teg007

Thanks for the analysis! The devices that I have connected are as follows: - 3M Ergonomic mouse - Microsoft Comfort Optical Mouse (I know..two mouses...but I use both hands) - HP Laserjet 3052 printer - Dell 2408 Widescreen monitor. This monitor has multiple USB connections. - EDIMAX 4 port KVM I have been using all of the above for as long as I can remember ie at least 12 months. However the Dell monitor has been behaving very strangely with the screen blanking and having to be turned off and on again to get a picture. I can try disconnecting the USB port to the monitor and see if that improves the situation. I do have a logitech camera but it hasnt been connected for many months. I will also remove this and see it improves. Thanks again.

Thanks for the feedback. Dump files are available here: http://adelie.cx/MEMORY1.zip http://adelie.cx/MEMORY.zip MEMORY1.zip is the dump file specific to my initial email. Since then I have had another reboot and this refers to MEMORY.zip. With regard to the other questions, I am not sure exactly when the problem occurred and what has changed and thus removed most of the non needed programs. Not running SP3 and running UPHCLEAN due to standard install. The o/p from !irpfind was indeed many pages. Thanks gain for any help.

Hi, I need some help to work out why my XP pc is crashing every 3 to 4 days. I have removed all of the virus tools and other programs to try and isolate the issue but have had no luck. After reviewing this and trying to follow the example I quickly realised that I dont have the expertise to actually work out what is actually causing the issue. Using the example above I have summarised some of the requested outputs below. I am happy to share the dump file if this would help. Output from windows debugger starting up: Microsoft (R) Windows Debugger Version 6.11.0001.404 X86 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [C:\WINDOWS\MEMORY.DMP] Kernel Summary Dump File: Only kernel address space is available Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible Product: WinNt, suite: TerminalServer SingleUserTS Built by: 2600.xpsp_sp2_qfe.090206-1239 Machine Name: Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055c720 Debug session time: Thu Jul 30 12:16:35.954 2009 (GMT+8) System Uptime: 1 days 23:08:49.656 Loading Kernel Symbols ............................................................... ................................................................ ................................................... Loading User Symbols PEB is paged out (Peb.Ldr = 7ffdd00c). Type ".hh dbgerr001" for details Loading unloaded module list .................................................. ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck F4, {3, 89533da0, 89533f14, 805d1650} unable to get nt!KiCurrentEtwBufferOffset unable to get nt!KiCurrentEtwBufferBase PEB is paged out (Peb.Ldr = 7ffdd00c). Type ".hh dbgerr001" for details PEB is paged out (Peb.Ldr = 7ffdd00c). Type ".hh dbgerr001" for details Probably caused by : hardware_disk Followup: MachineOwner --------- Output of 1: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* CRITICAL_OBJECT_TERMINATION (f4) A process or thread crucial to system operation has unexpectedly exited or been terminated. Several processes and threads are necessary for the operation of the system; when they are terminated (for any reason), the system can no longer function. Arguments: Arg1: 00000003, Process Arg2: 89533da0, Terminating object Arg3: 89533f14, Process image file name