teg007
Content Type
Profiles
Forums
Events
Posts posted by teg007
-
-
Thanks for the feedback. Dump files are available here:
MEMORY1.zip is the dump file specific to my initial email. Since then I have had another reboot and this refers to MEMORY.zip.
With regard to the other questions, I am not sure exactly when the problem occurred and what has changed and thus removed most of the non needed programs.
Not running SP3 and running UPHCLEAN due to standard install. The o/p from !irpfind was indeed many pages.
Thanks gain for any help.
0 -
Hi,
I need some help to work out why my XP pc is crashing every 3 to 4 days. I have removed all of the virus tools and other programs to try and isolate the issue but have had no luck. After reviewing this and trying to follow the example I quickly realised that I dont have the expertise to actually work out what is actually causing the issue.
Using the example above I have summarised some of the requested outputs below. I am happy to share the dump file if this would help.
Output from windows debugger starting up:
Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\WINDOWS\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_qfe.090206-1239
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055c720
Debug session time: Thu Jul 30 12:16:35.954 2009 (GMT+8)
System Uptime: 1 days 23:08:49.656
Loading Kernel Symbols
...............................................................
................................................................
...................................................
Loading User Symbols
PEB is paged out (Peb.Ldr = 7ffdd00c). Type ".hh dbgerr001" for details
Loading unloaded module list
..................................................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck F4, {3, 89533da0, 89533f14, 805d1650}
unable to get nt!KiCurrentEtwBufferOffset
unable to get nt!KiCurrentEtwBufferBase
PEB is paged out (Peb.Ldr = 7ffdd00c). Type ".hh dbgerr001" for details
PEB is paged out (Peb.Ldr = 7ffdd00c). Type ".hh dbgerr001" for details
Probably caused by : hardware_disk
Followup: MachineOwner
---------Output of 1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
CRITICAL_OBJECT_TERMINATION (f4)
A process or thread crucial to system operation has unexpectedly exited or been
terminated.
Several processes and threads are necessary for the operation of the
system; when they are terminated (for any reason), the system can no
longer function.
Arguments:
Arg1: 00000003, Process
Arg2: 89533da0, Terminating object
Arg3: 89533f14, Process image file name
Arg4: 805d1650, Explanatory message (ascii)
Debugging Details:
------------------
unable to get nt!KiCurrentEtwBufferOffset
unable to get nt!KiCurrentEtwBufferBase
PEB is paged out (Peb.Ldr = 7ffdd00c). Type ".hh dbgerr001" for details
PEB is paged out (Peb.Ldr = 7ffdd00c). Type ".hh dbgerr001" for details
PROCESS_OBJECT: 89533da0
IMAGE_NAME: hardware_disk
DEBUG_FLR_IMAGE_TIMESTAMP: 0
FAULTING_MODULE: 00000000
PROCESS_NAME: csrss.exe
EXCEPTION_RECORD: baa779d8 -- (.exr 0xffffffffbaa779d8)
ExceptionAddress: 75b7a0c1
ExceptionCode: c0000006 (In-page I/O error)
ExceptionFlags: 00000000
NumberParameters: 3
Parameter[0]: 00000008
Parameter[1]: 75b7a0c1
Parameter[2]: c000009a
Inpage operation failed at 75b7a0c1, due to I/O error c000009a
EXCEPTION_CODE: (NTSTATUS) 0xc0000006 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The required data was not placed into memory because of an I/O error status of "0x%08lx".
DEFAULT_BUCKET_ID: DRIVER_FAULT
ERROR_CODE: (NTSTATUS) 0xc0000006 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The required data was not placed into memory because of an I/O error status of "0x%08lx".
EXCEPTION_PARAMETER1: 00000008
EXCEPTION_PARAMETER2: 75b7a0c1
EXCEPTION_PARAMETER3: c000009a
IO_ERROR: (NTSTATUS) 0xc000009a - Insufficient system resources exist to complete the API.
EXCEPTION_STR: 0xc0000006_c000009a
FAULTING_IP:
+1a4952f00fddfdc
75b7a0c1 ?? ???
BUGCHECK_STR: 0xF4_IOERR_C000009A
STACK_TEXT:
baa77520 805d07f7 000000f4 00000003 89533da0 nt!KeBugCheckEx+0x1b
baa77544 805d16fb 805d1650 89533da0 89533f14 nt!PspCatchCriticalBreak+0x75
baa77574 805413fc 89533fe8 c0000006 baa779b0 nt!NtTerminateProcess+0x7d
baa77574 80501131 89533fe8 c0000006 baa779b0 nt!KiFastCallEntry+0xfc
baa775f4 804fe7de ffffffff c0000006 baa779f8 nt!ZwTerminateProcess+0x11
baa779b0 8050289f baa779d8 00000000 baa77d64 nt!KiDispatchException+0x3a0
baa77d34 80544cc7 0069fbb4 0069fbd4 00000000 nt!KiRaiseException+0x175
baa77d50 805413fc 0069fbb4 0069fbd4 00000000 nt!NtRaiseException+0x33
baa77d50 75b7a0c1 0069fbb4 0069fbd4 00000000 nt!KiFastCallEntry+0xfc
WARNING: Frame IP not in any known module. Following frames may be wrong.
