Y
yaro137
Every now and then my PC (XPpro) restarts. It happens at least twice a
day which is quite annoying.
I managed to get the minidump logs but have no clue what's going on as
there seem to be a couple of causes for the BSOD.
Firstly it's the explorer process :
Microsoft (R) Windows Debugger Version 6.9.0003.113 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\WINDOWS\Minidump\Mini120508-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: C:\symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 3) MP (2 procs) Free x86
compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp3_gdr.080814-1236
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720
Debug session time: Fri Dec 5 12:46:47.273 2008 (GMT+0)
System Uptime: 0 days 0:03:18.406
Loading Kernel Symbols
.........................................................................................................................
Loading User Symbols
Loading unloaded module list
...
*******************************************************************************
*
*
* Bugcheck
Analysis *
*
*
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000000A, {a1b001c, 1c, 0, 804fa276}
*** ERROR: Module load completed but symbols could not be loaded for
Ntfs.sys
*** ERROR: Module load completed but symbols could not be loaded for
sr.sys
Probably caused by : sr.sys ( sr+459 )
Followup: MachineOwner
---------
1: kd> t
^ No runnable debuggees error in 't'
1: kd> !analyze -v;r;kv;
*******************************************************************************
*
*
* Bugcheck
Analysis *
*
*
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid)
address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0a1b001c, memory referenced
Arg2: 0000001c, IRQL
Arg3: 00000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute
operation
(only on chips which support this level of status)
Arg4: 804fa276, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: 0a1b001c
CURRENT_IRQL: 1c
FAULTING_IP:
nt!KeSetEvent+32
804fa276 66394616 cmp word ptr [esi+16h],ax
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: explorer.exe
LAST_CONTROL_TRANSFER: from 804e71c4 to 804fa276
STACK_TEXT:
f6deb660 804e71c4 859ef4d0 00000000 00000000 nt!KeSetEvent+0x32
f6deb67c 804e262a 00000020 00000301 00000001 nt!CcFreeVirtualAddress
+0x3a
f6deb698 80569fd9 00000000 f6deb930 f6deb6c0 nt!CcUnpinFileData+0x1a
f6deb6a8 f743b4c0 85bb27c9 00000000 e1c66ba0 nt!CcUnpinData+0x47
WARNING: Stack unwind information not available. Following frames may
be wrong.
f6deb6c0 f743c6d0 00000001 e1a658c0 f6deb8e0 Ntfs+0x284c0
f6deb6d0 f743c363 f6deb930 e1c66ba0 f743c307 Ntfs+0x296d0
f6deb8e0 f743b2e8 f6deb930 85515008 85bcb470 Ntfs+0x29363
f6deb914 f743b253 f6deb930 e17c2b38 85516d10 Ntfs+0x282e8
f6deba8c 804ef19f 85bcb390 85515008 85bcfc50 Ntfs+0x28253
f6deba9c f74b7459 f6debad8 804ef19f 85bcbd58 nt!IopfCallDriver+0x31
f6debaa4 804ef19f 85bcbd58 85515008 85515008 sr+0x459
f6debad8 804ef19f 8591f7a0 85515008 806e6410 nt!IopfCallDriver+0x31
f6debae8 8057f982 f6debb54 f6debbf8 80579e64 nt!IopfCallDriver+0x31
f6debafc 80579ec1 8591f7a0 85515008 85516d10 nt!
IopSynchronousServiceTail+0x70
f6debb20 8054162c 80000bb8 00000000 00000000 nt!NtQueryDirectoryFile
+0x5d
f6debb20 805008a1 80000bb8 00000000 00000000 nt!KiFastCallEntry+0xfc
f6debbc4 8061df65 80000bb8 00000000 00000000 nt!ZwQueryDirectoryFile
+0x11
f6debc38 8061fbda 00000000 00000036 00000000 nt!
CcPfPrefetchDirectoryContents+0xa3
f6debc60 8062059b 00000025 163c6341 000001b4 nt!CcPfPrefetchMetadata
+0x76
f6debc8c 806209d2 e1158000 00080000 85502510 nt!CcPfPrefetchScenario
+0x6d
f6debd08 805cfec5 85502510 e17e2fd8 00000000 nt!CcPfBeginAppLaunch
+0x158
f6debd50 805460ee 00000000 7c8106f5 00000001 nt!PspUserThreadStartup
+0xeb
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
STACK_COMMAND: kb
FOLLOWUP_IP:
sr+459
f74b7459 5d pop ebp
SYMBOL_STACK_INDEX: a
SYMBOL_NAME: sr+459
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: sr
IMAGE_NAME: sr.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 480252c2
FAILURE_BUCKET_ID: 0xA_sr+459
BUCKET_ID: 0xA_sr+459
Followup: MachineOwner
---------
eax=00000001 ebx=85bb2702 ecx=859ef4d0 edx=00000000 esi=0a1b0006
edi=859ef4d0
eip=804fa276 esp=f6deb654 ebp=f6deb660 iopl=0 nv up ei ng nz
na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
efl=00010282
nt!KeSetEvent+0x32:
804fa276 66394616 cmp word ptr [esi+16h],ax ds:
0023:0a1b001c=????
ChildEBP RetAddr Args to Child
f6deb660 804e71c4 859ef4d0 00000000 00000000 nt!KeSetEvent+0x32 (FPO:
[Non-Fpo])
f6deb67c 804e262a 00000020 00000301 00000001 nt!CcFreeVirtualAddress
+0x3a (FPO: [0,0,0])
f6deb698 80569fd9 00000000 f6deb930 f6deb6c0 nt!CcUnpinFileData+0x1a
(FPO: [Non-Fpo])
f6deb6a8 f743b4c0 85bb27c9 00000000 e1c66ba0 nt!CcUnpinData+0x47 (FPO:
[Non-Fpo])
WARNING: Stack unwind information not available. Following frames may
be wrong.
f6deb6c0 f743c6d0 00000001 e1a658c0 f6deb8e0 Ntfs+0x284c0
f6deb6d0 f743c363 f6deb930 e1c66ba0 f743c307 Ntfs+0x296d0
f6deb8e0 f743b2e8 f6deb930 85515008 85bcb470 Ntfs+0x29363
f6deb914 f743b253 f6deb930 e17c2b38 85516d10 Ntfs+0x282e8
f6deba8c 804ef19f 85bcb390 85515008 85bcfc50 Ntfs+0x28253
f6deba9c f74b7459 f6debad8 804ef19f 85bcbd58 nt!IopfCallDriver+0x31
(FPO: [0,0,0])
f6debaa4 804ef19f 85bcbd58 85515008 85515008 sr+0x459
f6debad8 804ef19f 8591f7a0 85515008 806e6410 nt!IopfCallDriver+0x31
(FPO: [0,0,0])
f6debae8 8057f982 f6debb54 f6debbf8 80579e64 nt!IopfCallDriver+0x31
(FPO: [0,0,0])
f6debafc 80579ec1 8591f7a0 85515008 85516d10 nt!
IopSynchronousServiceTail+0x70 (FPO: [Non-Fpo])
f6debb20 8054162c 80000bb8 00000000 00000000 nt!NtQueryDirectoryFile
+0x5d (FPO: [Non-Fpo])
f6debb20 805008a1 80000bb8 00000000 00000000 nt!KiFastCallEntry+0xfc
(FPO: [0,0] TrapFrame @ f6debb54)
f6debbc4 8061df65 80000bb8 00000000 00000000 nt!ZwQueryDirectoryFile
+0x11 (FPO: [11,0,0])
f6debc38 8061fbda 00000000 00000036 00000000 nt!
CcPfPrefetchDirectoryContents+0xa3 (FPO: [Non-Fpo])
f6debc60 8062059b 00000025 163c6341 000001b4 nt!CcPfPrefetchMetadata
+0x76 (FPO: [Non-Fpo])
f6debc8c 806209d2 e1158000 00080000 85502510 nt!CcPfPrefetchScenario
+0x6d (FPO: [Non-Fpo])
Another time it's McAfee (I got rid of it already):
Microsoft (R) Windows Debugger Version 6.9.0003.113 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\WINDOWS\Minidump\Mini120508-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: C:\symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 3) MP (2 procs) Free x86
compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp3_gdr.080814-1236
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720
Debug session time: Fri Dec 5 12:46:47.273 2008 (GMT+0)
System Uptime: 0 days 0:03:18.406
Loading Kernel Symbols
.........................................................................................................................
Loading User Symbols
Loading unloaded module list
...
*******************************************************************************
*
*
* Bugcheck
Analysis *
*
*
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000000A, {a1b001c, 1c, 0, 804fa276}
*** ERROR: Module load completed but symbols could not be loaded for
Ntfs.sys
*** ERROR: Module load completed but symbols could not be loaded for
sr.sys
Probably caused by : sr.sys ( sr+459 )
Followup: MachineOwner
---------
1: kd> t
^ No runnable debuggees error in 't'
1: kd> !analyze -v;r;kv;
*******************************************************************************
*
*
* Bugcheck
Analysis *
*
*
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid)
address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0a1b001c, memory referenced
Arg2: 0000001c, IRQL
Arg3: 00000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute
operation
(only on chips which support this level of status)
Arg4: 804fa276, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: 0a1b001c
CURRENT_IRQL: 1c
FAULTING_IP:
nt!KeSetEvent+32
804fa276 66394616 cmp word ptr [esi+16h],ax
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: explorer.exe
LAST_CONTROL_TRANSFER: from 804e71c4 to 804fa276
STACK_TEXT:
f6deb660 804e71c4 859ef4d0 00000000 00000000 nt!KeSetEvent+0x32
f6deb67c 804e262a 00000020 00000301 00000001 nt!CcFreeVirtualAddress
+0x3a
f6deb698 80569fd9 00000000 f6deb930 f6deb6c0 nt!CcUnpinFileData+0x1a
f6deb6a8 f743b4c0 85bb27c9 00000000 e1c66ba0 nt!CcUnpinData+0x47
WARNING: Stack unwind information not available. Following frames may
be wrong.
f6deb6c0 f743c6d0 00000001 e1a658c0 f6deb8e0 Ntfs+0x284c0
f6deb6d0 f743c363 f6deb930 e1c66ba0 f743c307 Ntfs+0x296d0
f6deb8e0 f743b2e8 f6deb930 85515008 85bcb470 Ntfs+0x29363
f6deb914 f743b253 f6deb930 e17c2b38 85516d10 Ntfs+0x282e8
f6deba8c 804ef19f 85bcb390 85515008 85bcfc50 Ntfs+0x28253
f6deba9c f74b7459 f6debad8 804ef19f 85bcbd58 nt!IopfCallDriver+0x31
f6debaa4 804ef19f 85bcbd58 85515008 85515008 sr+0x459
f6debad8 804ef19f 8591f7a0 85515008 806e6410 nt!IopfCallDriver+0x31
f6debae8 8057f982 f6debb54 f6debbf8 80579e64 nt!IopfCallDriver+0x31
f6debafc 80579ec1 8591f7a0 85515008 85516d10 nt!
IopSynchronousServiceTail+0x70
f6debb20 8054162c 80000bb8 00000000 00000000 nt!NtQueryDirectoryFile
+0x5d
f6debb20 805008a1 80000bb8 00000000 00000000 nt!KiFastCallEntry+0xfc
f6debbc4 8061df65 80000bb8 00000000 00000000 nt!ZwQueryDirectoryFile
+0x11
f6debc38 8061fbda 00000000 00000036 00000000 nt!
CcPfPrefetchDirectoryContents+0xa3
f6debc60 8062059b 00000025 163c6341 000001b4 nt!CcPfPrefetchMetadata
+0x76
f6debc8c 806209d2 e1158000 00080000 85502510 nt!CcPfPrefetchScenario
+0x6d
f6debd08 805cfec5 85502510 e17e2fd8 00000000 nt!CcPfBeginAppLaunch
+0x158
f6debd50 805460ee 00000000 7c8106f5 00000001 nt!PspUserThreadStartup
+0xeb
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
STACK_COMMAND: kb
FOLLOWUP_IP:
sr+459
f74b7459 5d pop ebp
SYMBOL_STACK_INDEX: a
SYMBOL_NAME: sr+459
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: sr
IMAGE_NAME: sr.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 480252c2
FAILURE_BUCKET_ID: 0xA_sr+459
BUCKET_ID: 0xA_sr+459
Followup: MachineOwner
---------
eax=00000001 ebx=85bb2702 ecx=859ef4d0 edx=00000000 esi=0a1b0006
edi=859ef4d0
eip=804fa276 esp=f6deb654 ebp=f6deb660 iopl=0 nv up ei ng nz
na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
efl=00010282
nt!KeSetEvent+0x32:
804fa276 66394616 cmp word ptr [esi+16h],ax ds:
0023:0a1b001c=????
ChildEBP RetAddr Args to Child
f6deb660 804e71c4 859ef4d0 00000000 00000000 nt!KeSetEvent+0x32 (FPO:
[Non-Fpo])
f6deb67c 804e262a 00000020 00000301 00000001 nt!CcFreeVirtualAddress
+0x3a (FPO: [0,0,0])
f6deb698 80569fd9 00000000 f6deb930 f6deb6c0 nt!CcUnpinFileData+0x1a
(FPO: [Non-Fpo])
f6deb6a8 f743b4c0 85bb27c9 00000000 e1c66ba0 nt!CcUnpinData+0x47 (FPO:
[Non-Fpo])
WARNING: Stack unwind information not available. Following frames may
be wrong.
f6deb6c0 f743c6d0 00000001 e1a658c0 f6deb8e0 Ntfs+0x284c0
f6deb6d0 f743c363 f6deb930 e1c66ba0 f743c307 Ntfs+0x296d0
f6deb8e0 f743b2e8 f6deb930 85515008 85bcb470 Ntfs+0x29363
f6deb914 f743b253 f6deb930 e17c2b38 85516d10 Ntfs+0x282e8
f6deba8c 804ef19f 85bcb390 85515008 85bcfc50 Ntfs+0x28253
f6deba9c f74b7459 f6debad8 804ef19f 85bcbd58 nt!IopfCallDriver+0x31
(FPO: [0,0,0])
f6debaa4 804ef19f 85bcbd58 85515008 85515008 sr+0x459
f6debad8 804ef19f 8591f7a0 85515008 806e6410 nt!IopfCallDriver+0x31
(FPO: [0,0,0])
f6debae8 8057f982 f6debb54 f6debbf8 80579e64 nt!IopfCallDriver+0x31
(FPO: [0,0,0])
f6debafc 80579ec1 8591f7a0 85515008 85516d10 nt!
