blue screen of death

J

jethro66

New Member
Hey gang first time poster,lurker,been having crashes the last few days and been ready to threow in the towel and do a comlete restore.. can anyone help?
 

Attachments

My Computer

System One

  • Manufacturer/Model
    hp.pavillion dv9634ca
jethro66 said:
Hey gang first time poster,lurker,been having crashes the last few days and been ready to threow in the towel and do a comlete restore.. can anyone help?
Click to expand...

Post the .dmp files in C:\Windows or C:\Minidump in a .zip file or take a look at the guide in my sig, assuming you can boot Windows. The first I would do is get rid of Magic ISO. Virtual drives can cause all sorts of problems.
 

My Computer

System One

  • Manufacturer/Model
    Sony Vaio Z46GDU
    CPU
    [email protected] w/6MB L2 cache 1066MHz FSB
    Memory
    6GB DDR3 1066MHz SDRAM
    Graphics card(s)
    9300M GS 256MB + Intel Integrated 4500MHD
    Monitor(s) Displays
    13.1" WXGA True Colour Tough
    Screen Resolution
    1600x900
    Hard Drives
    320GB SATA 7200RPM
    Internet Speed
    1MB/s
Jethro

If you are really having blue screens. they look like a blue screen with stop and a series of numbers on it you can search for the dump iles *.dmp. Is your system 32 bit?

Ken

BTW when you save a sysinfo, culd you save it as an *.nfo file instead of text. its easier for the ppl reading it

thanks
 

My Computer

System One

  • Manufacturer/Model
    Dell Inspiron E 1405
    CPU
    [email protected]
    Memory
    4 gigs
    Graphics card(s)
    integrated intel 945
    Sound Card
    integrated
    Screen Resolution
    1440x900
    Hard Drives
    300 gig internal
    Internet Speed
    10 down 1.5 up
Yes I'm having the blue screen of death and Im trying to acces the file but a note pad comes up and it says acess denied.Im the admin?:confused:
 

My Computer

System One

  • Manufacturer/Model
    hp.pavillion dv9634ca
jethro66 said:
Yes I'm having the blue screen of death and Im trying to acces the file but a note pad comes up and it says acess denied.Im the admin?:confused:
Click to expand...

what folder is it in? who own that folder? to find owner right-click folder and goto properties.'

Ken
 

My Computer

System One

  • Manufacturer/Model
    Dell Inspiron E 1405
    CPU
    [email protected]
    Memory
    4 gigs
    Graphics card(s)
    integrated intel 945
    Sound Card
    integrated
    Screen Resolution
    1440x900
    Hard Drives
    300 gig internal
    Internet Speed
    10 down 1.5 up
Code: 
Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini091509-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*C:\symbolfiles*[URL="http://msdl.microsoft.com/download/symbols"]Symbol information[/URL]
Executable search path is: 
Windows Server 2008/Windows Vista Kernel Version 6002 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 6002.18005.x86fre.lh_sp2rtm.090410-1830
Machine Name:
Kernel base = 0x82446000 PsLoadedModuleList = 0x8255dc70
Debug session time: Tue Sep 15 10:43:08.524 2009 (GMT-4)
System Uptime: 0 days 15:41:39.554
Loading Kernel Symbols
...............................................................
................................................................
...........................
Loading User Symbols
Loading unloaded module list
..........
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck A, {f0ea534b, 2, 0, 824789ce}

Probably caused by : ntkrpamp.exe ( nt!ExpScanGeneralLookasideList+22 )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: f0ea534b, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, bitfield :
    bit 0 : value 0 = read operation, 1 = write operation
    bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: 824789ce, address which referenced memory

Debugging Details:
------------------


READ_ADDRESS: GetPointerFromAddress: unable to read from 8257d868
Unable to read MiSystemVaType memory at 8255d420
 f0ea534b 

CURRENT_IRQL:  2

FAULTING_IP: 
nt!ExpScanGeneralLookasideList+22
824789ce 8b51e0          mov     edx,dword ptr [ecx-20h]

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0xA

PROCESS_NAME:  System

TRAP_FRAME:  8918fc4c -- (.trap 0xffffffff8918fc4c)
ErrCode = 00000000
eax=00000001 ebx=00009b4b ecx=f0ea536b edx=00000001 esi=f0a6a7b6 edi=00000c21
eip=824789ce esp=8918fcc0 ebp=8918fcd0 iopl=0         nv up ei pl nz na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010206
nt!ExpScanGeneralLookasideList+0x22:
824789ce 8b51e0          mov     edx,dword ptr [ecx-20h] ds:0023:f0ea534b=????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from 824789ce to 82493fb9

STACK_TEXT:  
8918fc4c 824789ce badb0d00 00000001 00000000 nt!KiTrap0E+0x2e1
8918fcd0 8247ac0e 82548208 82548200 00000000 nt!ExpScanGeneralLookasideList+0x22
8918fd7c 8261bc42 00000000 76a0bde5 00000000 nt!KeBalanceSetManager+0x110
8918fdc0 82484efe 8247aafe 00000000 00000000 nt!PspSystemThreadStartup+0x9d
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt!ExpScanGeneralLookasideList+22
824789ce 8b51e0          mov     edx,dword ptr [ecx-20h]

SYMBOL_STACK_INDEX:  1

SYMBOL_NAME:  nt!ExpScanGeneralLookasideList+22

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrpamp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  49e0199e

FAILURE_BUCKET_ID:  0xA_nt!ExpScanGeneralLookasideList+22

BUCKET_ID:  0xA_nt!ExpScanGeneralLookasideList+22

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: f0ea534b, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, bitfield :
    bit 0 : value 0 = read operation, 1 = write operation
    bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: 824789ce, address which referenced memory

Debugging Details:
------------------


READ_ADDRESS: GetPointerFromAddress: unable to read from 8257d868
Unable to read MiSystemVaType memory at 8255d420
 f0ea534b 

CURRENT_IRQL:  2

FAULTING_IP: 
nt!ExpScanGeneralLookasideList+22
824789ce 8b51e0          mov     edx,dword ptr [ecx-20h]

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0xA

PROCESS_NAME:  System

TRAP_FRAME:  8918fc4c -- (.trap 0xffffffff8918fc4c)
ErrCode = 00000000
eax=00000001 ebx=00009b4b ecx=f0ea536b edx=00000001 esi=f0a6a7b6 edi=00000c21
eip=824789ce esp=8918fcc0 ebp=8918fcd0 iopl=0         nv up ei pl nz na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010206
nt!ExpScanGeneralLookasideList+0x22:
824789ce 8b51e0          mov     edx,dword ptr [ecx-20h] ds:0023:f0ea534b=????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from 824789ce to 82493fb9

