Help BSOD

Discussion in 'Software' started by manzoor, Apr 22, 2010.

  1. manzoor

    manzoor Private E-2

    Hey, I'm getting too many BSODs recently. I did complete crash memory dumps and then

    tried to debug the cause of the crash using WinDbg, but couldn't figure it out. Here

    is the crash dump information from WinDbg.

    MEMORY DUMP 1:
    Code:
    Microsoft (R) Windows Debugger Version 6.9.0003.113 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\MEMORY.DMP]
Kernel Complete Dump File: Full address space is available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows XP Kernel Version 2600 (Service Pack 3) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp3_gdr.100216-1514
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720
Debug session time: Thu Apr 22 17:34:36.453 2010 (GMT+5)
System Uptime: 0 days 0:01:22.140
Loading Kernel Symbols
......................................................................................

............................
Loading User Symbols
...............................................................................
Loading unloaded module list
.......................*** ERROR: Symbol file could not be found.  Defaulted to export 

symbols for ntdll.dll - 

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 8E, {c000001d, 805bca08, edc99c48, 0}

*** ERROR: Symbol file could not be found.  Defaulted to export symbols for 

ADVAPI32.dll - 
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for msi.dll - 
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for 

SHELL32.dll - 
*** ERROR: Module load completed but symbols could not be loaded for Explorer.EXE
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for 

BROWSEUI.dll - 
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for 

SHLWAPI.dll - 
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: kernel32!pNlsUserInfo                         ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: kernel32!pNlsUserInfo                         ***
***                                                                   ***
*************************************************************************
Probably caused by : ntkrpamp.exe ( nt!ObpDecrementHandleCount+e6 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED (8e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003.  This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG.  This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG.  This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c000001d, The exception code that was not handled
Arg2: 805bca08, The address that the exception occurred at
Arg3: edc99c48, Trap Frame
Arg4: 00000000

Debugging Details:
------------------

*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: kernel32!pNlsUserInfo                         ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: kernel32!pNlsUserInfo                         ***
***                                                                   ***
*************************************************************************

EXCEPTION_CODE: (NTSTATUS) 0xc000001d - {EXCEPTION}  Illegal Instruction  An attempt 

was made to execute an illegal instruction.

FAULTING_IP: 
nt!ObpDecrementHandleCount+e6
805bca08 f00fc103        lock xadd dword ptr [ebx],eax

TRAP_FRAME:  edc99c48 -- (.trap 0xffffffffedc99c48)
ErrCode = 00000000
eax=ffffffff ebx=861be94c ecx=861be8f8 edx=00000000 esi=000000a8 edi=e3257be0
eip=805bca08 esp=edc99cbc ebp=edc99cd4 iopl=0         nv up ei ng nz na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010286
nt!ObpDecrementHandleCount+0xe6:
805bca08 f00fc103        lock xadd dword ptr [ebx],eax ds:0023:861be94c=00000392
Resetting default scope

DEFAULT_BUCKET_ID:  DRIVER_FAULT

BUGCHECK_STR:  0x8E

PROCESS_NAME:  Explorer.EXE

LAST_CONTROL_TRANSFER:  from 804fe827 to 804f9f43

FAILED_INSTRUCTION_ADDRESS: 
nt!ObpDecrementHandleCount+e6
805bca08 f00fc103        lock xadd dword ptr [ebx],eax

