Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Frequent crashes


  • Please log in to reply
3 replies to this topic

#1 sparkymark

sparkymark

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:22 PM

Posted 02 May 2012 - 04:42 AM

Hi - I have a Mesh Matrix 250 PC with a habit of crashing on a regular basis. There is no pattern to the crashing - it can be on start-up, while on screensaver or in the middle of writing a report. I've followed your thread on diagnosing blue screens and the dump file analysis report is below. I'll be so grateful for any advice:

*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: fffffd80005f812a, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff80002a8fe17, address which referenced memory

Debugging Details:
------------------

TRIAGER: Could not open triage file : C:\Program Files (x86)\Windows Kits\8.0\Debuggers\x86\triage\modclass.ini, error 2

READ_ADDRESS: fffffd80005f812a Nonpaged pool

CURRENT_IRQL: 2

FAULTING_IP:
nt!MiPfnShareCountIsZero+77
fffff800`02a8fe17 0fb6511a movzx edx,byte ptr [rcx+1Ah]

DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT

BUGCHECK_STR: 0xA

PROCESS_NAME: POWERPNT.EXE

TRAP_FRAME: fffff8800465d180 -- (.trap 0xfffff8800465d180)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=000fffffffffffff rbx=0000000000000000 rcx=fffffd80005f8110
rdx=0000000000000001 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002a8fe17 rsp=fffff8800465d310 rbp=0000058000000000
r8=000000100001fd5b r9=0000000000000004 r10=fffff8a003930cf0
r11=0000007ffffffff8 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na pe cy
nt!MiPfnShareCountIsZero+0x77:
fffff800`02a8fe17 0fb6511a movzx edx,byte ptr [rcx+1Ah] ds:fffffd80`005f812a=??
Resetting default scope

LAST_CONTROL_TRANSFER: from fffff80002a80229 to fffff80002a80c80

STACK_TEXT:


STACK_COMMAND: kb

FOLLOWUP_IP:
win32k!SURFACE::bDeleteSurface+502
fffff960`0015661a eb05 jmp win32k!SURFACE::bDeleteSurface+0x509 (fffff960`00156621)

SYMBOL_STACK_INDEX: 9

SYMBOL_NAME: win32k!SURFACE::bDeleteSurface+502

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: win32k

IMAGE_NAME: win32k.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4f2b63bd

FAILURE_BUCKET_ID: X64_0xA_win32k!SURFACE::bDeleteSurface+502

BUCKET_ID: X64_0xA_win32k!SURFACE::bDeleteSurface+502

Followup: MachineOwner
---------

BC AdBot (Login to Remove)

 


#2 sparkymark

sparkymark
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:22 PM

Posted 02 May 2012 - 04:45 AM

Just in case it helps, the initial dump file reads:


Microsoft ® Windows Debugger Version 6.2.8229.0 X86
Copyright © Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.17790.amd64fre.win7sp1_gdr.120305-1505
Machine Name:
Kernel base = 0xfffff800`02a04000 PsLoadedModuleList = 0xfffff800`02c48650
Debug session time: Wed May 2 09:10:07.202 2012 (UTC + 1:00)
System Uptime: 0 days 0:24:43.575
Loading Kernel Symbols
...............................................................
................................................................
..............
Loading User Symbols
PEB is paged out (Peb.Ldr = 00000000`7efdf018). Type ".hh dbgerr001" for details
Loading unloaded module list
.....
TRIAGER: Could not open triage file : C:\Program Files (x86)\Windows Kits\8.0\Debuggers\x86\triage\oca.ini, error 2
TRIAGER: Could not open triage file : C:\Program Files (x86)\Windows Kits\8.0\Debuggers\x86\winxp\triage.ini, error 2
TRIAGER: Could not open triage file : C:\Program Files (x86)\Windows Kits\8.0\Debuggers\x86\triage\user.ini, error 2
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck A, {fffffd80005f812a, 2, 0, fffff80002a8fe17}

