R
Ross
Guest
Up to this point I have tried to diagnose this problem on my own but I can
see It's more than I can handle.
Here is my system info and a log of previous failure reports and bug checks.
I hope I have done them correctly as I have no experience whatsoever and have
relied completely on information I could read at Microsoft.
I had a problem with the computer going to blue screen and not restarting
previously.
It got so bad that it would not restart at all.
I used a drive washer and wiped out everything.
I used my XP Installation disc and reinstalled windows XP.
I thought the problem was solved and now the computer is doing it again.
I have some theories as to whats wrong but they are uneducated assumptions
at this point.
Any assistance would be greatly appreciated.
Ross-
(SYSTEM INFO GEERATED WITH BELARC ADVISOR)
Operating System:
Win. XP Home Edition. Service Pack 3 (Build 2600)
System Motherboard:
Gigabyte Technology (P35-DS3L)
Bus Clock:
266 Mhz.
BIOS:
Award Software Int. Inc. F7 11/29/07
PROCESSOR:
2.4 Gigahertz Intel Core2 Quad Q660
DRIVES:
WDC WD3200AAKS-00B3A0 (Hard Drive)
STATUS: Healthy
WDC WD25 00JS-55NCB1 (USB External Device)
Pioneer DVR-113NP (CD-ROM drive)
MEMORY:
3072 Megabytes Installed Memory
Crucial.com
CL1118P.TQ
97432
BL12864AA804.8FE5
(Says "Ballistix" on the ram itself)
Slot "A0" Has 1024 Mb
Slot "A1" has 1024 Mb
Slot "A2" has 1024 Mb
Slot "A3" is empty
DISPLAY:
NVIDIA GeForce 8400 GS (display adapter)
Sceptre X20WG-Naga (moniter)
Realtek High Definition Auido
COMMUNICATIONS:
Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC
LOCAL DRIVE VOLUMES:
C:/ (NTFS on drive 0) 320 GB
E:/ (FAT32 on drive 1) 250 GB
PRINTERS:
HP Deskjet 925 on USB
Microsoft XPS Document writer
Only one user account (mine)
Using IE 6
(I have had numerous issues with IE7)
DEBUG INFO:
SAVEDUMP INFO 1.
Event Type: Information
Event Source: Save Dump
Event Category: None
Event ID: 1001
Date: 7/22/2008
Time: 8:16:23 AM
User: N/A
Computer: STEPHEN-DE5B952
Description:
The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001a
(0x00041284, 0x00136001, 0x000006ca, 0xc0883000). A dump was saved in:
C:\WINDOWS\Minidump\Mini072208-01.dmp.
SAVEDUMP 1 DETAILS;
Product:
Windows Operating System
ID:
1001
Source:
Save Dump
Version:
5.2
Symbolic Name:
EVENT_BUGCHECK_SAVED
Message:
The computer has rebooted from a bugcheck. The bugcheck was: %1. A dump was
saved in: %2.
DEBUG INFO FOR SAVEDUMP 1;
Loading Dump File [C:\WINDOWS\Minidump\Mini072208-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: C:\WINDOWS\Symbols
Executable search path is:
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 3) MP (4 procs) Free x86
compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720
Debug session time: Tue Jul 22 08:15:38.140 2008 (GMT-7)
System Uptime: 0 days 6:00:50.734
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Loading Kernel Symbols
.....................................................................................................................
Loading User Symbols
Loading unloaded module list
Bugcheck Analysis
Use !analyze -v to get detailed debugging information.
BugCheck 1A, {41284, 136001, 6ca, c0883000}
Probably caused by : ntoskrnl.exe ( nt!_woutput+404 )
Followup: MachineOwner
---------
2: kd> !analyze -v
*******
*
*
* Bugcheck Analysis
*
*
*
*******
MEMORY_MANAGEMENT (1a)
# Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 00041284, A PTE or the working set list is corrupt.
Arg2: 00136001
Arg3: 000006ca
Arg4: c0883000
Debugging Details:
------------------
BUGCHECK_STR: 0x1a_41284
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
PROCESS_NAME: GtCC.exe
LAST_CONTROL_TRANSFER: from 80523309 to 804f9f33
STACK_TEXT:
b5fd3af4 80523309 0000001a 00041284 00136001 nt!_woutput+0x404
b5fd3b2c 80523b8f 000006ca 00136000 c0600000 nt!MiRemoveMappedPtes+0x88
b5fd3b60 80523fa8 c00009b0 00136000 00000000
nt!MiSessionCommitImagePages+0x198
b5fd3c28 805135b6 00000530 0018ffff 00000000 nt!MmAccessFault+0x17a
b5fd3c68 805d2706 01b6da18 88b93020 88b93268 nt!MiFlushDirtyBitsToPfn+0x57
b5fd3d08 805d28c8 00000000 88b93020 00000000 nt!IopRebalance+0x3e0
b5fd3d28 805d2aa3 88b93020 00000000 b5fd3d64 nt!NtPowerInformation+0x40f
b5fd3d54 8054161c 00000000 00000000 0006fed0 nt!WmipStartLogger+0xa
b5fd3d64 7c90e4f4 badb0d00 0006fddc 00000000 nt!RtlIpv4StringToAddressExW+0x9d
WARNING: Frame IP not in any known module. Following frames may be wrong.
b5fd3d78 00000000 00000000 00000000 00000000 0x7c90e4f4
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!_woutput+404
804f9f33 5d pop ebp
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!_woutput+404
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntoskrnl.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4802516a
FAILURE_BUCKET_ID: 0x1a_41284_nt!_woutput+404
BUCKET_ID: 0x1a_41284_nt!_woutput+404
Followup: MachineOwner
---------
2: kd> lmvm nt
start end module name
804d7000 806e4000 nt M (pdb symbols)
C:\WINDOWS\Symbols\exe\ntoskrnl.pdb
Loaded symbol image file: ntoskrnl.exe
Image path: ntoskrnl.exe
Image name: ntoskrnl.exe
Timestamp: Sun Apr 13 11:31:06 2008 (4802516A)
CheckSum: 001F442E
ImageSize: 0020D000
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
ERROR 1 INFO;
Event Type: Error
Event Source: System Error
Event Category: (102)
Event ID: 1003
Date: 7/22/2008
Time: 8:16:45 AM
User: N/A
Computer: STEPHEN-DE5B952
Description:
Error code 0000001a, parameter1 00041284, parameter2 00136001, parameter3
000006ca, parameter4 c0883000.
Data:
0000: 53 79 73 74 65 6d 20 45 System E
0008: 72 72 6f 72 20 20 45 72 rror Er
0010: 72 6f 72 20 63 6f 64 65 ror code
0018: 20 30 30 30 30 30 30 31 0000001
0020: 61 20 20 50 61 72 61 6d a Param
0028: 65 74 65 72 73 20 30 30 eters 00
0030: 30 34 31 32 38 34 2c 20 041284,
0038: 30 30 31 33 36 30 30 31 00136001
0040: 2c 20 30 30 30 30 30 36 , 000006
0048: 63 61 2c 20 63 30 38 38 ca, c088
0050: 33 30 30 30 3000
ERROR 1 DETAILS;
Product:
Windows Operating System
ID:
1003
Source:
System Error
Version:
5.2
Symbolic Name:
ER_KRNLCRASH_LOG
Message:
Error code %1, parameter1 %2, parameter2 %3, parameter3 %4, parameter4 %5.
