Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Seemingly random crashes: Please Help!?


  • Please log in to reply
16 replies to this topic

#1 jmillerdls

jmillerdls

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 19 October 2008 - 04:10 PM

This has been happening for about a week now (I've been trying things and just can't get it to stop). My computer (seemingly at random), restarts itself.

When Windows (XP), comes back up, I get the box "The system has recovered from a serious error." I click Send Error Report. It says something about not knowing what the specific problem is, but that it could be because of a device driver.

When searching on a search engine with my symptoms, the common theme for the problem seems to be device drivers as well. So, that was what I tried to fix. I updated my sound and video card drivers. I downloaded software (Driver Genius), which suggests driver upgrades...and upgraded all the suggestions. I've gone into control panel and turned off audio hardware acceleration. Nothing works.

The restarts can happen when I'm watching video and surfing the web, it always happens at least once while I'm sleeping and the computer is doing essentially nothing. It isn't a temp issue because SpeedFan tells me my comp temperature at all times (and as mentioned, it will restart in the middle of the night when nothing is happening).

I read on another forum about how using minidump files can help figure out the problem, but I don't know what that is. Can anyone help me? Can you suggest what I can try next? Can you direct me to some information I can give that will help you help me? Thanks for any advice.

BC AdBot (Login to Remove)

 


m

#2 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,077 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:03:22 PM

Posted 19 October 2008 - 04:22 PM

A device driver can be the current version and still be corrupted.
There are many, many device drivers on your system - and finding the right one can be a challenge.
And sometimes you can reinstall the correct one - and still not fix it (because some drivers leave traces behind when they're uninstalled).

So that's where the minidump files (they are one form of a memory dump file) come in handy. An analysis of them may help - but the exact description of the error message will help also. If you don't have it handy don't worry - it's stored in the memory dump files.

So, let's move onto the analysis of the memory dump files. Here's a draft of how to analyze them. It may seem intimidating, but just follow through it step-by-step and it'll work out for you. If you've got any questions, just post back and ask - and we'll answer them the best that we can.

INTRODUCTION: A memory dump is what happens when Windows crashes. The memory is dumped into the pagefile and saved for the next reboot. Once Windows reboots, it reclaims the memory dump data from the pagefile and saves it to a file (usually ending in .dmp). Analyzing these dump files can help to figure out what's causing your system to crash. While they don't offer a "sure" fix, they provide clues to the cause of the crash so that we can work on fixing them. In my experience most system crashes are caused by faulty/corrupted drivers, malware, or hardware failures (in that order).

Step 1: The first thing to do when your system crashes is to reboot - that'll save the memory dump file so it's able to be accessed. Windows may ask permission to send the file for online analysis. I would suggest always allowing it to be sent. Most times you won't get anything back, but occasionally it'll point out the problem and will save you a lot of work. Also, quite often the first crash is also the only crash (as Windows will fix the problem when it reboots) - so there's no need to worry unless the crashes repeat themselves. If you can't get into Windows (either in normal or Safe Mode), then just post straight to the appopriate forum and we'll work from there.

Windows Vista: http://www.bleepingcomputer.com/forums/f/72/windows-vista/
Windows XP: http://www.bleepingcomputer.com/forums/f/56/windows-xp-home-and-professional/
Windows 2000: http://www.bleepingcomputer.com/forums/f/83/windows-nt200020032008/


Step 2: The next thing to do is to ensure that you're free of malware. Malware can get onto your system and corrupt your installed protection (and can cause system crashes), so I'd suggest you perform one of the free, online scans at this link: http://www.bleepingcomputer.com/blogs/usas...?showentry=1252

Step 3: Once that's over with, search your hard drive for files ending in .dmp There are several types that Windows saves:
1) A complete memory dump or a kernel memory dump - usually saved in the C:\Windows directory and named MEMORY.DMP
2) A small memory dump (AKA "minidump") - usually saved in the C:\Windows\Minidump directory. These are named Miniwwxxyy-zz.dmp - where the ww is the number of the month, the xx is the number of the day, the yy is the number of the year, and the zz is the number of the crash dump that day (ie: Mini070108-03.dmp is the 3rd minidump generated on July 1, 2008)