0069febc 00000000 00000000 00000000 00000000 0x75b7a0c1
STACK_COMMAND: kb
FOLLOWUP_IP:
+1a4952f00fddfdc
75b7a0c1 ?? ???
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: hardware_disk
FAILURE_BUCKET_ID: 0xF4_IOERR_C000009A_IMAGE_hardware_disk
BUCKET_ID: 0xF4_IOERR_C000009A_IMAGE_hardware_disk
Followup: MachineOwner
---------Output of !process ffffffff89533da0
PROCESS 89533da0 SessionId: 0 Cid: 063c Peb: 7ffdd000 ParentCid: 0508
DirBase: 0b700060 ObjectTable: e20a47a8 HandleCount: 960.
Image: csrss.exe
VadRoot 8604d7f0 Vads 227 Clone 0 Private 401. Modified 8106919. Locked 0.
DeviceMap e1002118
Token e227dde0
ElapsedTime 1 Day 23:08:05.126
UserTime 00:00:29.671
KernelTime 00:03:59.828
QuotaPoolUsage[PagedPool] 134540
QuotaPoolUsage[NonPagedPool] 9080
Working Set Sizes (now,min,max) (1740, 50, 345) (6960KB, 200KB, 1380KB)
PeakWorkingSetSize 2497
VirtualSize 64 Mb
PeakVirtualSize 86 Mb
PageFaultCount 49388
MemoryPriority BACKGROUND
BasePriority 13
CommitCharge 500
THREAD 89472da8 Cid 063c.0650 Teb: 7ffde000 Win32Thread: e15cb878 WAIT: (WrLpcReply) UserMode Non-Alertable
89472f9c Semaphore Limit 0x1
Waiting for reply to LPC MessageId 02197f43:
Current LPC port e12faf68
Not impersonating
DeviceMap e1002118
Owning Process 0 Image: <Unknown>
Attached Process 89533da0 Image: csrss.exe
Wait Start TickCount 10635992 Ticks: 226706 (0:00:59:02.281)
Context Switch Count 1055 LargeStack
UserTime 00:00:00.000
KernelTime 00:00:00.015
Start Address 0x75b67d5b
Stack Init baa68000 Current baa67c50 Base baa68000 Limit baa65000 Call 0
Priority 15 BasePriority 15 PriorityDecrement 0 DecrementCount 0
Kernel stack not resident.
ChildEBP RetAddr
baa67c68 8050380e nt!KiSwapContext+0x2f (FPO: [Uses EBP] [0,0,4])
baa67c74 804fb042 nt!KiSwapThread+0x8a (FPO: [0,0,0])
baa67c9c 805a223f nt!KeWaitForSingleObject+0x1c2 (FPO: [5,5,4])
baa67d50 805413fc nt!NtRequestWaitReplyPort+0x63d (FPO: [Non-Fpo])
baa67d50 7c90e514 nt!KiFastCallEntry+0xfc (FPO: [0,0] TrapFrame @ baa67d64)
WARNING: Frame IP not in any known module. Following frames may be wrong.
0049fff4 00000000 0x7c90e514
THREAD 89472aa8 Cid 063c.0654 Teb: 7ffdc000 Win32Thread: e5fe5eb0 WAIT: (UserRequest) UserMode Alertable
89778a90 SynchronizationEvent
89763aa8 SynchronizationEvent
89773e98 SynchronizationEvent
Not impersonating
DeviceMap e1002118
Owning Process 0 Image: <Unknown>
Attached Process 89533da0 Image: csrss.exe
Wait Start TickCount 10758781 Ticks: 103917 (0:00:27:03.703)
Context Switch Count 1176 LargeStack
UserTime 00:00:00.000
KernelTime 00:00:00.046
Start Address 0x75b6bedd
Stack Init a77dc000 Current a77db960 Base a77dc000 Limit a77d9000 Call 0
Priority 14 BasePriority 13 PriorityDecrement 0 DecrementCount 16
Kernel stack not resident.
ChildEBP RetAddr
a77db978 8050380e nt!KiSwapContext+0x2f (FPO: [Uses EBP] [0,0,4])
a77db984 804fad62 nt!KiSwapThread+0x8a (FPO: [0,0,0])
a77db9bc 805bf727 nt!KeWaitForMultipleObjects+0x284 (FPO: [8,9,4])
a77dbd48 805413fc nt!NtWaitForMultipleObjects+0x297 (FPO: [Non-Fpo])
a77dbd48 7c90e514 nt!KiFastCallEntry+0xfc (FPO: [0,0] TrapFrame @ a77dbd64)
WARNING: Frame IP not in any known module. Following frames may be wrong.