SAVE DUMP 2 INFO;
Event Type: Information
Event Source: Save Dump
Event Category: None
Event ID: 1001
Date: 7/22/2008
Time: 4:15:30 PM
User: N/A
Computer: STEPHEN-DE5B952
Description:
The computer has rebooted from a bugcheck. The bugcheck was: 0x1000000a
(0x00000020, 0x00000002, 0x00000000, 0x805153db). A dump was saved in:
C:\WINDOWS\Minidump\Mini072208-02.dmp.
SAVEDUP 2 DETAILS;
Product:
Windows Operating System
ID:
1001
Source:
Save Dump
Version:
5.2
Symbolic Name:
EVENT_BUGCHECK_SAVED
Message:
The computer has rebooted from a bugcheck. The bugcheck was: %1. A dump was
saved in: %2.
DEBUG INFO FOR SAVEDUMP 2;
Loading Dump File [C:\WINDOWS\Minidump\Mini072208-02.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: C:\WINDOWS\Symbols
Executable search path is:
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 3) MP (4 procs) Free x86
compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720
Debug session time: Tue Jul 22 16:14:41.203 2008 (GMT-7)
System Uptime: 0 days 7:58:33.172
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Loading Kernel Symbols
...........
Loading User Symbols
Loading unloaded module list
..............
******
******
*
*
* Bugcheck Analysis
*
*
*
******
******
Use !analyze -v to get detailed debugging information.
BugCheck 1000000A, {20, 2, 0, 805153db}
Probably caused by : memory_corruption ( nt!MiInsertStandbyListAtFront+7 )
Followup: MachineOwner
---------
0: kd> !analyze -v
******
******
*
*
* Bugcheck Analysis
*
*
*
******
******
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 00000020, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on
chips which support this level of status)
Arg4: 805153db, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: 00000020
CURRENT_IRQL: 2
FAULTING_IP:
nt!MiInsertStandbyListAtFront+7
805153db 8b4320 mov eax,dword ptr [ebx+20h]
CUSTOMER_CRASH_COUNT: 2
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: System
LAST_CONTROL_TRANSFER: from 00000000 to 805153db
STACK_TEXT:
bacf7ac4 00000000 000004c0 88a44ca0 c5020000 nt!MiInsertStandbyListAtFront+0x7
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!MiInsertStandbyListAtFront+7
805153db 8b4320 mov eax,dword ptr [ebx+20h]
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!MiInsertStandbyListAtFront+7
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
DEBUG_FLR_IMAGE_TIMESTAMP: 4802516a
IMAGE_NAME: memory_corruption
FAILURE_BUCKET_ID: 0xA_nt!MiInsertStandbyListAtFront+7
BUCKET_ID: 0xA_nt!MiInsertStandbyListAtFront+7
Followup: MachineOwner
---------
0: kd> lmvm nt
start end module name
804d7000 806e4000 nt M (pdb symbols)
C:\WINDOWS\Symbols\exe\ntoskrnl.pdb
Loaded symbol image file: ntoskrnl.exe
Image path: ntoskrnl.exe
Image name: ntoskrnl.exe
Timestamp: Sun Apr 13 11:31:06 2008 (4802516A)
CheckSum: 001F442E
ImageSize: 0020D000
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
ERROR 2 INFO;
Event Type: Error
Event Source: System Error
Event Category: (102)
Event ID: 1003
Date: 7/22/2008
Time: 4:16:05 PM
User: N/A
Computer: STEPHEN-DE5B952
Description:
Error code 1000000a, parameter1 00000020, parameter2 00000002, parameter3
00000000, parameter4 805153db.
Data:
0000: 53 79 73 74 65 6d 20 45 System E
0008: 72 72 6f 72 20 20 45 72 rror Er
0010: 72 6f 72 20 63 6f 64 65 ror code
0018: 20 31 30 30 30 30 30 30 1000000
0020: 61 20 20 50 61 72 61 6d a Param
0028: 65 74 65 72 73 20 30 30 eters 00
0030: 30 30 30 30 32 30 2c 20 000020,
0038: 30 30 30 30 30 30 30 32 00000002
0040: 2c 20 30 30 30 30 30 30 , 000000
0048: 30 30 2c 20 38 30 35 31 00, 8051
0050: 35 33 64 62 53db
ERROR 2 DETAILS;
Product:
Windows Operating System
ID:
1003
Source:
System Error
Version:
5.2
Symbolic Name:
ER_KRNLCRASH_LOG
Message:
Error code %1, parameter1 %2, parameter2 %3, parameter3 %4, parameter4 %5.
SAVEDUMP 3 INFO;
Event Type: Information
Event Source: Save Dump
Event Category: None
Event ID: 1001
Date: 7/22/2008
Time: 7:01:57 PM
User: N/A
Computer: STEPHEN-DE5B952
Description:
The computer has rebooted from a bugcheck. The bugcheck was: 0x100000d1
(0x00000004, 0x00000002, 0x00000001, 0xb65e7625). A dump was saved in:
C:\WINDOWS\Minidump\Mini072208-03.dmp.
SAVEDUMP 3 DETAILS;
Product:
Windows Operating System
ID:
1001
Source:
Save Dump
Version:
5.2
Symbolic Name:
EVENT_BUGCHECK_SAVED
Message:
The computer has rebooted from a bugcheck. The bugcheck was: %1. A dump was
saved in: %2.
Currently there are no Microsoft Knowledge Base articles available for this
specific error or event message.
DEBUG INFO FOR SAVEDUMP 3;
Microsoft (R) Windows Debugger Version 6.9.0003.113 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\WINDOWS\Minidump\Mini072208-03.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: C:\WINDOWS\Symbols
Executable search path is:
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 3) MP (4 procs) Free x86
compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720
Debug session time: Tue Jul 22 19:01:11.453 2008 (GMT-7)
System Uptime: 0 days 2:46:00.076
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Loading Kernel Symbols
...............
Loading User Symbols
Loading unloaded module list
..................
Unable to load image afd.sys, Win32 error 0n2
******
******
*
*
* Bugcheck Analysis
*
*
*
*******
*******
Use !analyze -v to get detailed debugging information.
