlls causing problems i think.

ok will run mem test again at days end today. thanks so much for the help and let me konw if you get any clues from the general fault running the mem text last night.

btw that first laternative mem tester was the one i ran, Memtext 86 and that was the one that faulted...., i think already. But i haven t run the Windows one yet. will do.

I did try dl an older version of the Mem 86 and will try that too.

thanks agian for the help MUCH APPRECITED.

Edited by CrisGer, 06 September 2008 - 06:53 PM.

Game Researcher and Designer
http://3dworldandgamedevelopers.blogspot.com//
Admin
3D Worlds and Game Developers Group Linkedin

#15 CrisGer

CrisGer
  • Topic Starter

  • Members
  • 306 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Colorado and California
  • Local time:07:29 AM

Posted 06 September 2008 - 08:14 PM

Latest: whatever ntkrnlpa.exe is


Microsoft ® Windows Debugger Version 6.9.0003.113 X86
Copyright © Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini090608-03.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_gdr.070227-2254
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805533a0
Debug session time: Sat Sep 6 19:06:55.765 2008 (GMT-6)
System Uptime: 0 days 1:43:58.405
Loading Kernel Symbols
............................................................................................................................................................
Loading User Symbols
Loading unloaded module list
..............
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck C2, {7, c3e, 43ea, 860746c8}

