gOber Posted August 13, 2008 Share Posted August 13, 2008 Hello,I need help. SOmetimes i always got blue screenBad_pool_caller stop: 0x000000c2 (0x00000007,0x00000cd4,0x02130041,0x88616210)Anyone expert help me pleasethanksAnton Link to comment Share on other sites More sharing options...
Mr Snrub Posted August 13, 2008 Share Posted August 13, 2008 You need to prepare your system to create a kernel memory dump the next time it bugchecks (bluescreens):- Right-click My Computer, click Properties- Click the Advanced tab- Click the Settings button under Startup and Recovery- Under Write debugging information, select Kernel memory dump- Click OK- Click the Settings button under Performance- Click the Advanced tab- Click the Change button- Ensure that the drive on which the Windows folder resides (the 'boot' drive) has a page file at least as large as the RAM you have installed plus 50MB(e.g. if you have 1GB RAM on a default installation, the page file needs to go up to at least 1074MB on the C: drive - if the range already covers this then no change is required)- Click OK on each of the 3 open windowsWhen the system next bugchecks it will display a status message "Beginning dump of physical memory" and work up to 100% before restarting.After restarting, the memory dump is copied from %systemdrive%\pagefile.sys to %systemroot%\MEMORY.DMP.Zip up the MEMORY.DMP file and upload it to any of the free file sharing sites and post a link here so we can download it for analysis. Link to comment Share on other sites More sharing options...
gOber Posted August 21, 2008 Author Share Posted August 21, 2008 (edited) You need to prepare your system to create a kernel memory dump the next time it bugchecks (bluescreens):- Right-click My Computer, click Properties- Click the Advanced tab- Click the Settings button under Startup and Recovery- Under Write debugging information, select Kernel memory dump- Click OK- Click the Settings button under Performance- Click the Advanced tab- Click the Change button- Ensure that the drive on which the Windows folder resides (the 'boot' drive) has a page file at least as large as the RAM you have installed plus 50MB(e.g. if you have 1GB RAM on a default installation, the page file needs to go up to at least 1074MB on the C: drive - if the range already covers this then no change is required)- Click OK on each of the 3 open windowsWhen the system next bugchecks it will display a status message "Beginning dump of physical memory" and work up to 100% before restarting.After restarting, the memory dump is copied from %systemdrive%\pagefile.sys to %systemroot%\MEMORY.DMP.Zip up the MEMORY.DMP file and upload it to any of the free file sharing sites and post a link here so we can download it for analysis.Hello,Sorry late reply..I already try update my driver and so far is work fine for me. But i still do your step. But i don't understand about re size ram. I have 2gb ram. (DUAL) please see my SSall size is setting automatically. I must manual setting?thanksAnton Edited August 21, 2008 by gOber Link to comment Share on other sites More sharing options...
Mr Snrub Posted August 21, 2008 Share Posted August 21, 2008 That's fine as is it, no need to change it from those settings - the page file is on the boot drive and can grow to at least 2098MB (2048+50) - which is also the largest you could possibly need for a kernel dump on a 32-bit system too. Link to comment Share on other sites More sharing options...
cluberti Posted August 21, 2008 Share Posted August 21, 2008 That's fine as is it, no need to change it from those settings - the page file is on the boot drive and can grow to at least 2098MB (2048+50) - which is also the largest you could possibly need for a kernel dump on a 32-bit system too.Actually, untrue. When you dump the box it only reads the "Initial size" number, and as such this has the possibility for not being large enough for a kernel dump (can be up to 2GB, if this is x86), and definitely not enough for a complete dump.I would suggest changing the initial size to at least 2200 and rebooting before expecting this to work properly. Link to comment Share on other sites More sharing options...