BugCheck 100000D1, {4, 2, 1, b65e7625}
Unable to load image msfwhlpr.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for msfwhlpr.sys
*** ERROR: Module load completed but symbols could not be loaded for
msfwhlpr.sys
*** WARNING: Unable to verify timestamp for tcpip.sys
Unable to load image TDI.SYS, Win32 error 0n2
*** WARNING: Unable to verify timestamp for TDI.SYS
Probably caused by : msfwhlpr.sys ( msfwhlpr+11922 )
Followup: MachineOwner
---------
1: kd> !analyze -v
******
******
*
*
* Bugcheck Analysis
*
*
*
******
******
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 00000004, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, value 0 = read operation, 1 = write operation
Arg4: b65e7625, address which referenced memory
Debugging Details:
------------------
WRITE_ADDRESS: 00000004
CURRENT_IRQL: 2
FAULTING_IP:
afd!AfdIndicatePollEventReal+d6
b65e7625 894804 mov dword ptr [eax+4],ecx
CUSTOMER_CRASH_COUNT: 3
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0xD1
PROCESS_NAME: System
LAST_CONTROL_TRANSFER: from b65f29fd to b65e7625
STACK_TEXT:
bad038cc b65f29fd 88c53640 00000001 00000000 afd!AfdIndicatePollEventReal+0xd6
bad03900 b66d4922 bad03a9c b66d4922 88c53640 afd!AfdPoll+0xe2
WARNING: Stack unwind information not available. Following frames may be
wrong.
bad039f4 b66d4b41 88cb3358 00000016 bad03aac msfwhlpr+0x11922
bad03a2c b665986c 88cb3358 00000016 bad03aac msfwhlpr+0x11b41
bad03ac8 b6663d35 88c44278 0100007f 00002504 tcpip!UDPDeliver+0x1be
bad03b20 b6658ef5 8a2abd50 0100007f 0100007f tcpip!TCPRcv+0xe41
bad03b80 b6658b19 00000020 8a2abd50 b6659592 tcpip!DeliverToUser+0x18e
bad03bfc b6658836 b66988f0 8a2abd50 bad03d18 tcpip!DeliverToUserEx+0x95e
bad03cb4 b6664ce6 8a2abd50 bad03d2c 00000009 tcpip!IPRcvPacket+0x6cb
bad03d60 babe83e4 b6698680 8a2abd50 b6698690 tcpip!TCPRcv+0x10fa
bad03d7c 8053876d 8a2abd50 00000000 8a535da8 TDI!CTEpEventHandler+0x32
bad03dac 805cff64 b6698680 00000000 00000000 nt!MiTrimPte+0x1ee
bad03ddc 805460de 8053867e 00000001 00000000 nt!IopQueryReconfiguration+0x17
bad03df8 00000000 00000000 00000000 00001f80 nt!ExpRemovePoolTracker+0x6b
STACK_COMMAND: kb
FOLLOWUP_IP:
msfwhlpr+11922
b66d4922 ?? ???
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: msfwhlpr+11922
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: msfwhlpr
IMAGE_NAME: msfwhlpr.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 474d104c
FAILURE_BUCKET_ID: 0xD1_W_msfwhlpr+11922
BUCKET_ID: 0xD1_W_msfwhlpr+11922
Followup: MachineOwner
---------
1: kd> lmvm msfwhlpr
start end module name
b66c3000 b66dd280 msfwhlpr T (no symbols)
Loaded symbol image file: msfwhlpr.sys
Image path: msfwhlpr.sys
Image name: msfwhlpr.sys
Timestamp: Tue Nov 27 22:53:00 2007 (474D104C)
CheckSum: 00029480
ImageSize: 0001A280
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
ERROR 3 INFO;
Event Type: Error
Event Source: System Error
Event Category: (102)
Event ID: 1003
Date: 7/22/2008
Time: 8:55:33 PM
User: N/A
Computer: STEPHEN-DE5B952
Description:
Error code 100000d1, parameter1 00000004, parameter2 00000002, parameter3
00000001, parameter4 b65e7625.
Data:
0000: 53 79 73 74 65 6d 20 45 System E
0008: 72 72 6f 72 20 20 45 72 rror Er
0010: 72 6f 72 20 63 6f 64 65 ror code
0018: 20 31 30 30 30 30 30 64 100000d
0020: 31 20 20 50 61 72 61 6d 1 Param
0028: 65 74 65 72 73 20 30 30 eters 00
0030: 30 30 30 30 30 34 2c 20 000004,
0038: 30 30 30 30 30 30 30 32 00000002
0040: 2c 20 30 30 30 30 30 30 , 000000
0048: 30 31 2c 20 62 36 35 65 01, b65e
0050: 37 36 32 35 7625
ERROR 3 DETAILS;
Product:
Windows Operating System
ID:
1003
Source:
System Error
Version:
5.2
Symbolic Name:
ER_KRNLCRASH_LOG
Message:
Error code %1, parameter1 %2, parameter2 %3, parameter3 %4, parameter4 %5.
SAVE DUMP 4 INFO;
Event Type: Information
Event Source: Save Dump
Event Category: None
Event ID: 1001
Date: 7/24/2008
Time: 9:59:56 PM
User: N/A
Computer: STEPHEN-DE5B952
Description:
The computer has rebooted from a bugcheck. The bugcheck was: 0x000000c1
(0x8bb6ee28, 0x8bb6e7b6, 0x00d101d8, 0x00000023). A dump was saved in:
C:\WINDOWS\Minidump\Mini072408-01.dmp.
DEBUG INFO;
Loading Dump File [C:\WINDOWS\Minidump\Mini072408-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: C:\WINDOWS\Symbols
Executable search path is:
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 3) MP (4 procs) Free x86
compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720
Debug session time: Thu Jul 24 21:43:09.953 2008 (GMT-7)
System Uptime: 0 days 14:24:45.922
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Loading Kernel Symbols
..............
Loading User Symbols
Loading unloaded module list
...................
******
******
*
*
* Bugcheck Analysis
*
*
*
******
******
Use !analyze -v to get detailed debugging information.
BugCheck C1, {8bb6ee28, 8bb6e7b6, d101d8, 23}
Probably caused by : ntoskrnl.exe ( nt!_woutput+404 )
Followup: MachineOwner
---------
3: kd> !analyze -v
******
******
*
*
* Bugcheck Analysis
*
*
*
******
******
SPECIAL_POOL_DETECTED_MEMORY_CORRUPTION (c1)
Special pool has detected memory corruption. Typically the current thread's
stack backtrace will reveal the guilty party.
Arguments:
Arg1: 8bb6ee28, address trying to free
Arg2: 8bb6e7b6, address where bits are corrupted
Arg3: 00d101d8, (reserved)
Arg4: 00000023, caller is freeing an address where nearby bytes within the
same page have been corrupted
Debugging Details:
------------------
BUGCHECK_STR: 0xC1_23
SPECIAL_POOL_CORRUPTION_TYPE: 23
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
PROCESS_NAME: winlogon.exe
LAST_CONTROL_TRANSFER: from 8066dd94 to 804f9f33
STACK_TEXT:
b70f7804 8066dd94 000000c1 8bb6ee28 8bb6e7b6 nt!_woutput+0x404
b70f7850 8054b32a 8bb6ee28 b70f78d3 88b3beb8 nt!VerifierKeAcquireSpinLock+0x24
b70f7890 8065f1f6 8bb6ee28 00000000 8065f391
nt!MiReserveAlignedSystemPtes+0x122
b70f78b8 80658071 00000000 8bb6ee28 b70f791c nt!MiPhysicalViewInserter+0x33
b70f78c8 804f4e35 8bb6ee28 8bb6ee68 899a25c8 nt!HvRefreshHive+0x419
b70f791c 804ff843 8bb6ee68 b70f7968 b70f795c nt!CcPurgeCacheSection+0x62
b70f796c 80503854 00000000 00000000 00000000 nt!CcPerformReadAhead+0x155
b70f79bc 805c0a37 00000040 b70f7bf0 00000001 nt!WmipEnterCritSection+0x1e
b70f7d48 8054161c 00000040 00eb6e60 00000001 nt!IopDriverLoadingFailed+0x4bf
b70f7d64 7c90e4f4 badb0d00 00d2ff54 00000000 nt!RtlIpv4StringToAddressExW+0x9d
WARNING: Frame IP not in any known module. Following frames may be wrong.