On some systems the directories where the dump files are stored are protected by being identified as Hidden and System files.
To show Hidden and System files in Windows Explorer, go to Start...All Programs...Accessories...Windows Explorer.
- Once opened, select the Tools...File Options menu item (in Vista you may have to press and hold the "Alt" key to view this menu).
- Then go to the View tab and check the box to "Show Hidden Files and Folders", and also uncheck "Hide Protected Operating System Files".
- You will get a dialog that asks you if you're sure you want to do this - click on "Yes" to allow the change
- Then click OK to the prompts to exit the dialog and you'll be able to view these hidden and system directories.
CAVEAT - these files are hidden for a reason - messing with some of them can cause problems with your system.

Step 4: Once you've located the memory dump file(s), then you'll have to get a debugger to analyze them. The one that I'm familiar with is the free Microsoft Debugging Tools for Windows. Download the version (32 or 64 bit) that's appropriate for the operating system that you'll be running the debugger on. Here's the link: http://www.microsoft.com/whdc/devtools/deb...ng/default.mspx

Once it's downloaded, double click on it to install it. Once it's installed, open the debugger by going to Start...All Programs...Debugging Tools For Windows...and click on WinDbg. Once you've opened the program, click on the File menu item, then on Symbol File Path.

Step 5: In the window that opens, insert the exact text on the next line in the Symbol File Path box (this is a critical step, if done incorrectly you'll end up with symbol errors):

SRV*c:\symbols*http://msdl.microsoft.com/download/symbols

It's easiest to copy it, then paste it into the box. Once that's done, click on OK to exit the dialog. Next, click on File...Save Workspace. This'll save the symbol path for future use.

NOTE: You MUST be connected to the internet to use the Symbol server listed above.

Step 6: Next, go to File...Open Crash Dump and browse to the location of the memory dump file and double click on it to load it into the Debugger. You may be prompted to save the workspace again - just answer "No" to it. A window will open and the dump file text will fill the debugging screen.

Here's an example of of an analysis report from a Minidump file (complete and kernel dumps are much larger):

Microsoft Windows Debugger Version 6.8.0004.0 AMD64
Copyright Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\FUBAR\Desktop\Mini070108-03.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt
Built by: 2600.xpsp_sp2_gdr.070227-2254
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805624a0
Debug session time: Tue Jul 1 16:28:22.439 2008 (GMT-4)
System Uptime: 0 days 0:04:00.921
Loading Kernel Symbols
..................................................................................................................................................
Loading User Symbols
Loading unloaded module list
.........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000008E, {c0000005, 84c64731, f4fecc3c, 0}



Probably caused by : Unknown_Image ( ANALYSIS_INCONCLUSIVE )

Followup: MachineOwner
---------


Step 7: The next step is to click on the !analyze -v link that's highlighted in blue in the above report. This will generate more information and will look something like this:

Microsoft Windows Debugger Version 6.8.0004.0 AMD64
Copyright Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\FUBAR\Desktop\Mini070108-03.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt
Built by: 2600.xpsp_sp2_gdr.070227-2254
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805624a0
Debug session time: Tue Jul 1 16:28:22.439 2008 (GMT-4)
System Uptime: 0 days 0:04:00.921
Loading Kernel Symbols
..................................................................................................................................................
Loading User Symbols
Loading unloaded module list
.........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000008E, {c0000005, 84c64731, f4fecc3c, 0}



Probably caused by : Unknown_Image ( ANALYSIS_INCONCLUSIVE )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************


KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 84c64731, The address that the exception occurred at
Arg3: f4fecc3c, Trap Frame
Arg4: 00000000

Debugging Details:
------------------




EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

FAULTING_IP:
+ffffffff84c64731
84c64731 ?? ???

