Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BSOD and intelppm.sys


  • Please log in to reply
13 replies to this topic

#1 NvrBst

NvrBst

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:39 AM

Posted 25 January 2010 - 06:38 PM

Basically right now I disabled the intelppm.sys driver and everything seems fine. I'm wondering what implications this has, does this mean I should change the CPU or maybe the power supply, or safe to just ignore it? I read via google that this driver probably controls memory management but the source is iffy. I'll put the details of the problem below:


--Generic information--
Age: ~4 years old
OS: Windows XP Pro SP3
CPU: Intel Pentium 4 2.60Ghz
Motherboard: p4s800

--Various BSOD screen information--
IRQL_NOT_LESS_OR_EQUAL
STOP: 0x0000000A, 0x000000D1, etc
Mentioned drivers: atapi.sys, win32k.sys, NDIS.sys, sisnic.sys, etc


Computer was running fine up to about two week ago when I bought a new computer and moved this one out of the way so I could set both up on the desk. I thought maybe while doing this I bumped the old computer but I don't remember being rough. The same day the old computer automatically restarted twice which I found weird because I didn't install any new hardware (other than a usb keyboard/mouse, but it was using usb keyboard/mouse before), and I usually left the old comptuer on for months without it restarting on me.

I thought it might be a heating issue because it was right beside the new comptuer so I moved it so they were a few inches away from each other and it still automatically restarted about once a day. I was mainly focused on the new computer so kind of ignored the old.

A few days later I started looking into the old computer and pretty much any extended network or cpu task I threw at it had a high chance (~10%) to cause a BSOD (after I turned auto restart off). There was no extra info in the event viewer that I could see (not warning or error ones anyway). I did notice that in safe mode EDIT: \w networking there was absolutely no problems so I simply ran it in safe mode EDIT: \w networking for about a week to confirm. Things I tested:

Network Card: I had a gigabit dlink NIC which was corrupting any file over 200MB I copied to the old computer from a network computer. I took out the dlink and switched it to the onboard SiS 900 NIC card which BSOD instead of corrupting.

Mouse/Keyboard: Switched to the old ones just to be sure.

Hard Disk: I reinstall a clean version of windows pro sp3 on two separate IDE HD's. I unpluged other HDD so only one was in at any given moment.

RAM: I have two 265MB ram sticks so tried with only 1 in at a time. I also ran memtest86 for a few hours which reported no errors.

Video Card: I don't have a separate one I could test, so I simply disabled the video card from device manager.

DVD Roms: I kept them unpluged for the majority of the time.

Cleaning: I thought maybe there were dust bunnies causing heat problems so I cleaned the inside with compressed air.

All these tasks resulted in the same problem (either corrupted 7z files while copying with dlink NIC, or BSOD while coping with SiS900 NIC, even when idle with MSN up for ~2 hours it'd eventually BSOD) while in normal mode. In safe mode EDIT: \w networking everything was fine with both NIC cards and there was no BSOD. Only result was that the fans were much more quite after the cleaning ;). Also I will mention I reinstalled a clean windows ~4 times on various HDDs and one time it restarted during the windows install (after the product key request, near the "registering start menu items..." portion); I'm hoping this was caused by the intelppm.sys driver (is it loaded by that stage?).

Eventually after compiling a list of loaded drivers in normal vs safe mode EDIT: \w networking I started disabling a few at a time untill I could copy with SiS 900 NIC card without BSOD and found that the intelppm.sys (processor) driver was the one that was not loaded in safe mode EDIT: \w networking but loaded in normal mode and caused the problems.


Sorry for the wall of text. I'm certain the intelppm.sys driver was loaded before my new computer and never caused any problems for the ~4 years I was using the computer. Would anyone be able to suggest how I fix intelppm.sys, or help with any of the other questions I asked in the initial paragraph?

Also if I need to re-install windows xp on this machine in the future is there a better way to install (aka disable this driver before it starts installing), or do I just install normally until I get to desktop (as it seems, at the moment anyway, it usually can get that far before restarting)?

Many thanks.

Edited by NvrBst, 25 January 2010 - 06:50 PM.


BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 56,124 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:11:39 AM

Posted 25 January 2010 - 07:00 PM

Well...my guess is...if you have multiple types of BSODs that point to differing files...you have a number of problems, not just one.

I suggest that you do a search of your system for any .dmp files. Let's concern ourselves with the last three.