004dfff4 00000000 0x7c90e514
THREAD 894af348 Cid 063c.0658 Teb: 7ffdb000 Win32Thread: e229b538 WAIT: (WrLpcReceive) UserMode Non-Alertable
8987aa78 Semaphore Limit 0x7fffffff
Not impersonating
DeviceMap e1002118
Owning Process 0 Image: <Unknown>
Attached Process 89533da0 Image: csrss.exe
Wait Start TickCount 10861628 Ticks: 1070 (0:00:00:16.718)
Context Switch Count 280242 LargeStack
UserTime 00:00:06.000
KernelTime 00:00:23.609
Start Address 0x75b44616
Stack Init ad42c000 Current ad42bc34 Base ad42c000 Limit ad429000 Call 0
Priority 13 BasePriority 13 PriorityDecrement 0 DecrementCount 16
ChildEBP RetAddr
ad42bc4c 8050380e nt!KiSwapContext+0x2f (FPO: [Uses EBP] [0,0,4])
ad42bc58 804fb042 nt!KiSwapThread+0x8a (FPO: [0,0,0])
ad42bc80 805a5124 nt!KeWaitForSingleObject+0x1c2 (FPO: [5,5,4])
ad42bd30 805a5358 nt!NtReplyWaitReceivePortEx+0x3dc (FPO: [Non-Fpo])
ad42bd4c 805413fc nt!NtReplyWaitReceivePort+0x18 (FPO: [4,0,0])
ad42bd4c 7c90e514 nt!KiFastCallEntry+0xfc (FPO: [0,0] TrapFrame @ ad42bd64)
WARNING: Frame IP not in any known module. Following frames may be wrong.
0052fff4 00000000 0x7c90e514
THREAD 894c8da8 Cid 063c.065c Teb: 7ffda000 Win32Thread: 00000000 WAIT: (WrLpcReceive) UserMode Non-Alertable
89905b50 Semaphore Limit 0x7fffffff
Not impersonating
DeviceMap e1002118
Owning Process 0 Image: <Unknown>
Attached Process 89533da0 Image: csrss.exe
Wait Start TickCount 272246 Ticks: 10590452 (1:21:57:55.812)
Context Switch Count 7
UserTime 00:00:00.000
KernelTime 00:00:00.000
Start Address 0x75b43b3a
Stack Init b2ff2000 Current b2ff1c34 Base b2ff2000 Limit b2fef000 Call 0
Priority 15 BasePriority 13 PriorityDecrement 0 DecrementCount 0
Kernel stack not resident.
THREAD 89476428 Cid 063c.0668 Teb: 7ffd9000 Win32Thread: e1ca35c8 RUNNING on processor 1
Not impersonating
DeviceMap e1002118
Owning Process 0 Image: <Unknown>
Attached Process 89533da0 Image: csrss.exe
Wait Start TickCount 10862698 Ticks: 0
Context Switch Count 280220 LargeStack
UserTime 00:00:05.718
KernelTime 00:00:23.734
Win32 Start Address 0x0226024e
LPC Server thread working on message Id 226024e
Start Address 0x75b44616
Stack Init baa78000 Current baa77c1c Base baa78000 Limit baa75000 Call 0
Priority 13 BasePriority 13 PriorityDecrement 0 DecrementCount 16
ChildEBP RetAddr
baa77520 805d07f7 nt!KeBugCheckEx+0x1b (FPO: [5,0,0])
baa77544 805d16fb nt!PspCatchCriticalBreak+0x75 (FPO: [3,0,0])
baa77574 805413fc nt!NtTerminateProcess+0x7d (FPO: [2,4,4])
baa77574 80501131 nt!KiFastCallEntry+0xfc (FPO: [0,0] TrapFrame @ baa77584)
baa775f4 804fe7de nt!ZwTerminateProcess+0x11 (FPO: [2,0,0])
baa779b0 8050289f nt!KiDispatchException+0x3a0 (FPO: [Non-Fpo])
baa77d34 80544cc7 nt!KiRaiseException+0x175 (FPO: [Non-Fpo])
baa77d50 805413fc nt!NtRaiseException+0x33
baa77d50 75b7a0c1 nt!KiFastCallEntry+0xfc (FPO: [0,0] TrapFrame @ baa77d64)
WARNING: Frame IP not in any known module. Following frames may be wrong.