TRAP_FRAME: f4fecc3c -- (.trap 0xfffffffff4fecc3c)
Unable to read trap frame at f4fecc3c

CUSTOMER_CRASH_COUNT: 3

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x8E

LAST_CONTROL_TRANSFER: from 00000000 to 84c64731

STACK_TEXT:
f4feccac 00000000 00000000 01790000 00000000 0x84c64731


STACK_COMMAND: .trap 0xfffffffff4fecc3c ; kb

SYMBOL_NAME: ANALYSIS_INCONCLUSIVE

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: Unknown_Module

IMAGE_NAME: Unknown_Image

DEBUG_FLR_IMAGE_TIMESTAMP: 0

FAILURE_BUCKET_ID: 0x8E_ANALYSIS_INCONCLUSIVE

BUCKET_ID: 0x8E_ANALYSIS_INCONCLUSIVE

Followup: MachineOwner
---------


Step 8: Once this is done, copy the text of the dump file analysis report. To do this, select the Edit menu item in the Debugging Tools window, then select Copy Window Text to Clipboard. Then return to Bleeping Computer and paste the information into your next post.

Step 9: If you haven't started a topic for your issue yet, you can start one at the appropriate link below. Please be sure and let us know the make and model of your system along with the symptoms that you're experiencing.

Windows Vista: http://www.bleepingcomputer.com/forums/f/72/windows-vista/
Windows XP: http://www.bleepingcomputer.com/forums/f/56/windows-xp-home-and-professional/
Windows 2000: http://www.bleepingcomputer.com/forums/f/83/windows-nt200020032008/


Edited by usasma, 19 October 2008 - 04:27 PM.

My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#3 jmillerdls

jmillerdls
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 19 October 2008 - 04:40 PM

I cut and pasted the symbol file path, but everytime I open one of the mini-dump file it says:

Your debugger is not using the correct symbols.

In order for this command to work properly, your symbol path
must point to .pdb files that full type information.

Certain .pdb files (such as the public OS symbols) do not
contain the required information. Contact the group that
provided you with these symbols if you need this command to
work.

Type referenced: nt !_KPRCB



Says this over and over..?

#4 jmillerdls

jmillerdls
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 19 October 2008 - 05:07 PM

Also says:

*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe

#5 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,077 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:03:22 PM

Posted 19 October 2008 - 05:37 PM

Are you sure that you're connected to the internet?
Open WinDbg, then go to File...Symbol File Path
Then ensure that the path is in the Window - and check the "Reload" box, then click on OK.
Then try the dump file again - even without the symbols the debugger should give you some useful information.
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#6 jmillerdls

jmillerdls
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 19 October 2008 - 05:50 PM

Definitely connected to the internet. The "Reload" box can't be clicked (it is greyed out). Not sure why.

I'll go ahead and paste everything to see if there is any useful info.




Microsoft ® Windows Debugger Version 6.9.0003.113 X86
Copyright © Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini101908-04.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805624a0
Debug session time: Sun Oct 19 15:47:10.531 2008 (GMT-5)
System Uptime: 0 days 0:34:07.204
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Loading Kernel Symbols
..............................................................................................................................................
Loading User Symbols
Loading unloaded module list
..........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 100000D1, {0, 1e, 0, 0}

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
Probably caused by : NDIS.sys ( NDIS!ndisMIsr+54 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 00000000, memory referenced
Arg2: 0000001e, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: 00000000, address which referenced memory

Debugging Details:
------------------

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************

MODULE_NAME: NDIS

FAULTING_MODULE: 804d7000 nt

DEBUG_FLR_IMAGE_TIMESTAMP: 41107ec3

READ_ADDRESS: unable to get nt!MmSpecialPoolStart
unable to get nt!MmSpecialPoolEnd
unable to get nt!MmPoolCodeStart
unable to get nt!MmPoolCodeEnd
00000000

CURRENT_IRQL: 1e

FAULTING_IP:
+0
00000000 ?? ???

CUSTOMER_CRASH_COUNT: 4

DEFAULT_BUCKET_ID: WRONG_SYMBOLS

BUGCHECK_STR: 0xD1

LAST_CONTROL_TRANSFER: from 804d976b to 00000000

FAILED_INSTRUCTION_ADDRESS:
+0
00000000 ?? ???