Then...follow the procedures detailed at Help Diagnosing BSODs And Crashes (BC) - http://www.bleepingcomputer.com/forums/t/176011/how-to-receive-help-diagnosing-blue-screens-and-windows-crashes/

Louis

#3 NvrBst

NvrBst
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:39 AM

Posted 25 January 2010 - 07:33 PM

Thank you, I am new to bleeping computer and didn't see that topic. There are only "Minidump" files on my computer, and 20 of them. I started at 20 and went to 14 so that I could get 3 which listed different 'probably caused by''s. Note that this re-install only ever had the SiS 900 NIC card and never the dlink, and all of them were caused by copying from network computer to this computer. I'd have to switch to the other IDE to get dlink or ones caused while doing other tasks. Tell me if these are not enough and I can switch IDEs tonight when I get home.

Note also, since disabling the intelppm.sys driver, I've re-enabled all other drivers (including video) I haven't had any problems (restarts, corrupt files etc), but to be fair it only has been about 24 hours, but the week of running safe mode /w networking that had no problems might count (computer was on 24/7 and I had mIRC chatting / MSN up).

Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini012410-20.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows XP Kernel Version 2600 (Service Pack 3) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp3_gdr.090804-1435
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805634c0
Debug session time: Sun Jan 24 23:44:54.468 2010 (GMT-8)
System Uptime: 0 days 0:02:02.031
Loading Kernel Symbols
...............................................................
................................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
*																			 *
*						Bugcheck Analysis									*
*																			 *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 100000D1, {fffffffc, 2, 0, f839cbfa}

Unable to load image sisnicxp.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for sisnicxp.sys
*** ERROR: Module load completed but symbols could not be loaded for sisnicxp.sys
Probably caused by : sisnicxp.sys ( sisnicxp+1432 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*																			 *
*						Bugcheck Analysis									*
*																			 *
*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: fffffffc, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: f839cbfa, address which referenced memory

Debugging Details:
------------------


READ_ADDRESS:  fffffffc 

CURRENT_IRQL:  2

FAULTING_IP: 
NDIS!ndisMSendCompleteX+57
f839cbfa 8b02			mov	 eax,dword ptr [edx]

CUSTOMER_CRASH_COUNT:  20

DEFAULT_BUCKET_ID:  COMMON_SYSTEM_FAULT

BUGCHECK_STR:  0xD1

PROCESS_NAME:  Idle

LAST_CONTROL_TRANSFER:  from f82a7b69 to f839cbfa

STACK_TEXT:  
80557374 f82a7b69 819ce4f0 818ff058 00000000 NDIS!ndisMSendCompleteX+0x57
80557394 f839ec1b 81af8ab0 018ff058 00000000 psched!ClSendComplete+0x67
805573b4 f8856432 81a5e5f0 81a28ce0 00000000 NDIS!ndisMSendCompleteSG+0x111
WARNING: Stack unwind information not available. Following frames may be wrong.
805573d8 f8859790 81acc7a0 818ff058 818cbaf0 sisnicxp+0x1432
80557428 804dcd22 8193f700 8193f6ec 00000000 sisnicxp+0x4790
80557450 804dcc07 00000000 0000000e 00000000 nt!KiRetireDpcList+0x61
80557454 00000000 0000000e 00000000 00000000 nt!KiIdleLoop+0x28


STACK_COMMAND:  kb

FOLLOWUP_IP: 
sisnicxp+1432
f8856432 ??			  ???

SYMBOL_STACK_INDEX:  3

SYMBOL_NAME:  sisnicxp+1432

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: sisnicxp

IMAGE_NAME:  sisnicxp.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  43f18eb0

FAILURE_BUCKET_ID:  0xD1_sisnicxp+1432

BUCKET_ID:  0xD1_sisnicxp+1432

Followup: MachineOwner
---------



Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini012410-19.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows XP Kernel Version 2600 (Service Pack 3) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp3_gdr.090804-1435
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805634c0
Debug session time: Sun Jan 24 23:11:13.546 2010 (GMT-8)
System Uptime: 0 days 0:00:40.234
Loading Kernel Symbols
...............................................................
................................................
Loading User Symbols
Loading unloaded module list
.........
*******************************************************************************
*																			 *
*						Bugcheck Analysis									*
*																			 *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 100000D1, {10, 5, 0, f847dd26}

Probably caused by : atapi.sys ( atapi!IdeGetSrbData+12 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*																			 *
*						Bugcheck Analysis									*
*																			 *
*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 00000010, memory referenced
Arg2: 00000005, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: f847dd26, address which referenced memory