STACK_TEXT:  
edc99810 804fe827 0000008e c000001d 805bca08 nt!KeBugCheckEx+0x1b
edc99bd8 805420a5 edc99bf4 00000000 edc99c48 nt!KiDispatchException+0x3b1
edc99c40 8054203e edc99cd4 805bca08 badb0d00 nt!CommonDispatchException+0x4d
edc99c6c 80535819 e3257be0 00000000 00000023 nt!KiExceptionExit+0x172
edc99cd4 805bc323 85eb8a20 00000000 861be8f8 nt!ExReleaseResourceLite+0x8d
edc99cfc 805bc3c1 e30e6dc8 e3257bf8 00000520 nt!ObpCloseHandleTableEntry+0x14d
edc99d44 805bc4f9 00000520 00000001 00000000 nt!ObpCloseHandle+0x87
edc99d58 8054163c 00000520 011ff7e0 7c90e514 nt!NtClose+0x1d
edc99d58 7c90e514 00000520 011ff7e0 7c90e514 nt!KiFastCallEntry+0xfc
WARNING: Stack unwind information not available. Following frames may be wrong.
011ff7e0 77dd6cab 011ff7f4 011ff838 7d1e25fa ntdll!KiFastSystemCallRet
011ff7ec 7d1e25fa 00000520 00000003 7d1ed41a ADVAPI32!RegCloseKey+0x84
011ff838 7d1ed243 00000000 011ffad8 011ff9f4 msi+0x25fa
011ffa8c 7d1ed62e 00000000 011ffad8 011ffd90 msi+0xd243
011ffb20 7ca0f0da 011ffde0 011ffd90 00000012 msi!MsiQueryFeatureStateW+0x75
011ffe34 7ca0f07b 7c8024b7 00000000 000e41b0 SHELL32!Ordinal732+0x99
011ffe68 01007ce9 00000039 000e42e0 000e2488 SHELL32!Ordinal732+0x3a
011ffe84 75f81b9a 000e41b0 75f81b18 75f80000 Explorer+0x7ce9
011ffee0 77f69598 000cbf98 000e4380 77f6957b BROWSEUI!Ordinal113+0x1b9a
011ffef8 7c927ac2 000e4380 7c97e440 000e4398 SHLWAPI!Ordinal120+0xbf
011fff40 7c927b03 77f6957b 000e4380 00000000 ntdll!RtlSetEnvironmentVariable+0x30a
011fff60 7c927bc5 00000000 000e4380 000e4398 ntdll!RtlSetEnvironmentVariable+0x34b
011fff74 7c927b9c 7c927ae9 00000000 000e4380 ntdll!RtlSetEnvironmentVariable+0x40d
011fffb4 7c80b729 00000000 0117fce4 0117fce8 ntdll!RtlSetEnvironmentVariable+0x3e4
011fffec 00000000 7c910250 00000000 00000000 kernel32!BaseThreadStart+0x37


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt!ObpDecrementHandleCount+e6
805bca08 f00fc103        lock xadd dword ptr [ebx],eax

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  nt!ObpDecrementHandleCount+e6

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrpamp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  4b7a9cac

FAILURE_BUCKET_ID:  0x8E_BAD_IP_nt!ObpDecrementHandleCount+e6

BUCKET_ID:  0x8E_BAD_IP_nt!ObpDecrementHandleCount+e6

Followup: MachineOwner
---------
    MEMORY DUMP 2:
    Code:
    Microsoft (R) Windows Debugger Version 6.9.0003.113 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\MEMORY.DMP]
Kernel Complete Dump File: Full address space is available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows XP Kernel Version 2600 (Service Pack 3) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp3_gdr.100216-1514
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720
Debug session time: Thu Apr 22 17:41:27.203 2010 (GMT+5)
System Uptime: 0 days 0:04:10.890
WARNING: Process directory table base 06600300 doesn't match CR3 06600020
WARNING: Process directory table base 06600300 doesn't match CR3 06600020
Loading Kernel Symbols
......................................................................................