STACK_TEXT:
WARNING: Frame IP not in any known module. Following frames may be wrong.
80556350 804d976b 868d2470 868d244c 8735400c 0x0
8055636c f7666ec8 ffdff9c0 00000000 00000000 nt+0x276b
8055638c 804db746 86837008 018d2438 871df900 NDIS!ndisMIsr+0x54
00000000 00000000 00000000 00000000 00000000 nt+0x4746


STACK_COMMAND: kb

FOLLOWUP_IP:
NDIS!ndisMIsr+54
f7666ec8 84c0 test al,al

SYMBOL_STACK_INDEX: 2

SYMBOL_NAME: NDIS!ndisMIsr+54

FOLLOWUP_NAME: MachineOwner

IMAGE_NAME: NDIS.sys

BUCKET_ID: WRONG_SYMBOLS

Followup: MachineOwner
---------

#7 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,077 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:03:22 PM

Posted 19 October 2008 - 06:04 PM

As the errors are associated with NDIS.sys and you have issues getting the symbols (even though the path is correct) - I'd have to suggest downloading a new copy of your network drivers. Then uninstall your network software in Control Panel...Add/Remove Programs - then uninstall the network card itself in Device Manager. Once done, reboot and install the new copy of the drivers.

Try and run the debugger again to see if it recognizes the symbols then.
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#8 jmillerdls

jmillerdls
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 19 October 2008 - 06:42 PM

Uninstalled everything and restarted and still get the exact same problem (Your debugger is not using the correct symbols). Don't suppose I could just send a copy of the actual minidump file to someone that is able to get the symbols to work? Really desperate to fix this issue.

#9 jmillerdls

jmillerdls
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 19 October 2008 - 07:03 PM

I tried something that seems strange. When I click "Open Crash Dump" in WinDbg and then browse to my minidump folder, there are quite a few listed. I had been trying to open the files from the last few days (the ones that keep giving the errors listed above). In the browse window, the file names are written in black text. However, there are files in the folder that are from earlier this year (March), that have the file name in blue text. When I try one of those, it will work, and the symbols don't throw up an error.

Why won't it work on the files from the last few days?

#10 toxic888

toxic888

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:22 PM

Posted 19 October 2008 - 07:09 PM

i have the same problem with my sony VAIO laptop.
There must be something overheating (just because you know the temp. in a certain part of your comp doesnt mean it cant be hotter elsewhere).
Couldn't figure out what the problem was, however i noticed if i, for example, left it on my bed the computer would restart every 1-2 mins. I know this is the exact same error as other times when it restarts. ---> When i use it with a fan, it may restart once a week or so.

#11 jmillerdls

jmillerdls
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 19 October 2008 - 07:13 PM

Well, speedfan monitors the temp of specifically the CPU. Regardless, nothing has changed in regards to temp in the last few days, yet my computer restarts every 2 to 3 hours. It can happen when I've got the CPU usage up real high from doing lots of things at once, or when I'm sleeping and the computer is doing nothing and the CPU usage is virtually 0. Neither of these caused restarts a week ago.

#12 jmillerdls

jmillerdls
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 19 October 2008 - 07:29 PM

Just got back from my 6th crash of the day. They seem to be getting more and more frequent. Think XP had only been up for about 15 or 20 minutes since I restarted it (as suggested in this thread). Willing to do anything at this point...if anyone has any ideas.

#13 jmillerdls

jmillerdls
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 20 October 2008 - 09:39 PM

Any further advice here? Can't find help anywhere else with this problem...thought maybe I could get somewhere with it here.

#14 jmillerdls

jmillerdls
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 23 October 2008 - 02:30 AM

Is there any way for me to just attach the mini-dump file to this thread or something? I don't know why the really old mini-dump files open with the symbols fine but the recent ones don't. Maybe someone else could have better luck? Not sure how else to get help.

#15 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,077 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:03:22 PM

Posted 23 October 2008 - 11:28 AM

The minidump isn't the issue (we tried that in other threads). If you send the minidump, it'll just say the same thing - the symbols aren't correct. This is most likely due to a file corruption somewhere on your system - and in the cases that I've seen it's been caused by malware.

I would suggest a thorough scan for malware before proceeding any further. Use an independent scanner in case your onboard protection has been compromised. There's a list of some of the free one's here: http://www.bleepingcomputer.com/blogs/usas...?showentry=1252
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users