IopSynchronousServiceTail+0x70 (FPO: [Non-Fpo])
f6debb20 8054162c 80000bb8 00000000 00000000 nt!NtQueryDirectoryFile
+0x5d (FPO: [Non-Fpo])
f6debb20 805008a1 80000bb8 00000000 00000000 nt!KiFastCallEntry+0xfc
(FPO: [0,0] TrapFrame @ f6debb54)
f6debbc4 8061df65 80000bb8 00000000 00000000 nt!ZwQueryDirectoryFile
+0x11 (FPO: [11,0,0])
f6debc38 8061fbda 00000000 00000036 00000000 nt!
CcPfPrefetchDirectoryContents+0xa3 (FPO: [Non-Fpo])
f6debc60 8062059b 00000025 163c6341 000001b4 nt!CcPfPrefetchMetadata
+0x76 (FPO: [Non-Fpo])
f6debc8c 806209d2 e1158000 00080000 85502510 nt!CcPfPrefetchScenario
+0x6d (FPO: [Non-Fpo])
Other times it's a process called csrss :
Opened log file 'c:\debuglog.txt'
0: kd> .sympath srv*c:\symbols*http://msdl.microsoft.com/downloads/
symbols
Symbol search path is: srv*c:\symbols*http://msdl.microsoft.com/
downloads/symbols
0: kd> .reload;!analyze -v;r;kv;lmnt;.logclose;q
Loading Kernel Symbols
.....................................................................................................................
Loading User Symbols
Loading unloaded module list
.............
*******************************************************************************
*
*
* Bugcheck
Analysis *
*
*
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid)
address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0000fffd, memory referenced
Arg2: 0000001c, IRQL
Arg3: 00000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute
operation
(only on chips which support this level of status)
Arg4: 80502367, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: 0000fffd
CURRENT_IRQL: 1c
FAULTING_IP:
nt!KiInsertTimerTable+2f
80502367 3b51fc cmp edx,dword ptr [ecx-4]
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: csrss.exe
LAST_CONTROL_TRANSFER: from 8050245b to 80502367
STACK_TEXT:
f7835a4c 8050245b fffd19d0 ffffffff 4f9aa24e nt!KiInsertTimerTable
+0x2f
f7835a68 804fa0c5 fffd19d0 ffffffff 0000001f nt!KiInsertTreeTimer+0x7d
f7835a88 804fa16c 0093bea8 fffd19d0 ffffffff nt!KeSetTimerEx+0x4d
f7835aa4 bf8011e1 8593bea8 fffd19d0 ffffffff nt!KeSetTimer+0x18
f7835ad4 bf89412b 00000022 006efff4 bf801067 win32k!TimersProc+0x128
f7835d30 bf878b35 f7825490 00000002 f7835d54 win32k!RawInputThread
+0x634
f7835d40 bf80108a f7825490 f7835d64 006efff4 win32k!
xxxCreateSystemThreads+0x60
f7835d54 8054162c 00000000 00000022 00000000 win32k!NtUserCallOneParam
+0x23
f7835d54 7c90e4f4 00000000 00000022 00000000 nt!KiFastCallEntry+0xfc
WARNING: Frame IP not in any known module. Following frames may be
wrong.
00000000 00000000 00000000 00000000 00000000 0x7c90e4f4
STACK_COMMAND: kb
FOLLOWUP_IP:
win32k!TimersProc+128
bf8011e1 e820f9ffff call win32k!LeaveCrit (bf800b06)
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: win32k!TimersProc+128
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: win32k
IMAGE_NAME: win32k.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 48ce513a
FAILURE_BUCKET_ID: 0xA_win32k!TimersProc+128
BUCKET_ID: 0xA_win32k!TimersProc+128
Followup: MachineOwner
---------
eax=4f9d887e ebx=00000000 ecx=00010001 edx=00000002 esi=8593bea8
edi=8055c8a0
eip=80502367 esp=f7835a44 ebp=f7835a4c iopl=0 nv up ei pl nz
na po cy
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
efl=00010203
nt!KiInsertTimerTable+0x2f:
80502367 3b51fc cmp edx,dword ptr [ecx-4] ds:
0023:0000fffd=????????
ChildEBP RetAddr Args to Child
f7835a4c 8050245b fffd19d0 ffffffff 4f9aa24e nt!KiInsertTimerTable
+0x2f (FPO: [Non-Fpo])
f7835a68 804fa0c5 fffd19d0 ffffffff 0000001f nt!KiInsertTreeTimer+0x7d
(FPO: [Non-Fpo])
f7835a88 804fa16c 0093bea8 fffd19d0 ffffffff nt!KeSetTimerEx+0x4d
(FPO: [Non-Fpo])
f7835aa4 bf8011e1 8593bea8 fffd19d0 ffffffff nt!KeSetTimer+0x18 (FPO:
[Non-Fpo])
f7835ad4 bf89412b 00000022 006efff4 bf801067 win32k!TimersProc+0x128
(FPO: [Non-Fpo])
f7835d30 bf878b35 f7825490 00000002 f7835d54 win32k!RawInputThread
+0x634 (FPO: [Non-Fpo])
f7835d40 bf80108a f7825490 f7835d64 006efff4 win32k!
xxxCreateSystemThreads+0x60 (FPO: [Non-Fpo])
f7835d54 8054162c 00000000 00000022 00000000 win32k!NtUserCallOneParam
+0x23 (FPO: [Non-Fpo])
f7835d54 7c90e4f4 00000000 00000022 00000000 nt!KiFastCallEntry+0xfc
(FPO: [0,0] TrapFrame @ f7835d64)
WARNING: Frame IP not in any known module. Following frames may be
wrong.
00000000 00000000 00000000 00000000 00000000 0x7c90e4f4
start end module name
804d7000 806e4000 nt ntkrpamp.exe Thu Aug 14 10:33:13 2008
(48A3FBD9)
806e4000 80704d00 hal halmacpi.dll Sun Apr 13 19:31:27 2008
(4802517F)
bf800000 bf9c2c80 win32k win32k.sys Mon Sep 15 13:12:42 2008
(48CE513A)
bf9c3000 bf9d4600 dxg dxg.sys Sun Apr 13 19:38:27 2008
(48025323)
bf9d5000 bfd29c00 vtdisp vtdisp.dll Thu Feb 09 08:23:09 2006
(43EAFBED)
bffa0000 bffe5c00 ATMFD ATMFD.DLL Mon Apr 14 01:09:55 2008
(4802A0D3)
f1e50000 f1e61b80 MfeAVFK MfeAVFK.sys Thu Aug 16 16:54:26 2007
(46C47332)
f21d5000 f21f7100 RDPWD RDPWD.SYS Sun Apr 13 19:38:40 2008
(48025330)
f2220000 f2260a80 HTTP HTTP.sys Sun Apr 13 19:53:48 2008
(480256BC)
f2301000 f2304800 asyncmac asyncmac.sys Sun Apr 13 19:57:27 2008
(48025797)
f2559000 f256d480 wdmaud wdmaud.sys Sun Apr 13 20:17:18 2008
(48025C3E)
f2800000 f280ed80 sysaudio sysaudio.sys Sun Apr 13 20:15:55 2008
(48025BEB)
f2aa8000 f2af9800 srv srv.sys Mon Sep 08 11:41:40 2008
(48C50164)
f2bea000 f2c16180 mrxdav mrxdav.sys Sun Apr 13 19:32:42 2008
(480251CA)
f2dcb000 f2dce900 ndisuio ndisuio.sys Sun Apr 13 19:55:57 2008
(4802573D)
f52e7000 f52fe900 dump_atapi dump_atapi.sys Sun Apr 13 19:40:29 2008
(4802539D)
f52ff000 f532e820 mfehidk mfehidk.sys Thu Aug 16 16:51:29 2007
(46C47281)
f532f000 f539e280 mrxsmb mrxsmb.sys Fri Oct 24 12:21:07 2008
(4901AFA3)
f539f000 f53c9e80 rdbss rdbss.sys Sun Apr 13 20:28:38 2008
(48025EE6)
f53ca000 f53ebd00 afd afd.sys Thu Aug 14 11:04:35 2008
(48A40333)
f53ec000 f5413c00 netbt netbt.sys Sun Apr 13 20:20:59 2008
(48025D1B)
f5414000 f5439500 ipnat ipnat.sys Sun Apr 13 19:57:10 2008
(48025786)
f5502000 f555a480 tcpip tcpip.sys Fri Jun 20 12:51:09 2008
(485B99AD)
f555b000 f556d600 ipsec ipsec.sys Sun Apr 13 20:19:42 2008
(48025CCE)
f691e000 f6920900 Dxapi Dxapi.sys Fri Aug 17 21:53:19 2001
(3B7D843F)
f6978000 f69d5f00 update update.sys Sun Apr 13 19:39:46 2008
(48025372)
f69fe000 f6a2de80 rdpdr rdpdr.sys Sun Apr 13 19:32:50 2008
(480251D2)
f6a2e000 f6a3ee00 psched psched.sys Sun Apr 13 19:56:36 2008
(48025764)
f6a3f000 f6a55580 ndiswan ndiswan.sys Sun Apr 13 20:20:41 2008
(48025D09)
f6a56000 f6a79a80 portcls portcls.sys Sun Apr 13 20:19:40 2008
(48025CCC)
f6a7a000 f6e41040 ALCXWDM ALCXWDM.SYS Fri Mar 31 07:38:44 2006
(442CCE74)
f6e42000 f6e55900 parport parport.sys Sun Apr 13 19:40:09 2008
(48025389)
f6e56000 f6e79200 USBPORT USBPORT.SYS Sun Apr 13 19:45:34 2008
(480254CE)
f6e7a000 f6e9c700 ks ks.sys Sun Apr 13 20:16:34 2008
(48025C12)
f6e9d000 f6eb0f00 VIDEOPRT VIDEOPRT.SYS Sun Apr 13 19:44:39 2008
(48025497)
f6eb1000 f6eedb80 vtmini vtmini.sys Thu Feb 09 08:23:18 2006
(43EAFBF6)
f6efe000 f6f0d900 Cdfs Cdfs.SYS Sun Apr 13 20:14:21 2008
(48025B8D)
f6f3e000 f6f47000 HIDCLASS HIDCLASS.SYS Sun Apr 13 19:45:25 2008
(480254C5)
f6f5e000 f6f68e00 Fips Fips.SYS Sun Apr 13 19:33:27 2008
(480251F7)
f6f6e000 f6f76780 netbios netbios.sys Sun Apr 13 19:56:01 2008
(48025741)
f6f7e000 f6f86700 wanarp wanarp.sys Sun Apr 13 19:57:20 2008
(48025790)
f7384000 f7386280 rasacd rasacd.sys Fri Aug 17 21:55:39 2001
(3B7D84CB)
f73cc000 f73e5b80 Mup Mup.sys Sun Apr 13 20:17:05 2008
(48025C31)
f73e6000 f7412980 NDIS NDIS.sys Sun Apr 13 20:20:35 2008
(48025D03)
f7413000 f749f600 Ntfs Ntfs.sys Sun Apr 13 20:15:49 2008
(48025BE5)
f74a0000 f74b6880 KSecDD KSecDD.sys Sun Apr 13 19:31:40 2008
(4802518C)
f74b7000 f74c8f00 sr sr.sys Sun Apr 13 19:36:50 2008
(480252C2)
f74c9000 f74ca000 fltmgr fltmgr.sys unavailable (00000000)
f74e9000 f7500900 atapi atapi.sys Sun Apr 13 19:40:29 2008
(4802539D)
f7501000 f7526700 dmio dmio.sys Sun Apr 13 19:44:45 2008
(4802549D)
f7527000 f7545880 ftdisk ftdisk.sys Fri Aug 17 21:52:41 2001
(3B7D8419)
f7546000 f7556a80 pci pci.sys Sun Apr 13 19:36:43 2008
(480252BB)
f7557000 f7584d80 ACPI ACPI.sys Sun Apr 13 19:36:33 2008
(480252B1)
f7686000 f768f180 isapnp isapnp.sys Sun Apr 13 19:36:40 2008
(480252B8)
f7696000 f76a0580 MountMgr MountMgr.sys Sun Apr 13 19:39:45 2008
(48025371)
f76a6000 f76b2c80 VolSnap VolSnap.sys Sun Apr 13 19:41:00 2008
(480253BC)
f76b6000 f76bee00 disk disk.sys Sun Apr 13 19:40:46 2008
(480253AE)
f76c6000 f76d2180 CLASSPNP CLASSPNP.SYS Sun Apr 13 20:16:21 2008
(48025C05)
f76d6000 f76e0e80 uagp35 uagp35.sys Sun Apr 13 19:36:40 2008
(480252B8)
f7746000 f7750200 raspppoe raspppoe.sys Sun Apr 13 19:57:31 2008
(4802579B)
f7756000 f7761d00 raspptp raspptp.sys Sun Apr 13 20:19:47 2008
(48025CD3)
f7766000 f776e900 msgpc msgpc.sys Sun Apr 13 19:56:32 2008
(48025760)
f7776000 f777ff00 termdd termdd.sys Sun Apr 13 19:38:36 2008
(4802532C)
f7786000 f778fe80 NDProxy NDProxy.SYS Sun Apr 13 19:57:28 2008
(48025798)
f7796000 f77a4880 usbhub usbhub.sys Sun Apr 13 19:45:36 2008
(480254D0)