Arg4: 805d1650, Explanatory message (ascii) Debugging Details: ------------------ unable to get nt!KiCurrentEtwBufferOffset unable to get nt!KiCurrentEtwBufferBase PEB is paged out (Peb.Ldr = 7ffdd00c). Type ".hh dbgerr001" for details PEB is paged out (Peb.Ldr = 7ffdd00c). Type ".hh dbgerr001" for details PROCESS_OBJECT: 89533da0 IMAGE_NAME: hardware_disk DEBUG_FLR_IMAGE_TIMESTAMP: 0 FAULTING_MODULE: 00000000 PROCESS_NAME: csrss.exe EXCEPTION_RECORD: baa779d8 -- (.exr 0xffffffffbaa779d8) ExceptionAddress: 75b7a0c1 ExceptionCode: c0000006 (In-page I/O error) ExceptionFlags: 00000000 NumberParameters: 3 Parameter[0]: 00000008 Parameter[1]: 75b7a0c1 Parameter[2]: c000009a Inpage operation failed at 75b7a0c1, due to I/O error c000009a EXCEPTION_CODE: (NTSTATUS) 0xc0000006 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The required data was not placed into memory because of an I/O error status of "0x%08lx". DEFAULT_BUCKET_ID: DRIVER_FAULT ERROR_CODE: (NTSTATUS) 0xc0000006 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The required data was not placed into memory because of an I/O error status of "0x%08lx". EXCEPTION_PARAMETER1: 00000008 EXCEPTION_PARAMETER2: 75b7a0c1 EXCEPTION_PARAMETER3: c000009a IO_ERROR: (NTSTATUS) 0xc000009a - Insufficient system resources exist to complete the API. EXCEPTION_STR: 0xc0000006_c000009a FAULTING_IP: +1a4952f00fddfdc 75b7a0c1 ?? ??? BUGCHECK_STR: 0xF4_IOERR_C000009A STACK_TEXT: baa77520 805d07f7 000000f4 00000003 89533da0 nt!KeBugCheckEx+0x1b baa77544 805d16fb 805d1650 89533da0 89533f14 nt!PspCatchCriticalBreak+0x75 baa77574 805413fc 89533fe8 c0000006 baa779b0 nt!NtTerminateProcess+0x7d baa77574 80501131 89533fe8 c0000006 baa779b0 nt!KiFastCallEntry+0xfc baa775f4 804fe7de ffffffff c0000006 baa779f8 nt!ZwTerminateProcess+0x11 baa779b0 8050289f baa779d8 00000000 baa77d64 nt!KiDispatchException+0x3a0 baa77d34 80544cc7 0069fbb4 0069fbd4 00000000 nt!KiRaiseException+0x175 baa77d50 805413fc 0069fbb4 0069fbd4 00000000 nt!NtRaiseException+0x33 baa77d50 75b7a0c1 0069fbb4 0069fbd4 00000000 nt!KiFastCallEntry+0xfc WARNING: Frame IP not in any known module. Following frames may be wrong. 0069febc 00000000 00000000 00000000 00000000 0x75b7a0c1 STACK_COMMAND: kb FOLLOWUP_IP: +1a4952f00fddfdc 75b7a0c1 ?? ??? FOLLOWUP_NAME: MachineOwner MODULE_NAME: hardware_disk FAILURE_BUCKET_ID: 0xF4_IOERR_C000009A_IMAGE_hardware_disk BUCKET_ID: 0xF4_IOERR_C000009A_IMAGE_hardware_disk Followup: MachineOwner --------- Output of !process ffffffff89533da0 PROCESS 89533da0 SessionId: 0 Cid: 063c Peb: 7ffdd000 ParentCid: 0508 DirBase: 0b700060 ObjectTable: e20a47a8 HandleCount: 960. Image: csrss.exe VadRoot 8604d7f0 Vads 227 Clone 0 Private 401. Modified 8106919. Locked 0. DeviceMap e1002118 Token e227dde0 ElapsedTime 1 Day 23:08:05.126 UserTime 00:00:29.671 KernelTime 00:03:59.828 QuotaPoolUsage[PagedPool] 134540 QuotaPoolUsage[NonPagedPool] 9080 Working Set Sizes (now,min,max) (1740, 50, 345) (6960KB, 200KB, 1380KB) PeakWorkingSetSize 2497 VirtualSize 64 Mb PeakVirtualSize 86 Mb PageFaultCount 49388 MemoryPriority BACKGROUND BasePriority 13 CommitCharge 500 THREAD 89472da8 Cid 063c.0650 Teb: 7ffde000 Win32Thread: e15cb878 WAIT: (WrLpcReply) UserMode Non-Alertable 89472f9c Semaphore Limit 0x1 Waiting for reply to LPC MessageId 02197f43: Current LPC port e12faf68 Not impersonating DeviceMap e1002118 Owning Process 0 Image: <Unknown> Attached Process 89533da0 Image: csrss.exe Wait Start TickCount 10635992 Ticks: 226706 (0:00:59:02.281) Context Switch Count 1055 LargeStack UserTime 