Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AVHook+1e4e and PCTAV.exe CTD errors


  • Please log in to reply
2 replies to this topic

#1 CrisGer

CrisGer

  • Members
  • 306 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Colorado and California
  • Local time:11:39 PM

Posted 18 April 2009 - 05:25 PM

Hello

I am having repeated crash to desktop and restarts due to a AVHook driver and it claims there is a PCTAV.exe somewhere or that is the source..l...and there are other error causes as well...see logs below...

I had PC tools for a while but took it off last year...but i just recently started having these repeated craashes and scanning the net found other ppl had errors from similar driver

I can't find the AVHook driver in the Sys32 driver folder or anywhere, i searched for it and will keep looking

can anyone help:?

here is the error log from the crash dumps..


Microsoft ® Windows Debugger Version 6.9.0003.113 X86
Copyright © Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini121508-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_gdr.070227-2254
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805533a0
Debug session time: Tue Dec 16 00:54:00.218 2008 (GMT-6)
System Uptime: 1 days 11:39:19.870
Loading Kernel Symbols
...................................................................................................................................................
Loading User Symbols
Loading unloaded module list
......................................
Unable to load image AVHook.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for AVHook.sys
*** ERROR: Module load completed but symbols could not be loaded for AVHook.sys
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000000A, {b0, 2, 0, 804ee24b}

Probably caused by : AVHook.sys ( AVHook+1e4e )

Followup: MachineOwner
---------

kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 000000b0, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: 804ee24b, address which referenced memory

Debugging Details:
------------------


READ_ADDRESS: 000000b0

CURRENT_IRQL: 2

FAULTING_IP:
nt!IoDetachDevice+27
804ee24b 8b80b0000000 mov eax,dword ptr [eax+0B0h]

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0xA

PROCESS_NAME: PCTAV.exe

LAST_CONTROL_TRANSFER: from f12e1e4e to 804ee24b

STACK_TEXT:
b6791008 f12e1e4e 885846d0 8a65bad0 8a2f7bb8 nt!IoDetachDevice+0x27
WARNING: Stack unwind information not available. Following frames may be wrong.
b6791090 804edfe3 88800690 8a65bac0 8a65bac0 AVHook+0x1e4e
b67910a0 80577672 8a638320 8a275e44 b6791248 nt!IopfCallDriver+0x31
b6791180 805b390a 8a638338 00000000 8a275da0 nt!IopParseDevice+0xa12
b6791208 805afdeb 00000000 b6791248 00000040 nt!ObpLookupObjectName+0x56a
b679125c 8056a3b1 00000000 00000000 00000001 nt!ObOpenObjectByName+0xeb
b67912d8 8056ad28 0012cb9c 00100001 0012cb40 nt!IopCreateFile+0x407
b6791334 8056e50f 0012cb9c 00100001 0012cb40 nt!IoCreateFile+0x8e
b6791374 8053ca28 0012cb9c 00100001 0012cb40 nt!NtOpenFile+0x27
b6791374 7c90eb94 0012cb9c 00100001 0012cb40 nt!KiFastCallEntry+0xf8
0012ce0c 00000000 00000000 00000000 00000000 0x7c90eb94


STACK_COMMAND: kb

FOLLOWUP_IP:
AVHook+1e4e
f12e1e4e ?? ???

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: AVHook+1e4e

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: AVHook

IMAGE_NAME: AVHook.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 452c4918

FAILURE_BUCKET_ID: 0xA_AVHook+1e4e

BUCKET_ID: 0xA_AVHook+1e4e

Followup: MachineOwner
---------

kd> lmvm AVHook
start end module name
f12e0000 f12ea000 AVHook T (no symbols)
Loaded symbol image file: AVHook.sys
Image path: AVHook.sys
Image name: AVHook.sys
Timestamp: Tue Oct 10 19:30:00 2006 (452C4918)
CheckSum: 0001482D
ImageSize: 0000A000
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0

the error before that (this last one was about 2 hours ago) was caused by :


Microsoft ® Windows Debugger Version 6.9.0003.113 X86
Copyright © Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini103108-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_gdr.070227-2254
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805533a0
Debug session time: Fri Oct 31 18:51:55.593 2008 (GMT-6)
System Uptime: 0 days 7:00:47.220
Loading Kernel Symbols
...............................................................................................................................................
Loading User Symbols
Loading unloaded module list
.........................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 9C, {4, 805461f0, b2000000, 70f0f}

