Interpretting a crash dump for me

Discussion in 'Software' started by SouthernAtHeart, May 17, 2011.

  1. SouthernAtHeart

    SouthernAtHeart Private E-2

    My computer keeps giving me the BSOD. Yesterday I did a complete re-install for the factory DVDs (Sony Vaio PCG-TR3AP2, XP PRO). And I've had several BSOD, already. It's not a virus, as I hadn't even loaded anything on my PC yet. One time, I wouldn't even boot up after the BSOD, it'd keep trying but never come on. I removed one of the memory cards (2 cards in the machine), and then it came on. But since, I've put it back in and it works again. It's spiradic. It's been happening for awhile now. I sometimes remove one of the cards, other times I've removed the other card, or swapped memory card slots. It's currently working with 1 card in it, but I could probably put the 2nd back in and it still work for awhile. I'm hoping these reports will help.
    Can someone interpret these for me.

    Here are three mini dumps:
    (FIRST)

    Loading Dump File [C:\WINDOWS\Minidump\Mini051611-04.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available

    Symbol search path is: C:\WINDOWS\Symbols
    Executable search path is:
    Unable to load image ntoskrnl.exe, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for ntoskrnl.exe
    Windows XP Kernel Version 2600 (Service Pack 3) UP Free x86 compatible
    Product: WinNt, suite: TerminalServer SingleUserTS
    Machine Name:
    Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055b1c0
    Debug session time: Mon May 16 23:02:00.169 2011 (GMT-5)
    System Uptime: 0 days 0:00:13.729
    Unable to load image ntoskrnl.exe, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for ntoskrnl.exe
    Loading Kernel Symbols
    ...............................................................
    ..............................................
    Loading User Symbols
    Loading unloaded module list
    ....
    *******************************************************************************
    * *
    * Bugcheck Analysis *
    * *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck C0000218, {e1789668, 0, 0, 0}

    Probably caused by : ntoskrnl.exe ( nt!KeCheckForTimer+a )

    Followup: MachineOwner
    ---------

    kd> !analyze -v
    *******************************************************************************
    * *
    * Bugcheck Analysis *
    * *
    *******************************************************************************

    Unknown bugcheck code (c0000218)
    Unknown bugcheck description
    Arguments:
    Arg1: e1789668
    Arg2: 00000000
    Arg3: 00000000
    Arg4: 00000000

    Debugging Details:
    ------------------


    CUSTOMER_CRASH_COUNT: 4

    DEFAULT_BUCKET_ID: COMMON_SYSTEM_FAULT

    BUGCHECK_STR: 0xC0000218

    PROCESS_NAME: System

    LAST_CONTROL_TRANSFER: from 8066bf36 to 80533826

    STACK_TEXT:
    f6eff864 8066bf36 0000004c c0000218 f6eff8a0 nt!KeCheckForTimer+0xa
    f6effa18 8064814c c0000218 00000001 00000001 nt!IovBuildAsynchronousFsdRequest+0x17
    f6effbc4 806483e3 c0000218 00000001 00000001 nt!NtRaiseHardError+0x75
    f6effc34 8060c26d c0000218 00000001 00000001 nt!NtQuerySemaphore+0x48
    f6effdac 8057b0df 00000003 00000000 00000000 nt!CmpCreatePerfKeys+0x183
    f6effddc 804f88fa 805baba7 00000003 00000000 nt!PspExitThread+0x2d
    00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x26


    STACK_COMMAND: kb

    FOLLOWUP_IP:
    nt!KeCheckForTimer+a
    80533826 5d pop ebp

    SYMBOL_STACK_INDEX: 0

    SYMBOL_NAME: nt!KeCheckForTimer+a

    FOLLOWUP_NAME: MachineOwner

    MODULE_NAME: nt

    IMAGE_NAME: ntoskrnl.exe

    DEBUG_FLR_IMAGE_TIMESTAMP: 4b7aa747

    FAILURE_BUCKET_ID: 0xC0000218_nt!KeCheckForTimer+a

    BUCKET_ID: 0xC0000218_nt!KeCheckForTimer+a

    Followup: MachineOwner
    ---------

    (Second)