00:00:00.000 KernelTime 00:00:00.015 Start Address 0x75b67d5b Stack Init baa68000 Current baa67c50 Base baa68000 Limit baa65000 Call 0 Priority 15 BasePriority 15 PriorityDecrement 0 DecrementCount 0 Kernel stack not resident. ChildEBP RetAddr baa67c68 8050380e nt!KiSwapContext+0x2f (FPO: [Uses EBP] [0,0,4]) baa67c74 804fb042 nt!KiSwapThread+0x8a (FPO: [0,0,0]) baa67c9c 805a223f nt!KeWaitForSingleObject+0x1c2 (FPO: [5,5,4]) baa67d50 805413fc nt!NtRequestWaitReplyPort+0x63d (FPO: [Non-Fpo]) baa67d50 7c90e514 nt!KiFastCallEntry+0xfc (FPO: [0,0] TrapFrame @ baa67d64) WARNING: Frame IP not in any known module. Following frames may be wrong. 0049fff4 00000000 0x7c90e514 THREAD 89472aa8 Cid 063c.0654 Teb: 7ffdc000 Win32Thread: e5fe5eb0 WAIT: (UserRequest) UserMode Alertable 89778a90 SynchronizationEvent 89763aa8 SynchronizationEvent 89773e98 SynchronizationEvent Not impersonating DeviceMap e1002118 Owning Process 0 Image: <Unknown> Attached Process 89533da0 Image: csrss.exe Wait Start TickCount 10758781 Ticks: 103917 (0:00:27:03.703) Context Switch Count 1176 LargeStack UserTime 00:00:00.000 KernelTime 00:00:00.046 Start Address 0x75b6bedd Stack Init a77dc000 Current a77db960 Base a77dc000 Limit a77d9000 Call 0 Priority 14 BasePriority 13 PriorityDecrement 0 DecrementCount 16 Kernel stack not resident. ChildEBP RetAddr a77db978 8050380e nt!KiSwapContext+0x2f (FPO: [Uses EBP] [0,0,4]) a77db984 804fad62 nt!KiSwapThread+0x8a (FPO: [0,0,0]) a77db9bc 805bf727 nt!KeWaitForMultipleObjects+0x284 (FPO: [8,9,4]) a77dbd48 805413fc nt!NtWaitForMultipleObjects+0x297 (FPO: [Non-Fpo]) a77dbd48 7c90e514 nt!KiFastCallEntry+0xfc (FPO: [0,0] TrapFrame @ a77dbd64) WARNING: Frame IP not in any known module. Following frames may be wrong. 004dfff4 00000000 0x7c90e514 THREAD 894af348 Cid 063c.0658 Teb: 7ffdb000 Win32Thread: e229b538 WAIT: (WrLpcReceive) UserMode Non-Alertable 8987aa78 Semaphore Limit 0x7fffffff Not impersonating DeviceMap e1002118 Owning Process 0 Image: <Unknown> Attached Process 89533da0 Image: csrss.exe Wait Start TickCount 10861628 Ticks: 1070 (0:00:00:16.718) Context Switch Count 280242 LargeStack UserTime 00:00:06.000 KernelTime 00:00:23.609 Start Address 0x75b44616 Stack Init ad42c000 Current ad42bc34 Base ad42c000 Limit ad429000 Call 0 Priority 13 BasePriority 13 PriorityDecrement 0 DecrementCount 16 ChildEBP RetAddr ad42bc4c 8050380e nt!KiSwapContext+0x2f (FPO: [Uses EBP] [0,0,4]) ad42bc58 804fb042 nt!KiSwapThread+0x8a (FPO: [0,0,0]) ad42bc80 805a5124 nt!KeWaitForSingleObject+0x1c2 (FPO: [5,5,4]) ad42bd30 805a5358 nt!NtReplyWaitReceivePortEx+0x3dc (FPO: [Non-Fpo]) ad42bd4c 805413fc nt!NtReplyWaitReceivePort+0x18 (FPO: [4,0,0]) ad42bd4c 7c90e514 nt!KiFastCallEntry+0xfc (FPO: [0,0] TrapFrame @ ad42bd64) WARNING: Frame IP not in any known module. Following frames may be wrong. 0052fff4 00000000 0x7c90e514 THREAD 894c8da8 Cid 063c.065c Teb: 7ffda000 Win32Thread: 00000000 WAIT: (WrLpcReceive) UserMode Non-Alertable 89905b50 Semaphore Limit 0x7fffffff Not impersonating DeviceMap e1002118 Owning Process 0 Image: <Unknown> Attached Process 89533da0 Image: csrss.exe Wait Start TickCount 272246 Ticks: 10590452 (1:21:57:55.812) Context Switch Count 7 UserTime 00:00:00.000 KernelTime 00:00:00.000 Start Address 0x75b43b3a Stack Init b2ff2000 Current b2ff1c34 Base b2ff2000 Limit b2fef000 Call 0 Priority 15 BasePriority 13 PriorityDecrement 0 DecrementCount 0 Kernel stack not resident. THREAD 89476428 Cid 063c.0668 Teb: 7ffd9000 Win32Thread: e1ca35c8 RUNNING on processor 1 Not impersonating