Please help analyzing minidump

Hi

I have a HP Elitebook 2530p WinXP Pro SP3. I already had BSOD's on this machine a few weeks ago. After I installed an older graphic driver, the problem was fixed.

Now it crashed again and created the minidump attached. Could someone please help me analyzing the dump-file?

Thanks and best regards!
Mini082910-01.dmp.txt
marcus_wAsked:
Who is Participating?
 
che6auscConnect With a Mentor Commented:
The problem is your keyboard driver  HpqKbFiltr.sys.  It is not playing well with the Microsoft keyboard class driver kbdclass.sys.  See if you can find an updated driver on the HP site.

As an alternative try another keyboard.


Use !analyze -v to get detailed debugging information.

BugCheck 1000000A, {0, 1c, 1, 80502cd6}

Unable to load image HpqKbFiltr.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for HpqKbFiltr.sys
*** ERROR: Module load completed but symbols could not be loaded for HpqKbFiltr.sys
Probably caused by : kbdclass.sys ( kbdclass!KeyboardClassServiceCallback+182 )


0: kd> lmvm kbdclass
start    end        module name
ba3f0000 ba3f6000   kbdclass # (pdb symbols)          c:\websymbols\kbdclass.pdb\227A15B4C380417181684895714317F31\kbdclass.pdb
    Loaded symbol image file: kbdclass.sys
    Mapped memory image file: c:\websymbols\kbdclass.sys\480253726000\kbdclass.sys
    Image path: kbdclass.sys
    Image name: kbdclass.sys
    Timestamp:        Sun Apr 13 14:39:46 2008 (48025372)
    CheckSum:         00011FF4
    ImageSize:        00006000
    File version:     5.1.2600.5512
    Product version:  5.1.2600.5512
    File flags:       0 (Mask 3F)
    File OS:          40004 NT Win32
    File type:        3.7 Driver
    File date:        00000000.00000000
    Translations:     0405.04b0
    CompanyName:      Microsoft Corporation
    ProductName:      Operacní systém Microsoft® Windows®
    InternalName:     kbdclass.sys
    OriginalFilename: kbdclass.sys
    ProductVersion:   5.1.2600.5512
    FileVersion:      5.1.2600.5512 (xpsp.080413-2108)
    FileDescription:  Keyboard Class Driver
    LegalCopyright:   © Microsoft Corporation. Všechna práva vyhrazena.

Open in new window

0
 
Willy Van den HoutenNetwork and Security AssistantCommented:
I use Bluescreenviewer

I att. you have the zipped program
0
 
Willy Van den HoutenNetwork and Security AssistantCommented:
Problem to get the attachment inside.

Here is the URL

http://www.nirsoft.net/utils/blue_screen_view.html
0
Introducing Cloud Class® training courses

Tech changes fast. You can learn faster. That’s why we’re bringing professional training courses to Experts Exchange. With a subscription, you can access all the Cloud Class® courses to expand your education, prep for certifications, and get top-notch instructions.

 
marcus_wAuthor Commented:
Thanks for replying!

I already used bluescreen viewer to view the file but my problem is, that i still don't know what to do.
0
 
Willy Van den HoutenNetwork and Security AssistantCommented:
you should click right and check the properties.

IRQL_NOT_LESS_OR_EQUAL

PArmaters

0x1000000a
0x00000000

etc.

Check google

Possible you have faulting hardware...


0
 
edbedbCommented:
Has it crashed just this one time since replacing the display adapter?
0
 
marcus_wAuthor Commented:
It was running without any crash for a few weeks now. Then yesterday it crashed about 4 times but I found only this one minidump file on c:\windows.
0
 
edbedbCommented:
Check the system logs in the Event Viewer for errors.
Click Start then Run and enter this command
Eventvwr.msc
0
 
Willy Van den HoutenNetwork and Security AssistantCommented:
It could be a :

- hardware problem - > Mostly faulting RAM
- driver problem
- virus problem : Check with : http://onecare.live.com/site/en-us/default.htm
0
 
Willy Van den HoutenNetwork and Security AssistantCommented:
I saw also 3 TM files pointing to Trend Micro Software.

I think the problem came from your officescan Trend Micro Software

tmactmon.sys
tmevtmgr.sys
tmcomm.sys

Try upgrading your software to the latest version
0
 
marcus_wAuthor Commented:
Ok I will check the system log and will let you know what I found there.
Trend Micro already runs with the latest version.
0
 
che6auscCommented:
0
 
marcus_wAuthor Commented:
that's the driver choice on hp.com (see picture).
2530p-hp-drivers-xp.jpg
0
 
marcus_wAuthor Commented:
Well I think I have already the newest versions of these drivers but I can give it a try anyway. So you think I should install the 4 drivers above which had a previous version, right?
0
 
che6auscCommented:
The timestamp on the driver in question(HpqKbFiltr.sys) has a timestamp of June 18,2007. See code box.From a google search this is the HP quick launch button driver which has an update dated June 18, 2010.
0: kd> lmvm HpqKbFiltr.sys
start    end        module name
0: kd> lmvm HpqKbFiltr
start    end        module name
ba3e0000 ba3e4180   HpqKbFiltr T (no symbols)           
    Loaded symbol image file: HpqKbFiltr.sys
    Image path: HpqKbFiltr.sys
    Image name: HpqKbFiltr.sys
    Timestamp:        Mon Jun 18 18:12:03 2007 (46770333)
    CheckSum:         0000FCCA
    ImageSize:        00004180
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4