f77c6000 f77d1ca0 mfetdik mfetdik.sys Thu Aug 16 16:52:43 2007
(46C472CB)
f7876000 f787ee00 intelppm intelppm.sys Sun Apr 13 19:31:31 2008
(48025183)
f7886000 f7890480 imapi imapi.sys Sun Apr 13 19:40:57 2008
(480253B9)
f7896000 f78a5600 cdrom cdrom.sys Sun Apr 13 19:40:45 2008
(480253AD)
f78a6000 f78b4100 redbook redbook.sys Sun Apr 13 19:40:27 2008
(4802539B)
f78b6000 f78c2d00 i8042prt i8042prt.sys Sun Apr 13 20:17:59 2008
(48025C67)
f78c6000 f78d5c00 serial serial.sys Sun Apr 13 20:15:44 2008
(48025BE0)
f78d6000 f78e4b00 drmk drmk.sys Sun Apr 13 19:45:12 2008
(480254B8)
f78e6000 f78f0a00 fetnd5bv fetnd5bv.sys Wed Jan 02 02:12:23 2008
(477AF307)
f78f6000 f7902880 rasl2tp rasl2tp.sys Sun Apr 13 20:19:43 2008
(48025CCF)
f7906000 f790c180 PCIIDEX PCIIDEX.SYS Sun Apr 13 19:40:29 2008
(4802539D)
f790e000 f7912d00 PartMgr PartMgr.sys Sun Apr 13 19:40:48 2008
(480253B0)
f7916000 f791e000 videX32 videX32.sys Wed Feb 22 10:10:28 2006
(43FC3894)
f791e000 f7926000 xfilt xfilt.sys Wed Feb 22 10:10:20 2006
(43FC388C)
f798e000 f7994f60 MfeBOPK MfeBOPK.sys Thu Aug 16 16:55:06 2007
(46C4735A)
f79b6000 f79bb080 usbuhci usbuhci.sys Sun Apr 13 19:45:34 2008
(480254CE)
f79be000 f79c5600 usbehci usbehci.sys Sun Apr 13 19:45:34 2008
(480254CE)
f79c6000 f79cc000 kbdclass kbdclass.sys Sun Apr 13 19:39:46 2008
(48025372)
f79ce000 f79cf000 fdc fdc.sys unavailable (00000000)
f79d6000 f79daa80 TDI TDI.SYS Sun Apr 13 20:00:04 2008
(48025834)
f79de000 f79e2580 ptilink ptilink.sys Fri Aug 17 21:49:53 2001
(3B7D8371)
f79e6000 f79ea080 raspti raspti.sys Fri Aug 17 21:55:32 2001
(3B7D84C4)
f79ee000 f79f3a00 mouclass mouclass.sys Sun Apr 13 19:39:47 2008
(48025373)
f79f6000 f79f7000 flpydisk flpydisk.sys unavailable (00000000)
f7a06000 f7a0b200 vga vga.sys Sun Apr 13 19:44:40 2008
(48025498)
f7a0e000 f7a0f000 Msfs Msfs.SYS unavailable (00000000)
f7a16000 f7a1d880 Npfs Npfs.SYS Sun Apr 13 19:32:38 2008
(480251C6)
f7a1e000 f7a24180 HIDPARSE HIDPARSE.SYS Sun Apr 13 19:45:22 2008
(480254C2)
f7a46000 f7a4a500 watchdog watchdog.sys Sun Apr 13 19:44:59 2008
(480254AB)
f7a8e000 f7a93500 TDTCP TDTCP.SYS Sun Apr 13 19:38:35 2008
(4802532B)
f7a96000 f7a99000 BOOTVID BOOTVID.dll Fri Aug 17 21:49:09 2001
(3B7D8345)
f7b3e000 f7b40880 hidusb hidusb.sys Sun Apr 13 19:45:27 2008
(480254C7)
f7b42000 f7b44f80 mouhid mouhid.sys Fri Aug 17 21:47:57 2001
(3B7D82FD)
f7b4a000 f7b4dd80 serenum serenum.sys Sun Apr 13 19:40:12 2008
(4802538C)
f7b4e000 f7b50780 ndistapi ndistapi.sys Sun Apr 13 19:57:27 2008
(48025797)
f7b6a000 f7b6dc80 mssmbios mssmbios.sys Sun Apr 13 19:36:45 2008
(480252BD)
f7b86000 f7b87b80 kdcom kdcom.dll Fri Aug 17 21:49:10 2001
(3B7D8346)
f7b88000 f7b89100 WMILIB WMILIB.SYS Fri Aug 17 22:07:23 2001
(3B7D878B)
f7b8a000 f7b8b500 viaide viaide.sys Sun Apr 13 19:40:30 2008
(4802539E)
f7b8c000 f7b8d000 dmload dmload.sys unavailable (00000000)
f7b9c000 f7b9d100 swenum swenum.sys Sun Apr 13 19:39:52 2008
(48025378)
f7b9e000 f7b9f280 USBD USBD.SYS Fri Aug 17 22:02:58 2001
(3B7D8682)
f7ba0000 f7ba1000 Fs_Rec Fs_Rec.SYS unavailable (00000000)
f7ba2000 f7ba3080 Beep Beep.SYS Fri Aug 17 21:47:33 2001
(3B7D82E5)
f7ba4000 f7ba5080 mnmdd mnmdd.SYS Fri Aug 17 21:57:28 2001
(3B7D8538)
f7ba6000 f7ba7080 RDPCDD RDPCDD.sys Fri Aug 17 21:46:56 2001
(3B7D82C0)
f7bb2000 f7bb3100 dump_WMILIB dump_WMILIB.SYS Fri Aug 17 22:07:23
2001 (3B7D878B)
f7bf2000 f7bf3000 ParVdm ParVdm.SYS unavailable (00000000)
f7c4e000 f7c4ed00 pciide pciide.sys Fri Aug 17 21:51:49 2001
(3B7D83E5)
f7ce3000 f7ce3d00 dxgthk dxgthk.sys Fri Aug 17 21:53:12 2001
(3B7D8438)
f7ce8000 f7ce9000 Null Null.SYS unavailable (00000000)
f7dd4000 f7dd4c00 audstub audstub.sys Fri Aug 17 21:59:40 2001
(3B7D85BC)
Unloaded modules:
f1f02000 f1f2d000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f26ae000 f26c0000 MfeAVFK.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f798e000 f7995000 MfeBOPK.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f1f02000 f1f2d000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f246b000 f2496000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f7d0e000 f7d0f000 drmkaud.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f2e4f000 f2e5c000 DMusic.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f2536000 f2559000 aec.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f2a30000 f2a3e000 swmidi.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f7c44000 f7c46000 splitter.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f79fe000 f7a03000 Cdaudio.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
f7388000 f738b000 Sfloppy.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
Closing open log file c:\debuglog.txt
Then again its iexplore:
Opened log file 'c:\2.txt'
1: kd> .sympath srv*c:\symbols*http://msdl.microsoft.com/download/
symbols
Symbol search path is: srv*c:\symbols*http://msdl.microsoft.com/
download/symbols
1: kd> .reload; !analyze -v;r;kv;lmnt;.logclose;q
Loading Kernel Symbols
......................................................................................................................
Loading User Symbols
Loading unloaded module list
..............
*******************************************************************************
*
*
* Bugcheck
Analysis *
*
*
*******************************************************************************
KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address
pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this
address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never
have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 8054b10d, The address that the exception occurred at
Arg3: f2aac83c, Trap Frame
Arg4: 00000000
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx"
referenced memory at "0x%08lx". The memory could not be "%s".
FAULTING_IP:
nt!ExDeferredFreePool+107
8054b10d 893b mov dword ptr [ebx],edi
TRAP_FRAME: f2aac83c -- (.trap 0xfffffffff2aac83c)
..trap 0xfffffffff2aac83c
ErrCode = 00000002
eax=e2d75510 ebx=00000000 ecx=000001ff edx=e2d75888 esi=869ec050
edi=00000000
eip=8054b10d esp=f2aac8b0 ebp=f2aac8f0 iopl=0 nv up ei ng nz
ac pe cy
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
efl=00010297
nt!ExDeferredFreePool+0x107:
8054b10d 893b mov dword ptr [ebx],edi ds:
0023:00000000=????????
..trap
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0x8E
PROCESS_NAME: iexplore.exe
LAST_CONTROL_TRANSFER: from 8054b75f to 8054b10d
STACK_TEXT:
f2aac8f0 8054b75f 00000001 869ba598 85e28900 nt!ExDeferredFreePool
+0x107
f2aac930 805bfec2 e2b0a008 00000000 f2aac96c nt!ExFreePoolWithTag
+0x47f
f2aac940 805c023a e2b0a008 f2aac901 00000000 nt!
ObReleaseObjectSecurity
+0x1a
f2aac96c 8062ebea e17f6838 85e28900 00000001 nt!ObCheckObjectAccess
+0xd6
f2aac9b8 8062f474 e180b008 0016f058 00000000 nt!CmpDoOpen+0x256
f2aacbb0 805bf450 0016f058 00000000 85e28900 nt!CmpParseKey+0x558
f2aacc28 805bb9dc 00000000 f2aacc68 00000040 nt!ObpLookupObjectName
+0x53c
f2aacc7c 80624d13 00000000 869ba558 80504a01 nt!ObOpenObjectByName
+0xea
f2aacd50 8054162c 01b080dc 00000001 01b07e20 nt!NtOpenKey+0x1af
f2aacd50 7c90e4f4 01b080dc 00000001 01b07e20 nt!KiFastCallEntry+0xfc
WARNING: Frame IP not in any known module. Following frames may be
wrong.
01b07e48 00000000 00000000 00000000 00000000 0x7c90e4f4
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!ExDeferredFreePool+107
8054b10d 893b mov dword ptr [ebx],edi
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!ExDeferredFreePool+107
FOLLOWUP_NAME: Pool_corruption
IMAGE_NAME: Pool_Corruption
DEBUG_FLR_IMAGE_TIMESTAMP: 0
MODULE_NAME: Pool_Corruption
FAILURE_BUCKET_ID: 0x8E_nt!ExDeferredFreePool+107
BUCKET_ID: 0x8E_nt!ExDeferredFreePool+107
Followup: Pool_corruption
---------
eax=e2d75510 ebx=00000000 ecx=000001ff edx=e2d75888 esi=869ec050
edi=00000000
eip=8054b10d esp=f2aac8b0 ebp=f2aac8f0 iopl=0 nv up ei ng nz
ac pe cy
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
efl=00010297
nt!ExDeferredFreePool+0x107:
8054b10d 893b mov dword ptr [ebx],edi ds:
0023:00000000=????????
ChildEBP RetAddr Args to Child
f2aac8f0 8054b75f 00000001 869ba598 85e28900 nt!ExDeferredFreePool
+0x107 (FPO: [Non-Fpo])
f2aac930 805bfec2 e2b0a008 00000000 f2aac96c nt!ExFreePoolWithTag
+0x47f (FPO: [Non-Fpo])
f2aac940 805c023a e2b0a008 f2aac901 00000000 nt!
ObReleaseObjectSecurity
+0x1a (FPO: [Non-Fpo])
f2aac96c 8062ebea e17f6838 85e28900 00000001 nt!ObCheckObjectAccess
+0xd6 (FPO: [Non-Fpo])
f2aac9b8 8062f474 e180b008 0016f058 00000000 nt!CmpDoOpen+0x256 (FPO:
[Non-Fpo])
f2aacbb0 805bf450 0016f058 00000000 85e28900 nt!CmpParseKey+0x558
(FPO: [Non-Fpo])
f2aacc28 805bb9dc 00000000 f2aacc68 00000040 nt!ObpLookupObjectName
+0x53c (FPO: [Non-Fpo])
f2aacc7c 80624d13 00000000 869ba558 80504a01 nt!ObOpenObjectByName
+0xea (FPO: [Non-Fpo])
f2aacd50 8054162c 01b080dc 00000001 01b07e20 nt!NtOpenKey+0x1af (FPO:
[Non-Fpo])
f2aacd50 7c90e4f4 01b080dc 00000001 01b07e20 nt!KiFastCallEntry+0xfc
(FPO: [0,0] TrapFrame @ f2aacd64)
WARNING: Frame IP not in any known module. Following frames may be
wrong.