0069febc 00000000 0x75b7a0c1
THREAD 8965ac90 Cid 063c.066c Teb: 7ffd8000 Win32Thread: e1a0f990 WAIT: (Executive) KernelMode Non-Alertable
8948ce78 SynchronizationEvent
8965ad80 NotificationTimer
IRP List:
ff9d44f0: (0006,0220) Flags: 00000970 Mdl: 00000000
89772d50: (0006,0190) Flags: 00000970 Mdl: 00000000
8947ee28: (0006,01d8) Flags: 00000970 Mdl: 00000000
89720b58: (0006,0190) Flags: 00000970 Mdl: 00000000
Not impersonating
DeviceMap e1002118
Owning Process 0 Image: <Unknown>
Attached Process 89533da0 Image: csrss.exe
Wait Start TickCount 10862698 Ticks: 0
Context Switch Count 58949346 LargeStack
UserTime 00:00:00.000
KernelTime 00:01:05.250
Start Address 0x75b67cd7
Stack Init b3caa000 Current b3ca9a58 Base b3caa000 Limit b3ca7000 Call 0
Priority 13 BasePriority 13 PriorityDecrement 0 DecrementCount 16
ChildEBP RetAddr
b3ca9a60 00000000 0x0
THREAD 8954f6f0 Cid 063c.0670 Teb: 7ffd7000 Win32Thread: e1c7c880 WAIT: (WrUserRequest) UserMode Non-Alertable
89779a78 SynchronizationEvent
89476e78 SynchronizationEvent
89a7b2f0 SynchronizationEvent
IRP List:
ff9e4bb8: (0006,0220) Flags: 00000970 Mdl: 00000000
ff2364f0: (0006,0220) Flags: 00000970 Mdl: 00000000
8952c008: (0006,0190) Flags: 00000970 Mdl: 00000000
896b3c70: (0006,0190) Flags: 00000970 Mdl: 00000000
Not impersonating
DeviceMap e1002118
Owning Process 0 Image: <Unknown>
Attached Process 89533da0 Image: csrss.exe
Wait Start TickCount 10862695 Ticks: 3 (0:00:00:00.046)
Context Switch Count 2700246 LargeStack
UserTime 00:00:00.000
KernelTime 00:00:12.625
Start Address 0x75b67cd7
Stack Init b836e000 Current b836d9c8 Base b836e000 Limit b836b000 Call 0
Priority 15 BasePriority 13 PriorityDecrement 0 DecrementCount 0
ChildEBP RetAddr
b836d9e0 8050380e nt!KiSwapContext+0x2f (FPO: [Uses EBP] [0,0,4])
b836d9ec 804fad62 nt!KiSwapThread+0x8a (FPO: [0,0,0])
b836da24 bf80a6cf nt!KeWaitForMultipleObjects+0x284 (FPO: [8,9,4])
b836da5c bf8797e9 win32k!xxxMsgWaitForMultipleObjects+0xb0 (FPO: [4,1,4])
b836dd30 bf8627fc win32k!xxxDesktopThread+0x32b (FPO: [1,172,4])
b836dd40 bf80112d win32k!xxxCreateSystemThreads+0x6a (FPO: [1,1,0])
b836dd54 805413fc win32k!NtUserCallOneParam+0x23 (FPO: [2,0,0])
b836dd54 7c90e514 nt!KiFastCallEntry+0xfc (FPO: [0,0] TrapFrame @ b836dd64)
WARNING: Frame IP not in any known module. Following frames may be wrong.
00000000 00000000 0x7c90e514
THREAD 8989ece8 Cid 063c.06a8 Teb: 7ffd6000 Win32Thread: e1c64918 WAIT: (WrUserRequest) UserMode Non-Alertable
894d41a8 SynchronizationEvent
89a267f0 SynchronizationEvent
Not impersonating
DeviceMap e1002118
Owning Process 0 Image: <Unknown>
Attached Process 89533da0 Image: csrss.exe
Wait Start TickCount 272246 Ticks: 10590452 (1:21:57:55.812)
Context Switch Count 7 LargeStack
UserTime 00:00:00.000
KernelTime 00:00:00.000
Start Address 0x75b67cd7
Stack Init b834e000 Current b834d9c8 Base b834e000 Limit b834b000 Call 0
Priority 15 BasePriority 13 PriorityDecrement 0 DecrementCount 0
Kernel stack not resident.
THREAD 89a13020 Cid 063c.06ac Teb: 7ffd5000 Win32Thread: e1c0ceb0 WAIT: (WrLpcReceive) UserMode Non-Alertable
8987aa78 Semaphore Limit 0x7fffffff
Not impersonating
DeviceMap e1002118
Owning Process 0 Image: <Unknown>
Attached Process 89533da0 Image: csrss.exe
Wait Start TickCount 10862053 Ticks: 645 (0:00:00:10.078)
Context Switch Count 280535 LargeStack
UserTime 00:00:06.078
KernelTime 00:00:23.218
Win32 Start Address 0x022601e1
LPC Server thread working on message Id 22601e1
Start Address 0x75b44616
Stack Init b92e3000 Current b92e2c34 Base b92e3000 Limit b92e0000 Call 0
Priority 13 BasePriority 13 PriorityDecrement 0 DecrementCount 16
ChildEBP RetAddr
b92e2c4c 8050380e nt!KiSwapContext+0x2f (FPO: [Uses EBP] [0,0,4])
b92e2c58 804fb042 nt!KiSwapThread+0x8a (FPO: [0,0,0])
b92e2c80 805a5124 nt!KeWaitForSingleObject+0x1c2 (FPO: [5,5,4])
b92e2d30 805a5358 nt!NtReplyWaitReceivePortEx+0x3dc (FPO: [Non-Fpo])
b92e2d4c 805413fc nt!NtReplyWaitReceivePort+0x18 (FPO: [4,0,0])
b92e2d4c 7c90e514 nt!KiFastCallEntry+0xfc (FPO: [0,0] TrapFrame @ b92e2d64)
WARNING: Frame IP not in any known module. Following frames may be wrong.