Page 8b300 not present in the dump file. Type ".hh dbgerr004" for details
TRIAGER: Could not open triage file : C:\Program Files (x86)\Windows Kits\8.0\Debuggers\x86\triage\modclass.ini, error 2
Probably caused by : win32k.sys ( win32k!SURFACE::bDeleteSurface+502 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: fffffd80005f812a, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff80002a8fe17, address which referenced memory

Debugging Details:
------------------

TRIAGER: Could not open triage file : C:\Program Files (x86)\Windows Kits\8.0\Debuggers\x86\triage\modclass.ini, error 2

READ_ADDRESS: fffffd80005f812a Nonpaged pool

CURRENT_IRQL: 2

FAULTING_IP:
nt!MiPfnShareCountIsZero+77
fffff800`02a8fe17 0fb6511a movzx edx,byte ptr [rcx+1Ah]

DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT

BUGCHECK_STR: 0xA

PROCESS_NAME: POWERPNT.EXE

TRAP_FRAME: fffff8800465d180 -- (.trap 0xfffff8800465d180)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=000fffffffffffff rbx=0000000000000000 rcx=fffffd80005f8110
rdx=0000000000000001 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002a8fe17 rsp=fffff8800465d310 rbp=0000058000000000
r8=000000100001fd5b r9=0000000000000004 r10=fffff8a003930cf0
r11=0000007ffffffff8 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na pe cy
nt!MiPfnShareCountIsZero+0x77:
fffff800`02a8fe17 0fb6511a movzx edx,byte ptr [rcx+1Ah] ds:fffffd80`005f812a=??
Resetting default scope

LAST_CONTROL_TRANSFER: from fffff80002a80229 to fffff80002a80c80

STACK_TEXT:
fffff880`0465d038 fffff800`02a80229 : 00000000`0000000a fffffd80`005f812a 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff880`0465d040 fffff800`02a7eea0 : 00000000`00000000 00000000`00000000 fffff8a0`02452780 fffffa80`005f9fd0 : nt!KiBugCheckDispatch+0x69
fffff880`0465d180 fffff800`02a8fe17 : fffffa80`005f40f0 00000580`00000000 fffff880`00800000 00000000`00000000 : nt!KiPageFault+0x260
fffff880`0465d310 fffff800`02ab5d61 : fffffa80`01114a10 00000000`00000005 fffffa80`01114a10 fffffa80`005fbda0 : nt!MiPfnShareCountIsZero+0x77
fffff880`0465d380 fffff800`02ab3039 : 9e100000`1ff29867 fffffa80`005fd7b0 00000000`63416d4d fffff680`0002ca78 : nt!MiDeleteBatch+0x1b5
fffff880`0465d400 fffff800`02ab2017 : 00000000`00000000 fffff680`0002cff8 fffffa80`051022f0 a9100000`1fe79867 : nt!MiDeletePteRun+0x75f
fffff880`0465d5b0 fffff800`02ab39c9 : 00000000`00000000 00000000`05c51fff fffffa80`00000000 00000000`00000001 : nt!MiDeleteVirtualAddresses+0x41f
fffff880`0465d770 fffff800`02d97001 : fffffa80`03d24f80 00000000`00000000 00000000`00000000 00000000`00000000 : nt!MiRemoveMappedView+0xd9
fffff880`0465d890 fffff960`0015661a : 00000000`00000001 fffffa80`0573dc70 00000000`00000001 00000000`00000000 : nt!MiUnmapViewOfSection+0x1b1
fffff880`0465d950 fffff960`0028fd3f : 00000000`00000000 00000000`00000000 00000000`00000505 00000000`00000000 : win32k!SURFACE::bDeleteSurface+0x502
fffff880`0465daa0 fffff960`00310738 : fffff900`c1d0af20 00000000`00000001 fffff900`c29b0620 00000000`01120a78 : win32k!GreDereferenceObject+0x7b
fffff880`0465dae0 fffff960`00311757 : 00000000`00000000 00000000`01120a78 fffff900`c1d0af20 00000000`043e46c8 : win32k!SFMLOGICALSURFACE::DeInitialize+0x88
fffff880`0465db20 fffff960`0026dbb7 : 00000000`00000000 fffff900`c00c0010 fffff900`c1d0af20 00000000`00000020 : win32k!bhLSurfDestroyLogicalSurfaceObject+0x4b
fffff880`0465db60 fffff960`0028f0a0 : 00000000`00000001 00000000`00000001 fffff880`0465dca0 00000000`00000000 : win32k!GreSfmCloseCompositorRef+0x10f
fffff880`0465dba0 fffff800`02a7ff13 : fffffa80`05dd14b0 fffffa80`05fb25d0 000007fe`00000000 fffffa80`05fb25d0 : win32k!NtGdiHLSurfSetInformation+0x1a8
fffff880`0465dc20 000007fe`ffa64a3a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`042bf328 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7fe`ffa64a3a