Mr Snrub Posted August 21, 2008 Share Posted August 21, 2008 Actually, untrue. When you dump the box it only reads the "Initial size" number, and as such this has the possibility for not being large enough for a kernel dump (can be up to 2GB, if this is x86), and definitely not enough for a complete dump.You live & learn, cheers Though in practicality I don't think I've seen a kernel dump larger than ~800MB even from x64 Server systems. Link to comment Share on other sites More sharing options...
gOber Posted August 21, 2008 Author Share Posted August 21, 2008 (edited) Actually, untrue. When you dump the box it only reads the "Initial size" number, and as such this has the possibility for not being large enough for a kernel dump (can be up to 2GB, if this is x86), and definitely not enough for a complete dump.You live & learn, cheers Though in practicality I don't think I've seen a kernel dump larger than ~800MB even from x64 Server systems.Hello,I got BSOD again... and i already upload my dump file..here http://rapidshare.com/files/138902786/MEMORYy.rar.html actually size 196MB after rar 38mbhope can help me..thanks Edited August 21, 2008 by gOber Link to comment Share on other sites More sharing options...
gOber Posted August 21, 2008 Author Share Posted August 21, 2008 That's fine as is it, no need to change it from those settings - the page file is on the boot drive and can grow to at least 2098MB (2048+50) - which is also the largest you could possibly need for a kernel dump on a 32-bit system too.Actually, untrue. When you dump the box it only reads the "Initial size" number, and as such this has the possibility for not being large enough for a kernel dump (can be up to 2GB, if this is x86), and definitely not enough for a complete dump.I would suggest changing the initial size to at least 2200 and rebooting before expecting this to work properly.Ok i will change after mr snrub see my dump filethankanton Link to comment Share on other sites More sharing options...
eyeball Posted August 21, 2008 Share Posted August 21, 2008 gOber, this is completely off-topic, but do you have a "ram optimizer" in that screenshot? Link to comment Share on other sites More sharing options...
Ponch Posted August 21, 2008 Share Posted August 21, 2008 I once had a Bad_pool_caller stop and after 1/2 hour, I found out one of the RAM module on that laptop was bad.It doesn't mean it's you case, but I'd test the ram extensively. Link to comment Share on other sites More sharing options...
Mr Snrub Posted August 21, 2008 Share Posted August 21, 2008 The problem in this dump is a "double free" of a nonpaged pool allocation - a driver has already freed up an allocation and then tries to free it again, so it's not a corruption and not something you can trap easily with a crash dump (if at all).The culprit driver here looks like Zone Labs' vsdatant.sys - I'm guessing Zone Alarm or the security suite.Windows XP Kernel Version 2600 (Service Pack 3) MP (2 procs) Free x86 compatibleProduct: WinNt, suite: TerminalServer SingleUserTSBuilt by: 