Open in new window

0
 
che6auscCommented:
It shouldn't hurt to update all the keyboard drivers. You can rollback if you encounter any additional problems,but HpqKbFiltr.sys was cited in the dump.
0
 
marcus_wAuthor Commented:
That's really strange with this 2007 time stamp because I updated the notebook drivers just a few month ago and even the previous version was from 2010. But ok, I will now update these drivers again.
0
 
marcus_wAuthor Commented:
I meant weeks ago, not months ago ;-)
0
 
Willy Van den HoutenNetwork and Security AssistantCommented:
the latest dumps from Trend Micro are from 19/07/2010 , so I think I was right.

There is a solution from Trend Micro concerning these files
0
 
Willy Van den HoutenNetwork and Security AssistantCommented:
Maybe your PC was infected with a Smitfraud variant, causing these problems with Trend Micro.
0
 
marcus_wAuthor Commented:
I updated now the drivers mentioned above.
In the system log I could not find anything special.

@wvdhoute: i tried to check with http://onecare.live.com/site/en-us/default.htm but it didn't work. I am now running a full system scan with TM office scan.
 
0
 
Willy Van den HoutenNetwork and Security AssistantCommented:
If you received a blank page on that one, that could be a virus.

Same if you go to windows update site

It's a propertiy of an infection to not let you on update sites and virus scan sites.

You could also try Malware Bytes to check your PC.
0
 
marcus_wAuthor Commented:
No that's not the case. I got an microsoft error message that something went wrong and I should try later. But i then tried it also on another pc with the same result.
0
 
che6auscCommented:
wvdhoute,

Bluescreenview often is contrary to Windbg as far as citing drivers.  Which is why most people who analyze dumps do not use it.

There is no indication from the analysis of the dump using Windbg that Trend Micro is involved at all.

marcus_w,

If you incur another bsod upload the minidump for analysis.
Use !analyze -v to get detailed debugging information.

BugCheck 1000000A, {0, 1c, 1, 80502cd6}

Unable to load image HpqKbFiltr.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for HpqKbFiltr.sys
*** ERROR: Module load completed but symbols could not be loaded for HpqKbFiltr.sys
Probably caused by : kbdclass.sys ( kbdclass!KeyboardClassServiceCallback+182 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 00000000, memory referenced
Arg2: 0000001c, IRQL
Arg3: 00000001, bitfield :
	bit 0 : value 0 = read operation, 1 = write operation
	bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: 80502cd6, address which referenced memory

Debugging Details:
------------------


WRITE_ADDRESS:  00000000 

CURRENT_IRQL:  1c

FAULTING_IP: 
nt!KiUnlinkThread+c
80502cd6 8916            mov     dword ptr [esi],edx

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  DRIVER_FAULT

BUGCHECK_STR:  0xA

PROCESS_NAME:  Idle

LAST_CONTROL_TRANSFER:  from 80502d38 to 80502cd6

STACK_TEXT:  
80551304 80502d38 89dfeda8 00000000 00000100 nt!KiUnlinkThread+0xc
80551318 804ffb07 00000006 00000000 00000006 nt!KiUnwaitThread+0x12
8055132c 804fc4db 845d6750 845d6710 00000000 nt!KiInsertQueueApc+0x14f
8055134c 804f17f6 845d6750 89dbfc18 00000000 nt!KeInsertQueueApc+0x51
80551380 ba3f1314 00000000 89d22c42 8a131680 nt!IopfCompleteRequest+0x1d8
8055139c ba3e098e 0000000c 89d22c40 845d6858 kbdclass!KeyboardClassServiceCallback+0x182
WARNING: Stack unwind information not available. Following frames may be wrong.
805513c4 b94ca712 00000001 89d22c34 89d22c40 HpqKbFiltr+0x98e
80551428 80545ebf 8a036284 01036020 00000000 i8042prt!I8042KeyboardIsrDpc+0xf0
80551450 80545da4 00000000 0000000e 00000000 nt!KiRetireDpcList+0x61
80551454 00000000 0000000e 00000000 00000000 nt!KiIdleLoop+0x28


STACK_COMMAND:  kb

FOLLOWUP_IP: 
kbdclass!KeyboardClassServiceCallback+182
ba3f1314 6a18            push    18h

SYMBOL_STACK_INDEX:  5

SYMBOL_NAME:  kbdclass!KeyboardClassServiceCallback+182

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: kbdclass

IMAGE_NAME:  kbdclass.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  48025372

FAILURE_BUCKET_ID:  0xA_kbdclass!KeyboardClassServiceCallback+182

BUCKET_ID:  0xA_kbdclass!KeyboardClassServiceCallback+182

Followup: MachineOwner
---------

Open in new window

0
 
marcus_wAuthor Commented:
che6ausc:

I updated now the HP Quick Launch Buttons; Synaptics Touchpad and Authentec Fingerprint Sensor Drivers and I will post the new minidump if it happens again.
Thanks a lot so far...
0
 
Willy Van den HoutenNetwork and Security AssistantCommented:
http://www.youtube.com/watch?v=MSN_Qb2S7JQ

This vid explains how to work with the windbg program
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.