bencutmore
Thread Starter
- Joined
- Jul 26, 2004
- Messages
- 46
Hi there, I bought a new Dell XPS M1530 laptop about a month ago and I've been getting random BSOD errors, usually once per day at least, sometimes more. It doesn't seem to happen when th emachine is under particular strain. It has happened 2-3 times when I tried to shut down the laptop, all the others are pretty much random.
I've ran MS memory diagnostics tool for a few hours aswell as the Dell diagnostics tool, which appears to do pretty much the same thing, but checks other areas such as GPU etc too. I haven't tried a fresh install of Vista yet, becuase I use this laptop to work on, I was sort of hoping someone here could have a look at my crashdumps and hopefully it would be somethin simple before I go through the backup/restore process. Perhaps wishful thinking though.
Below is my last 2 crash dumps, though I've seen at least 1 crashdump which looks different to these, so I don't know how helpful they'll be. As well as a HJT log.
Microsoft (R) Windows Debugger Version 6.9.0003.113 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\Minidump\Mini100108-02.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\local cache*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Server 2008 Kernel Version 6001 (Service Pack 1) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 6001.18063.x86fre.vistasp1_gdr.080425-1930
Kernel base = 0x81a12000 PsLoadedModuleList = 0x81b29c70
Debug session time: Wed Oct 1 06:48:42.912 2008 (GMT+1)
System Uptime: 0 days 0:36:09.344
Loading Kernel Symbols
..............................................................................................................................................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1A, {5003, 94630000, 2239, 2bcf072}
Probably caused by : win32k.sys ( win32k!vSolidFillRect1+107 )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
MEMORY_MANAGEMENT (1a)
# Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 00005003, The subtype of the bugcheck.
Arg2: 94630000
Arg3: 00002239
Arg4: 02bcf072
Debugging Details:
------------------
BUGCHECK_STR: 0x1a_5003
CUSTOMER_CRASH_COUNT: 2
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: firefox.exe
CURRENT_IRQL: 0
TRAP_FRAME: a6ea38b4 -- (.trap 0xffffffffa6ea38b4)
ErrCode = 00000002
eax=00000000 ebx=0000017d ecx=000000d3 edx=000003a3 esi=fc400008 edi=fc4e4000
eip=81a65d60 esp=a6ea3928 ebp=a6ea395c iopl=0 nv up ei pl nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010206
nt!RtlFillMemoryUlong+0x10:
81a65d60 f3ab rep stos dword ptr es:[edi]
Resetting default scope
LAST_CONTROL_TRANSFER: from 81a7e926 to 81adf163
STACK_TEXT:
a6ea364c 81a7e926 0000001a 00005003 94630000 nt!KeBugCheckEx+0x1e
a6ea3684 81a99789 c07e2720 82c8bf50 00000000 nt!MiAllocateWsle+0x7d
a6ea36bc 81a9754b 00000001 8b105d70 fc4e4000 nt!MiCompleteProtoPteFault+0x211
a6ea3714 81a99424 00000001 fc4e4000 b48e1758 nt!MiResolveDemandZeroFault+0x5d2
a6ea3758 81a9699f 00000001 fc4e4000 c07e2720 nt!MiResolveProtoPteFault+0x3c3
a6ea3820 81ab80f3 fc4e4000 b48e1758 00000000 nt!MiDispatchFault+0x9a6
a6ea389c 81a6cbb4 00000001 fc4e4000 00000000 nt!MmAccessFault+0x10ac
a6ea389c 81a65d60 00000001 fc4e4000 00000000 nt!KiTrap0E+0xdc
a6ea3928 94f206f7 fc4e34c0 00000e8c 00000000 nt!RtlFillMemoryUlong+0x10
a6ea395c 94f1bcc7 a6ea3c1c 00000001 fc400008 win32k!vSolidFillRect1+0x107
a6ea3afc 94f1b8b7 94f205f0 a6ea3c1c 00000000 win32k!vDIBSolidBlt+0x102
a6ea3b68 94f1b4f2 ffa77590 00000000 00000000 win32k!EngBitBlt+0x18e
a6ea3bc8 94f1b677 fc904de8 a6ea3c2c a6ea3c1c win32k!GrePatBltLockedDC+0x212
a6ea3c70 94ef058e a6ea3d04 0000f0f0 0037ec9c win32k!GrePolyPatBltInternal+0x173
a6ea3d28 81a69a7a 01011ac6 00f00021 0037ec9c win32k!NtGdiPolyPatBlt+0x16d
a6ea3d28 774b9a94 01011ac6 00f00021 0037ec9c nt!KiFastCallEntry+0x12a
WARNING: Frame IP not in any known module. Following frames may be wrong.