2600.xpsp.080413-2111Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720Debug session time: Thu Aug 21 04:48:05.484 2008 (GMT+2)System Uptime: 0 days 4:15:37.190BAD_POOL_CALLER (c2)The current thread is making a bad pool request. Typically this is at a bad IRQL level or double freeing the same allocation, etc.Arguments:Arg1: 00000007, Attempt to free pool which was already freedArg2: 00000cd4, (reserved)Arg3: 02060001, Memory contents of the pool blockArg4: 888ac380, Address of the block of pool being deallocatedDEFAULT_BUCKET_ID: DRIVER_FAULTSTACK_TEXT: bacf78b8 8054b583 000000c2 00000007 00000cd4 nt!KeBugCheckEx+0x1bbacf7908 ae962782 888ac380 00000000 bacf7950 nt!ExFreePoolWithTag+0x2a3bacf7918 ae962450 888f9c68 888f9cfc 888f9cfc tcpip!TCPClose+0x16bacf7950 ae8ef0c1 8a0af5e8 888f9c68 ae8ee9cd tcpip!TCPDispatch+0x101bacf795c ae8ee9cd 8a0af5e8 888f9c68 00000002 vsdatant+0x450c1bacf7990 ae8ef04a 8a0af5e8 888f9c68 888f9c68 vsdatant+0x449cdbacf79b4 ae8eeee7 897e87a0 ae8ef057 888f9c68 vsdatant+0x4504abacf79bc ae8ef057 888f9c68 8a0ab5e0 8a0a60d8 vsdatant+0x44ee7bacf79ec 8053721f 00000000 bacf7a28 80537283 vsdatant+0x45057bacf7a40 bab384c9 ae999690 bab384d4 ae998000 nt!ExNotifyCallback+0x43bacf7a58 ae965c0b 02999680 ae965c16 898636f4 TDI!CTEScheduleDelayedEvent+0x35bacf7a70 ae95b65a 8a0b0da8 02cf7ab0 00000001 tcpip!LoopXmit+0x6abacf7aa0 ae95b79f ae9994c0 0100007f 88bf0880 tcpip!SendIPPacket+0x193bacf7bec 888e5d68 00000000 89032c68 00000000 tcpip!IPTransmit+0x289ebacf7c48 804ef18f 8a0af5e8 888f9c68 888f9c68 0x888e5d68bacf7cbc 80583af8 888e5d68 00000000 00000000 nt!IopfCallDriver+0x31bacf7cf4 805bb466 008e5d80 00000000 888e5d68 nt!IopDeleteFile+0x132bacf7d10 805266ca 888e5d80 00000000 8052667e nt!ObpRemoveObjectRoutine+0xe0bacf7d28 ae88bc0f 88944468 889443f0 ae888cb6 nt!ObfDereferenceObject+0x4cbacf7d3c ae88bbbc 889443f0 ae88a7a8 bacf7d68 afd!AfdFreeConnectionResources+0x38bacf7d4c ae88886a 88944468 8a12a1f0 8a215740 afd!AfdFreeConnection+0x5cbacf7d68 80576ad5 8a215740 00000000 8056485c afd!AfdDoWork+0x51bacf7d7c 8053876d 8a12a1f0 00000000 8a5bd8b8 nt!IopProcessWorkItem+0x13bacf7dac 805cff64 8a12a1f0 00000000 00000000 nt!ExpWorkerThread+0xefbacf7ddc 805460de 8053867e 00000001 00000000 nt!PspSystemThreadStartup+0x3400000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16FOLLOWUP_IP: vsdatant+450c1ae8ef0c1 c20c00 ret 0Ch1: kd> !pool 888ac380Pool page 888ac380 region is Nonpaged pool 888ac000 size: 228 previous size: 0 (Free) GeN- 888ac228 size: 70 previous size: 228 (Allocated) GeN- 888ac298 size: 8 previous size: 70 (Free) AfdC 888ac2a0 size: d0 previous size: 8 (Allocated) FMsl 888ac370 size: 8 previous size: d0 (Free) File*888ac378 size: 30 previous size: 8 (Free) *TCPc Pooltag TCPc : TCP/IP network protocol, Binary : TCP 888ac3a8 size: c58 previous size: 30 (Free) Ddk 1: kd> dc 888ac378 888ac3a8-1888ac378 02060001 63504354 88adb188 00000000 ....TCPc........888ac388 bad00101 02040001 00000000 888ac394 ................888ac398 888ac394 899a9c18 888f9c68 00000000 ........h.......1: kd> lmvm vsdatantstart end