DeviceMap e1002118 Owning Process 0 Image: <Unknown> Attached Process 89533da0 Image: csrss.exe Wait Start TickCount 10862698 Ticks: 0 Context Switch Count 280220 LargeStack UserTime 00:00:05.718 KernelTime 00:00:23.734 Win32 Start Address 0x0226024e LPC Server thread working on message Id 226024e Start Address 0x75b44616 Stack Init baa78000 Current baa77c1c Base baa78000 Limit baa75000 Call 0 Priority 13 BasePriority 13 PriorityDecrement 0 DecrementCount 16 ChildEBP RetAddr baa77520 805d07f7 nt!KeBugCheckEx+0x1b (FPO: [5,0,0]) baa77544 805d16fb nt!PspCatchCriticalBreak+0x75 (FPO: [3,0,0]) baa77574 805413fc nt!NtTerminateProcess+0x7d (FPO: [2,4,4]) baa77574 80501131 nt!KiFastCallEntry+0xfc (FPO: [0,0] TrapFrame @ baa77584) baa775f4 804fe7de nt!ZwTerminateProcess+0x11 (FPO: [2,0,0]) baa779b0 8050289f nt!KiDispatchException+0x3a0 (FPO: [Non-Fpo]) baa77d34 80544cc7 nt!KiRaiseException+0x175 (FPO: [Non-Fpo]) baa77d50 805413fc nt!NtRaiseException+0x33 baa77d50 75b7a0c1 nt!KiFastCallEntry+0xfc (FPO: [0,0] TrapFrame @ baa77d64) WARNING: Frame IP not in any known module. Following frames may be wrong. 0069febc 00000000 0x75b7a0c1 THREAD 8965ac90 Cid 063c.066c Teb: 7ffd8000 Win32Thread: e1a0f990 WAIT: (Executive) KernelMode Non-Alertable 8948ce78 SynchronizationEvent 8965ad80 NotificationTimer IRP List: ff9d44f0: (0006,0220) Flags: 00000970 Mdl: 00000000 89772d50: (0006,0190) Flags: 00000970 Mdl: 00000000 8947ee28: (0006,01d8) Flags: 00000970 Mdl: 00000000 89720b58: (0006,0190) Flags: 00000970 Mdl: 00000000 Not impersonating DeviceMap e1002118 Owning Process 0 Image: <Unknown> Attached Process 89533da0 Image: csrss.exe Wait Start TickCount 10862698 Ticks: 0 Context Switch Count 58949346 LargeStack UserTime 00:00:00.000 KernelTime 00:01:05.250 Start Address 0x75b67cd7 Stack Init b3caa000 Current b3ca9a58 Base b3caa000 Limit b3ca7000 Call 0 Priority 13 BasePriority 13 PriorityDecrement 0 DecrementCount 16 ChildEBP RetAddr b3ca9a60 00000000 0x0 THREAD 8954f6f0 Cid 063c.0670 Teb: 7ffd7000 Win32Thread: e1c7c880 WAIT: (WrUserRequest) UserMode Non-Alertable 89779a78 SynchronizationEvent 89476e78 SynchronizationEvent 89a7b2f0 SynchronizationEvent IRP List: ff9e4bb8: (0006,0220) Flags: 00000970 Mdl: 00000000 ff2364f0: (0006,0220) Flags: 00000970 Mdl: 00000000 8952c008: (0006,0190) Flags: 00000970 Mdl: 00000000 896b3c70: (0006,0190) Flags: 00000970 Mdl: 00000000 Not impersonating DeviceMap e1002118 Owning Process 0 Image: <Unknown> Attached Process 89533da0 Image: csrss.exe Wait Start TickCount 10862695 Ticks: 3 (0:00:00:00.046) Context Switch Count 2700246 LargeStack UserTime 00:00:00.000 KernelTime 00:00:12.625 Start Address 0x75b67cd7 Stack Init b836e000 Current b836d9c8 Base b836e000 Limit b836b000 Call 0 Priority 15 BasePriority 13 PriorityDecrement 0 DecrementCount 0 ChildEBP RetAddr b836d9e0 8050380e nt!KiSwapContext+0x2f (FPO: [Uses EBP] [0,0,4]) b836d9ec 804fad62 nt!KiSwapThread+0x8a (FPO: [0,0,0]) b836da24 bf80a6cf nt!KeWaitForMultipleObjects+0x284 (FPO: [8,9,4]) b836da5c bf8797e9 win32k!xxxMsgWaitForMultipleObjects+0xb0 (FPO: [4,1,4]) b836dd30 bf8627fc win32k!xxxDesktopThread+0x32b (FPO: [1,172,4]) b836dd40 bf80112d win32k!xxxCreateSystemThreads+0x6a (FPO: [1,1,0]) b836dd54 805413fc win32k!NtUserCallOneParam+0x23 (FPO: [2,0,0]) b836dd54 7c90e514 nt!KiFastCallEntry+0xfc (FPO: [0,0] TrapFrame @ b836dd64) WARNING: Frame IP not in any known module. Following frames may be wrong. 