|
DAL Computer Help
» Operating System Help
» Windows XP Help
»
Please help - No ideas
Please help - No ideas
 |
17-10-2006, 10:14 PM
|
|
Newbie
D-A-L Newbie
|
|
Join Date: Oct 2006
Posts: 5
|
|
|
Please help - No ideas
Hello and first thank you for all your help (I see this forum is very active and filled with those willing to take their time to assist others - priceless).
I'll provide a few things, unsure if you want to see them all - but just incase.
My problem is my video will freeze for a second or two (though its been three or four seconds before), then flickers to a black for just a second (this part of the problem is always just a second - constant) and then position of buttons/links/icons etc, in say, my web browser or any other window that I have opened for that matter (ie. Windows Explorer, etc.), etc. There will also be "residue" of where the window was left on the desktop.
Sometimes things are stable, other things it will just do the above and sometimes it will do the above AND reboot with a BSOD (hence the reason I'm tossing my dump in this post).
Debug Log
Code:
Opened log file 'c:\debuglog.txt'
Microsoft (R) Windows Debugger Version 6.6.0007.5
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\WINDOWS\Minidump\Mini101706-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: C:\WINDOWS;C:\WINDOWS\system32;C:\WINDOWS\system32\drivers
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 2600.xpsp_sp2_gdr.050301-1519
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805531a0
Debug session time: Tue Oct 17 13:35:41.968 2006 (GMT-5)
System Uptime: 0 days 5:15:26.532
Loading Kernel Symbols
.............................................................................................................................
Loading User Symbols
Loading unloaded module list
..............
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000008E, {c0000005, bf804996, b4aeab84, 0}
Probably caused by : win32k.sys ( win32k!HmgDecrementShareReferenceCount+37 )
Followup: MachineOwner
---------
kd> !analyze -v;r;kv;lmtn;.logclose;q
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: bf804996, The address that the exception occurred at
Arg3: b4aeab84, Trap Frame
Arg4: 00000000
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".
FAULTING_IP:
win32k!HmgDecrementShareReferenceCount+37
bf804996 8b4204 mov eax,dword ptr [edx+4]
TRAP_FRAME: b4aeab84 -- (.trap ffffffffb4aeab84)
.trap ffffffffb4aeab84
ErrCode = 00000000
eax=00000000 ebx=00000000 ecx=bc4ffff0 edx=00000000 esi=00000028 edi=00000000
eip=bf804996 esp=b4aeabf8 ebp=b4aeaca0 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
win32k!HmgDecrementShareReferenceCount+0x37:
bf804996 8b4204 mov eax,dword ptr [edx+4] ds:0023:00000004=????????
.trap
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0x8E
PROCESS_NAME: firefox.exe
LAST_CONTROL_TRANSFER: from bf8482a4 to bf804996
STACK_TEXT:
b4aeaca0 bf8482a4 01010057 e13cc580 00000000 win32k!HmgDecrementShareReferenceCount+0x37
b4aead38 8053c808 01010057 64050582 00000000 win32k!NtGdiGetDIBitsInternal+0x27e
b4aead38 7c90eb94 01010057 64050582 00000000 nt!KiFastCallEntry+0xf8
WARNING: Frame IP not in any known module. Following frames may be wrong.
0012fca4 00000000 00000000 00000000 00000000 0x7c90eb94
STACK_COMMAND: kb
FOLLOWUP_IP:
win32k!HmgDecrementShareReferenceCount+37
bf804996 8b4204 mov eax,dword ptr [edx+4]
SYMBOL_STACK_INDEX: 0
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: win32k
IMAGE_NAME: win32k.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 43446a58
SYMBOL_NAME: win32k!HmgDecrementShareReferenceCount+37
FAILURE_BUCKET_ID: 0x8E_win32k!HmgDecrementShareReferenceCount+37
BUCKET_ID: 0x8E_win32k!HmgDecrementShareReferenceCount+37
Followup: MachineOwner
---------
eax=00000000 ebx=00000000 ecx=bc4ffff0 edx=00000000 esi=00000028 edi=00000000
eip=bf804996 esp=b4aeabf8 ebp=b4aeaca0 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
win32k!HmgDecrementShareReferenceCount+0x37:
bf804996 8b4204 mov eax,dword ptr [edx+4] ds:0023:00000004=????????
ChildEBP RetAddr Args to Child
b4aeaca0 bf8482a4 01010057 e13cc580 00000000 win32k!HmgDecrementShareReferenceCount+0x37
b4aead38 8053c808 01010057 64050582 00000000 win32k!NtGdiGetDIBitsInternal+0x27e (FPO: [Non-Fpo])
b4aead38 7c90eb94 01010057 64050582 00000000 nt!KiFastCallEntry+0xf8 (FPO: [0,0] TrapFrame @ b4aead64)
WARNING: Frame IP not in any known module. Following frames may be wrong.
0012fca4 00000000 00000000 00000000 00000000 0x7c90eb94
start end module name
804d7000 806cd280 nt ntkrnlpa.exe Tue Mar 01 18:34:37 2005 (42250A1D)
806ce000 806ee380 hal halaacpi.dll Wed Aug 04 00:59:05 2004 (41107B29)
b4882000 b48c2380 HTTP HTTP.sys Wed Aug 04 01:00:09 2004 (41107B69)
b4b6b000 b4b7c500 tmcomm tmcomm.sys Mon Jul 31 01:41:15 2006 (44CDA60B)
b4ba5000 b4bf6300 srv srv.sys Mon May 09 19:17:49 2005 (427FFDAD)
b4c1f000 b4c4b400 mrxdav mrxdav.sys Wed Aug 04 01:00:49 2004 (41107B91)
b4f23000 b4f37400 wdmaud wdmaud.sys Wed Aug 04 01:15:03 2004 (41107EE7)
b6198000 b619b280 ndisuio ndisuio.sys Wed Aug 04 01:03:10 2004 (41107C1E)
b6c09000 b6c20480 dump_atapi dump_atapi.sys Wed Aug 04 00:59:41 2004 (41107B4D)
b6c21000 b6c31280 Udfs Udfs.SYS Wed Aug 04 01:00:27 2004 (41107B7B)
b6c32000 b6c42d00 LMouKE LMouKE.Sys Sat Jul 23 01:41:40 2005 (42E1E6A4)
b6ce3000 b6d03f00 ipnat ipnat.sys Wed Aug 04 01:04:48 2004 (41107C80)
b6d04000 b6d71680 mrxsmb mrxsmb.sys Wed Oct 27 20:14:16 2004 (418047E8)
b6d9a000 b6dc4a00 rdbss rdbss.sys Wed Oct 27 20:13:57 2004 (418047D5)
b6dc5000 b6de6d00 afd afd.sys Wed Aug 04 01:14:13 2004 (41107EB5)
b6de7000 b6e0ec00 netbt netbt.sys Wed Aug 04 01:14:36 2004 (41107ECC)
b6e0f000 b6e66d80 tcpip tcpip.sys Wed May 25 14:04:00 2005 (4294CC20)
b6e67000 b6e79400 ipsec ipsec.sys Wed Aug 04 01:14:27 2004 (41107EC3)
b8f9a000 b9036000 ctac32k ctac32k.sys Wed Dec 07 21:54:32 2005 (4397AE78)
b9036000 b905d000 ctsfm2k ctsfm2k.sys Wed Dec 07 21:54:41 2005 (4397AE81)
b905d000 b908a000 emupia2k emupia2k.sys Wed Dec 07 21:54:38 2005 (4397AE7E)
b908a000 b918b000 ha10kx2k ha10kx2k.sys Wed Dec 07 21:54:56 2005 (4397AE90)
b918b000 b91bd000 hap17v2k hap17v2k.sys Wed Dec 07 21:55:06 2005 (4397AE9A)
b9690000 b9692900 Dxapi Dxapi.sys Fri Aug 17 15:53:19 2001 (3B7D843F)
b96a0000 b96d3200 update update.sys Wed Aug 04 00:58:32 2004 (41107B08)
b96d4000 b96e4e00 psched psched.sys Wed Aug 04 01:04:16 2004 (41107C60)
b96e5000 b96fb680 ndiswan ndiswan.sys Wed Aug 04 01:14:30 2004 (41107EC6)
b96fc000 b970f900 parport parport.sys Wed Aug 04 00:59:04 2004 (41107B28)
b9710000 b9723780 VIDEOPRT VIDEOPRT.SYS Wed Aug 04 01:07:04 2004 (41107D08)
b973b000 b9b016e0 nv4_mini nv4_mini.sys Fri Aug 11 22:24:08 2006 (44DD49D8)
b9b02000 b9b34d80 NVSNPU NVSNPU.SYS Wed Nov 24 19:42:04 2004 (41A5386C)
b9b35000 b9b78480 NVNRM NVNRM.SYS Wed Nov 24 19:42:20 2004 (41A5387C)
b9b79000 b9bab000 ctoss2k ctoss2k.sys Wed Dec 07 21:54:51 2005 (4397AE8B)
b9bab000 b9bce980 portcls portcls.sys Wed Aug 04 01:15:47 2004 (41107F13)
b9bcf000 b9c3a400 ctaud2k ctaud2k.sys Wed Dec 07 21:55:43 2005 (4397AEBF)
b9c3b000 b9c5d680 ks ks.sys Wed Aug 04 01:15:20 2004 (41107EF8)
b9c5e000 b9c80e80 USBPORT USBPORT.SYS Wed Aug 04 01:08:34 2004 (41107D62)
b9ca1000 b9ca9d80 HIDCLASS HIDCLASS.SYS Wed Aug 04 01:08:18 2004 (41107D52)
b9cd1000 b9cdfd80 arp1394 arp1394.sys Wed Aug 04 00:58:28 2004 (41107B04)
b9ce1000 b9ce9700 wanarp wanarp.sys Wed Aug 04 01:04:57 2004 (41107C89)
b9cf1000 b9cf9880 Fips Fips.SYS Fri Aug 17 20:31:49 2001 (3B7DC585)
b9d11000 b9d19700 netbios netbios.sys Wed Aug 04 01:03:19 2004 (41107C27)
ba46d000 ba46ff80 mouhid mouhid.sys Fri Aug 17 15:47:57 2001 (3B7D82FD)
ba471000 ba473580 hidusb hidusb.sys Fri Aug 17 16:02:16 2001 (3B7D8658)
ba614000 ba62e580 Mup Mup.sys Wed Aug 04 01:15:20 2004 (41107EF8)
ba62f000 ba65ba80 NDIS NDIS.sys Wed Aug 04 01:14:27 2004 (41107EC3)
ba65c000 ba6e8480 Ntfs Ntfs.sys Wed Aug 04 01:15:06 2004 (41107EEA)
ba6e9000 ba6ff780 KSecDD KSecDD.sys Wed Aug 04 00:59:45 2004 (41107B51)
ba700000 ba711f00 sr sr.sys Wed Aug 04 01:06:22 2004 (41107CDE)
ba712000 ba730780 fltmgr fltmgr.sys Wed Aug 04 01:01:17 2004 (41107BAD)
ba731000 ba748480 atapi atapi.sys Wed Aug 04 00:59:41 2004 (41107B4D)
ba749000 ba767880 ftdisk ftdisk.sys Fri Aug 17 15:52:41 2001 (3B7D8419)
ba768000 ba778a80 pci pci.sys Wed Aug 04 01:07:45 2004 (41107D31)
ba779000 ba7a6d80 ACPI ACPI.sys Wed Aug 04 01:07:35 2004 (41107D27)
ba8a8000 ba8b0c00 isapnp isapnp.sys Fri Aug 17 15:58:01 2001 (3B7D8559)
ba8b8000 ba8c6e80 ohci1394 ohci1394.sys Wed Aug 04 01:10:05 2004 (41107DBD)
ba8c8000 ba8d5000 1394BUS 1394BUS.SYS Wed Aug 04 01:10:03 2004 (41107DBB)
ba8d8000 ba8e2500 MountMgr MountMgr.sys Wed Aug 04 00:58:29 2004 (41107B05)
ba8e8000 ba8f4c80 VolSnap VolSnap.sys Wed Aug 04 01:00:14 2004 (41107B6E)
ba8f8000 ba900e00 disk disk.sys Wed Aug 04 00:59:53 2004 (41107B59)
ba908000 ba914200 CLASSPNP CLASSPNP.SYS Wed Aug 04 01:14:26 2004 (41107EC2)
ba938000 ba941f00 termdd termdd.sys Wed Aug 04 00:58:52 2004 (41107B1C)