Debugging Details:
------------------


READ_ADDRESS:  00000010 

CURRENT_IRQL:  5

FAULTING_IP: 
atapi!IdeGetSrbData+12
f847dd26 8b4010		  mov	 eax,dword ptr [eax+10h]

CUSTOMER_CRASH_COUNT:  19

DEFAULT_BUCKET_ID:  COMMON_SYSTEM_FAULT

BUGCHECK_STR:  0xD1

PROCESS_NAME:  Idle

LAST_CONTROL_TRANSFER:  from f8481889 to f847dd26

STACK_TEXT:  
80557344 f8481889 00000000 81943544 80557388 atapi!IdeGetSrbData+0x12
80557354 f847a7b2 81943544 00000004 8239f9c8 atapi!IdeLogBmStatus+0xf
80557388 f847d696 503ce370 8239fc2c 80557450 atapi!AtapiInterrupt+0x102
8055739c 804db90f 8239f9c8 823ce030 00010005 atapi!IdePortInterrupt+0x18
8055739c f8617162 8239f9c8 823ce030 00010005 nt!KiInterruptDispatch+0x45
80557450 804dcbef 00000000 0000000e 00000000 intelppm!AcpiC1Idle+0x12
80557454 00000000 0000000e 00000000 00000000 nt!KiIdleLoop+0x10


STACK_COMMAND:  kb

FOLLOWUP_IP: 
atapi!IdeGetSrbData+12
f847dd26 8b4010		  mov	 eax,dword ptr [eax+10h]

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  atapi!IdeGetSrbData+12

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: atapi

IMAGE_NAME:  atapi.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4802539d

FAILURE_BUCKET_ID:  0xD1_atapi!IdeGetSrbData+12

BUCKET_ID:  0xD1_atapi!IdeGetSrbData+12

Followup: MachineOwner
---------


WinDbg:6.11.0001.404 X86
Failure when opening dump file 'C:\WINDOWS\Minidump\Mini012410-18.dmp', HRESULT 0x80004005
It may be corrupt or in a format not understoon by the debugger.

Unspecified error

OK

17/16 Are the "Unspecified error" too
15 is atapi.sys
14 is sisnic.sys


Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini012410-13.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows XP Kernel Version 2600 (Service Pack 3) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp3_gdr.090804-1435
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805634c0
Debug session time: Sun Jan 24 21:50:33.656 2010 (GMT-8)
System Uptime: 0 days 0:07:13.359
Loading Kernel Symbols
...............................................................
................................................
Loading User Symbols
Loading unloaded module list
..........
*******************************************************************************
*																			 *
*						Bugcheck Analysis									*
*																			 *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000000A, {4a6, ff, 1, 804e5607}

Unable to load image m4cxw2k3.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for m4cxw2k3.sys
*** ERROR: Module load completed but symbols could not be loaded for m4cxw2k3.sys
Probably caused by : m4cxw2k3.sys ( m4cxw2k3+f462 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*																			 *
*						Bugcheck Analysis									*
*																			 *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 000004a6, memory referenced
Arg2: 000000ff, IRQL
Arg3: 00000001, bitfield :
	bit 0 : value 0 = read operation, 1 = write operation
	bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: 804e5607, address which referenced memory

Debugging Details:
------------------


WRITE_ADDRESS:  000004a6 

CURRENT_IRQL:  ff

FAULTING_IP: 
nt!ExfInterlockedInsertTailList+7
804e5607 f00fba2e00	  lock bts dword ptr [esi],0

CUSTOMER_CRASH_COUNT:  13

DEFAULT_BUCKET_ID:  COMMON_SYSTEM_FAULT

BUGCHECK_STR:  0xA

PROCESS_NAME:  Idle

LAST_CONTROL_TRANSFER:  from f838b175 to 804e5607

STACK_TEXT:  
80557320 f838b175 000004a6 80557364 f810e462 nt!ExfInterlockedInsertTailList+0x7
8055732c f810e462 0000049e 820cf5fc 000004a6 NDIS!NdisInterlockedInsertTailList+0x14
WARNING: Stack unwind information not available. Following frames may be wrong.
80557364 f810e7d1 822a7b48 820410fc 820cf5fc m4cxw2k3+0xf462
805573b0 f810882d 82041004 010410fc 00000001 m4cxw2k3+0xf7d1
80557404 f8109691 00041004 80557428 f839fe99 m4cxw2k3+0x982d
80557410 f839fe99 82041004 80561f20 ffdff9c0 m4cxw2k3+0xa691
80557428 804dcd22 82041094 82041080 00000000 NDIS!ndisMDpcX+0x21
80557440 80561cc0 ffdffc50 00000000 80561cc0 nt!KiRetireDpcList+0x61
80557450 804dcc07 00000000 0000000e 00000000 nt!KiIdleThread0
80557454 00000000 0000000e 00000000 00000000 nt!KiIdleLoop+0x28


STACK_COMMAND:  kb

FOLLOWUP_IP: 
m4cxw2k3+f462
f810e462 ??			  ???