00000000 00000000 0x7c90e514 THREAD 8989ece8 Cid 063c.06a8 Teb: 7ffd6000 Win32Thread: e1c64918 WAIT: (WrUserRequest) UserMode Non-Alertable 894d41a8 SynchronizationEvent 89a267f0 SynchronizationEvent Not impersonating DeviceMap e1002118 Owning Process 0 Image: <Unknown> Attached Process 89533da0 Image: csrss.exe Wait Start TickCount 272246 Ticks: 10590452 (1:21:57:55.812) Context Switch Count 7 LargeStack UserTime 00:00:00.000 KernelTime 00:00:00.000 Start Address 0x75b67cd7 Stack Init b834e000 Current b834d9c8 Base b834e000 Limit b834b000 Call 0 Priority 15 BasePriority 13 PriorityDecrement 0 DecrementCount 0 Kernel stack not resident. THREAD 89a13020 Cid 063c.06ac Teb: 7ffd5000 Win32Thread: e1c0ceb0 WAIT: (WrLpcReceive) UserMode Non-Alertable 8987aa78 Semaphore Limit 0x7fffffff Not impersonating DeviceMap e1002118 Owning Process 0 Image: <Unknown> Attached Process 89533da0 Image: csrss.exe Wait Start TickCount 10862053 Ticks: 645 (0:00:00:10.078) Context Switch Count 280535 LargeStack UserTime 00:00:06.078 KernelTime 00:00:23.218 Win32 Start Address 0x022601e1 LPC Server thread working on message Id 22601e1 Start Address 0x75b44616 Stack Init b92e3000 Current b92e2c34 Base b92e3000 Limit b92e0000 Call 0 Priority 13 BasePriority 13 PriorityDecrement 0 DecrementCount 16 ChildEBP RetAddr b92e2c4c 8050380e nt!KiSwapContext+0x2f (FPO: [Uses EBP] [0,0,4]) b92e2c58 804fb042 nt!KiSwapThread+0x8a (FPO: [0,0,0]) b92e2c80 805a5124 nt!KeWaitForSingleObject+0x1c2 (FPO: [5,5,4]) b92e2d30 805a5358 nt!NtReplyWaitReceivePortEx+0x3dc (FPO: [Non-Fpo]) b92e2d4c 805413fc nt!NtReplyWaitReceivePort+0x18 (FPO: [4,0,0]) b92e2d4c 7c90e514 nt!KiFastCallEntry+0xfc (FPO: [0,0] TrapFrame @ b92e2d64) WARNING: Frame IP not in any known module. Following frames may be wrong. 00c8fff4 00000000 0x7c90e514 THREAD 8989ea70 Cid 063c.06b0 Teb: 7ffd4000 Win32Thread: e1c7f5a8 WAIT: (WrLpcReceive) UserMode Non-Alertable 8987aa78 Semaphore Limit 0x7fffffff Not impersonating DeviceMap e1002118 Owning Process 0 Image: <Unknown> Attached Process 89533da0 Image: csrss.exe Wait Start TickCount 10862052 Ticks: 646 (0:00:00:10.093) Context Switch Count 280413 LargeStack UserTime 00:00:05.843 KernelTime 00:00:22.781 Win32 Start Address 0x022601df LPC Server thread working on message Id 22601df Start Address 0x75b44616 Stack Init b92c3000 Current b92c2c34 Base b92c3000 Limit b92c0000 Call 0 Priority 14 BasePriority 13 PriorityDecrement 0 DecrementCount 16 ChildEBP RetAddr b92c2c4c 8050380e nt!KiSwapContext+0x2f (FPO: [Uses EBP] [0,0,4]) b92c2c58 804fb042 nt!KiSwapThread+0x8a (FPO: [0,0,0]) b92c2c80 805a5124 nt!KeWaitForSingleObject+0x1c2 (FPO: [5,5,4]) b92c2d30 805a5358 nt!NtReplyWaitReceivePortEx+0x3dc (FPO: [Non-Fpo]) b92c2d4c 805413fc nt!NtReplyWaitReceivePort+0x18 (FPO: [4,0,0]) b92c2d4c 7c90e514 nt!KiFastCallEntry+0xfc (FPO: [0,0] TrapFrame @ b92c2d64) WARNING: Frame IP not in any known module. Following frames may be wrong. 00cefff4 00000000 0x7c90e514 THREAD 88851b00 Cid 063c.03e0 Teb: 7ffaf000 Win32Thread: e2e7c280 WAIT: (WrUserRequest) UserMode Non-Alertable 8884bdc8 SynchronizationEvent Not impersonating DeviceMap e1002118 Owning Process 0 Image: <Unknown> Attached Process 89533da0 Image: csrss.exe Wait Start TickCount 10860139 Ticks: 2559 (0:00:00:39.984) Context Switch Count 9219 LargeStack UserTime 00:00:00.062 KernelTime 00:00:00.234 Start Address 0x75b61e4a Stack Init a9910000 Current a990fc20 Base a9910000 Limit a990c000 Call 0 Priority 15 BasePriority 13 PriorityDecrement 0 DecrementCount 0 Kernel stack not resident. ChildEBP RetAddr a990fc38 8050380e nt!KiSwapContext+0x2f (FPO: [Uses EBP] [0,0,4]) a990fc44 804fb042 nt!KiSwapThread+0x8a (FPO: [0,0,0]) a990fc6c bf80300b nt!KeWaitForSingleObject+0x1c2 (FPO: [5,5,4]) a990fca8 bf801be3 win32k!xxxSleepThread+0x192 (FPO: [3,5,4]) a990fcec bf81a093 win32k!xxxRealInternalGetMessage+0x418 (FPO: [6,9,4]) a990fd4c 805413fc win32k!NtUserGetMessage+0x27 (FPO: [Non-Fpo]) a990fd4c 7c90e514 nt!KiFastCallEntry+0xfc (FPO: [0,0] TrapFrame @ a990fd64) WARNING: Frame IP not in any known module. Following frames may be wrong. 