ba958000 ba961480 NDProxy NDProxy.SYS Fri Aug 17 15:55:30 2001 (3B7D84C2)
ba968000 ba976100 usbhub usbhub.sys Wed Aug 04 01:08:40 2004 (41107D68)
ba978000 ba980280 NVENETFD NVENETFD.sys Wed Nov 24 19:42:44 2004 (41A53894)
ba9e8000 ba9f6d80 sysaudio sysaudio.sys Wed Aug 04 01:15:54 2004 (41107F1A)
baa68000 baa76000 AmdK8 AmdK8.sys Sat May 08 12:21:43 2004 (409D1727)
baa78000 baa82380 imapi imapi.sys Wed Aug 04 01:00:12 2004 (41107B6C)
baa88000 baa94180 cdrom cdrom.sys Wed Aug 04 00:59:52 2004 (41107B58)
baa98000 baaa6080 redbook redbook.sys Wed Aug 04 00:59:34 2004 (41107B46)
baaa8000 baab6b80 drmk drmk.sys Wed Aug 04 01:07:54 2004 (41107D3A)
baab8000 baac7180 nic1394 nic1394.sys Wed Aug 04 00:58:28 2004 (41107B04)
baac8000 baad7d80 serial serial.sys Wed Aug 04 01:15:51 2004 (41107F17)
baad8000 baae4e00 i8042prt i8042prt.sys Wed Aug 04 01:14:36 2004 (41107ECC)
baae8000 baaf4880 rasl2tp rasl2tp.sys Wed Aug 04 01:14:21 2004 (41107EBD)
baaf8000 bab02200 raspppoe raspppoe.sys Wed Aug 04 01:05:06 2004 (41107C92)
bab08000 bab13d00 raspptp raspptp.sys Wed Aug 04 01:14:26 2004 (41107EC2)
bab18000 bab20900 msgpc msgpc.sys Wed Aug 04 01:04:11 2004 (41107C5B)
bab28000 bab2e200 PCIIDEX PCIIDEX.SYS Wed Aug 04 00:59:40 2004 (41107B4C)
bab30000 bab34900 PartMgr PartMgr.sys Fri Aug 17 20:32:23 2001 (3B7DC5A7)
bab38000 bab3ce20 PxHelp20 PxHelp20.sys Mon Apr 25 14:48:02 2005 (426D4972)
babc0000 babc4280 usbohci usbohci.sys Wed Aug 04 01:08:34 2004 (41107D62)
babc8000 babce800 usbehci usbehci.sys Wed Aug 04 01:08:34 2004 (41107D62)
babd0000 babd4e80 AnyDVD AnyDVD.sys Sun Oct 08 06:29:43 2006 (4528E127)
babd8000 babdf000 GEARAspiWDM GEARAspiWDM.sys Tue Feb 01 23:19:49 2005 (420062F5)
babe0000 babe8000 ctprxy2k ctprxy2k.sys Wed Dec 07 21:55:47 2005 (4397AEC3)
babe8000 babe9000 fdc fdc.sys unavailable (00000000)
babf0000 babf6000 kbdclass kbdclass.sys Wed Aug 04 00:58:32 2004 (41107B08)
babf8000 babfc880 TDI TDI.SYS Wed Aug 04 01:07:47 2004 (41107D33)
bac00000 bac04580 ptilink ptilink.sys Fri Aug 17 15:49:53 2001 (3B7D8371)
bac08000 bac0c080 raspti raspti.sys Fri Aug 17 15:55:32 2001 (3B7D84C4)
bac10000 bac15a00 mouclass mouclass.sys Wed Aug 04 00:58:32 2004 (41107B08)
bac18000 bac1fe40 vdiskbus vdiskbus.sys Sun Jul 07 18:21:33 2002 (3D28CCFD)
bac30000 bac35200 vga vga.sys Wed Aug 04 01:07:06 2004 (41107D0A)
bac38000 bac3ca80 Msfs Msfs.SYS Wed Aug 04 01:00:37 2004 (41107B85)
bac40000 bac47880 Npfs Npfs.SYS Wed Aug 04 01:00:38 2004 (41107B86)
bac50000 bac57b80 usbccgp usbccgp.sys Wed Aug 04 01:08:45 2004 (41107D6D)
bac58000 bac5e180 HIDPARSE HIDPARSE.SYS Wed Aug 04 01:08:15 2004 (41107D4F)
bac60000 bac66600 LHidKE LHidKE.Sys Sat Jul 23 01:41:46 2005 (42E1E6AA)
bac80000 bac84500 watchdog watchdog.sys Wed Aug 04 01:07:32 2004 (41107D24)
bacb8000 bacbb000 BOOTVID BOOTVID.dll Fri Aug 17 15:49:09 2001 (3B7D8345)
bad4c000 bad4f280 nvnetbus nvnetbus.sys Wed Nov 24 19:42:46 2004 (41A53896)
bad50000 bad53c80 serenum serenum.sys Wed Aug 04 00:59:06 2004 (41107B2A)
bad54000 bad56580 ndistapi ndistapi.sys Fri Aug 17 15:55:29 2001 (3B7D84C1)
bad64000 bad67c80 mssmbios mssmbios.sys Wed Aug 04 01:07:47 2004 (41107D33)
bad90000 bad92280 rasacd rasacd.sys Fri Aug 17 15:55:39 2001 (3B7D84CB)
bada8000 bada9b80 kdcom kdcom.dll Fri Aug 17 15:49:10 2001 (3B7D8346)
badaa000 badab100 WMILIB WMILIB.SYS Fri Aug 17 16:07:23 2001 (3B7D878B)
badc6000 badc7200 ElbyDelay ElbyDelay.sys Tue Apr 12 03:41:20 2005 (425B89B0)
badc8000 badc9100 swenum swenum.sys Wed Aug 04 00:58:41 2004 (41107B11)
badca000 badcb280 USBD USBD.SYS Fri Aug 17 16:02:58 2001 (3B7D8682)
badce000 badcff00 Fs_Rec Fs_Rec.SYS Fri Aug 17 15:49:37 2001 (3B7D8361)
badd0000 badd1080 Beep Beep.SYS Fri Aug 17 15:47:33 2001 (3B7D82E5)
badd2000 badd3080 mnmdd mnmdd.SYS Fri Aug 17 15:57:28 2001 (3B7D8538)
badd4000 badd5080 RDPCDD RDPCDD.sys Fri Aug 17 15:46:56 2001 (3B7D82C0)
bade4000 bade5a80 ParVdm ParVdm.SYS Fri Aug 17 15:49:49 2001 (3B7D836D)
bade6000 bade72c0 cdrpdacc cdrpdacc.sys Tue Oct 28 15:01:25 2003 (3F9ED925)
bade8000 bade9f80 ElbyCDIO ElbyCDIO.sys Fri Apr 21 20:44:39 2006 (44498A87)
badf0000 badf1100 dump_WMILIB dump_WMILIB.SYS Fri Aug 17 16:07:23 2001 (3B7D878B)
bae70000 bae70d00 pciide pciide.sys Fri Aug 17 15:51:49 2001 (3B7D83E5)
baecc000 baeccb80 Null Null.SYS Fri Aug 17 15:47:39 2001 (3B7D82EB)
bafa2000 bafa2c00 audstub audstub.sys Fri Aug 17 15:59:40 2001 (3B7D85BC)
bafb3000 bafb3d00 dxgthk dxgthk.sys Fri Aug 17 15:53:12 2001 (3B7D8438)
bf800000 bf9c1180 win32k win32k.sys Wed Oct 05 19:05:44 2005 (43446A58)
bf9c2000 bf9d3580 dxg dxg.sys Wed Aug 04 01:00:51 2004 (41107B93)
bf9d4000 bfe1db00 nv4_disp nv4_disp.dll Fri Aug 11 22:18:47 2006 (44DD4897)
Unloaded modules:
b19e2000 b1a0c000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
b3c64000 b3c8e000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
b3c64000 b3c8e000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
b3c64000 b3c8e000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
b4ed6000 b4f00000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
baf05000 baf06000 drmkaud.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ba9c8000 ba9d5000 DMusic.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
b4f00000 b4f23000 aec.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
b6238000 b6246000 swmidi.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
bae42000 bae44000 splitter.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
b9d01000 b9d0a000 processr.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
bac28000 bac2d000 Cdaudio.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
bad8c000 bad8f000 Sfloppy.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
bac20000 bac25000 Flpydisk.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
Closing open log file c:\debuglog.txt
DumpCache - using dumpchk.exe
Code:
----- 32 bit Kernel Mini Dump Analysis
DUMP_HEADER32:
MajorVersion 0000000f
MinorVersion 00000a28
DirectoryTableBase 12ef01a0
PfnDataBase 81986000
PsLoadedModuleList 805531a0
PsActiveProcessHead 80559258
MachineImageType 0000014c
NumberProcessors 00000001
BugCheckCode 1000008e
BugCheckParameter1 c0000005
BugCheckParameter2 bf804996
BugCheckParameter3 b4aeab84
BugCheckParameter4 00000000
PaeEnabled 00000001
KdDebuggerDataBlock 80544ce0
MiniDumpFields 00000dff
TRIAGE_DUMP32:
ServicePackBuild 00000200
SizeOfDump 00010000
ValidOffset 0000fffc
ContextOffset 00000320
ExceptionOffset 000007d0
MmOffset 00001068
UnloadedDriversOffset 000010a0
PrcbOffset 00001878
ProcessOffset 000024c8
ThreadOffset 00002728
CallStackOffset 00002980
SizeOfCallStack 0000046c
DriverListOffset 00003080
DriverCount 0000007e
StringPoolOffset 000055e8
StringPoolSize 00001168
BrokenDriverOffset 00000000
TriageOptions 00000041
TopOfStack b4aeab94
DebuggerDataOffset 00002df0
DebuggerDataSize 00000290
DataBlocksOffset 00006750
DataBlocksCount 00000004
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805531a0
Debug session time: Tue Oct 17 13:35:41 2006
System Uptime: 0 days 5:15:26
start end module name
804d7000 806cd280 nt Checksum: 001F632B Timestamp: Tue Mar 01 18:34:37 2005 (42250A1D)
Unloaded modules:
b19e2000 b1a0c000 kmixer.sys Timestamp: unavailable (00000000)
b3c64000 b3c8e000 kmixer.sys Timestamp: unavailable (00000000)
b3c64000 b3c8e000 kmixer.sys Timestamp: unavailable (00000000)
b3c64000 b3c8e000 kmixer.sys Timestamp: unavailable (00000000)
b4ed6000 b4f00000 kmixer.sys Timestamp: unavailable (00000000)
baf05000 baf06000 drmkaud.sys Timestamp: unavailable (00000000)
ba9c8000 ba9d5000 DMusic.sys Timestamp: unavailable (00000000)
b4f00000 b4f23000 aec.sys Timestamp: unavailable (00000000)
b6238000 b6246000 swmidi.sys Timestamp: unavailable (00000000)
bae42000 bae44000 splitter.sys Timestamp: unavailable (00000000)
b9d01000 b9d0a000 processr.sys Timestamp: unavailable (00000000)
bac28000 bac2d000 Cdaudio.SYS Timestamp: unavailable (00000000)
bad8c000 bad8f000 Sfloppy.SYS Timestamp: unavailable (00000000)
bac20000 bac25000 Flpydisk.SYS Timestamp: unavailable (00000000)
Finished dump check
HiJackThis Log - Just incase it helps
Code:
Logfile of HijackThis v1.99.1
Scan saved at 4:12:59 PM, on 10/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\Jayson\LOCALS~1\Temp\Temporary Directory 2 for hijackthis_199.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.pestpatrol.com/pestscan/pestscan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136952803890
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158283469734
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{56F1BEFF-240B-4E6B-9869-5D49B072CAA5}: NameServer = 24.93.41.125,24.93.41.126
O17 - HKLM\System\CS1\Services\Tcpip\..\{56F1BEFF-240B-4E6B-9869-5D49B072CAA5}: NameServer = 24.93.41.125,24.93.41.126
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
|
18-10-2006, 12:30 AM
|
 |
¨*·.¸ «.·°·..·°·.» ¸.·*¨
|
|
Join Date: Jun 2004
Posts: 25,328
|
|
|
Re: Please help - No ideas
Is this a new problem? Any new hardware or software?
