knight1fox3
2009-09-29, 20:14
Hello,
I help with the maintenance on a friend's PC to keep it free of viruses and spyware. Upon running Spybot Search & Destroy (v 1.6.2), it gets about 25% complete and the system crashes and automatically reboots. Upon reboot, a windows message pops up indicating the system has recovered from a serious error. I did some research on this message and common causes. I found that often the error can be pin-pointed by looking that the windows dmp file. This particular fault is definitely repeatable but I am not certain if it is being caused by software or hardware. The system specs are as follows:
Windows XP (32-bit) SP3
AMD Athlon XP 2.2GHz
ASUS A7N8X mobo
2 GB of DDR400 Corsair RAM
ATI Rage vid card (don't know the model off hand)
I have all the latest drivers installed including the mobo BIOS. All windows updates have been done as well. Below is the information I extracted from two dmp files using windows debugger. I would like to get some feedback from anyone on if someone else has had this issue happen. Also, does this error actually point to potential hardware (mainly memory) failure? I have not tried re-seating components and cleaning the dust out. I have known this to help in some instances. Any additional feedback on this issue would be greatly appreciated. Let me know if I need to provide any additional information. Thanks in advance!
dmp file #1 (9/24/09):
Microsoft (R) Windows Debugger Version 6.9.0003.113 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Documents and Settings\*****\Desktop\Mini092409-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\windows\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 3) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp3_gdr.090206-1234
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055b1c0
Debug session time: Thu Sep 24 20:53:03.218 2009 (GMT-5)
System Uptime: 0 days 0:32:19.807
Loading Kernel Symbols
............................................................................................................................................
Loading User Symbols
Loading unloaded module list
..........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 100000D1, {2c8e548a, 7, 0, 2c8e548a}
Probably caused by : ntoskrnl.exe ( nt!KiChainedDispatch2ndLvl+39 )
Followup: MachineOwner
---------
kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 2c8e548a, memory referenced
Arg2: 00000007, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: 2c8e548a, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: 2c8e548a
CURRENT_IRQL: 7
FAULTING_IP:
+2c8e548a
2c8e548a ?? ???
PROCESS_NAME: avgrsx.exe
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0xD1
LAST_CONTROL_TRANSFER: from 804da779 to 2c8e548a
FAILED_INSTRUCTION_ADDRESS:
+2c8e548a
2c8e548a ?? ???
STACK_TEXT:
WARNING: Frame IP not in any known module. Following frames may be wrong.
f78a2f44 804da779 8a61c61f 575028ba 00000007 0x2c8e548a
f78a2fd0 804dbbd4 8055a020 00000000 0001e4f3 nt!KiChainedDispatch2ndLvl+0x39
f78a2fd4 8055a020 00000000 0001e4f3 00000000 nt!KiRetireDpcList+0x46
f78a2ff4 804db89e b1147d44 00000000 00000000 nt!KiTimerExpireDpc
f78a2ff8 b1147d44 00000000 00000000 00000000 nt!KiDispatchInterrupt+0x2a
804db89e 00000000 00000009 bb835675 00000128 0xb1147d44
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!KiChainedDispatch2ndLvl+39
804da779 8a4f28 mov cl,byte ptr [edi+28h]
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!KiChainedDispatch2ndLvl+39
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntoskrnl.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 498c1a18
FAILURE_BUCKET_ID: 0xD1_CODE_AV_BAD_IP_nt!KiChainedDispatch2ndLvl+39
BUCKET_ID: 0xD1_CODE_AV_BAD_IP_nt!KiChainedDispatch2ndLvl+39
Followup: MachineOwner
---------
dmp file #2 (9/28/09):
Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Documents and Settings\*****\Desktop\Mini092809-03.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 3) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp3_gdr.090206-1234
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055b1c0
Debug session time: Mon Sep 28 21:30:05.609 2009 (GMT-5)
System Uptime: 0 days 1:52:09.204
Loading Kernel Symbols
...............................................................
................................................................
.............
Loading User Symbols
Loading unloaded module list
...........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000000A, {4, 2, 1, 804dc0ac}
Probably caused by : ntoskrnl.exe ( nt!KiFindReadyThread+66 )
Followup: MachineOwner
---------
kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 00000004, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: 804dc0ac, address which referenced memory
Debugging Details:
------------------
WRITE_ADDRESS: 00000004
CURRENT_IRQL: 2
FAULTING_IP:
nt!KiFindReadyThread+66
804dc0ac 897904 mov dword ptr [ecx+4],edi
CUSTOMER_CRASH_COUNT: 3
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: System
LAST_CONTROL_TRANSFER: from 804dc0e7 to 804dc0ac
STACK_TEXT:
f78ded30 804dc0e7 80562338 8a6bc090 8a6bc020 nt!KiFindReadyThread+0x66
f78ded40 804e407e 80561390 80562338 8a6bc020 nt!KiSwapThread+0x2a
f78ded6c 804e423d 00000000 00000000 00000000 nt!KeRemoveQueue+0x20e
f78dedac 8057aeff 00000000 00000000 00000000 nt!ExpWorkerThread+0xd6
f78deddc 804f88ea 804e4196 00000002 00000000 nt!PspSystemThreadStartup+0x34
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!KiFindReadyThread+66
804dc0ac 897904 mov dword ptr [ecx+4],edi
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!KiFindReadyThread+66
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntoskrnl.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 498c1a18
FAILURE_BUCKET_ID: 0xA_nt!KiFindReadyThread+66
BUCKET_ID: 0xA_nt!KiFindReadyThread+66
Followup: MachineOwner
---------
I help with the maintenance on a friend's PC to keep it free of viruses and spyware. Upon running Spybot Search & Destroy (v 1.6.2), it gets about 25% complete and the system crashes and automatically reboots. Upon reboot, a windows message pops up indicating the system has recovered from a serious error. I did some research on this message and common causes. I found that often the error can be pin-pointed by looking that the windows dmp file. This particular fault is definitely repeatable but I am not certain if it is being caused by software or hardware. The system specs are as follows:
Windows XP (32-bit) SP3
AMD Athlon XP 2.2GHz
ASUS A7N8X mobo
2 GB of DDR400 Corsair RAM
ATI Rage vid card (don't know the model off hand)
I have all the latest drivers installed including the mobo BIOS. All windows updates have been done as well. Below is the information I extracted from two dmp files using windows debugger. I would like to get some feedback from anyone on if someone else has had this issue happen. Also, does this error actually point to potential hardware (mainly memory) failure? I have not tried re-seating components and cleaning the dust out. I have known this to help in some instances. Any additional feedback on this issue would be greatly appreciated. Let me know if I need to provide any additional information. Thanks in advance!