0118ff6c 00000000 0x7c90e514 THREAD 882dc528 Cid 063c.0ba8 Teb: 7ffae000 Win32Thread: 00000000 WAIT: (UserRequest) UserMode Non-Alertable 883f22fc NotificationEvent IRP List: 88721a90: (0006,0094) Flags: 00000900 Mdl: 00000000 Not impersonating DeviceMap e1002118 Owning Process 0 Image: <Unknown> Attached Process 89533da0 Image: csrss.exe Wait Start TickCount 272246 Ticks: 10590452 (1:21:57:55.812) Context Switch Count 3 UserTime 00:00:00.000 KernelTime 00:00:00.000 Start Address 0x75b67fcc Stack Init ba414000 Current ba413ca0 Base ba414000 Limit ba411000 Call 0 Priority 15 BasePriority 15 PriorityDecrement 0 DecrementCount 0 Kernel stack not resident. THREAD 8af00368 Cid 063c.00f8 Teb: 7ffad000 Win32Thread: e16232c0 WAIT: (WrLpcReceive) UserMode Non-Alertable 8987aa78 Semaphore Limit 0x7fffffff Not impersonating DeviceMap e1002118 Owning Process 0 Image: <Unknown> Attached Process 89533da0 Image: csrss.exe Wait Start TickCount 10861628 Ticks: 1070 (0:00:00:16.718) Context Switch Count 278499 LargeStack UserTime 00:00:05.765 KernelTime 00:00:23.218 Start Address 0x75b44616 Stack Init a8ce8000 Current a8ce7c34 Base a8ce8000 Limit a8ce5000 Call 0 Priority 14 BasePriority 13 PriorityDecrement 0 DecrementCount 16 ChildEBP RetAddr a8ce7c4c 8050380e nt!KiSwapContext+0x2f (FPO: [Uses EBP] [0,0,4]) a8ce7c58 804fb042 nt!KiSwapThread+0x8a (FPO: [0,0,0]) a8ce7c80 805a5124 nt!KeWaitForSingleObject+0x1c2 (FPO: [5,5,4]) a8ce7d30 805a5358 nt!NtReplyWaitReceivePortEx+0x3dc (FPO: [Non-Fpo]) a8ce7d4c 805413fc nt!NtReplyWaitReceivePort+0x18 (FPO: [4,0,0]) a8ce7d4c 7c90e514 nt!KiFastCallEntry+0xfc (FPO: [0,0] TrapFrame @ a8ce7d64) WARNING: Frame IP not in any known module. Following frames may be wrong. 0158fff4 00000000 0x7c90e514 THREAD 8826fda8 Cid 063c.1178 Teb: 7ffac000 Win32Thread: e3150308 WAIT: (WrUserRequest) UserMode Non-Alertable 87cc5608 SynchronizationEvent Not impersonating DeviceMap e1002118 Owning Process 0 Image: <Unknown> Attached Process 89533da0 Image: csrss.exe Wait Start TickCount 2201286 Ticks: 8661412 (1:13:35:34.562) Context Switch Count 39313 LargeStack UserTime 00:00:00.062 KernelTime 00:00:05.890 Start Address 0x75b61e4a Stack Init a92c6000 Current a92c5c20 Base a92c6000 Limit a92c1000 Call 0 Priority 15 BasePriority 13 PriorityDecrement 0 DecrementCount 16 Kernel stack not resident. ChildEBP RetAddr a92c5c38 8050380e nt!KiSwapContext+0x2f (FPO: [Uses EBP] [0,0,4]) a92c5c44 804fb042 nt!KiSwapThread+0x8a (FPO: [0,0,0]) a92c5c6c bf80300b nt!KeWaitForSingleObject+0x1c2 (FPO: [5,5,4]) a92c5ca8 bf801be3 win32k!xxxSleepThread+0x192 (FPO: [3,5,4]) a92c5cec bf81a093 win32k!xxxRealInternalGetMessage+0x418 (FPO: [6,9,4]) a92c5d4c 805413fc win32k!NtUserGetMessage+0x27 (FPO: [Non-Fpo]) a92c5d4c 7c90e514 nt!KiFastCallEntry+0xfc (FPO: [0,0] TrapFrame @ a92c5d64) WARNING: Frame IP not in any known module. Following frames may be wrong. 0166ff6c 00000000 0x7c90e514 Output of kd> !vm *** Virtual Memory Usage *** Physical Memory: 785977 ( 3143908 Kb) Page File: \??