b70f7d78 00000000 00000000 00000000 00000000 0x7c90e4f4
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!_woutput+404
804f9f33 5d pop ebp
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!_woutput+404
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntoskrnl.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4802516a
FAILURE_BUCKET_ID: 0xC1_23_nt!_woutput+404
BUCKET_ID: 0xC1_23_nt!_woutput+404
Followup: MachineOwner
---------
3: kd> lmvm nt
start end module name
804d7000 806e4000 nt M (pdb symbols)
C:\WINDOWS\Symbols\exe\ntoskrnl.pdb
Loaded symbol image file: ntoskrnl.exe
Image path: ntoskrnl.exe
Image name: ntoskrnl.exe
Timestamp: Sun Apr 13 11:31:06 2008 (4802516A)
CheckSum: 001F442E
ImageSize: 0020D000
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
SAVE DUMP 5 INFO;
Event Type: Information
Event Source: Save Dump
Event Category: None
Event ID: 1001
Date: 7/25/2008
Time: 8:32:32 AM
User: N/A
Computer: STEPHEN-DE5B952
Description:
The computer has rebooted from a bugcheck.
The bugcheck was: 0x000000c1 (0x8a9d4f00, 0x8a9d412e, 0x00a90100,
0x00000023). A dump was saved in: C:\WINDOWS\Minidump\Mini072508-01.dmp.
DETAILS;
Product:
Windows Operating System
ID:
1001
Source:
Save Dump
Version:
5.2
Symbolic Name:
EVENT_BUGCHECK_SAVED
Message:
The computer has rebooted from a bugcheck. The bugcheck was: %1. A dump was
saved in: %2.
BUGCHECK INFO;
Loading Dump File [C:\WINDOWS\Minidump\Mini072508-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: C:\WINDOWS\Symbols
Executable search path is:
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 3) MP (4 procs) Free x86
compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720
Debug session time: Fri Jul 25 07:55:33.031 2008 (GMT-7)
System Uptime: 0 days 9:13:19.626
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Loading Kernel Symbols
.................
Loading User Symbols
Loading unloaded module list
............
******
******
*
*
* Bugcheck Analysis
*
*
*
*****
******
Use !analyze -v to get detailed debugging information.
BugCheck C1, {8a9d4f00, 8a9d412e, a90100, 23}
Probably caused by : ntoskrnl.exe ( nt!_woutput+404 )
Followup: MachineOwner
---------
1: kd> !analyze -v
**************
**************
*
*
* Bugcheck Analysis
*
*
*
********
********
SPECIAL_POOL_DETECTED_MEMORY_CORRUPTION (c1)
Special pool has detected memory corruption. Typically the current thread's
stack backtrace will reveal the guilty party.
Arguments:
Arg1: 8a9d4f00, address trying to free
Arg2: 8a9d412e, address where bits are corrupted
Arg3: 00a90100, (reserved)
Arg4: 00000023, caller is freeing an address where nearby bytes within the
same page have been corrupted
Debugging Details:
------------------
BUGCHECK_STR: 0xC1_23
SPECIAL_POOL_CORRUPTION_TYPE: 23
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
PROCESS_NAME: winss.exe
LAST_CONTROL_TRANSFER: from 8066dd94 to 804f9f33
STACK_TEXT:
b66b6b44 8066dd94 000000c1 8a9d4f00 8a9d412e nt!_woutput+0x404
b66b6b90 8054b32a 8a9d4f00 b66b6c13 884b4008 nt!VerifierKeAcquireSpinLock+0x24
b66b6bd0 8065f1f6 8a9d4f00 00000000 8065f391
nt!MiReserveAlignedSystemPtes+0x122
b66b6bf8 80658071 00000000 8a9d4f00 b66b6c5c nt!MiPhysicalViewInserter+0x33
b66b6c08 804f4e35 8a9d4f00 8a9d4f40 88dbf598 nt!HvRefreshHive+0x419
b66b6c5c 804ff843 8a9d4f40 b66b6ca8 b66b6c9c nt!CcPurgeCacheSection+0x62
b66b6cac 80503854 00000000 00000000 00000000 nt!CcPerformReadAhead+0x155
b66b6cec 805c0750 00000001 00000006 01c8ee01 nt!WmipEnterCritSection+0x1e
b66b6d50 8054161c 00000c98 00000001 b66b6d1c nt!IoAssignDriveLetters+0x8c9
b66b6d64 7c90e4f4 badb0d00 0550fad8 b66b6d98 nt!RtlIpv4StringToAddressExW+0x9d
WARNING: Frame IP not in any known module. Following frames may be wrong.
b66b6d78 00000000 00000000 00000000 00000000 0x7c90e4f4
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!_woutput+404
804f9f33 5d pop ebp
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!_woutput+404
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntoskrnl.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4802516a
FAILURE_BUCKET_ID: 0xC1_23_nt!_woutput+404
BUCKET_ID: 0xC1_23_nt!_woutput+404
Followup: MachineOwner
---------
1: kd> lmvm nt
start end module name
804d7000 806e4000 nt M (pdb symbols)
C:\WINDOWS\Symbols\exe\ntoskrnl.pdb
Loaded symbol image file: ntoskrnl.exe
Image path: ntoskrnl.exe
Image name: ntoskrnl.exe
Timestamp: Sun Apr 13 11:31:06 2008 (4802516A)
CheckSum: 001F442E
ImageSize: 0020D000
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
ERROR 4 DETAILS;
Event Type: Error
Event Source: System Error
Event Category: (102)
Event ID: 1003
Date: 7/25/2008
Time: 8:33:16 AM
User: N/A
Computer: STEPHEN-DE5B952
Description:
Error code 000000c1, parameter1 8a9d4f00, parameter2 8a9d412e, parameter3
00a90100, parameter4 00000023.
Data:
0000: 53 79 73 74 65 6d 20 45 System E
0008: 72 72 6f 72 20 20 45 72 rror Er
0010: 72 6f 72 20 63 6f 64 65 ror code
0018: 20 30 30 30 30 30 30 63 000000c
0020: 31 20 20 50 61 72 61 6d 1 Param
0028: 65 74 65 72 73 20 38 61 eters 8a
0030: 39 64 34 66 30 30 2c 20 9d4f00,
0038: 38 61 39 64 34 31 32 65 8a9d412e
0040: 2c 20 30 30 61 39 30 31 , 00a901
0048: 30 30 2c 20 30 30 30 30 00, 0000
0050: 30 30 32 33 0023
Details
Product:
Windows Operating System
ID:
1003
Source:
System Error
Version:
5.2
Symbolic Name:
ER_KRNLCRASH_LOG
Message:
Error code %1, parameter1 %2, parameter2 %3, parameter3 %4, parameter4 %5.
