techguy111
asked on
Xp blue screen - Cant access machine - seems a driver problem - memory dump included
C:\Program Files\Support Tools>dumpchk.exe -v c:\Mini030311-01.dmp
Loading dump file c:\Mini030311-01.dmp
----- 32 bit Kernel Mini Dump Analysis
DUMP_HEADER32:
MajorVersion 0000000f
MinorVersion 00000a28
DirectoryTableBase 0b100060
PfnDataBase 81086000
PsLoadedModuleList 8055d720
PsActiveProcessHead 805638b8
MachineImageType 0000014c
NumberProcessors 00000002
BugCheckCode 10000050
BugCheckParameter1 bc5dfff0
BugCheckParameter2 00000000
BugCheckParameter3 bf89c16b
BugCheckParameter4 00000000
PaeEnabled 00000001
KdDebuggerDataBlock 8054d2e0
MiniDumpFields 00000dff
TRIAGE_DUMP32:
ServicePackBuild 00000300
SizeOfDump 00010000
ValidOffset 0000fffc
ContextOffset 00000320
ExceptionOffset 000007d0
MmOffset 00001068
UnloadedDriversOffset 000010a0
PrcbOffset 00001878
ProcessOffset 000024c8
ThreadOffset 00002728
CallStackOffset 00002980
SizeOfCallStack 00000568
DriverListOffset 00003178
DriverCount 0000006b
StringPoolOffset 00005140
StringPoolSize 00000e90
BrokenDriverOffset 00000000
TriageOptions 00000041
TopOfStack aa5fda98
DebuggerDataOffset 00002ee8
DebuggerDataSize 00000290
DataBlocksOffset 00005fd0
DataBlocksCount 00000002
Windows XP Kernel Version 2600 (Service Pack 3) MP (2 procs) Free x86 compatible
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720
Debug session time: Thu Mar 03 08:28:24 2011
System Uptime: 1 days 6:32:07
start end module name
804d7000 806e5000 nt Checksum: 001FA054 Timestamp: Thu Dec 09 08:
06:55 2010 (4D00D46F)
Unloaded modules:
aaa07000 aaa28000 tmcomm.sys Timestamp: unavailable (00000000)
ba6c6000 ba6c7000 drmkaud.sys Timestamp: unavailable (00000000)
a96d0000 a96fb000 kmixer.sys Timestamp: unavailable (00000000)
aa4ce000 aa4db000 DMusic.sys Timestamp: unavailable (00000000)
a96fb000 a971e000 aec.sys Timestamp: unavailable (00000000)
aa4ae000 aa4bc000 swmidi.sys Timestamp: unavailable (00000000)
ba652000 ba654000 splitter.sys Timestamp: unavailable (00000000)
ad0be000 ad0c2000 kbdhid.sys Timestamp: unavailable (00000000)
aca6a000 aca77000 i8042prt.SYS Timestamp: unavailable (00000000)
aca32000 aca37000 Cdaudio.SYS Timestamp: unavailable (00000000)
ad0c2000 ad0c5000 Sfloppy.SYS Timestamp: unavailable (00000000)
aca3a000 aca3f000 Flpydisk.SYS Timestamp: unavailable (00000000)
aca42000 aca49000 Fdc.SYS Timestamp: unavailable (00000000)
Finished dump check
C:\Program Files\Support Tools>
ASKER
Event Type: Error
Event Source: System Error
Event Category: (102)
Event ID: 1003
Date: 3/3/2011
Time: 9:45:46 AM
User: N/A
Computer: PC02051
Description:
Error code 10000050, parameter1 bc5dfff0, parameter2 00000000, parameter3 bf89c16b, parameter4 00000000.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 53 79 73 74 65 6d 20 45 System E
0008: 72 72 6f 72 20 20 45 72 rror Er
0010: 72 6f 72 20 63 6f 64 65 ror code
0018: 20 31 30 30 30 30 30 35 1000005
0020: 30 20 20 50 61 72 61 6d 0 Param
0028: 65 74 65 72 73 20 62 63 eters bc
0030: 35 64 66 66 66 30 2c 20 5dfff0,
0038: 30 30 30 30 30 30 30 30 00000000
0040: 2c 20 62 66 38 39 63 31 , bf89c1
0048: 36 62 2c 20 30 30 30 30 6b, 0000
0050: 30 30 30 30 0000
Event Source: System Error
Event Category: (102)
Event ID: 1003
Date: 3/3/2011
Time: 9:45:46 AM
User: N/A
Computer: PC02051
Description:
Error code 10000050, parameter1 bc5dfff0, parameter2 00000000, parameter3 bf89c16b, parameter4 00000000.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 53 79 73 74 65 6d 20 45 System E
0008: 72 72 6f 72 20 20 45 72 rror Er
0010: 72 6f 72 20 63 6f 64 65 ror code
0018: 20 31 30 30 30 30 30 35 1000005
0020: 30 20 20 50 61 72 61 6d 0 Param
0028: 65 74 65 72 73 20 62 63 eters bc
0030: 35 64 66 66 66 30 2c 20 5dfff0,
0038: 30 30 30 30 30 30 30 30 00000000
0040: 2c 20 62 66 38 39 63 31 , bf89c1
0048: 36 62 2c 20 30 30 30 30 6b, 0000
0050: 30 30 30 30 0000
It's more likely to a an issue with the RAM, Antivirus Software, Remote tools (like teamviewer etc), or hardware.