...........................
Loading User Symbols
....................................
Loading unloaded module list
........................*** ERROR: Symbol file could not be found.  Defaulted to 

export symbols for ntdll.dll - 

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 9C, {0, f78c8050, a2000000, 84010400}

*** ERROR: Module load completed but symbols could not be loaded for ccmsg.dll
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: kernel32!pNlsUserInfo                         ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: kernel32!pNlsUserInfo                         ***
***                                                                   ***
*************************************************************************
Probably caused by : ntkrpamp.exe ( nt!KeReleaseQueuedSpinLockFromDpcLevel+9 )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

MACHINE_CHECK_EXCEPTION (9c)
A fatal Machine Check Exception has occurred.
KeBugCheckEx parameters;
    x86 Processors
        If the processor has ONLY MCE feature available (For example Intel
        Pentium), the parameters are:
        1 - Low  32 bits of P5_MC_TYPE MSR
        2 - Address of MCA_EXCEPTION structure
        3 - High 32 bits of P5_MC_ADDR MSR
        4 - Low  32 bits of P5_MC_ADDR MSR
        If the processor also has MCA feature available (For example Intel
        Pentium Pro), the parameters are:
        1 - Bank number
        2 - Address of MCA_EXCEPTION structure
        3 - High 32 bits of MCi_STATUS MSR for the MCA bank that had the error
        4 - Low  32 bits of MCi_STATUS MSR for the MCA bank that had the error
    IA64 Processors
        1 - Bugcheck Type
            1 - MCA_ASSERT
            2 - MCA_GET_STATEINFO
                SAL returned an error for SAL_GET_STATEINFO while processing MCA.
            3 - MCA_CLEAR_STATEINFO
                SAL returned an error for SAL_CLEAR_STATEINFO while processing MCA.
            4 - MCA_FATAL
                FW reported a fatal MCA.
            5 - MCA_NONFATAL
                SAL reported a recoverable MCA and we don't support currently
                support recovery or SAL generated an MCA and then couldn't
                produce an error record.
            0xB - INIT_ASSERT
            0xC - INIT_GET_STATEINFO
                  SAL returned an error for SAL_GET_STATEINFO while processing INIT 

event.
            0xD - INIT_CLEAR_STATEINFO
                  SAL returned an error for SAL_CLEAR_STATEINFO while processing INIT 

event.
            0xE - INIT_FATAL
                  Not used.
        2 - Address of log
        3 - Size of log
        4 - Error code in the case of x_GET_STATEINFO or x_CLEAR_STATEINFO
    AMD64 Processors
        1 - Bank number
        2 - Address of MCA_EXCEPTION structure
        3 - High 32 bits of MCi_STATUS MSR for the MCA bank that had the error
        4 - Low  32 bits of MCi_STATUS MSR for the MCA bank that had the error
Arguments:
Arg1: 00000000
Arg2: f78c8050
Arg3: a2000000
Arg4: 84010400

Debugging Details:
------------------

   NOTE:  This is a hardware error.  This error was reported by the CPU
   via Interrupt 18.  This analysis will provide more information about
   the specific error.  Please contact the manufacturer for additional
   information about this error and troubleshooting assistance.

   This error is documented in the following publication:

      - IA-32 Intel(r) Architecture Software Developer's Manual 
        Volume 3: System Programming Guide

   Bit Mask:

       MA                           Model Specific       MCA
    O  ID      Other Information      Error Code     Error Code
   VV  SDP ___________|____________ _______|_______ _______|______
   AEUECRC|                        |               |              |
   LRCNVVC|                        |               |              |
   ^^^^^^^|                        |               |              |
      6         5         4         3         2         1
   3210987654321098765432109876543210987654321098765432109876543210
   ----------------------------------------------------------------
   1010000111111111111111111111111110000100000000010000010000000000


VAL   - MCi_STATUS register is valid
        Indicates that the information contained within the IA32_MCi_STATUS
        register is valid.  When this flag is set, the processor follows the
        rules given for the OVER flag in the IA32_MCi_STATUS register when
        overwriting previously valid entries.  The processor sets the VAL 
        flag and software is responsible for clearing it.

UC    - Error Uncorrected
        Indicates that the processor did not or was not able to correct the 
        error condition.  When clear, this flag indicates that the processor
        was able to correct the error condition.