01b07e48 00000000 00000000 00000000 00000000 0x7c90e4f4
start end module name
804d7000 806e4000 nt ntkrpamp.exe Thu Aug 14 10:33:13 2008
(48A3FBD9)
806e4000 80704d00 hal halmacpi.dll Sun Apr 13 19:31:27 2008
(4802517F)
bf800000 bf9c2c80 win32k win32k.sys Mon Sep 15 13:12:42 2008
(48CE513A)
bf9c3000 bf9d4600 dxg dxg.sys Sun Apr 13 19:38:27 2008
(48025323)
bf9d5000 bfd29c00 vtdisp vtdisp.dll Thu Feb 09 08:23:09 2006
(43EAFBED)
bffa0000 bffe5c00 ATMFD ATMFD.DLL Mon Apr 14 01:09:55 2008
(4802A0D3)
f1e73000 f1e9d180 kmixer kmixer.sys Sun Apr 13 19:45:07 2008
(480254B3)
f1f69000 f1f7ab80 MfeAVFK MfeAVFK.sys Thu Aug 16 16:54:26 2007
(46C47332)
f1f9b000 f1fa1f60 MfeBOPK MfeBOPK.sys Thu Aug 16 16:55:06 2007
(46C4735A)
f21aa000 f21eaa80 HTTP HTTP.sys Sun Apr 13 19:53:48 2008
(480256BC)
f246b000 f247f480 wdmaud wdmaud.sys Sun Apr 13 20:17:18 2008
(48025C3E)
f2520000 f2542100 RDPWD RDPWD.SYS Sun Apr 13 19:38:40 2008
(48025330)
f25bf000 f25c2800 asyncmac asyncmac.sys Sun Apr 13 19:57:27 2008
(48025797)
f28ad000 f28bbd80 sysaudio sysaudio.sys Sun Apr 13 20:15:55 2008
(48025BEB)
f2b1d000 f2b6e800 srv srv.sys Mon Sep 08 11:41:40 2008
(48C50164)
f2c5f000 f2c8b180 mrxdav mrxdav.sys Sun Apr 13 19:32:42 2008
(480251CA)
f5328000 f532b900 ndisuio ndisuio.sys Sun Apr 13 19:55:57 2008
(4802573D)
f5334000 f534b900 dump_atapi dump_atapi.sys Sun Apr 13 19:40:29 2008
(4802539D)
f534c000 f537b820 mfehidk mfehidk.sys Thu Aug 16 16:51:29 2007
(46C47281)
f537c000 f53eb280 mrxsmb mrxsmb.sys Fri Oct 24 12:21:07 2008
(4901AFA3)
f53ec000 f5416e80 rdbss rdbss.sys Sun Apr 13 20:28:38 2008
(48025EE6)
f54b7000 f54d8d00 afd afd.sys Thu Aug 14 11:04:35 2008
(48A40333)
f54d9000 f5500c00 netbt netbt.sys Sun Apr 13 20:20:59 2008
(48025D1B)
f5501000 f5526500 ipnat ipnat.sys Sun Apr 13 19:57:10 2008
(48025786)
f554f000 f55a7480 tcpip tcpip.sys Fri Jun 20 12:51:09 2008
(485B99AD)
f55a8000 f55ba600 ipsec ipsec.sys Sun Apr 13 20:19:42 2008
(48025CCE)
f69c5000 f6a22f00 update update.sys Sun Apr 13 19:39:46 2008
(48025372)
f6a27000 f6a29900 Dxapi Dxapi.sys Fri Aug 17 21:53:19 2001
(3B7D843F)
f6a4b000 f6a7ae80 rdpdr rdpdr.sys Sun Apr 13 19:32:50 2008
(480251D2)
f6a7b000 f6a8be00 psched psched.sys Sun Apr 13 19:56:36 2008
(48025764)
f6a8c000 f6aa2580 ndiswan ndiswan.sys Sun Apr 13 20:20:41 2008
(48025D09)
f6aa3000 f6ac6a80 portcls portcls.sys Sun Apr 13 20:19:40 2008
(48025CCC)
f6ac7000 f6e8e040 ALCXWDM ALCXWDM.SYS Fri Mar 31 07:38:44 2006
(442CCE74)
f6e8f000 f6ea2900 parport parport.sys Sun Apr 13 19:40:09 2008
(48025389)
f6ea3000 f6ec6200 USBPORT USBPORT.SYS Sun Apr 13 19:45:34 2008
(480254CE)
f6ec7000 f6ee9700 ks ks.sys Sun Apr 13 20:16:34 2008
(48025C12)
f6eea000 f6efdf00 VIDEOPRT VIDEOPRT.SYS Sun Apr 13 19:44:39 2008
(48025497)
f6efe000 f6f3ab80 vtmini vtmini.sys Thu Feb 09 08:23:18 2006
(43EAFBF6)
f6f3b000 f6f4a900 Cdfs Cdfs.SYS Sun Apr 13 20:14:21 2008
(48025B8D)
f6f8b000 f6f94000 HIDCLASS HIDCLASS.SYS Sun Apr 13 19:45:25 2008
(480254C5)
f6fab000 f6fb5e00 Fips Fips.SYS Sun Apr 13 19:33:27 2008
(480251F7)
f6fbb000 f6fc3780 netbios netbios.sys Sun Apr 13 19:56:01 2008
(48025741)
f6fcb000 f6fd3700 wanarp wanarp.sys Sun Apr 13 19:57:20 2008
(48025790)
f7392000 f73abb80 Mup Mup.sys Sun Apr 13 20:17:05 2008
(48025C31)
f73ac000 f73d8980 NDIS NDIS.sys Sun Apr 13 20:20:35 2008
(48025D03)
f73d9000 f7465600 Ntfs Ntfs.sys Sun Apr 13 20:15:49 2008
(48025BE5)
f7466000 f747c880 KSecDD KSecDD.sys Sun Apr 13 19:31:40 2008
(4802518C)
f747d000 f748ef00 sr sr.sys Sun Apr 13 19:36:50 2008
(480252C2)
f748f000 f74aeb00 fltmgr fltmgr.sys Sun Apr 13 19:32:58 2008
(480251DA)
f74af000 f74c6900 atapi atapi.sys Sun Apr 13 19:40:29 2008
(4802539D)
f74c7000 f74ec700 dmio dmio.sys Sun Apr 13 19:44:45 2008
(4802549D)
f74ed000 f750b880 ftdisk ftdisk.sys Fri Aug 17 21:52:41 2001
(3B7D8419)
f750c000 f751ca80 pci pci.sys Sun Apr 13 19:36:43 2008
(480252BB)
f751d000 f754ad80 ACPI ACPI.sys Sun Apr 13 19:36:33 2008
(480252B1)
f764c000 f7655180 isapnp isapnp.sys Sun Apr 13 19:36:40 2008
(480252B8)
f765c000 f7666580 MountMgr MountMgr.sys Sun Apr 13 19:39:45 2008
(48025371)
f766c000 f7678c80 VolSnap VolSnap.sys Sun Apr 13 19:41:00 2008
(480253BC)
f767c000 f7684e00 disk disk.sys Sun Apr 13 19:40:46 2008
(480253AE)
f768c000 f7698180 CLASSPNP CLASSPNP.SYS Sun Apr 13 20:16:21 2008
(48025C05)
f769c000 f76a6e80 uagp35 uagp35.sys Sun Apr 13 19:36:40 2008
(480252B8)
f770c000 f7716a00 fetnd5bv fetnd5bv.sys Wed Jan 02 02:12:23 2008
(477AF307)
f771c000 f7728880 rasl2tp rasl2tp.sys Sun Apr 13 20:19:43 2008
(48025CCF)
f772c000 f7736200 raspppoe raspppoe.sys Sun Apr 13 19:57:31 2008
(4802579B)
f773c000 f7747d00 raspptp raspptp.sys Sun Apr 13 20:19:47 2008
(48025CD3)
f774c000 f7754900 msgpc msgpc.sys Sun Apr 13 19:56:32 2008
(48025760)
f775c000 f7765f00 termdd termdd.sys Sun Apr 13 19:38:36 2008
(4802532C)
f776c000 f7775e80 NDProxy NDProxy.SYS Sun Apr 13 19:57:28 2008
(48025798)
f777c000 f778a880 usbhub usbhub.sys Sun Apr 13 19:45:36 2008
(480254D0)
f779c000 f77a7ca0 mfetdik mfetdik.sys Thu Aug 16 16:52:43 2007
(46C472CB)
f785c000 f7864e00 intelppm intelppm.sys Sun Apr 13 19:31:31 2008
(48025183)
f786c000 f7876480 imapi imapi.sys Sun Apr 13 19:40:57 2008
(480253B9)
f787c000 f788b600 cdrom cdrom.sys Sun Apr 13 19:40:45 2008
(480253AD)
f788c000 f789a100 redbook redbook.sys Sun Apr 13 19:40:27 2008
(4802539B)
f789c000 f78a8d00 i8042prt i8042prt.sys Sun Apr 13 20:17:59 2008
(48025C67)
f78ac000 f78bbc00 serial serial.sys Sun Apr 13 20:15:44 2008
(48025BE0)
f78bc000 f78cab00 drmk drmk.sys Sun Apr 13 19:45:12 2008
(480254B8)
f78cc000 f78d2180 PCIIDEX PCIIDEX.SYS Sun Apr 13 19:40:29 2008
(4802539D)
f78d4000 f78d8d00 PartMgr PartMgr.sys Sun Apr 13 19:40:48 2008
(480253B0)
f78dc000 f78e4000 videX32 videX32.sys Wed Feb 22 10:10:28 2006
(43FC3894)
f78e4000 f78ec000 xfilt xfilt.sys Wed Feb 22 10:10:20 2006
(43FC388C)
f7964000 f7969500 TDTCP TDTCP.SYS Sun Apr 13 19:38:35 2008
(4802532B)
f7984000 f7989080 usbuhci usbuhci.sys Sun Apr 13 19:45:34 2008
(480254CE)
f798c000 f7993600 usbehci usbehci.sys Sun Apr 13 19:45:34 2008
(480254CE)
f7994000 f799a000 kbdclass kbdclass.sys Sun Apr 13 19:39:46 2008
(48025372)
f799c000 f799d000 fdc fdc.sys unavailable (00000000)
f79a4000 f79a8a80 TDI TDI.SYS Sun Apr 13 20:00:04 2008
(48025834)
f79ac000 f79b0580 ptilink ptilink.sys Fri Aug 17 21:49:53 2001
(3B7D8371)
f79b4000 f79b8080 raspti raspti.sys Fri Aug 17 21:55:32 2001
(3B7D84C4)
f79bc000 f79c1a00 mouclass mouclass.sys Sun Apr 13 19:39:47 2008
(48025373)
f79c4000 f79c9000 flpydisk flpydisk.sys Sun Apr 13 19:40:24 2008
(48025398)
f79d4000 f79d9200 vga vga.sys Sun Apr 13 19:44:40 2008
(48025498)
f79dc000 f79e0a80 Msfs Msfs.SYS Sun Apr 13 19:32:38 2008
(480251C6)
f79e4000 f79eb880 Npfs Npfs.SYS Sun Apr 13 19:32:38 2008
(480251C6)
f79ec000 f79f2180 HIDPARSE HIDPARSE.SYS Sun Apr 13 19:45:22 2008
(480254C2)
f79f4000 f79f8500 watchdog watchdog.sys Sun Apr 13 19:44:59 2008
(480254AB)
f7a5c000 f7a5f000 BOOTVID BOOTVID.dll Fri Aug 17 21:49:09 2001
(3B7D8345)
f7ae4000 f7ae6280 rasacd rasacd.sys Fri Aug 17 21:55:39 2001
(3B7D84CB)
f7b04000 f7b06880 hidusb hidusb.sys Sun Apr 13 19:45:27 2008
(480254C7)
f7b08000 f7b0af80 mouhid mouhid.sys Fri Aug 17 21:47:57 2001
(3B7D82FD)
f7b18000 f7b1bd80 serenum serenum.sys Sun Apr 13 19:40:12 2008
(4802538C)
f7b20000 f7b22780 ndistapi ndistapi.sys Sun Apr 13 19:57:27 2008
(48025797)
f7b40000 f7b43c80 mssmbios mssmbios.sys Sun Apr 13 19:36:45 2008
(480252BD)
f7b4c000 f7b4db80 kdcom kdcom.dll Fri Aug 17 21:49:10 2001
(3B7D8346)
f7b4e000 f7b4f100 WMILIB WMILIB.SYS Fri Aug 17 22:07:23 2001
(3B7D878B)
f7b50000 f7b51500 viaide viaide.sys Sun Apr 13 19:40:30 2008
(4802539E)
f7b52000 f7b53700 dmload dmload.sys Fri Aug 17 21:58:15 2001
(3B7D8567)
f7b60000 f7b61100 swenum swenum.sys Sun Apr 13 19:39:52 2008
(48025378)
f7b62000 f7b63280 USBD USBD.SYS Fri Aug 17 22:02:58 2001
(3B7D8682)
f7b64000 f7b65f00 Fs_Rec Fs_Rec.SYS Fri Aug 17 21:49:37 2001
(3B7D8361)
f7b66000 f7b67080 Beep Beep.SYS Fri Aug 17 21:47:33 2001
(3B7D82E5)
f7b68000 f7b69080 mnmdd mnmdd.SYS Fri Aug 17 21:57:28 2001
(3B7D8538)
f7b6a000 f7b6b080 RDPCDD RDPCDD.sys Fri Aug 17 21:46:56 2001
(3B7D82C0)
f7b76000 f7b77100 dump_WMILIB dump_WMILIB.SYS Fri Aug 17 22:07:23
2001 (3B7D878B)
f7bc0000 f7bc1a80 ParVdm ParVdm.SYS Fri Aug 17 21:49:49 2001
(3B7D836D)
f7c14000 f7c14d00 pciide pciide.sys Fri Aug 17 21:51:49 2001
(3B7D83E5)
f7c6d000 f7c6dc00 audstub audstub.sys Fri Aug 17 21:59:40 2001
(3B7D85BC)
f7cd2000 f7cd2b80 Null Null.SYS Fri Aug 17 21:47:39 2001
(3B7D82EB)
f7cd3000 f7cd3d00 dxgthk dxgthk.sys Fri Aug 17 21:53:12 2001
(3B7D8438)
Unloaded modules:
f1e73000 f1e9e000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f1f3e000 f1f69000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f1f3e000 f1f69000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f241d000 f2448000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f7d9b000 f7d9c000 drmkaud.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f5497000 f54a4000 DMusic.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f2448000 f246b000 aec.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f2633000 f2641000 swmidi.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f7bb8000 f7bba000 splitter.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f2723000 f2735000 MfeAVFK.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f7a3c000 f7a43000 MfeBOPK.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f79cc000 f79d1000 Cdaudio.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
f7ae0000 f7ae3000 Sfloppy.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
Closing open log file c:\2.txt
Is it something that can be repaired or do I need to reinstall the
system?
yaro
day which is quite annoying.