Your dump is fairly common. Difficult to pinpoint hardware or driver. The main suspects being Video Card; Audio card; RAM.
I would first turn off some items from start Run... msconfig | startup
Specifically:
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
You can uncheck these and then go back and selectively work through the list. You might want to try differennt configurations but none of those programs need to be starting.
Many are from your sound card and a couple nVidia add ons.
I also see no anti virus and or firewall running.
If you get further dumps please post them.
|
18-10-2006, 07:15 PM
|
|
Newbie
D-A-L Newbie
|
|
Join Date: Oct 2006
Posts: 5
|
|
|
Re: Please help - No ideas
DumpCache
Code:
----- 32 bit Kernel Mini Dump Analysis
DUMP_HEADER32:
MajorVersion 0000000f
MinorVersion 00000a28
DirectoryTableBase 134801c0
PfnDataBase 81986000
PsLoadedModuleList 805531a0
PsActiveProcessHead 80559258
MachineImageType 0000014c
NumberProcessors 00000001
BugCheckCode 1000008e
BugCheckParameter1 c0000005
BugCheckParameter2 8054385c
BugCheckParameter3 b5ff2004
BugCheckParameter4 00000000
PaeEnabled 00000001
KdDebuggerDataBlock 80544ce0
MiniDumpFields 00000dff
TRIAGE_DUMP32:
ServicePackBuild 00000200
SizeOfDump 00010000
ValidOffset 0000fffc
ContextOffset 00000320
ExceptionOffset 000007d0
MmOffset 00001068
UnloadedDriversOffset 000010a0
PrcbOffset 00001878
ProcessOffset 000024c8
ThreadOffset 00002728
CallStackOffset 00002980
SizeOfCallStack 00000fec
DriverListOffset 00003c00
DriverCount 0000007e
StringPoolOffset 00006168
StringPoolSize 00001168
BrokenDriverOffset 00000000
TriageOptions 00000041
TopOfStack b5ff2014
DebuggerDataOffset 00003970
DebuggerDataSize 00000290
DataBlocksOffset 000072d0
DataBlocksCount 00000005
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805531a0
Debug session time: Wed Oct 18 13:07:27 2006
System Uptime: 0 days 21:57:06
start end module name
804d7000 806cd280 nt Checksum: 001F632B Timestamp: Tue Mar 01 18:34:37 2005 (42250A1D)
Unloaded modules:
a81f2000 a821c000 kmixer.sys Timestamp: unavailable (00000000)
a81f2000 a821c000 kmixer.sys Timestamp: unavailable (00000000)
aa5b5000 aa5df000 kmixer.sys Timestamp: unavailable (00000000)
b05df000 b0609000 kmixer.sys Timestamp: unavailable (00000000)
b05df000 b0609000 kmixer.sys Timestamp: unavailable (00000000)
b05df000 b0609000 kmixer.sys Timestamp: unavailable (00000000)
b16a9000 b16d3000 kmixer.sys Timestamp: unavailable (00000000)
bae2e000 bae30000 splitter.sys Timestamp: unavailable (00000000)
b16a9000 b16d3000 kmixer.sys Timestamp: unavailable (00000000)
b16a9000 b16d3000 kmixer.sys Timestamp: unavailable (00000000)
b1ea9000 b1ed3000 kmixer.sys Timestamp: unavailable (00000000)
b3f5d000 b3f87000 kmixer.sys Timestamp: unavailable (00000000)
b3f5d000 b3f87000 kmixer.sys Timestamp: unavailable (00000000)
b3f5d000 b3f87000 kmixer.sys Timestamp: unavailable (00000000)
b4e29000 b4e53000 kmixer.sys Timestamp: unavailable (00000000)
baffc000 baffd000 drmkaud.sys Timestamp: unavailable (00000000)
b6173000 b6180000 DMusic.sys Timestamp: unavailable (00000000)
b61b3000 b61c1000 swmidi.sys Timestamp: unavailable (00000000)
b4e53000 b4e76000 aec.sys Timestamp: unavailable (00000000)
bae16000 bae18000 splitter.sys Timestamp: unavailable (00000000)
b9c33000 b9c3c000 processr.sys Timestamp: unavailable (00000000)
bac48000 bac4d000 Cdaudio.SYS Timestamp: unavailable (00000000)
bad94000 bad97000 Sfloppy.SYS Timestamp: unavailable (00000000)
bac40000 bac45000 Flpydisk.SYS Timestamp: unavailable (00000000)
Finished dump check
HJTL
Code:
Logfile of HijackThis v1.99.1
Scan saved at 1:12:56 PM, on 10/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\Jayson\LOCALS~1\Temp\Temporary Directory 3 for hijackthis_199.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.pestpatrol.com/pestscan/pestscan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1136952803890
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1158283469734
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{56F1BEFF-240B-4E6B-9869-5D49B072CAA5}: NameServer = 24.93.41.125,24.93.41.126
O17 - HKLM\System\CS1\Services\Tcpip\..\{56F1BEFF-240B-4E6B-9869-5D49B072CAA5}: NameServer = 24.93.41.125,24.93.41.126
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Debug
Code:
Opened log file 'c:\debuglog.txt'
Microsoft (R) Windows Debugger Version 6.6.0007.5
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\WINDOWS\Minidump\Mini101806-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: C:\WINDOWS;C:\WINDOWS\system32;C:\WINDOWS\system32\drivers
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 2600.xpsp_sp2_gdr.050301-1519
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805531a0
Debug session time: Wed Oct 18 13:07:27.750 2006 (GMT-5)
System Uptime: 0 days 21:57:06.318
Loading Kernel Symbols
.............................................................................................................................
Loading User Symbols
Loading unloaded module list
........................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000008E, {c0000005, 8054385c, b5ff2004, 0}
Probably caused by : Pool_Corruption ( nt!ExDeferredFreePool+156 )
Followup: Pool_corruption
---------
kd> !analyze -v;r;kv;lmtn;.logclose;q
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 8054385c, The address that the exception occurred at
Arg3: b5ff2004, Trap Frame
Arg4: 00000000
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".
FAULTING_IP:
nt!ExDeferredFreePool+156
8054385c 8913 mov dword ptr [ebx],edx
TRAP_FRAME: b5ff2004 -- (.trap ffffffffb5ff2004)
.trap ffffffffb5ff2004
ErrCode = 00000002
eax=e3999410 ebx=5f0508f3 ecx=e3999010 edx=00000000 esi=8a769028 edi=000001ff
eip=8054385c esp=b5ff2078 ebp=b5ff20b8 iopl=0 nv up ei ng nz ac pe cy
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010297
nt!ExDeferredFreePool+0x156:
8054385c 8913 mov dword ptr [ebx],edx ds:0023:5f0508f3=????????
.trap
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0x8E
PROCESS_NAME: explorer.exe
LAST_CONTROL_TRANSFER: from 80543e6f to 8054385c
STACK_TEXT:
b5ff20b8 80543e6f e3390008 7ffdb700 b5ff2180 nt!ExDeferredFreePool+0x156
b5ff20f8 bf802acb e3badc00 89080790 b5ff2114 nt!ExFreePoolWithTag+0x489
b5ff2108 bf80efcb e3badc00 b5ff23d8 bf855990 win32k!HeavyFreePool+0xbb
b5ff2114 bf855990 b5ff2168 00000002 00000040 win32k!PopAndFreeAlwaysW32ThreadLock+0x20
b5ff23d8 bf8bd5a0 bc6385e0 0000004a 000e036c win32k!SfnCOPYDATA+0x284
b5ff241c bf83f315 10106a10 77d86258 00000001 win32k!xxxHkCallHook+0x222
b5ff2494 bf8f4fc3 036493b8 00000000 00000001 win32k!xxxCallHook2+0x25d
b5ff24b0 bf92eacc 00000000 00000001 00000000 win32k!xxxCallNextHookEx+0x2d
b5ff24dc bf855a4a bc6385e0 0000004a 000e036c win32k!fnHkINLPCWPRETEXSTRUCT+0x59
b5ff2528 bf80f7c5 bc6385e0 0000004a 000e036c win32k!NtUserfnCOPYDATA+0x7d
b5ff2560 8053c808 00030040 0000004a 000e036c win32k!NtUserMessageCall+0xae
b5ff2560 7c90eb94 00030040 0000004a 000e036c nt!KiFastCallEntry+0xf8
WARNING: Frame IP not in any known module. Following frames may be wrong.
00edfa08 00000000 00000000 00000000 00000000 0x7c90eb94
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!ExDeferredFreePool+156
8054385c 8913 mov dword ptr [ebx],edx
SYMBOL_STACK_INDEX: 0
FOLLOWUP_NAME: Pool_corruption
IMAGE_NAME: Pool_Corruption
DEBUG_FLR_IMAGE_TIMESTAMP: 0
SYMBOL_NAME: nt!ExDeferredFreePool+156
MODULE_NAME: Pool_Corruption
FAILURE_BUCKET_ID: 0x8E_nt!ExDeferredFreePool+156
BUCKET_ID: 0x8E_nt!ExDeferredFreePool+156
Followup: Pool_corruption
---------
eax=e3999410 ebx=5f0508f3 ecx=e3999010 edx=00000000 esi=8a769028 edi=000001ff
eip=8054385c esp=b5ff2078 ebp=b5ff20b8 iopl=0 nv up ei ng nz ac pe cy
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010297
nt!ExDeferredFreePool+0x156:
8054385c 8913 mov dword ptr [ebx],edx ds:0023:5f0508f3=????????