Probably caused by : Unknown_Image ( ANALYSIS_INCONCLUSIVE )

Followup: MachineOwner
---------

kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

MACHINE_CHECK_EXCEPTION (9c)
A fatal Machine Check Exception has occurred.
KeBugCheckEx parameters;
x86 Processors
If the processor has ONLY MCE feature available (For example Intel
Pentium), the parameters are:
1 - Low 32 bits of P5_MC_TYPE MSR
2 - Address of MCA_EXCEPTION structure
3 - High 32 bits of P5_MC_ADDR MSR
4 - Low 32 bits of P5_MC_ADDR MSR
If the processor also has MCA feature available (For example Intel
Pentium Pro), the parameters are:
1 - Bank number
2 - Address of MCA_EXCEPTION structure
3 - High 32 bits of MCi_STATUS MSR for the MCA bank that had the error
4 - Low 32 bits of MCi_STATUS MSR for the MCA bank that had the error
IA64 Processors
1 - Bugcheck Type
1 - MCA_ASSERT
2 - MCA_GET_STATEINFO
SAL returned an error for SAL_GET_STATEINFO while processing MCA.
3 - MCA_CLEAR_STATEINFO
SAL returned an error for SAL_CLEAR_STATEINFO while processing MCA.
4 - MCA_FATAL
FW reported a fatal MCA.
5 - MCA_NONFATAL
SAL reported a recoverable MCA and we don't support currently
support recovery or SAL generated an MCA and then couldn't
produce an error record.
0xB - INIT_ASSERT
0xC - INIT_GET_STATEINFO
SAL returned an error for SAL_GET_STATEINFO while processing INIT event.
0xD - INIT_CLEAR_STATEINFO
SAL returned an error for SAL_CLEAR_STATEINFO while processing INIT event.
0xE - INIT_FATAL
Not used.
2 - Address of log
3 - Size of log
4 - Error code in the case of x_GET_STATEINFO or x_CLEAR_STATEINFO
AMD64 Processors
1 - Bank number
2 - Address of MCA_EXCEPTION structure
3 - High 32 bits of MCi_STATUS MSR for the MCA bank that had the error
4 - Low 32 bits of MCi_STATUS MSR for the MCA bank that had the error
Arguments:
Arg1: 00000004
Arg2: 805461f0
Arg3: b2000000
Arg4: 00070f0f

Debugging Details:
------------------

NOTE: This is a hardware error. This error was reported by the CPU
via Interrupt 18. This analysis will provide more information about
the specific error. Please contact the manufacturer for additional
information about this error and troubleshooting assistance.

This error is documented in the following publication:

- Bios and Kernel Developers Guid for AMD Athlon® 64 and AMD Opteron® Processors
Bit Mask:

MA Model Specific MCA
O ID Other Information Error Code Error Code
VV SDP ___________|____________ _______|_______ _______|______
AEUECRC| | | |
LRCNVVC| | | |
^^^^^^^| | | |
6 5 4 3 2 1
3210987654321098765432109876543210987654321098765432109876543210
----------------------------------------------------------------
1011001000000000000000000000000000000000000001110000111100001111


VAL - MCi_STATUS register is valid
Indicates that the information contained within the IA32_MCi_STATUS
register is valid. When this flag is set, the processor follows the
rules given for the OVER flag in the IA32_MCi_STATUS register when
overwriting previously valid entries. The processor sets the VAL
flag and software is responsible for clearing it.

UC - Error Uncorrected
Indicates that the processor did not or was not able to correct the
error condition. When clear, this flag indicates that the processor
was able to correct the error condition.

EN - Error Enabled
Indicates that the error was enabled by the associated EEj bit of the
IA32_MCi_CTL register.

PCC - Processor Context Corrupt
Indicates that the state of the processor might have been corrupted
by the error condition detected and that reliable restarting of the
processor may not be possible.

BUSCONNERR - Bus and Interconnect Error BUS{LL}_{PP}_{RRRR}_{II}_{T}_err
These errors match the format 0000 1PPT RRRR IILL



Concatenated Error Code:
--------------------------
_VAL_UC_EN_PCC_BUSCONNERR_30F

This error code can be reported back to the manufacturer.
They may be able to provide additional information based upon
this error. All questions regarding STOP 0x9C should be
directed to the hardware manufacturer.