STACK_TEXT:  
8918fc4c 824789ce badb0d00 00000001 00000000 nt!KiTrap0E+0x2e1
8918fcd0 8247ac0e 82548208 82548200 00000000 nt!ExpScanGeneralLookasideList+0x22
8918fd7c 8261bc42 00000000 76a0bde5 00000000 nt!KeBalanceSetManager+0x110
8918fdc0 82484efe 8247aafe 00000000 00000000 nt!PspSystemThreadStartup+0x9d
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt!ExpScanGeneralLookasideList+22
824789ce 8b51e0          mov     edx,dword ptr [ecx-20h]

SYMBOL_STACK_INDEX:  1

SYMBOL_NAME:  nt!ExpScanGeneralLookasideList+22

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrpamp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  49e0199e

FAILURE_BUCKET_ID:  0xA_nt!ExpScanGeneralLookasideList+22

BUCKET_ID:  0xA_nt!ExpScanGeneralLookasideList+22

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: f0ea534b, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, bitfield :
    bit 0 : value 0 = read operation, 1 = write operation
    bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: 824789ce, address which referenced memory

Debugging Details:
------------------


READ_ADDRESS: GetPointerFromAddress: unable to read from 8257d868
Unable to read MiSystemVaType memory at 8255d420
 f0ea534b 

CURRENT_IRQL:  2

FAULTING_IP: 
nt!ExpScanGeneralLookasideList+22
824789ce 8b51e0          mov     edx,dword ptr [ecx-20h]

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0xA

PROCESS_NAME:  System

TRAP_FRAME:  8918fc4c -- (.trap 0xffffffff8918fc4c)
ErrCode = 00000000
eax=00000001 ebx=00009b4b ecx=f0ea536b edx=00000001 esi=f0a6a7b6 edi=00000c21
eip=824789ce esp=8918fcc0 ebp=8918fcd0 iopl=0         nv up ei pl nz na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010206
nt!ExpScanGeneralLookasideList+0x22:
824789ce 8b51e0          mov     edx,dword ptr [ecx-20h] ds:0023:f0ea534b=????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from 824789ce to 82493fb9

STACK_TEXT:  
8918fc4c 824789ce badb0d00 00000001 00000000 nt!KiTrap0E+0x2e1
8918fcd0 8247ac0e 82548208 82548200 00000000 nt!ExpScanGeneralLookasideList+0x22
8918fd7c 8261bc42 00000000 76a0bde5 00000000 nt!KeBalanceSetManager+0x110
8918fdc0 82484efe 8247aafe 00000000 00000000 nt!PspSystemThreadStartup+0x9d
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt!ExpScanGeneralLookasideList+22
824789ce 8b51e0          mov     edx,dword ptr [ecx-20h]

SYMBOL_STACK_INDEX:  1

SYMBOL_NAME:  nt!ExpScanGeneralLookasideList+22

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrpamp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  49e0199e

FAILURE_BUCKET_ID:  0xA_nt!ExpScanGeneralLookasideList+22

BUCKET_ID:  0xA_nt!ExpScanGeneralLookasideList+22

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: f0ea534b, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, bitfield :
    bit 0 : value 0 = read operation, 1 = write operation
    bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: 824789ce, address which referenced memory

Debugging Details:
------------------


READ_ADDRESS: GetPointerFromAddress: unable to read from 8257d868
Unable to read MiSystemVaType memory at 8255d420
 f0ea534b 

CURRENT_IRQL:  2

FAULTING_IP: 
nt!ExpScanGeneralLookasideList+22
824789ce 8b51e0          mov     edx,dword ptr [ecx-20h]

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0xA

PROCESS_NAME:  System

TRAP_FRAME:  8918fc4c -- (.trap 0xffffffff8918fc4c)
ErrCode = 00000000
eax=00000001 ebx=00009b4b ecx=f0ea536b edx=00000001 esi=f0a6a7b6 edi=00000c21
eip=824789ce esp=8918fcc0 ebp=8918fcd0 iopl=0         nv up ei pl nz na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010206
nt!ExpScanGeneralLookasideList+0x22:
824789ce 8b51e0          mov     edx,dword ptr [ecx-20h] ds:0023:f0ea534b=????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from 824789ce to 82493fb9

STACK_TEXT:  
8918fc4c 824789ce badb0d00 00000001 00000000 nt!KiTrap0E+0x2e1
8918fcd0 8247ac0e 82548208 82548200 00000000 nt!ExpScanGeneralLookasideList+0x22
8918fd7c 8261bc42 00000000 76a0bde5 00000000 nt!KeBalanceSetManager+0x110
8918fdc0 82484efe 8247aafe 00000000 00000000 nt!PspSystemThreadStartup+0x9d
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt!ExpScanGeneralLookasideList+22
824789ce 8b51e0          mov     edx,dword ptr [ecx-20h]

SYMBOL_STACK_INDEX:  1

SYMBOL_NAME:  nt!ExpScanGeneralLookasideList+22

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrpamp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  49e0199e

FAILURE_BUCKET_ID:  0xA_nt!ExpScanGeneralLookasideList+22

BUCKET_ID:  0xA_nt!ExpScanGeneralLookasideList+22

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: f0ea534b, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, bitfield :
    bit 0 : value 0 = read operation, 1 = write operation
    bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: 824789ce, address which referenced memory

Debugging Details:
------------------


READ_ADDRESS: GetPointerFromAddress: unable to read from 8257d868
Unable to read MiSystemVaType memory at 8255d420
 f0ea534b 

CURRENT_IRQL:  2

FAULTING_IP: 
nt!ExpScanGeneralLookasideList+22
824789ce 8b51e0          mov     edx,dword ptr [ecx-20h]

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0xA

PROCESS_NAME:  System

TRAP_FRAME:  8918fc4c -- (.trap 0xffffffff8918fc4c)
ErrCode = 00000000
eax=00000001 ebx=00009b4b ecx=f0ea536b edx=00000001 esi=f0a6a7b6 edi=00000c21
eip=824789ce esp=8918fcc0 ebp=8918fcd0 iopl=0         nv up ei pl nz na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010206
nt!ExpScanGeneralLookasideList+0x22:
824789ce 8b51e0          mov     edx,dword ptr [ecx-20h] ds:0023:f0ea534b=????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from 824789ce to 82493fb9

STACK_TEXT:  
8918fc4c 824789ce badb0d00 00000001 00000000 nt!KiTrap0E+0x2e1
8918fcd0 8247ac0e 82548208 82548200 00000000 nt!ExpScanGeneralLookasideList+0x22
8918fd7c 8261bc42 00000000 76a0bde5 00000000 nt!KeBalanceSetManager+0x110
8918fdc0 82484efe 8247aafe 00000000 00000000 nt!PspSystemThreadStartup+0x9d
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt!ExpScanGeneralLookasideList+22
824789ce 8b51e0          mov     edx,dword ptr [ecx-20h]