module nameae8aa000 ae9090e0 vsdatant (no symbols) Loaded symbol image file: vsdatant.sys Image path: \SystemRoot\System32\vsdatant.sys Image name: vsdatant.sys Timestamp: Wed Jul 09 17:33:32 2008 (4874DA4C) CheckSum: 00068FDC ImageSize: 0005F0E0 File version: 7.0.483.0 Product version: 7.0.483.0 File flags: 0 (Mask 3F) File OS: 40004 NT Win32 File type: 2.0 Dll File date: 00000000.00000000 Translations: 0409.04e4 CompanyName: Zone Labs, LLC ProductName: TrueVector Device Driver InternalName: vsdatant OriginalFilename: vsdatant.sys ProductVersion: 7.0.483.000 FileVersion: 7.0.483.000 FileDescription: TrueVector Device Driver LegalCopyright: Copyright © 1998-2006, Zone Labs, LLCVirtual memory and running process summary shows no particular issue:1: kd> !vm*** Virtual Memory Usage *** Physical Memory: 523883 ( 2095532 Kb) Page File: \??\C:\pagefile.sys Current: 1572864 Kb Free Space: 1528732 Kb Minimum: 1572864 Kb Maximum: 3145728 Kb Available Pages: 248404 ( 993616 Kb) ResAvail Pages: 436781 ( 1747124 Kb) Locked IO Pages: 229 ( 916 Kb) Free System PTEs: 173801 ( 695204 Kb) Free NP PTEs: 32766 ( 131064 Kb) Free Special NP: 0 ( 0 Kb) Modified Pages: 202 ( 808 Kb) Modified PF Pages: 202 ( 808 Kb) NonPagedPool Usage: 7565 ( 30260 Kb) NonPagedPool Max: 65536 ( 262144 Kb) PagedPool 0 Usage: 9806 ( 39224 Kb) PagedPool 1 Usage: 3665 ( 14660 Kb) PagedPool 2 Usage: 3688 ( 14752 Kb) PagedPool 3 Usage: 3643 ( 14572 Kb) PagedPool 4 Usage: 3636 ( 14544 Kb) PagedPool Usage: 24438 ( 97752 Kb) PagedPool Maximum: 92160 ( 368640 Kb) Shared Commit: 5223 ( 20892 Kb) Special Pool: 0 ( 0 Kb) Shared Process: 3566 ( 14264 Kb) PagedPool Commit: 24438 ( 97752 Kb) Driver Commit: 4490 ( 17960 Kb) Committed pages: 210183 ( 840732 Kb) Commit limit: 876542 ( 3506168 Kb) Total Private: 166545 ( 666180 Kb) 0a7c war3.exe 57184 ( 228736 Kb) 0750 firefox.exe 27261 ( 109044 Kb) 0080 iexplore.exe 27193 ( 108772 Kb) 01d4 avp.exe 10246 ( 40984 Kb) 039c vsmon.exe 8637 ( 34548 Kb) 07a4 RTHDCPL.exe 4920 ( 19680 Kb) 02f4 svchost.exe 4683 ( 18732 Kb) 0444 HDSentinel.exe 4172 ( 16688 Kb) 0360 explorer.exe 4046 ( 16184 Kb) 075c zlclient.exe 2977 ( 11908 Kb) 0598 winlogon.exe 2025 ( 8100 Kb) 05d0 lsass.exe 1099 ( 4396 Kb) 0408 vmware-authd.ex 1095 ( 4380 Kb) 02ec IDMan.exe 1064 ( 4256 Kb) 0500 svchost.exe 980 ( 3920 Kb) 0704 avp.exe 978 ( 3912 Kb) 0524 xRaidSetup.exe 865 ( 3460 Kb) 01f8 spoolsv.exe 861 ( 3444 Kb) 0680 svchost.exe 783 ( 3132 Kb) 0428 nvsvc32.exe 698 ( 2792 Kb) 044c svchost.exe 640 ( 2560 Kb) 06ec rundll32.exe 636 ( 2544 Kb) 07f8 SoundMan.exe 509 ( 2036 Kb) 06b8 svchost.exe 504 ( 2016 Kb) 0580 csrss.exe 492 ( 1968 Kb) 05c4 services.exe 470 ( 1880 Kb) 0688 svchost.exe 433 ( 1732 Kb) 0d58 alg.exe 330 ( 1320 Kb) 0c90 ping.exe 288 ( 1152 Kb) 0480 vmnat.exe 232 ( 928 Kb) 02b0 vmnetdhcp.exe 195 ( 780 Kb) 036c smss.exe 42 ( 168 Kb) 0004 System 7 ( 28 Kb) 0484 war3.exe 0 ( 0 Kb)Did you have a problem with Warcraft 3?There are 2 processes war3.exe, one has an elapsed time of ~4 days and has 0 handles, implying the process did not close properly - the