INTTIMERERR - INTERNAL TIMER ERROR



   Concatenated Error Code:
   --------------------------
   _VAL_UC_INTTIMERERR

   This error code can be reported back to the manufacturer.
   They may be able to provide additional information based upon
   this error.  All questions regarding STOP 0x9C should be
   directed to the hardware manufacturer.
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: kernel32!pNlsUserInfo                         ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: kernel32!pNlsUserInfo                         ***
***                                                                   ***
*************************************************************************

BUGCHECK_STR:  0x9C_GenuineIntel

DEFAULT_BUCKET_ID:  DRIVER_FAULT

PROCESS_NAME:  AVGNT.EXE

LAST_CONTROL_TRANSFER:  from 806e9bfb to 804f9f43

STACK_TEXT:  
f78c8028 806e9bfb 0000009c 00000000 f78c8050 nt!KeBugCheckEx+0x1b
f78c8154 806e4c52 f78c4d70 200610d1 81010081 hal!HalpMcaExceptionHandler+0xdd
f78c8154 80540ad5 f78c4d70 200610d1 81010081 hal!HalpMcaExceptionHandlerWrapper+0x4a
ede48ca4 80545b9c ede48d40 00000246 80545976 

nt!KeReleaseQueuedSpinLockFromDpcLevel+0x9
ede48cb0 80545976 ede48cec 00000102 85f15da8 nt!SwapContext+0xcc
ede48cc4 804fb1b4 00000000 ede48d1c 00000000 nt!KiUnlockDispatcherDatabase+0x9e
ede48cec 805c0740 00000001 00000006 00000101 nt!KeWaitForSingleObject+0x2fe
ede48d50 8054163c 000000a0 00000000 ede48d1c nt!NtWaitForSingleObject+0x9a
ede48d50 7c90e514 000000a0 00000000 ede48d1c nt!KiFastCallEntry+0xfc
WARNING: Stack unwind information not available. Following frames may be wrong.
0129d188 7c802542 000000a0 00000000 00000000 ntdll!KiFastSystemCallRet
0129d19c 00c85acd 000000a0 00000000 927b06b9 kernel32!WaitForSingleObject+0x12
0129d1d8 00000000 00000000 00000000 00000000 ccmsg+0x5acd


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt!KeReleaseQueuedSpinLockFromDpcLevel+9
80540ad5 0fbaf101        btr     ecx,1

SYMBOL_STACK_INDEX:  3

SYMBOL_NAME:  nt!KeReleaseQueuedSpinLockFromDpcLevel+9

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrpamp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  4b7a9cac

FAILURE_BUCKET_ID:  0x9C_GenuineIntel_nt!KeReleaseQueuedSpinLockFromDpcLevel+9

BUCKET_ID:  0x9C_GenuineIntel_nt!KeReleaseQueuedSpinLockFromDpcLevel+9

Followup: MachineOwner
---------
    MEMORY DUMP 3:
    Code:
    Microsoft (R) Windows Debugger Version 6.9.0003.113 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\MEMORY.DMP]
Kernel Complete Dump File: Full address space is available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows XP Kernel Version 2600 (Service Pack 3) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp3_gdr.100216-1514
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720
Debug session time: Thu Apr 22 23:21:07.921 2010 (GMT+5)
System Uptime: 0 days 0:07:22.469
WARNING: Process directory table base 06600480 doesn't match CR3 06600020
WARNING: Process directory table base 06600480 doesn't match CR3 06600020
Loading Kernel Symbols
.............................................................................................................
Loading User Symbols
......................................................................................................................
Loading unloaded module list
.........................*** ERROR: Symbol file could not be found.  Defaulted to export symbols for ntdll.dll - 

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 9C, {0, f78c8050, a2000000, 84010400}

*** ERROR: Module load completed but symbols could not be loaded for xul.dll
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for nspr4.dll - 
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for nss3.dll - 
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: kernel32!pNlsUserInfo                         ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: kernel32!pNlsUserInfo                         ***
***                                                                   ***
*************************************************************************
Probably caused by : win32k.sys ( win32k!EnterCrit+14 )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