dmp file #1 (9/24/09):
Microsoft (R) Windows Debugger Version 6.9.0003.113 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Documents and Settings\*****\Desktop\Mini092409-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\windows\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 3) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp3_gdr.090206-1234
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055b1c0
Debug session time: Thu Sep 24 20:53:03.218 2009 (GMT-5)
System Uptime: 0 days 0:32:19.807
Loading Kernel Symbols
............................................................................................................................................
Loading User Symbols
Loading unloaded module list
..........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 100000D1, {2c8e548a, 7, 0, 2c8e548a}
Probably caused by : ntoskrnl.exe ( nt!KiChainedDispatch2ndLvl+39 )
Followup: MachineOwner
---------
kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 2c8e548a, memory referenced
Arg2: 00000007, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: 2c8e548a, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: 2c8e548a
CURRENT_IRQL: 7
FAULTING_IP:
+2c8e548a
2c8e548a ?? ???
PROCESS_NAME: avgrsx.exe
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0xD1
LAST_CONTROL_TRANSFER: from 804da779 to 2c8e548a
FAILED_INSTRUCTION_ADDRESS:
+2c8e548a
2c8e548a ?? ???
STACK_TEXT:
WARNING: Frame IP not in any known module. Following frames may be wrong.
f78a2f44 804da779 8a61c61f 575028ba 00000007 0x2c8e548a
f78a2fd0 804dbbd4 8055a020 00000000 0001e4f3 nt!KiChainedDispatch2ndLvl+0x39
f78a2fd4 8055a020 00000000 0001e4f3 00000000 nt!KiRetireDpcList+0x46
f78a2ff4 804db89e b1147d44 00000000 00000000 nt!KiTimerExpireDpc
f78a2ff8 b1147d44 00000000 00000000 00000000 nt!KiDispatchInterrupt+0x2a
804db89e 00000000 00000009 bb835675 00000128 0xb1147d44
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!KiChainedDispatch2ndLvl+39
804da779 8a4f28 mov cl,byte ptr [edi+28h]
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!KiChainedDispatch2ndLvl+39
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntoskrnl.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 498c1a18
FAILURE_BUCKET_ID: 0xD1_CODE_AV_BAD_IP_nt!KiChainedDispatch2ndLvl+39
BUCKET_ID: 0xD1_CODE_AV_BAD_IP_nt!KiChainedDispatch2ndLvl+39
Followup: MachineOwner
---------
dmp file #2 (9/28/09):
Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Documents and Settings\*****\Desktop\Mini092809-03.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 3) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp3_gdr.090206-1234
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055b1c0
Debug session time: Mon Sep 28 21:30:05.609 2009 (GMT-5)
System Uptime: 0 days 1:52:09.204
Loading Kernel Symbols
...............................................................
................................................................
.............
Loading User Symbols
Loading unloaded module list
...........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000000A, {4, 2, 1, 804dc0ac}
Probably caused by : ntoskrnl.exe ( nt!KiFindReadyThread+66 )
Followup: MachineOwner
---------
kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 00000004, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: 804dc0ac, address which referenced memory
Debugging Details:
------------------
WRITE_ADDRESS: 00000004
CURRENT_IRQL: 2
FAULTING_IP:
nt!KiFindReadyThread+66
804dc0ac 897904 mov dword ptr [ecx+4],edi
CUSTOMER_CRASH_COUNT: 3
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: System
LAST_CONTROL_TRANSFER: from 804dc0e7 to 804dc0ac
STACK_TEXT:
f78ded30 804dc0e7 80562338 8a6bc090 8a6bc020 nt!KiFindReadyThread+0x66
f78ded40 804e407e 80561390 80562338 8a6bc020 nt!KiSwapThread+0x2a
f78ded6c 804e423d 00000000 00000000 00000000 nt!KeRemoveQueue+0x20e
f78dedac 8057aeff 00000000 00000000 00000000 nt!ExpWorkerThread+0xd6
f78deddc 804f88ea 804e4196 00000002 00000000 nt!PspSystemThreadStartup+0x34
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!KiFindReadyThread+66
804dc0ac 897904 mov dword ptr [ecx+4],edi
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!KiFindReadyThread+66
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntoskrnl.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 498c1a18
FAILURE_BUCKET_ID: 0xA_nt!KiFindReadyThread+66
BUCKET_ID: 0xA_nt!KiFindReadyThread+66
Followup: MachineOwner
---------