second instance has been running ~18 hours:1: kd> !process 0 0 war3.exePROCESS 892f1020 SessionId: 0 Cid: 0484 Peb: 7ffd5000 ParentCid: 0f88 DirBase: 0b180440 ObjectTable: 00000000 HandleCount: 0. Image: war3.exePROCESS 8924d020 SessionId: 0 Cid: 0a7c Peb: 7ffde000 ParentCid: 0e80 DirBase: 0b180460 ObjectTable: e60de848 HandleCount: 2920. Image: war3.exeYou also have VMWare installed, so it might be these 2 products (Zone Labs and VMWare) not playing nicely:1: kd> lmvm vm*start end module nameb178e000 b1798480 vmci (export symbols) vmci.sys Loaded symbol image file: vmci.sys Image path: \??\C:\WINDOWS\system32\Drivers\vmci.sys Image name: vmci.sys Timestamp: Thu Jun 19 02:45:11 2008 (4859AC17) CheckSum: 000102A1 ImageSize: 0000A480 File version: 6.5.0.3129 Product version: 6.5.0.3129 File flags: 0 (Mask 3F) File OS: 40004 NT Win32 File type: 3.7 Driver File date: 00000000.00000000 Translations: 0409.04b0 CompanyName: VMware, Inc. ProductName: VMware kernel driver InternalName: vmci.sys OriginalFilename: vmci.sys ProductVersion: e.x.p build-99530 FileVersion: e.x.p FileDescription: VMware kernel driver LegalCopyright: Copyright © 1998-2008 VMware, Inc.b335e000 b3364000 vmnetbridge (no symbols) Loaded symbol image file: vmnetbridge.sys Image path: \SystemRoot\system32\DRIVERS\vmnetbridge.sys Image name: vmnetbridge.sys Timestamp: Thu Jun 19 03:26:56 2008 (4859B5E0) CheckSum: 00015E55 ImageSize: 00006000 Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0b54b5000 b54b9c00 vmnetuserif (no symbols) Loaded symbol image file: vmnetuserif.sys Image path: \??\C:\WINDOWS\system32\drivers\vmnetuserif.sys Image name: vmnetuserif.sys Timestamp: Thu Jun 19 03:26:32 2008 (4859B5C8) CheckSum: 00015C3F ImageSize: 00004C00 Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0b9b43000 b9b46b00 VMkbd (no symbols) Loaded symbol image file: VMkbd.sys Image path: \??\C:\WINDOWS\system32\drivers\VMkbd.sys Image name: VMkbd.sys Timestamp: Thu Jun 19 04:19:43 2008 (4859C23F) CheckSum: 00005A54 ImageSize: 00003B00 Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0ba067000 ba069f00 VMNET (export symbols) VMNET.SYS Loaded symbol image file: VMNET.SYS Image path: \SystemRoot\system32\DRIVERS\VMNET.SYS Image name: VMNET.SYS Timestamp: Thu Jun 19 03:26:22 2008 (4859B5BE) CheckSum: 0000772F ImageSize: 00002F00 File version: 4.0.2.0 Product version: 4.0.2.0 File flags: 0 (Mask 3F) File OS: 40004 NT Win32 File type: 3.7 Driver File date: 00000000.00000000 Translations: 0409.04b0 CompanyName: VMware, Inc. ProductName: VMware virtual network driver (32-bit) InternalName: VMnet.sys OriginalFilename: VMnet.sys ProductVersion: 4.0.2.0 build-99530 FileVersion: 4.0.2.0 FileDescription: VMware virtual network driver (32-bit) LegalCopyright: Copyright © 1998-2008 VMware, Inc.bada4000 bada6680 vmnetadapter (no symbols) Loaded symbol image file: vmnetadapter.sys Image path: \SystemRoot\system32\DRIVERS\vmnetadapter.sys Image name: vmnetadapter.sys Timestamp: Thu Jun 19 03:26:25 2008 (4859B5C1) CheckSum: 0000BC14 ImageSize: 00002680 Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0badbe000 badc0000 VMparport (no symbols) Loaded symbol image file: VMparport.sys Image path: \??