MACHINE_CHECK_EXCEPTION (9c)
A fatal Machine Check Exception has occurred.
KeBugCheckEx parameters;
    x86 Processors
        If the processor has ONLY MCE feature available (For example Intel
        Pentium), the parameters are:
        1 - Low  32 bits of P5_MC_TYPE MSR
        2 - Address of MCA_EXCEPTION structure
        3 - High 32 bits of P5_MC_ADDR MSR
        4 - Low  32 bits of P5_MC_ADDR MSR
        If the processor also has MCA feature available (For example Intel
        Pentium Pro), the parameters are:
        1 - Bank number
        2 - Address of MCA_EXCEPTION structure
        3 - High 32 bits of MCi_STATUS MSR for the MCA bank that had the error
        4 - Low  32 bits of MCi_STATUS MSR for the MCA bank that had the error
    IA64 Processors
        1 - Bugcheck Type
            1 - MCA_ASSERT
            2 - MCA_GET_STATEINFO
                SAL returned an error for SAL_GET_STATEINFO while processing MCA.
            3 - MCA_CLEAR_STATEINFO
                SAL returned an error for SAL_CLEAR_STATEINFO while processing MCA.
            4 - MCA_FATAL
                FW reported a fatal MCA.
            5 - MCA_NONFATAL
                SAL reported a recoverable MCA and we don't support currently
                support recovery or SAL generated an MCA and then couldn't
                produce an error record.
            0xB - INIT_ASSERT
            0xC - INIT_GET_STATEINFO
                  SAL returned an error for SAL_GET_STATEINFO while processing INIT event.
            0xD - INIT_CLEAR_STATEINFO
                  SAL returned an error for SAL_CLEAR_STATEINFO while processing INIT event.
            0xE - INIT_FATAL
                  Not used.
        2 - Address of log
        3 - Size of log
        4 - Error code in the case of x_GET_STATEINFO or x_CLEAR_STATEINFO
    AMD64 Processors
        1 - Bank number
        2 - Address of MCA_EXCEPTION structure
        3 - High 32 bits of MCi_STATUS MSR for the MCA bank that had the error
        4 - Low  32 bits of MCi_STATUS MSR for the MCA bank that had the error
Arguments:
Arg1: 00000000
Arg2: f78c8050
Arg3: a2000000
Arg4: 84010400

Debugging Details:
------------------

   NOTE:  This is a hardware error.  This error was reported by the CPU
   via Interrupt 18.  This analysis will provide more information about
   the specific error.  Please contact the manufacturer for additional
   information about this error and troubleshooting assistance.

   This error is documented in the following publication:

      - IA-32 Intel(r) Architecture Software Developer's Manual 
        Volume 3: System Programming Guide

   Bit Mask:

       MA                           Model Specific       MCA
    O  ID      Other Information      Error Code     Error Code
   VV  SDP ___________|____________ _______|_______ _______|______
   AEUECRC|                        |               |              |
   LRCNVVC|                        |               |              |
   ^^^^^^^|                        |               |              |
      6         5         4         3         2         1
   3210987654321098765432109876543210987654321098765432109876543210
   ----------------------------------------------------------------
   1010000111111111111111111111111110000100000000010000010000000000


VAL   - MCi_STATUS register is valid
        Indicates that the information contained within the IA32_MCi_STATUS
        register is valid.  When this flag is set, the processor follows the
        rules given for the OVER flag in the IA32_MCi_STATUS register when
        overwriting previously valid entries.  The processor sets the VAL 
        flag and software is responsible for clearing it.

UC    - Error Uncorrected
        Indicates that the processor did not or was not able to correct the 
        error condition.  When clear, this flag indicates that the processor
        was able to correct the error condition.