SYMBOL_STACK_INDEX:  2

SYMBOL_NAME:  m4cxw2k3+f462

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: m4cxw2k3

IMAGE_NAME:  m4cxw2k3.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  45d4212c

FAILURE_BUCKET_ID:  0xA_m4cxw2k3+f462

BUCKET_ID:  0xA_m4cxw2k3+f462

Followup: MachineOwner
---------


EDIT: I opened the remaining 12 on this IDE HD and listed the 'probably caused by' portion. If you want to see any of these I can post anytime.

Mini012410-12.dmp - win32k.sys
Mini012410-11.dmp - netbt.sys
Mini012410-10&9&8&5&3&2&1.dmp - atapi.sys
Mini012410-7&6.dmp - Unspecified error
Mini012410-4.dmp - ACPI.sys

Edited by NvrBst, 25 January 2010 - 07:47 PM.


#4 hamluis

hamluis

    Moderator


  • Moderator
  • 56,124 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:11:39 AM

Posted 25 January 2010 - 09:29 PM

SYMBOL_NAME: sisnicxp+1432: Onboard ethernet driver, probably damaged.

IMAGE_NAME: atapi.sys: Possble malware, possible damaged system file.

SYMBOL_NAME: m4cxw2k3+f462: Possible D-Link ethernet driver.

FWIW: I don't see anything that would lead me to believe that the intelppm.sys file...is an item of concern, so I'm curious how you formulated that opinion.

I would, as a first step, uninstall all of the above. Then, I would reinstall the networking drivers which I am using.

Remove Unused Drivers and Devices - http://www.windowsnetworking.com/kbase/Win...andDevices.html

I would also run the chkdsk /r command on the C: partition, after removing unused/unwanted.

Louis

#5 NvrBst

NvrBst
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:39 AM

Posted 26 January 2010 - 12:11 AM

Ahh I must of had dlink on with this re-install then. Here are the three other different logs if you are able to tell what other problems I should look at... There are more different ones too I remember but I have to reconnect my other IDE HDD to get them.


Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini012410-12.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows XP Kernel Version 2600 (Service Pack 3) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp3_gdr.090804-1435
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805634c0
Debug session time: Sun Jan 24 21:32:14.421 2010 (GMT-8)
System Uptime: 0 days 0:03:00.125
Loading Kernel Symbols
...............................................................
.........................................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
*																			 *
*						Bugcheck Analysis									*
*																			 *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000008E, {c0000005, bf816b40, ef433b50, 0}

Probably caused by : win32k.sys ( win32k!xxxInternalDoPaint+18 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*																			 *
*						Bugcheck Analysis									*
*																			 *
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003.  This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG.  This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG.  This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: bf816b40, The address that the exception occurred at
Arg3: ef433b50, Trap Frame
Arg4: 00000000

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

FAULTING_IP: 
win32k!xxxInternalDoPaint+18
bf816b40 397e08		  cmp	 dword ptr [esi+8],edi

TRAP_FRAME:  ef433b50 -- (.trap 0xffffffffef433b50)
ErrCode = 00000000
eax=1647f600 ebx=e21354e0 ecx=000025ff edx=00000000 esi=1647f600 edi=e21354e0
eip=bf816b40 esp=ef433bc4 ebp=ef433bd8 iopl=0		 nv up ei pl nz na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000			 efl=00010206
win32k!xxxInternalDoPaint+0x18:
bf816b40 397e08		  cmp	 dword ptr [esi+8],edi ds:0023:1647f608=????????
Resetting default scope