I managed to get the minidump logs but have no clue what's going on as
there seem to be a couple of causes for the BSOD.
Firstly it's the explorer process :
Microsoft (R) Windows Debugger Version 6.9.0003.113 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\WINDOWS\Minidump\Mini120508-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: C:\symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 3) MP (2 procs) Free x86
compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp3_gdr.080814-1236
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720
Debug session time: Fri Dec 5 12:46:47.273 2008 (GMT+0)
System Uptime: 0 days 0:03:18.406
Loading Kernel Symbols
.........................................................................................................................
Loading User Symbols
Loading unloaded module list
...
*******************************************************************************
*
*
* Bugcheck
Analysis *
*
*
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000000A, {a1b001c, 1c, 0, 804fa276}
*** ERROR: Module load completed but symbols could not be loaded for
Ntfs.sys
*** ERROR: Module load completed but symbols could not be loaded for
sr.sys
Probably caused by : sr.sys ( sr+459 )
Followup: MachineOwner
---------
1: kd> t
^ No runnable debuggees error in 't'
1: kd> !analyze -v;r;kv;
*******************************************************************************
*
*
* Bugcheck
Analysis *
*
*
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid)
address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0a1b001c, memory referenced
Arg2: 0000001c, IRQL
Arg3: 00000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute
operation
(only on chips which support this level of status)
Arg4: 804fa276, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: 0a1b001c
CURRENT_IRQL: 1c
FAULTING_IP:
nt!KeSetEvent+32
804fa276 66394616 cmp word ptr [esi+16h],ax
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: explorer.exe
LAST_CONTROL_TRANSFER: from 804e71c4 to 804fa276
STACK_TEXT:
f6deb660 804e71c4 859ef4d0 00000000 00000000 nt!KeSetEvent+0x32
f6deb67c 804e262a 00000020 00000301 00000001 nt!CcFreeVirtualAddress
+0x3a
f6deb698 80569fd9 00000000 f6deb930 f6deb6c0 nt!CcUnpinFileData+0x1a
f6deb6a8 f743b4c0 85bb27c9 00000000 e1c66ba0 nt!CcUnpinData+0x47
WARNING: Stack unwind information not available. Following frames may
be wrong.
f6deb6c0 f743c6d0 00000001 e1a658c0 f6deb8e0 Ntfs+0x284c0
f6deb6d0 f743c363 f6deb930 e1c66ba0 f743c307 Ntfs+0x296d0
f6deb8e0 f743b2e8 f6deb930 85515008 85bcb470 Ntfs+0x29363
f6deb914 f743b253 f6deb930 e17c2b38 85516d10 Ntfs+0x282e8
f6deba8c 804ef19f 85bcb390 85515008 85bcfc50 Ntfs+0x28253
f6deba9c f74b7459 f6debad8 804ef19f 85bcbd58 nt!IopfCallDriver+0x31
f6debaa4 804ef19f 85bcbd58 85515008 85515008 sr+0x459
f6debad8 804ef19f 8591f7a0 85515008 806e6410 nt!IopfCallDriver+0x31
f6debae8 8057f982 f6debb54 f6debbf8 80579e64 nt!IopfCallDriver+0x31
f6debafc 80579ec1 8591f7a0 85515008 85516d10 nt!
IopSynchronousServiceTail+0x70
f6debb20 8054162c 80000bb8 00000000 00000000 nt!NtQueryDirectoryFile
+0x5d
f6debb20 805008a1 80000bb8 00000000 00000000 nt!KiFastCallEntry+0xfc
f6debbc4 8061df65 80000bb8 00000000 00000000 nt!ZwQueryDirectoryFile
+0x11
f6debc38 8061fbda 00000000 00000036 00000000 nt!
CcPfPrefetchDirectoryContents+0xa3
f6debc60 8062059b 00000025 163c6341 000001b4 nt!CcPfPrefetchMetadata
+0x76
f6debc8c 806209d2 e1158000 00080000 85502510 nt!CcPfPrefetchScenario
+0x6d
f6debd08 805cfec5 85502510 e17e2fd8 00000000 nt!CcPfBeginAppLaunch
+0x158
f6debd50 805460ee 00000000 7c8106f5 00000001 nt!PspUserThreadStartup
+0xeb
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
STACK_COMMAND: kb
FOLLOWUP_IP:
sr+459
f74b7459 5d pop ebp
SYMBOL_STACK_INDEX: a
SYMBOL_NAME: sr+459
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: sr
IMAGE_NAME: sr.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 480252c2
FAILURE_BUCKET_ID: 0xA_sr+459
BUCKET_ID: 0xA_sr+459
Followup: MachineOwner
---------
eax=00000001 ebx=85bb2702 ecx=859ef4d0 edx=00000000 esi=0a1b0006
edi=859ef4d0
eip=804fa276 esp=f6deb654 ebp=f6deb660 iopl=0 nv up ei ng nz
na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
efl=00010282
nt!KeSetEvent+0x32:
804fa276 66394616 cmp word ptr [esi+16h],ax ds:
0023:0a1b001c=????
ChildEBP RetAddr Args to Child
f6deb660 804e71c4 859ef4d0 00000000 00000000 nt!KeSetEvent+0x32 (FPO:
[Non-Fpo])
f6deb67c 804e262a 00000020 00000301 00000001 nt!CcFreeVirtualAddress
+0x3a (FPO: [0,0,0])
f6deb698 80569fd9 00000000 f6deb930 f6deb6c0 nt!CcUnpinFileData+0x1a
(FPO: [Non-Fpo])
f6deb6a8 f743b4c0 85bb27c9 00000000 e1c66ba0 nt!CcUnpinData+0x47 (FPO:
[Non-Fpo])
WARNING: Stack unwind information not available. Following frames may
be wrong.
f6deb6c0 f743c6d0 00000001 e1a658c0 f6deb8e0 Ntfs+0x284c0
f6deb6d0 f743c363 f6deb930 e1c66ba0 f743c307 Ntfs+0x296d0
f6deb8e0 f743b2e8 f6deb930 85515008 85bcb470 Ntfs+0x29363
f6deb914 f743b253 f6deb930 e17c2b38 85516d10 Ntfs+0x282e8
f6deba8c 804ef19f 85bcb390 85515008 85bcfc50 Ntfs+0x28253
f6deba9c f74b7459 f6debad8 804ef19f 85bcbd58 nt!IopfCallDriver+0x31
(FPO: [0,0,0])
f6debaa4 804ef19f 85bcbd58 85515008 85515008 sr+0x459
f6debad8 804ef19f 8591f7a0 85515008 806e6410 nt!IopfCallDriver+0x31
(FPO: [0,0,0])
f6debae8 8057f982 f6debb54 f6debbf8 80579e64 nt!IopfCallDriver+0x31
(FPO: [0,0,0])
f6debafc 80579ec1 8591f7a0 85515008 85516d10 nt!
IopSynchronousServiceTail+0x70 (FPO: [Non-Fpo])
f6debb20 8054162c 80000bb8 00000000 00000000 nt!NtQueryDirectoryFile
+0x5d (FPO: [Non-Fpo])
f6debb20 805008a1 80000bb8 00000000 00000000 nt!KiFastCallEntry+0xfc
(FPO: [0,0] TrapFrame @ f6debb54)
f6debbc4 8061df65 80000bb8 00000000 00000000 nt!ZwQueryDirectoryFile
+0x11 (FPO: [11,0,0])
f6debc38 8061fbda 00000000 00000036 00000000 nt!
CcPfPrefetchDirectoryContents+0xa3 (FPO: [Non-Fpo])
f6debc60 8062059b 00000025 163c6341 000001b4 nt!CcPfPrefetchMetadata
+0x76 (FPO: [Non-Fpo])
f6debc8c 806209d2 e1158000 00080000 85502510 nt!CcPfPrefetchScenario
+0x6d (FPO: [Non-Fpo])
Another time it's McAfee (I got rid of it already):
Microsoft (R) Windows Debugger Version 6.9.0003.113 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\WINDOWS\Minidump\Mini120508-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: C:\symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 3) MP (2 procs) Free x86
compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp3_gdr.080814-1236
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720
Debug session time: Fri Dec 5 12:46:47.273 2008 (GMT+0)
System Uptime: 0 days 0:03:18.406
Loading Kernel Symbols
.........................................................................................................................
Loading User Symbols
Loading unloaded module list
...
*******************************************************************************
*
*
* Bugcheck
Analysis *
*
*
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000000A, {a1b001c, 1c, 0, 804fa276}
*** ERROR: Module load completed but symbols could not be loaded for
Ntfs.sys
*** ERROR: Module load completed but symbols could not be loaded for
sr.sys
Probably caused by : sr.sys ( sr+459 )
Followup: MachineOwner
---------
1: kd> t
^ No runnable debuggees error in 't'
1: kd> !analyze -v;r;kv;
*******************************************************************************
*
*
* Bugcheck
Analysis *
*
*
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid)
address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0a1b001c, memory referenced
Arg2: 0000001c, IRQL
Arg3: 00000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute
operation
(only on chips which support this level of status)
Arg4: 804fa276, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: 0a1b001c
CURRENT_IRQL: 1c
FAULTING_IP:
nt!KeSetEvent+32
804fa276 66394616 cmp word ptr [esi+16h],ax
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: explorer.exe
LAST_CONTROL_TRANSFER: from 804e71c4 to 804fa276
STACK_TEXT:
f6deb660 804e71c4 859ef4d0 00000000 00000000 nt!KeSetEvent+0x32
f6deb67c 804e262a 00000020 00000301 00000001 nt!CcFreeVirtualAddress
+0x3a
f6deb698 80569fd9 00000000 f6deb930 f6deb6c0 nt!CcUnpinFileData+0x1a
f6deb6a8 f743b4c0 85bb27c9 00000000 e1c66ba0 nt!CcUnpinData+0x47
WARNING: Stack unwind information not available. Following frames may
be wrong.
f6deb6c0 f743c6d0 00000001 e1a658c0 f6deb8e0 Ntfs+0x284c0
f6deb6d0 f743c363 f6deb930 e1c66ba0 f743c307 Ntfs+0x296d0
f6deb8e0 f743b2e8 f6deb930 85515008 85bcb470 Ntfs+0x29363
f6deb914 f743b253 f6deb930 e17c2b38 85516d10 Ntfs+0x282e8
f6deba8c 804ef19f 85bcb390 85515008 85bcfc50 Ntfs+0x28253
f6deba9c f74b7459 f6debad8 804ef19f 85bcbd58 nt!IopfCallDriver+0x31
f6debaa4 804ef19f 85bcbd58 85515008 85515008 sr+0x459
f6debad8 804ef19f 8591f7a0 85515008 806e6410 nt!IopfCallDriver+0x31
f6debae8 8057f982 f6debb54 f6debbf8 80579e64 nt!IopfCallDriver+0x31
f6debafc 80579ec1 8591f7a0 85515008 85516d10 nt!
IopSynchronousServiceTail+0x70
f6debb20 8054162c 80000bb8 00000000 00000000 nt!NtQueryDirectoryFile
+0x5d
f6debb20 805008a1 80000bb8 00000000 00000000 nt!KiFastCallEntry+0xfc
f6debbc4 8061df65 80000bb8 00000000 00000000 nt!ZwQueryDirectoryFile
+0x11
f6debc38 8061fbda 00000000 00000036 00000000 nt!
CcPfPrefetchDirectoryContents+0xa3
f6debc60 8062059b 00000025 163c6341 000001b4 nt!CcPfPrefetchMetadata
+0x76
f6debc8c 806209d2 e1158000 00080000 85502510 nt!CcPfPrefetchScenario
+0x6d
f6debd08 805cfec5 85502510 e17e2fd8 00000000 nt!CcPfBeginAppLaunch
+0x158
f6debd50 805460ee 00000000 7c8106f5 00000001 nt!PspUserThreadStartup
+0xeb
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
STACK_COMMAND: kb
FOLLOWUP_IP:
sr+459
f74b7459 5d pop ebp
SYMBOL_STACK_INDEX: a
SYMBOL_NAME: sr+459
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: sr
IMAGE_NAME: sr.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 480252c2
FAILURE_BUCKET_ID: 0xA_sr+459
BUCKET_ID: 0xA_sr+459
Followup: MachineOwner
---------
eax=00000001 ebx=85bb2702 ecx=859ef4d0 edx=00000000 esi=0a1b0006
edi=859ef4d0
eip=804fa276 esp=f6deb654 ebp=f6deb660 iopl=0 nv up ei ng nz
na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
efl=00010282
nt!KeSetEvent+0x32:
804fa276 66394616 cmp word ptr [esi+16h],ax ds:
0023:0a1b001c=????
ChildEBP RetAddr Args to Child
f6deb660 804e71c4 859ef4d0 00000000 00000000 nt!KeSetEvent+0x32 (FPO:
[Non-Fpo])
f6deb67c 804e262a 00000020 00000301 00000001 nt!CcFreeVirtualAddress
+0x3a (FPO: [0,0,0])
f6deb698 80569fd9 00000000 f6deb930 f6deb6c0 nt!CcUnpinFileData+0x1a
(FPO: [Non-Fpo])
f6deb6a8 f743b4c0 85bb27c9 00000000 e1c66ba0 nt!CcUnpinData+0x47 (FPO:
[Non-Fpo])
WARNING: Stack unwind information not available. Following frames may
be wrong.
f6deb6c0 f743c6d0 00000001 e1a658c0 f6deb8e0 Ntfs+0x284c0
f6deb6d0 f743c363 f6deb930 e1c66ba0 f743c307 Ntfs+0x296d0
f6deb8e0 f743b2e8 f6deb930 85515008 85bcb470 Ntfs+0x29363
f6deb914 f743b253 f6deb930 e17c2b38 85516d10 Ntfs+0x282e8
f6deba8c 804ef19f 85bcb390 85515008 85bcfc50 Ntfs+0x28253
f6deba9c f74b7459 f6debad8 804ef19f 85bcbd58 nt!IopfCallDriver+0x31
(FPO: [0,0,0])
f6debaa4 804ef19f 85bcbd58 85515008 85515008 sr+0x459
f6debad8 804ef19f 8591f7a0 85515008 806e6410 nt!IopfCallDriver+0x31
(FPO: [0,0,0])
f6debae8 8057f982 f6debb54 f6debbf8 80579e64 nt!IopfCallDriver+0x31
(FPO: [0,0,0])
f6debafc 80579ec1 8591f7a0 85515008 85516d10 nt!