SYMBOL_STACK_INDEX:  1

SYMBOL_NAME:  nt!ExpScanGeneralLookasideList+22

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrpamp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  49e0199e

FAILURE_BUCKET_ID:  0xA_nt!ExpScanGeneralLookasideList+22

BUCKET_ID:  0xA_nt!ExpScanGeneralLookasideList+22

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: f0ea534b, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, bitfield :
    bit 0 : value 0 = read operation, 1 = write operation
    bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: 824789ce, address which referenced memory

Debugging Details:
------------------


READ_ADDRESS: GetPointerFromAddress: unable to read from 8257d868
Unable to read MiSystemVaType memory at 8255d420
 f0ea534b 

CURRENT_IRQL:  2

FAULTING_IP: 
nt!ExpScanGeneralLookasideList+22
824789ce 8b51e0          mov     edx,dword ptr [ecx-20h]

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0xA

PROCESS_NAME:  System

TRAP_FRAME:  8918fc4c -- (.trap 0xffffffff8918fc4c)
ErrCode = 00000000
eax=00000001 ebx=00009b4b ecx=f0ea536b edx=00000001 esi=f0a6a7b6 edi=00000c21
eip=824789ce esp=8918fcc0 ebp=8918fcd0 iopl=0         nv up ei pl nz na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010206
nt!ExpScanGeneralLookasideList+0x22:
824789ce 8b51e0          mov     edx,dword ptr [ecx-20h] ds:0023:f0ea534b=????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from 824789ce to 82493fb9

STACK_TEXT:  
8918fc4c 824789ce badb0d00 00000001 00000000 nt!KiTrap0E+0x2e1
8918fcd0 8247ac0e 82548208 82548200 00000000 nt!ExpScanGeneralLookasideList+0x22
8918fd7c 8261bc42 00000000 76a0bde5 00000000 nt!KeBalanceSetManager+0x110
8918fdc0 82484efe 8247aafe 00000000 00000000 nt!PspSystemThreadStartup+0x9d
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt!ExpScanGeneralLookasideList+22
824789ce 8b51e0          mov     edx,dword ptr [ecx-20h]

SYMBOL_STACK_INDEX:  1

SYMBOL_NAME:  nt!ExpScanGeneralLookasideList+22

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrpamp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  49e0199e

FAILURE_BUCKET_ID:  0xA_nt!ExpScanGeneralLookasideList+22

BUCKET_ID:  0xA_nt!ExpScanGeneralLookasideList+22

Followup: MachineOwner
---------
 

My Computer

System One

  • Manufacturer/Model
    hp.pavillion dv9634ca
Can you repro this crash somehow or is it random as far as you're concerned?

The likely cause at this point is a memory-corruptor driver. Presumably it would be something you installed recently like a new firewall, updated AV scan engine, new video driver... anything with a kernel-mode driver which wasn't there before, at least in its current form.

The output of the 'lmt' command from one of those dumps would be useful.
 

My Computer

System One

Heres a other result from recent crash..

Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini091509-02.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*C:\symbolfiles*Symbol information
Executable search path is:
Windows Server 2008/Windows Vista Kernel Version 6002 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 6002.18005.x86fre.lh_sp2rtm.090410-1830
Machine Name:
Kernel base = 0x82402000 PsLoadedModuleList = 0x82519c70
Debug session time: Tue Sep 15 11:21:48.313 2009 (GMT-4)
System Uptime: 0 days 0:37:30.225
Loading Kernel Symbols
...............................................................
................................................................
...........................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck D1, {73626e42, 2, 1, 8fd92ea7}

Unable to load image \SystemRoot\system32\DRIVERS\Rtlh86.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for Rtlh86.sys
*** ERROR: Module load completed but symbols could not be loaded for Rtlh86.sys
Probably caused by : Rtlh86.sys ( Rtlh86+9ea7 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 73626e42, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, value 0 = read operation, 1 = write operation
Arg4: 8fd92ea7, address which referenced memory

Debugging Details:
------------------


WRITE_ADDRESS: GetPointerFromAddress: unable to read from 82539868
Unable to read MiSystemVaType memory at 82519420
73626e42

CURRENT_IRQL: 2

FAULTING_IP:
Rtlh86+9ea7
8fd92ea7 ?? ???

CUSTOMER_CRASH_COUNT: 2

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

BUGCHECK_STR: 0xD1

PROCESS_NAME: avp.exe

TRAP_FRAME: 8059de68 -- (.trap 0xffffffff8059de68)
ErrCode = 00000002
eax=0000003c ebx=00000000 ecx=73626e36 edx=0000000d esi=877360c8 edi=87942000
eip=8fd92ea7 esp=8059dedc ebp=8059df24 iopl=0 nv up ei ng nz ac pe cy
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010297
Rtlh86+0x9ea7:
8fd92ea7 ?? ???
Resetting default scope

LAST_CONTROL_TRANSFER: from 8fd92ea7 to 8244ffb9

STACK_TEXT:
8059de68 8fd92ea7 badb0d00 0000000d 8059de88 nt!KiTrap0E+0x2e1
WARNING: Stack unwind information not available. Following frames may be wrong.
8059ded8 00000000 87942512 87942000 00000001 Rtlh86+0x9ea7


STACK_COMMAND: kb

FOLLOWUP_IP:
Rtlh86+9ea7
8fd92ea7 ?? ???

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: Rtlh86+9ea7

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: Rtlh86

IMAGE_NAME: Rtlh86.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 45ec1b12

FAILURE_BUCKET_ID: 0xD1_Rtlh86+9ea7

BUCKET_ID: 0xD1_Rtlh86+9ea7

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 73626e42, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, value 0 = read operation, 1 = write operation
Arg4: 8fd92ea7, address which referenced memory

Debugging Details:
------------------


WRITE_ADDRESS: GetPointerFromAddress: unable to read from 82539868
Unable to read MiSystemVaType memory at 82519420
73626e42

CURRENT_IRQL: 2

FAULTING_IP:
Rtlh86+9ea7
8fd92ea7 ?? ???

CUSTOMER_CRASH_COUNT: 2

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

BUGCHECK_STR: 0xD1

PROCESS_NAME: avp.exe

TRAP_FRAME: 8059de68 -- (.trap 0xffffffff8059de68)
ErrCode = 00000002
eax=0000003c ebx=00000000 ecx=73626e36 edx=0000000d esi=877360c8 edi=87942000
eip=8fd92ea7 esp=8059dedc ebp=8059df24 iopl=0 nv up ei ng nz ac pe cy
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010297
Rtlh86+0x9ea7:
8fd92ea7 ?? ???
Resetting default scope

LAST_CONTROL_TRANSFER: from 8fd92ea7 to 8244ffb9

STACK_TEXT:
8059de68 8fd92ea7 badb0d00 0000000d 8059de88 nt!KiTrap0E+0x2e1
WARNING: Stack unwind information not available. Following frames may be wrong.
8059ded8 00000000 87942512 87942000 00000001 Rtlh86+0x9ea7


STACK_COMMAND: kb

FOLLOWUP_IP:
Rtlh86+9ea7
8fd92ea7 ?? ???