0037ec78 00000000 00000000 00000000 00000000 0x774b9a94
STACK_COMMAND: kb
FOLLOWUP_IP:
win32k!vSolidFillRect1+107
94f206f7 8b55f4 mov edx,dword ptr [ebp-0Ch]
SYMBOL_STACK_INDEX: 9
SYMBOL_NAME: win32k!vSolidFillRect1+107
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: win32k
IMAGE_NAME: win32k.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 47c78851
FAILURE_BUCKET_ID: 0x1a_5003_win32k!vSolidFillRect1+107
BUCKET_ID: 0x1a_5003_win32k!vSolidFillRect1+107
Followup: MachineOwner
---------
and number 2:
Microsoft (R) Windows Debugger Version 6.9.0003.113 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\Minidump\Mini100108-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\local cache*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Server 2008 Kernel Version 6001 (Service Pack 1) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 6001.18063.x86fre.vistasp1_gdr.080425-1930
Kernel base = 0x81a00000 PsLoadedModuleList = 0x81b17c70
Debug session time: Wed Oct 1 06:12:09.442 2008 (GMT+1)
System Uptime: 0 days 1:26:00.582
Loading Kernel Symbols
..............................................................................................................................................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck C2, {7, 110b, 0, 880052e8}
GetPointerFromAddress: unable to read from 81b37868
Unable to read MiSystemVaType memory at 81b17420
*** WARNING: Unable to verify timestamp for yk60x86.sys
*** ERROR: Module load completed but symbols could not be loaded for yk60x86.sys
*** WARNING: Unable to verify timestamp for iastorv.sys
*** ERROR: Module load completed but symbols could not be loaded for iastorv.sys
*** WARNING: Unable to verify timestamp for iastor.sys
*** ERROR: Module load completed but symbols could not be loaded for iastor.sys
*** WARNING: Unable to verify timestamp for PxHelp20.sys
*** ERROR: Module load completed but symbols could not be loaded for PxHelp20.sys
*** WARNING: Unable to verify timestamp for spsys.sys
*** ERROR: Module load completed but symbols could not be loaded for spsys.sys
*** ERROR: Module load completed but symbols could not be loaded for spldr.sys
*** WARNING: Unable to verify timestamp for nvlddmkm.sys
*** ERROR: Module load completed but symbols could not be loaded for nvlddmkm.sys
*** WARNING: Unable to verify timestamp for bcmwl6.sys
*** ERROR: Module load completed but symbols could not be loaded for bcmwl6.sys
*** WARNING: Unable to verify timestamp for rimmptsk.sys
*** ERROR: Module load completed but symbols could not be loaded for rimmptsk.sys
*** WARNING: Unable to verify timestamp for rimsptsk.sys
*** ERROR: Module load completed but symbols could not be loaded for rimsptsk.sys
*** WARNING: Unable to verify timestamp for rixdptsk.sys
*** ERROR: Module load completed but symbols could not be loaded for rixdptsk.sys
*** WARNING: Unable to verify timestamp for Apfiltr.sys
*** ERROR: Module load completed but symbols could not be loaded for Apfiltr.sys
*** WARNING: Unable to verify timestamp for libusb0.sys
*** ERROR: Module load completed but symbols could not be loaded for libusb0.sys
*** WARNING: Unable to verify timestamp for stwrt.sys
*** ERROR: Module load completed but symbols could not be loaded for stwrt.sys
*** WARNING: Unable to verify timestamp for drmk.sys
*** ERROR: Module load completed but symbols could not be loaded for drmk.sys
*** WARNING: Unable to verify timestamp for tcusb.sys
*** ERROR: Module load completed but symbols could not be loaded for tcusb.sys
*** WARNING: Unable to verify timestamp for OEM02Dev.sys
*** ERROR: Module load completed but symbols could not be loaded for OEM02Dev.sys
*** WARNING: Unable to verify timestamp for OEM02Vfx.sys
*** ERROR: Module load completed but symbols could not be loaded for OEM02Vfx.sys
*** WARNING: Unable to verify timestamp for dump_iaStor.sys
*** ERROR: Module load completed but symbols could not be loaded for dump_iaStor.sys
*** WARNING: Unable to verify timestamp for win32k.sys
*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
