Please help analyzing minidump

I use Bluescreenviewer

I att. you have the zipped program

Problem to get the attachment inside.

Here is the URL

http://www.nirsoft.net/utils/blue_screen_view.html

Thanks for replying!

I already used bluescreen viewer to view the file but my problem is, that i still don't know what to do.

you should click right and check the properties.

IRQL_NOT_LESS_OR_EQUAL

PArmaters

0x1000000a
0x00000000

etc.

Check google

Possible you have faulting hardware...

Has it crashed just this one time since replacing the display adapter?

It was running without any crash for a few weeks now. Then yesterday it crashed about 4 times but I found only this one minidump file on c:\windows.

Check the system logs in the Event Viewer for errors.
Click Start then Run and enter this command
Eventvwr.msc

It could be a :

- hardware problem - > Mostly faulting RAM
- driver problem
- virus problem : Check with : http://onecare.live.com/site/en-us/default.htm

I saw also 3 TM files pointing to Trend Micro Software.

I think the problem came from your officescan Trend Micro Software

tmactmon.sys
tmevtmgr.sys
tmcomm.sys

Try upgrading your software to the latest version

Ok I will check the system log and will let you know what I found there.
Trend Micro already runs with the latest version.

Check the keyboard drivers from here: http://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareIndex.jsp?lang=en&cc=us&prodNameId=3782253&prodTypeId=321957&prodSeriesId=3782222&swLang=13&taskId=135&swEnvOID=1093#11318

The HP quick launch button driver and any other applicable keyboard drivers.

that's the driver choice on hp.com (see picture).
2530p-hp-drivers-xp.jpg

Well I think I have already the newest versions of these drivers but I can give it a try anyway. So you think I should install the 4 drivers above which had a previous version, right?

The timestamp on the driver in question(HpqKbFiltr.sys) has a timestamp of June 18,2007. See code box.From a google search this is the HP quick launch button driver which has an update dated June 18, 2010.

0: kd> lmvm HpqKbFiltr.sys
start    end        module name
0: kd> lmvm HpqKbFiltr
start    end        module name
ba3e0000 ba3e4180   HpqKbFiltr T (no symbols)           
    Loaded symbol image file: HpqKbFiltr.sys
    Image path: HpqKbFiltr.sys
    Image name: HpqKbFiltr.sys
    Timestamp:        Mon Jun 18 18:12:03 2007 (46770333)
    CheckSum:         0000FCCA
    ImageSize:        00004180
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4

Select allOpen in new window

It shouldn't hurt to update all the keyboard drivers. You can rollback if you encounter any additional problems,but HpqKbFiltr.sys was cited in the dump.

That's really strange with this 2007 time stamp because I updated the notebook drivers just a few month ago and even the previous version was from 2010. But ok, I will now update these drivers again.

I meant weeks ago, not months ago ;-)

the latest dumps from Trend Micro are from 19/07/2010 , so I think I was right.

There is a solution from Trend Micro concerning these files

Maybe your PC was infected with a Smitfraud variant, causing these problems with Trend Micro.

I updated now the drivers mentioned above.
In the system log I could not find anything special.

@wvdhoute: i tried to check with http://onecare.live.com/site/en-us/default.htm but it didn't work. I am now running a full system scan with TM office scan.
 

If you received a blank page on that one, that could be a virus.

Same if you go to windows update site

It's a propertiy of an infection to not let you on update sites and virus scan sites.

You could also try Malware Bytes to check your PC.

No that's not the case. I got an microsoft error message that something went wrong and I should try later. But i then tried it also on another pc with the same result.

wvdhoute,

Bluescreenview often is contrary to Windbg as far as citing drivers.  Which is why most people who analyze dumps do not use it.

There is no indication from the analysis of the dump using Windbg that Trend Micro is involved at all.

marcus_w,

If you incur another bsod upload the minidump for analysis.

Use !analyze -v to get detailed debugging information.

BugCheck 1000000A, {0, 1c, 1, 80502cd6}

Unable to load image HpqKbFiltr.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for HpqKbFiltr.sys
*** ERROR: Module load completed but symbols could not be loaded for HpqKbFiltr.sys
Probably caused by : kbdclass.sys ( kbdclass!KeyboardClassServiceCallback+182 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 00000000, memory referenced
Arg2: 0000001c, IRQL
Arg3: 00000001, bitfield :
	bit 0 : value 0 = read operation, 1 = write operation
	bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: 80502cd6, address which referenced memory

Debugging Details:
------------------


WRITE_ADDRESS:  00000000 

CURRENT_IRQL:  1c

FAULTING_IP: 
nt!KiUnlinkThread+c
80502cd6 8916            mov     dword ptr [esi],edx

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  DRIVER_FAULT

BUGCHECK_STR:  0xA

PROCESS_NAME:  Idle

LAST_CONTROL_TRANSFER:  from 80502d38 to 80502cd6

STACK_TEXT:  
80551304 80502d38 89dfeda8 00000000 00000100 nt!KiUnlinkThread+0xc
80551318 804ffb07 00000006 00000000 00000006 nt!KiUnwaitThread+0x12
8055132c 804fc4db 845d6750 845d6710 00000000 nt!KiInsertQueueApc+0x14f
8055134c 804f17f6 845d6750 89dbfc18 00000000 nt!KeInsertQueueApc+0x51
80551380 ba3f1314 00000000 89d22c42 8a131680 nt!IopfCompleteRequest+0x1d8
8055139c ba3e098e 0000000c 89d22c40 845d6858 kbdclass!KeyboardClassServiceCallback+0x182
WARNING: Stack unwind information not available. Following frames may be wrong.
805513c4 b94ca712 00000001 89d22c34 89d22c40 HpqKbFiltr+0x98e
80551428 80545ebf 8a036284 01036020 00000000 i8042prt!I8042KeyboardIsrDpc+0xf0
80551450 80545da4 00000000 0000000e 00000000 nt!KiRetireDpcList+0x61
80551454 00000000 0000000e 00000000 00000000 nt!KiIdleLoop+0x28


STACK_COMMAND:  kb

FOLLOWUP_IP: 
kbdclass!KeyboardClassServiceCallback+182
ba3f1314 6a18            push    18h

SYMBOL_STACK_INDEX:  5

SYMBOL_NAME:  kbdclass!KeyboardClassServiceCallback+182

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: kbdclass

IMAGE_NAME:  kbdclass.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  48025372

FAILURE_BUCKET_ID:  0xA_kbdclass!KeyboardClassServiceCallback+182

BUCKET_ID:  0xA_kbdclass!KeyboardClassServiceCallback+182

Followup: MachineOwner
---------

Select allOpen in new window

che6ausc:

I updated now the HP Quick Launch Buttons; Synaptics Touchpad and Authentec Fingerprint Sensor Drivers and I will post the new minidump if it happens again.
Thanks a lot so far...

http://www.youtube.com/watch?v=MSN_Qb2S7JQ

This vid explains how to work with the windbg program