ChildEBP RetAddr Args to Child
b5ff20b8 80543e6f e3390008 7ffdb700 b5ff2180 nt!ExDeferredFreePool+0x156 (FPO: [Non-Fpo])
b5ff20f8 bf802acb e3badc00 89080790 b5ff2114 nt!ExFreePoolWithTag+0x489 (FPO: [Non-Fpo])
b5ff2108 bf80efcb e3badc00 b5ff23d8 bf855990 win32k!HeavyFreePool+0xbb (FPO: [Non-Fpo])
b5ff2114 bf855990 b5ff2168 00000002 00000040 win32k!PopAndFreeAlwaysW32ThreadLock+0x20 (FPO: [Non-Fpo])
b5ff23d8 bf8bd5a0 bc6385e0 0000004a 000e036c win32k!SfnCOPYDATA+0x284 (FPO: [Non-Fpo])
b5ff241c bf83f315 10106a10 77d86258 00000001 win32k!xxxHkCallHook+0x222 (FPO: [Non-Fpo])
b5ff2494 bf8f4fc3 036493b8 00000000 00000001 win32k!xxxCallHook2+0x25d (FPO: [Non-Fpo])
b5ff24b0 bf92eacc 00000000 00000001 00000000 win32k!xxxCallNextHookEx+0x2d (FPO: [Non-Fpo])
b5ff24dc bf855a4a bc6385e0 0000004a 000e036c win32k!fnHkINLPCWPRETEXSTRUCT+0x59 (FPO: [Non-Fpo])
b5ff2528 bf80f7c5 bc6385e0 0000004a 000e036c win32k!NtUserfnCOPYDATA+0x7d (FPO: [Non-Fpo])
b5ff2560 8053c808 00030040 0000004a 000e036c win32k!NtUserMessageCall+0xae (FPO: [Non-Fpo])
b5ff2560 7c90eb94 00030040 0000004a 000e036c nt!KiFastCallEntry+0xf8 (FPO: [0,0] TrapFrame @ b5ff2584)
WARNING: Frame IP not in any known module. Following frames may be wrong.
00edfa08 00000000 00000000 00000000 00000000 0x7c90eb94
start end module name
804d7000 806cd280 nt ntkrnlpa.exe Tue Mar 01 18:34:37 2005 (42250A1D)
806ce000 806ee380 hal halaacpi.dll Wed Aug 04 00:59:05 2004 (41107B29)
b4877000 b48b7380 HTTP HTTP.sys Wed Aug 04 01:00:09 2004 (41107B69)
b4a70000 b4a81500 tmcomm tmcomm.sys Mon Jul 31 01:41:15 2006 (44CDA60B)
b4ad2000 b4b23300 srv srv.sys Mon May 09 19:17:49 2005 (427FFDAD)
b4b4c000 b4b78400 mrxdav mrxdav.sys Wed Aug 04 01:00:49 2004 (41107B91)
b4e76000 b4e8a400 wdmaud wdmaud.sys Wed Aug 04 01:15:03 2004 (41107EE7)
b60eb000 b60ee280 ndisuio ndisuio.sys Wed Aug 04 01:03:10 2004 (41107C1E)
b6b5c000 b6b73480 dump_atapi dump_atapi.sys Wed Aug 04 00:59:41 2004 (41107B4D)
b6b74000 b6b84d00 LMouKE LMouKE.Sys Sat Jul 23 01:41:40 2005 (42E1E6A4)
b6c25000 b6c45f00 ipnat ipnat.sys Wed Aug 04 01:04:48 2004 (41107C80)
b6c46000 b6cb3680 mrxsmb mrxsmb.sys Wed Oct 27 20:14:16 2004 (418047E8)
b6cdc000 b6d06a00 rdbss rdbss.sys Wed Oct 27 20:13:57 2004 (418047D5)
b6d07000 b6d28d00 afd afd.sys Wed Aug 04 01:14:13 2004 (41107EB5)
b6d29000 b6d50c00 netbt netbt.sys Wed Aug 04 01:14:36 2004 (41107ECC)
b6d51000 b6da8d80 tcpip tcpip.sys Wed May 25 14:04:00 2005 (4294CC20)
b6da9000 b6dbb400 ipsec ipsec.sys Wed Aug 04 01:14:27 2004 (41107EC3)
b8edc000 b8f78000 ctac32k ctac32k.sys Wed Dec 07 21:54:32 2005 (4397AE78)
b8f78000 b8f9f000 ctsfm2k ctsfm2k.sys Wed Dec 07 21:54:41 2005 (4397AE81)
b8f9f000 b8fcc000 emupia2k emupia2k.sys Wed Dec 07 21:54:38 2005 (4397AE7E)
b8fcc000 b90cd000 ha10kx2k ha10kx2k.sys Wed Dec 07 21:54:56 2005 (4397AE90)
b90cd000 b90ff000 hap17v2k hap17v2k.sys Wed Dec 07 21:55:06 2005 (4397AE9A)
b95f9000 b962c200 update update.sys Wed Aug 04 00:58:32 2004 (41107B08)
b962d000 b963de00 psched psched.sys Wed Aug 04 01:04:16 2004 (41107C60)
b963e000 b9654680 ndiswan ndiswan.sys Wed Aug 04 01:14:30 2004 (41107EC6)
b9655000 b9668900 parport parport.sys Wed Aug 04 00:59:04 2004 (41107B28)
b9669000 b967c780 VIDEOPRT VIDEOPRT.SYS Wed Aug 04 01:07:04 2004 (41107D08)
b967d000 b9a436e0 nv4_mini nv4_mini.sys Fri Aug 11 22:24:08 2006 (44DD49D8)
b9a44000 b9a76d80 NVSNPU NVSNPU.SYS Wed Nov 24 19:42:04 2004 (41A5386C)
b9a77000 b9aba480 NVNRM NVNRM.SYS Wed Nov 24 19:42:20 2004 (41A5387C)
b9abb000 b9aed000 ctoss2k ctoss2k.sys Wed Dec 07 21:54:51 2005 (4397AE8B)
b9aed000 b9b10980 portcls portcls.sys Wed Aug 04 01:15:47 2004 (41107F13)
b9b11000 b9b7c400 ctaud2k ctaud2k.sys Wed Dec 07 21:55:43 2005 (4397AEBF)
b9b7d000 b9b9f680 ks ks.sys Wed Aug 04 01:15:20 2004 (41107EF8)
b9ba0000 b9bc2e80 USBPORT USBPORT.SYS Wed Aug 04 01:08:34 2004 (41107D62)
b9bc3000 b9bd2900 Cdfs Cdfs.SYS Wed Aug 04 01:14:09 2004 (41107EB1)
b9bf3000 b9bfbd80 HIDCLASS HIDCLASS.SYS Wed Aug 04 01:08:18 2004 (41107D52)
b9c03000 b9c11d80 arp1394 arp1394.sys Wed Aug 04 00:58:28 2004 (41107B04)
b9c13000 b9c1b700 wanarp wanarp.sys Wed Aug 04 01:04:57 2004 (41107C89)
b9c23000 b9c2b880 Fips Fips.SYS Fri Aug 17 20:31:49 2001 (3B7DC585)
b9c43000 b9c4b700 netbios netbios.sys Wed Aug 04 01:03:19 2004 (41107C27)
ba483000 ba485f80 mouhid mouhid.sys Fri Aug 17 15:47:57 2001 (3B7D82FD)
ba487000 ba489580 hidusb hidusb.sys Fri Aug 17 16:02:16 2001 (3B7D8658)
ba614000 ba62e580 Mup Mup.sys Wed Aug 04 01:15:20 2004 (41107EF8)
ba62f000 ba65ba80 NDIS NDIS.sys Wed Aug 04 01:14:27 2004 (41107EC3)
ba65c000 ba6e8480 Ntfs Ntfs.sys Wed Aug 04 01:15:06 2004 (41107EEA)
ba6e9000 ba6ff780 KSecDD KSecDD.sys Wed Aug 04 00:59:45 2004 (41107B51)
ba700000 ba711f00 sr sr.sys Wed Aug 04 01:06:22 2004 (41107CDE)
ba712000 ba730780 fltmgr fltmgr.sys Wed Aug 04 01:01:17 2004 (41107BAD)
ba731000 ba748480 atapi atapi.sys Wed Aug 04 00:59:41 2004 (41107B4D)
ba749000 ba767880 ftdisk ftdisk.sys Fri Aug 17 15:52:41 2001 (3B7D8419)
ba768000 ba778a80 pci pci.sys Wed Aug 04 01:07:45 2004 (41107D31)
ba779000 ba7a6d80 ACPI ACPI.sys Wed Aug 04 01:07:35 2004 (41107D27)
ba8a8000 ba8b0c00 isapnp isapnp.sys Fri Aug 17 15:58:01 2001 (3B7D8559)
ba8b8000 ba8c6e80 ohci1394 ohci1394.sys Wed Aug 04 01:10:05 2004 (41107DBD)
ba8c8000 ba8d5000 1394BUS 1394BUS.SYS Wed Aug 04 01:10:03 2004 (41107DBB)
ba8d8000 ba8e2500 MountMgr MountMgr.sys Wed Aug 04 00:58:29 2004 (41107B05)
ba8e8000 ba8f4c80 VolSnap VolSnap.sys Wed Aug 04 01:00:14 2004 (41107B6E)
ba8f8000 ba900e00 disk disk.sys Wed Aug 04 00:59:53 2004 (41107B59)
ba908000 ba914200 CLASSPNP CLASSPNP.SYS Wed Aug 04 01:14:26 2004 (41107EC2)
ba938000 ba940900 msgpc msgpc.sys Wed Aug 04 01:04:11 2004 (41107C5B)
ba948000 ba951f00 termdd termdd.sys Wed Aug 04 00:58:52 2004 (41107B1C)
ba958000 ba961480 NDProxy NDProxy.SYS Fri Aug 17 15:55:30 2001 (3B7D84C2)
ba968000 ba976100 usbhub usbhub.sys Wed Aug 04 01:08:40 2004 (41107D68)
ba978000 ba980280 NVENETFD NVENETFD.sys Wed Nov 24 19:42:44 2004 (41A53894)
ba9b8000 ba9c6d80 sysaudio sysaudio.sys Wed Aug 04 01:15:54 2004 (41107F1A)
baa78000 baa86000 AmdK8 AmdK8.sys Sat May 08 12:21:43 2004 (409D1727)
baa88000 baa92380 imapi imapi.sys Wed Aug 04 01:00:12 2004 (41107B6C)
baa98000 baaa4180 cdrom cdrom.sys Wed Aug 04 00:59:52 2004 (41107B58)
baaa8000 baab6080 redbook redbook.sys Wed Aug 04 00:59:34 2004 (41107B46)
baab8000 baac6b80 drmk drmk.sys Wed Aug 04 01:07:54 2004 (41107D3A)
baac8000 baad7180 nic1394 nic1394.sys Wed Aug 04 00:58:28 2004 (41107B04)
baad8000 baae7d80 serial serial.sys Wed Aug 04 01:15:51 2004 (41107F17)
baae8000 baaf4e00 i8042prt i8042prt.sys Wed Aug 04 01:14:36 2004 (41107ECC)
baaf8000 bab04880 rasl2tp rasl2tp.sys Wed Aug 04 01:14:21 2004 (41107EBD)
bab08000 bab12200 raspppoe raspppoe.sys Wed Aug 04 01:05:06 2004 (41107C92)
bab18000 bab23d00 raspptp raspptp.sys Wed Aug 04 01:14:26 2004 (41107EC2)
bab28000 bab2e200 PCIIDEX PCIIDEX.SYS Wed Aug 04 00:59:40 2004 (41107B4C)
bab30000 bab34900 PartMgr PartMgr.sys Fri Aug 17 20:32:23 2001 (3B7DC5A7)
bab38000 bab3ce20 PxHelp20 PxHelp20.sys Mon Apr 25 14:48:02 2005 (426D4972)
babe0000 babe4280 usbohci usbohci.sys Wed Aug 04 01:08:34 2004 (41107D62)
babe8000 babee800 usbehci usbehci.sys Wed Aug 04 01:08:34 2004 (41107D62)
babf0000 babf4e80 AnyDVD AnyDVD.sys Sun Oct 08 06:29:43 2006 (4528E127)
babf8000 babff000 GEARAspiWDM GEARAspiWDM.sys Tue Feb 01 23:19:49 2005 (420062F5)
bac00000 bac08000 ctprxy2k ctprxy2k.sys Wed Dec 07 21:55:47 2005 (4397AEC3)
|
18-10-2006, 07:35 PM
|
|
Newbie
D-A-L Newbie
|
|
Join Date: Oct 2006
Posts: 5
|
|
|
Re: Please help - No ideas
New HJTL
Code:
Logfile of HijackThis v1.99.1
Scan saved at 1:33:51 PM, on 10/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\cpu-z\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.pestpatrol.com/pestscan/pestscan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136952803890
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158283469734
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{56F1BEFF-240B-4E6B-9869-5D49B072CAA5}: NameServer = 24.93.41.125,24.93.41.126
O17 - HKLM\System\CS1\Services\Tcpip\..\{56F1BEFF-240B-4E6B-9869-5D49B072CAA5}: NameServer = 24.93.41.125,24.93.41.126
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Code:
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
Is nowhere to be found in my msconfig under the "Startup" tab.
|
18-10-2006, 09:02 PM
|
|
¨*·.¸ «.·°·..·°·.» ¸.·*¨
|
|
Join Date: Jun 2004
Posts: 25,328
|
|
|
Re: Please help - No ideas
Here are other possible locations:
http://www.bleepingcomputer.com/tuto...utorial44.html
Is this a PCI sound card or on-board? Any chance it is new?