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: Rtlh86+9ea7

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: Rtlh86

IMAGE_NAME: Rtlh86.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 45ec1b12

FAILURE_BUCKET_ID: 0xD1_Rtlh86+9ea7

BUCKET_ID: 0xD1_Rtlh86+9ea7

Followup: MachineOwner
---------

0: kd> .trap 0xffffffff8059de68
ErrCode = 00000002
eax=0000003c ebx=00000000 ecx=73626e36 edx=0000000d esi=877360c8 edi=87942000
eip=8fd92ea7 esp=8059dedc ebp=8059df24 iopl=0 nv up ei ng nz ac pe cy
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010297
Rtlh86+0x9ea7:
8fd92ea7 ?? ???
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 73626e42, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, value 0 = read operation, 1 = write operation
Arg4: 8fd92ea7, address which referenced memory

Debugging Details:
------------------


WRITE_ADDRESS: GetPointerFromAddress: unable to read from 82539868
Unable to read MiSystemVaType memory at 82519420
73626e42

CURRENT_IRQL: 2

FAULTING_IP:
Rtlh86+9ea7
8fd92ea7 ?? ???

CUSTOMER_CRASH_COUNT: 2

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

BUGCHECK_STR: 0xD1

PROCESS_NAME: avp.exe

TRAP_FRAME: 8059de68 -- (.trap 0xffffffff8059de68)
ErrCode = 00000002
eax=0000003c ebx=00000000 ecx=73626e36 edx=0000000d esi=877360c8 edi=87942000
eip=8fd92ea7 esp=8059dedc ebp=8059df24 iopl=0 nv up ei ng nz ac pe cy
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010297
Rtlh86+0x9ea7:
8fd92ea7 ?? ???
Resetting default scope

LAST_CONTROL_TRANSFER: from 8fd92ea7 to 8244ffb9

STACK_TEXT:
8059de68 8fd92ea7 badb0d00 0000000d 8059de88 nt!KiTrap0E+0x2e1
WARNING: Stack unwind information not available. Following frames may be wrong.
8059ded8 00000000 87942512 87942000 00000001 Rtlh86+0x9ea7


STACK_COMMAND: kb

FOLLOWUP_IP:
Rtlh86+9ea7
8fd92ea7 ?? ???

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: Rtlh86+9ea7

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: Rtlh86

IMAGE_NAME: Rtlh86.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 45ec1b12

FAILURE_BUCKET_ID: 0xD1_Rtlh86+9ea7

BUCKET_ID: 0xD1_Rtlh86+9ea7

Followup: MachineOwner
---------
 

My Computer

System One

  • Manufacturer/Model
    hp.pavillion dv9634ca
jethro

Are you just running the debugger on the server? If you have a debugger then you know the faulting file is ntkrpamp.exe

One thing about the dmp is I cant see the dates on the drivers, and sine it appears there is more than one dump I cant run them seperately. we have a user who is expert at debugging and likes doing it. He is also a MS MVP. I would like him to look at this so I am PM'ing him the link to this thread

ken
 

My Computer

System One

  • Manufacturer/Model
    Dell Inspiron E 1405
    CPU
    [email protected]
    Memory
    4 gigs
    Graphics card(s)
    integrated intel 945
    Sound Card
    integrated
    Screen Resolution
    1440x900
    Hard Drives
    300 gig internal
    Internet Speed
    10 down 1.5 up
Code: 
Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini091509-02.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*C:\symbolfiles*[URL="http://msdl.microsoft.com/download/symbols"]Symbol information[/URL]
Executable search path is: 
Windows Server 2008/Windows Vista Kernel Version 6002 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 6002.18005.x86fre.lh_sp2rtm.090410-1830
Machine Name:
Kernel base = 0x82402000 PsLoadedModuleList = 0x82519c70
Debug session time: Tue Sep 15 11:21:48.313 2009 (GMT-4)
System Uptime: 0 days 0:37:30.225
Loading Kernel Symbols
...............................................................
................................................................
...........................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck D1, {73626e42, 2, 1, 8fd92ea7}

Unable to load image \SystemRoot\system32\DRIVERS\Rtlh86.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for Rtlh86.sys
*** ERROR: Module load completed but symbols could not be loaded for Rtlh86.sys
Probably caused by : Rtlh86.sys ( Rtlh86+9ea7 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 73626e42, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, value 0 = read operation, 1 = write operation
Arg4: 8fd92ea7, address which referenced memory

Debugging Details:
------------------


WRITE_ADDRESS: GetPointerFromAddress: unable to read from 82539868
Unable to read MiSystemVaType memory at 82519420
 73626e42 

CURRENT_IRQL:  2

FAULTING_IP: 
Rtlh86+9ea7
8fd92ea7 ??              ???

CUSTOMER_CRASH_COUNT:  2

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0xD1

PROCESS_NAME:  avp.exe

TRAP_FRAME:  8059de68 -- (.trap 0xffffffff8059de68)
ErrCode = 00000002
eax=0000003c ebx=00000000 ecx=73626e36 edx=0000000d esi=877360c8 edi=87942000
eip=8fd92ea7 esp=8059dedc ebp=8059df24 iopl=0         nv up ei ng nz ac pe cy
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010297
Rtlh86+0x9ea7:
8fd92ea7 ??              ???
Resetting default scope

LAST_CONTROL_TRANSFER:  from 8fd92ea7 to 8244ffb9

STACK_TEXT:  
8059de68 8fd92ea7 badb0d00 0000000d 8059de88 nt!KiTrap0E+0x2e1
WARNING: Stack unwind information not available. Following frames may be wrong.
8059ded8 00000000 87942512 87942000 00000001 Rtlh86+0x9ea7


STACK_COMMAND:  kb

FOLLOWUP_IP: 
Rtlh86+9ea7
8fd92ea7 ??              ???

SYMBOL_STACK_INDEX:  1

SYMBOL_NAME:  Rtlh86+9ea7

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: Rtlh86

IMAGE_NAME:  Rtlh86.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  45ec1b12

FAILURE_BUCKET_ID:  0xD1_Rtlh86+9ea7

BUCKET_ID:  0xD1_Rtlh86+9ea7

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 73626e42, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, value 0 = read operation, 1 = write operation
Arg4: 8fd92ea7, address which referenced memory

Debugging Details:
------------------


WRITE_ADDRESS: GetPointerFromAddress: unable to read from 82539868
Unable to read MiSystemVaType memory at 82519420
 73626e42 

CURRENT_IRQL:  2

FAULTING_IP: 
Rtlh86+9ea7
8fd92ea7 ??              ???