INTTIMERERR - INTERNAL TIMER ERROR



   Concatenated Error Code:
   --------------------------
   _VAL_UC_INTTIMERERR

   This error code can be reported back to the manufacturer.
   They may be able to provide additional information based upon
   this error.  All questions regarding STOP 0x9C should be
   directed to the hardware manufacturer.
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: kernel32!pNlsUserInfo                         ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: kernel32!pNlsUserInfo                         ***
***                                                                   ***
*************************************************************************

BUGCHECK_STR:  0x9C_GenuineIntel

DEFAULT_BUCKET_ID:  DRIVER_FAULT

PROCESS_NAME:  firefox.exe

LAST_CONTROL_TRANSFER:  from 806e9bfb to 804f9f43

STACK_TEXT:  
f78c8028 806e9bfb 0000009c 00000000 f78c8050 nt!KeBugCheckEx+0x1b
f78c8154 806e4c52 f78c4d70 281610d1 a1231001 hal!HalpMcaExceptionHandler+0xdd
f78c8154 bf800b4e f78c4d70 281610d1 a1231001 hal!HalpMcaExceptionHandlerWrapper+0x4a
ee544d00 bf8036be ee544d64 0012fb60 bf8036ad win32k!EnterCrit+0x14
ee544d48 8054163c 0012fbc4 00000000 00000000 win32k!NtUserPeekMessage+0x11
ee544d48 7c90e514 0012fbc4 00000000 00000000 nt!KiFastCallEntry+0xfc
WARNING: Stack unwind information not available. Following frames may be wrong.
0012fb6c 7e419402 0012fbc4 00000000 00000000 ntdll!KiFastSystemCallRet
0012fb98 100dbb62 0012fbc4 00000000 00000000 USER32!PeekMessageW+0xbc
0012fbf0 003a87cc 003a5fb7 0091b5b0 0091b5d0 xul+0xdbb62
0012fbf4 003a5fb7 0091b5b0 0091b5d0 01413c44 nspr4!PR_Now+0x122c
003a87cc 016a5050 e606e850 c483ffff ccccc310 nspr4!PR_Lock+0x17
003a87d0 e606e850 c483ffff ccccc310 0824448b 0x16a5050
003a87d4 c483ffff ccccc310 0824448b 24748b56 0xe606e850
003a87d8 ccccc310 0824448b 24748b56 104e8b08 0xc483ffff
003a87dc 0824448b 24748b56 104e8b08 d8be8d57 0xccccc310
003a87e0 24748b56 104e8b08 d8be8d57 57000000 0x824448b
003a87e4 104e8b08 d8be8d57 57000000 8956046a 0x24748b56
003a87e8 d8be8d57 57000000 8956046a 00013c86 xul+0x4e8b08
003a87ec 57000000 8956046a 00013c86 1c518b00 0xd8be8d57
003a87f0 8956046a 00013c86 1c518b00 3a863068 0x57000000
003a87f4 00013c86 1c518b00 3a863068 006a5200 0x8956046a
003a87f8 1c518b00 3a863068 006a5200 d1d015ff 0x13c86
003a87fc 3a863068 006a5200 d1d015ff c483003a 0x1c518b00
003a8800 006a5200 d1d015ff c483003a 89c08518 0x3a863068
003a8804 d1d015ff c483003a 89c08518 00010486 nss3!PK11_GetWindow+0xb285
006a5200 c4830001 d85d890c 57016a56 50d0458d 0xd1d015ff
006a5204 d85d890c 57016a56 50d0458d 012d4ee8 0xc4830001
006a5208 57016a56 50d0458d 012d4ee8 10c48300 0xd85d890c
006a520c 50d0458d 012d4ee8 10c48300 c95b5e5f 0x57016a56
006a5210 012d4ee8 10c48300 c95b5e5f ec8b55c3 0x50d0458d
006a5214 10c48300 c95b5e5f ec8b55c3 562cec83 0x12d4ee8
006a5218 c95b5e5f ec8b55c3 562cec83 590b6a57 0x10c48300
006a521c ec8b55c3 562cec83 590b6a57 6f6940be 0xc95b5e5f
006a5220 562cec83 590b6a57 6f6940be d47d8d00 0xec8b55c3
006a5224 590b6a57 6f6940be d47d8d00 758ba5f3 0x562cec83
006a5228 6f6940be d47d8d00 758ba5f3 3bff3308 0x590b6a57
006a522c d47d8d00 758ba5f3 3bff3308 d445c7f7 0x6f6940be
006a5230 758ba5f3 3bff3308 d445c7f7 006e41a4 0xd47d8d00
006a5234 3bff3308 d445c7f7 006e41a4 40f445c7 0x758ba5f3
006a5238 d445c7f7 006e41a4 40f445c7 75000000 0x3bff3308
006a523c 006e41a4 40f445c7 75000000 0c75ff24 0xd445c7f7
006a5240 40f445c7 75000000 0c75ff24 5040c033 nss3!RSA_FormatBlock+0x107e5
006a5244 75000000 0c75ff24 5040c033 8de84589 0x40f445c7
006a5248 0c75ff24 5040c033 8de84589 1f6ad445 0x75000000
006a524c 5040c033 8de84589 1f6ad445 e445c750 0xc75ff24
006a5250 8de84589 1f6ad445 e445c750 000002bd 0x5040c033
006a5254 1f6ad445 e445c750 000002bd 012cfee8 0x8de84589
006a5258 e445c750 000002bd 012cfee8 10c48300 0x1f6ad445
006a525c 00000000 012cfee8 10c48300 0000e5e9 0xe445c750