00c8fff4 00000000 0x7c90e514
THREAD 8989ea70 Cid 063c.06b0 Teb: 7ffd4000 Win32Thread: e1c7f5a8 WAIT: (WrLpcReceive) UserMode Non-Alertable
8987aa78 Semaphore Limit 0x7fffffff
Not impersonating
DeviceMap e1002118
Owning Process 0 Image: <Unknown>
Attached Process 89533da0 Image: csrss.exe
Wait Start TickCount 10862052 Ticks: 646 (0:00:00:10.093)
Context Switch Count 280413 LargeStack
UserTime 00:00:05.843
KernelTime 00:00:22.781
Win32 Start Address 0x022601df
LPC Server thread working on message Id 22601df
Start Address 0x75b44616
Stack Init b92c3000 Current b92c2c34 Base b92c3000 Limit b92c0000 Call 0
Priority 14 BasePriority 13 PriorityDecrement 0 DecrementCount 16
ChildEBP RetAddr
b92c2c4c 8050380e nt!KiSwapContext+0x2f (FPO: [Uses EBP] [0,0,4])
b92c2c58 804fb042 nt!KiSwapThread+0x8a (FPO: [0,0,0])
b92c2c80 805a5124 nt!KeWaitForSingleObject+0x1c2 (FPO: [5,5,4])
b92c2d30 805a5358 nt!NtReplyWaitReceivePortEx+0x3dc (FPO: [Non-Fpo])
b92c2d4c 805413fc nt!NtReplyWaitReceivePort+0x18 (FPO: [4,0,0])
b92c2d4c 7c90e514 nt!KiFastCallEntry+0xfc (FPO: [0,0] TrapFrame @ b92c2d64)
WARNING: Frame IP not in any known module. Following frames may be wrong.
00cefff4 00000000 0x7c90e514
THREAD 88851b00 Cid 063c.03e0 Teb: 7ffaf000 Win32Thread: e2e7c280 WAIT: (WrUserRequest) UserMode Non-Alertable
8884bdc8 SynchronizationEvent
Not impersonating
DeviceMap e1002118
Owning Process 0 Image: <Unknown>
Attached Process 89533da0 Image: csrss.exe
Wait Start TickCount 10860139 Ticks: 2559 (0:00:00:39.984)
Context Switch Count 9219 LargeStack
UserTime 00:00:00.062
KernelTime 00:00:00.234
Start Address 0x75b61e4a
Stack Init a9910000 Current a990fc20 Base a9910000 Limit a990c000 Call 0
Priority 15 BasePriority 13 PriorityDecrement 0 DecrementCount 0
Kernel stack not resident.
ChildEBP RetAddr
a990fc38 8050380e nt!KiSwapContext+0x2f (FPO: [Uses EBP] [0,0,4])
a990fc44 804fb042 nt!KiSwapThread+0x8a (FPO: [0,0,0])
a990fc6c bf80300b nt!KeWaitForSingleObject+0x1c2 (FPO: [5,5,4])
a990fca8 bf801be3 win32k!xxxSleepThread+0x192 (FPO: [3,5,4])
a990fcec bf81a093 win32k!xxxRealInternalGetMessage+0x418 (FPO: [6,9,4])
a990fd4c 805413fc win32k!NtUserGetMessage+0x27 (FPO: [Non-Fpo])
a990fd4c 7c90e514 nt!KiFastCallEntry+0xfc (FPO: [0,0] TrapFrame @ a990fd64)
WARNING: Frame IP not in any known module. Following frames may be wrong.
0118ff6c 00000000 0x7c90e514
THREAD 882dc528 Cid 063c.0ba8 Teb: 7ffae000 Win32Thread: 00000000 WAIT: (UserRequest) UserMode Non-Alertable
883f22fc NotificationEvent
IRP List:
88721a90: (0006,0094) Flags: 00000900 Mdl: 00000000
Not impersonating
DeviceMap e1002118
Owning Process 0 Image: <Unknown>
Attached Process 89533da0 Image: csrss.exe
Wait Start TickCount 272246 Ticks: 10590452 (1:21:57:55.812)
Context Switch Count 3
UserTime 00:00:00.000
KernelTime 00:00:00.000
Start Address 0x75b67fcc
Stack Init ba414000 Current ba413ca0 Base ba414000 Limit ba411000 Call 0
Priority 15 BasePriority 15 PriorityDecrement 0 DecrementCount 0
Kernel stack not resident.
THREAD 8af00368 Cid 063c.00f8 Teb: 7ffad000 Win32Thread: e16232c0 WAIT: (WrLpcReceive) UserMode Non-Alertable
8987aa78 Semaphore Limit 0x7fffffff
Not impersonating
DeviceMap e1002118
Owning Process 0 Image: <Unknown>
Attached Process 89533da0 Image: csrss.exe
Wait Start TickCount 10861628 Ticks: 1070 (0:00:00:16.718)
Context Switch Count 278499 LargeStack
UserTime 00:00:05.765
KernelTime 00:00:23.218
Start Address 0x75b44616
Stack Init a8ce8000 Current a8ce7c34 Base a8ce8000 Limit a8ce5000 Call 0
Priority 14 BasePriority 13 PriorityDecrement 0 DecrementCount 16
ChildEBP RetAddr
a8ce7c4c 8050380e nt!KiSwapContext+0x2f (FPO: [Uses EBP] [0,0,4])
a8ce7c58 804fb042 nt!KiSwapThread+0x8a (FPO: [0,0,0])
a8ce7c80 805a5124 nt!KeWaitForSingleObject+0x1c2 (FPO: [5,5,4])
a8ce7d30 805a5358 nt!NtReplyWaitReceivePortEx+0x3dc (FPO: [Non-Fpo])
a8ce7d4c 805413fc nt!NtReplyWaitReceivePort+0x18 (FPO: [4,0,0])
a8ce7d4c 7c90e514 nt!KiFastCallEntry+0xfc (FPO: [0,0] TrapFrame @ a8ce7d64)
WARNING: Frame IP not in any known module. Following frames may be wrong.
