Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Freezes and BSOD


  • Please log in to reply
8 replies to this topic

#1 MihiAir

MihiAir

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 12 July 2009 - 04:51 AM

Hi, for the last few weeks my computer starts to freezes occasionally and so I formatted my computer 2 days ago. But today my computer starts to freezes again, but this time I see the blue screen. So my computer restarts and I press power up and it tries to boot up, but it keep failing to boot up and the computer keeps trying to reboot again like 2 times then finally boot up to window. When I boot up to window and try to open Firefox it also crashes, and my ATI control Center also have errors. So I was thinking of my graphics card problem. Then I read the the post on this site about diagnosing Blue Screen and I downloaded the Debugging Tools for Windows. When I try to install it tells me that cabinet file "dbg.cab" is corrupted and I click retry and it doesn't work. Right now I'm clueless what to do, I need some help. Thank You

My OS is Window XP Pro 32bits


This is the message I get when I install the Debugging Tools
Posted Image

Edited by MihiAir, 12 July 2009 - 05:05 AM.


BC AdBot (Login to Remove)

 


#2 Ravahan

Ravahan

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 12 July 2009 - 05:14 AM

What's the error number of the blue screen message? Should be 0x-something.

#3 hamluis

hamluis

    Moderator


  • Moderator
  • 56,284 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:09:48 AM

Posted 12 July 2009 - 09:57 AM

Is this the link you followed?

Help Diagnosing BSODs And Crashes (BC) - http://www.bleepingcomputer.com/forums/t/176011/how-to-receive-help-diagnosing-blue-screens-and-windows-crashes/

Louis

#4 MihiAir

MihiAir
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 12 July 2009 - 06:10 PM

Yes, I followed that guide, and the BSOD disappear very fast, so I couldn't see the error number.

#5 hamluis

hamluis

    Moderator


  • Moderator
  • 56,284 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:09:48 AM

Posted 12 July 2009 - 06:53 PM

Well...there's little anyone (IMO) can suggest, based on the info you haven't provided.

Louis

I'd try downloading that file and installing same again.

Edited by hamluis, 12 July 2009 - 06:53 PM.


#6 MihiAir

MihiAir
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 12 July 2009 - 08:21 PM

I re download the debugging tool and it install fine and here is the two blue screen minidump

minidump1

Microsoft ® Windows Debugger Version 6.11.0001.404 X86
Copyright © Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini071109-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 3) MP (4 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp3_qfe.090206-1316
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720
Debug session time: Sat Jul 11 22:43:52.593 2009 (GMT-7)
System Uptime: 0 days 8:27:48.899
Loading Kernel Symbols
...............................................................
................................................................
..
Loading User Symbols
Loading unloaded module list
.........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000000A, {0, 2, 1, 805226f8}

Probably caused by : memory_corruption ( nt!MiRemovePageByColor+66 )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 00000000, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: 805226f8, address which referenced memory

Debugging Details:
------------------


WRITE_ADDRESS: 00000000

CURRENT_IRQL: 2

FAULTING_IP:
nt!MiRemovePageByColor+66
805226f8 ff08 dec dword ptr [eax]

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0xA

PROCESS_NAME: firefox.exe

LAST_CONTROL_TRANSFER: from 80522a90 to 805226f8

STACK_TEXT:
997de7b4 80522a90 00000001 00000001 c002aca8 nt!MiRemovePageByColor+0x66
997de7d0 80514b0f c0600150 c002aca8 00000000 nt!MiRemoveZeroPage+0x8a
997de7e8 805205bd 05595000 c002aca8 88fed4a8 nt!MiResolveDemandZeroFault+0xc5
997de84c 80544588 00000001 05595000 00000001 nt!MmAccessFault+0xbeb
997de84c 04e9e6ff 00000001 05595000 00000001 nt!KiTrap0E+0xd0
WARNING: Frame IP not in any known module. Following frames may be wrong.
0012eec0 00000000 00000000 00000000 00000000 0x4e9e6ff


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!MiRemovePageByColor+66
805226f8 ff08 dec dword ptr [eax]

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: nt!MiRemovePageByColor+66

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

DEBUG_FLR_IMAGE_TIMESTAMP: 498c114b

IMAGE_NAME: memory_corruption

FAILURE_BUCKET_ID: 0xA_nt!MiRemovePageByColor+66

BUCKET_ID: 0xA_nt!MiRemovePageByColor+66

Followup: MachineOwner
---------


Minidump 2
Microsoft ® Windows Debugger Version 6.11.0001.404 X86
Copyright © Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini071209-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 3) MP (4 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp3_qfe.090206-1316
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720
Debug session time: Sun Jul 12 01:48:31.500 2009 (GMT-7)
System Uptime: 0 days 3:00:40.021
Loading Kernel Symbols
...............................................................
................................................................
.
Loading User Symbols
Loading unloaded module list
..........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000000A, {0, 2, 1, 805226f8}

Probably caused by : memory_corruption ( nt!MiRemovePageByColor+66 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 00000000, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: 805226f8, address which referenced memory

Debugging Details:
------------------


WRITE_ADDRESS: 00000000

CURRENT_IRQL: 2

FAULTING_IP:
nt!MiRemovePageByColor+66
805226f8 ff08 dec dword ptr [eax]