IopSynchronousServiceTail+0x70 (FPO: [Non-Fpo])
f6debb20 8054162c 80000bb8 00000000 00000000 nt!NtQueryDirectoryFile
+0x5d (FPO: [Non-Fpo])
f6debb20 805008a1 80000bb8 00000000 00000000 nt!KiFastCallEntry+0xfc
(FPO: [0,0] TrapFrame @ f6debb54)
f6debbc4 8061df65 80000bb8 00000000 00000000 nt!ZwQueryDirectoryFile
+0x11 (FPO: [11,0,0])
f6debc38 8061fbda 00000000 00000036 00000000 nt!
CcPfPrefetchDirectoryContents+0xa3 (FPO: [Non-Fpo])
f6debc60 8062059b 00000025 163c6341 000001b4 nt!CcPfPrefetchMetadata
+0x76 (FPO: [Non-Fpo])
f6debc8c 806209d2 e1158000 00080000 85502510 nt!CcPfPrefetchScenario
+0x6d (FPO: [Non-Fpo])
Other times it's a process called csrss :
Opened log file 'c:\debuglog.txt'
0: kd> .sympath srv*c:\symbols*http://msdl.microsoft.com/downloads/
symbols
Symbol search path is: srv*c:\symbols*http://msdl.microsoft.com/
downloads/symbols
0: kd> .reload;!analyze -v;r;kv;lmnt;.logclose;q
Loading Kernel Symbols
.....................................................................................................................
Loading User Symbols
Loading unloaded module list
.............
*******************************************************************************
*
*
* Bugcheck
Analysis *
*
*
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid)
address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0000fffd, memory referenced
Arg2: 0000001c, IRQL
Arg3: 00000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute
operation
(only on chips which support this level of status)
Arg4: 80502367, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: 0000fffd
CURRENT_IRQL: 1c
FAULTING_IP:
nt!KiInsertTimerTable+2f
80502367 3b51fc cmp edx,dword ptr [ecx-4]
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: csrss.exe
LAST_CONTROL_TRANSFER: from 8050245b to 80502367
STACK_TEXT:
f7835a4c 8050245b fffd19d0 ffffffff 4f9aa24e nt!KiInsertTimerTable
+0x2f
f7835a68 804fa0c5 fffd19d0 ffffffff 0000001f nt!KiInsertTreeTimer+0x7d
f7835a88 804fa16c 0093bea8 fffd19d0 ffffffff nt!KeSetTimerEx+0x4d
f7835aa4 bf8011e1 8593bea8 fffd19d0 ffffffff nt!KeSetTimer+0x18
f7835ad4 bf89412b 00000022 006efff4 bf801067 win32k!TimersProc+0x128
f7835d30 bf878b35 f7825490 00000002 f7835d54 win32k!RawInputThread
+0x634
f7835d40 bf80108a f7825490 f7835d64 006efff4 win32k!
xxxCreateSystemThreads+0x60
f7835d54 8054162c 00000000 00000022 00000000 win32k!NtUserCallOneParam
+0x23
f7835d54 7c90e4f4 00000000 00000022 00000000 nt!KiFastCallEntry+0xfc
WARNING: Frame IP not in any known module. Following frames may be
wrong.
00000000 00000000 00000000 00000000 00000000 0x7c90e4f4
STACK_COMMAND: kb
FOLLOWUP_IP:
win32k!TimersProc+128
bf8011e1 e820f9ffff call win32k!LeaveCrit (bf800b06)
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: win32k!TimersProc+128
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: win32k
IMAGE_NAME: win32k.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 48ce513a
FAILURE_BUCKET_ID: 0xA_win32k!TimersProc+128
BUCKET_ID: 0xA_win32k!TimersProc+128
Followup: MachineOwner
---------
eax=4f9d887e ebx=00000000 ecx=00010001 edx=00000002 esi=8593bea8
edi=8055c8a0
eip=80502367 esp=f7835a44 ebp=f7835a4c iopl=0 nv up ei pl nz
na po cy
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
efl=00010203
nt!KiInsertTimerTable+0x2f:
80502367 3b51fc cmp edx,dword ptr [ecx-4] ds:
0023:0000fffd=????????
ChildEBP RetAddr Args to Child
f7835a4c 8050245b fffd19d0 ffffffff 4f9aa24e nt!KiInsertTimerTable
+0x2f (FPO: [Non-Fpo])
f7835a68 804fa0c5 fffd19d0 ffffffff 0000001f nt!KiInsertTreeTimer+0x7d
(FPO: [Non-Fpo])
f7835a88 804fa16c 0093bea8 fffd19d0 ffffffff nt!KeSetTimerEx+0x4d
(FPO: [Non-Fpo])
f7835aa4 bf8011e1 8593bea8 fffd19d0 ffffffff nt!KeSetTimer+0x18 (FPO:
[Non-Fpo])
f7835ad4 bf89412b 00000022 006efff4 bf801067 win32k!TimersProc+0x128
(FPO: [Non-Fpo])
f7835d30 bf878b35 f7825490 00000002 f7835d54 win32k!RawInputThread
+0x634 (FPO: [Non-Fpo])
f7835d40 bf80108a f7825490 f7835d64 006efff4 win32k!
xxxCreateSystemThreads+0x60 (FPO: [Non-Fpo])
f7835d54 8054162c 00000000 00000022 00000000 win32k!NtUserCallOneParam
+0x23 (FPO: [Non-Fpo])
f7835d54 7c90e4f4 00000000 00000022 00000000 nt!KiFastCallEntry+0xfc
(FPO: [0,0] TrapFrame @ f7835d64)
WARNING: Frame IP not in any known module. Following frames may be
wrong.
00000000 00000000 00000000 00000000 00000000 0x7c90e4f4
start end module name
804d7000 806e4000 nt ntkrpamp.exe Thu Aug 14 10:33:13 2008
(48A3FBD9)
806e4000 80704d00 hal halmacpi.dll Sun Apr 13 19:31:27 2008
(4802517F)
bf800000 bf9c2c80 win32k win32k.sys Mon Sep 15 13:12:42 2008
(48CE513A)
bf9c3000 bf9d4600 dxg dxg.sys Sun Apr 13 19:38:27 2008
(48025323)
bf9d5000 bfd29c00 vtdisp vtdisp.dll Thu Feb 09 08:23:09 2006
(43EAFBED)
bffa0000 bffe5c00 ATMFD ATMFD.DLL Mon Apr 14 01:09:55 2008
(4802A0D3)
f1e50000 f1e61b80 MfeAVFK MfeAVFK.sys Thu Aug 16 16:54:26 2007
(46C47332)
f21d5000 f21f7100 RDPWD RDPWD.SYS Sun Apr 13 19:38:40 2008
(48025330)
f2220000 f2260a80 HTTP HTTP.sys Sun Apr 13 19:53:48 2008
(480256BC)
f2301000 f2304800 asyncmac asyncmac.sys Sun Apr 13 19:57:27 2008
(48025797)
f2559000 f256d480 wdmaud wdmaud.sys Sun Apr 13 20:17:18 2008
(48025C3E)
f2800000 f280ed80 sysaudio sysaudio.sys Sun Apr 13 20:15:55 2008
(48025BEB)
f2aa8000 f2af9800 srv srv.sys Mon Sep 08 11:41:40 2008
(48C50164)
f2bea000 f2c16180 mrxdav mrxdav.sys Sun Apr 13 19:32:42 2008
(480251CA)
f2dcb000 f2dce900 ndisuio ndisuio.sys Sun Apr 13 19:55:57 2008
(4802573D)
f52e7000 f52fe900 dump_atapi dump_atapi.sys Sun Apr 13 19:40:29 2008
(4802539D)
f52ff000 f532e820 mfehidk mfehidk.sys Thu Aug 16 16:51:29 2007
(46C47281)
f532f000 f539e280 mrxsmb mrxsmb.sys Fri Oct 24 12:21:07 2008
(4901AFA3)
f539f000 f53c9e80 rdbss rdbss.sys Sun Apr 13 20:28:38 2008
(48025EE6)
f53ca000 f53ebd00 afd afd.sys Thu Aug 14 11:04:35 2008
(48A40333)
f53ec000 f5413c00 netbt netbt.sys Sun Apr 13 20:20:59 2008
(48025D1B)
f5414000 f5439500 ipnat ipnat.sys Sun Apr 13 19:57:10 2008
(48025786)
f5502000 f555a480 tcpip tcpip.sys Fri Jun 20 12:51:09 2008
(485B99AD)
f555b000 f556d600 ipsec ipsec.sys Sun Apr 13 20:19:42 2008
(48025CCE)
f691e000 f6920900 Dxapi Dxapi.sys Fri Aug 17 21:53:19 2001
(3B7D843F)
f6978000 f69d5f00 update update.sys Sun Apr 13 19:39:46 2008
(48025372)
f69fe000 f6a2de80 rdpdr rdpdr.sys Sun Apr 13 19:32:50 2008
(480251D2)
f6a2e000 f6a3ee00 psched psched.sys Sun Apr 13 19:56:36 2008
(48025764)
f6a3f000 f6a55580 ndiswan ndiswan.sys Sun Apr 13 20:20:41 2008
(48025D09)
f6a56000 f6a79a80 portcls portcls.sys Sun Apr 13 20:19:40 2008
(48025CCC)
f6a7a000 f6e41040 ALCXWDM ALCXWDM.SYS Fri Mar 31 07:38:44 2006
(442CCE74)
f6e42000 f6e55900 parport parport.sys Sun Apr 13 19:40:09 2008
(48025389)
f6e56000 f6e79200 USBPORT USBPORT.SYS Sun Apr 13 19:45:34 2008
(480254CE)
f6e7a000 f6e9c700 ks ks.sys Sun Apr 13 20:16:34 2008
(48025C12)
f6e9d000 f6eb0f00 VIDEOPRT VIDEOPRT.SYS Sun Apr 13 19:44:39 2008
(48025497)
f6eb1000 f6eedb80 vtmini vtmini.sys Thu Feb 09 08:23:18 2006
(43EAFBF6)
f6efe000 f6f0d900 Cdfs Cdfs.SYS Sun Apr 13 20:14:21 2008
(48025B8D)
f6f3e000 f6f47000 HIDCLASS HIDCLASS.SYS Sun Apr 13 19:45:25 2008
(480254C5)
f6f5e000 f6f68e00 Fips Fips.SYS Sun Apr 13 19:33:27 2008
(480251F7)
f6f6e000 f6f76780 netbios netbios.sys Sun Apr 13 19:56:01 2008
(48025741)
f6f7e000 f6f86700 wanarp wanarp.sys Sun Apr 13 19:57:20 2008
(48025790)
f7384000 f7386280 rasacd rasacd.sys Fri Aug 17 21:55:39 2001
(3B7D84CB)
f73cc000 f73e5b80 Mup Mup.sys Sun Apr 13 20:17:05 2008
(48025C31)
f73e6000 f7412980 NDIS NDIS.sys Sun Apr 13 20:20:35 2008
(48025D03)
f7413000 f749f600 Ntfs Ntfs.sys Sun Apr 13 20:15:49 2008
(48025BE5)
f74a0000 f74b6880 KSecDD KSecDD.sys Sun Apr 13 19:31:40 2008
(4802518C)
f74b7000 f74c8f00 sr sr.sys Sun Apr 13 19:36:50 2008
(480252C2)
f74c9000 f74ca000 fltmgr fltmgr.sys unavailable (00000000)
f74e9000 f7500900 atapi atapi.sys Sun Apr 13 19:40:29 2008
(4802539D)
f7501000 f7526700 dmio dmio.sys Sun Apr 13 19:44:45 2008
(4802549D)
f7527000 f7545880 ftdisk ftdisk.sys Fri Aug 17 21:52:41 2001
(3B7D8419)
f7546000 f7556a80 pci pci.sys Sun Apr 13 19:36:43 2008
(480252BB)
f7557000 f7584d80 ACPI ACPI.sys Sun Apr 13 19:36:33 2008
(480252B1)
f7686000 f768f180 isapnp isapnp.sys Sun Apr 13 19:36:40 2008
(480252B8)
f7696000 f76a0580 MountMgr MountMgr.sys Sun Apr 13 19:39:45 2008
(48025371)
f76a6000 f76b2c80 VolSnap VolSnap.sys Sun Apr 13 19:41:00 2008
(480253BC)
f76b6000 f76bee00 disk disk.sys Sun Apr 13 19:40:46 2008
(480253AE)
f76c6000 f76d2180 CLASSPNP CLASSPNP.SYS Sun Apr 13 20:16:21 2008
(48025C05)
f76d6000 f76e0e80 uagp35 uagp35.sys Sun Apr 13 19:36:40 2008
(480252B8)
f7746000 f7750200 raspppoe raspppoe.sys Sun Apr 13 19:57:31 2008
(4802579B)
f7756000 f7761d00 raspptp raspptp.sys Sun Apr 13 20:19:47 2008
(48025CD3)
f7766000 f776e900 msgpc msgpc.sys Sun Apr 13 19:56:32 2008
(48025760)
f7776000 f777ff00 termdd termdd.sys Sun Apr 13 19:38:36 2008
(4802532C)
f7786000 f778fe80 NDProxy NDProxy.SYS Sun Apr 13 19:57:28 2008
(48025798)
f7796000 f77a4880 usbhub usbhub.sys Sun Apr 13 19:45:36 2008
(480254D0)
