Reading Mini Dump to help identify a BSOD - Windows XP Pro

Can someone please provide insight into what might be causing my BSOD from the attached minimdumps?

You will need to rename these files with a .DMP extension as Experts Exchange would not allow this suffix to be uploaded. I have had to rename to a .TXT extension to allow this to work.

Who is Participating?
John GriffithConsultantCommented:
Hi -
The bugchecks - (2) 0xa and 0x50
I have usually found when 0xa & 0x50 together, RAM is good possibility as the cause.
However, 2 of the BSODs listed the NT Kernel; the other "memory corruption", yet gave up NT.
These are the program instructions at the time of BSODs.  The 1st 2 are waiting for an object to be free.  I think it is a LOCK.  The 3rd appears to be the work of a bad driver - NT is trying to release a page and cannot.  Another driver probably has a lock on it.

I would get the following drivers in the code snippet updated as I believe the audio drivers in particular caused or at least contributed to the crashes.  Your system is obviously updated with XP SP3 and Windows Updates appear current.  Add to that the new Feb 2009 ATI video drivers and recent Windows Updates which included win32k.sys and I believe these new drivers clashed with the old audio drivers and possibly GIGABYTE Tools driver as well.  I would also advise that you also check Ethernet and wifi drivers for updates.  I did not see them in the loaded driver listing in any of the 3 dumps.
Regards. . .

**  Empia Technology USB Audio
emAudio.sys  Tue Dec 12 05:16:05 2006 (457E8165)
emDevice.sys Tue Apr 06 17:08:06 2004 (40731C36)
emFilter.sys Tue Apr 06 17:07:57 2004 (40731C2D)
emScan.sys   Tue Apr 06 17:07:54 2004 (40731C2A)
emStream.sys Tue Apr 06 17:07:59 2004 (40731C2F)
**  GIGABYTE Tools
gdrv.sys     Fri Dec 07 01:21:04 2007 (4758E650)
**  Realtek HD HDMI
AtiHdmi.sys  Fri Jul 20 16:40:07 2007 (46A11DA7)
**  MS WDK HD Audio
HDAudBus.sys Thu May 26 11:46:29 2005 (4295EF55)

Open in new window


I've seen the logs and there I couldn't find any useful information within. Can I get a bit of the background information?

Have you upgraded a machine? or OS? or installed a new device??
do you get blue screens often or this is the first time?
is the machine able to boot up at all?
have you had a look in the Windows Event Viewer right after the system crashed? It can be accessed by Start->Run->eventvwr
have you done any virus scans and found any infections?
garryvAuthor Commented:
New machine for gaming
Quad core
ATI Radeon 4870 512Meg
4 Gig DDR2
Overclocked by 20%
Windows XP Pro Service Pack 3
BSOD is infrequent. Last one happened after 3 days of use. Previous one after 6 hours.
The BSOD can happen whilst machine is idle (some have happened during the night).
No viruses.
BSOD messages have been PAGE_FAULT...... and IRQ NOT LESS THAN EQUAL

My suspicion is the ATI graphics driver but I am unsure.
Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Download memtest from, create a bootable cd or floppy and let it run for a minimum of three passes, also unclock your machine as well and see if you still have a BSOD.
Hmm...the below webpage provides drivers for 32-bit Windows XP Home/Pro:

Try downloading and installing it, if its the correct one. Another area to check might be device manager which might have more information on any conflicting devices.

Hope it helps
garryvAuthor Commented:
Had already run memtest and passed perfectly.
I cannot un-overclock the machine as it was overclocked by the people who I bought it from and I do not know how to re-overlock it back to its current level (+20%).
I had a 3 week old ATI device driver which was replaced yesterday with the newest one.
I will have to wait for a day or two to see if I BSOD again.
I am thinking that it might be worth getting a HijackThis log from your system. Trend Micro HijackThis is basically a reporting tool that creates a log with information about running processes, IE addons, etc. It might help us see what applications are running in the background and might be causing the BSOD. It can be downloaded from:

Moreover, I would also suggest a quick scan with MalwareBytes Anti-Malware scanner. Its a powerful anti-spyware solution that is like a supplement to existing antiviruses, it can help catch viruses which sometimes can evade the antivirus engines. Its completely free and legitimate as well. It can be downloaded from: . Best to install it, update the definitions and then do a quick scan with it.

Hi Gary, can you set your computer to do a kernel memory dump.  The information in the currently attached dump files does not provide enough information to give a 100% conclusive answer but in English, a process was trying to write to a memory address outside of it's allocation.  
In my experience, buggy drivers (specifically graphics cards - nvidia and ATI) are the culprit.