--
Ross McLaughlin
koolaid_51 at yahoo
see It's more than I can handle.
Here is my system info and a log of previous failure reports and bug checks.
I hope I have done them correctly as I have no experience whatsoever and have
relied completely on information I could read at Microsoft.
I had a problem with the computer going to blue screen and not restarting
previously.
It got so bad that it would not restart at all.
I used a drive washer and wiped out everything.
I used my XP Installation disc and reinstalled windows XP.
I thought the problem was solved and now the computer is doing it again.
I have some theories as to whats wrong but they are uneducated assumptions
at this point.
Any assistance would be greatly appreciated.
Ross-
(SYSTEM INFO GEERATED WITH BELARC ADVISOR)
Operating System:
Win. XP Home Edition. Service Pack 3 (Build 2600)
System Motherboard:
Gigabyte Technology (P35-DS3L)
Bus Clock:
266 Mhz.
BIOS:
Award Software Int. Inc. F7 11/29/07
PROCESSOR:
2.4 Gigahertz Intel Core2 Quad Q660
DRIVES:
WDC WD3200AAKS-00B3A0 (Hard Drive)
STATUS: Healthy
WDC WD25 00JS-55NCB1 (USB External Device)
Pioneer DVR-113NP (CD-ROM drive)
MEMORY:
3072 Megabytes Installed Memory
Crucial.com
CL1118P.TQ
97432
BL12864AA804.8FE5
(Says "Ballistix" on the ram itself)
Slot "A0" Has 1024 Mb
Slot "A1" has 1024 Mb
Slot "A2" has 1024 Mb
Slot "A3" is empty
DISPLAY:
NVIDIA GeForce 8400 GS (display adapter)
Sceptre X20WG-Naga (moniter)
Realtek High Definition Auido
COMMUNICATIONS:
Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC
LOCAL DRIVE VOLUMES:
C:/ (NTFS on drive 0) 320 GB
E:/ (FAT32 on drive 1) 250 GB
PRINTERS:
HP Deskjet 925 on USB
Microsoft XPS Document writer
Only one user account (mine)
Using IE 6
(I have had numerous issues with IE7)
DEBUG INFO:
SAVEDUMP INFO 1.
Event Type: Information
Event Source: Save Dump
Event Category: None
Event ID: 1001
Date: 7/22/2008
Time: 8:16:23 AM
User: N/A
Computer: STEPHEN-DE5B952
Description:
The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001a
(0x00041284, 0x00136001, 0x000006ca, 0xc0883000). A dump was saved in:
C:\WINDOWS\Minidump\Mini072208-01.dmp.
SAVEDUMP 1 DETAILS;
Product:
Windows Operating System
ID:
1001
Source:
Save Dump
Version:
5.2
Symbolic Name:
EVENT_BUGCHECK_SAVED
Message:
The computer has rebooted from a bugcheck. The bugcheck was: %1. A dump was
saved in: %2.
DEBUG INFO FOR SAVEDUMP 1;
Loading Dump File [C:\WINDOWS\Minidump\Mini072208-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: C:\WINDOWS\Symbols
Executable search path is:
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 3) MP (4 procs) Free x86
compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720
Debug session time: Tue Jul 22 08:15:38.140 2008 (GMT-7)
System Uptime: 0 days 6:00:50.734
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Loading Kernel Symbols
.....................................................................................................................
Loading User Symbols
Loading unloaded module list
Bugcheck Analysis
Use !analyze -v to get detailed debugging information.
BugCheck 1A, {41284, 136001, 6ca, c0883000}
Probably caused by : ntoskrnl.exe ( nt!_woutput+404 )
Followup: MachineOwner
---------
2: kd> !analyze -v
*******
*
*
* Bugcheck Analysis
*
*
*
*******
MEMORY_MANAGEMENT (1a)
# Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 00041284, A PTE or the working set list is corrupt.
Arg2: 00136001
Arg3: 000006ca
Arg4: c0883000
Debugging Details:
------------------
BUGCHECK_STR: 0x1a_41284
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
PROCESS_NAME: GtCC.exe
LAST_CONTROL_TRANSFER: from 80523309 to 804f9f33
STACK_TEXT:
b5fd3af4 80523309 0000001a 00041284 00136001 nt!_woutput+0x404
b5fd3b2c 80523b8f 000006ca 00136000 c0600000 nt!MiRemoveMappedPtes+0x88
b5fd3b60 80523fa8 c00009b0 00136000 00000000
nt!MiSessionCommitImagePages+0x198
b5fd3c28 805135b6 00000530 0018ffff 00000000 nt!MmAccessFault+0x17a
b5fd3c68 805d2706 01b6da18 88b93020 88b93268 nt!MiFlushDirtyBitsToPfn+0x57
b5fd3d08 805d28c8 00000000 88b93020 00000000 nt!IopRebalance+0x3e0
b5fd3d28 805d2aa3 88b93020 00000000 b5fd3d64 nt!NtPowerInformation+0x40f
b5fd3d54 8054161c 00000000 00000000 0006fed0 nt!WmipStartLogger+0xa
b5fd3d64 7c90e4f4 badb0d00 0006fddc 00000000 nt!RtlIpv4StringToAddressExW+0x9d
WARNING: Frame IP not in any known module. Following frames may be wrong.
b5fd3d78 00000000 00000000 00000000 00000000 0x7c90e4f4
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!_woutput+404
804f9f33 5d pop ebp
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!_woutput+404
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntoskrnl.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4802516a
FAILURE_BUCKET_ID: 0x1a_41284_nt!_woutput+404
BUCKET_ID: 0x1a_41284_nt!_woutput+404
Followup: MachineOwner
---------
2: kd> lmvm nt
start end module name
804d7000 806e4000 nt M (pdb symbols)
C:\WINDOWS\Symbols\exe\ntoskrnl.pdb
Loaded symbol image file: ntoskrnl.exe
Image path: ntoskrnl.exe
Image name: ntoskrnl.exe
Timestamp: Sun Apr 13 11:31:06 2008 (4802516A)
CheckSum: 001F442E
ImageSize: 0020D000
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
ERROR 1 INFO;
Event Type: Error
Event Source: System Error
Event Category: (102)
Event ID: 1003
Date: 7/22/2008
Time: 8:16:45 AM
User: N/A
Computer: STEPHEN-DE5B952
Description:
Error code 0000001a, parameter1 00041284, parameter2 00136001, parameter3
000006ca, parameter4 c0883000.
Data:
0000: 53 79 73 74 65 6d 20 45 System E
0008: 72 72 6f 72 20 20 45 72 rror Er
0010: 72 6f 72 20 63 6f 64 65 ror code
0018: 20 30 30 30 30 30 30 31 0000001
0020: 61 20 20 50 61 72 61 6d a Param
0028: 65 74 65 72 73 20 30 30 eters 00
0030: 30 34 31 32 38 34 2c 20 041284,
0038: 30 30 31 33 36 30 30 31 00136001
0040: 2c 20 30 30 30 30 30 36 , 000006
0048: 63 61 2c 20 63 30 38 38 ca, c088
0050: 33 30 30 30 3000
ERROR 1 DETAILS;
Product:
Windows Operating System
ID:
1003
Source:
System Error
Version:
5.2
Symbolic Name:
ER_KRNLCRASH_LOG
Message:
Error code %1, parameter1 %2, parameter2 %3, parameter3 %4, parameter4 %5.