*** WARNING: Unable to verify timestamp for TSDDD.dll
*** ERROR: Module load completed but symbols could not be loaded for TSDDD.dll
*** WARNING: Unable to verify timestamp for ATMFD.DLL
*** ERROR: Module load completed but symbols could not be loaded for ATMFD.DLL
*** WARNING: Unable to verify timestamp for cdd.dll
*** ERROR: Module load completed but symbols could not be loaded for cdd.dll
*** WARNING: Unable to verify timestamp for secdrv.SYS
*** ERROR: Module load completed but symbols could not be loaded for secdrv.SYS
GetPointerFromAddress: unable to read from 81b37868
Unable to read MiSystemVaType memory at 81b17420
Probably caused by : ntkrpamp.exe ( nt!ExFreePoolWithTag+17f )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
BAD_POOL_CALLER (c2)
The current thread is making a bad pool request. Typically this is at a bad IRQL level or double freeing the same allocation, etc.
Arguments:
Arg1: 00000007, Attempt to free pool which was already freed
Arg2: 0000110b, (reserved)
Arg3: 00000000, Memory contents of the pool block
Arg4: 880052e8, Address of the block of pool being deallocated
Debugging Details:
------------------
GetPointerFromAddress: unable to read from 81b37868
Unable to read MiSystemVaType memory at 81b17420
GetPointerFromAddress: unable to read from 81b37868
Unable to read MiSystemVaType memory at 81b17420
POOL_ADDRESS: GetPointerFromAddress: unable to read from 81b37868
Unable to read MiSystemVaType memory at 81b17420
880052e8
BUGCHECK_STR: 0xc2_7
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from 81aee00c to 81acd163
STACK_TEXT:
9ab53b8c 81aee00c 000000c2 00000007 0000110b nt!KeBugCheckEx+0x1e
9ab53c00 81be3a31 880052e8 00000000 00000000 nt!ExFreePoolWithTag+0x17f
9ab53c3c 81c445e7 88cffd90 81dc0110 88cffd78 nt!PspProcessDelete+0x97
9ab53c58 81a5189d 88cffd90 00000000 0e3bcab4 nt!ObpRemoveObjectRoutine+0x13d
9ab53c80 81a4d4f6 00000002 9ab53ce8 81c2e62e nt!ObfDereferenceObject+0xa1
9ab53c8c 81c2e62e 00000000 c000009a 81aff080 nt!MmFreeAccessPfnBuffer+0x27
9ab53ce8 81c2da9b 00000000 89230030 00000000 nt!PfpFlushBuffers+0x291
9ab53d7c 81bd5b18 81aff080 5d0b2724 00000000 nt!PfTLoggingWorker+0xaa
9ab53dc0 81a2ea3e 81c2d9eb 81aff080 00000000 nt!PspSystemThreadStartup+0x9d
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!ExFreePoolWithTag+17f
81aee00c cc int 3
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!ExFreePoolWithTag+17f
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrpamp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4812bd71
FAILURE_BUCKET_ID: 0xc2_7_nt!ExFreePoolWithTag+17f
BUCKET_ID: 0xc2_7_nt!ExFreePoolWithTag+17f
Followup: MachineOwner
---------
and my HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:08:15, on 01/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Ben\Downloads\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=0080430
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O13 - Gopher Prefix:
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\Windows\system32\libusbd-nt.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
--
End of file - 6192 bytes
I hope it's not too much to ask, this is starting to drive me crazy. Any help would be much appreciated as looking at those BSOD dumps is out of my league. Thanks very much.