\C:\pagefile.sys Current: 3093504 Kb Free Space: 2664244 Kb Minimum: 3093504 Kb Maximum: 3093504 Kb Available Pages: 499022 ( 1996088 Kb) ResAvail Pages: 693762 ( 2775048 Kb) Locked IO Pages: 142 ( 568 Kb) Free System PTEs: 169269 ( 677076 Kb) Free NP PTEs: 0 ( 0 Kb) Free Special NP: 0 ( 0 Kb) Modified Pages: 557 ( 2228 Kb) Modified PF Pages: 557 ( 2228 Kb) NonPagedPool Usage: 65495 ( 261980 Kb) NonPagedPool Max: 65536 ( 262144 Kb) ********** Excessive NonPaged Pool Usage ***** PagedPool 0 Usage: 9994 ( 39976 Kb) PagedPool 1 Usage: 2949 ( 11796 Kb) PagedPool 2 Usage: 2859 ( 11436 Kb) PagedPool 3 Usage: 2943 ( 11772 Kb) PagedPool 4 Usage: 2921 ( 11684 Kb) PagedPool Usage: 21666 ( 86664 Kb) PagedPool Maximum: 92160 ( 368640 Kb) ********** 304968 pool allocations have failed ********** Session Commit: 1567 ( 6268 Kb) Shared Commit: 19323 ( 77292 Kb) Special Pool: 0 ( 0 Kb) Shared Process: 7090 ( 28360 Kb) PagedPool Commit: 21666 ( 86664 Kb) Driver Commit: 4393 ( 17572 Kb) Committed pages: 332863 ( 1331452 Kb) Commit limit: 1517920 ( 6071680 Kb) Total Private: 241750 ( 967000 Kb) 0cfc OUTLOOK.EXE 40403 ( 161612 Kb) 01d8 connect.exe 17414 ( 69656 Kb) 0b30 sametime80w.exe 16427 ( 65708 Kb) 2528 chrome.exe 15374 ( 61496 Kb) 0288 YahooMessenger. 14658 ( 58632 Kb) 11e0 chrome.exe 11540 ( 46160 Kb) 1edc chrome.exe 8715 ( 34860 Kb) 253c chrome.exe 7265 ( 29060 Kb) 2088 EXCEL.EXE 6773 ( 27092 Kb) 2480 chrome.exe 6691 ( 26764 Kb) 0bc0 X1.exe 6597 ( 26388 Kb) 0d30 explorer.exe 6506 ( 26024 Kb) 0fdc iexplore.exe 6389 ( 25556 Kb) 085c X1Service.exe 6096 ( 24384 Kb) 26bc chrome.exe 5877 ( 23508 Kb) 22d4 chrome.exe 5859 ( 23436 Kb) 11bc chrome.exe 5055 ( 20220 Kb) 0b38 SUService.exe 4411 ( 17644 Kb) 01f8 svchost.exe 3943 ( 15772 Kb) 0660 winlogon.exe 3026 ( 12104 Kb) 0630 jqs.exe 2556 ( 10224 Kb) 1ad4 textExtractor.e 2297 ( 9188 Kb) 0fac wbxcOIEx.exe 2186 ( 8744 Kb) 048c EvtEng.exe 2056 ( 8224 Kb) 05bc spoolsv.exe 1822 ( 7288 Kb) 03ec Cisco_SSCservic 1579 ( 6316 Kb) 0f40 itype.exe 1497 ( 5988 Kb) 073c CUPCK9.EXE 1460 ( 5840 Kb) 032c S24EvMon.exe 1320 ( 5280 Kb) 04b0 Gatekeeper.exe 1293 ( 5172 Kb) 0ac0 UNS.exe 1277 ( 5108 Kb) 068c services.exe 1197 ( 4788 Kb) 0f64 Cisco_SSCgui.ex 1090 ( 4360 Kb) 0434 cvpnd.exe 1088 ( 4352 Kb) 0328 msmsgs.exe 1047 ( 4188 Kb) 06a0 lsass.exe 953 ( 3812 Kb) 0810 rundll32.exe 918 ( 3672 Kb) 0ea8 wmiprvse.exe 893 ( 3572 Kb) 0aa4 tvtsched.exe 824 ( 3296 Kb) 07ac CMGShieldSvc.ex 822 ( 3288 Kb) 0778 svchost.exe 717 ( 2868 Kb) 0a4c svchost.exe 662 ( 2648 Kb) 04dc nvsvc32.exe 646 ( 2584 Kb) 0614 CMGShieldUI.exe 629 ( 2516 Kb) 023c svchost.exe 593 ( 2372 Kb) 07f8 svchost.exe 557 ( 2228 Kb) 0174 AppleMobileDevi 506 ( 2024 Kb) 063c csrss.exe 500 ( 2000 Kb) 0f50 wmiprvse.exe 497 ( 1988 Kb) 0f3c dpupdchk.exe 493 ( 1972 Kb) 0214 btwdins.exe 477 ( 1908 Kb) 0bb8 scheduler_proxy 473 ( 1892 Kb) 045c svchost.exe 465 ( 1860 Kb) 01cc LMS.exe 424 ( 1696 Kb) 0ce4 GKProbe.exe 399 ( 1596 Kb) 01a8 atchksrv.exe 384 ( 1536 Kb) 05fc LVPrcSrv.exe 360 ( 1440 Kb) 0b20 wmiapsrv.exe 359 ( 1436 Kb) 05ec svchost.exe 354 ( 1416 Kb) 0dc8 ctfmon.exe 349 ( 1396 Kb) 0850 EZEJMNAP.EXE 336 ( 1344 Kb) 0a60 tvt_reg_monitor 330 ( 1320 Kb) 06f0 svchost.exe 317 ( 1268 Kb) 01b8 mDNSResponder.e 314 ( 1256 Kb) 049c svchost.exe 272 ( 1088 Kb) 0124 netdde.exe 272 ( 1088 Kb) 0358 LVComSer.exe 268 ( 1072 Kb) 04d4 svchost.exe 259 ( 1036 Kb) 0914 CBSysTray.exe 254 ( 1016 Kb) 0e24 X1Systray.exe 247 ( 988 Kb) 0374 clipsrv.exe 220 ( 880 Kb) 0528 RegSrvc.exe 218 ( 872 Kb) 0858 eclipse.exe 211 ( 844 Kb) 0428 mdm.exe 211 ( 844 Kb) 0164 AGENTSRV.EXE 201 ( 804 Kb) 0b00 uphclean.exe 158 ( 632 Kb) 0314 CEPSWatch.exe 143 ( 572 Kb) 0a80 