Something about it and your stacks makes me suspect it at this point.
|
18-10-2006, 09:28 PM
|
|
Newbie
D-A-L Newbie
|
|
Join Date: Oct 2006
Posts: 5
|
|
|
Re: Please help - No ideas
Well, its been so long that I totally forgot. But, my sound drivers got corrupt (I lost all the neat functions of the SoundBlaster and the programs - I dont even know what happened to them). So I downloaded these (or so I thought - turns out what is on Creatives website is different from what they put on the retail CD's which I could not find and still cant) and its working now, but, audio definitely isn't what it used to be.
I have a MSI Neo4 Platinum mobo that has an AC97 onboard soundcard that is disabled through the BIOS. The soundcard I'm using is a PCI card, its an Audigy 4 ZS? (I know its a 4, just not sure of the accronyms after the 4 if any).
|
26-10-2006, 11:01 PM
|
|
Newbie
D-A-L Newbie
|
|
Join Date: Oct 2006
Posts: 5
|
|
|
Re: Please help - No ideas
Two new dumps, minutes apart.
Debug
Code:
Opened log file 'c:\debuglog.txt'
Microsoft (R) Windows Debugger Version 6.6.0007.5
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\WINDOWS\Minidump\Mini102606-02.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: C:\WINDOWS;C:\WINDOWS\system32;C:\WINDOWS\system32\drivers
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 2600.xpsp_sp2_gdr.050301-1519
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805531a0
Debug session time: Thu Oct 26 16:52:02.250 2006 (GMT-5)
System Uptime: 0 days 0:40:27.833
Loading Kernel Symbols
.............................................................................................................................
Loading User Symbols
Loading unloaded module list
...........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000008E, {c0000005, 805446f3, b4cc2af8, 0}
Probably caused by : ntkrnlpa.exe ( nt!ExAllocatePoolWithTag+673 )
Followup: MachineOwner
---------
kd> !analyze -v;r;kv;lmtn;.logclose;q
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 805446f3, The address that the exception occurred at
Arg3: b4cc2af8, Trap Frame
Arg4: 00000000
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".
FAULTING_IP:
nt!ExAllocatePoolWithTag+673
805446f3 897104 mov dword ptr [ecx+4],esi
TRAP_FRAME: b4cc2af8 -- (.trap ffffffffb4cc2af8)
.trap ffffffffb4cc2af8
ErrCode = 00000002
eax=e12a4490 ebx=8a76a050 ecx=000004c0 edx=0000000b esi=8a76a170 edi=000001ff
eip=805446f3 esp=b4cc2b6c ebp=b4cc2bc0 iopl=0 nv up ei pl nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010202
nt!ExAllocatePoolWithTag+0x673:
805446f3 897104 mov dword ptr [ecx+4],esi ds:0023:000004c4=????????
.trap
Resetting default scope
CUSTOMER_CRASH_COUNT: 2
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0x8E
PROCESS_NAME: msimn.exe
LAST_CONTROL_TRANSFER: from 805b50b4 to 805446f3
STACK_TEXT:
b4cc2bc0 805b50b4 00000001 00000001 f4636553 nt!ExAllocatePoolWithTag+0x673
b4cc2be4 805b57be 89189290 804d8701 00000000 nt!ObpAllocateObject+0xc8
b4cc2c18 8050976d 804d8701 8a73e778 00000000 nt!ObCreateObject+0x12a
b4cc2cd0 8059f351 b4cc2d1c 0000000e 00000000 nt!MmCreateSection+0x6db
b4cc2d40 8053c808 0006e154 0000000e 00000000 nt!NtCreateSection+0x12f
b4cc2d40 7c90eb94 0006e154 0000000e 00000000 nt!KiFastCallEntry+0xf8
WARNING: Frame IP not in any known module. Following frames may be wrong.
0006e3a4 00000000 00000000 00000000 00000000 0x7c90eb94
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!ExAllocatePoolWithTag+673
805446f3 897104 mov dword ptr [ecx+4],esi
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!ExAllocatePoolWithTag+673
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlpa.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 42250a1d
FAILURE_BUCKET_ID: 0x8E_nt!ExAllocatePoolWithTag+673
BUCKET_ID: 0x8E_nt!ExAllocatePoolWithTag+673
Followup: MachineOwner
---------
eax=e12a4490 ebx=8a76a050 ecx=000004c0 edx=0000000b esi=8a76a170 edi=000001ff
eip=805446f3 esp=b4cc2b6c ebp=b4cc2bc0 iopl=0 nv up ei pl nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010202
nt!ExAllocatePoolWithTag+0x673:
805446f3 897104 mov dword ptr [ecx+4],esi ds:0023:000004c4=????????
ChildEBP RetAddr Args to Child
b4cc2bc0 805b50b4 00000001 00000001 f4636553 nt!ExAllocatePoolWithTag+0x673 (FPO: [Non-Fpo])
b4cc2be4 805b57be 89189290 804d8701 00000000 nt!ObpAllocateObject+0xc8 (FPO: [Non-Fpo])
b4cc2c18 8050976d 804d8701 8a73e778 00000000 nt!ObCreateObject+0x12a (FPO: [Non-Fpo])
b4cc2cd0 8059f351 b4cc2d1c 0000000e 00000000 nt!MmCreateSection+0x6db (FPO: [Non-Fpo])
b4cc2d40 8053c808 0006e154 0000000e 00000000 nt!NtCreateSection+0x12f (FPO: [Non-Fpo])
b4cc2d40 7c90eb94 0006e154 0000000e 00000000 nt!KiFastCallEntry+0xf8 (FPO: [0,0] TrapFrame @ b4cc2d64)
WARNING: Frame IP not in any known module. Following frames may be wrong.
0006e3a4 00000000 00000000 00000000 00000000 0x7c90eb94
start end module name
804d7000 806cd280 nt ntkrnlpa.exe Tue Mar 01 18:34:37 2005 (42250A1D)
806ce000 806ee380 hal halaacpi.dll Wed Aug 04 00:59:05 2004 (41107B29)
b350d000 b3536f00 kmixer kmixer.sys Wed Aug 04 01:07:46 2004 (41107D32)
b4679000 b46b9380 HTTP HTTP.sys Wed Aug 04 01:00:09 2004 (41107B69)
b4962000 b49b3300 srv srv.sys Mon May 09 19:17:49 2005 (427FFDAD)
b4a04000 b4a30400 mrxdav mrxdav.sys Wed Aug 04 01:00:49 2004 (41107B91)
b4c16000 b4c2a400 wdmaud wdmaud.sys Wed Aug 04 01:15:03 2004 (41107EE7)
b5dc3000 b5dd1d80 sysaudio sysaudio.sys Wed Aug 04 01:15:54 2004 (41107F1A)
b5e8f000 b5e92280 ndisuio ndisuio.sys Wed Aug 04 01:03:10 2004 (41107C1E)
b68fc000 b6913480 dump_atapi dump_atapi.sys Wed Aug 04 00:59:41 2004 (41107B4D)
b6914000 b6924d00 LMouKE LMouKE.Sys Sat Jul 23 01:41:40 2005 (42E1E6A4)
b69c5000 b69e5f00 ipnat ipnat.sys Wed Aug 04 01:04:48 2004 (41107C80)
b69e6000 b6a53680 mrxsmb mrxsmb.sys Wed Oct 27 20:14:16 2004 (418047E8)
b6a7c000 b6aa6a00 rdbss rdbss.sys Wed Oct 27 20:13:57 2004 (418047D5)
b6aa7000 b6ac8d00 afd afd.sys Wed Aug 04 01:14:13 2004 (41107EB5)
b6ac9000 b6af0c00 netbt netbt.sys Wed Aug 04 01:14:36 2004 (41107ECC)
b6af1000 b6b48d80 tcpip tcpip.sys Wed May 25 14:04:00 2005 (4294CC20)
b6b49000 b6b5b400 ipsec ipsec.sys Wed Aug 04 01:14:27 2004 (41107EC3)
b8c7c000 b8d18000 ctac32k ctac32k.sys Wed Dec 07 21:54:32 2005 (4397AE78)
b8d18000 b8d3f000 ctsfm2k ctsfm2k.sys Wed Dec 07 21:54:41 2005 (4397AE81)
b8d3f000 b8d6c000 emupia2k emupia2k.sys Wed Dec 07 21:54:38 2005 (4397AE7E)
b8d6c000 b8e6d000 ha10kx2k ha10kx2k.sys Wed Dec 07 21:54:56 2005 (4397AE90)
b8e6d000 b8e9f000 hap17v2k hap17v2k.sys Wed Dec 07 21:55:06 2005 (4397AE9A)
b9382000 b93b5200 update update.sys Wed Aug 04 00:58:32 2004 (41107B08)
b93b6000 b93c6e00 psched psched.sys Wed Aug 04 01:04:16 2004 (41107C60)
b93de000 b93f4680 ndiswan ndiswan.sys Wed Aug 04 01:14:30 2004 (41107EC6)
b93f5000 b9408900 parport parport.sys Wed Aug 04 00:59:04 2004 (41107B28)
b9409000 b941c780 VIDEOPRT VIDEOPRT.SYS Wed Aug 04 01:07:04 2004 (41107D08)
b941d000 b97e36e0 nv4_mini nv4_mini.sys Fri Aug 11 22:24:08 2006 (44DD49D8)
b97e4000 b9816d80 NVSNPU NVSNPU.SYS Wed Nov 24 19:42:04 2004 (41A5386C)
b9817000 b985a480 NVNRM NVNRM.SYS Wed Nov 24 19:42:20 2004 (41A5387C)
b985b000 b988d000 ctoss2k ctoss2k.sys Wed Dec 07 21:54:51 2005 (4397AE8B)
b988d000 b98b0980 portcls portcls.sys Wed Aug 04 01:15:47 2004 (41107F13)
b98b1000 b991c400 ctaud2k ctaud2k.sys Wed Dec 07 21:55:43 2005 (4397AEBF)
b991d000 b993f680 ks ks.sys Wed Aug 04 01:15:20 2004 (41107EF8)
b9940000 b9962e80 USBPORT USBPORT.SYS Wed Aug 04 01:08:34 2004 (41107D62)
b9973000 b997bd80 HIDCLASS HIDCLASS.SYS Wed Aug 04 01:08:18 2004 (41107D52)
b9983000 b9991d80 arp1394 arp1394.sys Wed Aug 04 00:58:28 2004 (41107B04)
b9993000 b999b700 wanarp wanarp.sys Wed Aug 04 01:04:57 2004 (41107C89)
b99a3000 b99ab880 Fips Fips.SYS Fri Aug 17 20:31:49 2001 (3B7DC585)
b99c3000 b99cb700 netbios netbios.sys Wed Aug 04 01:03:19 2004 (41107C27)