CUSTOMER_CRASH_COUNT:  12

DEFAULT_BUCKET_ID:  COMMON_SYSTEM_FAULT

BUGCHECK_STR:  0x8E

PROCESS_NAME:  explorer.exe

LAST_CONTROL_TRANSFER:  from bf816b21 to bf816b40

STACK_TEXT:  
ef433bd8 bf816b21 1647f600 e21354e0 e21354e0 win32k!xxxInternalDoPaint+0x18
ef433bfc bf816b21 bf80d2aa e21354e0 e21354e0 win32k!xxxInternalDoPaint+0x68
ef433c20 bf816b21 bc658ff0 e21354e0 e21354e0 win32k!xxxInternalDoPaint+0x68
ef433c44 bf816b21 bc656a68 e21354e0 e21354e0 win32k!xxxInternalDoPaint+0x68
ef433c68 bf816b21 bc64d5f8 e21354e0 00000220 win32k!xxxInternalDoPaint+0x68
ef433c8c bf816c20 bc6306e8 e21354e0 00000220 win32k!xxxInternalDoPaint+0x68
ef433ca8 bf801ae8 00000000 ef433d14 ef433d64 win32k!xxxDoPaint+0x66
ef433ce8 bf8036df ef433d14 000025ff 00000000 win32k!xxxRealInternalGetMessage+0x39a
ef433d48 804dd99f 020afcd8 00000000 00000000 win32k!NtUserPeekMessage+0x40
ef433d48 7c90e514 020afcd8 00000000 00000000 nt!KiFastCallEntry+0xfc
WARNING: Frame IP not in any known module. Following frames may be wrong.
020afc84 00000000 00000000 00000000 00000000 0x7c90e514


STACK_COMMAND:  kb

FOLLOWUP_IP: 
win32k!xxxInternalDoPaint+18
bf816b40 397e08		  cmp	 dword ptr [esi+8],edi

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  win32k!xxxInternalDoPaint+18

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: win32k

IMAGE_NAME:  win32k.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4a8564c7

FAILURE_BUCKET_ID:  0x8E_win32k!xxxInternalDoPaint+18

BUCKET_ID:  0x8E_win32k!xxxInternalDoPaint+18

Followup: MachineOwner
---------

Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini012410-11.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows XP Kernel Version 2600 (Service Pack 3) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp3_gdr.090804-1435
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805634c0
Debug session time: Sun Jan 24 21:28:05.156 2010 (GMT-8)
System Uptime: 0 days 0:32:11.731
Loading Kernel Symbols
...............................................................
......................................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
*																			 *
*						Bugcheck Analysis									*
*																			 *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 100000C5, {4, 2, 1, 805515a1}

Probably caused by : netbt.sys ( netbt!NTSend+1e1 )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
*																			 *
*						Bugcheck Analysis									*
*																			 *
*******************************************************************************

DRIVER_CORRUPTED_EXPOOL (c5)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is
caused by drivers that have corrupted the system pool.  Run the driver
verifier against any new (or suspect) drivers, and if that doesn't turn up
the culprit, then use gflags to enable special pool.
Arguments:
Arg1: 00000004, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, value 0 = read operation, 1 = write operation
Arg4: 805515a1, address which referenced memory

Debugging Details:
------------------


BUGCHECK_STR:  0xC5_2

CURRENT_IRQL:  2

FAULTING_IP: 
nt!ExAllocatePoolWithTag+66a
805515a1 894804		  mov	 dword ptr [eax+4],ecx