\C:\WINDOWS\system32\Drivers\VMparport.sys Image name: VMparport.sys Timestamp: Thu Jun 19 02:44:23 2008 (4859ABE7) CheckSum: 0001193F ImageSize: 00002000 File version: 6.5.0.3129 Product version: 6.5.0.3129 File flags: 0 (Mask 3F) File OS: 40004 NT Win32 File type: 3.7 Driver File date: 00000000.00000000 Translations: 0409.04b0 CompanyName: VMware, Inc. ProductName: VMware parallel port driver InternalName: VMparport.sys OriginalFilename: VMparport.sys ProductVersion: e.x.p build-99530 FileVersion: e.x.p FileDescription: VMware parallel port driver LegalCopyright: Copyright © 1998-2008 VMware, Inc.Onboard Marvell Yukon NIC driver seems pretty recent:1: kd> !sysinfo machineidMachine ID Information [From Smbios 2.4, DMIVersion 36, Size=1197]BiosVendor = Award Software International, Inc.BiosVersion = F10HBiosReleaseDate = 04/24/2008SystemManufacturer = Gigabyte Technology Co., Ltd.SystemProductName = 965G-DS3SystemFamily = SystemVersion = SystemSKU = BaseBoardManufacturer = Gigabyte Technology Co., Ltd.BaseBoardProduct = 965G-DS3BaseBoardVersion = 1: kd> lmvm yk*start end module nameb9420000 b9466880 yk51x86 (no symbols) Loaded symbol image file: yk51x86.sys Image path: \SystemRoot\system32\DRIVERS\yk51x86.sys Image name: yk51x86.sys Timestamp: Tue May 20 15:03:14 2008 (4832CC12) CheckSum: 00054588 ImageSize: 00046880 Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0Depending on how consistent the dumps are (always have the same stack or the same drivers in the stack, same bugcheck code, etc.) this could be a RAM fault as it's nonpaged pool (resident in physical memory), but I would be more inclined to believe a driver fault.I would go down the route of either uninstalling VMWare to see if the problem goes away, or the Zone Labs software so long as you are behind a NAT router.Or wait until the next dump is produced and we can check for consistency (i.e. always network-related activity on the crashing thread stack).A few hours testing overnight with memtest86 would not be a bad idea either. Link to comment Share on other sites More sharing options...
gOber Posted August 21, 2008 Author Share Posted August 21, 2008 gOber, this is completely off-topic, but do you have a "ram optimizer" in that screenshot? What do you mind? I not understand Sir. Please tell me more detail coz im newbie Link to comment Share on other sites More sharing options...
gOber Posted August 21, 2008 Author Share Posted August 21, 2008 Dear Mr Snrub,Thank you for your all reply sir....The problem in this dump is a "double free" of a nonpaged pool allocation - a driver has already freed up an allocation and then tries to free it again, so it's not a corruption and not something you can trap easily with a crash dump (if at all).The culprit driver here looks like Zone Labs' vsdatant.sys - I'm guessing Zone Alarm or the security suite.Windows XP Kernel Version 2600 (Service Pack 3) MP (2 procs) Free x86 