b99e3000 b99eb280 NVENETFD NVENETFD.sys Wed Nov 24 19:42:44 2004 (41A53894)
ba475000 ba477f80 mouhid mouhid.sys Fri Aug 17 15:47:57 2001 (3B7D82FD)
ba479000 ba47b580 hidusb hidusb.sys Fri Aug 17 16:02:16 2001 (3B7D8658)
ba614000 ba62e580 Mup Mup.sys Wed Aug 04 01:15:20 2004 (41107EF8)
ba62f000 ba65ba80 NDIS NDIS.sys Wed Aug 04 01:14:27 2004 (41107EC3)
ba65c000 ba6e8480 Ntfs Ntfs.sys Wed Aug 04 01:15:06 2004 (41107EEA)
ba6e9000 ba6ff780 KSecDD KSecDD.sys Wed Aug 04 00:59:45 2004 (41107B51)
ba700000 ba711f00 sr sr.sys Wed Aug 04 01:06:22 2004 (41107CDE)
ba712000 ba730780 fltmgr fltmgr.sys Wed Aug 04 01:01:17 2004 (41107BAD)
ba731000 ba748480 atapi atapi.sys Wed Aug 04 00:59:41 2004 (41107B4D)
ba749000 ba767880 ftdisk ftdisk.sys Fri Aug 17 15:52:41 2001 (3B7D8419)
ba768000 ba778a80 pci pci.sys Wed Aug 04 01:07:45 2004 (41107D31)
ba779000 ba7a6d80 ACPI ACPI.sys Wed Aug 04 01:07:35 2004 (41107D27)
ba8a8000 ba8b0c00 isapnp isapnp.sys Fri Aug 17 15:58:01 2001 (3B7D8559)
ba8b8000 ba8c6e80 ohci1394 ohci1394.sys Wed Aug 04 01:10:05 2004 (41107DBD)
ba8c8000 ba8d5000 1394BUS 1394BUS.SYS Wed Aug 04 01:10:03 2004 (41107DBB)
ba8d8000 ba8e2500 MountMgr MountMgr.sys Wed Aug 04 00:58:29 2004 (41107B05)
ba8e8000 ba8f4c80 VolSnap VolSnap.sys Wed Aug 04 01:00:14 2004 (41107B6E)
ba8f8000 ba900e00 disk disk.sys Wed Aug 04 00:59:53 2004 (41107B59)
ba908000 ba914200 CLASSPNP CLASSPNP.SYS Wed Aug 04 01:14:26 2004 (41107EC2)
ba938000 ba944180 cdrom cdrom.sys Wed Aug 04 00:59:52 2004 (41107B58)
ba948000 ba956080 redbook redbook.sys Wed Aug 04 00:59:34 2004 (41107B46)
ba958000 ba966b80 drmk drmk.sys Wed Aug 04 01:07:54 2004 (41107D3A)
ba968000 ba977180 nic1394 nic1394.sys Wed Aug 04 00:58:28 2004 (41107B04)
ba978000 ba987d80 serial serial.sys Wed Aug 04 01:15:51 2004 (41107F17)
ba988000 ba994e00 i8042prt i8042prt.sys Wed Aug 04 01:14:36 2004 (41107ECC)
ba998000 ba9a4880 rasl2tp rasl2tp.sys Wed Aug 04 01:14:21 2004 (41107EBD)
ba9a8000 ba9b2200 raspppoe raspppoe.sys Wed Aug 04 01:05:06 2004 (41107C92)
ba9b8000 ba9c3d00 raspptp raspptp.sys Wed Aug 04 01:14:26 2004 (41107EC2)
ba9c8000 ba9d0900 msgpc msgpc.sys Wed Aug 04 01:04:11 2004 (41107C5B)
ba9d8000 ba9e1f00 termdd termdd.sys Wed Aug 04 00:58:52 2004 (41107B1C)
ba9e8000 ba9f1480 NDProxy NDProxy.SYS Fri Aug 17 15:55:30 2001 (3B7D84C2)
ba9f8000 baa06100 usbhub usbhub.sys Wed Aug 04 01:08:40 2004 (41107D68)
baa28000 baa37900 Cdfs Cdfs.SYS Wed Aug 04 01:14:09 2004 (41107EB1)
bab08000 bab16000 AmdK8 AmdK8.sys Sat May 08 12:21:43 2004 (409D1727)
bab18000 bab22380 imapi imapi.sys Wed Aug 04 01:00:12 2004 (41107B6C)
bab28000 bab2e200 PCIIDEX PCIIDEX.SYS Wed Aug 04 00:59:40 2004 (41107B4C)
bab30000 bab34900 PartMgr PartMgr.sys Fri Aug 17 20:32:23 2001 (3B7DC5A7)
bab38000 bab3ce20 PxHelp20 PxHelp20.sys Mon Apr 25 14:48:02 2005 (426D4972)
babe0000 babe4280 usbohci usbohci.sys Wed Aug 04 01:08:34 2004 (41107D62)
babe8000 babee800 usbehci usbehci.sys Wed Aug 04 01:08:34 2004 (41107D62)
babf0000 babf4e80 AnyDVD AnyDVD.sys Fri Oct 20 12:42:41 2006 (45390A91)
babf8000 babff000 GEARAspiWDM GEARAspiWDM.sys Tue Feb 01 23:19:49 2005 (420062F5)
bac00000 bac08000 ctprxy2k ctprxy2k.sys Wed Dec 07 21:55:47 2005 (4397AEC3)
bac08000 bac09000 fdc fdc.sys unavailable (00000000)
bac10000 bac16000 kbdclass kbdclass.sys Wed Aug 04 00:58:32 2004 (41107B08)
bac18000 bac1c880 TDI TDI.SYS Wed Aug 04 01:07:47 2004 (41107D33)
bac20000 bac24580 ptilink ptilink.sys Fri Aug 17 15:49:53 2001 (3B7D8371)
bac28000 bac2c080 raspti raspti.sys Fri Aug 17 15:55:32 2001 (3B7D84C4)
bac30000 bac35a00 mouclass mouclass.sys Wed Aug 04 00:58:32 2004 (41107B08)
bac38000 bac3fe40 vdiskbus vdiskbus.sys Sun Jul 07 18:21:33 2002 (3D28CCFD)
bac50000 bac55200 vga vga.sys Wed Aug 04 01:07:06 2004 (41107D0A)
bac58000 bac5ca80 Msfs Msfs.SYS Wed Aug 04 01:00:37 2004 (41107B85)
bac60000 bac67880 Npfs Npfs.SYS Wed Aug 04 01:00:38 2004 (41107B86)
bac70000 bac77b80 usbccgp usbccgp.sys Wed Aug 04 01:08:45 2004 (41107D6D)
bac78000 bac7e180 HIDPARSE HIDPARSE.SYS Wed Aug 04 01:08:15 2004 (41107D4F)
bac80000 bac86600 LHidKE LHidKE.Sys Sat Jul 23 01:41:46 2005 (42E1E6AA)
bac88000 bac8c500 watchdog watchdog.sys Wed Aug 04 01:07:32 2004 (41107D24)
bacb8000 bacbb000 BOOTVID BOOTVID.dll Fri Aug 17 15:49:09 2001 (3B7D8345)
bad44000 bad46900 Dxapi Dxapi.sys Fri Aug 17 15:53:19 2001 (3B7D843F)
bad54000 bad57280 nvnetbus nvnetbus.sys Wed Nov 24 19:42:46 2004 (41A53896)
bad58000 bad5bc80 serenum serenum.sys Wed Aug 04 00:59:06 2004 (41107B2A)
bad5c000 bad5e580 ndistapi ndistapi.sys Fri Aug 17 15:55:29 2001 (3B7D84C1)
bad6c000 bad6fc80 mssmbios mssmbios.sys Wed Aug 04 01:07:47 2004 (41107D33)
bad98000 bad9a280 rasacd rasacd.sys Fri Aug 17 15:55:39 2001 (3B7D84CB)
bada8000 bada9b80 kdcom kdcom.dll Fri Aug 17 15:49:10 2001 (3B7D8346)
badaa000 badab100 WMILIB WMILIB.SYS Fri Aug 17 16:07:23 2001 (3B7D878B)
badb4000 badb5a80 ParVdm ParVdm.SYS Fri Aug 17 15:49:49 2001 (3B7D836D)
badb6000 badb72c0 cdrpdacc cdrpdacc.sys Tue Oct 28 15:01:25 2003 (3F9ED925)
badb8000 badb9f80 ElbyCDIO ElbyCDIO.sys Fri Apr 21 20:44:39 2006 (44498A87)
badc0000 badc1200 ElbyDelay ElbyDelay.sys Tue Apr 12 03:41:20 2005 (425B89B0)
badc4000 badc5100 swenum swenum.sys Wed Aug 04 00:58:41 2004 (41107B11)
badc6000 badc7280 USBD USBD.SYS Fri Aug 17 16:02:58 2001 (3B7D8682)
badca000 badcbf00 Fs_Rec Fs_Rec.SYS Fri Aug 17 15:49:37 2001 (3B7D8361)
badcc000 badcd080 Beep Beep.SYS Fri Aug 17 15:47:33 2001 (3B7D82E5)
badce000 badcf080 mnmdd mnmdd.SYS Fri Aug 17 15:57:28 2001 (3B7D8538)
badd0000 badd1080 RDPCDD RDPCDD.sys Fri Aug 17 15:46:56 2001 (3B7D82C0)
badd4000 badd5100 dump_WMILIB dump_WMILIB.SYS Fri Aug 17 16:07:23 2001 (3B7D878B)
bae70000 bae70d00 pciide pciide.sys Fri Aug 17 15:51:49 2001 (3B7D83E5)
baf3c000 baf3cb80 Null Null.SYS Fri Aug 17 15:47:39 2001 (3B7D82EB)
bafb0000 bafb0d00 dxgthk dxgthk.sys Fri Aug 17 15:53:12 2001 (3B7D8438)
bafd0000 bafd0c00 audstub audstub.sys Fri Aug 17 15:59:40 2001 (3B7D85BC)
bf800000 bf9c1180 win32k win32k.sys Wed Oct 05 19:05:44 2005 (43446A58)
bf9c2000 bf9d3580 dxg dxg.sys Wed Aug 04 01:00:51 2004 (41107B93)
bf9d4000 bfe1db00 nv4_disp nv4_disp.dll Fri Aug 11 22:18:47 2006 (44DD4897)
Unloaded modules:
b3d37000 b3d61000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
b4bc9000 b4bf3000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
bafbf000 bafc0000 drmkaud.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
b5d93000 b5da0000 DMusic.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
b5da3000 b5db1000 swmidi.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
b4bf3000 b4c16000 aec.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
bae30000 bae32000 splitter.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
b99b3000 b99bc000 processr.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
bac48000 bac4d000 Cdaudio.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
bad94000 bad97000 Sfloppy.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
bac40000 bac45000 Flpydisk.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
Closing open log file c:\debuglog.txt
Here is a debug just minutes before it:
Debug 2
Code:
Opened log file 'c:\debuglog.txt'
Microsoft (R) Windows Debugger Version 6.6.0007.5
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\WINDOWS\Minidump\Mini102606-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: C:\WINDOWS;C:\WINDOWS\system32;C:\WINDOWS\system32\drivers
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 2600.xpsp_sp2_gdr.050301-1519
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805531a0
Debug session time: Thu Oct 26 16:11:04.953 2006 (GMT-5)
System Uptime: 2 days 0:51:08.527
Loading Kernel Symbols
..............................................................................................................................