You can either:
1. set your system to provide a kernel memory dump and get more diagnostic information or
2. downgrade the driver version or
3. uninstall the driver and leave the computer running in VGA mode for a couple of days and see if the error reoccurs

Outisde of a buggy driver, if you've over-clocked, I'd check:
1. CPU, north and south bridge temperatures
2. your CPU and memory are getting enough voltage

Try resetting back to stock values and see if the problem persists.

garryvAuthor Commented:

I am still having infrequent BSODs. I have updated every driver that I could identify. The BSOD messages seem to be different each time. Is there any chance you could have a look at the most recent minidumps. They are uploaded as .TXT files and will need to have their extentions changed.

Many thanks in advance,

Hmmm.. I suggest that you scan your PC with Kaspersky Online Scanner, its based at:

Do a critical area scan with that and let us know, if you find anything.
garryvAuthor Commented:
no viruses. have done scans with 3 different products.
John GriffithConsultantCommented:

Hi Garry -
The bugchecks from the 3 dumps posted -

0x50 - invalid memory referenced
win32k.sys named probable cause
0x8e w/ 0xc0000005 exception - memory access violation
NT kernel named probable cause
failed instruction = nt!NtWaitForMultipleObjects+1b0

0x4e (0x99) = page table entry corrupt
failed instruction = nt!MiDeletePte+447

Your current installation of AVG is out of date (NOT the virus definitions)
Un-install current AVG; Download & install new one -
AVG download

Run Driver Verifier.  Here are instructions for Vista; XP is the same, except bring up cmd/DOS RUN screen and type verifier -

Run memtest86+
Make bootable ISO CD - run 1 stick at a time; alternate slots
Please run HijackThis and post output log -
Regards. . .  jcgriff2
garryvAuthor Commented:

I have completely uninstalled AVG now. I am sure this is not the culprit as it had only been installed for 1 day and I had BSODs well before this time.

I have set up Run Driver Verifier as per instructions and I guess I need to wait for a BSOD before i get the appropriate dump file to send to you.

I am nervous about running memtest86+ on individual sticks. I have run this 3 times on both sticks withut pulling open my machine and all was fine - not a single failure. THe reason for my apprehension is that I bought my machine from a Gaming company and the machine was  custom made and is overclocked. I don't know enough about the setup or overclocking process to know that if I remove a memory stick, I will inadvertently alter settings that would render problems or resetting of the overclocking changes.

Attached is thr Hijack This output.

Lastly, thank you very much for your time in helping me. It is greatly appreciated.

garryvAuthor Commented:
Since setting up Run Driver Verifier and rebooting, my machine has crashed again with BSOD. Attached are the last 2 minidumps (last one with Run Driver stats hopefully).
The BSOD error message referred to the ATI driver.

I have seen a file which is suspicious, its C:\WINDOWS\system32\dvmurl.dll , can you upload this file on and see if any of the 30+ virus scanners pick it up?
garryvAuthor Commented:
Uploaded the file and checked OK with every virus programme with the exception of VBA32 - which brough up the following message in the result field "suspected of Win32.BrokenEmbeddedSignature  (paranoid heuristics)". Given this was the only "suspect", and  this file passed every other scanner, do you think there is still an issue with this?
Nope, it seems to be a false positive, otherwise most of the scanners would have picked it up.

As a last check for viruses, I am going to ask you to download AVPTool by Kaspersky ( and install it. It will generally install on your desktop in a Kaspersky folder. Check all options under the 'Automatic Scan' option and then click on 'Security level' and 'Customize' then click on the tab that says 'Heuristic Analyzer' then choose 'Enable Deep rootkit' search then choose ok. Click ok a couple of times and you'll be back at the main screen and click on 'Scan'. It should remove all threats from your PC.

Feel free to do it as the very last option.
garryvAuthor Commented:
whilst running Kaspersky I had another BSOD !!!

Attached is the most recent minidump - that's 3 for today. The frequency of BSOD's is now increasing. Have no idea why.
John GriffithConsultantCommented:
I will take a look at the mini dumps, but wanted to point out this odd line in your HJT log - it is the 1st line beginning with "04" -
O4 - HKLM\..\Run: [GEST] m|\ü
Download MS SysInternals AutoRuns & save to desktop.  2x-click on desktop icon.  Let it scan (see bottom-left for status).  When complete, save it as an ARN file.  You'll see the ARN default file extension when you go to save it.
zip it up and attach to post.  If you cant attach it here, please send it to me @
jcgriff2 email
Thanks. . .   JC
garryvAuthor Commented:
I gave up and have reformatted my machine. I'll see what happens !!!!

Many thanks for your support.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.