SAVE DUMP 2 INFO;
Event Type: Information
Event Source: Save Dump
Event Category: None
Event ID: 1001
Date: 7/22/2008
Time: 4:15:30 PM
User: N/A
Computer: STEPHEN-DE5B952
Description:
The computer has rebooted from a bugcheck. The bugcheck was: 0x1000000a
(0x00000020, 0x00000002, 0x00000000, 0x805153db). A dump was saved in:
C:\WINDOWS\Minidump\Mini072208-02.dmp.
SAVEDUP 2 DETAILS;
Product:
Windows Operating System
ID:
1001
Source:
Save Dump
Version:
5.2
Symbolic Name:
EVENT_BUGCHECK_SAVED
Message:
The computer has rebooted from a bugcheck. The bugcheck was: %1. A dump was
saved in: %2.
DEBUG INFO FOR SAVEDUMP 2;
Loading Dump File [C:\WINDOWS\Minidump\Mini072208-02.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: C:\WINDOWS\Symbols
Executable search path is:
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 3) MP (4 procs) Free x86
compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720
Debug session time: Tue Jul 22 16:14:41.203 2008 (GMT-7)
System Uptime: 0 days 7:58:33.172
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Loading Kernel Symbols
...........
Loading User Symbols
Loading unloaded module list
..............
******
******
*
*
* Bugcheck Analysis
*
*
*
******
******
Use !analyze -v to get detailed debugging information.
BugCheck 1000000A, {20, 2, 0, 805153db}
Probably caused by : memory_corruption ( nt!MiInsertStandbyListAtFront+7 )
Followup: MachineOwner
---------
0: kd> !analyze -v
******
******
*
*
* Bugcheck Analysis
*
*
*
******
******
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 00000020, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on
chips which support this level of status)
Arg4: 805153db, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: 00000020
CURRENT_IRQL: 2
FAULTING_IP:
nt!MiInsertStandbyListAtFront+7
805153db 8b4320 mov eax,dword ptr [ebx+20h]
CUSTOMER_CRASH_COUNT: 2
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: System
LAST_CONTROL_TRANSFER: from 00000000 to 805153db
STACK_TEXT:
bacf7ac4 00000000 000004c0 88a44ca0 c5020000 nt!MiInsertStandbyListAtFront+0x7
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!MiInsertStandbyListAtFront+7
805153db 8b4320 mov eax,dword ptr [ebx+20h]
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!MiInsertStandbyListAtFront+7
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
DEBUG_FLR_IMAGE_TIMESTAMP: 4802516a
IMAGE_NAME: memory_corruption
FAILURE_BUCKET_ID: 0xA_nt!MiInsertStandbyListAtFront+7
BUCKET_ID: 0xA_nt!MiInsertStandbyListAtFront+7
Followup: MachineOwner
---------
0: kd> lmvm nt
start end module name
804d7000 806e4000 nt M (pdb symbols)
C:\WINDOWS\Symbols\exe\ntoskrnl.pdb
Loaded symbol image file: ntoskrnl.exe
Image path: ntoskrnl.exe
Image name: ntoskrnl.exe
Timestamp: Sun Apr 13 11:31:06 2008 (4802516A)
CheckSum: 001F442E
ImageSize: 0020D000
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
ERROR 2 INFO;
Event Type: Error
Event Source: System Error
Event Category: (102)
Event ID: 1003
Date: 7/22/2008
Time: 4:16:05 PM
User: N/A
Computer: STEPHEN-DE5B952
Description:
Error code 1000000a, parameter1 00000020, parameter2 00000002, parameter3
00000000, parameter4 805153db.
Data:
0000: 53 79 73 74 65 6d 20 45 System E
0008: 72 72 6f 72 20 20 45 72 rror Er
0010: 72 6f 72 20 63 6f 64 65 ror code
0018: 20 31 30 30 30 30 30 30 1000000
0020: 61 20 20 50 61 72 61 6d a Param
0028: 65 74 65 72 73 20 30 30 eters 00
0030: 30 30 30 30 32 30 2c 20 000020,
0038: 30 30 30 30 30 30 30 32 00000002
0040: 2c 20 30 30 30 30 30 30 , 000000
0048: 30 30 2c 20 38 30 35 31 00, 8051
0050: 35 33 64 62 53db
ERROR 2 DETAILS;
Product:
Windows Operating System
ID:
1003
Source:
System Error
Version:
5.2
Symbolic Name:
ER_KRNLCRASH_LOG
Message:
Error code %1, parameter1 %2, parameter2 %3, parameter3 %4, parameter4 %5.
SAVEDUMP 3 INFO;
Event Type: Information
Event Source: Save Dump
Event Category: None
Event ID: 1001
Date: 7/22/2008
Time: 7:01:57 PM
User: N/A
Computer: STEPHEN-DE5B952
Description:
The computer has rebooted from a bugcheck. The bugcheck was: 0x100000d1
(0x00000004, 0x00000002, 0x00000001, 0xb65e7625). A dump was saved in:
C:\WINDOWS\Minidump\Mini072208-03.dmp.
SAVEDUMP 3 DETAILS;
Product:
Windows Operating System
ID:
1001
Source:
Save Dump
Version:
5.2
Symbolic Name:
EVENT_BUGCHECK_SAVED
Message:
The computer has rebooted from a bugcheck. The bugcheck was: %1. A dump was
saved in: %2.
Currently there are no Microsoft Knowledge Base articles available for this
specific error or event message.
DEBUG INFO FOR SAVEDUMP 3;
Microsoft (R) Windows Debugger Version 6.9.0003.113 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\WINDOWS\Minidump\Mini072208-03.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: C:\WINDOWS\Symbols
Executable search path is:
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 3) MP (4 procs) Free x86
compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720
Debug session time: Tue Jul 22 19:01:11.453 2008 (GMT-7)
System Uptime: 0 days 2:46:00.076
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Loading Kernel Symbols
...............
Loading User Symbols
Loading unloaded module list
..................
Unable to load image afd.sys, Win32 error 0n2
******
******
*
*
* Bugcheck Analysis
*
*
*
*******
*******
Use !analyze -v to get detailed debugging information.