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0xA

PROCESS_NAME: StarCraft.exe

LAST_CONTROL_TRANSFER: from 80522c22 to 805226f8

STACK_TEXT:
90adcc38 80522c22 00000000 00000021 c0021600 nt!MiRemovePageByColor+0x66
90adcc50 80514b2f c0021600 00000000 00000000 nt!MiRemoveAnyPage+0xbc
90adcc68 80516573 042c001c c0021600 89bf2020 nt!MiResolveDemandZeroFault+0xe5
90adcce0 80520ae8 00000000 042c001c c0021600 nt!MiDispatchFault+0x145
90adcd4c 80544588 00000001 042c001c 00000001 nt!MmAccessFault+0x1116
90adcd4c 1501fde6 00000001 042c001c 00000001 nt!KiTrap0E+0xd0
WARNING: Frame IP not in any known module. Following frames may be wrong.
0012fd84 00000000 00000000 00000000 00000000 0x1501fde6


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!MiRemovePageByColor+66
805226f8 ff08 dec dword ptr [eax]

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: nt!MiRemovePageByColor+66

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

DEBUG_FLR_IMAGE_TIMESTAMP: 498c114b

IMAGE_NAME: memory_corruption

FAILURE_BUCKET_ID: 0xA_nt!MiRemovePageByColor+66

BUCKET_ID: 0xA_nt!MiRemovePageByColor+66

Followup: MachineOwner

---------


#7 hamluis

hamluis

    Moderator


  • Moderator
  • 56,284 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:09:48 AM

Posted 13 July 2009 - 08:43 AM

"0x0000000A: IRQL_NOT_LESS_OR_EQUAL
Typically due to a bad driver, or faulty or incompatible hardware or software. Use the General Troubleshooting of STOP Messages checklist above. Technically, this error condition means that a kernel-mode process or driver tried to access a memory location to which it did not have permission, or at a kernel Interrupt ReQuest Level (IRQL) that was too high. (A kernel-mode process can access only other processes that have an IRQL lower than, or equal to, its own.)"

Reference: http://aumha.org/a/stop.htm

I see that starcraft.exe and firefox have been pointed to...I see also that starcraft.exe is passed along via torrents by many.

Generally, I tend to be suspicious of any program acquired/installed from torrents, since they can be malware-infested.

On the surface, I suggest removing both firefox and starcraft...and reinstalling, since either/both employ drivers and can be the cause of the memory corruption or invalid access attempts noted in the error message.

Louis

#8 MihiAir

MihiAir
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 13 July 2009 - 06:00 PM

The starcraft, I download from blizzard site itself, because blizzard now can let you download the game if you have put a cd key in their battlenet account.

For the firefox yesterday I google around for firefox 3.5 crashes, it seem like the new 3.5 is having problem with crashes randomly. A lot of people is experiencing the same thing, right now I convert back to the older version.

Also I reinstalled my ATI driver, because when the system reboot after the crash it pop up an error window, and yesterday a message show up at my bottom of my screen saying system32 files corrupted. I was trying to screen shot it and trying to save the screen shot in paint. When I try to save it, it say error in saving and some file corrupted.

#9 MihiAir

MihiAir
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 15 July 2009 - 03:22 AM

I just got another Blue Screen and here is the debugging analysis

Microsoft ® Windows Debugger Version 6.11.0001.404 X86
Copyright © Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini071509-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 3) MP (4 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp3_qfe.090206-1316
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720
Debug session time: Wed Jul 15 01:06:23.750 2009 (GMT-7)
System Uptime: 0 days 15:05:34.690
Loading Kernel Symbols
...............................................................
................................................................
..
Loading User Symbols
Loading unloaded module list
...........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1A, {4128a, 6adbf201, 8279b824, c0883000}

Probably caused by : memory_corruption ( nt!MiSwapWslEntries+191 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

MEMORY_MANAGEMENT (1a)
# Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 0004128a, The subtype of the bugcheck.
Arg2: 6adbf201
Arg3: 8279b824
Arg4: c0883000

Debugging Details:
------------------


BUGCHECK_STR: 0x1a_4128a

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

PROCESS_NAME: avgnsx.exe

LAST_CONTROL_TRANSFER: from 8052365f to 804f9f43

STACK_TEXT:
9ee13c54 8052365f 0000001a 0004128a 6adbf201 nt!KeBugCheckEx+0x1b
9ee13c88 80506182 000000c4 00000009 c0883000 nt!MiSwapWslEntries+0x191
9ee13cb8 805062d8 89a91db8 000000c4 e1d27301 nt!MiAddWsleHash+0x1d6
9ee13cf4 80520b65 89a91db8 00461c08 00000000 nt!MiGrowWsleHash+0x11c
9ee13d4c 80544588 00000008 00461c08 00000001 nt!MmAccessFault+0x1193
9ee13d4c 00461c08 00000008 00461c08 00000001 nt!KiTrap0E+0xd0
WARNING: Frame IP not in any known module. Following frames may be wrong.
00effdec 00000000 00000000 00000000 00000000 0x461c08


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!MiSwapWslEntries+191
8052365f f6451401 test byte ptr [ebp+14h],1

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: nt!MiSwapWslEntries+191

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

DEBUG_FLR_IMAGE_TIMESTAMP: 498c114b

IMAGE_NAME: memory_corruption

FAILURE_BUCKET_ID: 0x1a_4128a_nt!MiSwapWslEntries+191

BUCKET_ID: 0x1a_4128a_nt!MiSwapWslEntries+191

Followup: MachineOwner
---------




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users