STACK_COMMAND: kb

FOLLOWUP_IP:
win32k!SURFACE::bDeleteSurface+502
fffff960`0015661a eb05 jmp win32k!SURFACE::bDeleteSurface+0x509 (fffff960`00156621)

SYMBOL_STACK_INDEX: 9

SYMBOL_NAME: win32k!SURFACE::bDeleteSurface+502

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: win32k

IMAGE_NAME: win32k.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4f2b63bd

FAILURE_BUCKET_ID: X64_0xA_win32k!SURFACE::bDeleteSurface+502

BUCKET_ID: X64_0xA_win32k!SURFACE::bDeleteSurface+502

Followup: MachineOwner
---------

Edited by sparkymark, 02 May 2012 - 04:45 AM.


#3 hamluis

hamluis

    Moderator


  • Moderator
  • 55,554 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:11:22 AM

Posted 02 May 2012 - 07:40 AM

<<PROCESS_NAME: POWERPNT.EXE>>

If any version of Powe4Point or MS Office is installed...my guess would be that it's damaged and causing problems. Attempted remedy would be uninstall, then reinstall.

If nothing related to known legit files is involved...I'd suspect malware.

Louis

#4 AustrAlien

AustrAlien

    Inquisitor


  • BC Advisor
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:02:22 AM

Posted 02 May 2012 - 08:11 AM

Let's collect some more information: I'll have a look at it and help you try to resolve the problem.

:step1: Please follow the instructions: BSOD Posting Instructions: Windows 7 - Vista

(Note: When you run BSOD_Windows7_Vista_v2.64_jcgriff2_.exe, it will also run autoruns.exe ... and both need to be in the same location!)
... with one exception in the following line:
  • "4. Zip up the entire output folder + PERFMON and attach the zip file to your next post."
The BC forums will allow a total attachment size of only 512 kb (and what you need to attach will exceed this limit). Please upload the zip file to a file sharing website of your choice and and post a link to it in this thread so that we can access your uploaded zip file. I will have a look at the contained information and see if I can shed some light on your BSOD issue.

See the suggestions in the following links for recommendations on file sharing websites:
  • http://lifehacker.com/388284/best-online-file-sharing-services
  • http://www.hongkiat.com/blog/15-great-free-online-file-sharing-alternatives/
  • http://www.smashingapps.com/2008/08/28/5-best-free-file-hosting-services-to-store-your-files.html

:step2: Please Publish a Snapshot using Speccy, and post a link to it in this thread.
  • It is a convenient and accurate way of providing us with details of your computer specifications.

:step3: Please download MiniToolBox, save it to your desktop and run it.
  • Checkmark the following checkboxes:
    • List Installed Programs
  • Click Go.
    When the scan is finished, a text file will open in a Notepad window.
  • Copy the entire contents of the Notepad window, and paste in your reply.
    (Result.txt will be saved in the same directory the tool is run.)

AustrAlien
Google is my friend. Make Google your friend too.

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users