I've ran MS memory diagnostics tool for a few hours aswell as the Dell diagnostics tool, which appears to do pretty much the same thing, but checks other areas such as GPU etc too. I haven't tried a fresh install of Vista yet, becuase I use this laptop to work on, I was sort of hoping someone here could have a look at my crashdumps and hopefully it would be somethin simple before I go through the backup/restore process. Perhaps wishful thinking though.
Below is my last 2 crash dumps, though I've seen at least 1 crashdump which looks different to these, so I don't know how helpful they'll be. As well as a HJT log.
Microsoft (R) Windows Debugger Version 6.9.0003.113 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\Minidump\Mini100108-02.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\local cache*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Server 2008 Kernel Version 6001 (Service Pack 1) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 6001.18063.x86fre.vistasp1_gdr.080425-1930
Kernel base = 0x81a12000 PsLoadedModuleList = 0x81b29c70
Debug session time: Wed Oct 1 06:48:42.912 2008 (GMT+1)
System Uptime: 0 days 0:36:09.344
Loading Kernel Symbols
..............................................................................................................................................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1A, {5003, 94630000, 2239, 2bcf072}
Probably caused by : win32k.sys ( win32k!vSolidFillRect1+107 )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
MEMORY_MANAGEMENT (1a)
# Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 00005003, The subtype of the bugcheck.
Arg2: 94630000
Arg3: 00002239
Arg4: 02bcf072
Debugging Details:
------------------
BUGCHECK_STR: 0x1a_5003
CUSTOMER_CRASH_COUNT: 2
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: firefox.exe
CURRENT_IRQL: 0
TRAP_FRAME: a6ea38b4 -- (.trap 0xffffffffa6ea38b4)
ErrCode = 00000002
eax=00000000 ebx=0000017d ecx=000000d3 edx=000003a3 esi=fc400008 edi=fc4e4000
eip=81a65d60 esp=a6ea3928 ebp=a6ea395c iopl=0 nv up ei pl nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010206
nt!RtlFillMemoryUlong+0x10:
81a65d60 f3ab rep stos dword ptr es:[edi]
Resetting default scope
LAST_CONTROL_TRANSFER: from 81a7e926 to 81adf163
STACK_TEXT:
a6ea364c 81a7e926 0000001a 00005003 94630000 nt!KeBugCheckEx+0x1e
a6ea3684 81a99789 c07e2720 82c8bf50 00000000 nt!MiAllocateWsle+0x7d
a6ea36bc 81a9754b 00000001 8b105d70 fc4e4000 nt!MiCompleteProtoPteFault+0x211
a6ea3714 81a99424 00000001 fc4e4000 b48e1758 nt!MiResolveDemandZeroFault+0x5d2
a6ea3758 81a9699f 00000001 fc4e4000 c07e2720 nt!MiResolveProtoPteFault+0x3c3
a6ea3820 81ab80f3 fc4e4000 b48e1758 00000000 nt!MiDispatchFault+0x9a6
a6ea389c 81a6cbb4 00000001 fc4e4000 00000000 nt!MmAccessFault+0x10ac
a6ea389c 81a65d60 00000001 fc4e4000 00000000 nt!KiTrap0E+0xdc
a6ea3928 94f206f7 fc4e34c0 00000e8c 00000000 nt!RtlFillMemoryUlong+0x10
a6ea395c 94f1bcc7 a6ea3c1c 00000001 fc400008 win32k!vSolidFillRect1+0x107
a6ea3afc 94f1b8b7 94f205f0 a6ea3c1c 00000000 win32k!vDIBSolidBlt+0x102
a6ea3b68 94f1b4f2 ffa77590 00000000 00000000 win32k!EngBitBlt+0x18e
a6ea3bc8 94f1b677 fc904de8 a6ea3c2c a6ea3c1c win32k!GrePatBltLockedDC+0x212
a6ea3c70 94ef058e a6ea3d04 0000f0f0 0037ec9c win32k!GrePolyPatBltInternal+0x173
a6ea3d28 81a69a7a 01011ac6 00f00021 0037ec9c win32k!NtGdiPolyPatBlt+0x16d
a6ea3d28 774b9a94 01011ac6 00f00021 0037ec9c nt!KiFastCallEntry+0x12a
WARNING: Frame IP not in any known module. Following frames may be wrong.