BUGCHECK_STR: 0x9C_AuthenticAMD

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

PROCESS_NAME: Idle

LAST_CONTROL_TRANSFER: from 806d38df to 804f8aef

STACK_TEXT:
805461c8 806d38df 0000009c 00000004 805461f0 nt!KeBugCheckEx+0x1b
805462f4 806cec2e 80042000 00000000 00000000 hal!HalpMcaExceptionHandler+0xdd
805462f4 00000000 80042000 00000000 00000000 hal!HalpMcaExceptionHandlerWrapper+0x46


STACK_COMMAND: kb

SYMBOL_NAME: ANALYSIS_INCONCLUSIVE

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: Unknown_Module

IMAGE_NAME: Unknown_Image

DEBUG_FLR_IMAGE_TIMESTAMP: 0

FAILURE_BUCKET_ID: 0x9C_AuthenticAMD_ANALYSIS_INCONCLUSIVE

BUCKET_ID: 0x9C_AuthenticAMD_ANALYSIS_INCONCLUSIVE

Followup: MachineOwner
---------

kd> lmvm Unknown_Module
start end module name
kd> lmvm Unknown_Module
start end module name

tne one before that ....


Microsoft ® Windows Debugger Version 6.9.0003.113 X86
Copyright © Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini101508-05.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_gdr.070227-2254
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805533a0
Debug session time: Wed Oct 15 23:14:05.140 2008 (GMT-6)
System Uptime: 0 days 0:04:15.775
Loading Kernel Symbols
.........................................................................................................................................................
Loading User Symbols
Loading unloaded module list
.........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck C2, {7, cd4, 695f, 85117ea8}