Loading User Symbols
Loading unloaded module list
...................................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 10000050, {e4018bf0, 0, 805446ec, 1}
Could not read faulting driver name
Probably caused by : win32k.sys ( win32k!HeavyAllocPool+74 )
Followup: MachineOwner
---------
kd> !analyze -v;r;kv;lmtn;.logclose;q
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: e4018bf0, memory referenced.
Arg2: 00000000, value 0 = read operation, 1 = write operation.
Arg3: 805446ec, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 00000001, (reserved)
Debugging Details:
------------------
Could not read faulting driver name
READ_ADDRESS: e4018bf0
FAULTING_IP:
nt!ExAllocatePoolWithTag+66c
805446ec 8b08 mov ecx,dword ptr [eax]
MM_INTERNAL_CODE: 1
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0x50
PROCESS_NAME: Foxit Reader.ex
LAST_CONTROL_TRANSFER: from bf802b6a to 805446ec
STACK_TEXT:
b4cfcdbc bf802b6a 00000001 00000001 33355448 nt!ExAllocatePoolWithTag+0x66c
b4cfcddc bf8a15a1 00000408 33355448 00000000 win32k!HeavyAllocPool+0x74
b4cfcdf8 bf8d2d3c 00000001 000003f8 33355448 win32k!EngAllocMem+0x33
b4cfce38 bf8da0f7 e1114030 00000244 b4cfceb8 win32k!BuildBltAAInfo+0x84
b4cfcf28 bf8d8c80 00000000 e1114030 e3ea3e98 win32k!SetupAAHeader+0x631
b4cfcf78 bf8d978e e3ea3e60 b4cfd294 00ffffff win32k!AAHalftoneBitmap+0x69
b4cfcfac bf8d7a09 e3ea3d38 e1114030 06cfd154 win32k!HT_HalftoneBitmap+0x2ab
b4cfd3b4 bf85eddd e1b50018 e1941e90 00000000 win32k!EngHTBlt+0xc7f
b4cfd610 bf89e20e e1b50018 e1941e90 00000000 win32k!EngStretchBlt+0x1b3
b4cfd6b0 bf89dfff e1b50018 e1941e90 00000000 win32k!EngStretchBltROP+0x3a9
b4cfd78c bf84706a 00000000 00000000 bf89e180 win32k!BLTRECORD::bStretch+0x41b
b4cfd8c0 bf835ca6 ed01073c 00000336 00000002 win32k!GreStretchBltInternal+0x632
b4cfd8fc 8053c808 ed01073c 00000336 00000002 win32k!GreStretchBlt+0x30
b4cfd8fc 7c90eb94 ed01073c 00000336 00000002 nt!KiFastCallEntry+0xf8
WARNING: Frame IP not in any known module. Following frames may be wrong.
0012ebd0 00000000 00000000 00000000 00000000 0x7c90eb94
STACK_COMMAND: kb
FOLLOWUP_IP:
win32k!HeavyAllocPool+74
bf802b6a 8bd0 mov edx,eax
SYMBOL_STACK_INDEX: 1
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: win32k
IMAGE_NAME: win32k.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 43446a58
SYMBOL_NAME: win32k!HeavyAllocPool+74
FAILURE_BUCKET_ID: 0x50_win32k!HeavyAllocPool+74
BUCKET_ID: 0x50_win32k!HeavyAllocPool+74
Followup: MachineOwner
---------
eax=e4018bf0 ebx=8a76a050 ecx=8a76b0b8 edx=00000002 esi=8a76a488 edi=000001ff
eip=805446ec esp=b4cfcd68 ebp=b4cfcdbc iopl=0 nv up ei pl nz ac po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010212
nt!ExAllocatePoolWithTag+0x66c:
805446ec 8b08 mov ecx,dword ptr [eax] ds:0023:e4018bf0=????????
ChildEBP RetAddr Args to Child
b4cfcdbc bf802b6a 00000001 00000001 33355448 nt!ExAllocatePoolWithTag+0x66c (FPO: [Non-Fpo])
b4cfcddc bf8a15a1 00000408 33355448 00000000 win32k!HeavyAllocPool+0x74 (FPO: [Non-Fpo])
b4cfcdf8 bf8d2d3c 00000001 000003f8 33355448 win32k!EngAllocMem+0x33 (FPO: [Non-Fpo])
b4cfce38 bf8da0f7 e1114030 00000244 b4cfceb8 win32k!BuildBltAAInfo+0x84 (FPO: [Non-Fpo])
b4cfcf28 bf8d8c80 00000000 e1114030 e3ea3e98 win32k!SetupAAHeader+0x631 (FPO: [Non-Fpo])
b4cfcf78 bf8d978e e3ea3e60 b4cfd294 00ffffff win32k!AAHalftoneBitmap+0x69 (FPO: [Non-Fpo])
b4cfcfac bf8d7a09 e3ea3d38 e1114030 06cfd154 win32k!HT_HalftoneBitmap+0x2ab (FPO: [Non-Fpo])
b4cfd3b4 bf85eddd e1b50018 e1941e90 00000000 win32k!EngHTBlt+0xc7f (FPO: [Non-Fpo])
b4cfd610 bf89e20e e1b50018 e1941e90 00000000 win32k!EngStretchBlt+0x1b3 (FPO: [Non-Fpo])
b4cfd6b0 bf89dfff e1b50018 e1941e90 00000000 win32k!EngStretchBltROP+0x3a9 (FPO: [Non-Fpo])
b4cfd78c bf84706a 00000000 00000000 bf89e180 win32k!BLTRECORD::bStretch+0x41b (FPO: [Non-Fpo])
b4cfd8c0 bf835ca6 ed01073c 00000336 00000002 win32k!GreStretchBltInternal+0x632 (FPO: [Non-Fpo])
b4cfd8fc 8053c808 ed01073c 00000336 00000002 win32k!GreStretchBlt+0x30 (FPO: [Non-Fpo])
b4cfd8fc 7c90eb94 ed01073c 00000336 00000002 nt!KiFastCallEntry+0xf8 (FPO: [0,0] TrapFrame @ b4cfd934)
WARNING: Frame IP not in any known module. Following frames may be wrong.
0012ebd0 00000000 00000000 00000000 00000000 0x7c90eb94
start end module name
804d7000 806cd280 nt ntkrnlpa.exe Tue Mar 01 18:34:37 2005 (42250A1D)
806ce000 806ee380 hal halaacpi.dll Wed Aug 04 00:59:05 2004 (41107B29)
b4593000 b45a3280 Udfs Udfs.SYS Wed Aug 04 01:00:27 2004 (41107B7B)
b4694000 b46d4380 HTTP HTTP.sys Wed Aug 04 01:00:09 2004 (41107B69)
b49a5000 b49f6300 srv srv.sys Mon May 09 19:17:49 2005 (427FFDAD)
b4a1f000 b4a4b400 mrxdav mrxdav.sys Wed Aug 04 01:00:49 2004 (41107B91)
b4c31000 b4c45400 wdmaud wdmaud.sys Wed Aug 04 01:15:03 2004 (41107EE7)
b5eaa000 b5ead280 ndisuio ndisuio.sys Wed Aug 04 01:03:10 2004 (41107C1E)
b5f6e000 b5f7cd80 sysaudio sysaudio.sys Wed Aug 04 01:15:54 2004 (41107F1A)
b6917000 b692e480 dump_atapi dump_atapi.sys Wed Aug 04 00:59:41 2004 (41107B4D)
b692f000 b693fd00 LMouKE LMouKE.Sys Sat Jul 23 01:41:40 2005 (42E1E6A4)
b69e0000 b6a00f00 ipnat ipnat.sys Wed Aug 04 01:04:48 2004 (41107C80)
b6a01000 b6a6e680 mrxsmb mrxsmb.sys Wed Oct 27 20:14:16 2004 (418047E8)
b6a97000 b6ac1a00 rdbss rdbss.sys Wed Oct 27 20:13:57 2004 (418047D5)
b6ac2000 b6ae3d00 afd afd.sys Wed Aug 04 01:14:13 2004 (41107EB5)
b6ae4000 b6b0bc00 netbt netbt.sys Wed Aug 04 01:14:36 2004 (41107ECC)
b6b0c000 b6b63d80 tcpip tcpip.sys Wed May 25 14:04:00 2005 (4294CC20)
b6b64000 b6b76400 ipsec ipsec.sys Wed Aug 04 01:14:27 2004 (41107EC3)
b8c97000 b8d33000 ctac32k ctac32k.sys Wed Dec 07 21:54:32 2005 (4397AE78)
b8d33000 b8d5a000 ctsfm2k ctsfm2k.sys Wed Dec 07 21:54:41 2005 (4397AE81)
b8d5a000 b8d87000 emupia2k emupia2k.sys Wed Dec 07 21:54:38 2005 (4397AE7E)
b8d87000 b8e88000 ha10kx2k ha10kx2k.sys Wed Dec 07 21:54:56 2005 (4397AE90)
b8e88000 b8eba000 hap17v2k hap17v2k.sys Wed Dec 07 21:55:06 2005 (4397AE9A)
b9395000 b9397900 Dxapi Dxapi.sys Fri Aug 17 15:53:19 2001 (3B7D843F)
b939d000 b93d0200 update update.sys Wed Aug 04 00:58:32 2004 (41107B08)
b93d1000 b93e1e00 psched psched.sys Wed Aug 04 01:04:16 2004 (41107C60)
b93e2000 b93f8680 ndiswan ndiswan.sys Wed Aug 04 01:14:30 2004 (41107EC6)
b93f9000 b940c900 parport parport.sys Wed Aug 04 00:59:04 2004 (41107B28)
b940d000 b9420780 VIDEOPRT VIDEOPRT.SYS Wed Aug 04 01:07:04 2004 (41107D08)
b9438000 b97fe6e0 nv4_mini nv4_mini.sys Fri Aug 11 22:24:08 2006 (44DD49D8)
b97ff000 b9831d80 NVSNPU NVSNPU.SYS Wed Nov 24 19:42:04 2004 (41A5386C)
b9832000 b9875480 NVNRM NVNRM.SYS Wed Nov 24 19:42:20 2004 (41A5387C)
b9876000 b98a8000 ctoss2k ctoss2k.sys Wed Dec 07 21:54:51 2005 (4397AE8B)
b98a8000 b98cb980 portcls portcls.sys Wed Aug 04 01:15:47 2004 (41107F13)
b98cc000 b9937400 ctaud2k ctaud2k.sys Wed Dec 07 21:55:43 2005 (4397AEBF)
b9938000 b995a680 ks ks.sys Wed Aug 04 01:15:20 2004 (41107EF8)
b995b000 b997de80 USBPORT USBPORT.SYS Wed Aug 04 01:08:34 2004 (41107D62)
b997e000 b9986d80 HIDCLASS HIDCLASS.SYS Wed Aug 04 01:08:18 2004 (41107D52)
b998e000 b999cd80 arp1394 arp1394.sys Wed Aug 04 00:58:28 2004 (41107B04)
b999e000 b99a6700 wanarp wanarp.sys Wed Aug 04 01:04:57 2004 (41107C89)
b99ae000 b99b6880 Fips Fips.SYS Fri Aug 17 20:31:49 2001 (3B7DC585)
b99ce000 b99d6700 netbios netbios.sys Wed Aug 04 01:03:19 2004 (41107C27)
b99ee000 b99f6280 NVENETFD NVENETFD.sys Wed Nov 24 19:42:44 2004 (41A53894)
b99fe000 b9a0c100 usbhub usbhub.sys Wed Aug 04 01:08:40 2004 (41107D68)
b9a0e000 b9a17480 NDProxy NDProxy.SYS Fri Aug 17 15:55:30 2001 (3B7D84C2)
ba475000 ba477f80 mouhid mouhid.sys Fri Aug 17 15:47:57 2001 (3B7D82FD)
ba479000 ba47b580 hidusb hidusb.sys Fri Aug 17 16:02:16 2001 (3B7D8658)
ba614000 ba62e580 Mup Mup.sys Wed Aug 04 01:15:20 2004 (41107EF8)
ba62f000 ba65ba80 NDIS NDIS.sys Wed Aug 04 01:14:27 2004 (41107EC3)
ba65c000 ba6e8480 Ntfs Ntfs.sys Wed Aug 04 01:15:06 2004 (41107EEA)
ba6e9000 ba6ff780 KSecDD KSecDD.sys Wed Aug 04 00:59:45 2004 (41107B51)
ba700000 ba711f00 sr sr.sys Wed Aug 04 01:06:22 2004 (41107CDE)
ba712000 ba730780 fltmgr fltmgr.sys Wed Aug 04 01:01:17 2004 (41107BAD)
ba731000 ba748480 atapi atapi.sys Wed Aug 04 00:59:41 2004 (41107B4D)