0037ec78 00000000 00000000 00000000 00000000 0x774b9a94
STACK_COMMAND: kb
FOLLOWUP_IP:
win32k!vSolidFillRect1+107
94f206f7 8b55f4 mov edx,dword ptr [ebp-0Ch]
SYMBOL_STACK_INDEX: 9
SYMBOL_NAME: win32k!vSolidFillRect1+107
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: win32k
IMAGE_NAME: win32k.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 47c78851
FAILURE_BUCKET_ID: 0x1a_5003_win32k!vSolidFillRect1+107
BUCKET_ID: 0x1a_5003_win32k!vSolidFillRect1+107
Followup: MachineOwner
---------
and number 2:
Microsoft (R) Windows Debugger Version 6.9.0003.113 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\Minidump\Mini100108-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\local cache*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Server 2008 Kernel Version 6001 (Service Pack 1) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 6001.18063.x86fre.vistasp1_gdr.080425-1930
Kernel base = 0x81a00000 PsLoadedModuleList = 0x81b17c70
Debug session time: Wed Oct 1 06:12:09.442 2008 (GMT+1)
System Uptime: 0 days 1:26:00.582
Loading Kernel Symbols
..............................................................................................................................................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck C2, {7, 110b, 0, 880052e8}
GetPointerFromAddress: unable to read from 81b37868
Unable to read MiSystemVaType memory at 81b17420
*** WARNING: Unable to verify timestamp for yk60x86.sys
*** ERROR: Module load completed but symbols could not be loaded for yk60x86.sys
*** WARNING: Unable to verify timestamp for iastorv.sys
*** ERROR: Module load completed but symbols could not be loaded for iastorv.sys
*** WARNING: Unable to verify timestamp for iastor.sys
*** ERROR: Module load completed but symbols could not be loaded for iastor.sys
*** WARNING: Unable to verify timestamp for PxHelp20.sys
*** ERROR: Module load completed but symbols could not be loaded for PxHelp20.sys
*** WARNING: Unable to verify timestamp for spsys.sys
*** ERROR: Module load completed but symbols could not be loaded for spsys.sys
*** ERROR: Module load completed but symbols could not be loaded for spldr.sys
*** WARNING: Unable to verify timestamp for nvlddmkm.sys
*** ERROR: Module load completed but symbols could not be loaded for nvlddmkm.sys
*** WARNING: Unable to verify timestamp for bcmwl6.sys
*** ERROR: Module load completed but symbols could not be loaded for bcmwl6.sys
*** WARNING: Unable to verify timestamp for rimmptsk.sys
*** ERROR: Module load completed but symbols could not be loaded for rimmptsk.sys
*** WARNING: Unable to verify timestamp for rimsptsk.sys
*** ERROR: Module load completed but symbols could not be loaded for rimsptsk.sys
*** WARNING: Unable to verify timestamp for rixdptsk.sys
*** ERROR: Module load completed but symbols could not be loaded for rixdptsk.sys
*** WARNING: Unable to verify timestamp for Apfiltr.sys
*** ERROR: Module load completed but symbols could not be loaded for Apfiltr.sys
*** WARNING: Unable to verify timestamp for libusb0.sys
*** ERROR: Module load completed but symbols could not be loaded for libusb0.sys
*** WARNING: Unable to verify timestamp for stwrt.sys
*** ERROR: Module load completed but symbols could not be loaded for stwrt.sys
*** WARNING: Unable to verify timestamp for drmk.sys
*** ERROR: Module load completed but symbols could not be loaded for drmk.sys
*** WARNING: Unable to verify timestamp for tcusb.sys
*** ERROR: Module load completed but symbols could not be loaded for tcusb.sys
*** WARNING: Unable to verify timestamp for OEM02Dev.sys
*** ERROR: Module load completed but symbols could not be loaded for OEM02Dev.sys
*** WARNING: Unable to verify timestamp for OEM02Vfx.sys
*** ERROR: Module load completed but symbols could not be loaded for OEM02Vfx.sys
*** WARNING: Unable to verify timestamp for dump_iaStor.sys
*** ERROR: Module load completed but symbols could not be loaded for dump_iaStor.sys
*** WARNING: Unable to verify timestamp for win32k.sys
*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