*** WARNING: Unable to verify timestamp for FILTNT.SYS
*** ERROR: Module load completed but symbols could not be loaded for FILTNT.SYS
GetUlongFromAddress: unable to read from 8055b8f0
*** WARNING: Unable to verify timestamp for AVFilter.sys
*** ERROR: Module load completed but symbols could not be loaded for AVFilter.sys
*** WARNING: Unable to verify timestamp for PROTECT.DLL
*** ERROR: Module load completed but symbols could not be loaded for PROTECT.DLL
*** WARNING: Unable to verify timestamp for MAILFILT.DLL
*** ERROR: Module load completed but symbols could not be loaded for MAILFILT.DLL
*** WARNING: Unable to verify timestamp for ADBLOCK.DLL
*** ERROR: Module load completed but symbols could not be loaded for ADBLOCK.DLL
*** WARNING: Unable to verify timestamp for HTTPFILT.DLL
*** ERROR: Module load completed but symbols could not be loaded for HTTPFILT.DLL
*** WARNING: Unable to verify timestamp for atksgt.sys
*** ERROR: Module load completed but symbols could not be loaded for atksgt.sys
*** WARNING: Unable to verify timestamp for nv4_disp.dll
*** ERROR: Module load completed but symbols could not be loaded for nv4_disp.dll
*** WARNING: Unable to verify timestamp for ATMFD.DLL
*** ERROR: Module load completed but symbols could not be loaded for ATMFD.DLL
*** WARNING: Unable to verify timestamp for dump_SI3112r.sys
*** ERROR: Module load completed but symbols could not be loaded for dump_SI3112r.sys
*** WARNING: Unable to verify timestamp for NNTPFILT.DLL
*** ERROR: Module load completed but symbols could not be loaded for NNTPFILT.DLL
*** WARNING: Unable to verify timestamp for IMAPFILT.DLL
*** ERROR: Module load completed but symbols could not be loaded for IMAPFILT.DLL
*** WARNING: Unable to verify timestamp for AVRec.sys
*** ERROR: Module load completed but symbols could not be loaded for AVRec.sys
*** WARNING: Unable to verify timestamp for FTPFILT.DLL
*** ERROR: Module load completed but symbols could not be loaded for FTPFILT.DLL
*** WARNING: Unable to verify timestamp for POP3FILT.DLL
*** ERROR: Module load completed but symbols could not be loaded for POP3FILT.DLL
*** WARNING: Unable to verify timestamp for HTMLFILT.DLL
*** ERROR: Module load completed but symbols could not be loaded for HTMLFILT.DLL
*** WARNING: Unable to verify timestamp for tandpl.sys
*** ERROR: Module load completed but symbols could not be loaded for tandpl.sys
*** WARNING: Unable to verify timestamp for DNSCACHE.DLL
*** ERROR: Module load completed but symbols could not be loaded for DNSCACHE.DLL
*** WARNING: Unable to verify timestamp for lirsgt.sys
*** ERROR: Module load completed but symbols could not be loaded for lirsgt.sys
*** WARNING: Unable to verify timestamp for ACEDRV05.sys
*** ERROR: Module load completed but symbols could not be loaded for ACEDRV05.sys
*** WARNING: Unable to verify timestamp for ctac32k.sys
*** ERROR: Module load completed but symbols could not be loaded for ctac32k.sys
*** WARNING: Unable to verify timestamp for ctsfm2k.sys
*** ERROR: Module load completed but symbols could not be loaded for ctsfm2k.sys
*** WARNING: Unable to verify timestamp for X4HSX32.Sys
*** ERROR: Module load completed but symbols could not be loaded for X4HSX32.Sys
*** WARNING: Unable to verify timestamp for emupia2k.sys
*** ERROR: Module load completed but symbols could not be loaded for emupia2k.sys
*** WARNING: Unable to verify timestamp for ha10kx2k.sys
*** ERROR: Module load completed but symbols could not be loaded for ha10kx2k.sys
*** WARNING: Unable to verify timestamp for hap16v2k.sys
*** ERROR: Module load completed but symbols could not be loaded for hap16v2k.sys
*** WARNING: Unable to verify timestamp for AVHook.sys
*** ERROR: Module load completed but symbols could not be loaded for AVHook.sys
*** WARNING: Unable to verify timestamp for azdyrgs4.SYS
*** ERROR: Module load completed but symbols could not be loaded for azdyrgs4.SYS
*** WARNING: Unable to verify timestamp for yk51x86.sys
*** ERROR: Module load completed but symbols could not be loaded for yk51x86.sys
*** WARNING: Unable to verify timestamp for ctoss2k.sys
*** ERROR: Module load completed but symbols could not be loaded for ctoss2k.sys
*** WARNING: Unable to verify timestamp for ctaud2k.sys
*** ERROR: Module load completed but symbols could not be loaded for ctaud2k.sys
*** WARNING: Unable to verify timestamp for nv4_mini.sys
*** ERROR: Module load completed but symbols could not be loaded for nv4_mini.sys
*** WARNING: Unable to verify timestamp for SI3112r.sys
*** ERROR: Module load completed but symbols could not be loaded for SI3112r.sys
*** WARNING: Unable to verify timestamp for nvatabus.sys
*** ERROR: Module load completed but symbols could not be loaded for nvatabus.sys
*** WARNING: Unable to verify timestamp for sptd.sys
*** ERROR: Module load completed but symbols could not be loaded for sptd.sys
*** WARNING: Unable to verify timestamp for si3112.sys
*** ERROR: Module load completed but symbols could not be loaded for si3112.sys
*** WARNING: Unable to verify timestamp for drmk.sys
*** ERROR: Module load completed but symbols could not be loaded for drmk.sys
*** WARNING: Unable to verify timestamp for nv_agp.sys
*** ERROR: Module load completed but symbols could not be loaded for nv_agp.sys
*** WARNING: Unable to verify timestamp for ctprxy2k.sys
*** ERROR: Module load completed but symbols could not be loaded for ctprxy2k.sys
*** WARNING: Unable to verify timestamp for SiWinAcc.sys
*** ERROR: Module load completed but symbols could not be loaded for SiWinAcc.sys
*** WARNING: Unable to verify timestamp for enodpl.sys
*** ERROR: Module load completed but symbols could not be loaded for enodpl.sys
*** WARNING: Unable to verify timestamp for mchInjDrv.sys
*** ERROR: Module load completed but symbols could not be loaded for mchInjDrv.sys
*** WARNING: Unable to verify timestamp for CONTENT.DLL
*** ERROR: Module load completed but symbols could not be loaded for CONTENT.DLL
Probably caused by : FILTNT.SYS ( FILTNT+264e )