CUSTOMER_CRASH_COUNT:  11

DEFAULT_BUCKET_ID:  COMMON_SYSTEM_FAULT

PROCESS_NAME:  explorer.exe

LAST_CONTROL_TRANSFER:  from 804f3c99 to 805515a1

STACK_TEXT:  
eeaac5b0 804f3c99 00000000 00000001 79694354 nt!ExAllocatePoolWithTag+0x66a
eeaac5cc f802a122 00000000 00000014 79694354 nt!ExAllocatePoolWithTagPriority+0x58
eeaac700 f802eb07 f8068b98 81dbefa8 81dbef40 tcpip!IPTransmit+0x1470
eeaac76c f802ed35 67491b2f 0000f000 81f38800 tcpip!TCPSend+0x5d8
eeaac794 f802e4a5 00000001 00000000 0000f000 tcpip!TdiSend+0x1c7
eeaac7c8 f800014a 81f38790 81fed6e4 81f38824 tcpip!TCPSendData+0x83
eeaac7f4 f7fffa11 82012500 81f38790 822fa384 netbt!NTSend+0x1e1
eeaac80c 804e13d9 82012500 81f38824 81f38790 netbt!NbtDispatchInternalCtrl+0x12f
eeaac81c f7f8e141 eeaac85c f7f8da4b 82012500 nt!IopfCallDriver+0x31
eeaac824 f7f8da4b 82012500 81f38790 822feeb0 rdbss!RxCeSubmitAsynchronousTdiRequest+0x28
eeaac85c f7f971b4 822fa384 822fa3ac 8224ed54 rdbss!RxTdiSend+0x1ca
eeaac8b8 f7f18b79 8224ed88 00000000 81f9b684 rdbss!RxCeSend+0x74
eeaac8e0 f7ef5ad0 8224ed38 81f9c7b8 81f9b398 mrxsmb!VctTranceive+0x66
eeaac924 f7f1ad7a 00f9b398 00000000 81f9b684 mrxsmb!SmbCeTranceive+0x233
eeaac960 f7f1d8f2 00000000 0000002c f7f1d592 mrxsmb!SmbPseOrdinaryExchange+0x18e
eeaac9b0 f7f1ac04 01f9b398 822cb2e0 eeaac9e4 mrxsmb!SmbPseExchangeStart_Write+0x1e3
eeaac9c0 f7f1905f 81f9b398 80701940 f7f14940 mrxsmb!SmbPseExchangeStart_default+0x12
eeaac9e4 f7f1d410 81f9c7b8 822cb360 822cb2e0 mrxsmb!SmbCeInitiateExchange+0x287
eeaaca24 f7f975b3 822cb2e0 e19d1b10 f7f95a78 mrxsmb!MRxSmbWrite+0x309
eeaaca4c f7f9b302 012cb2e0 f7f9b321 00000000 rdbss!RxLowIoSubmit+0x1c3
eeaaca6c f7f9ba5b 822cb2e0 f7f9b40d 822cb2e0 rdbss!RxLowIoWriteShell+0x77
eeaacb90 f7f8cd51 822cb2e0 82330820 f7f958a8 rdbss!RxCommonWrite+0x116f
eeaacc28 f7f96cc2 f7f958a8 82033c04 82033c78 rdbss!RxFsdCommonDispatch+0x353
eeaacc50 f7f18317 81ff9030 82033c04 82330820 rdbss!RxFsdDispatch+0xda
eeaacc70 804e13d9 00000000 01033c08 80701410 mrxsmb!MRxSmbFsdDispatch+0x134
eeaacc80 8057087c 82033c78 00000000 82033c08 nt!IopfCallDriver+0x31
eeaacc94 8057fb39 81ff9030 82033c08 82330820 nt!IopSynchronousServiceTail+0x70
eeaacd38 804dd99f 000007b0 00000000 00000000 nt!NtWriteFile+0x5d7
eeaacd38 7c90e514 000007b0 00000000 00000000 nt!KiFastCallEntry+0xfc
WARNING: Frame IP not in any known module. Following frames may be wrong.
0266e0e8 00000000 00000000 00000000 00000000 0x7c90e514


STACK_COMMAND:  kb

FOLLOWUP_IP: 
netbt!NTSend+1e1
f800014a 6a00			push	0

SYMBOL_STACK_INDEX:  6

SYMBOL_NAME:  netbt!NTSend+1e1

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: netbt

IMAGE_NAME:  netbt.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  48025d1b

FAILURE_BUCKET_ID:  0xC5_2_netbt!NTSend+1e1

BUCKET_ID:  0xC5_2_netbt!NTSend+1e1

Followup: MachineOwner
---------

Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini012410-04.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows XP Kernel Version 2600 (Service Pack 3) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp3_gdr.090804-1435
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805634c0
Debug session time: Sun Jan 24 00:36:03.656 2010 (GMT-8)
System Uptime: 0 days 0:05:37.354
Loading Kernel Symbols
...............................................................
..........................................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
*																			 *
*						Bugcheck Analysis									*
*																			 *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 100000D1, {ec8b55ff, a, 0, ec8b55ff}

Probably caused by : ACPI.sys ( ACPI!ACPIReadGpeStatusRegister+10 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*																			 *
*						Bugcheck Analysis									*
*																			 *
*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: ec8b55ff, memory referenced
Arg2: 0000000a, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: ec8b55ff, address which referenced memory

Debugging Details:
------------------


READ_ADDRESS:  ec8b55ff 

CURRENT_IRQL:  a

FAULTING_IP: 
+44
ec8b55ff ??			  ???

CUSTOMER_CRASH_COUNT:  4

DEFAULT_BUCKET_ID:  COMMON_SYSTEM_FAULT

BUGCHECK_STR:  0xD1

PROCESS_NAME:  Idle

LAST_CONTROL_TRANSFER:  from 80557364 to ec8b55ff

FAILED_INSTRUCTION_ADDRESS: 
+44
ec8b55ff ??			  ???

