Solved

Windows Vista blue screen errors

Posted on 2009-06-30
10
363 Views
Last Modified: 2012-05-07
I have several, different blue screen errors,

I tested the hardware, including PSU, with Ultra-X PHD PCI2 card, no errors found.

What's wrong, how to solve?
e.g. :
Extra info: due to restrictions of this site I cannot upload these files, sorry, even zipped to .rar is not uploadable ...
Mini062709-01.dmp
sysdata.xml
Version.txt

Extra informatie over het probleem
BCCode:      50
BCP1:      D0458B19
BCP2:      00000001
BCP3:      8262C813
BCP4:      00000002
OS Version:      6_0_6001
Service Pack:      1_0
Product:      768_1
Servergegevens:      3f15f08c-e5b2-4e8c-8364-cc59703c9d44

Or here's another one:

Extra informatie over het probleem
BCCode:      1000008e
BCP1:      C0000005
BCP2:      824487DC
BCP3:      8DA332BC
BCP4:      00000000
OS Version:      6_0_6001
Service Pack:      1_0
Product:      768_1

Or yet another one:
BCCode:      d1
BCP1:      32A2142A
BCP2:      00000002
BCP3:      00000001
BCP4:      8378C809
OS Version:      6_0_6001
Service Pack:      1_0
Product:      768_1
Servergegevens:      56e27fda-4506-4352-869a-8a0f196cebc2
0
Comment
Question by:ruud00000
  • 4
  • 3
  • 2
  • +1
10 Comments
 
LVL 18

Accepted Solution

by:
awawada earned 200 total points
ID: 24748655
any mini.dmp's? if yes post it here. vhange the extension to .txt from .dmp
0
 
LVL 4

Assisted Solution

by:asrdias
asrdias earned 200 total points
ID: 24749940
For me this must be a pool corruption thing.... old drivers bult for XP... ???

With administrator rights

goto computer properties > Advanced system settings > Advanced Tab > Startup & recovery section click settings > remove the tick on automaticaly restart.

Now go to a command prompt and type verifier (hit henter)

Create custom settings > Select individual settings > Special Pool and Pool tracking > Automatically select all drivers > Finish

When it bluescreens again it should give you in the screen the name of the driver... I hope ! :)

A reboot is required.

Goto

0
 

Author Comment

by:ruud00000
ID: 24752416
Here are some dump files (.dmp changed to .txt)
Mini062809-01.txt
Mini062909-02.txt
Mini063009-01.txt
0
 
LVL 18

Expert Comment

by:awawada
ID: 24752479
seems to be driver problems please update all drivers. (how to check wich drivers are outdated: http://driveragent.com/scan_step1.php?r=8)
0
 

Author Comment

by:ruud00000
ID: 24752491
Here's the last crash after following the steps from asrdias, reporting error  SPECIAL_POOL_DETECTED_MEMORY_CORRUPTION in the blue screen itself

See attached dump file

Extra informatie over het probleem
BCCode:      c1
BCP1:      B4648EB8
BCP2:      B4648A2F
BCP3:      00AF0148
BCP4:      00000032
OS Version:      6_0_6001
Service Pack:      1_0
Product:      768_1
Servergegevens:      496403e7-8aac-4c41-ad0f-4f3a03e467ef

Mini070109-02.txt
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 4

Expert Comment

by:asrdias
ID: 24752950
So...

Verifier is enabled we can verify that:

0: kd> !verifier

Verify Level 9 ... enabled options are:
      Special pool
      All pool allocations checked on unload

Summary of All Verifier Statistics

RaiseIrqls                             0x2bc168
AcquireSpinLocks                       0xef9443
Synch Executions                       0x5ed1f
Trims                                  0x0

Pool Allocations Attempted             0x787e29
Pool Allocations Succeeded             0x787e29
Pool Allocations Succeeded SpecialPool 0x3e8f2d
Pool Allocations With NO TAG           0x36
Pool Allocations Failed                0x0
Resource Allocations Failed Deliberately   0x0

Current paged pool allocations         0x135f1 for 01547744 bytes
Peak paged pool allocations            0x1360b for 015597F8 bytes
Current nonpaged pool allocations      0x1264f for 01611654 bytes
Peak nonpaged pool allocations         0x12687 for 03548844 bytes

GetPointerFromAddress: unable to read from 82548868
Unable to read MiSystemVaType memory at 82528420

Let try to see who caused the pool curruption...

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

SPECIAL_POOL_DETECTED_MEMORY_CORRUPTION (c1)
Special pool has detected memory corruption.  Typically the current thread's
stack backtrace will reveal the guilty party.
Arguments:
Arg1: b4648eb8, address trying to free
Arg2: b4648a2f, address where one bit is corrupted
Arg3: 00af0148, (reserved)
Arg4: 00000032, caller is freeing an address where nearby bytes within the same page have a single bit error