Followup: MachineOwner
---------

kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

BAD_POOL_CALLER (c2)
The current thread is making a bad pool request. Typically this is at a bad IRQL level or double freeing the same allocation, etc.
Arguments:
Arg1: 00000007, Attempt to free pool which was already freed
Arg2: 00000cd4, (reserved)
Arg3: 0000695f, Memory contents of the pool block
Arg4: 85117ea8, Address of the block of pool being deallocated

Debugging Details:
------------------

GetUlongFromAddress: unable to read from 8055b8f0

POOL_ADDRESS: 85117ea8

BUGCHECK_STR: 0xc2_7

CUSTOMER_CRASH_COUNT: 5

DEFAULT_BUCKET_ID: COMMON_SYSTEM_FAULT

PROCESS_NAME: iexplore.exe

LAST_CONTROL_TRANSFER: from 80543e86 to 804f8aef

STACK_TEXT:
bacbf8d0 80543e86 000000c2 00000007 00000cd4 nt!KeBugCheckEx+0x1b
bacbf920 edc6cd86 85117ea8 00000000 852b1594 nt!ExFreePoolWithTag+0x2a0
bacbf944 edc74286 00117ea8 852b1590 bacbf9c8 tcpip!CloseRCE+0x100
bacbf968 edc77ee3 072b1590 bacbf900 bacbf99c tcpip!CloseTCB+0x107
bacbf978 edc77ec7 852b1590 00000040 bacbf900 tcpip!TryToCloseTCB+0x38
bacbf99c edc73fe7 bacbf900 00000000 00000002 tcpip!TdiDisconnect+0x205
bacbf9e8 edc72bcf 85116cd8 00000000 85116d6c tcpip!TCPDisconnect+0xfd
bacbfa04 804edfe3 85355030 85116cd8 85116d90 tcpip!TCPDispatchInternalDeviceControl+0x14d
bacbfa14 edc4164e 868f8310 8534e268 00000000 nt!IopfCallDriver+0x31
WARNING: Stack unwind information not available. Following frames may be wrong.
bacbfa5c 804edfe3 853535b8 85116cd8 85116cd8 FILTNT+0x264e
bacbfa6c edbe3c59 bacbfac8 868f82f0 85121008 nt!IopfCallDriver+0x31
bacbfa90 edbe3deb 853535b8 851a1b30 bacbfc90 afd!AfdBeginAbort+0x1f3
bacbfb00 edbd68aa 851a1b30 0001202b 09c67101 afd!AfdPartialDisconnect+0x230
bacbfc50 805748d7 851a1b30 00000001 01d3fb54 afd!AfdFastIoDeviceControl+0x9a
bacbfd00 8056d5ba 00000694 00000350 00000000 nt!IopXxxControlFile+0x261
bacbfd34 8053ca28 00000694 00000350 00000000 nt!NtDeviceIoControlFile+0x2a
bacbfd34 7c90eb94 00000694 00000350 00000000 nt!KiFastCallEntry+0xf8
01d3fba8 00000000 00000000 00000000 00000000 0x7c90eb94


STACK_COMMAND: kb

FOLLOWUP_IP:
FILTNT+264e
edc4164e ?? ???

SYMBOL_STACK_INDEX: 9

SYMBOL_NAME: FILTNT+264e

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: FILTNT

IMAGE_NAME: FILTNT.SYS

DEBUG_FLR_IMAGE_TIMESTAMP: 3d09df6b

FAILURE_BUCKET_ID: 0xc2_7_FILTNT+264e

BUCKET_ID: 0xc2_7_FILTNT+264e

Followup: MachineOwner
---------

kd> lmvm FILTNT
start end module name
edc3f000 edc53f20 FILTNT T (no symbols)
Loaded symbol image file: FILTNT.SYS
Image path: FILTNT.SYS
Image name: FILTNT.SYS
Timestamp: Fri Jun 14 06:19:55 2002 (3D09DF6B)
CheckSum: 00018F2E
ImageSize: 00014F20
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0

and the one before that....