compatibleProduct: WinNt, suite: TerminalServer SingleUserTSBuilt by: 2600.xpsp.080413-2111Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720Debug session time: Thu Aug 21 04:48:05.484 2008 (GMT+2)System Uptime: 0 days 4:15:37.190BAD_POOL_CALLER (c2)The current thread is making a bad pool request. Typically this is at a bad IRQL level or double freeing the same allocation, etc.Arguments:Arg1: 00000007, Attempt to free pool which was already freedArg2: 00000cd4, (reserved)Arg3: 02060001, Memory contents of the pool blockArg4: 888ac380, Address of the block of pool being deallocatedDEFAULT_BUCKET_ID: DRIVER_FAULTSTACK_TEXT: bacf78b8 8054b583 000000c2 00000007 00000cd4 nt!KeBugCheckEx+0x1bbacf7908 ae962782 888ac380 00000000 bacf7950 nt!ExFreePoolWithTag+0x2a3bacf7918 ae962450 888f9c68 888f9cfc 888f9cfc tcpip!TCPClose+0x16bacf7950 ae8ef0c1 8a0af5e8 888f9c68 ae8ee9cd tcpip!TCPDispatch+0x101bacf795c ae8ee9cd 8a0af5e8 888f9c68 00000002 vsdatant+0x450c1bacf7990 ae8ef04a 8a0af5e8 888f9c68 888f9c68 vsdatant+0x449cdbacf79b4 ae8eeee7 897e87a0 ae8ef057 888f9c68 vsdatant+0x4504abacf79bc ae8ef057 888f9c68 8a0ab5e0 8a0a60d8 vsdatant+0x44ee7bacf79ec 8053721f 00000000 bacf7a28 80537283 vsdatant+0x45057bacf7a40 bab384c9 ae999690 bab384d4 ae998000 nt!ExNotifyCallback+0x43bacf7a58 ae965c0b 02999680 ae965c16 898636f4 TDI!CTEScheduleDelayedEvent+0x35bacf7a70 ae95b65a 8a0b0da8 02cf7ab0 00000001 tcpip!LoopXmit+0x6abacf7aa0 ae95b79f ae9994c0 0100007f 88bf0880 tcpip!SendIPPacket+0x193bacf7bec 888e5d68 00000000 89032c68 00000000 tcpip!IPTransmit+0x289ebacf7c48 804ef18f 8a0af5e8 888f9c68 888f9c68 0x888e5d68bacf7cbc 80583af8 888e5d68 00000000 00000000 nt!IopfCallDriver+0x31bacf7cf4 805bb466 008e5d80 00000000 888e5d68 nt!IopDeleteFile+0x132bacf7d10 805266ca 888e5d80 00000000 8052667e nt!ObpRemoveObjectRoutine+0xe0bacf7d28 ae88bc0f 88944468 889443f0 ae888cb6 nt!ObfDereferenceObject+0x4cbacf7d3c ae88bbbc 889443f0 ae88a7a8 bacf7d68 afd!AfdFreeConnectionResources+0x38bacf7d4c ae88886a 88944468 8a12a1f0 8a215740 afd!AfdFreeConnection+0x5cbacf7d68 80576ad5 8a215740 00000000 8056485c afd!AfdDoWork+0x51bacf7d7c 8053876d 8a12a1f0 00000000 8a5bd8b8 nt!IopProcessWorkItem+0x13bacf7dac 805cff64 8a12a1f0 00000000 00000000 nt!ExpWorkerThread+0xefbacf7ddc 805460de 8053867e 00000001 00000000 nt!PspSystemThreadStartup+0x3400000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16FOLLOWUP_IP: vsdatant+450c1ae8ef0c1 c20c00 ret 0Ch1: kd> !pool 888ac380Pool page 888ac380 region is Nonpaged pool 888ac000 size: 228 previous size: 0 (Free) GeN- 888ac228 size: 70 previous size: 228 (Allocated) GeN- 888ac298 size: 8 previous size: 70 (Free) AfdC 888ac2a0 size: d0 previous size: 8 (Allocated) FMsl 888ac370 size: 8 previous size: d0 (Free) File*888ac378 size: 30 previous size: 8 (Free) *TCPc Pooltag TCPc : TCP/IP network protocol, Binary : TCP 888ac3a8 size: c58 previous size: 30 (Free) Ddk 1: kd> dc 888ac378 888ac3a8-1888ac378 02060001 63504354 88adb188 00000000 ....TCPc........888ac388 bad00101 02040001 00000000 888ac394 ................888ac398 888ac394 899a9c18 