Debugging Details:
------------------


BUGCHECK_STR:  0xC1_32

SPECIAL_POOL_CORRUPTION_TYPE:  32

CUSTOMER_CRASH_COUNT:  2

PROCESS_NAME:  System

CURRENT_IRQL:  2

LAST_CONTROL_TRANSFER:  from 824a8a53 to 824de0e3

STACK_TEXT:  
ChildEBP RetAddr  Args to Child              
82506844 824a8a53 000000c1 b4648eb8 b4648a2f nt!KeBugCheckEx+0x1e (CONV: stdcall)
8250693c 824fef78 b4648eb8 00000000 b4648eb8 nt!MmFreeSpecialPool+0x6c (CONV: stdcall)
825069a4 8244e1bc b4648eb8 00000000 825069e0 nt!ExFreePoolWithTag+0xeb (CONV: stdcall)
825069c0 826f31cd b4648eb8 b4648eb8 8f9b8db0 nt!IopFreeIrp+0x56 (CONV: stdcall)
825069d8 8d569986 00000000 b4648eb8 82506a9c nt!IovFreeIrpPrivate+0x58 (CONV: stdcall)
825069f4 826f3d4d 00000000 b4648eb8 8f9b8db0 irsir!SerialIoCompleteRead+0x96 (FPO: [Non-Fpo]) (CONV: stdcall)
82506a2c 8244b10c 00000000 b4648eb8 82506a9c nt!IovpLocalCompletionRoutine+0x16e (CONV: stdcall)
82506a64 826f3b95 b4648eb8 8b1f794c 8b1f7890 nt!IopfCompleteRequest+0x11d (CONV: fastcall)
82506ad4 8d55179a 00000000 8b1f794c 82506b08 nt!IovCompleteRequest+0x11c (CONV: fastcall)
82506ae4 8d551730 8b1f794c 8b1f792c 82506b3c serial!SerialGetNextIrpLocked+0x61 (FPO: [Non-Fpo]) (CONV: stdcall)
82506b08 8d551d8e 8b1f794c 8b1f792c 82506b3c serial!SerialGetNextIrp+0x27 (FPO: [Non-Fpo]) (CONV: stdcall)
82506b30 8d5452a9 8b1f7890 00000000 8b1f7802 serial!SerialTryToCompleteCurrent+0x7a (FPO: [Non-Fpo]) (CONV: stdcall)
82506b68 824c7c40 8b1f7ab4 8b1f7802 95b64179 serial!SerialReadTimeout+0x68 (FPO: [Non-Fpo]) (CONV: stdcall)
82506c88 824c7800 82506cd0 8b3e9202 82506cd8 nt!KiTimerListExpire+0x367 (CONV: fastcall)
82506ce8 824c73c3 00000000 00000000 000069ae nt!KiTimerExpiration+0x22a (CONV: stdcall)
82506d50 824c5edd 00000000 0000000e 00000000 nt!KiRetireDpcList+0xba (CONV: fastcall)
82506d54 00000000 0000000e 00000000 00000000 nt!KiIdleLoop+0x49 (FPO: [0,0,0])



STACK_COMMAND:  kb

FOLLOWUP_IP:
irsir!SerialIoCompleteRead+96
8d569986 385dff          cmp     byte ptr [ebp-1],bl

SYMBOL_STACK_INDEX:  5

MODULE_NAME: irsir

IMAGE_NAME:  irsir.sys <- This is your problematic driver....

****************************************************************************************************************


My advice is disable this driver:  irsir.sys
Check if your system stops crashing. If it crashes with this driver disabled send the new minidump but keep verifier on !
Its very unusual to see this driver causing this kind of problems. You might have to check with MS about this issue.

Driver info:

0: kd> lmvm  irsir
start    end        module name
8d567000 8d572000   irsir
    Loaded symbol image file: irsir.sys
    Image path: \SystemRoot\system32\DRIVERS\irsir.sys
    Image name: irsir.sys
    Timestamp:        Sat Jan 19 05 2008
    File version:     6.0.6001.18000
    Product version:  6.0.6001.18000
    File date:        00000000.00000000
    Translations:     0409.04b0
    CompanyName:      Microsoft Corporation
    ProductName:      Microsoft® Windows® Operating System
    InternalName:     IRSIR.SYS
    OriginalFilename: IRSIR.SYS
    ProductVersion:   6.0.6001.18000
    FileDescription:  Serial Infrared Driver
    LegalCopyright:   © Microsoft Corporation. All rights reserved.
0
 
LVL 91

Assisted Solution

by:nobus
nobus earned 100 total points
ID: 24753145
that driver is the infrared driver : http://www.softwaretipsandtricks.com/sys/764-Irsirsys.html
you can uninstall it from device manager, and test.
(you can reinstall it later, if needed)
0
 

Author Comment

by:ruud00000
ID: 24795549
Thanks!

I kept having problems, with all sort of drivers, so the problem actually being all of hose single drivers became less and less likely.

I then folllowed an instruction in a blue screen telling to update the bios (didn't help) and disable bios caching options. The latter seemed to be helpful. Have had one blue screen since but that was after having moved the pc and reconnected to AC, I have seen that happen before on other pc's. Now I will follow up and wait for the client to report if the problem still exists, haven't hears from him now for two days...
0
 
LVL 4

Expert Comment

by:asrdias
ID: 24799166
You may have some problem at the hardware level.
Something is making the drivers write at memory locations that dont belong to them.
CPU? Bad memory chips... Test with new memory chips first. That would be my first test...
0
 

Author Closing Comment

by:ruud00000
ID: 31598490
solved the question myself but comments where helpful anyway
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Hi All Just a quick one for everybody. I was recently looking into setting the default User Account Picture for all my vista clients within the network but on closer inspection the group policy setting only allows you to set the default pictur…
There are many reasons a PC runs slower than when it was new, ranging from malicious software intended to mess things up to simple general Windows use.  Your PC performance may slowly degrade over time without you noticing but when you buy a PC from…
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now