ba749000 ba767880 ftdisk ftdisk.sys Fri Aug 17 15:52:41 2001 (3B7D8419)
ba768000 ba778a80 pci pci.sys Wed Aug 04 01:07:45 2004 (41107D31)
ba779000 ba7a6d80 ACPI ACPI.sys Wed Aug 04 01:07:35 2004 (41107D27)
ba8a8000 ba8b0c00 isapnp isapnp.sys Fri Aug 17 15:58:01 2001 (3B7D8559)
ba8b8000 ba8c6e80 ohci1394 ohci1394.sys Wed Aug 04 01:10:05 2004 (41107DBD)
ba8c8000 ba8d5000 1394BUS 1394BUS.SYS Wed Aug 04 01:10:03 2004 (41107DBB)
ba8d8000 ba8e2500 MountMgr MountMgr.sys Wed Aug 04 00:58:29 2004 (41107B05)
ba8e8000 ba8f4c80 VolSnap VolSnap.sys Wed Aug 04 01:00:14 2004 (41107B6E)
ba8f8000 ba900e00 disk disk.sys Wed Aug 04 00:59:53 2004 (41107B59)
ba908000 ba914200 CLASSPNP CLASSPNP.SYS Wed Aug 04 01:14:26 2004 (41107EC2)
ba938000 ba946b80 drmk drmk.sys Wed Aug 04 01:07:54 2004 (41107D3A)
ba948000 ba957180 nic1394 nic1394.sys Wed Aug 04 00:58:28 2004 (41107B04)
ba968000 ba977d80 serial serial.sys Wed Aug 04 01:15:51 2004 (41107F17)
ba978000 ba984e00 i8042prt i8042prt.sys Wed Aug 04 01:14:36 2004 (41107ECC)
ba988000 ba994880 rasl2tp rasl2tp.sys Wed Aug 04 01:14:21 2004 (41107EBD)
ba998000 ba9a2200 raspppoe raspppoe.sys Wed Aug 04 01:05:06 2004 (41107C92)
ba9a8000 ba9b3d00 raspptp raspptp.sys Wed Aug 04 01:14:26 2004 (41107EC2)
ba9b8000 ba9c0900 msgpc msgpc.sys Wed Aug 04 01:04:11 2004 (41107C5B)
ba9c8000 ba9d1f00 termdd termdd.sys Wed Aug 04 00:58:52 2004 (41107B1C)
baa18000 baa27900 Cdfs Cdfs.SYS Wed Aug 04 01:14:09 2004 (41107EB1)
baae8000 baaf6000 AmdK8 AmdK8.sys Sat May 08 12:21:43 2004 (409D1727)
baaf8000 bab02380 imapi imapi.sys Wed Aug 04 01:00:12 2004 (41107B6C)
bab08000 bab14180 cdrom cdrom.sys Wed Aug 04 00:59:52 2004 (41107B58)
bab18000 bab26080 redbook redbook.sys Wed Aug 04 00:59:34 2004 (41107B46)
bab28000 bab2e200 PCIIDEX PCIIDEX.SYS Wed Aug 04 00:59:40 2004 (41107B4C)
bab30000 bab34900 PartMgr PartMgr.sys Fri Aug 17 20:32:23 2001 (3B7DC5A7)
bab38000 bab3ce20 PxHelp20 PxHelp20.sys Mon Apr 25 14:48:02 2005 (426D4972)
babd8000 babdc280 usbohci usbohci.sys Wed Aug 04 01:08:34 2004 (41107D62)
babe0000 babe6800 usbehci usbehci.sys Wed Aug 04 01:08:34 2004 (41107D62)
babe8000 babece80 AnyDVD AnyDVD.sys Fri Oct 20 12:42:41 2006 (45390A91)
babf0000 babf7000 GEARAspiWDM GEARAspiWDM.sys Tue Feb 01 23:19:49 2005 (420062F5)
babf8000 bac00000 ctprxy2k ctprxy2k.sys Wed Dec 07 21:55:47 2005 (4397AEC3)
bac00000 bac01000 fdc fdc.sys unavailable (00000000)
bac08000 bac0e000 kbdclass kbdclass.sys Wed Aug 04 00:58:32 2004 (41107B08)
bac10000 bac14880 TDI TDI.SYS Wed Aug 04 01:07:47 2004 (41107D33)
bac18000 bac1c580 ptilink ptilink.sys Fri Aug 17 15:49:53 2001 (3B7D8371)
bac20000 bac24080 raspti raspti.sys Fri Aug 17 15:55:32 2001 (3B7D84C4)
bac28000 bac2da00 mouclass mouclass.sys Wed Aug 04 00:58:32 2004 (41107B08)
bac30000 bac37e40 vdiskbus vdiskbus.sys Sun Jul 07 18:21:33 2002 (3D28CCFD)
bac50000 bac55200 vga vga.sys Wed Aug 04 01:07:06 2004 (41107D0A)
bac58000 bac5ca80 Msfs Msfs.SYS Wed Aug 04 01:00:37 2004 (41107B85)
bac60000 bac67880 Npfs Npfs.SYS Wed Aug 04 01:00:38 2004 (41107B86)
bac68000 bac6fb80 usbccgp usbccgp.sys Wed Aug 04 01:08:45 2004 (41107D6D)
bac70000 bac76180 HIDPARSE HIDPARSE.SYS Wed Aug 04 01:08:15 2004 (41107D4F)
bac78000 bac7e600 LHidKE LHidKE.Sys Sat Jul 23 01:41:46 2005 (42E1E6AA)
baca0000 baca4500 watchdog watchdog.sys Wed Aug 04 01:07:32 2004 (41107D24)
bacb8000 bacbb000 BOOTVID BOOTVID.dll Fri Aug 17 15:49:09 2001 (3B7D8345)
bad54000 bad57280 nvnetbus nvnetbus.sys Wed Nov 24 19:42:46 2004 (41A53896)
bad58000 bad5bc80 serenum serenum.sys Wed Aug 04 00:59:06 2004 (41107B2A)
bad5c000 bad5e580 ndistapi ndistapi.sys Fri Aug 17 15:55:29 2001 (3B7D84C1)
bad6c000 bad6fc80 mssmbios mssmbios.sys Wed Aug 04 01:07:47 2004 (41107D33)
bad9c000 bad9e280 rasacd rasacd.sys Fri Aug 17 15:55:39 2001 (3B7D84CB)
bada8000 bada9b80 kdcom kdcom.dll Fri Aug 17 15:49:10 2001 (3B7D8346)
badaa000 badab100 WMILIB WMILIB.SYS Fri Aug 17 16:07:23 2001 (3B7D878B)
badc0000 badc1200 ElbyDelay ElbyDelay.sys Tue Apr 12 03:41:20 2005 (425B89B0)
badc2000 badc3100 swenum swenum.sys Wed Aug 04 00:58:41 2004 (41107B11)
badc4000 badc5280 USBD USBD.SYS Fri Aug 17 16:02:58 2001 (3B7D8682)
badc8000 badc9f00 Fs_Rec Fs_Rec.SYS Fri Aug 17 15:49:37 2001 (3B7D8361)
badca000 badcb080 Beep Beep.SYS Fri Aug 17 15:47:33 2001 (3B7D82E5)
badcc000 badcd080 mnmdd mnmdd.SYS Fri Aug 17 15:57:28 2001 (3B7D8538)
badce000 badcf080 RDPCDD RDPCDD.sys Fri Aug 17 15:46:56 2001 (3B7D82C0)
badd2000 badd3100 dump_WMILIB dump_WMILIB.SYS Fri Aug 17 16:07:23 2001 (3B7D878B)
bae66000 bae67a80 ParVdm ParVdm.SYS Fri Aug 17 15:49:49 2001 (3B7D836D)
bae68000 bae692c0 cdrpdacc cdrpdacc.sys Tue Oct 28 15:01:25 2003 (3F9ED925)
bae6a000 bae6bf80 ElbyCDIO ElbyCDIO.sys Fri Apr 21 20:44:39 2006 (44498A87)
bae70000 bae70d00 pciide pciide.sys Fri Aug 17 15:51:49 2001 (3B7D83E5)
baf0b000 baf0bb80 Null Null.SYS Fri Aug 17 15:47:39 2001 (3B7D82EB)
bafaa000 bafaad00 dxgthk dxgthk.sys Fri Aug 17 15:53:12 2001 (3B7D8438)
bafc4000 bafc4c00 audstub audstub.sys Fri Aug 17 15:59:40 2001 (3B7D85BC)
bf800000 bf9c1180 win32k win32k.sys Wed Oct 05 19:05:44 2005 (43446A58)
bf9c2000 bf9d3580 dxg dxg.sys Wed Aug 04 01:00:51 2004 (41107B93)
bf9d4000 bfe1db00 nv4_disp nv4_disp.dll Fri Aug 11 22:18:47 2006 (44DD4897)
bffa0000 bffe5c00 ATMFD ATMFD.DLL Wed Aug 04 02:56:56 2004 (411096C8)
Unloaded modules:
a2184000 a21ae000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
a34c0000 a34ea000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
a34c0000 a34ea000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
a34c0000 a34ea000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
a3cc0000 a3cea000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
a539e000 a53c8000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
a7cec000 a7d16000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
a7cec000 a7d16000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
a7cec000 a7d16000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
a7cec000 a7d16000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
a7db6000 a7de0000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
a7db6000 a7de0000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
a7db6000 a7de0000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
a85b8000 a85e2000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
a95bc000 a95e6000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
a95bc000 a95e6000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
a95ba000 a95e4000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
aaed6000 aaf00000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ad252000 ad27c000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ada53000 ada7d000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
b1085000 b10af000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
b11e5000 b120f000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
b3491000 b34bb000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
b350b000 b3535000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
b350b000 b3535000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
b4be4000 b4c0e000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
baf5b000 baf5c000 drmkaud.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
b5db6000 b5dc3000 DMusic.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
b5dc6000 b5dd4000 swmidi.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
b4c0e000 b4c31000 aec.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
bae1e000 bae20000 splitter.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
b99be000 b99c7000 processr.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
bac48000 bac4d000 Cdaudio.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
bad98000 bad9b000 Sfloppy.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
bac40000 bac45000 Flpydisk.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
Closing open log file c:\debuglog.txt
Soundcard was mentioned before.. but, if someone were to please suggest a possible resolution, that would be great. Thank you for your time.
|
|
All times are GMT +1. The time now is 02:26 PM.
|
|