Run memtest86+ on the PC (you'll find it on the UBCD:
http://ultimatebootcd.com
You could also zip the last 3 dumps and upload them.
Run memtest86+ on the PC (you'll find it on the UBCD:
http://ultimatebootcd.com
You could also zip the last 3 dumps and upload them.
ASKER
There is only one memory dump which was generated.
THis is a brand new precision 3500 machine which came from DEll. It was supposed to run Win 7 prof. But I downgraded it to run WIn XP prof sp3
Is it something you can narrow down a bit more based on the log.
The user is remoting in from a MAC laptop to this windows machine using VPN. Mini030311-01.dmp
THis is a brand new precision 3500 machine which came from DEll. It was supposed to run Win 7 prof. But I downgraded it to run WIn XP prof sp3
Is it something you can narrow down a bit more based on the log.
The user is remoting in from a MAC laptop to this windows machine using VPN. Mini030311-01.dmp
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Will run SFC/scannow and windows updates.
Could this also take care of the issue.
http://forums.nvidia.com/index.php?showtopic=67147&hl=remote%20desktop&st=60
"You can fix this bug by increasing the size of the session image space via a registry key.¿ Add the following key:
[HKEY_LOCAL_MACHINE\SYSTEM
"SessionImageSize"=dword:0
Could this also take care of the issue.
http://forums.nvidia.com/index.php?showtopic=67147&hl=remote%20desktop&st=60
"You can fix this bug by increasing the size of the session image space via a registry key.¿ Add the following key:
[HKEY_LOCAL_MACHINE\SYSTEM
"SessionImageSize"=dword:0
It's unlikely, as from the link you posted i didn't see anything mentioned about the system BSODing, but rather remote desktop didn't work (but I didn't go through the complete thread...).
ASKER
Thanks for your response. The user is currently using the machine remotely and I cant run rightaway the memtest86+ and SFC/scannow and windows updates as you had suggested.
I will do try to do these things while the user is in a meeting or so.
Am remotely watching the event logs and nothing seems unusual as of now.
I will do try to do these things while the user is in a meeting or so.
Am remotely watching the event logs and nothing seems unusual as of now.
ASKER
Did the following :
1. Ran memtest86+ (once) as was short of time. It ran without errors.
2. Ran all windows updates.
3. Made the registry edit :
[HKEY_LOCAL_MACHINE\SYSTEM
"SessionImageSize"=dword:0
Couldnt run sfc /scannow as didnt have time.
Anything else you would like to suggest ?
1. Ran memtest86+ (once) as was short of time. It ran without errors.
2. Ran all windows updates.
3. Made the registry edit :
[HKEY_LOCAL_MACHINE\SYSTEM
"SessionImageSize"=dword:0
Couldnt run sfc /scannow as didnt have time.
Anything else you would like to suggest ?
No. But as I mentioned earlier, as there is only one minidump, it could just have been a freak crash. A single crash is usually something you can put aside for the moment, but just keep watching. If it happens more often then it needs extra attention. Also often the crashes aren't always the same, so the crash-dumps created can be different and analyzing 3 or so can give a better idea of what is happening.
Anyway, when you do get around doing SFC /scannow, you may need the install CD of XP, as the tool, if it finds invalid system-files, will first check in it's cache for the correct versions, if it can't find them there it'll need them from the CD and replace them with those.
Anyway, when you do get around doing SFC /scannow, you may need the install CD of XP, as the tool, if it finds invalid system-files, will first check in it's cache for the correct versions, if it can't find them there it'll need them from the CD and replace them with those.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks
ASKER
THe machine was up for 1day.