    Loading Dump File [C:\WINDOWS\Minidump\Mini051611-03.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available

    Symbol search path is: C:\WINDOWS\Symbols
    Executable search path is:
    Unable to load image ntoskrnl.exe, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for ntoskrnl.exe
    Windows XP Kernel Version 2600 (Service Pack 3) UP Free x86 compatible
    Product: WinNt, suite: TerminalServer SingleUserTS
    Machine Name:
    Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055b1c0
    Debug session time: Mon May 16 22:58:41.940 2011 (GMT-5)
    System Uptime: 0 days 0:00:14.500
    Unable to load image ntoskrnl.exe, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for ntoskrnl.exe
    Loading Kernel Symbols
    ...............................................................
    ..............................................
    Loading User Symbols
    Loading unloaded module list
    ....
    *******************************************************************************
    * *
    * Bugcheck Analysis *
    * *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck 10000050, {e17ce000, 0, 804d9da8, 1}


    Could not read faulting driver name
    Probably caused by : ntoskrnl.exe ( nt!CmpFindSubKeyByNumber+7b )

    Followup: MachineOwner
    ---------

    kd> !analyze -v
    *******************************************************************************
    * *
    * Bugcheck Analysis *
    * *
    *******************************************************************************

    PAGE_FAULT_IN_NONPAGED_AREA (50)
    Invalid system memory was referenced. This cannot be protected by try-except,
    it must be protected by a Probe. Typically the address is just plain bad or it
    is pointing at freed memory.
    Arguments:
    Arg1: e17ce000, memory referenced.
    Arg2: 00000000, value 0 = read operation, 1 = write operation.
    Arg3: 804d9da8, If non-zero, the instruction address which referenced the bad memory
    address.
    Arg4: 00000001, (reserved)

    Debugging Details:
    ------------------


    Could not read faulting driver name

    READ_ADDRESS: e17ce000

    FAULTING_IP:
    nt!memmove+33
    804d9da8 f3a5 rep movs dword ptr es:[edi],dword ptr [esi]

    MM_INTERNAL_CODE: 1

    CUSTOMER_CRASH_COUNT: 3

    DEFAULT_BUCKET_ID: DRIVER_FAULT

    BUGCHECK_STR: 0x50

    PROCESS_NAME: System

    LOCK_ADDRESS: 805591e0 -- (!locks 805591e0)

    Resource @ nt!PiEngineLock (0x805591e0) Available

    WARNING: SystemResourcesList->Flink chain invalid. Resource may be corrupted, or already deleted.


    WARNING: SystemResourcesList->Blink chain invalid. Resource may be corrupted, or already deleted.

    1 total locks

    PNP_TRIAGE:
    Lock address : 0x805591e0
    Thread Count : 0
    Thread address: 0x00000000
    Thread wait : 0x0

    LAST_CONTROL_TRANSFER: from 806532f9 to 804d9da8

    STACK_TEXT:
    f6f83b1c 806532f9 e17bff28 e17bff30 0007f800 nt!memmove+0x33
    f6f83b50 80610e36 e17bff24 0084dd98 00c82050 nt!CmpFindSubKeyByNumber+0x7b
    f6f83b74 805ad9e0 e174c008 00000001 00000020 nt!PiGetRelatedDevice+0xa3
    f6f83b9c 805ad31d e174c008 00000001 f6f83c78 nt!CmpCreateLinkNode+0x5f
    f6f83bdc 805ae56b f6f83c18 00000005 00000000 nt!HvInitializeHive+0xcb
    f6f83c34 805bad32 f6f83c94 00000000 f6f83c78 nt!CmpPrefetchHiveFile+0x4e
    f6f83dac 8057b0df 00000002 00000000 00000000 nt!CmpCreatePerfKeys+0xfe
    f6f83ddc 804f88fa 805baba7 00000002 00000000 nt!PspExitThread+0x2d
    00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x26


    STACK_COMMAND: kb

    FOLLOWUP_IP:
    nt!CmpFindSubKeyByNumber+7b
    806532f9 ?? ???