GetUlongFromAddress: unable to read from 8055b8f0
*** WARNING: Unable to verify timestamp for ADBLOCK.DLL
*** ERROR: Module load completed but symbols could not be loaded for ADBLOCK.DLL
*** WARNING: Unable to verify timestamp for PROTECT.DLL
*** ERROR: Module load completed but symbols could not be loaded for PROTECT.DLL
*** WARNING: Unable to verify timestamp for MAILFILT.DLL
*** ERROR: Module load completed but symbols could not be loaded for MAILFILT.DLL
*** WARNING: Unable to verify timestamp for atksgt.sys
*** ERROR: Module load completed but symbols could not be loaded for atksgt.sys
*** WARNING: Unable to verify timestamp for HTTPFILT.DLL
*** ERROR: Module load completed but symbols could not be loaded for HTTPFILT.DLL
*** WARNING: Unable to verify timestamp for dump_SI3112r.sys
*** ERROR: Module load completed but symbols could not be loaded for dump_SI3112r.sys
*** WARNING: Unable to verify timestamp for avg7core.sys
*** ERROR: Module load completed but symbols could not be loaded for avg7core.sys
*** WARNING: Unable to verify timestamp for ctoss2k.sys
*** ERROR: Module load completed but symbols could not be loaded for ctoss2k.sys
*** WARNING: Unable to verify timestamp for SI3112r.sys
*** ERROR: Module load completed but symbols could not be loaded for SI3112r.sys
*** WARNING: Unable to verify timestamp for nvatabus.sys
*** ERROR: Module load completed but symbols could not be loaded for nvatabus.sys
*** WARNING: Unable to verify timestamp for sptd.sys
*** ERROR: Module load completed but symbols could not be loaded for sptd.sys
*** WARNING: Unable to verify timestamp for nv4_disp.dll
*** ERROR: Module load completed but symbols could not be loaded for nv4_disp.dll
*** WARNING: Unable to verify timestamp for ATMFD.DLL
*** ERROR: Module load completed but symbols could not be loaded for ATMFD.DLL
*** WARNING: Unable to verify timestamp for FILTNT.SYS
*** ERROR: Module load completed but symbols could not be loaded for FILTNT.SYS
*** WARNING: Unable to verify timestamp for ElbyCDIO.sys
*** ERROR: Module load completed but symbols could not be loaded for ElbyCDIO.sys
*** WARNING: Unable to verify timestamp for avg7rsxp.sys
*** ERROR: Module load completed but symbols could not be loaded for avg7rsxp.sys
*** WARNING: Unable to verify timestamp for IMAPFILT.DLL
*** ERROR: Module load completed but symbols could not be loaded for IMAPFILT.DLL
*** WARNING: Unable to verify timestamp for FTPFILT.DLL
*** ERROR: Module load completed but symbols could not be loaded for FTPFILT.DLL
*** WARNING: Unable to verify timestamp for avg7rsw.sys
*** ERROR: Module load completed but symbols could not be loaded for avg7rsw.sys
*** WARNING: Unable to verify timestamp for POP3FILT.DLL
*** ERROR: Module load completed but symbols could not be loaded for POP3FILT.DLL
*** WARNING: Unable to verify timestamp for DNSCACHE.DLL
*** ERROR: Module load completed but symbols could not be loaded for DNSCACHE.DLL
*** WARNING: Unable to verify timestamp for HTMLFILT.DLL
*** ERROR: Module load completed but symbols could not be loaded for HTMLFILT.DLL
*** WARNING: Unable to verify timestamp for avgclean.sys
*** ERROR: Module load completed but symbols could not be loaded for avgclean.sys
*** WARNING: Unable to verify timestamp for CONTENT.DLL
*** ERROR: Module load completed but symbols could not be loaded for CONTENT.DLL
*** WARNING: Unable to verify timestamp for ctac32k.sys
*** ERROR: Module load completed but symbols could not be loaded for ctac32k.sys
*** WARNING: Unable to verify timestamp for ctsfm2k.sys
*** ERROR: Module load completed but symbols could not be loaded for ctsfm2k.sys
*** WARNING: Unable to verify timestamp for emupia2k.sys
*** ERROR: Module load completed but symbols could not be loaded for emupia2k.sys
*** WARNING: Unable to verify timestamp for ha10kx2k.sys
*** ERROR: Module load completed but symbols could not be loaded for ha10kx2k.sys
*** WARNING: Unable to verify timestamp for hap16v2k.sys
*** ERROR: Module load completed but symbols could not be loaded for hap16v2k.sys
*** WARNING: Unable to verify timestamp for X4HSX32.Sys
*** ERROR: Module load completed but symbols could not be loaded for X4HSX32.Sys
*** WARNING: Unable to verify timestamp for a4zuqilz.SYS
*** ERROR: Module load completed but symbols could not be loaded for a4zuqilz.SYS
*** WARNING: Unable to verify timestamp for yk51x86.sys
*** ERROR: Module load completed but symbols could not be loaded for yk51x86.sys
*** WARNING: Unable to verify timestamp for ctaud2k.sys
*** ERROR: Module load completed but symbols could not be loaded for ctaud2k.sys
*** WARNING: Unable to verify timestamp for nv4_mini.sys
*** ERROR: Module load completed but symbols could not be loaded for nv4_mini.sys
*** WARNING: Unable to verify timestamp for si3112.sys
*** ERROR: Module load completed but symbols could not be loaded for si3112.sys
*** WARNING: Unable to verify timestamp for PxHelp20.sys
*** ERROR: Module load completed but symbols could not be loaded for PxHelp20.sys
*** WARNING: Unable to verify timestamp for drmk.sys
*** ERROR: Module load completed but symbols could not be loaded for drmk.sys
*** WARNING: Unable to verify timestamp for nv_agp.sys
*** ERROR: Module load completed but symbols could not be loaded for nv_agp.sys
*** WARNING: Unable to verify timestamp for lirsgt.sys
*** ERROR: Module load completed but symbols could not be loaded for lirsgt.sys
*** WARNING: Unable to verify timestamp for ElbyCDFL.sys
*** ERROR: Module load completed but symbols could not be loaded for ElbyCDFL.sys
*** WARNING: Unable to verify timestamp for GEARAspiWDM.sys
*** ERROR: Module load completed but symbols could not be loaded for GEARAspiWDM.sys
*** WARNING: Unable to verify timestamp for ctprxy2k.sys
*** ERROR: Module load completed but symbols could not be loaded for ctprxy2k.sys
*** WARNING: Unable to verify timestamp for SiWinAcc.sys
*** ERROR: Module load completed but symbols could not be loaded for SiWinAcc.sys
*** WARNING: Unable to verify timestamp for tandpl.sys
*** ERROR: Module load completed but symbols could not be loaded for tandpl.sys
*** WARNING: Unable to verify timestamp for NNTPFILT.DLL
*** ERROR: Module load completed but symbols could not be loaded for NNTPFILT.DLL
*** WARNING: Unable to verify timestamp for enodpl.sys
*** ERROR: Module load completed but symbols could not be loaded for enodpl.sys
*** WARNING: Unable to verify timestamp for avgtdi.sys
*** ERROR: Module load completed but symbols could not be loaded for avgtdi.sys
GetUlongFromAddress: unable to read from 8055b8f0
Probably caused by : ntkrnlpa.exe ( nt!ExFreePoolWithTag+2a0 )