CUSTOMER_CRASH_COUNT:  2

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0xD1

PROCESS_NAME:  avp.exe

TRAP_FRAME:  8059de68 -- (.trap 0xffffffff8059de68)
ErrCode = 00000002
eax=0000003c ebx=00000000 ecx=73626e36 edx=0000000d esi=877360c8 edi=87942000
eip=8fd92ea7 esp=8059dedc ebp=8059df24 iopl=0         nv up ei ng nz ac pe cy
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010297
Rtlh86+0x9ea7:
8fd92ea7 ??              ???
Resetting default scope

LAST_CONTROL_TRANSFER:  from 8fd92ea7 to 8244ffb9

STACK_TEXT:  
8059de68 8fd92ea7 badb0d00 0000000d 8059de88 nt!KiTrap0E+0x2e1
WARNING: Stack unwind information not available. Following frames may be wrong.
8059ded8 00000000 87942512 87942000 00000001 Rtlh86+0x9ea7


STACK_COMMAND:  kb

FOLLOWUP_IP: 
Rtlh86+9ea7
8fd92ea7 ??              ???

SYMBOL_STACK_INDEX:  1

SYMBOL_NAME:  Rtlh86+9ea7

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: Rtlh86

IMAGE_NAME:  Rtlh86.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  45ec1b12

FAILURE_BUCKET_ID:  0xD1_Rtlh86+9ea7

BUCKET_ID:  0xD1_Rtlh86+9ea7

Followup: MachineOwner
---------

0: kd> .trap 0xffffffff8059de68
ErrCode = 00000002
eax=0000003c ebx=00000000 ecx=73626e36 edx=0000000d esi=877360c8 edi=87942000
eip=8fd92ea7 esp=8059dedc ebp=8059df24 iopl=0         nv up ei ng nz ac pe cy
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010297
Rtlh86+0x9ea7:
8fd92ea7 ??              ???
0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 73626e42, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, value 0 = read operation, 1 = write operation
Arg4: 8fd92ea7, address which referenced memory

Debugging Details:
------------------


WRITE_ADDRESS: GetPointerFromAddress: unable to read from 82539868
Unable to read MiSystemVaType memory at 82519420
 73626e42 

CURRENT_IRQL:  2

FAULTING_IP: 
Rtlh86+9ea7
8fd92ea7 ??              ???

CUSTOMER_CRASH_COUNT:  2

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0xD1

PROCESS_NAME:  avp.exe

TRAP_FRAME:  8059de68 -- (.trap 0xffffffff8059de68)
ErrCode = 00000002
eax=0000003c ebx=00000000 ecx=73626e36 edx=0000000d esi=877360c8 edi=87942000
eip=8fd92ea7 esp=8059dedc ebp=8059df24 iopl=0         nv up ei ng nz ac pe cy
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010297
Rtlh86+0x9ea7:
8fd92ea7 ??              ???
Resetting default scope

LAST_CONTROL_TRANSFER:  from 8fd92ea7 to 8244ffb9

STACK_TEXT:  
8059de68 8fd92ea7 badb0d00 0000000d 8059de88 nt!KiTrap0E+0x2e1
WARNING: Stack unwind information not available. Following frames may be wrong.
8059ded8 00000000 87942512 87942000 00000001 Rtlh86+0x9ea7


STACK_COMMAND:  kb

FOLLOWUP_IP: 
Rtlh86+9ea7
8fd92ea7 ??              ???

SYMBOL_STACK_INDEX:  1

SYMBOL_NAME:  Rtlh86+9ea7

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: Rtlh86

IMAGE_NAME:  Rtlh86.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  45ec1b12