Microsoft ® Windows Debugger Version 6.9.0003.113 X86
Copyright © Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini101508-04.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_gdr.070227-2254
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805533a0
Debug session time: Wed Oct 15 23:09:03.890 2008 (GMT-6)
System Uptime: 0 days 0:03:58.530
Loading Kernel Symbols
.........................................................................................................................................................
Loading User Symbols
Loading unloaded module list
.........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck C2, {7, cd4, 68f7, 851a6ec8}

GetUlongFromAddress: unable to read from 8055b8f0
*** WARNING: Unable to verify timestamp for AVFilter.sys
*** ERROR: Module load completed but symbols could not be loaded for AVFilter.sys
*** WARNING: Unable to verify timestamp for atksgt.sys
*** ERROR: Module load completed but symbols could not be loaded for atksgt.sys
*** WARNING: Unable to verify timestamp for PROTECT.DLL
*** ERROR: Module load completed but symbols could not be loaded for PROTECT.DLL
*** WARNING: Unable to verify timestamp for MAILFILT.DLL
*** ERROR: Module load completed but symbols could not be loaded for MAILFILT.DLL
*** WARNING: Unable to verify timestamp for ADBLOCK.DLL
*** ERROR: Module load completed but symbols could not be loaded for ADBLOCK.DLL
*** WARNING: Unable to verify timestamp for HTTPFILT.DLL
*** ERROR: Module load completed but symbols could not be loaded for HTTPFILT.DLL
*** WARNING: Unable to verify timestamp for nv4_disp.dll
*** ERROR: Module load completed but symbols could not be loaded for nv4_disp.dll
*** WARNING: Unable to verify timestamp for ATMFD.DLL
*** ERROR: Module load completed but symbols could not be loaded for ATMFD.DLL
*** WARNING: Unable to verify timestamp for dump_SI3112r.sys
*** ERROR: Module load completed but symbols could not be loaded for dump_SI3112r.sys
*** WARNING: Unable to verify timestamp for FILTNT.SYS
*** ERROR: Module load completed but symbols could not be loaded for FILTNT.SYS
*** WARNING: Unable to verify timestamp for mchInjDrv.sys
*** ERROR: Module load completed but symbols could not be loaded for mchInjDrv.sys
*** WARNING: Unable to verify timestamp for tandpl.sys
*** ERROR: Module load completed but symbols could not be loaded for tandpl.sys
*** WARNING: Unable to verify timestamp for CONTENT.DLL
*** ERROR: Module load completed but symbols could not be loaded for CONTENT.DLL
*** WARNING: Unable to verify timestamp for AVRec.sys
*** ERROR: Module load completed but symbols could not be loaded for AVRec.sys
*** WARNING: Unable to verify timestamp for lirsgt.sys
*** ERROR: Module load completed but symbols could not be loaded for lirsgt.sys
*** WARNING: Unable to verify timestamp for enodpl.sys
*** ERROR: Module load completed but symbols could not be loaded for enodpl.sys
*** WARNING: Unable to verify timestamp for HTMLFILT.DLL
*** ERROR: Module load completed but symbols could not be loaded for HTMLFILT.DLL
*** WARNING: Unable to verify timestamp for DNSCACHE.DLL
*** ERROR: Module load completed but symbols could not be loaded for DNSCACHE.DLL
*** WARNING: Unable to verify timestamp for ACEDRV05.sys
*** ERROR: Module load completed but symbols could not be loaded for ACEDRV05.sys
*** WARNING: Unable to verify