Followup: MachineOwner
---------

kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

BAD_POOL_CALLER (c2)
The current thread is making a bad pool request. Typically this is at a bad IRQL level or double freeing the same allocation, etc.
Arguments:
Arg1: 00000007, Attempt to free pool which was already freed
Arg2: 00000c3e, (reserved)
Arg3: 000043ea, Memory contents of the pool block
Arg4: 860746c8, Address of the block of pool being deallocated

Debugging Details:
------------------

GetUlongFromAddress: unable to read from 8055b8f0
GetUlongFromAddress: unable to read from 8055b8f0

POOL_ADDRESS: 860746c8

BUGCHECK_STR: 0xc2_7

CUSTOMER_CRASH_COUNT: 3

DEFAULT_BUCKET_ID: DRIVER_FAULT

PROCESS_NAME: System

LAST_CONTROL_TRANSFER: from 80543e86 to 804f8aef

STACK_TEXT:
f78eed0c 80543e86 000000c2 00000007 00000c3e nt!KeBugCheckEx+0x1b
f78eed5c 8050759f 860746c8 00000000 80557a34 nt!ExFreePoolWithTag+0x2a0
f78eed8c 80508af6 e1bc1e50 00000000 865c0da8 nt!MiSegmentDelete+0x329
f78eedac 805c4cce 00000000 00000000 00000000 nt!MiDereferenceSegmentThread+0x9e
f78eeddc 805411c2 80508a58 00000000 00000000 nt!PspSystemThreadStartup+0x34
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!ExFreePoolWithTag+2a0
80543e86 8b45f8 mov eax,dword ptr [ebp-8]

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: nt!ExFreePoolWithTag+2a0

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntkrnlpa.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 45e53f9c

FAILURE_BUCKET_ID: 0xc2_7_nt!ExFreePoolWithTag+2a0

BUCKET_ID: 0xc2_7_nt!ExFreePoolWithTag+2a0

Followup: MachineOwner
---------

kd> lmvm nt
start end module name
804d7000 806cd580 nt # (pdb symbols) c:\symbols\ntkrnlpa.pdb\F612363DB38C423CB08559DDBCA9F2F71\ntkrnlpa.pdb
Loaded symbol image file: ntkrnlpa.exe
Mapped memory image file: c:\symbols\ntkrnlpa.exe\45E53F9C1f6580\ntkrnlpa.exe
Image path: ntkrnlpa.exe
Image name: ntkrnlpa.exe
Timestamp: Wed Feb 28 01:38:52 2007 (45E53F9C)
CheckSum: 00200031
ImageSize: 001F6580
File version: 5.1.2600.3093
Product version: 5.1.2600.3093
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 1.0 App
File date: 00000000.00000000
Translations: 0411.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: ntkrnlpa.exe
OriginalFilename: ntkrnlpa.exe
ProductVersion: 5.1.2600.3093
FileVersion: 5.1.2600.3093 (xpsp_sp2_gdr.070227-2254)
FileDescription: NT Kernel & System
LegalCopyright: © Microsoft Corporation. All rights reserved.
Game Researcher and Designer
http://3dworldandgamedevelopers.blogspot.com//
Admin
3D Worlds and Game Developers Group Linkedin




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users