f77c6000 f77d1ca0 mfetdik mfetdik.sys Thu Aug 16 16:52:43 2007
(46C472CB)
f7876000 f787ee00 intelppm intelppm.sys Sun Apr 13 19:31:31 2008
(48025183)
f7886000 f7890480 imapi imapi.sys Sun Apr 13 19:40:57 2008
(480253B9)
f7896000 f78a5600 cdrom cdrom.sys Sun Apr 13 19:40:45 2008
(480253AD)
f78a6000 f78b4100 redbook redbook.sys Sun Apr 13 19:40:27 2008
(4802539B)
f78b6000 f78c2d00 i8042prt i8042prt.sys Sun Apr 13 20:17:59 2008
(48025C67)
f78c6000 f78d5c00 serial serial.sys Sun Apr 13 20:15:44 2008
(48025BE0)
f78d6000 f78e4b00 drmk drmk.sys Sun Apr 13 19:45:12 2008
(480254B8)
f78e6000 f78f0a00 fetnd5bv fetnd5bv.sys Wed Jan 02 02:12:23 2008
(477AF307)
f78f6000 f7902880 rasl2tp rasl2tp.sys Sun Apr 13 20:19:43 2008
(48025CCF)
f7906000 f790c180 PCIIDEX PCIIDEX.SYS Sun Apr 13 19:40:29 2008
(4802539D)
f790e000 f7912d00 PartMgr PartMgr.sys Sun Apr 13 19:40:48 2008
(480253B0)
f7916000 f791e000 videX32 videX32.sys Wed Feb 22 10:10:28 2006
(43FC3894)
f791e000 f7926000 xfilt xfilt.sys Wed Feb 22 10:10:20 2006
(43FC388C)
f798e000 f7994f60 MfeBOPK MfeBOPK.sys Thu Aug 16 16:55:06 2007
(46C4735A)
f79b6000 f79bb080 usbuhci usbuhci.sys Sun Apr 13 19:45:34 2008
(480254CE)
f79be000 f79c5600 usbehci usbehci.sys Sun Apr 13 19:45:34 2008
(480254CE)
f79c6000 f79cc000 kbdclass kbdclass.sys Sun Apr 13 19:39:46 2008
(48025372)
f79ce000 f79cf000 fdc fdc.sys unavailable (00000000)
f79d6000 f79daa80 TDI TDI.SYS Sun Apr 13 20:00:04 2008
(48025834)
f79de000 f79e2580 ptilink ptilink.sys Fri Aug 17 21:49:53 2001
(3B7D8371)
f79e6000 f79ea080 raspti raspti.sys Fri Aug 17 21:55:32 2001
(3B7D84C4)
f79ee000 f79f3a00 mouclass mouclass.sys Sun Apr 13 19:39:47 2008
(48025373)
f79f6000 f79f7000 flpydisk flpydisk.sys unavailable (00000000)
f7a06000 f7a0b200 vga vga.sys Sun Apr 13 19:44:40 2008
(48025498)
f7a0e000 f7a0f000 Msfs Msfs.SYS unavailable (00000000)
f7a16000 f7a1d880 Npfs Npfs.SYS Sun Apr 13 19:32:38 2008
(480251C6)
f7a1e000 f7a24180 HIDPARSE HIDPARSE.SYS Sun Apr 13 19:45:22 2008
(480254C2)
f7a46000 f7a4a500 watchdog watchdog.sys Sun Apr 13 19:44:59 2008
(480254AB)
f7a8e000 f7a93500 TDTCP TDTCP.SYS Sun Apr 13 19:38:35 2008
(4802532B)
f7a96000 f7a99000 BOOTVID BOOTVID.dll Fri Aug 17 21:49:09 2001
(3B7D8345)
f7b3e000 f7b40880 hidusb hidusb.sys Sun Apr 13 19:45:27 2008
(480254C7)
f7b42000 f7b44f80 mouhid mouhid.sys Fri Aug 17 21:47:57 2001
(3B7D82FD)
f7b4a000 f7b4dd80 serenum serenum.sys Sun Apr 13 19:40:12 2008
(4802538C)
f7b4e000 f7b50780 ndistapi ndistapi.sys Sun Apr 13 19:57:27 2008
(48025797)
f7b6a000 f7b6dc80 mssmbios mssmbios.sys Sun Apr 13 19:36:45 2008
(480252BD)
f7b86000 f7b87b80 kdcom kdcom.dll Fri Aug 17 21:49:10 2001
(3B7D8346)
f7b88000 f7b89100 WMILIB WMILIB.SYS Fri Aug 17 22:07:23 2001
(3B7D878B)
f7b8a000 f7b8b500 viaide viaide.sys Sun Apr 13 19:40:30 2008
(4802539E)
f7b8c000 f7b8d000 dmload dmload.sys unavailable (00000000)
f7b9c000 f7b9d100 swenum swenum.sys Sun Apr 13 19:39:52 2008
(48025378)
f7b9e000 f7b9f280 USBD USBD.SYS Fri Aug 17 22:02:58 2001
(3B7D8682)
f7ba0000 f7ba1000 Fs_Rec Fs_Rec.SYS unavailable (00000000)
f7ba2000 f7ba3080 Beep Beep.SYS Fri Aug 17 21:47:33 2001
(3B7D82E5)
f7ba4000 f7ba5080 mnmdd mnmdd.SYS Fri Aug 17 21:57:28 2001
(3B7D8538)
f7ba6000 f7ba7080 RDPCDD RDPCDD.sys Fri Aug 17 21:46:56 2001
(3B7D82C0)
f7bb2000 f7bb3100 dump_WMILIB dump_WMILIB.SYS Fri Aug 17 22:07:23
2001 (3B7D878B)
f7bf2000 f7bf3000 ParVdm ParVdm.SYS unavailable (00000000)
f7c4e000 f7c4ed00 pciide pciide.sys Fri Aug 17 21:51:49 2001
(3B7D83E5)
f7ce3000 f7ce3d00 dxgthk dxgthk.sys Fri Aug 17 21:53:12 2001
(3B7D8438)
f7ce8000 f7ce9000 Null Null.SYS unavailable (00000000)
f7dd4000 f7dd4c00 audstub audstub.sys Fri Aug 17 21:59:40 2001
(3B7D85BC)
Unloaded modules:
f1f02000 f1f2d000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f26ae000 f26c0000 MfeAVFK.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f798e000 f7995000 MfeBOPK.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f1f02000 f1f2d000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f246b000 f2496000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f7d0e000 f7d0f000 drmkaud.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f2e4f000 f2e5c000 DMusic.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f2536000 f2559000 aec.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f2a30000 f2a3e000 swmidi.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f7c44000 f7c46000 splitter.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f79fe000 f7a03000 Cdaudio.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
f7388000 f738b000 Sfloppy.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
Closing open log file c:\debuglog.txt
Then again its iexplore:
Opened log file 'c:\2.txt'
1: kd> .sympath srv*c:\symbols*http://msdl.microsoft.com/download/
symbols
Symbol search path is: srv*c:\symbols*http://msdl.microsoft.com/
download/symbols
1: kd> .reload; !analyze -v;r;kv;lmnt;.logclose;q
Loading Kernel Symbols
......................................................................................................................
Loading User Symbols
Loading unloaded module list
..............
*******************************************************************************
*
*
* Bugcheck
Analysis *
*
*
*******************************************************************************
KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address
pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this
address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never
have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 8054b10d, The address that the exception occurred at
Arg3: f2aac83c, Trap Frame
Arg4: 00000000
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx"
referenced memory at "0x%08lx". The memory could not be "%s".
FAULTING_IP:
nt!ExDeferredFreePool+107
8054b10d 893b mov dword ptr [ebx],edi
TRAP_FRAME: f2aac83c -- (.trap 0xfffffffff2aac83c)
..trap 0xfffffffff2aac83c
ErrCode = 00000002
eax=e2d75510 ebx=00000000 ecx=000001ff edx=e2d75888 esi=869ec050
edi=00000000
eip=8054b10d esp=f2aac8b0 ebp=f2aac8f0 iopl=0 nv up ei ng nz
ac pe cy
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
efl=00010297
nt!ExDeferredFreePool+0x107:
8054b10d 893b mov dword ptr [ebx],edi ds:
0023:00000000=????????
..trap
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0x8E
PROCESS_NAME: iexplore.exe
LAST_CONTROL_TRANSFER: from 8054b75f to 8054b10d
STACK_TEXT:
f2aac8f0 8054b75f 00000001 869ba598 85e28900 nt!ExDeferredFreePool
+0x107
f2aac930 805bfec2 e2b0a008 00000000 f2aac96c nt!ExFreePoolWithTag
+0x47f
f2aac940 805c023a e2b0a008 f2aac901 00000000 nt!
ObReleaseObjectSecurity
+0x1a
f2aac96c 8062ebea e17f6838 85e28900 00000001 nt!ObCheckObjectAccess
+0xd6
f2aac9b8 8062f474 e180b008 0016f058 00000000 nt!CmpDoOpen+0x256
f2aacbb0 805bf450 0016f058 00000000 85e28900 nt!CmpParseKey+0x558
f2aacc28 805bb9dc 00000000 f2aacc68 00000040 nt!ObpLookupObjectName
+0x53c
f2aacc7c 80624d13 00000000 869ba558 80504a01 nt!ObOpenObjectByName
+0xea
f2aacd50 8054162c 01b080dc 00000001 01b07e20 nt!NtOpenKey+0x1af
f2aacd50 7c90e4f4 01b080dc 00000001 01b07e20 nt!KiFastCallEntry+0xfc
WARNING: Frame IP not in any known module. Following frames may be
wrong.
01b07e48 00000000 00000000 00000000 00000000 0x7c90e4f4
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!ExDeferredFreePool+107
8054b10d 893b mov dword ptr [ebx],edi
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!ExDeferredFreePool+107
FOLLOWUP_NAME: Pool_corruption
IMAGE_NAME: Pool_Corruption
DEBUG_FLR_IMAGE_TIMESTAMP: 0
MODULE_NAME: Pool_Corruption
FAILURE_BUCKET_ID: 0x8E_nt!ExDeferredFreePool+107
BUCKET_ID: 0x8E_nt!ExDeferredFreePool+107
Followup: Pool_corruption
---------
eax=e2d75510 ebx=00000000 ecx=000001ff edx=e2d75888 esi=869ec050
edi=00000000
eip=8054b10d esp=f2aac8b0 ebp=f2aac8f0 iopl=0 nv up ei ng nz
ac pe cy
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
efl=00010297
nt!ExDeferredFreePool+0x107:
8054b10d 893b mov dword ptr [ebx],edi ds:
0023:00000000=????????
ChildEBP RetAddr Args to Child
f2aac8f0 8054b75f 00000001 869ba598 85e28900 nt!ExDeferredFreePool
+0x107 (FPO: [Non-Fpo])
f2aac930 805bfec2 e2b0a008 00000000 f2aac96c nt!ExFreePoolWithTag
+0x47f (FPO: [Non-Fpo])
f2aac940 805c023a e2b0a008 f2aac901 00000000 nt!
ObReleaseObjectSecurity
+0x1a (FPO: [Non-Fpo])
f2aac96c 8062ebea e17f6838 85e28900 00000001 nt!ObCheckObjectAccess
+0xd6 (FPO: [Non-Fpo])
f2aac9b8 8062f474 e180b008 0016f058 00000000 nt!CmpDoOpen+0x256 (FPO:
[Non-Fpo])
f2aacbb0 805bf450 0016f058 00000000 85e28900 nt!CmpParseKey+0x558
(FPO: [Non-Fpo])
f2aacc28 805bb9dc 00000000 f2aacc68 00000040 nt!ObpLookupObjectName
+0x53c (FPO: [Non-Fpo])
f2aacc7c 80624d13 00000000 869ba558 80504a01 nt!ObOpenObjectByName
+0xea (FPO: [Non-Fpo])
f2aacd50 8054162c 01b080dc 00000001 01b07e20 nt!NtOpenKey+0x1af (FPO:
[Non-Fpo])
f2aacd50 7c90e4f4 01b080dc 00000001 01b07e20 nt!KiFastCallEntry+0xfc
(FPO: [0,0] TrapFrame @ f2aacd64)
WARNING: Frame IP not in any known module. Following frames may be
wrong.