timestamp for ctac32k.sys
*** ERROR: Module load completed but symbols could not be loaded for ctac32k.sys
*** WARNING: Unable to verify timestamp for ctsfm2k.sys
*** ERROR: Module load completed but symbols could not be loaded for ctsfm2k.sys
*** WARNING: Unable to verify timestamp for emupia2k.sys
*** ERROR: Module load completed but symbols could not be loaded for emupia2k.sys
*** WARNING: Unable to verify timestamp for ha10kx2k.sys
*** ERROR: Module load completed but symbols could not be loaded for ha10kx2k.sys
*** WARNING: Unable to verify timestamp for hap16v2k.sys
*** ERROR: Module load completed but symbols could not be loaded for hap16v2k.sys
*** WARNING: Unable to verify timestamp for AVHook.sys
*** ERROR: Module load completed but symbols could not be loaded for AVHook.sys
*** WARNING: Unable to verify timestamp for aasbni80.SYS
*** ERROR: Module load completed but symbols could not be loaded for aasbni80.SYS
*** WARNING: Unable to verify timestamp for yk51x86.sys
*** ERROR: Module load completed but symbols could not be loaded for yk51x86.sys
*** WARNING: Unable to verify timestamp for ctoss2k.sys
*** ERROR: Module load completed but symbols could not be loaded for ctoss2k.sys
*** WARNING: Unable to verify timestamp for ctaud2k.sys
*** ERROR: Module load completed but symbols could not be loaded for ctaud2k.sys
*** WARNING: Unable to verify timestamp for nv4_mini.sys
*** ERROR: Module load completed but symbols could not be loaded for nv4_mini.sys
*** WARNING: Unable to verify timestamp for SI3112r.sys
*** ERROR: Module load completed but symbols could not be loaded for SI3112r.sys
*** WARNING: Unable to verify timestamp for nvatabus.sys
*** ERROR: Module load completed but symbols could not be loaded for nvatabus.sys
*** WARNING: Unable to verify timestamp for sptd.sys
*** ERROR: Module load completed but symbols could not be loaded for sptd.sys
*** WARNING: Unable to verify timestamp for si3112.sys
*** ERROR: Module load completed but symbols could not be loaded for si3112.sys
*** WARNING: Unable to verify timestamp for drmk.sys
*** ERROR: Module load completed but symbols could not be loaded for drmk.sys
*** WARNING: Unable to verify timestamp for nv_agp.sys
*** ERROR: Module load completed but symbols could not be loaded for nv_agp.sys
*** WARNING: Unable to verify timestamp for X4HSX32.Sys
*** ERROR: Module load completed but symbols could not be loaded for X4HSX32.Sys
*** WARNING: Unable to verify timestamp for ctprxy2k.sys
*** ERROR: Module load completed but symbols could not be loaded for ctprxy2k.sys
*** WARNING: Unable to verify timestamp for SiWinAcc.sys
*** ERROR: Module load completed but symbols could not be loaded for SiWinAcc.sys
*** WARNING: Unable to verify timestamp for POP3FILT.DLL
*** ERROR: Module load completed but symbols could not be loaded for POP3FILT.DLL
*** WARNING: Unable to verify timestamp for FTPFILT.DLL
*** ERROR: Module load completed but symbols could not be loaded for FTPFILT.DLL
*** WARNING: Unable to verify timestamp for IMAPFILT.DLL
*** ERROR: Module load completed but symbols could not be loaded for IMAPFILT.DLL
*** WARNING: Unable to verify timestamp for NNTPFILT.DLL
*** ERROR: Module load completed but symbols could not be loaded for NNTPFILT.DLL
GetUlongFromAddress: unable to read from 8055b8f0
Probably caused by : ntkrnlpa.exe ( nt!ExFreePoolWithTag+2a0 )