0158fff4 00000000 0x7c90e514
THREAD 8826fda8 Cid 063c.1178 Teb: 7ffac000 Win32Thread: e3150308 WAIT: (WrUserRequest) UserMode Non-Alertable
87cc5608 SynchronizationEvent
Not impersonating
DeviceMap e1002118
Owning Process 0 Image: <Unknown>
Attached Process 89533da0 Image: csrss.exe
Wait Start TickCount 2201286 Ticks: 8661412 (1:13:35:34.562)
Context Switch Count 39313 LargeStack
UserTime 00:00:00.062
KernelTime 00:00:05.890
Start Address 0x75b61e4a
Stack Init a92c6000 Current a92c5c20 Base a92c6000 Limit a92c1000 Call 0
Priority 15 BasePriority 13 PriorityDecrement 0 DecrementCount 16
Kernel stack not resident.
ChildEBP RetAddr
a92c5c38 8050380e nt!KiSwapContext+0x2f (FPO: [Uses EBP] [0,0,4])
a92c5c44 804fb042 nt!KiSwapThread+0x8a (FPO: [0,0,0])
a92c5c6c bf80300b nt!KeWaitForSingleObject+0x1c2 (FPO: [5,5,4])
a92c5ca8 bf801be3 win32k!xxxSleepThread+0x192 (FPO: [3,5,4])
a92c5cec bf81a093 win32k!xxxRealInternalGetMessage+0x418 (FPO: [6,9,4])
a92c5d4c 805413fc win32k!NtUserGetMessage+0x27 (FPO: [Non-Fpo])
a92c5d4c 7c90e514 nt!KiFastCallEntry+0xfc (FPO: [0,0] TrapFrame @ a92c5d64)
WARNING: Frame IP not in any known module. Following frames may be wrong.
0166ff6c 00000000 0x7c90e514Output of kd> !vm
*** Virtual Memory Usage ***
Physical Memory: 785977 ( 3143908 Kb)
Page File: \??\C:\pagefile.sys
Current: 3093504 Kb Free Space: 2664244 Kb
Minimum: 3093504 Kb Maximum: 3093504 Kb
Available Pages: 499022 ( 1996088 Kb)
ResAvail Pages: 693762 ( 2775048 Kb)
Locked IO Pages: 142 ( 568 Kb)
Free System PTEs: 169269 ( 677076 Kb)
Free NP PTEs: 0 ( 0 Kb)
Free Special NP: 0 ( 0 Kb)
Modified Pages: 557 ( 2228 Kb)
Modified PF Pages: 557 ( 2228 Kb)
NonPagedPool Usage: 65495 ( 261980 Kb)
NonPagedPool Max: 65536 ( 262144 Kb)
********** Excessive NonPaged Pool Usage *****
PagedPool 0 Usage: 9994 ( 39976 Kb)
PagedPool 1 Usage: 2949 ( 11796 Kb)
PagedPool 2 Usage: 2859 ( 11436 Kb)
PagedPool 3 Usage: 2943 ( 11772 Kb)
PagedPool 4 Usage: 2921 ( 11684 Kb)
PagedPool Usage: 21666 ( 86664 Kb)
PagedPool Maximum: 92160 ( 368640 Kb)
********** 304968 pool allocations have failed **********
Session Commit: 1567 ( 6268 Kb)
Shared Commit: 19323 ( 77292 Kb)
Special Pool: 0 ( 0 Kb)
Shared Process: 7090 ( 28360 Kb)
PagedPool Commit: 21666 ( 86664 Kb)
Driver Commit: 4393 ( 17572 Kb)
Committed pages: 332863 ( 1331452 Kb)
Commit limit: 1517920 ( 6071680 Kb)
Total Private: 241750 ( 967000 Kb)
0cfc OUTLOOK.EXE 40403 ( 161612 Kb)
01d8 connect.exe 17414 ( 69656 Kb)
0b30 sametime80w.exe 16427 ( 65708 Kb)
2528 chrome.exe 15374 ( 61496 Kb)
0288 YahooMessenger. 14658 ( 58632 Kb)
11e0 chrome.exe 11540 ( 46160 Kb)
1edc chrome.exe 8715 ( 34860 Kb)
253c chrome.exe 7265 ( 29060 Kb)
2088 EXCEL.EXE 6773 ( 27092 Kb)
2480 chrome.exe 6691 ( 26764 Kb)
0bc0 X1.exe 6597 ( 26388 Kb)
0d30 explorer.exe 6506 ( 26024 Kb)
0fdc iexplore.exe 6389 ( 25556 Kb)
085c X1Service.exe 6096 ( 24384 Kb)
26bc chrome.exe 5877 ( 23508 Kb)
22d4 chrome.exe 5859 ( 23436 Kb)
11bc chrome.exe 5055 ( 20220 Kb)
0b38 SUService.exe 4411 ( 17644 Kb)
01f8 svchost.exe 3943 ( 15772 Kb)
0660 winlogon.exe 3026 ( 12104 Kb)
0630 jqs.exe 2556 ( 10224 Kb)