STACK_TEXT:  
WARNING: Frame IP not in any known module. Following frames may be wrong.
80557350 80557364 f8500ba4 00000006 00000002 0xec8b55ff
80557354 f8500ba4 00000006 00000002 8055738c nt!KiDoubleFaultStack+0x2c64
80557364 f84efd78 00000002 823ccb74 f84f1334 ACPI!ACPIReadGpeStatusRegister+0x10
80557370 f84f1334 823cc910 823ccb74 823cc914 ACPI!ACPIGpeIsEvent+0x14
8055738c 804db746 823cc910 823a9d98 0044706c ACPI!ACPIInterruptServiceRoutine+0x16
805573a4 804db6e6 00000000 805573c0 804db6f3 nt!KiChainedDispatch2ndLvl+0x44
805573a4 00000000 00000000 805573c0 804db6f3 nt!KiChainedDispatch+0x1c


STACK_COMMAND:  kb

FOLLOWUP_IP: 
ACPI!ACPIReadGpeStatusRegister+10
f8500ba4 5d			  pop	 ebp

SYMBOL_STACK_INDEX:  2

SYMBOL_NAME:  ACPI!ACPIReadGpeStatusRegister+10

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: ACPI

IMAGE_NAME:  ACPI.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  480252b1

FAILURE_BUCKET_ID:  0xD1_CODE_AV_BAD_IP_ACPI!ACPIReadGpeStatusRegister+10

BUCKET_ID:  0xD1_CODE_AV_BAD_IP_ACPI!ACPIReadGpeStatusRegister+10

Followup: MachineOwner
---------



Reason I guessed intelppm.sys is because the computer works great in safe mode. I used DriveView to make a text file of all the loaded drivers (in both safe mode /w networking and normal boot I had at the time). I then used winmerge to compare the lists and noticed about 15 driver files different between the two. I then disabled the ones that I knew were easy "audio card, serial port, parallel port, game port" and tested. It still BSOD when copy files with SiS 900. The list was now down to about 6 files and intelppm.sys I choose to try next.

So I disabled intelppm.sys and I was then able to copy large files from old computer to new computer via network with no BSOM (task that was impossible before using the SiS 900 NIC). I then re-enabled everything else (cdroms, video card, etc) and restarted. The computer has been running normally ever since.

I did try to do a checkdisk before on C:\ (Right click C:\, Properties, Tools, Error-checking, Check Now..., Automatically fix file system errors, Scan for and attempt recovery of bad secords). It then restarted and started checkdisking, however, constaly restarted and was never able to finish checkdisk.


When you say "reinstall the networking drivers which i am using" what do you mean? Would you like me to use the SiS 900 NIC card or the Dlink DGE 530T?

I uninstalled the greyed out "D-Link DGE 530T" driver, but the SiS 900-Based PCI is still there (non-greyed). I ran checkdisk and there was no errors, but this is with "intelppm.sys" disabled.

I enabled the intelppm.sys (with the greyed out d-link driver uninstalled), but it is unable to finish checkdisk (it gets about 2-5 mins in before rebooting, and I am forced to press esc to skip chkdsk, and disable the intelppm.sys driver again so that system doesn't randomly reboot).

Any extra info needed?

#6 hamluis

hamluis

    Moderator


  • Moderator
  • 56,124 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:11:39 AM

Posted 26 January 2010 - 09:55 AM

<<I did try to do a checkdisk before on C:\ (Right click C:\, Properties, Tools, Error-checking, Check Now..., Automatically fix file system errors, Scan for and attempt recovery of bad secords). It then restarted and started checkdisking, however, constaly restarted and was never able to finish checkdisk.>>

That, to me...is an indication of either a file system (NTFS) problem or a hard drive problem. Chkdsk /r can navigate through any file problems it encounters...but it cannot overcome some problems with the file system and/or the hard drive itself.

Louis

#7 NvrBst

NvrBst
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:39 AM

Posted 26 January 2010 - 02:11 PM

I've tried on two separate hard drives thinking something similar to that, and both drives showed the same problem. Also remember the checkdisk runs fine with "Volume is clean" if I run with intelppm.sys disabled, and that both drives had a brand new clean windows installed.

To me I believe that there is a hardware problem somewhere but I tried ruling out as much as I could and believe it has to be either the motherboard, cpu or power-supply. Mainly because there are so many different BSOD's, and because the intelppm.sys was working fine before for almost 4 years.

Main thing I'm wondering is what the intelppm.sys is, and if it is safe to work with it disabled, or do I definably need to replace something hardware-wise (and maybe which one I should replace). For example is intelppm.sys trying to prevent damage to the cpu, and me disabling it is the wrong approach.