    SYMBOL_STACK_INDEX: 1

    SYMBOL_NAME: nt!CmpFindSubKeyByNumber+7b

    FOLLOWUP_NAME: MachineOwner

    MODULE_NAME: nt

    IMAGE_NAME: ntoskrnl.exe

    DEBUG_FLR_IMAGE_TIMESTAMP: 4b7aa747

    FAILURE_BUCKET_ID: 0x50_nt!CmpFindSubKeyByNumber+7b

    BUCKET_ID: 0x50_nt!CmpFindSubKeyByNumber+7b

    Followup: MachineOwner
    ---------
    (Third)


    Loading Dump File [C:\WINDOWS\Minidump\Mini051611-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available

    Symbol search path is: C:\WINDOWS\Symbols
    Executable search path is:
    Unable to load image ntoskrnl.exe, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for ntoskrnl.exe
    Windows XP Kernel Version 2600 (Service Pack 1) UP Free x86 compatible
    Product: WinNt, suite: TerminalServer SingleUserTS
    Machine Name:
    Kernel base = 0x804d4000 PsLoadedModuleList = 0x80543530
    Debug session time: Mon May 16 19:23:03.385 2011 (GMT-5)
    System Uptime: 0 days 0:02:15.965
    Unable to load image ntoskrnl.exe, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for ntoskrnl.exe
    Loading Kernel Symbols
    ...............................................................
    ...........................................
    Loading User Symbols
    Loading unloaded module list
    ......
    *******************************************************************************
    * *
    * Bugcheck Analysis *
    * *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck A, {0, 2, 1, 804e2cc6}

    Probably caused by : ntoskrnl.exe ( nt!KeContextToKframes+43b )

    Followup: MachineOwner
    ---------

    kd> !analyze -v
    *******************************************************************************
    * *
    * Bugcheck Analysis *
    * *
    *******************************************************************************

    IRQL_NOT_LESS_OR_EQUAL (a)
    An attempt was made to access a pageable (or completely invalid) address at an
    interrupt request level (IRQL) that is too high. This is usually
    caused by drivers using improper addresses.
    If a kernel debugger is available get the stack backtrace.
    Arguments:
    Arg1: 00000000, memory referenced
    Arg2: 00000002, IRQL
    Arg3: 00000001, bitfield :
    bit 0 : value 0 = read operation, 1 = write operation
    bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
    Arg4: 804e2cc6, address which referenced memory

    Debugging Details:
    ------------------


    WRITE_ADDRESS: 00000000

    CURRENT_IRQL: 2

    FAULTING_IP:
    nt!KeContextToKframes+43b
    804e2cc6 890a mov dword ptr [edx],ecx

    CUSTOMER_CRASH_COUNT: 1

    DEFAULT_BUCKET_ID: DRIVER_FAULT

    BUGCHECK_STR: 0xA

    PROCESS_NAME: services.exe

    LAST_CONTROL_TRANSFER: from 80530335 to 804f4103

    STACK_TEXT:
    eee7f7e0 80530335 0000000a 00000000 00000002 nt!ExpScanSystemLookasideList+0x147
    eee7fbbc eee7fbd8 805a8fec 00000000 00000000 nt!KeBugCheck2+0x68b
    WARNING: Frame IP not in any known module. Following frames may be wrong.
    eee7fbd8 00000000 00000000 00000000 0000d00a 0xeee7fbd8


    STACK_COMMAND: .bugcheck ; kb

    FOLLOWUP_IP:
    nt!KeContextToKframes+43b
    804e2cc6 890a mov dword ptr [edx],ecx

    SYMBOL_NAME: nt!KeContextToKframes+43b

    FOLLOWUP_NAME: MachineOwner

    MODULE_NAME: nt

    IMAGE_NAME: ntoskrnl.exe

    DEBUG_FLR_IMAGE_TIMESTAMP: 3ea80977

    FAILURE_BUCKET_ID: 0xA_nt!KeContextToKframes+43b

    BUCKET_ID: 0xA_nt!KeContextToKframes+43b

    Followup: MachineOwner
    ---------
     
    SouthernAtHeart, May 17, 2011
    #1

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds