Thr-ITSA
asked on
Need help with a minidump analysis from bluescreen system error event ID 1003
I have a PC that is starting to bluescreen
the system error that is logged is Event ID 1003
I've uploaded two of the recent minidumps here:
Download link: http://rapidshare.com/files/163715544/Mini102408-01.dmp
Download link: http://rapidshare.com/files/163715546/Mini111408-01.dmp
and would appreciat help with analyzing them.
the system error that is logged is Event ID 1003
I've uploaded two of the recent minidumps here:
Download link: http://rapidshare.com/files/163715544/Mini102408-01.dmp
Download link: http://rapidshare.com/files/163715546/Mini111408-01.dmp
and would appreciat help with analyzing them.
I'm unable to access rapidshare at work, but to read minidumps follow these instructions:
1) Download and install the http://www.microsoft.com/whdc/devtools/debugging/installx86.mspx
Debugging Tools from Microsoft[/url]
2) Locate your latest memory.dmp file- C:\WINDOWS\ Minidump\Mini081505-01.dmp or whatever
3) open a CMD prompt and cd\program files\debugging tools for windows\
4) type the following stuff:
Code:
c:\program files\debugging tools>kd -z C:\WINDOWS\ Minidump\Mini081505-01.dmp
(it will spew a bunch)
kd> .logopen c:\debuglog.txt
kd> .sympath srv*c:\symbols*http://msdl.microsoft.com/download/symbols
kd> .reload;!analyze -v;r;kv;lmnt;.logclose;q
5) You now have a debuglog.txt in c:\, open it in notepad and post the content here
1) Download and install the http://www.microsoft.com/whdc/devtools/debugging/installx86.mspx
Debugging Tools from Microsoft[/url]
2) Locate your latest memory.dmp file- C:\WINDOWS\ Minidump\Mini081505-01.dmp
3) open a CMD prompt and cd\program files\debugging tools for windows\
4) type the following stuff:
Code:
c:\program files\debugging tools>kd -z C:\WINDOWS\ Minidump\Mini081505-01.dmp
(it will spew a bunch)
kd> .logopen c:\debuglog.txt
kd> .sympath srv*c:\symbols*http://msdl.microsoft.com/download/symbols
kd> .reload;!analyze -v;r;kv;lmnt;.logclose;q
5) You now have a debuglog.txt in c:\, open it in notepad and post the content here
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The information provided is insufficient for analysis. Additionally, you have provided Web links for dumps from a second website. When this website has the ability to attach a file. This provider finds the links risky.
Appropriate information, for analysis would be.
Event log entries information prior to the crash. This information may be modified or sanitized to delete domain name and IP.
The dump information from the event logs. Not the binary dump. You may also provide the stop code from the blue screen, which is usually the first line.
If this information cannot be provided please delete question.
Yes, I've reviewed your question history.
Here's the rest of the dump analysis.
You will notice that SYMEVENT.SYS is two years old. In a similar case here on EE updating the Symantec Anti-Virus (not the definitions, the application itself) seems to have solved the problem. (https://www.experts-exchange.com/questions/21771350/PAGE-FAULT-IN-NONPAGED-AREA-50-Probably-caused-by-Pool-Corruption-Stop-Error-00000050.html)
Faulty memory (run a long test with memtest86 (www.memtest86.com) or a virus infection are also possible causes.
Run a scan with Malwarebyte's Antimalware (http://www.malwarebytes.org/mbam.php), then a deep scan with your AV, then post a HijackThis log.
You will notice that SYMEVENT.SYS is two years old. In a similar case here on EE updating the Symantec Anti-Virus (not the definitions, the application itself) seems to have solved the problem. (https://www.experts-exchange.com/questions/21771350/PAGE-FAULT-IN-NONPAGED-AREA-50-Probably-caused-by-Pool-Corruption-Stop-Error-00000050.html)
Faulty memory (run a long test with memtest86 (www.memtest86.com) or a virus infection are also possible causes.
Run a scan with Malwarebyte's Antimalware (http://www.malwarebytes.org/mbam.php), then a deep scan with your AV, then post a HijackThis log.
0: kd> r
eax=e85dc0e0 ebx=b00e4be0 ecx=8a68f7d0 edx=e5375008 esi=b00e4b84 edi=e8607a08
eip=bf8b61ce esp=b00e4b5c ebp=b00e4b6c iopl=0 nv up ei ng nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010282
win32k!PFEOBJ::vFreepfdg+0x13:
bf8b61ce 8b38 mov edi,dword ptr [eax] ds:0023:e85dc0e0=????????
0: kd> kv
ChildEBP RetAddr Args to Child
b00e4b6c bf8b62d2 e8607a08 e72529c8 b00e4be0 win32k!PFEOBJ::vFreepfdg+0x13 (FPO: [Non-Fpo])
b00e4b8c bf8dfa3d 00000000 00000000 00000000 win32k!RFONTOBJ::bDeleteRFONT+0x1d (FPO: [Non-Fpo])
b00e4bb0 bf8dff35 b00e4be0 00000000 0019b960 win32k!PUBLIC_PFTOBJ::bLoadAFont+0x21f (FPO: [Non-Fpo])
b00e4bd8 bf8d0d2a e54b4610 e47d2c64 00000000 win32k!PFTOBJ::bUnloadWorkhorse+0x112 (FPO: [Non-Fpo])
b00e4bfc bf8d0c6f e7a756a0 00000053 00000001 win32k!GreRemoveFontResourceW+0x87 (FPO: [Non-Fpo])
b00e4d44 804dd99f 0019b960 00000053 00000001 win32k!NtGdiRemoveFontResourceW+0x157 (FPO: [Non-Fpo])
b00e4d44 7c90e4f4 0019b960 00000053 00000001 nt!KiFastCallEntry+0xfc (FPO: [0,0] TrapFrame @ b00e4d64)
WARNING: Frame IP not in any known module. Following frames may be wrong.
015ff810 00000000 00000000 00000000 00000000 0x7c90e4f4
0: kd> lmnt
start end module name
804d7000 806ff000 nt ntkrnlmp.exe Thu Aug 14 12:09:14 2008 (48A4044A)
806ff000 8071fd00 hal halmacpi.dll Sun Apr 13 20:31:27 2008 (4802517F)
ae127000 ae13b1e0 naveng naveng.sys Sat Nov 08 03:27:13 2008 (4914F901)
ae13c000 ae210420 navex15 navex15.sys Sat Nov 08 03:26:34 2008 (4914F8DA)
ae211000 ae23b180 kmixer kmixer.sys Sun Apr 13 20:45:07 2008 (480254B3)
af581000 af5c1a80 HTTP HTTP.sys Sun Apr 13 20:53:48 2008 (480256BC)
afaf0000 afaf3600 prepdrv prepdrv.sys Sat Apr 14 02:14:39 2007 (46201CEF)
afbfc000 afc1e100 RDPWD RDPWD.SYS Sun Apr 13 20:38:40 2008 (48025330)
aff01000 aff14a80 isskboep isskboep.sys Fri Dec 08 22:49:29 2006 (4579DDE9)
b0245000 b0247d00 vstor2 vstor2.sys Tue Aug 01 11:34:52 2006 (44CF203C)
b05fb000 b060f480 wdmaud wdmaud.sys Sun Apr 13 21:17:18 2008 (48025C3E)
b0640000 b064c3a0 RapDrv RapDrv.sys Thu Apr 26 22:49:45 2007 (46311069)
b0708000 b0716d80 sysaudio sysaudio.sys Sun Apr 13 21:15:55 2008 (48025BEB)
b0738000 b0746200 PrivateDiskM PrivateDiskM.sys Thu Sep 06 11:28:39 2007 (46DFC847)
b0fbd000 b0fc0d00 vmnetuserif vmnetuserif.sys Tue Aug 01 11:24:38 2006 (44CF1DD6)
b10b1000 b1102800 srv srv.sys Mon Sep 08 12:41:40 2008 (48C50164)
b135b000 b13de000 CVPNDRVA CVPNDRVA.sys Thu Feb 10 19:15:58 2005 (420BA4DE)
b14ce000 b14d1100 mdmxsdk mdmxsdk.sys Thu Oct 06 01:58:05 2005 (4344688D)
b14f6000 b150d480 vmx86 vmx86.sys Tue Aug 01 10:48:01 2006 (44CF1541)
b1536000 b1562180 mrxdav mrxdav.sys Sun Apr 13 20:32:42 2008 (480251CA)
b16b7000 b16ba900 ndisuio ndisuio.sys Sun Apr 13 20:55:57 2008 (4802573D)
b1ef4000 b1f0b900 dump_atapi dump_atapi.sys Sun Apr 13 20:40:29 2008 (4802539D)
b1f0c000 b1f28000 EraserUtilRebootDrv EraserUtilRebootDrv.sys Thu Aug 28 19:06:09 2008 (48B6DB01)
b1f28000 b1f86000 eeCtrl eeCtrl.sys Thu Aug 28 19:06:09 2008 (48B6DB01)
b1f86000 b1ff5780 mrxsmb mrxsmb.sys Sun Apr 13 21:16:58 2008 (48025C2A)
b1ff6000 b2020e80 rdbss rdbss.sys Sun Apr 13 21:28:38 2008 (48025EE6)
b2021000 b2042d00 afd afd.sys Thu Aug 14 12:04:35 2008 (48A40333)
b2043000 b2068500 ipnat ipnat.sys Sun Apr 13 20:57:10 2008 (48025786)
b2069000 b2090c00 netbt netbt.sys Sun Apr 13 21:20:59 2008 (48025D1B)
b2091000 b20e9480 tcpip tcpip.sys Fri Jun 20 13:51:09 2008 (485B99AD)
b20ea000 b20fc600 ipsec ipsec.sys Sun Apr 13 21:19:42 2008 (48025CCE)
b2637000 b263b500 watchdog watchdog.sys Sun Apr 13 20:44:59 2008 (480254AB)
b2ae2000 b2ae3900 awechomd awechomd.sys Fri Jan 19 13:45:02 2007 (45B0BD4E)
b2d3e000 b2d3ff00 Fs_Rec Fs_Rec.SYS Fri Aug 17 22:49:37 2001 (3B7D8361)
b2d96000 b2d9d880 Npfs Npfs.SYS Sun Apr 13 20:32:38 2008 (480251C6)
b2d9e000 b2da2a80 Msfs Msfs.SYS Sun Apr 13 20:32:38 2008 (480251C6)
b2dbe000 b2dc3200 vga vga.sys Sun Apr 13 20:44:40 2008 (48025498)
b323c000 b3250000 Savrtpel Savrtpel.sys Wed Sep 06 23:26:26 2006 (44FF3D02)
b3250000 b3272000 SYMEVENT SYMEVENT.SYS Wed Nov 08 04:38:37 2006 (4551513D)
b32f9000 b3351000 savrt savrt.sys Wed Sep 06 23:26:23 2006 (44FF3CFF)
b4465000 b451b000 HSX_CNXT HSX_CNXT.sys Fri Dec 02 02:40:05 2005 (438FA5F5)
b451b000 b4612000 HSX_DPV HSX_DPV.sys Fri Dec 02 02:40:52 2005 (438FA624)
b4612000 b464c000 HSXHWAZL HSXHWAZL.sys Fri Dec 02 02:40:10 2005 (438FA5FA)
b4ce5000 b4ce5b80 Null Null.SYS Fri Aug 17 22:47:39 2001 (3B7D82EB)
b57ef000 b5812a80 portcls portcls.sys Sun Apr 13 21:19:40 2008 (48025CCC)
b5813000 b590a5e0 sthda sthda.sys Wed Nov 16 20:47:30 2005 (437B8CD2)
b7b8b000 b7b8fb20 iPassP iPassP.sys Mon Oct 24 16:43:31 2005 (435CF313)
b7f6e000 b7f7cb00 drmk drmk.sys Sun Apr 13 20:45:12 2008 (480254B8)
b802b000 b8035000 hcmon hcmon.sys Tue Aug 01 11:23:07 2006 (44CF1D7B)
b806b000 b807a900 Cdfs Cdfs.SYS Sun Apr 13 21:14:21 2008 (48025B8D)
b8083000 b8086900 SMCLIB SMCLIB.SYS Fri Aug 17 22:50:56 2001 (3B7D83B0)
b86b0000 b86b5b00 vmnetbridge vmnetbridge.sys Tue Aug 01 11:24:44 2006 (44CF1DDC)
b87e6000 b87f0e00 Fips Fips.SYS Sun Apr 13 20:33:27 2008 (480251F7)
b87f6000 b87fe780 netbios netbios.sys Sun Apr 13 20:56:01 2008 (48025741)
b8806000 b880e080 ipfltdrv ipfltdrv.sys Fri Aug 17 22:55:07 2001 (3B7D84AB)
b8816000 b881e700 wanarp wanarp.sys Sun Apr 13 20:57:20 2008 (48025790)
b8836000 b883e900 msgpc msgpc.sys Sun Apr 13 20:56:32 2008 (48025760)
b8846000 b8854880 usbhub usbhub.sys Sun Apr 13 20:45:36 2008 (480254D0)
b88af000 b88b1880 hidusb hidusb.sys Sun Apr 13 20:45:27 2008 (480254C7)
b8b4a000 b8b4c900 Dxapi Dxapi.sys Fri Aug 17 22:53:19 2001 (3B7D843F)
b9bc9000 b9bd0580 Modem Modem.SYS Sun Apr 13 21:00:18 2008 (48025842)
b9c91000 b9ceef00 update update.sys Sun Apr 13 20:39:46 2008 (48025372)
b9cf3000 b9cf6f00 APPDRV APPDRV.SYS Wed Jun 30 17:39:34 2004 (40E2DEB6)
b9d17000 b9d46e80 rdpdr rdpdr.sys Sun Apr 13 20:32:50 2008 (480251D2)
b9d47000 b9d5d580 ndiswan ndiswan.sys Sun Apr 13 21:20:41 2008 (48025D09)
b9d5e000 b9d79920 dne2000 dne2000.sys Wed Oct 27 23:29:30 2004 (4180133A)
b9d7a000 b9d9c700 ks ks.sys Sun Apr 13 21:16:34 2008 (48025C12)
b9d9d000 b9db7f40 Apfiltr Apfiltr.sys Wed Sep 28 13:57:18 2005 (433A851E)
b9db8000 b9ddb200 USBPORT USBPORT.SYS Sun Apr 13 20:45:34 2008 (480254CE)
b9ddc000 b9dfed80 b57xp32 b57xp32.sys Tue Oct 18 00:31:57 2005 (4354265D)
b9dff000 b9e27000 HDAudBus HDAudBus.sys Thu May 26 17:46:29 2005 (4295EF55)
b9e27000 ba4915e0 nv4_mini nv4_mini.sys Sun Apr 29 04:37:50 2007 (463404FE)
ba492000 ba4a5f00 VIDEOPRT VIDEOPRT.SYS Sun Apr 13 20:44:39 2008 (48025497)
ba83f000 ba83fc00 audstub audstub.sys Fri Aug 17 22:59:40 2001 (3B7D85BC)
baae3000 baae5280 rasacd rasacd.sys Fri Aug 17 22:55:39 2001 (3B7D84CB)
baae7000 baae9f80 mouhid mouhid.sys Fri Aug 17 22:47:57 2001 (3B7D82FD)
baef5000 baf01880 rasl2tp rasl2tp.sys Sun Apr 13 21:19:43 2008 (48025CCF)
baf05000 baf13100 redbook redbook.sys Sun Apr 13 20:40:27 2008 (4802539B)
baf15000 baf24600 cdrom cdrom.sys Sun Apr 13 20:40:45 2008 (480253AD)
baf25000 baf2f480 imapi imapi.sys Sun Apr 13 20:40:57 2008 (480253B9)
baf35000 baf44c00 serial serial.sys Sun Apr 13 21:15:44 2008 (48025BE0)
baf45000 baf51d00 i8042prt i8042prt.sys Sun Apr 13 21:17:59 2008 (48025C67)
baf55000 baf5de00 intelppm intelppm.sys Sun Apr 13 20:31:31 2008 (48025183)
bafd0000 bafd2a80 awlegacy awlegacy.sys Tue Jan 16 11:27:35 2007 (45ACA897)
bafec000 bafee800 VMNET VMNET.SYS Thu Dec 16 09:13:19 2004 (41C1439F)
baff0000 baff2580 vmnetadapter vmnetadapter.sys Thu Dec 16 09:13:25 2004 (41C143A5)
baff4000 baff7c80 mssmbios mssmbios.sys Sun Apr 13 20:36:45 2008 (480252BD)
bf800000 bf9c2c80 win32k win32k.sys Mon Sep 15 14:12:42 2008 (48CE513A)
bf9c3000 bf9d4600 dxg dxg.sys Sun Apr 13 20:38:27 2008 (48025323)
bf9d5000 bff0b100 nv4_disp nv4_disp.dll Sun Apr 29 04:34:36 2007 (4634043C)
bffa0000 bffe5c00 ATMFD ATMFD.DLL Mon Apr 14 02:09:55 2008 (4802A0D3)
f7424000 f743db80 Mup Mup.sys Sun Apr 13 21:17:05 2008 (48025C31)
f743e000 f746a980 NDIS NDIS.sys Sun Apr 13 21:20:35 2008 (48025D03)
f746b000 f7481880 KSecDD KSecDD.sys Sun Apr 13 20:31:40 2008 (4802518C)
f7482000 f74a1b00 fltmgr fltmgr.sys Sun Apr 13 20:32:58 2008 (480251DA)
f74a2000 f74b9900 atapi atapi.sys Sun Apr 13 20:40:29 2008 (4802539D)
f74ba000 f74d8880 ftdisk ftdisk.sys Fri Aug 17 22:52:41 2001 (3B7D8419)
f74d9000 f74f6580 pcmcia pcmcia.sys Sun Apr 13 20:36:41 2008 (480252B9)
f7547000 f7550e80 NDProxy NDProxy.SYS Sun Apr 13 20:57:28 2008 (48025798)
f7587000 f7593000 usbccid usbccid.sys Sat May 14 02:27:55 2005 (4285460B)
f7597000 f75a7a80 pci pci.sys Sun Apr 13 20:36:43 2008 (480252BB)
f75a8000 f75d5d80 ACPI ACPI.sys Sun Apr 13 20:36:33 2008 (480252B1)
f75f7000 f7600180 isapnp isapnp.sys Sun Apr 13 20:36:40 2008 (480252B8)
f7607000 f7611580 MountMgr MountMgr.sys Sun Apr 13 20:39:45 2008 (48025371)
f7617000 f7623c80 VolSnap VolSnap.sys Sun Apr 13 20:41:00 2008 (480253BC)
f7627000 f7633180 CLASSPNP CLASSPNP.SYS Sun Apr 13 21:16:21 2008 (48025C05)
f7637000 f763fe00 disk disk.sys Sun Apr 13 20:40:46 2008 (480253AE)
f7647000 f7656800 SGEFLT SGEFLT.SYS Tue Dec 11 13:05:26 2007 (475E7D06)
f7667000 f7671200 raspppoe raspppoe.sys Sun Apr 13 20:57:31 2008 (4802579B)
f7677000 f7682d00 raspptp raspptp.sys Sun Apr 13 21:19:47 2008 (48025CD3)
f7687000 f7690f00 termdd termdd.sys Sun Apr 13 20:38:36 2008 (4802532C)
f76f7000 f7700000 HIDCLASS HIDCLASS.SYS Sun Apr 13 20:45:25 2008 (480254C5)
f7707000 f770d180 PCIIDEX PCIIDEX.SYS Sun Apr 13 20:40:29 2008 (4802539D)
f770f000 f7713d00 PartMgr PartMgr.sys Sun Apr 13 20:40:48 2008 (480253B0)
f7717000 f771c000 Flpydisk Flpydisk.sys Sun Apr 13 20:40:24 2008 (48025398)
f771f000 f7723820 AES256 AES256.SYS Mon Aug 07 21:47:11 2006 (44D798BF)
f774f000 f7754500 TDTCP TDTCP.SYS Sun Apr 13 20:38:35 2008 (4802532B)
f7777000 f777ba80 TDI TDI.SYS Sun Apr 13 21:00:04 2008 (48025834)
f7787000 f778d180 HIDPARSE HIDPARSE.SYS Sun Apr 13 20:45:22 2008 (480254C2)
f7797000 f779d000 kbdclass kbdclass.sys Sun Apr 13 20:39:46 2008 (48025372)
f779f000 f77a4a00 mouclass mouclass.sys Sun Apr 13 20:39:47 2008 (48025373)
f77a7000 f77ac080 usbuhci usbuhci.sys Sun Apr 13 20:45:34 2008 (480254CE)
f77af000 f77b6600 usbehci usbehci.sys Sun Apr 13 20:45:34 2008 (480254CE)
f77b7000 f77bb580 ptilink ptilink.sys Fri Aug 17 22:49:53 2001 (3B7D8371)
f77bf000 f77c3080 raspti raspti.sys Fri Aug 17 22:55:32 2001 (3B7D84C4)
f7897000 f789a000 BOOTVID BOOTVID.dll Fri Aug 17 22:49:09 2001 (3B7D8345)
f789b000 f789d800 compbatt compbatt.sys Sun Apr 13 20:36:36 2008 (480252B4)
f789f000 f78a2780 BATTC BATTC.SYS Sun Apr 13 20:36:32 2008 (480252B0)
f78a3000 f78a5c80 Sfloppy Sfloppy.sys Sun Apr 13 20:40:47 2008 (480253AF)
f78a7000 f78aa500 Gernuwa Gernuwa.sys Thu Feb 22 05:03:53 2007 (45DD1629)
f7927000 f7929c00 aw_host5 aw_host5.sys Tue Jan 16 11:13:19 2007 (45ACA53F)
f792b000 f792d280 wmiacpi wmiacpi.sys Sun Apr 13 20:36:37 2008 (480252B5)
f792f000 f7932680 CmBatt CmBatt.sys Sun Apr 13 20:36:36 2008 (480252B4)
f7937000 f793ad80 serenum serenum.sys Sun Apr 13 20:40:12 2008 (4802538C)
f7943000 f7945780 ndistapi ndistapi.sys Sun Apr 13 20:57:27 2008 (48025797)
f7987000 f7988b80 kdcom kdcom.dll Fri Aug 17 22:49:10 2001 (3B7D8346)
f7989000 f798a100 WMILIB WMILIB.SYS Fri Aug 17 23:07:23 2001 (3B7D878B)
f7995000 f7996080 mnmdd mnmdd.SYS Fri Aug 17 22:57:28 2001 (3B7D8538)
f799b000 f799c280 USBD USBD.SYS Fri Aug 17 23:02:58 2001 (3B7D8682)
f79a5000 f79a6080 RDPCDD RDPCDD.sys Fri Aug 17 22:46:56 2001 (3B7D82C0)
f79c3000 f79c4300 kbstuff5 kbstuff5.sys Wed Nov 23 20:44:23 2005 (4384C697)
f79c5000 f79c6100 swenum swenum.sys Sun Apr 13 20:39:52 2008 (48025378)
f79c7000 f79c8100 dump_WMILIB dump_WMILIB.SYS Fri Aug 17 23:07:23 2001 (3B7D878B)
f7a4f000 f7a4fd00 pciide pciide.sys Fri Aug 17 22:51:49 2001 (3B7D83E5)
f7a7e000 f7a7e840 idisw2km idisw2km.sys Wed Nov 23 20:45:10 2005 (4384C6C6)
f7aa4000 f7aa4d00 dxgthk dxgthk.sys Fri Aug 17 22:53:12 2001 (3B7D8438)
f7b52000 f7bde600 Ntfs Ntfs.sys Sun Apr 13 21:15:49 2008 (48025BE5)
Unloaded modules:
af90a000 af91f000 naveng.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
af91f000 af9f4000 navex15.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f7864000 f7897000 BlackCat.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
b06c8000 b06cb000 tdmntdrv.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
b05ad000 b05d8000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f7ab7000 f7ab8000 drmkaud.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
b05d8000 b05fb000 aec.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
b1313000 b1320000 DMusic.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
b11cb000 b11d9000 swmidi.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f79bf000 f79c1000 splitter.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
b211d000 b2132000 naveng.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
b2132000 b2207000 navex15.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
b14fa000 b150e000 parport.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
b8b4e000 b8b52000 kbdhid.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
b2af4000 b2af6000 Beep.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
b7b43000 b7b48000 Cdaudio.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
b7b43000 b7b4a000 Fdc.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
from the minidumps posted, the problem seems to be coming from a faulty driver. did you recently install any new hardware or upgrade any drivers on the machine? Did you boot to the last known good configuration?
Also, consider running a system restore and restore to a previous date and/or remove any new hardware.
see this article:
http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/w2000Msgs/6093.mspx?mfr=true
I know its for win2k but the same concept still applies.
try replacing your memory modules.
does the machine w/ the problem clear the page file on shutdown?
you may want to try logging into the machine in safe mode and enable that feature.
Start > Run > "gpedit.msc" (without the quotes) & press enter
navigate to:
Computer Configuration > Windows Settings > Local Policies > Security Options: Shutdown: Clear virtual memory pagefile
set that option to enabled.
if you are unable to log into the machine, you may consider removing the drive which contains the Pagefile, installing it into another machine as a slave drive and manually deleting the page file. Place the drive back into the original machine and boot up as normal. Windows will create a new page file upon boot up.
Also, consider running a system restore and restore to a previous date and/or remove any new hardware.
see this article:
http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/w2000Msgs/6093.mspx?mfr=true
I know its for win2k but the same concept still applies.
try replacing your memory modules.
does the machine w/ the problem clear the page file on shutdown?
you may want to try logging into the machine in safe mode and enable that feature.
Start > Run > "gpedit.msc" (without the quotes) & press enter
navigate to:
Computer Configuration > Windows Settings > Local Policies > Security Options: Shutdown: Clear virtual memory pagefile
set that option to enabled.
if you are unable to log into the machine, you may consider removing the drive which contains the Pagefile, installing it into another machine as a slave drive and manually deleting the page file. Place the drive back into the original machine and boot up as normal. Windows will create a new page file upon boot up.
ASKER
Thank you everyone
I uploaded the minidumps to eestuff related to this quesiton as asked.
Responding to some of these comments.
We can't upgrade our Symantec Antivirus - this is a corporate PC. when we tested an upgrade it caused problems in other areas of our company.
Also I can't modify group policy settings easily (centrally controlled) so I'll hold off on that idea for now.
Its already booted up cleanly since the last BSOD so I don't believe the "last known good configuration" will help.
System restore is disabled per group policy at our company, so I can't do that.
I can certainly reinstall the hostexplorer program, so I will do that
We have pretty robust virus scanning, and firewall filters, so I don't think its a virus. I'll hold off on that also for now.
I can run a memory stress test also.
I'll do the memory stress test and the hostexplorer reinstall first.
stay tuned. thank you for all the comments.
I uploaded the minidumps to eestuff related to this quesiton as asked.
Responding to some of these comments.
We can't upgrade our Symantec Antivirus - this is a corporate PC. when we tested an upgrade it caused problems in other areas of our company.
Also I can't modify group policy settings easily (centrally controlled) so I'll hold off on that idea for now.
Its already booted up cleanly since the last BSOD so I don't believe the "last known good configuration" will help.
System restore is disabled per group policy at our company, so I can't do that.
I can certainly reinstall the hostexplorer program, so I will do that
We have pretty robust virus scanning, and firewall filters, so I don't think its a virus. I'll hold off on that also for now.
I can run a memory stress test also.
I'll do the memory stress test and the hostexplorer reinstall first.
stay tuned. thank you for all the comments.
ASKER
Reinstall Hummingbird Host Explorer had resolved the issue.
http://www.ee-stuff.com/