To be honest I don't think I'd replace the cpu or motherboard, so if it is either of those I'd probably just use as is and not do anything important with the computer (let is burn out on it's own), if it is a high chance of being the power-supply then I wouldn't mind spending 40$ to buy a cheap one to replace. If intelppm.sys is not important though, and shouldn't harm anything having it off then I don't need to buy anything :thumbsup:

If you think I should run other tests though I'm also up for that, I'm fairly confidant it can't be a software problem though, and unsure how to narrow down the problem when I think it is between motherboard/psu/cpu (without having a spare I can swap-in). Maybe you know how to narrow down further?

#8 hamluis

hamluis

    Moderator


  • Moderator
  • 56,124 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:11:39 AM

Posted 26 January 2010 - 02:48 PM

Well...I don't really see where anyone tells me exactly what this file is. Lots of speculation on what it might be...but nothing that would make me single it out as a cause, without any verification via .dmp files. I don't recall seeing it mentioned in a single one of those .dmp files.

You keep mentioning chkdsk running...there would be no chkdsk to run on a drive which did not have an O/S installed. Running chkdsk on a bare drive or a drive which does not have an O/S on it...would prove nothing, other than possibly pointing to the premises I hold.

<<I reinstall a clean version of windows pro sp3 on two separate IDE HD's. I unpluged other HDD so only one was in at any given moment.>>

<<All these tasks resulted in the same problem (either corrupted 7z files while copying with dlink NIC, or BSOD while coping with SiS900 NIC,>>

In that case, the only constant is hardware...since a clean install produces pristine O/S files.

Did you replace the CMOS battery on this system...ever? If not, you might as well try that.

CMOS Battery Replacement - http://www.liverepair.com/encyclopedia/art...cmosreplace.asp. Ignore instructions to write down settings, this is no longer necessary.

Louis

#9 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:04:39 PM

Posted 26 January 2010 - 03:31 PM

Have you applied all the system updates like drivers and what not? I would make sure you have all the drivers updated then go from there. Your errors refer to driver issues related with your hardware.

#10 NvrBst

NvrBst
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:39 AM

Posted 26 January 2010 - 04:52 PM

Yup. With all 3 OS installs (original, clean on HDD 1, clean on HDD2), I've updated windows with all the high priority things. Windows update only states drivers for the monitor are not installed, but pretty much everything else is unplugged (extra HDDs, CDRoms, Spare NIC Cards), so there shouldn't be many/any drivers other than LAN. The BSOD occurs before windows update and after (also as stated above, it even occurred once while windows was installing, after the product key request, near the "registering start menu items" portion). As for drivers there is some motherboard drivers (SiS IDE, SiS AGP), which on "original" I didn't have, and with "clean on HDD 1/2" I confirmed the problem was there with or without them installed.

My motherboard page has outdated SiS AGP and SiS LAN drivers, but I've tried with both the ones on the motherboard page, and the latest ones from the SiS site. For the DLink I've only tried the latest drivers (which is what I used on original). As for BIOS, I updated that to the the latest years ago and there doesn't seem to be a new version available (P4S800_9.zip).


I was planning on picking up some thermal compound today and re-applying the CPU/heatsink coating, but only doing because it is cheap (I don't think there is a heating issue, but maybe...). While I'm there I'll see if they have any batteries for my motherboard too.

Edited by NvrBst, 26 January 2010 - 04:55 PM.


#11 hamluis

hamluis

    Moderator


  • Moderator
  • 56,124 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:11:39 AM

Posted 26 January 2010 - 05:36 PM

CMOS batteries (CR 2042) are available anywhere selling photo/electronic/camera batteries. About the size of a nickel. cpst less than $5.

Louis

#12 NvrBst

NvrBst
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:39 AM

Posted 27 January 2010 - 01:00 AM

I replaced the battery and cleaned the cpu/re applyed thermal compound and it didn't fix the problem with intelppm.sys enabled :thumbsup:

#13 gyaneshwar

gyaneshwar

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 04 April 2011 - 10:29 PM

For me the solution was as written on:

http://blogs.msdn.com/b/virtual_pc_guy/archive/2005/10/24/484461.aspx

or in short disable following key without adverse effects:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Processor

Or

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Intelppm

And changing the 'Start' value to '4'.

all the best

#14 hamluis

hamluis

    Moderator


  • Moderator
  • 56,124 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:11:39 AM

Posted 05 April 2011 - 09:03 AM

Any suggestion of manually editing the registry...should always be preceded by the suggestion to back up the registry first. An excellent tool for doing such is ERUNT Registry Backup Tool - http://www.snapfiles.com/get/erunt.html .

Louis




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users