FAILURE_BUCKET_ID:  0xD1_Rtlh86+9ea7

BUCKET_ID:  0xD1_Rtlh86+9ea7

Followup: MachineOwner
---------

0: kd> lmt
start    end        module name
8060c000 80613000   kdcom     Sat Apr 11 02:25:29 2009 (49E037D9)
80613000 80683000   mcupdate_GenuineIntel  Sat Apr 11 02:23:19 2009 (49E03757)
80683000 80694000   PSHED     Sat Apr 11 02:25:32 2009 (49E037DC)
80694000 8069c000   BOOTVID   Sat Jan 19 02:27:15 2008 (4791A653)
8069c000 806dd000   CLFS      Sat Apr 11 00:13:51 2009 (49E018FF)
806dd000 807bd000   CI        Sat Apr 11 02:25:22 2009 (49E037D2)
807bd000 807ef000   fltmgr    Sat Apr 11 00:13:59 2009 (49E01907)
807ef000 807f7b80   PxHelp20  Fri Feb 02 16:23:57 2007 (45C3ABED)
82402000 827bb000   nt        Sat Apr 11 00:16:30 2009 (49E0199E)
827bb000 827ee000   hal       Sat Apr 11 00:13:13 2009 (49E018D9)
82a06000 82a82000   Wdf01000  Sat Jan 19 00:52:21 2008 (47919015)
82a82000 82a8f000   WDFLDR    Sat Jan 19 00:52:19 2008 (47919013)
82a8f000 82b90000   sptd      Mon Mar 23 02:38:33 2009 (49C72E69)
82b90000 82b99000   WMILIB    Sat Jan 19 00:53:08 2008 (47919044)
82b99000 82bbf000   SCSIPORT  Sat Jan 19 00:49:44 2008 (47918F78)
82bbf000 82bdd000   ataport   Sat Apr 11 00:39:10 2009 (49E01EEE)
82bdd000 82bed000   fileinfo  Sat Jan 19 00:34:27 2008 (47918BE3)
82bed000 82bf8000   klbg      Mon Dec 15 11:41:09 2008 (494688A5)
88007000 8804d000   acpi      Sat Apr 11 00:19:03 2009 (49E01A37)
8804d000 88055000   msisadrv  Sat Jan 19 00:32:51 2008 (47918B83)
88055000 8807c000   pci       Sat Apr 11 00:19:16 2009 (49E01A44)
8807c000 8808b000   partmgr   Sat Apr 11 00:39:19 2009 (49E01EF7)
8808b000 8808d900   compbatt  Sat Jan 19 00:32:47 2008 (47918B7F)
8808e000 88098000   BATTC     Sat Jan 19 00:32:45 2008 (47918B7D)
88098000 880a7000   volmgr    Sat Jan 19 00:49:51 2008 (47918F7F)
880a7000 880f1000   volmgrx   Sat Apr 11 00:39:25 2009 (49E01EFD)
880f1000 880f8000   pciide    Sat Apr 11 00:39:10 2009 (49E01EEE)
880f8000 88106000   PCIIDEX   Sat Apr 11 00:39:09 2009 (49E01EED)
88106000 88116000   mountmgr  Sat Jan 19 00:49:13 2008 (47918F59)
88116000 881f1000   iaStor    Wed Feb 11 20:10:56 2009 (49937720)
881f1000 881f9000   atapi     Sat Apr 11 00:39:09 2009 (49E01EED)
88200000 88271000   ksecdd    Mon Jun 15 08:48:53 2009 (4A364335)
88271000 8837c000   ndis      Sat Apr 11 00:45:52 2009 (49E02080)
8837c000 883a7000   msrpc     Sat Apr 11 00:37:32 2009 (49E01E8C)
883a7000 883e2000   NETIO     Sat Apr 11 00:46:21 2009 (49E0209D)
8840f000 884f9000   tcpip     Fri Aug 14 09:48:58 2009 (4A856B4A)
884f9000 88514000   fwpkclnt  Sat Apr 11 00:45:42 2009 (49E02076)
88514000 885c4000   spsys     Tue Mar 10 13:10:28 2009 (49B69F04)
885ef000 885fe000   intelppm  Sat Jan 19 00:27:20 2008 (47918A38)
88603000 88713000   Ntfs      Sat Apr 11 00:14:34 2009 (49E0192A)
88713000 8874c000   volsnap   Sat Apr 11 00:39:37 2009 (49E01F09)
8874c000 88754000   spldr     Thu Jun 21 20:29:17 2007 (467B17DD)
88754000 88763000   mup       Sat Apr 11 00:14:12 2009 (49E01914)
88763000 8878a000   ecache    Sat Apr 11 00:40:12 2009 (49E01F2C)
8878a000 8879b000   disk      Sat Apr 11 00:39:14 2009 (49E01EF2)
8879b000 887bc000   CLASSPNP  Sat Apr 11 00:39:05 2009 (49E01EE9)
887bc000 887c5000   crcdisk   Thu Nov 02 04:52:27 2006 (4549B1CB)
887d2000 887dd000   tunnel    Sat Jan 19 00:55:50 2008 (479190E6)
887dd000 887e6000   tunmp     Sat Jan 19 00:55:40 2008 (479190DC)
887e6000 887e9780   CmBatt    Sat Jan 19 00:32:47 2008 (47918B7F)
887ea000 887f3000   wmiacpi   Sat Jan 19 00:32:47 2008 (47918B7F)
8d007000 8d094000   HDAudBus  Sat Apr 11 00:42:41 2009 (49E01FC1)
8d094000 8d0e5000   rixdptsk  Tue Jan 23 03:03:27 2007 (45B5C14F)
8d0e5000 8d0f5000   HIDCLASS  Sat Apr 11 00:42:47 2009 (49E01FC7)
8d0f5000 8d0fb380   HIDPARSE  Sat Jan 19 00:53:16 2008 (4791904C)
8d0fc000 8d10f000   i8042prt  Sat Jan 19 00:49:17 2008 (47918F5D)
8d10f000 8d11a000   kbdclass  Sat Jan 19 00:49:14 2008 (47918F5A)
8d11a000 8d149100   SynTP     Thu Mar 27 21:14:58 2008 (47EC4692)
8d14a000 8d153000   klmouflt  Sat May 16 12:58:37 2009 (4A0EF0BD)
8d153000 8d15e000   mouclass  Sat Jan 19 00:49:14 2008 (47918F5A)
8d15e000 8d176000   cdrom     Sat Apr 11 00:39:17 2009 (49E01EF5)
8d176000 8d17b280   GEARAspiWDM  Mon May 18 08:16:53 2009 (4A1151B5)
8d17c000 8d1ab000   msiscsi   Sat Apr 11 00:40:07 2009 (49E01F27)
8d1ab000 8d1ec000   storport  Sat Apr 11 00:39:19 2009 (49E01EF7)
8d1ec000 8d1f7000   TDI       Sat Jan 19 00:57:10 2008 (47919136)
8f20c000 8f8c7000   igdkmd32  Mon Feb 11 14:36:07 2008 (47B0A3A7)
8f8c7000 8f966000   dxgkrnl   Sat Apr 11 00:23:43 2009 (49E01B4F)
8f966000 8f972000   watchdog  Sat Apr 11 00:22:43 2009 (49E01B13)
8f972000 8f97d000   usbuhci   Sat Jan 19 00:53:20 2008 (47919050)
8f97d000 8f9bb000   USBPORT   Sat Apr 11 00:42:55 2009 (49E01FCF)
8f9bb000 8f9ca000   usbehci   Sat Apr 11 00:42:52 2009 (49E01FCC)
8f9ca000 8f9e1000   rasl2tp   Sat Jan 19 00:56:33 2008 (47919111)
8f9e1000 8f9ec000   ndistapi  Sat Jan 19 00:56:24 2008 (47919108)
8fa00000 8fd89000   NETw5v32  Mon Nov 17 10:40:18 2008 (49219062)
8fd89000 8fda0000   Rtlh86    Mon Mar 05 08:28:50 2007 (45EC1B12)
8fda0000 8fdaf300   ohci1394  Sat Apr 11 00:43:04 2009 (49E01FD8)