BugCheck 100000D1, {4, 2, 1, b65e7625}
Unable to load image msfwhlpr.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for msfwhlpr.sys
*** ERROR: Module load completed but symbols could not be loaded for
msfwhlpr.sys
*** WARNING: Unable to verify timestamp for tcpip.sys
Unable to load image TDI.SYS, Win32 error 0n2
*** WARNING: Unable to verify timestamp for TDI.SYS
Probably caused by : msfwhlpr.sys ( msfwhlpr+11922 )
Followup: MachineOwner
---------
1: kd> !analyze -v
******
******
*
*
* Bugcheck Analysis
*
*
*
******
******
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 00000004, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, value 0 = read operation, 1 = write operation
Arg4: b65e7625, address which referenced memory
Debugging Details:
------------------
WRITE_ADDRESS: 00000004
CURRENT_IRQL: 2
FAULTING_IP:
afd!AfdIndicatePollEventReal+d6
b65e7625 894804 mov dword ptr [eax+4],ecx
CUSTOMER_CRASH_COUNT: 3
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0xD1
PROCESS_NAME: System
LAST_CONTROL_TRANSFER: from b65f29fd to b65e7625
STACK_TEXT:
bad038cc b65f29fd 88c53640 00000001 00000000 afd!AfdIndicatePollEventReal+0xd6
bad03900 b66d4922 bad03a9c b66d4922 88c53640 afd!AfdPoll+0xe2
WARNING: Stack unwind information not available. Following frames may be
wrong.
bad039f4 b66d4b41 88cb3358 00000016 bad03aac msfwhlpr+0x11922
bad03a2c b665986c 88cb3358 00000016 bad03aac msfwhlpr+0x11b41
bad03ac8 b6663d35 88c44278 0100007f 00002504 tcpip!UDPDeliver+0x1be
bad03b20 b6658ef5 8a2abd50 0100007f 0100007f tcpip!TCPRcv+0xe41
bad03b80 b6658b19 00000020 8a2abd50 b6659592 tcpip!DeliverToUser+0x18e
bad03bfc b6658836 b66988f0 8a2abd50 bad03d18 tcpip!DeliverToUserEx+0x95e
bad03cb4 b6664ce6 8a2abd50 bad03d2c 00000009 tcpip!IPRcvPacket+0x6cb
bad03d60 babe83e4 b6698680 8a2abd50 b6698690 tcpip!TCPRcv+0x10fa
bad03d7c 8053876d 8a2abd50 00000000 8a535da8 TDI!CTEpEventHandler+0x32
bad03dac 805cff64 b6698680 00000000 00000000 nt!MiTrimPte+0x1ee
bad03ddc 805460de 8053867e 00000001 00000000 nt!IopQueryReconfiguration+0x17
bad03df8 00000000 00000000 00000000 00001f80 nt!ExpRemovePoolTracker+0x6b
STACK_COMMAND: kb
FOLLOWUP_IP:
msfwhlpr+11922
b66d4922 ?? ???
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: msfwhlpr+11922
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: msfwhlpr
IMAGE_NAME: msfwhlpr.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 474d104c
FAILURE_BUCKET_ID: 0xD1_W_msfwhlpr+11922
BUCKET_ID: 0xD1_W_msfwhlpr+11922
Followup: MachineOwner
---------
1: kd> lmvm msfwhlpr
start end module name
b66c3000 b66dd280 msfwhlpr T (no symbols)
Loaded symbol image file: msfwhlpr.sys
Image path: msfwhlpr.sys
Image name: msfwhlpr.sys
Timestamp: Tue Nov 27 22:53:00 2007 (474D104C)
CheckSum: 00029480
ImageSize: 0001A280
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
ERROR 3 INFO;
Event Type: Error
Event Source: System Error
Event Category: (102)
Event ID: 1003
Date: 7/22/2008
Time: 8:55:33 PM
User: N/A
Computer: STEPHEN-DE5B952
Description:
Error code 100000d1, parameter1 00000004, parameter2 00000002, parameter3
00000001, parameter4 b65e7625.
Data:
0000: 53 79 73 74 65 6d 20 45 System E
0008: 72 72 6f 72 20 20 45 72 rror Er
0010: 72 6f 72 20 63 6f 64 65 ror code
0018: 20 31 30 30 30 30 30 64 100000d
0020: 31 20 20 50 61 72 61 6d 1 Param
0028: 65 74 65 72 73 20 30 30 eters 00
0030: 30 30 30 30 30 34 2c 20 000004,
0038: 30 30 30 30 30 30 30 32 00000002
0040: 2c 20 30 30 30 30 30 30 , 000000
0048: 30 31 2c 20 62 36 35 65 01, b65e
0050: 37 36 32 35 7625
ERROR 3 DETAILS;
Product:
Windows Operating System
ID:
1003
Source:
System Error
Version:
5.2
Symbolic Name:
ER_KRNLCRASH_LOG
Message:
Error code %1, parameter1 %2, parameter2 %3, parameter3 %4, parameter4 %5.
SAVE DUMP 4 INFO;
Event Type: Information
Event Source: Save Dump
Event Category: None
Event ID: 1001
Date: 7/24/2008
Time: 9:59:56 PM
User: N/A
Computer: STEPHEN-DE5B952
Description:
The computer has rebooted from a bugcheck. The bugcheck was: 0x000000c1
(0x8bb6ee28, 0x8bb6e7b6, 0x00d101d8, 0x00000023). A dump was saved in:
C:\WINDOWS\Minidump\Mini072408-01.dmp.
DEBUG INFO;
Loading Dump File [C:\WINDOWS\Minidump\Mini072408-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: C:\WINDOWS\Symbols
Executable search path is:
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 3) MP (4 procs) Free x86
compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720
Debug session time: Thu Jul 24 21:43:09.953 2008 (GMT-7)
System Uptime: 0 days 14:24:45.922
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Loading Kernel Symbols
..............
Loading User Symbols
Loading unloaded module list
...................
******
******
*
*
* Bugcheck Analysis
*
*
*
******
******
Use !analyze -v to get detailed debugging information.
BugCheck C1, {8bb6ee28, 8bb6e7b6, d101d8, 23}
Probably caused by : ntoskrnl.exe ( nt!_woutput+404 )
Followup: MachineOwner
---------
3: kd> !analyze -v
******
******
*
*
* Bugcheck Analysis
*
*
*
******
******
SPECIAL_POOL_DETECTED_MEMORY_CORRUPTION (c1)
Special pool has detected memory corruption. Typically the current thread's
stack backtrace will reveal the guilty party.
Arguments:
Arg1: 8bb6ee28, address trying to free
Arg2: 8bb6e7b6, address where bits are corrupted
Arg3: 00d101d8, (reserved)
Arg4: 00000023, caller is freeing an address where nearby bytes within the
same page have been corrupted
Debugging Details:
------------------
BUGCHECK_STR: 0xC1_23
SPECIAL_POOL_CORRUPTION_TYPE: 23
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
PROCESS_NAME: winlogon.exe
LAST_CONTROL_TRANSFER: from 8066dd94 to 804f9f33
STACK_TEXT:
b70f7804 8066dd94 000000c1 8bb6ee28 8bb6e7b6 nt!_woutput+0x404
b70f7850 8054b32a 8bb6ee28 b70f78d3 88b3beb8 nt!VerifierKeAcquireSpinLock+0x24
b70f7890 8065f1f6 8bb6ee28 00000000 8065f391
nt!MiReserveAlignedSystemPtes+0x122
b70f78b8 80658071 00000000 8bb6ee28 b70f791c nt!MiPhysicalViewInserter+0x33
b70f78c8 804f4e35 8bb6ee28 8bb6ee68 899a25c8 nt!HvRefreshHive+0x419
b70f791c 804ff843 8bb6ee68 b70f7968 b70f795c nt!CcPurgeCacheSection+0x62
b70f796c 80503854 00000000 00000000 00000000 nt!CcPerformReadAhead+0x155
b70f79bc 805c0a37 00000040 b70f7bf0 00000001 nt!WmipEnterCritSection+0x1e
b70f7d48 8054161c 00000040 00eb6e60 00000001 nt!IopDriverLoadingFailed+0x4bf
b70f7d64 7c90e4f4 badb0d00 00d2ff54 00000000 nt!RtlIpv4StringToAddressExW+0x9d
WARNING: Frame IP not in any known module. Following frames may be wrong.