*** WARNING: Unable to verify timestamp for TSDDD.dll
*** ERROR: Module load completed but symbols could not be loaded for TSDDD.dll
*** WARNING: Unable to verify timestamp for ATMFD.DLL
*** ERROR: Module load completed but symbols could not be loaded for ATMFD.DLL
*** WARNING: Unable to verify timestamp for cdd.dll
*** ERROR: Module load completed but symbols could not be loaded for cdd.dll
*** WARNING: Unable to verify timestamp for secdrv.SYS
*** ERROR: Module load completed but symbols could not be loaded for secdrv.SYS
GetPointerFromAddress: unable to read from 81b37868
Unable to read MiSystemVaType memory at 81b17420
Probably caused by : ntkrpamp.exe ( nt!ExFreePoolWithTag+17f )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
BAD_POOL_CALLER (c2)
The current thread is making a bad pool request. Typically this is at a bad IRQL level or double freeing the same allocation, etc.
Arguments:
Arg1: 00000007, Attempt to free pool which was already freed
Arg2: 0000110b, (reserved)
Arg3: 00000000, Memory contents of the pool block
Arg4: 880052e8, Address of the block of pool being deallocated
Debugging Details:
------------------
GetPointerFromAddress: unable to read from 81b37868
Unable to read MiSystemVaType memory at 81b17420
GetPointerFromAddress: unable to read from 81b37868
Unable to read MiSystemVaType memory at 81b17420
POOL_ADDRESS: GetPointerFromAddress: unable to read from 81b37868
Unable to read MiSystemVaType memory at 81b17420
880052e8
BUGCHECK_STR: 0xc2_7
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from 81aee00c to 81acd163
STACK_TEXT:
9ab53b8c 81aee00c 000000c2 00000007 0000110b nt!KeBugCheckEx+0x1e
9ab53c00 81be3a31 880052e8 00000000 00000000 nt!ExFreePoolWithTag+0x17f
9ab53c3c 81c445e7 88cffd90 81dc0110 88cffd78 nt!PspProcessDelete+0x97
9ab53c58 81a5189d 88cffd90 00000000 0e3bcab4 nt!ObpRemoveObjectRoutine+0x13d
9ab53c80 81a4d4f6 00000002 9ab53ce8 81c2e62e nt!ObfDereferenceObject+0xa1
9ab53c8c 81c2e62e 00000000 c000009a 81aff080 nt!MmFreeAccessPfnBuffer+0x27
9ab53ce8 81c2da9b 00000000 89230030 00000000 nt!PfpFlushBuffers+0x291
9ab53d7c 81bd5b18 81aff080 5d0b2724 00000000 nt!PfTLoggingWorker+0xaa
9ab53dc0 81a2ea3e 81c2d9eb 81aff080 00000000 nt!PspSystemThreadStartup+0x9d
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!ExFreePoolWithTag+17f
81aee00c cc int 3
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!ExFreePoolWithTag+17f
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrpamp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4812bd71
FAILURE_BUCKET_ID: 0xc2_7_nt!ExFreePoolWithTag+17f
BUCKET_ID: 0xc2_7_nt!ExFreePoolWithTag+17f
Followup: MachineOwner
---------
and my HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:08:15, on 01/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Ben\Downloads\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=0080430
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O13 - Gopher Prefix:
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\Windows\system32\libusbd-nt.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
--
End of file - 6192 bytes
I hope it's not too much to ask, this is starting to drive me crazy. Any help would be much appreciated as looking at those BSOD dumps is out of my league. Thanks very much.