8fdb0000 8fdbd080   1394BUS   Sat Jan 19 00:53:27 2008 (47919057)
8fdbe000 8fdd8000   sdbus     Sat Apr 11 00:19:14 2009 (49E01A42)
8fdd8000 8fde7000   rimmptsk  Sat Feb 24 00:42:21 2007 (45DFD03D)
8fde7000 8fdfb000   rimsptsk  Tue Jan 23 02:40:19 2007 (45B5BBE3)
8fdfb000 8fdfd500   cpqbttn   Wed Jun 28 11:54:39 2006 (44A2A63F)
8fdfe000 8fdff700   USBD      Sat Jan 19 00:53:17 2008 (4791904D)
90003000 90026000   ndiswan   Sat Apr 11 00:46:31 2009 (49E020A7)
90026000 90035000   raspppoe  Sat Apr 11 00:46:30 2009 (49E020A6)
90035000 90049000   raspptp   Sat Jan 19 00:56:34 2008 (47919112)
90049000 9005e000   rassstp   Sat Apr 11 00:46:40 2009 (49E020B0)
9005e000 90069900   pcouffin  Tue Dec 05 09:39:53 2006 (457584B9)
9006a000 9007a000   termdd    Sat Apr 11 00:51:14 2009 (49E021C2)
9007a000 9007b380   swenum    Sat Jan 19 00:49:20 2008 (47918F60)
9007c000 900a6000   ks        Sat Apr 11 00:38:47 2009 (49E01ED7)
900a6000 900a9180   WmBEnum   Tue Jan 13 21:56:11 2009 (496D544B)
900aa000 900b4600   WmXlCore  Tue Jan 13 21:56:03 2009 (496D5443)
900b5000 900bf000   mssmbios  Sat Jan 19 00:32:55 2008 (47918B87)
900bf000 900cc000   umbus     Sat Jan 19 00:53:40 2008 (47919064)
900cc000 90101000   usbhub    Sat Apr 11 00:43:14 2009 (49E01FE2)
90101000 9010a000   kbdhid    Sat Apr 11 00:38:40 2009 (49E01ED0)
9010a000 9011b000   NDProxy   Sat Jan 19 00:56:28 2008 (4791910C)
9011b000 90164000   klif      Fri Jul 03 05:08:10 2009 (4A4DCA7A)
90164000 90185000   VIDEOPRT  Sat Jan 19 00:52:10 2008 (4791900A)
90185000 90193000   Npfs      Sat Apr 11 00:14:01 2009 (49E01909)
90193000 901a9000   tdx       Sat Apr 11 00:45:56 2009 (49E02084)
901a9000 901bf000   pacer     Sat Apr 11 00:45:51 2009 (49E0207F)
901bf000 901d2000   wanarp    Sat Jan 19 00:56:31 2008 (4791910F)
90c00000 90c09000   rasacd    Sat Jan 19 00:56:31 2008 (4791910F)
90c0a000 90e4a300   RTKVHDA   Tue Jun 09 06:13:36 2009 (4A2E35D0)
90e4b000 90e78000   portcls   Sat Apr 11 00:42:48 2009 (49E01FC8)
90e78000 90e9d000   drmk      Sat Jan 19 01:53:02 2008 (47919E4E)
90e9d000 90fa8880   smserial  Tue May 05 08:15:42 2009 (4A002DEE)
90fa9000 90fb6000   modem     Sat Jan 19 00:57:16 2008 (4791913C)
90fb6000 90fc0000   MODEMCSA  Sat Jan 19 00:57:16 2008 (4791913C)
90fc0000 90fc9000   Fs_Rec    Sat Jan 19 00:27:57 2008 (47918A5D)
90fc9000 90fd0000   Null      Sat Jan 19 00:49:12 2008 (47918F58)
90fd0000 90fd7000   Beep      Sat Jan 19 00:49:10 2008 (47918F56)
90fd7000 90fe3000   vga       Sat Jan 19 00:52:06 2008 (47919006)
90fe3000 90feb000   RDPCDD    Sat Jan 19 01:01:08 2008 (47919224)
90feb000 90ff3000   rdpencdd  Sat Jan 19 01:01:09 2008 (47919225)
90ff3000 90ffe000   Msfs      Sat Jan 19 00:28:08 2008 (47918A68)
91007000 91043000   rdbss     Sat Apr 11 00:14:26 2009 (49E01922)
91043000 9104d000   nsiproxy  Sat Jan 19 00:55:50 2008 (479190E6)
9104d000 91064000   dfsc      Sat Apr 11 00:14:12 2009 (49E01914)
91064000 91071000   crashdmp  Sat Apr 11 00:39:12 2009 (49E01EF0)
91071000 9114c000   dump_iaStor  Wed Feb 11 20:10:56 2009 (49937720)
9114c000 91156000   Dxapi     Sat Jan 19 00:36:12 2008 (47918C4C)
91156000 91165000   monitor   Sat Jan 19 00:52:19 2008 (47919013)
91165000 91180000   luafv     Sat Jan 19 00:30:35 2008 (47918AFB)
91188000 91198000   lltdio    Sat Jan 19 00:55:03 2008 (479190B7)
91198000 911c2000   nwifi     Sat Apr 11 00:43:27 2009 (49E01FEF)
911c2000 911cc000   ndisuio   Sat Jan 19 00:55:40 2008 (479190DC)
911cc000 911df000   rspndr    Sat Jan 19 00:55:03 2008 (479190B7)
91200000 9120e000   netbios   Sat Jan 19 00:55:45 2008 (479190E1)
9120f000 9172f000   kl1       Mon Jun 15 06:00:15 2009 (4A361BAF)
9172f000 91746000   usbccgp   Sat Jan 19 00:53:29 2008 (47919059)
91746000 91766b80   usbvideo  Sat Jan 19 00:53:38 2008 (47919062)
91767000 9177b000   smb       Sat Apr 11 00:45:22 2009 (49E02062)
9177b000 917c3000   afd       Sat Apr 11 00:47:01 2009 (49E020C5)
917c3000 917f5000   netbt     Sat Apr 11 00:45:35 2009 (49E0206F)
917f5000 917fc000   klim6     Fri May 15 10:50:04 2009 (4A0D811C)
917fc000 917fe000   eabfiltr  Thu Nov 30 11:24:57 2006 (456F05D9)
98aa0000 98ca2000   win32k    Tue Apr 21 07:39:34 2009 (49EDB076)
98cc0000 98cc9000   TSDDD     unavailable (00000000)
98ce0000 98cee000   cdd       Sat Apr 11 02:22:03 2009 (49E0370B)
abe01000 abe6c000   HTTP      Sat Apr 11 00:45:29 2009 (49E02069)
abe6c000 abe89000   srvnet    Sat Apr 11 00:15:01 2009 (49E01945)
abe89000 abea2000   bowser    Sat Jan 19 00:28:26 2008 (47918A7A)
abea2000 abeb7000   mpsdrv    Sat Jan 19 00:54:45 2008 (479190A5)
abeb7000 abed8000   mrxdav    Sat Apr 11 00:14:39 2009 (49E0192F)
abed8000 abef7000   mrxsmb    Sat Apr 11 00:14:27 2009 (49E01923)
abef7000 abf30000   mrxsmb10  Sat Apr 11 00:14:34 2009 (49E0192A)
abf30000 abf48000   mrxsmb20  Sat Apr 11 00:14:28 2009 (49E01924)
abf48000 abf6f000   srv2      Sat Apr 11 00:15:02 2009 (49E01946)
abf6f000 abfbb000   srv       Sat Apr 11 00:15:17 2009 (49E01955)
ae60d000 ae6eb000   peauth    Mon Oct 23 04:55:32 2006 (453C8384)
ae6eb000 ae6f5000   secdrv    Wed Sep 13 09:18:32 2006 (45080528)
ae6f5000 ae701000   tcpipreg  Fri Aug 14 09:48:21 2009 (4A856B25)
ae701000 ae717000   cdfs      Sat Jan 19 00:28:02 2008 (47918A62)