TPHDEXLG.exe 134 ( 536 Kb) 25c8 scrnsave.scr 108 ( 432 Kb) 075c ibmpmsvc.exe 108 ( 432 Kb) 0a94 TpKmpSvc.exe 84 ( 336 Kb) 0508 smss.exe 39 ( 156 Kb) 0004 System 8 ( 32 Kb) 2364 rundll32.exe 0 ( 0 Kb) 2294 CEPSWatch.exe 0 ( 0 Kb) 2054 CEPSWatch.exe 0 ( 0 Kb) 1a20 rundll32.exe 0 ( 0 Kb) 13c0 csrss.exe 0 ( 0 Kb) 0e10 ctfmon.exe 0 ( 0 Kb) Extract of kd> !poolused 7 Sorting by NonPaged Pool Consumed Pool Used: NonPaged Paged Tag Allocs Frees Diff Used Allocs Frees Diff Used Irp 665012 324978 340034 187411112 0 0 0 0 Io, IRP packets MmCm 633 23 610 13294120 0 0 0 0 Calls made to MmAllocateContiguousMemory , Binary: nt!mm SpDN 116 106 10 9684176 783 783 0 0 UNKNOWN pooltag 'SpDN', please update pooltag.txt Wdm 1785 726 1059 4914344 265 246 19 2120 WDM *DNE 768 0 768 2045952 0 0 0 0 UNKNOWN pooltag '*DNE', please update pooltag.txt CEFM 337483 327432 10051 1727560 0 0 0 0 UNKNOWN pooltag 'CEFM', please update pooltag.txt Thre 2317977 2315836 2141 1353112 0 0 0 0 Thread objects , Binary: nt!ps Nmdd 1 0 1 1048576 0 0 0 0 NetMeeting display driver miniport 1 MB block NV 256272 255401 871 995072 70694 70367 327 2059456 nVidia video driver Devi 1270 732 538 756560 0 0 0 0 Device objects File 7863942 7859222 4720 722000 0 0 0 0 File objects Even 18294740 18283035 11705 567168 0 0 0 0 Event objects DNE 3659 472 3187 529696 0 0 0 0 UNKNOWN pooltag 'DNE ', please update pooltag.txt usbp 2356619 2356452 167 374304 193 178 15 704 UNKNOWN pooltag 'usbp', please update pooltag.txt Wmit 14 0 14 352256 3 2 1 328 Wmi Trace Ifs 6 0 6 327800 3 2 1 112 Default file system allocations (user's of ntifs.h) AmlH 5 0 5 327680 0 0 0 0 ACPI AMLI Pooltags Vad 5554462 5547812 6650 319200 0 0 0 0 Mm virtual address descriptors , Binary: nt!mm NDpp 102 10 92 269656 0 0 0 0 packet pool , Binary: ndis.sys Ntfr 41219 37170 4049 259592 0 0 0 0 ERESOURCE , Binary: ntfs.sys CcSc 249196 248439 757 236184 0 0 0 0 Cache Manager Shared Cache Map , Binary: nt!cc BTNW 4 0 4 227136 0 0 0 0 UNKNOWN pooltag 'BTNW', please update pooltag.txt Mm 1707 1694 13 222432 1473 1469 4 2632 general Mm Allocations , Binary: nt!mm Extract from kd> !irpfind Scanning large pool allocation table for Tag: Irp? (857d2000 : 857ea000) Searching NonPaged pool (82f05000 : 8af05000) for Tag: Irp? Irp [ Thread ] irpStack: (Mj,Mn) DevObj [Driver] MDL Process 82f05008 [00000000] Irp is complete (CurrentLocation 4 > StackCount 3) 82f05378 [00000000] Irp is complete (CurrentLocation 4 > StackCount 3) 82f055a0 [00000000] Irp is complete (CurrentLocation 4 > StackCount 3) 82f057c8 [00000000] Irp is complete (CurrentLocation 4 > StackCount 3) 82f05bb8 [00000000] Irp is complete (CurrentLocation 4 > StackCount 3) 82f05de0 [00000000] Irp is complete (CurrentLocation 4 > StackCount 3) 82f06008 [00000000] Irp is complete (CurrentLocation 4 > StackCount 3) 82f06288 [00000000] Irp is complete (CurrentLocation 4 > StackCount 3) 82f066c8 [00000000] Irp is complete (CurrentLocation 4 > StackCount 3) 82f068f0 [00000000] Irp is complete (CurrentLocation 4 > StackCount 3) 82f06b68 [00000000] Irp is complete (CurrentLocation 4 > StackCount 3) 82f06de0 [00000000] Irp is complete (CurrentLocation 4 > StackCount 3) 82f07008 [00000000] Irp is complete (CurrentLocation 4 > StackCount 3) 82f072b8 [00000000] Irp is complete (CurrentLocation 4 > StackCount 3) 82f074e0 [00000000] Irp is complete (CurrentLocation 4 > StackCount 3) 82f07718 [00000000] Irp is complete (CurrentLocation 4 > StackCount 3) 82f07940 [00000000] Irp is complete (CurrentLocation 4 > StackCount 3) Any help appreciated.