b70f7d78 00000000 00000000 00000000 00000000 0x7c90e4f4
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!_woutput+404
804f9f33 5d pop ebp
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!_woutput+404
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntoskrnl.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4802516a
FAILURE_BUCKET_ID: 0xC1_23_nt!_woutput+404
BUCKET_ID: 0xC1_23_nt!_woutput+404
Followup: MachineOwner
---------
3: kd> lmvm nt
start end module name
804d7000 806e4000 nt M (pdb symbols)
C:\WINDOWS\Symbols\exe\ntoskrnl.pdb
Loaded symbol image file: ntoskrnl.exe
Image path: ntoskrnl.exe
Image name: ntoskrnl.exe
Timestamp: Sun Apr 13 11:31:06 2008 (4802516A)
CheckSum: 001F442E
ImageSize: 0020D000
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
SAVE DUMP 5 INFO;
Event Type: Information
Event Source: Save Dump
Event Category: None
Event ID: 1001
Date: 7/25/2008
Time: 8:32:32 AM
User: N/A
Computer: STEPHEN-DE5B952
Description:
The computer has rebooted from a bugcheck.
The bugcheck was: 0x000000c1 (0x8a9d4f00, 0x8a9d412e, 0x00a90100,
0x00000023). A dump was saved in: C:\WINDOWS\Minidump\Mini072508-01.dmp.
DETAILS;
Product:
Windows Operating System
ID:
1001
Source:
Save Dump
Version:
5.2
Symbolic Name:
EVENT_BUGCHECK_SAVED
Message:
The computer has rebooted from a bugcheck. The bugcheck was: %1. A dump was
saved in: %2.
BUGCHECK INFO;
Loading Dump File [C:\WINDOWS\Minidump\Mini072508-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: C:\WINDOWS\Symbols
Executable search path is:
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 3) MP (4 procs) Free x86
compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720
Debug session time: Fri Jul 25 07:55:33.031 2008 (GMT-7)
System Uptime: 0 days 9:13:19.626
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Loading Kernel Symbols
.................
Loading User Symbols
Loading unloaded module list
............
******
******
*
*
* Bugcheck Analysis
*
*
*
*****
******
Use !analyze -v to get detailed debugging information.
BugCheck C1, {8a9d4f00, 8a9d412e, a90100, 23}
Probably caused by : ntoskrnl.exe ( nt!_woutput+404 )
Followup: MachineOwner
---------
1: kd> !analyze -v
**************
**************
*
*
* Bugcheck Analysis
*
*
*
********
********
SPECIAL_POOL_DETECTED_MEMORY_CORRUPTION (c1)
Special pool has detected memory corruption. Typically the current thread's
stack backtrace will reveal the guilty party.
Arguments:
Arg1: 8a9d4f00, address trying to free
Arg2: 8a9d412e, address where bits are corrupted
Arg3: 00a90100, (reserved)
Arg4: 00000023, caller is freeing an address where nearby bytes within the
same page have been corrupted
Debugging Details:
------------------
BUGCHECK_STR: 0xC1_23
SPECIAL_POOL_CORRUPTION_TYPE: 23
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
PROCESS_NAME: winss.exe
LAST_CONTROL_TRANSFER: from 8066dd94 to 804f9f33
STACK_TEXT:
b66b6b44 8066dd94 000000c1 8a9d4f00 8a9d412e nt!_woutput+0x404
b66b6b90 8054b32a 8a9d4f00 b66b6c13 884b4008 nt!VerifierKeAcquireSpinLock+0x24
b66b6bd0 8065f1f6 8a9d4f00 00000000 8065f391
nt!MiReserveAlignedSystemPtes+0x122
b66b6bf8 80658071 00000000 8a9d4f00 b66b6c5c nt!MiPhysicalViewInserter+0x33
b66b6c08 804f4e35 8a9d4f00 8a9d4f40 88dbf598 nt!HvRefreshHive+0x419
b66b6c5c 804ff843 8a9d4f40 b66b6ca8 b66b6c9c nt!CcPurgeCacheSection+0x62
b66b6cac 80503854 00000000 00000000 00000000 nt!CcPerformReadAhead+0x155
b66b6cec 805c0750 00000001 00000006 01c8ee01 nt!WmipEnterCritSection+0x1e
b66b6d50 8054161c 00000c98 00000001 b66b6d1c nt!IoAssignDriveLetters+0x8c9
b66b6d64 7c90e4f4 badb0d00 0550fad8 b66b6d98 nt!RtlIpv4StringToAddressExW+0x9d
WARNING: Frame IP not in any known module. Following frames may be wrong.
b66b6d78 00000000 00000000 00000000 00000000 0x7c90e4f4
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!_woutput+404
804f9f33 5d pop ebp
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!_woutput+404
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntoskrnl.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4802516a
FAILURE_BUCKET_ID: 0xC1_23_nt!_woutput+404
BUCKET_ID: 0xC1_23_nt!_woutput+404
Followup: MachineOwner
---------
1: kd> lmvm nt
start end module name
804d7000 806e4000 nt M (pdb symbols)
C:\WINDOWS\Symbols\exe\ntoskrnl.pdb
Loaded symbol image file: ntoskrnl.exe
Image path: ntoskrnl.exe
Image name: ntoskrnl.exe
Timestamp: Sun Apr 13 11:31:06 2008 (4802516A)
CheckSum: 001F442E
ImageSize: 0020D000
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
ERROR 4 DETAILS;
Event Type: Error
Event Source: System Error
Event Category: (102)
Event ID: 1003
Date: 7/25/2008
Time: 8:33:16 AM
User: N/A
Computer: STEPHEN-DE5B952
Description:
Error code 000000c1, parameter1 8a9d4f00, parameter2 8a9d412e, parameter3
00a90100, parameter4 00000023.
Data:
0000: 53 79 73 74 65 6d 20 45 System E
0008: 72 72 6f 72 20 20 45 72 rror Er
0010: 72 6f 72 20 63 6f 64 65 ror code
0018: 20 30 30 30 30 30 30 63 000000c
0020: 31 20 20 50 61 72 61 6d 1 Param
0028: 65 74 65 72 73 20 38 61 eters 8a
0030: 39 64 34 66 30 30 2c 20 9d4f00,
0038: 38 61 39 64 34 31 32 65 8a9d412e
0040: 2c 20 30 30 61 39 30 31 , 00a901
0048: 30 30 2c 20 30 30 30 30 00, 0000
0050: 30 30 32 33 0023
Details
Product:
Windows Operating System
ID:
1003
Source:
System Error
Version:
5.2
Symbolic Name:
ER_KRNLCRASH_LOG
Message:
Error code %1, parameter1 %2, parameter2 %3, parameter3 %4, parameter4 %5.
--
Ross McLaughlin
koolaid_51 at yahoo