STACK_COMMAND:  kb

FOLLOWUP_IP: 
win32k!EnterCrit+14
bf800b4e ff15e0db98bf    call    dword ptr [win32k!_imp__PsGetCurrentThread (bf98dbe0)]

SYMBOL_STACK_INDEX:  3

SYMBOL_NAME:  win32k!EnterCrit+14

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: win32k

IMAGE_NAME:  win32k.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4a8564c7

FAILURE_BUCKET_ID:  0x9C_GenuineIntel_win32k!EnterCrit+14

BUCKET_ID:  0x9C_GenuineIntel_win32k!EnterCrit+14

Followup: MachineOwner
---------
    My machine specs are Intel Pentium D 2.66 Ghz, 512 MB RAM, D865GSA board. I'm using

    Windows XP Professional SP3. I ran Memtest86, and no problems were found. What else to try? Can a malware be a cause for these crashes?
     
    manzoor, Apr 22, 2010
    #1
  2. dlb

    dlb MajorGeek

    The errors may very well be caused by malware. The first one lists explorer.exe as the main app at fault; the 2nd lists avgnt.exe which is the main component of Avira's AntiVir antivirus application, and the 3rd lists firefox.exe. Because it's these three files (Windows Explorer, Firefox, and your antivirus tool), I think it's a safe bet that some malware is at the root of the problems. You may want to follow the steps in The MajorGeeks Guide To Malware Removal, and if necessary, post the requested logs in the Malware Removal Forum. It might not be a bad idea to reference this thread with a link if you end up posting in that forum.... good luck!
     
    dlb, Apr 22, 2010
    #2
  3. manzoor

    manzoor Private E-2

    I did a format of my C: drive and reinstalled Windows but that didn't helped either, still getting BSODs. What does that mean now? Hardware error? How may I determine the faulty hardware? Is it RAM? Motherboard? Hard disk?
     
    manzoor, Apr 23, 2010
    #3
  4. manzoor

    manzoor Private E-2

    Also, when the Windows Logon dialog appears at start-up, sometimes the labels in the dialog box and the text on the buttons is missing, but as soon as I move the dialog box or hover mouse over it then the labels & text appears back.

    And I have two RAM modules, should I run a Memtest on them individually or both of them attached?
     
    manzoor, Apr 23, 2010
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds