[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3644
  • Last Modified:

Need help with a minidump analysis from bluescreen system error event ID 1003

I have a PC that is starting to bluescreen
the system error that is logged is Event ID 1003

I've uploaded two of the recent minidumps here:
Download link: http://rapidshare.com/files/163715544/Mini102408-01.dmp
Download link: http://rapidshare.com/files/163715546/Mini111408-01.dmp

and would appreciat help with analyzing them.
0
Thr-ITSA
Asked:
Thr-ITSA
  • 2
  • 2
  • 2
  • +2
1 Solution
 
rindiCommented:
Those links seem to be broken. Zip your files and then use the following Link to upload them:

http://www.ee-stuff.com/
0
 
FOTCCommented:
I'm unable to access rapidshare at work, but to read minidumps follow these instructions:

1) Download and install the http://www.microsoft.com/whdc/devtools/debugging/installx86.mspx
Debugging Tools from Microsoft[/url]
2) Locate your latest memory.dmp file- C:\WINDOWS\ Minidump\Mini081505-01.dmp or whatever
3) open a CMD prompt and cd\program files\debugging tools for windows\
4) type the following stuff:
Code:

c:\program files\debugging tools>kd -z C:\WINDOWS\ Minidump\Mini081505-01.dmp
(it will spew a bunch)
kd> .logopen c:\debuglog.txt
kd> .sympath srv*c:\symbols*http://msdl.microsoft.com/download/symbols
kd> .reload;!analyze -v;r;kv;lmnt;.logclose;q

5) You now have a debuglog.txt in c:\, open it in notepad and post the content here
0
 
torimarCommented:
Here's the minidump analysis.

Looks like a problem with the Humming Bird Hostexplorer.
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************
 
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced.  This cannot be protected by try-except,
it must be protected by a Probe.  Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: e85dc0e0, memory referenced.
Arg2: 00000000, value 0 = read operation, 1 = write operation.
Arg3: bf8b61ce, If non-zero, the instruction address which referenced the bad memory
	address.
Arg4: 00000001, (reserved)
 
Debugging Details:
------------------
 
 
Could not read faulting driver name
 
READ_ADDRESS:  e85dc0e0 
 
FAULTING_IP: 
win32k!PFEOBJ::vFreepfdg+13
bf8b61ce 8b38            mov     edi,dword ptr [eax]
 
MM_INTERNAL_CODE:  1
 
CUSTOMER_CRASH_COUNT:  1
 
DEFAULT_BUCKET_ID:  DRIVER_FAULT
 
BUGCHECK_STR:  0x50
 
PROCESS_NAME:  hostex32.exe
 
LAST_CONTROL_TRANSFER:  from bf8b62d2 to bf8b61ce
 
STACK_TEXT:  
b00e4b6c bf8b62d2 e8607a08 e72529c8 b00e4be0 win32k!PFEOBJ::vFreepfdg+0x13
b00e4b8c bf8dfa3d 00000000 00000000 00000000 win32k!RFONTOBJ::bDeleteRFONT+0x1d
b00e4bb0 bf8dff35 b00e4be0 00000000 0019b960 win32k!PUBLIC_PFTOBJ::bLoadAFont+0x21f
b00e4bd8 bf8d0d2a e54b4610 e47d2c64 00000000 win32k!PFTOBJ::bUnloadWorkhorse+0x112
b00e4bfc bf8d0c6f e7a756a0 00000053 00000001 win32k!GreRemoveFontResourceW+0x87
b00e4d44 804dd99f 0019b960 00000053 00000001 win32k!NtGdiRemoveFontResourceW+0x157
b00e4d44 7c90e4f4 0019b960 00000053 00000001 nt!KiFastCallEntry+0xfc
WARNING: Frame IP not in any known module. Following frames may be wrong.
015ff810 00000000 00000000 00000000 00000000 0x7c90e4f4
 
 
STACK_COMMAND:  kb
 
FOLLOWUP_IP: 
win32k!PFEOBJ::vFreepfdg+13
bf8b61ce 8b38            mov     edi,dword ptr [eax]
 
SYMBOL_STACK_INDEX:  0
 
SYMBOL_NAME:  win32k!PFEOBJ::vFreepfdg+13
 
FOLLOWUP_NAME:  MachineOwner
 
MODULE_NAME: win32k
 
IMAGE_NAME:  win32k.sys
 
DEBUG_FLR_IMAGE_TIMESTAMP:  48ce513a
 
FAILURE_BUCKET_ID:  0x50_win32k!PFEOBJ::vFreepfdg+13
 
BUCKET_ID:  0x50_win32k!PFEOBJ::vFreepfdg+13

Open in new window

0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
JSoupCommented:

The information provided is insufficient for analysis. Additionally, you have provided Web links for dumps from a second website. When this website has the ability to attach a file. This provider finds the links risky.
Appropriate information, for analysis would be.
Event log entries information prior to the crash. This information may be modified or sanitized to delete domain name and IP.
The dump information from the event logs. Not the binary dump. You may also provide the stop code from the blue screen, which is usually the first line.
If this information cannot be provided please delete question.
Yes, I've reviewed your question history.
0
 
torimarCommented:
Here's the rest of the dump analysis.

You will notice that SYMEVENT.SYS is two years old. In a similar case here on EE updating the Symantec Anti-Virus (not the definitions, the application itself) seems to have solved the problem. (http://www.experts-exchange.com/Operating_Systems/Windows_Server_2003/Q_21771350.html)

Faulty memory (run a long test with memtest86 (www.memtest86.com) or a virus infection are also possible causes.
Run a scan with Malwarebyte's Antimalware (http://www.malwarebytes.org/mbam.php), then a deep scan with your AV, then post a HijackThis log.
0: kd> r
eax=e85dc0e0 ebx=b00e4be0 ecx=8a68f7d0 edx=e5375008 esi=b00e4b84 edi=e8607a08
eip=bf8b61ce esp=b00e4b5c ebp=b00e4b6c iopl=0         nv up ei ng nz na po nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010282
win32k!PFEOBJ::vFreepfdg+0x13:
bf8b61ce 8b38            mov     edi,dword ptr [eax]  ds:0023:e85dc0e0=????????
0: kd> kv
ChildEBP RetAddr  Args to Child              
b00e4b6c bf8b62d2 e8607a08 e72529c8 b00e4be0 win32k!PFEOBJ::vFreepfdg+0x13 (FPO: [Non-Fpo])
b00e4b8c bf8dfa3d 00000000 00000000 00000000 win32k!RFONTOBJ::bDeleteRFONT+0x1d (FPO: [Non-Fpo])
b00e4bb0 bf8dff35 b00e4be0 00000000 0019b960 win32k!PUBLIC_PFTOBJ::bLoadAFont+0x21f (FPO: [Non-Fpo])
b00e4bd8 bf8d0d2a e54b4610 e47d2c64 00000000 win32k!PFTOBJ::bUnloadWorkhorse+0x112 (FPO: [Non-Fpo])
b00e4bfc bf8d0c6f e7a756a0 00000053 00000001 win32k!GreRemoveFontResourceW+0x87 (FPO: [Non-Fpo])
b00e4d44 804dd99f 0019b960 00000053 00000001 win32k!NtGdiRemoveFontResourceW+0x157 (FPO: [Non-Fpo])
b00e4d44 7c90e4f4 0019b960 00000053 00000001 nt!KiFastCallEntry+0xfc (FPO: [0,0] TrapFrame @ b00e4d64)
WARNING: Frame IP not in any known module. Following frames may be wrong.
015ff810 00000000 00000000 00000000 00000000 0x7c90e4f4
0: kd> lmnt
start    end        module name
804d7000 806ff000   nt       ntkrnlmp.exe Thu Aug 14 12:09:14 2008 (48A4044A)
806ff000 8071fd00   hal      halmacpi.dll Sun Apr 13 20:31:27 2008 (4802517F)
ae127000 ae13b1e0   naveng   naveng.sys   Sat Nov 08 03:27:13 2008 (4914F901)
ae13c000 ae210420   navex15  navex15.sys  Sat Nov 08 03:26:34 2008 (4914F8DA)
ae211000 ae23b180   kmixer   kmixer.sys   Sun Apr 13 20:45:07 2008 (480254B3)
af581000 af5c1a80   HTTP     HTTP.sys     Sun Apr 13 20:53:48 2008 (480256BC)
afaf0000 afaf3600   prepdrv  prepdrv.sys  Sat Apr 14 02:14:39 2007 (46201CEF)
afbfc000 afc1e100   RDPWD    RDPWD.SYS    Sun Apr 13 20:38:40 2008 (48025330)
aff01000 aff14a80   isskboep isskboep.sys Fri Dec 08 22:49:29 2006 (4579DDE9)
b0245000 b0247d00   vstor2   vstor2.sys   Tue Aug 01 11:34:52 2006 (44CF203C)
b05fb000 b060f480   wdmaud   wdmaud.sys   Sun Apr 13 21:17:18 2008 (48025C3E)
b0640000 b064c3a0   RapDrv   RapDrv.sys   Thu Apr 26 22:49:45 2007 (46311069)
b0708000 b0716d80   sysaudio sysaudio.sys Sun Apr 13 21:15:55 2008 (48025BEB)
b0738000 b0746200   PrivateDiskM PrivateDiskM.sys Thu Sep 06 11:28:39 2007 (46DFC847)
b0fbd000 b0fc0d00   vmnetuserif vmnetuserif.sys Tue Aug 01 11:24:38 2006 (44CF1DD6)
b10b1000 b1102800   srv      srv.sys      Mon Sep 08 12:41:40 2008 (48C50164)
b135b000 b13de000   CVPNDRVA CVPNDRVA.sys Thu Feb 10 19:15:58 2005 (420BA4DE)
b14ce000 b14d1100   mdmxsdk  mdmxsdk.sys  Thu Oct 06 01:58:05 2005 (4344688D)
b14f6000 b150d480   vmx86    vmx86.sys    Tue Aug 01 10:48:01 2006 (44CF1541)
b1536000 b1562180   mrxdav   mrxdav.sys   Sun Apr 13 20:32:42 2008 (480251CA)
b16b7000 b16ba900   ndisuio  ndisuio.sys  Sun Apr 13 20:55:57 2008 (4802573D)
b1ef4000 b1f0b900   dump_atapi dump_atapi.sys Sun Apr 13 20:40:29 2008 (4802539D)
b1f0c000 b1f28000   EraserUtilRebootDrv EraserUtilRebootDrv.sys Thu Aug 28 19:06:09 2008 (48B6DB01)
b1f28000 b1f86000   eeCtrl   eeCtrl.sys   Thu Aug 28 19:06:09 2008 (48B6DB01)
b1f86000 b1ff5780   mrxsmb   mrxsmb.sys   Sun Apr 13 21:16:58 2008 (48025C2A)
b1ff6000 b2020e80   rdbss    rdbss.sys    Sun Apr 13 21:28:38 2008 (48025EE6)
b2021000 b2042d00   afd      afd.sys      Thu Aug 14 12:04:35 2008 (48A40333)
b2043000 b2068500   ipnat    ipnat.sys    Sun Apr 13 20:57:10 2008 (48025786)
b2069000 b2090c00   netbt    netbt.sys    Sun Apr 13 21:20:59 2008 (48025D1B)
b2091000 b20e9480   tcpip    tcpip.sys    Fri Jun 20 13:51:09 2008 (485B99AD)
b20ea000 b20fc600   ipsec    ipsec.sys    Sun Apr 13 21:19:42 2008 (48025CCE)
b2637000 b263b500   watchdog watchdog.sys Sun Apr 13 20:44:59 2008 (480254AB)
b2ae2000 b2ae3900   awechomd awechomd.sys Fri Jan 19 13:45:02 2007 (45B0BD4E)
b2d3e000 b2d3ff00   Fs_Rec   Fs_Rec.SYS   Fri Aug 17 22:49:37 2001 (3B7D8361)
b2d96000 b2d9d880   Npfs     Npfs.SYS     Sun Apr 13 20:32:38 2008 (480251C6)
b2d9e000 b2da2a80   Msfs     Msfs.SYS     Sun Apr 13 20:32:38 2008 (480251C6)
b2dbe000 b2dc3200   vga      vga.sys      Sun Apr 13 20:44:40 2008 (48025498)
b323c000 b3250000   Savrtpel Savrtpel.sys Wed Sep 06 23:26:26 2006 (44FF3D02)
b3250000 b3272000   SYMEVENT SYMEVENT.SYS Wed Nov 08 04:38:37 2006 (4551513D)
b32f9000 b3351000   savrt    savrt.sys    Wed Sep 06 23:26:23 2006 (44FF3CFF)
b4465000 b451b000   HSX_CNXT HSX_CNXT.sys Fri Dec 02 02:40:05 2005 (438FA5F5)
b451b000 b4612000   HSX_DPV  HSX_DPV.sys  Fri Dec 02 02:40:52 2005 (438FA624)
b4612000 b464c000   HSXHWAZL HSXHWAZL.sys Fri Dec 02 02:40:10 2005 (438FA5FA)
b4ce5000 b4ce5b80   Null     Null.SYS     Fri Aug 17 22:47:39 2001 (3B7D82EB)
b57ef000 b5812a80   portcls  portcls.sys  Sun Apr 13 21:19:40 2008 (48025CCC)
b5813000 b590a5e0   sthda    sthda.sys    Wed Nov 16 20:47:30 2005 (437B8CD2)
b7b8b000 b7b8fb20   iPassP   iPassP.sys   Mon Oct 24 16:43:31 2005 (435CF313)
b7f6e000 b7f7cb00   drmk     drmk.sys     Sun Apr 13 20:45:12 2008 (480254B8)
b802b000 b8035000   hcmon    hcmon.sys    Tue Aug 01 11:23:07 2006 (44CF1D7B)
b806b000 b807a900   Cdfs     Cdfs.SYS     Sun Apr 13 21:14:21 2008 (48025B8D)
b8083000 b8086900   SMCLIB   SMCLIB.SYS   Fri Aug 17 22:50:56 2001 (3B7D83B0)
b86b0000 b86b5b00   vmnetbridge vmnetbridge.sys Tue Aug 01 11:24:44 2006 (44CF1DDC)
b87e6000 b87f0e00   Fips     Fips.SYS     Sun Apr 13 20:33:27 2008 (480251F7)
b87f6000 b87fe780   netbios  netbios.sys  Sun Apr 13 20:56:01 2008 (48025741)
b8806000 b880e080   ipfltdrv ipfltdrv.sys Fri Aug 17 22:55:07 2001 (3B7D84AB)
b8816000 b881e700   wanarp   wanarp.sys   Sun Apr 13 20:57:20 2008 (48025790)
b8836000 b883e900   msgpc    msgpc.sys    Sun Apr 13 20:56:32 2008 (48025760)
b8846000 b8854880   usbhub   usbhub.sys   Sun Apr 13 20:45:36 2008 (480254D0)
b88af000 b88b1880   hidusb   hidusb.sys   Sun Apr 13 20:45:27 2008 (480254C7)
b8b4a000 b8b4c900   Dxapi    Dxapi.sys    Fri Aug 17 22:53:19 2001 (3B7D843F)
b9bc9000 b9bd0580   Modem    Modem.SYS    Sun Apr 13 21:00:18 2008 (48025842)
b9c91000 b9ceef00   update   update.sys   Sun Apr 13 20:39:46 2008 (48025372)
b9cf3000 b9cf6f00   APPDRV   APPDRV.SYS   Wed Jun 30 17:39:34 2004 (40E2DEB6)
b9d17000 b9d46e80   rdpdr    rdpdr.sys    Sun Apr 13 20:32:50 2008 (480251D2)
b9d47000 b9d5d580   ndiswan  ndiswan.sys  Sun Apr 13 21:20:41 2008 (48025D09)
b9d5e000 b9d79920   dne2000  dne2000.sys  Wed Oct 27 23:29:30 2004 (4180133A)
b9d7a000 b9d9c700   ks       ks.sys       Sun Apr 13 21:16:34 2008 (48025C12)
b9d9d000 b9db7f40   Apfiltr  Apfiltr.sys  Wed Sep 28 13:57:18 2005 (433A851E)
b9db8000 b9ddb200   USBPORT  USBPORT.SYS  Sun Apr 13 20:45:34 2008 (480254CE)
b9ddc000 b9dfed80   b57xp32  b57xp32.sys  Tue Oct 18 00:31:57 2005 (4354265D)
b9dff000 b9e27000   HDAudBus HDAudBus.sys Thu May 26 17:46:29 2005 (4295EF55)
b9e27000 ba4915e0   nv4_mini nv4_mini.sys Sun Apr 29 04:37:50 2007 (463404FE)
ba492000 ba4a5f00   VIDEOPRT VIDEOPRT.SYS Sun Apr 13 20:44:39 2008 (48025497)
ba83f000 ba83fc00   audstub  audstub.sys  Fri Aug 17 22:59:40 2001 (3B7D85BC)
baae3000 baae5280   rasacd   rasacd.sys   Fri Aug 17 22:55:39 2001 (3B7D84CB)
baae7000 baae9f80   mouhid   mouhid.sys   Fri Aug 17 22:47:57 2001 (3B7D82FD)
baef5000 baf01880   rasl2tp  rasl2tp.sys  Sun Apr 13 21:19:43 2008 (48025CCF)
baf05000 baf13100   redbook  redbook.sys  Sun Apr 13 20:40:27 2008 (4802539B)
baf15000 baf24600   cdrom    cdrom.sys    Sun Apr 13 20:40:45 2008 (480253AD)
baf25000 baf2f480   imapi    imapi.sys    Sun Apr 13 20:40:57 2008 (480253B9)
baf35000 baf44c00   serial   serial.sys   Sun Apr 13 21:15:44 2008 (48025BE0)
baf45000 baf51d00   i8042prt i8042prt.sys Sun Apr 13 21:17:59 2008 (48025C67)
baf55000 baf5de00   intelppm intelppm.sys Sun Apr 13 20:31:31 2008 (48025183)
bafd0000 bafd2a80   awlegacy awlegacy.sys Tue Jan 16 11:27:35 2007 (45ACA897)
bafec000 bafee800   VMNET    VMNET.SYS    Thu Dec 16 09:13:19 2004 (41C1439F)
baff0000 baff2580   vmnetadapter vmnetadapter.sys Thu Dec 16 09:13:25 2004 (41C143A5)
baff4000 baff7c80   mssmbios mssmbios.sys Sun Apr 13 20:36:45 2008 (480252BD)
bf800000 bf9c2c80   win32k   win32k.sys   Mon Sep 15 14:12:42 2008 (48CE513A)
bf9c3000 bf9d4600   dxg      dxg.sys      Sun Apr 13 20:38:27 2008 (48025323)
bf9d5000 bff0b100   nv4_disp nv4_disp.dll Sun Apr 29 04:34:36 2007 (4634043C)
bffa0000 bffe5c00   ATMFD    ATMFD.DLL    Mon Apr 14 02:09:55 2008 (4802A0D3)
f7424000 f743db80   Mup      Mup.sys      Sun Apr 13 21:17:05 2008 (48025C31)
f743e000 f746a980   NDIS     NDIS.sys     Sun Apr 13 21:20:35 2008 (48025D03)
f746b000 f7481880   KSecDD   KSecDD.sys   Sun Apr 13 20:31:40 2008 (4802518C)
f7482000 f74a1b00   fltmgr   fltmgr.sys   Sun Apr 13 20:32:58 2008 (480251DA)
f74a2000 f74b9900   atapi    atapi.sys    Sun Apr 13 20:40:29 2008 (4802539D)
f74ba000 f74d8880   ftdisk   ftdisk.sys   Fri Aug 17 22:52:41 2001 (3B7D8419)
f74d9000 f74f6580   pcmcia   pcmcia.sys   Sun Apr 13 20:36:41 2008 (480252B9)
f7547000 f7550e80   NDProxy  NDProxy.SYS  Sun Apr 13 20:57:28 2008 (48025798)
f7587000 f7593000   usbccid  usbccid.sys  Sat May 14 02:27:55 2005 (4285460B)
f7597000 f75a7a80   pci      pci.sys      Sun Apr 13 20:36:43 2008 (480252BB)
f75a8000 f75d5d80   ACPI     ACPI.sys     Sun Apr 13 20:36:33 2008 (480252B1)
f75f7000 f7600180   isapnp   isapnp.sys   Sun Apr 13 20:36:40 2008 (480252B8)
f7607000 f7611580   MountMgr MountMgr.sys Sun Apr 13 20:39:45 2008 (48025371)
f7617000 f7623c80   VolSnap  VolSnap.sys  Sun Apr 13 20:41:00 2008 (480253BC)
f7627000 f7633180   CLASSPNP CLASSPNP.SYS Sun Apr 13 21:16:21 2008 (48025C05)
f7637000 f763fe00   disk     disk.sys     Sun Apr 13 20:40:46 2008 (480253AE)
f7647000 f7656800   SGEFLT   SGEFLT.SYS   Tue Dec 11 13:05:26 2007 (475E7D06)
f7667000 f7671200   raspppoe raspppoe.sys Sun Apr 13 20:57:31 2008 (4802579B)
f7677000 f7682d00   raspptp  raspptp.sys  Sun Apr 13 21:19:47 2008 (48025CD3)
f7687000 f7690f00   termdd   termdd.sys   Sun Apr 13 20:38:36 2008 (4802532C)
f76f7000 f7700000   HIDCLASS HIDCLASS.SYS Sun Apr 13 20:45:25 2008 (480254C5)
f7707000 f770d180   PCIIDEX  PCIIDEX.SYS  Sun Apr 13 20:40:29 2008 (4802539D)
f770f000 f7713d00   PartMgr  PartMgr.sys  Sun Apr 13 20:40:48 2008 (480253B0)
f7717000 f771c000   Flpydisk Flpydisk.sys Sun Apr 13 20:40:24 2008 (48025398)
f771f000 f7723820   AES256   AES256.SYS   Mon Aug 07 21:47:11 2006 (44D798BF)
f774f000 f7754500   TDTCP    TDTCP.SYS    Sun Apr 13 20:38:35 2008 (4802532B)
f7777000 f777ba80   TDI      TDI.SYS      Sun Apr 13 21:00:04 2008 (48025834)
f7787000 f778d180   HIDPARSE HIDPARSE.SYS Sun Apr 13 20:45:22 2008 (480254C2)
f7797000 f779d000   kbdclass kbdclass.sys Sun Apr 13 20:39:46 2008 (48025372)
f779f000 f77a4a00   mouclass mouclass.sys Sun Apr 13 20:39:47 2008 (48025373)
f77a7000 f77ac080   usbuhci  usbuhci.sys  Sun Apr 13 20:45:34 2008 (480254CE)
f77af000 f77b6600   usbehci  usbehci.sys  Sun Apr 13 20:45:34 2008 (480254CE)
f77b7000 f77bb580   ptilink  ptilink.sys  Fri Aug 17 22:49:53 2001 (3B7D8371)
f77bf000 f77c3080   raspti   raspti.sys   Fri Aug 17 22:55:32 2001 (3B7D84C4)
f7897000 f789a000   BOOTVID  BOOTVID.dll  Fri Aug 17 22:49:09 2001 (3B7D8345)
f789b000 f789d800   compbatt compbatt.sys Sun Apr 13 20:36:36 2008 (480252B4)
f789f000 f78a2780   BATTC    BATTC.SYS    Sun Apr 13 20:36:32 2008 (480252B0)
f78a3000 f78a5c80   Sfloppy  Sfloppy.sys  Sun Apr 13 20:40:47 2008 (480253AF)
f78a7000 f78aa500   Gernuwa  Gernuwa.sys  Thu Feb 22 05:03:53 2007 (45DD1629)
f7927000 f7929c00   aw_host5 aw_host5.sys Tue Jan 16 11:13:19 2007 (45ACA53F)
f792b000 f792d280   wmiacpi  wmiacpi.sys  Sun Apr 13 20:36:37 2008 (480252B5)
f792f000 f7932680   CmBatt   CmBatt.sys   Sun Apr 13 20:36:36 2008 (480252B4)
f7937000 f793ad80   serenum  serenum.sys  Sun Apr 13 20:40:12 2008 (4802538C)
f7943000 f7945780   ndistapi ndistapi.sys Sun Apr 13 20:57:27 2008 (48025797)
f7987000 f7988b80   kdcom    kdcom.dll    Fri Aug 17 22:49:10 2001 (3B7D8346)
f7989000 f798a100   WMILIB   WMILIB.SYS   Fri Aug 17 23:07:23 2001 (3B7D878B)
f7995000 f7996080   mnmdd    mnmdd.SYS    Fri Aug 17 22:57:28 2001 (3B7D8538)
f799b000 f799c280   USBD     USBD.SYS     Fri Aug 17 23:02:58 2001 (3B7D8682)
f79a5000 f79a6080   RDPCDD   RDPCDD.sys   Fri Aug 17 22:46:56 2001 (3B7D82C0)
f79c3000 f79c4300   kbstuff5 kbstuff5.sys Wed Nov 23 20:44:23 2005 (4384C697)
f79c5000 f79c6100   swenum   swenum.sys   Sun Apr 13 20:39:52 2008 (48025378)
f79c7000 f79c8100   dump_WMILIB dump_WMILIB.SYS Fri Aug 17 23:07:23 2001 (3B7D878B)
f7a4f000 f7a4fd00   pciide   pciide.sys   Fri Aug 17 22:51:49 2001 (3B7D83E5)
f7a7e000 f7a7e840   idisw2km idisw2km.sys Wed Nov 23 20:45:10 2005 (4384C6C6)
f7aa4000 f7aa4d00   dxgthk   dxgthk.sys   Fri Aug 17 22:53:12 2001 (3B7D8438)
f7b52000 f7bde600   Ntfs     Ntfs.sys     Sun Apr 13 21:15:49 2008 (48025BE5)
 
Unloaded modules:
af90a000 af91f000   naveng.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
af91f000 af9f4000   navex15.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
f7864000 f7897000   BlackCat.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
b06c8000 b06cb000   tdmntdrv.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
b05ad000 b05d8000   kmixer.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
f7ab7000 f7ab8000   drmkaud.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
b05d8000 b05fb000   aec.sys 
    Timestamp: unavailable (00000000)
    Checksum:  00000000
b1313000 b1320000   DMusic.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
b11cb000 b11d9000   swmidi.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
f79bf000 f79c1000   splitter.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
b211d000 b2132000   naveng.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
b2132000 b2207000   navex15.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
b14fa000 b150e000   parport.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
b8b4e000 b8b52000   kbdhid.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
b2af4000 b2af6000   Beep.SYS
    Timestamp: unavailable (00000000)
    Checksum:  00000000
b7b43000 b7b48000   Cdaudio.SYS
    Timestamp: unavailable (00000000)
    Checksum:  00000000
b7b43000 b7b4a000   Fdc.SYS 
    Timestamp: unavailable (00000000)
    Checksum:  00000000

Open in new window

0
 
FOTCCommented:
from the minidumps posted, the problem seems to be coming from a faulty driver. did you recently install any new hardware or upgrade any drivers on the machine? Did you boot to the last known good configuration?
Also, consider running a system restore and restore to a previous date and/or remove any new hardware.

see this article:

http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/w2000Msgs/6093.mspx?mfr=true

I know its for win2k but the same concept still applies.

try replacing your memory modules.



does the machine w/ the problem clear the page file on shutdown?
you may want to try logging into the machine in safe mode and enable that feature.

Start > Run > "gpedit.msc" (without the quotes) & press enter

navigate to:

Computer Configuration > Windows Settings > Local Policies > Security Options: Shutdown: Clear virtual memory pagefile

set that option to enabled.

if you are unable to log into the machine, you may consider removing the drive which contains the Pagefile, installing it into another machine as a slave drive and manually deleting the page file. Place the drive back into the original machine and boot up as normal. Windows will create a new page file upon boot up.
0
 
Thr-ITSAAuthor Commented:
Thank you everyone
I uploaded the minidumps to eestuff related to this quesiton as asked.

Responding to some of these comments.
We can't upgrade our Symantec Antivirus - this is a corporate PC.  when we tested an upgrade it caused problems in other areas of our company.
Also I can't modify group policy settings easily (centrally controlled) so I'll hold off on that idea for now.
Its already booted up cleanly since the last BSOD so I don't believe the "last known good configuration" will help.
System restore is disabled per group policy at our company, so I can't do that.

I can certainly reinstall the hostexplorer program, so I will do that
We have pretty robust virus scanning, and firewall filters, so I don't think its a virus.  I'll hold off on that also for now.

I can run a memory stress test also.
I'll do the memory stress test and the hostexplorer reinstall first.
stay tuned.  thank you for all the comments.
0
 
Thr-ITSAAuthor Commented:
Reinstall Hummingbird Host Explorer had resolved the issue.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 2
  • 2
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now