01b07e48 00000000 00000000 00000000 00000000 0x7c90e4f4
start end module name
804d7000 806e4000 nt ntkrpamp.exe Thu Aug 14 10:33:13 2008
(48A3FBD9)
806e4000 80704d00 hal halmacpi.dll Sun Apr 13 19:31:27 2008
(4802517F)
bf800000 bf9c2c80 win32k win32k.sys Mon Sep 15 13:12:42 2008
(48CE513A)
bf9c3000 bf9d4600 dxg dxg.sys Sun Apr 13 19:38:27 2008
(48025323)
bf9d5000 bfd29c00 vtdisp vtdisp.dll Thu Feb 09 08:23:09 2006
(43EAFBED)
bffa0000 bffe5c00 ATMFD ATMFD.DLL Mon Apr 14 01:09:55 2008
(4802A0D3)
f1e73000 f1e9d180 kmixer kmixer.sys Sun Apr 13 19:45:07 2008
(480254B3)
f1f69000 f1f7ab80 MfeAVFK MfeAVFK.sys Thu Aug 16 16:54:26 2007
(46C47332)
f1f9b000 f1fa1f60 MfeBOPK MfeBOPK.sys Thu Aug 16 16:55:06 2007
(46C4735A)
f21aa000 f21eaa80 HTTP HTTP.sys Sun Apr 13 19:53:48 2008
(480256BC)
f246b000 f247f480 wdmaud wdmaud.sys Sun Apr 13 20:17:18 2008
(48025C3E)
f2520000 f2542100 RDPWD RDPWD.SYS Sun Apr 13 19:38:40 2008
(48025330)
f25bf000 f25c2800 asyncmac asyncmac.sys Sun Apr 13 19:57:27 2008
(48025797)
f28ad000 f28bbd80 sysaudio sysaudio.sys Sun Apr 13 20:15:55 2008
(48025BEB)
f2b1d000 f2b6e800 srv srv.sys Mon Sep 08 11:41:40 2008
(48C50164)
f2c5f000 f2c8b180 mrxdav mrxdav.sys Sun Apr 13 19:32:42 2008
(480251CA)
f5328000 f532b900 ndisuio ndisuio.sys Sun Apr 13 19:55:57 2008
(4802573D)
f5334000 f534b900 dump_atapi dump_atapi.sys Sun Apr 13 19:40:29 2008
(4802539D)
f534c000 f537b820 mfehidk mfehidk.sys Thu Aug 16 16:51:29 2007
(46C47281)
f537c000 f53eb280 mrxsmb mrxsmb.sys Fri Oct 24 12:21:07 2008
(4901AFA3)
f53ec000 f5416e80 rdbss rdbss.sys Sun Apr 13 20:28:38 2008
(48025EE6)
f54b7000 f54d8d00 afd afd.sys Thu Aug 14 11:04:35 2008
(48A40333)
f54d9000 f5500c00 netbt netbt.sys Sun Apr 13 20:20:59 2008
(48025D1B)
f5501000 f5526500 ipnat ipnat.sys Sun Apr 13 19:57:10 2008
(48025786)
f554f000 f55a7480 tcpip tcpip.sys Fri Jun 20 12:51:09 2008
(485B99AD)
f55a8000 f55ba600 ipsec ipsec.sys Sun Apr 13 20:19:42 2008
(48025CCE)
f69c5000 f6a22f00 update update.sys Sun Apr 13 19:39:46 2008
(48025372)
f6a27000 f6a29900 Dxapi Dxapi.sys Fri Aug 17 21:53:19 2001
(3B7D843F)
f6a4b000 f6a7ae80 rdpdr rdpdr.sys Sun Apr 13 19:32:50 2008
(480251D2)
f6a7b000 f6a8be00 psched psched.sys Sun Apr 13 19:56:36 2008
(48025764)
f6a8c000 f6aa2580 ndiswan ndiswan.sys Sun Apr 13 20:20:41 2008
(48025D09)
f6aa3000 f6ac6a80 portcls portcls.sys Sun Apr 13 20:19:40 2008
(48025CCC)
f6ac7000 f6e8e040 ALCXWDM ALCXWDM.SYS Fri Mar 31 07:38:44 2006
(442CCE74)
f6e8f000 f6ea2900 parport parport.sys Sun Apr 13 19:40:09 2008
(48025389)
f6ea3000 f6ec6200 USBPORT USBPORT.SYS Sun Apr 13 19:45:34 2008
(480254CE)
f6ec7000 f6ee9700 ks ks.sys Sun Apr 13 20:16:34 2008
(48025C12)
f6eea000 f6efdf00 VIDEOPRT VIDEOPRT.SYS Sun Apr 13 19:44:39 2008
(48025497)
f6efe000 f6f3ab80 vtmini vtmini.sys Thu Feb 09 08:23:18 2006
(43EAFBF6)
f6f3b000 f6f4a900 Cdfs Cdfs.SYS Sun Apr 13 20:14:21 2008
(48025B8D)
f6f8b000 f6f94000 HIDCLASS HIDCLASS.SYS Sun Apr 13 19:45:25 2008
(480254C5)
f6fab000 f6fb5e00 Fips Fips.SYS Sun Apr 13 19:33:27 2008
(480251F7)
f6fbb000 f6fc3780 netbios netbios.sys Sun Apr 13 19:56:01 2008
(48025741)
f6fcb000 f6fd3700 wanarp wanarp.sys Sun Apr 13 19:57:20 2008
(48025790)
f7392000 f73abb80 Mup Mup.sys Sun Apr 13 20:17:05 2008
(48025C31)
f73ac000 f73d8980 NDIS NDIS.sys Sun Apr 13 20:20:35 2008
(48025D03)
f73d9000 f7465600 Ntfs Ntfs.sys Sun Apr 13 20:15:49 2008
(48025BE5)
f7466000 f747c880 KSecDD KSecDD.sys Sun Apr 13 19:31:40 2008
(4802518C)
f747d000 f748ef00 sr sr.sys Sun Apr 13 19:36:50 2008
(480252C2)
f748f000 f74aeb00 fltmgr fltmgr.sys Sun Apr 13 19:32:58 2008
(480251DA)
f74af000 f74c6900 atapi atapi.sys Sun Apr 13 19:40:29 2008
(4802539D)
f74c7000 f74ec700 dmio dmio.sys Sun Apr 13 19:44:45 2008
(4802549D)
f74ed000 f750b880 ftdisk ftdisk.sys Fri Aug 17 21:52:41 2001
(3B7D8419)
f750c000 f751ca80 pci pci.sys Sun Apr 13 19:36:43 2008
(480252BB)
f751d000 f754ad80 ACPI ACPI.sys Sun Apr 13 19:36:33 2008
(480252B1)
f764c000 f7655180 isapnp isapnp.sys Sun Apr 13 19:36:40 2008
(480252B8)
f765c000 f7666580 MountMgr MountMgr.sys Sun Apr 13 19:39:45 2008
(48025371)
f766c000 f7678c80 VolSnap VolSnap.sys Sun Apr 13 19:41:00 2008
(480253BC)
f767c000 f7684e00 disk disk.sys Sun Apr 13 19:40:46 2008
(480253AE)
f768c000 f7698180 CLASSPNP CLASSPNP.SYS Sun Apr 13 20:16:21 2008
(48025C05)
f769c000 f76a6e80 uagp35 uagp35.sys Sun Apr 13 19:36:40 2008
(480252B8)
f770c000 f7716a00 fetnd5bv fetnd5bv.sys Wed Jan 02 02:12:23 2008
(477AF307)
f771c000 f7728880 rasl2tp rasl2tp.sys Sun Apr 13 20:19:43 2008
(48025CCF)
f772c000 f7736200 raspppoe raspppoe.sys Sun Apr 13 19:57:31 2008
(4802579B)
f773c000 f7747d00 raspptp raspptp.sys Sun Apr 13 20:19:47 2008
(48025CD3)
f774c000 f7754900 msgpc msgpc.sys Sun Apr 13 19:56:32 2008
(48025760)
f775c000 f7765f00 termdd termdd.sys Sun Apr 13 19:38:36 2008
(4802532C)
f776c000 f7775e80 NDProxy NDProxy.SYS Sun Apr 13 19:57:28 2008
(48025798)
f777c000 f778a880 usbhub usbhub.sys Sun Apr 13 19:45:36 2008
(480254D0)
f779c000 f77a7ca0 mfetdik mfetdik.sys Thu Aug 16 16:52:43 2007
(46C472CB)
f785c000 f7864e00 intelppm intelppm.sys Sun Apr 13 19:31:31 2008
(48025183)
f786c000 f7876480 imapi imapi.sys Sun Apr 13 19:40:57 2008
(480253B9)
f787c000 f788b600 cdrom cdrom.sys Sun Apr 13 19:40:45 2008
(480253AD)
f788c000 f789a100 redbook redbook.sys Sun Apr 13 19:40:27 2008
(4802539B)
f789c000 f78a8d00 i8042prt i8042prt.sys Sun Apr 13 20:17:59 2008
(48025C67)
f78ac000 f78bbc00 serial serial.sys Sun Apr 13 20:15:44 2008
(48025BE0)
f78bc000 f78cab00 drmk drmk.sys Sun Apr 13 19:45:12 2008
(480254B8)
f78cc000 f78d2180 PCIIDEX PCIIDEX.SYS Sun Apr 13 19:40:29 2008
(4802539D)
f78d4000 f78d8d00 PartMgr PartMgr.sys Sun Apr 13 19:40:48 2008
(480253B0)
f78dc000 f78e4000 videX32 videX32.sys Wed Feb 22 10:10:28 2006
(43FC3894)
f78e4000 f78ec000 xfilt xfilt.sys Wed Feb 22 10:10:20 2006
(43FC388C)
f7964000 f7969500 TDTCP TDTCP.SYS Sun Apr 13 19:38:35 2008
(4802532B)
f7984000 f7989080 usbuhci usbuhci.sys Sun Apr 13 19:45:34 2008
(480254CE)
f798c000 f7993600 usbehci usbehci.sys Sun Apr 13 19:45:34 2008
(480254CE)
f7994000 f799a000 kbdclass kbdclass.sys Sun Apr 13 19:39:46 2008
(48025372)
f799c000 f799d000 fdc fdc.sys unavailable (00000000)
f79a4000 f79a8a80 TDI TDI.SYS Sun Apr 13 20:00:04 2008
(48025834)
f79ac000 f79b0580 ptilink ptilink.sys Fri Aug 17 21:49:53 2001
(3B7D8371)
f79b4000 f79b8080 raspti raspti.sys Fri Aug 17 21:55:32 2001
(3B7D84C4)
f79bc000 f79c1a00 mouclass mouclass.sys Sun Apr 13 19:39:47 2008
(48025373)
f79c4000 f79c9000 flpydisk flpydisk.sys Sun Apr 13 19:40:24 2008
(48025398)
f79d4000 f79d9200 vga vga.sys Sun Apr 13 19:44:40 2008
(48025498)
f79dc000 f79e0a80 Msfs Msfs.SYS Sun Apr 13 19:32:38 2008
(480251C6)
f79e4000 f79eb880 Npfs Npfs.SYS Sun Apr 13 19:32:38 2008
(480251C6)
f79ec000 f79f2180 HIDPARSE HIDPARSE.SYS Sun Apr 13 19:45:22 2008
(480254C2)
f79f4000 f79f8500 watchdog watchdog.sys Sun Apr 13 19:44:59 2008
(480254AB)
f7a5c000 f7a5f000 BOOTVID BOOTVID.dll Fri Aug 17 21:49:09 2001
(3B7D8345)
f7ae4000 f7ae6280 rasacd rasacd.sys Fri Aug 17 21:55:39 2001
(3B7D84CB)
f7b04000 f7b06880 hidusb hidusb.sys Sun Apr 13 19:45:27 2008
(480254C7)
f7b08000 f7b0af80 mouhid mouhid.sys Fri Aug 17 21:47:57 2001
(3B7D82FD)
f7b18000 f7b1bd80 serenum serenum.sys Sun Apr 13 19:40:12 2008
(4802538C)
f7b20000 f7b22780 ndistapi ndistapi.sys Sun Apr 13 19:57:27 2008
(48025797)
f7b40000 f7b43c80 mssmbios mssmbios.sys Sun Apr 13 19:36:45 2008
(480252BD)
f7b4c000 f7b4db80 kdcom kdcom.dll Fri Aug 17 21:49:10 2001
(3B7D8346)
f7b4e000 f7b4f100 WMILIB WMILIB.SYS Fri Aug 17 22:07:23 2001
(3B7D878B)
f7b50000 f7b51500 viaide viaide.sys Sun Apr 13 19:40:30 2008
(4802539E)
f7b52000 f7b53700 dmload dmload.sys Fri Aug 17 21:58:15 2001
(3B7D8567)
f7b60000 f7b61100 swenum swenum.sys Sun Apr 13 19:39:52 2008
(48025378)
f7b62000 f7b63280 USBD USBD.SYS Fri Aug 17 22:02:58 2001
(3B7D8682)
f7b64000 f7b65f00 Fs_Rec Fs_Rec.SYS Fri Aug 17 21:49:37 2001
(3B7D8361)
f7b66000 f7b67080 Beep Beep.SYS Fri Aug 17 21:47:33 2001
(3B7D82E5)
f7b68000 f7b69080 mnmdd mnmdd.SYS Fri Aug 17 21:57:28 2001
(3B7D8538)
f7b6a000 f7b6b080 RDPCDD RDPCDD.sys Fri Aug 17 21:46:56 2001
(3B7D82C0)
f7b76000 f7b77100 dump_WMILIB dump_WMILIB.SYS Fri Aug 17 22:07:23
2001 (3B7D878B)
f7bc0000 f7bc1a80 ParVdm ParVdm.SYS Fri Aug 17 21:49:49 2001
(3B7D836D)
f7c14000 f7c14d00 pciide pciide.sys Fri Aug 17 21:51:49 2001
(3B7D83E5)
f7c6d000 f7c6dc00 audstub audstub.sys Fri Aug 17 21:59:40 2001
(3B7D85BC)
f7cd2000 f7cd2b80 Null Null.SYS Fri Aug 17 21:47:39 2001
(3B7D82EB)
f7cd3000 f7cd3d00 dxgthk dxgthk.sys Fri Aug 17 21:53:12 2001
(3B7D8438)
Unloaded modules:
f1e73000 f1e9e000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f1f3e000 f1f69000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f1f3e000 f1f69000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f241d000 f2448000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f7d9b000 f7d9c000 drmkaud.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f5497000 f54a4000 DMusic.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f2448000 f246b000 aec.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f2633000 f2641000 swmidi.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f7bb8000 f7bba000 splitter.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f2723000 f2735000 MfeAVFK.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f7a3c000 f7a43000 MfeBOPK.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f79cc000 f79d1000 Cdaudio.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
f7ae0000 f7ae3000 Sfloppy.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
Closing open log file c:\2.txt
Is it something that can be repaired or do I need to reinstall the
system?
yaro