1ad4 textExtractor.e 2297 ( 9188 Kb)
0fac wbxcOIEx.exe 2186 ( 8744 Kb)
048c EvtEng.exe 2056 ( 8224 Kb)
05bc spoolsv.exe 1822 ( 7288 Kb)
03ec Cisco_SSCservic 1579 ( 6316 Kb)
0f40 itype.exe 1497 ( 5988 Kb)
073c CUPCK9.EXE 1460 ( 5840 Kb)
032c S24EvMon.exe 1320 ( 5280 Kb)
04b0 Gatekeeper.exe 1293 ( 5172 Kb)
0ac0 UNS.exe 1277 ( 5108 Kb)
068c services.exe 1197 ( 4788 Kb)
0f64 Cisco_SSCgui.ex 1090 ( 4360 Kb)
0434 cvpnd.exe 1088 ( 4352 Kb)
0328 msmsgs.exe 1047 ( 4188 Kb)
06a0 lsass.exe 953 ( 3812 Kb)
0810 rundll32.exe 918 ( 3672 Kb)
0ea8 wmiprvse.exe 893 ( 3572 Kb)
0aa4 tvtsched.exe 824 ( 3296 Kb)
07ac CMGShieldSvc.ex 822 ( 3288 Kb)
0778 svchost.exe 717 ( 2868 Kb)
0a4c svchost.exe 662 ( 2648 Kb)
04dc nvsvc32.exe 646 ( 2584 Kb)
0614 CMGShieldUI.exe 629 ( 2516 Kb)
023c svchost.exe 593 ( 2372 Kb)
07f8 svchost.exe 557 ( 2228 Kb)
0174 AppleMobileDevi 506 ( 2024 Kb)
063c csrss.exe 500 ( 2000 Kb)
0f50 wmiprvse.exe 497 ( 1988 Kb)
0f3c dpupdchk.exe 493 ( 1972 Kb)
0214 btwdins.exe 477 ( 1908 Kb)
0bb8 scheduler_proxy 473 ( 1892 Kb)
045c svchost.exe 465 ( 1860 Kb)
01cc LMS.exe 424 ( 1696 Kb)
0ce4 GKProbe.exe 399 ( 1596 Kb)
01a8 atchksrv.exe 384 ( 1536 Kb)
05fc LVPrcSrv.exe 360 ( 1440 Kb)
0b20 wmiapsrv.exe 359 ( 1436 Kb)
05ec svchost.exe 354 ( 1416 Kb)
0dc8 ctfmon.exe 349 ( 1396 Kb)
0850 EZEJMNAP.EXE 336 ( 1344 Kb)
0a60 tvt_reg_monitor 330 ( 1320 Kb)
06f0 svchost.exe 317 ( 1268 Kb)
01b8 mDNSResponder.e 314 ( 1256 Kb)
049c svchost.exe 272 ( 1088 Kb)
0124 netdde.exe 272 ( 1088 Kb)
0358 LVComSer.exe 268 ( 1072 Kb)
04d4 svchost.exe 259 ( 1036 Kb)
0914 CBSysTray.exe 254 ( 1016 Kb)
0e24 X1Systray.exe 247 ( 988 Kb)
0374 clipsrv.exe 220 ( 880 Kb)
0528 RegSrvc.exe 218 ( 872 Kb)
0858 eclipse.exe 211 ( 844 Kb)
0428 mdm.exe 211 ( 844 Kb)
0164 AGENTSRV.EXE 201 ( 804 Kb)
0b00 uphclean.exe 158 ( 632 Kb)
0314 CEPSWatch.exe 143 ( 572 Kb)
0a80 TPHDEXLG.exe 134 ( 536 Kb)
25c8 scrnsave.scr 108 ( 432 Kb)
075c ibmpmsvc.exe 108 ( 432 Kb)
0a94 TpKmpSvc.exe 84 ( 336 Kb)
0508 smss.exe 39 ( 156 Kb)
0004 System 8 ( 32 Kb)
2364 rundll32.exe 0 ( 0 Kb)
2294 CEPSWatch.exe 0 ( 0 Kb)
2054 CEPSWatch.exe 0 ( 0 Kb)
1a20 rundll32.exe 0 ( 0 Kb)
13c0 csrss.exe 0 ( 0 Kb)
0e10 ctfmon.exe 0 ( 0 Kb)Extract of kd> !poolused 7
Sorting by NonPaged Pool Consumed
Pool Used:
NonPaged Paged
Tag Allocs Frees Diff Used Allocs Frees Diff Used
Irp 665012 324978 340034 187411112 0 0 0 0 Io, IRP packets
MmCm 633 23 610 13294120 0 0 0 0 Calls made to MmAllocateContiguousMemory , Binary: nt!mm
SpDN 116 106 10 9684176 783 783 0 0 UNKNOWN pooltag 'SpDN', please update pooltag.txt
Wdm 1785 726 1059 4914344 265 246 19 2120 WDM
*DNE 768 0 768 2045952 0 0 0 0 UNKNOWN pooltag '*DNE', please update pooltag.txt
CEFM 337483 327432 10051 1727560 0 0 0 0 UNKNOWN pooltag 'CEFM', please update pooltag.txt
Thre 2317977 2315836 2141 1353112 0 0 0 0 Thread objects , Binary: nt!ps
Nmdd 1 0 1 1048576 0 0 0 0 NetMeeting display driver miniport 1 MB block
NV 256272 255401 871 995072 70694 70367 327 2059456 nVidia video driver
Devi 1270 732 538 756560 0 0 0 0 Device objects
File 7863942 7859222 4720 722000 0 0 0 0 File objects
Even 18294740 18283035 11705 567168 0 0 0 0 Event objects
DNE 3659 472 3187 529696 0 0 0 0 UNKNOWN pooltag 'DNE ', please update pooltag.txt
usbp 2356619 2356452 167 374304 193 178 15 704 UNKNOWN pooltag 'usbp', please update pooltag.txt
Wmit 14 0 14 352256 3 2 1 328 Wmi Trace
Ifs 6 0 6 327800 3 2 1 112 Default file system allocations (user's of ntifs.h)
AmlH 5 0 5 327680 0 0 0 0 ACPI AMLI Pooltags
Vad 5554462 5547812 6650 319200 0 0 0 0 Mm virtual address descriptors , Binary: nt!mm
NDpp 102 10 92 269656 0 0 0 0 packet pool , Binary: ndis.sys
Ntfr 41219 37170 4049 259592 0 0 0 0 ERESOURCE , Binary: ntfs.sys
CcSc 249196 248439 757 236184 0 0 0 0 Cache Manager Shared Cache Map , Binary: nt!cc
BTNW 4 0 4 227136 0 0 0 0 UNKNOWN pooltag 'BTNW', please update pooltag.txt
Mm 1707 1694 13 222432 1473 1469 4 2632 general Mm Allocations , Binary: nt!mmExtract from kd> !irpfind
Scanning large pool allocation table for Tag: Irp? (857d2000 : 857ea000)
Searching NonPaged pool (82f05000 : 8af05000) for Tag: Irp?
Irp [ Thread ] irpStack: (Mj,Mn) DevObj [Driver] MDL Process
82f05008 [00000000] Irp is complete (CurrentLocation 4 > StackCount 3)
82f05378 [00000000] Irp is complete (CurrentLocation 4 > StackCount 3)
82f055a0 [00000000] Irp is complete (CurrentLocation 4 > StackCount 3)
82f057c8 [00000000] Irp is complete (CurrentLocation 4 > StackCount 3)
82f05bb8 [00000000] Irp is complete (CurrentLocation 4 > StackCount 3)
82f05de0 [00000000] Irp is complete (CurrentLocation 4 > StackCount 3)
82f06008 [00000000] Irp is complete (CurrentLocation 4 > StackCount 3)
82f06288 [00000000] Irp is complete (CurrentLocation 4 > StackCount 3)
82f066c8 [00000000] Irp is complete (CurrentLocation 4 > StackCount 3)
82f068f0 [00000000] Irp is complete (CurrentLocation 4 > StackCount 3)
82f06b68 [00000000] Irp is complete (CurrentLocation 4 > StackCount 3)
82f06de0 [00000000] Irp is complete (CurrentLocation 4 > StackCount 3)
82f07008 [00000000] Irp is complete (CurrentLocation 4 > StackCount 3)
82f072b8 [00000000] Irp is complete (CurrentLocation 4 > StackCount 3)
82f074e0 [00000000] Irp is complete (CurrentLocation 4 > StackCount 3)
82f07718 [00000000] Irp is complete (CurrentLocation 4 > StackCount 3)
82f07940 [00000000] Irp is complete (CurrentLocation 4 > StackCount 3)Any help appreciated.
0
Windows XP crashing every 3 days
in Windows XP
Posted
Thanks for the analysis!
The devices that I have connected are as follows:
- 3M Ergonomic mouse
- Microsoft Comfort Optical Mouse (I know..two mouses...but I use both hands)
- HP Laserjet 3052 printer
- Dell 2408 Widescreen monitor. This monitor has multiple USB connections.
- EDIMAX 4 port KVM
I have been using all of the above for as long as I can remember ie at least 12 months. However the Dell monitor has been behaving very strangely with the screen blanking and having to be turned off and on again to get a picture.
I can try disconnecting the USB port to the monitor and see if that improves the situation.
I do have a logitech camera but it hasnt been connected for many months. I will also remove this and see it improves.
Thanks again.