Followup: MachineOwner
---------

kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

BAD_POOL_CALLER (c2)
The current thread is making a bad pool request. Typically this is at a bad IRQL level or double freeing the same allocation, etc.
Arguments:
Arg1: 00000007, Attempt to free pool which was already freed
Arg2: 00000cd4, (reserved)
Arg3: 000068f7, Memory contents of the pool block
Arg4: 851a6ec8, Address of the block of pool being deallocated

Debugging Details:
------------------

GetUlongFromAddress: unable to read from 8055b8f0
GetUlongFromAddress: unable to read from 8055b8f0

POOL_ADDRESS: 851a6ec8

BUGCHECK_STR: 0xc2_7

CUSTOMER_CRASH_COUNT: 4

DEFAULT_BUCKET_ID: COMMON_SYSTEM_FAULT

PROCESS_NAME: System

LAST_CONTROL_TRANSFER: from 80543e86 to 804f8aef

STACK_TEXT:
f7ae3c54 80543e86 000000c2 00000007 00000cd4 nt!KeBugCheckEx+0x1b
f7ae3ca4 80544277 851a6ec8 00000000 f7ae3cc0 nt!ExFreePoolWithTag+0x2a0
f7ae3cb4 f72727bb 851a6ec8 f7ae3cdc f7270481 nt!ExFreePool+0xf
f7ae3cc0 f7270481 f728fe20 851a6ec8 00000000 Ntfs!ExFreeToPagedLookasideList+0x1e
f7ae3cdc f7270666 851a6ec8 00000001 00000000 Ntfs!NtfsCleanupIrpContext+0x10d
f7ae3cf4 f729a414 851a6ec8 00000000 00000000 Ntfs!NtfsCompleteRequest+0x35
f7ae3d74 80533fe6 00000000 00000000 86600b30 Ntfs!NtfsFspClose+0x1a5
f7ae3dac 805c4cce 00000000 00000000 00000000 nt!ExpWorkerThread+0x100
f7ae3ddc 805411c2 80533ee6 80000000 00000000 nt!PspSystemThreadStartup+0x34
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!ExFreePoolWithTag+2a0
80543e86 8b45f8 mov eax,dword ptr [ebp-8]

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: nt!ExFreePoolWithTag+2a0

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntkrnlpa.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 45e53f9c

FAILURE_BUCKET_ID: 0xc2_7_nt!ExFreePoolWithTag+2a0

BUCKET_ID: 0xc2_7_nt!ExFreePoolWithTag+2a0

Followup: MachineOwner
---------

kd> lmvm nt
start end module name
804d7000 806cd580 nt # (pdb symbols) c:\symbols\ntkrnlpa.pdb\F612363DB38C423CB08559DDBCA9F2F71\ntkrnlpa.pdb
Loaded symbol image file: ntkrnlpa.exe
Mapped memory image file: c:\symbols\ntkrnlpa.exe\45E53F9C1f6580\ntkrnlpa.exe
Image path: ntkrnlpa.exe
Image name: ntkrnlpa.exe
Timestamp: Wed Feb 28 01:38:52 2007 (45E53F9C)
CheckSum: 00200031
ImageSize: 001F6580
File version: 5.1.2600.3093
Product version: 5.1.2600.3093
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 1.0 App
File date: 00000000.00000000
Translations: 0411.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: ntkrnlpa.exe
OriginalFilename: ntkrnlpa.exe
ProductVersion: 5.1.2600.3093
FileVersion: 5.1.2600.3093 (xpsp_sp2_gdr.070227-2254)
FileDescription: NT Kernel & System
LegalCopyright: © Microsoft Corporation. All rights reserved.

there were more but these were the four most recent...

i am not running a lot of stuff, was on line browsing or chatting and downloading some files at times.....

i have cleaned up my system as much as possible, ran Anti Malware Antimalwareebytes and nad Avira anti virus on the system until last week, ...i thoiught maybe it was causing the crashes...i also had Spybot and i delted that just now to see if that would help.

any suggestions most welcome :thumbsup:

I was having crash problems last year and it looked like bad memory so i replaced all the memory and added 2 more GB of RAM so i have 3 GB now, and 400 GB HD , AMD 3400 2.4 Ghz with FX 7600 and Audigy 2ZS.....XP Pro SP2

the crashes are a bit weird as the computer keeps running but the screen goes black after the blue screen or sometimws without it....the monitor wont turn off....unless i unplug it, even tho the computer is unplugged. I have had to pull the power on the system to get it to re start. Then it takes a while for it to come on, i hear it trying to restart for about a minute and then it boots up.

Edited by CrisGer, 18 April 2009 - 05:51 PM.

Game Researcher and Designer
http://3dworldandgamedevelopers.blogspot.com//
Admin
3D Worlds and Game Developers Group Linkedin

BC AdBot (Login to Remove)

 


#2 CrisGer

CrisGer
  • Topic Starter

  • Members
  • 306 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Colorado and California
  • Local time:11:39 PM

Posted 21 April 2009 - 11:32 PM

hello and follow up

my tech was able to do a system restore using the CD for XP and all data was saved. something had destroyed a number of critical files, i suspect it was a beta version of Second Life which i had been studying but realized on reading around on the net that a number of people have had systems affected negatviely by the poor design of that program.

anyway, things seem to be back to normal now and i am getting a back up HD :thumbsup:

thanks
Game Researcher and Designer
http://3dworldandgamedevelopers.blogspot.com//
Admin
3D Worlds and Game Developers Group Linkedin

#3 hamluis

hamluis

    Moderator


  • Moderator
  • 56,541 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:12:39 AM

Posted 23 April 2009 - 07:03 PM

Feedback appreciated, happy computing :thumbsup:.

Louis




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users