Unloaded modules:
91180000 91188000   drmkaud.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
abfbb000 abfd3000   parport.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
887c5000 887d2000   crashdmp.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
88514000 885ef000   dump_iaStor.
    Timestamp: unavailable (00000000)
    Checksum:  00000000
 
Last edited by a moderator:

My Computer

System One

  • Manufacturer/Model
    hp.pavillion dv9634ca
If any of these arrived on the machine just prior to the onset of your little BSoD issue, I'd suggest removing them:

917fc000 917fe000 eabfiltr Thu Nov 30 11:24:57 2006 (456F05D9)
8fdfb000 8fdfd500 cpqbttn Wed Jun 28 11:54:39 2006 (44A2A63F)
8fd89000 8fda0000 Rtlh86 Mon Mar 05 08:28:50 2007 (45EC1B12)
8fa00000 8fd89000 NETw5v32 Mon Nov 17 10:40:18 2008 (49219062)
8fd89000 8fda0000 Rtlh86 Mon Mar 05 08:28:50 2007 (45EC1B12)

In particular, this type of crash may be linked to hardware devices doing lotsa data transfer, so the NIC drivers would be my first (wild stab in the dark) guess, followed by 3rd-party software firewall drivers, then AV filter drivers.

If you can't repro at will and you don't recall installing or updating drivers at all, enable "driver verifier" and then reboot:

VERIFIER /ALL

The next crash after that may yield a more definitive picture in the resultant memory dump.
 

My Computer

System One

H2SO4 said:
If any of these arrived on the machine just prior to the onset of your little BSoD issue, I'd suggest removing them:

917fc000 917fe000 eabfiltr Thu Nov 30 11:24:57 2006 (456F05D9)
8fdfb000 8fdfd500 cpqbttn Wed Jun 28 11:54:39 2006 (44A2A63F)
8fd89000 8fda0000 Rtlh86 Mon Mar 05 08:28:50 2007 (45EC1B12)
8fa00000 8fd89000 NETw5v32 Mon Nov 17 10:40:18 2008 (49219062)
8fd89000 8fda0000 Rtlh86 Mon Mar 05 08:28:50 2007 (45EC1B12)

In particular, this type of crash may be linked to hardware devices doing lotsa data transfer, so the NIC drivers would be my first (wild stab in the dark) guess, followed by 3rd-party software firewall drivers, then AV filter drivers.

If you can't repro at will and you don't recall installing or updating drivers at all, enable "driver verifier" and then reboot:

VERIFIER /ALL

The next crash after that may yield a more definitive picture in the resultant memory dump.
Click to expand...
Thanxs for your help Sir but can you talk in "dumb" english lol.How do you remove the above #S and how do you enable driver verifier??Sorry I'm new to the game..
 

My Computer

System One

  • Manufacturer/Model
    hp.pavillion dv9634ca
Jethro

Search OS drive for *.dmp
 

My Computer

System One

  • Manufacturer/Model
    Dell Inspiron E 1405
    CPU
    [email protected]
    Memory
    4 gigs
    Graphics card(s)
    integrated intel 945
    Sound Card
    integrated
    Screen Resolution
    1440x900
    Hard Drives
    300 gig internal
    Internet Speed
    10 down 1.5 up
jethro66 said:
Thanxs for your help Sir but can you talk in "dumb" english lol.How do you remove the above #S and how do you enable driver verifier??Sorry I'm new to the game..
Click to expand...

1) Do you know of any way to reproduce (purposefully trigger) this crash? If so, what do you have to do?

2) Those few drivers I picked out of your list (eabfiltr, cpqbttn, Rtlh86, NETw5v32) are potentially significant because they're older and/or they are the type of driver which can potentially cause this specific type of crash. Hence, you may want to update those 4 drivers to the latest available versions, wherever you got them from in the first place. I'd start with Rtlh86 and NETw5v32 - they're network card drivers.
 

My Computer

System One

H2SO4 said:
jethro66 said:
Thanxs for your help Sir but can you talk in "dumb" english lol.How do you remove the above #S and how do you enable driver verifier??Sorry I'm new to the game..
Click to expand...

1) Do you know of any way to reproduce (purposefully trigger) this crash? If so, what do you have to do?

2) Those few drivers I picked out of your list (eabfiltr, cpqbttn, Rtlh86, NETw5v32) are potentially significant because they're older and/or they are the type of driver which can potentially cause this specific type of crash. Hence, you may want to update those 4 drivers to the latest available versions, wherever you got them from in the first place. I'd start with Rtlh86 and NETw5v32 - they're network card drivers.
Click to expand...

Rtl86.sys is an ethernet driver and the process that caused the crash was avp.exe which is a kaspersky process. Uninstall kaspersky, than update all your ethernet and network drivers.
 

My Computer

System One

  • Manufacturer/Model
    Sony Vaio Z46GDU
    CPU
    [email protected] w/6MB L2 cache 1066MHz FSB
    Memory
    6GB DDR3 1066MHz SDRAM
    Graphics card(s)
    9300M GS 256MB + Intel Integrated 4500MHD
    Monitor(s) Displays
    13.1" WXGA True Colour Tough
    Screen Resolution
    1600x900
    Hard Drives
    320GB SATA 7200RPM
    Internet Speed
    1MB/s
Frostmourne said:
Rtl86.sys is an ethernet driver and the process that caused the crash was avp.exe which is a kaspersky process. Uninstall kaspersky, than update all your ethernet and network drivers.
Click to expand...

For what it's worth, I agree with the "update your NIC drivers" advice, but the actual process whose thread was running at the time of the crash is almost always irrelevant. (The original series of minidumps which the OP posted all refer to 'system'.) There may be multiple distinct crash causes - the newer 0xD1s may not be related to the 0xAs at the beginning of the thread.

Updating Kaspersky - in order to update its kernel-mode drivers - would be useful.
 

My Computer

System One

Both of those BugCheck strike codes can also be related to hardware but updating the software first is probably a better idea.
 

My Computer

System One

  • Manufacturer/Model
    Sony Vaio Z46GDU
    CPU
    [email protected] w/6MB L2 cache 1066MHz FSB
    Memory
    6GB DDR3 1066MHz SDRAM
    Graphics card(s)
    9300M GS 256MB + Intel Integrated 4500MHD
    Monitor(s) Displays
    13.1" WXGA True Colour Tough
    Screen Resolution
    1600x900
    Hard Drives
    320GB SATA 7200RPM
    Internet Speed
    1MB/s
NOTE: I didn't see the second page when I posted this - please disregard anything that may conflict with the suggestions made on the second page

Please zip up the contents of the C:\Windows\Minidump folder, then upload/attach the .zip file with your next post.

I'm a bit confused by the analysis' that you've posted - but it appears to be either your network drivers - or your antivirus (which also makes me wonder about a malware infection).

Download a fresh copy of the networking drivers, uninstall the current one's, then install the freshly downloaded one's.

Download a fresh copy of the antivirus program, uninstall the current one, then IMMEDIATELY install & update the freshly downloaded copy.

Then perform a full system scan with the new antivirus.

Please let us know what happens and we can move on from there.
 

My Computer

System One

You must log in or register to reply here.
Back
Top