888f9c68 00000000 ........h.......1: kd> lmvm vsdatantstart end module nameae8aa000 ae9090e0 vsdatant (no symbols) Loaded symbol image file: vsdatant.sys Image path: \SystemRoot\System32\vsdatant.sys Image name: vsdatant.sys Timestamp: Wed Jul 09 17:33:32 2008 (4874DA4C) CheckSum: 00068FDC ImageSize: 0005F0E0 File version: 7.0.483.0 Product version: 7.0.483.0 File flags: 0 (Mask 3F) File OS: 40004 NT Win32 File type: 2.0 Dll File date: 00000000.00000000 Translations: 0409.04e4 CompanyName: Zone Labs, LLC ProductName: TrueVector Device Driver InternalName: vsdatant OriginalFilename: vsdatant.sys ProductVersion: 7.0.483.000 FileVersion: 7.0.483.000 FileDescription: TrueVector Device Driver LegalCopyright: Copyright © 1998-2006, Zone Labs, LLCSo i must uninstall ZoneLabs or discuss with ZA Forum?Virtual memory and running process summary shows no particular issue:1: kd> !vm*** Virtual Memory Usage *** Physical Memory: 523883 ( 2095532 Kb) Page File: \??\C:\pagefile.sys Current: 1572864 Kb Free Space: 1528732 Kb Minimum: 1572864 Kb Maximum: 3145728 Kb Available Pages: 248404 ( 993616 Kb) ResAvail Pages: 436781 ( 1747124 Kb) Locked IO Pages: 229 ( 916 Kb) Free System PTEs: 173801 ( 695204 Kb) Free NP PTEs: 32766 ( 131064 Kb) Free Special NP: 0 ( 0 Kb) Modified Pages: 202 ( 808 Kb) Modified PF Pages: 202 ( 808 Kb) NonPagedPool Usage: 7565 ( 30260 Kb) NonPagedPool Max: 65536 ( 262144 Kb) PagedPool 0 Usage: 9806 ( 39224 Kb) PagedPool 1 Usage: 3665 ( 14660 Kb) PagedPool 2 Usage: 3688 ( 14752 Kb) PagedPool 3 Usage: 3643 ( 14572 Kb) PagedPool 4 Usage: 3636 ( 14544 Kb) PagedPool Usage: 24438 ( 97752 Kb) PagedPool Maximum: 92160 ( 368640 Kb) Shared Commit: 5223 ( 20892 Kb) Special Pool: 0 ( 0 Kb) Shared Process: 3566 ( 14264 Kb) PagedPool Commit: 24438 ( 97752 Kb) Driver Commit: 4490 ( 17960 Kb) Committed pages: 210183 ( 840732 Kb) Commit limit: 876542 ( 3506168 Kb) Total Private: 166545 ( 666180 Kb) 0a7c war3.exe 57184 ( 228736 Kb) 0750 firefox.exe 27261 ( 109044 Kb) 0080 iexplore.exe 27193 ( 108772 Kb) 01d4 avp.exe 10246 ( 40984 Kb) 039c vsmon.exe 8637 ( 34548 Kb) 07a4 RTHDCPL.exe 4920 ( 19680 Kb) 02f4 svchost.exe 4683 ( 18732 Kb) 0444 HDSentinel.exe 4172 ( 16688 Kb) 0360 explorer.exe 4046 ( 16184 Kb) 075c zlclient.exe 2977 ( 11908 Kb) 0598 winlogon.exe 2025 ( 8100 Kb) 05d0 lsass.exe 1099 ( 4396 Kb) 0408 vmware-authd.ex 1095 ( 4380 Kb) 02ec IDMan.exe 1064 ( 4256 Kb) 0500 svchost.exe 980 ( 3920 Kb) 0704 avp.exe 978 ( 3912 Kb) 0524 xRaidSetup.exe 865 ( 3460 Kb) 01f8 spoolsv.exe 861 ( 3444 Kb) 0680 svchost.exe 783 ( 3132 Kb) 0428 nvsvc32.exe 698 ( 2792 Kb) 044c svchost.exe 640 ( 2560 Kb) 06ec rundll32.exe 636 ( 2544 Kb) 07f8 SoundMan.exe 509 ( 2036 Kb) 06b8 svchost.exe 504 ( 2016 Kb) 0580 csrss.exe 492 ( 1968 Kb) 05c4 services.exe 470 ( 1880 Kb) 0688 svchost.exe 433 ( 1732 Kb) 0d58 alg.exe 330 ( 1320 Kb) 0c90 ping.exe 288 ( 1152 Kb) 0480 vmnat.exe 232 ( 928 Kb) 02b0 vmnetdhcp.exe 195 ( 780 Kb) 036c smss.exe 42 ( 168 Kb) 0004 System 7 ( 28 Kb) 0484 war3.exe 0 ( 0 Kb)Ok thanksDid you have a problem with Warcraft 3?There are 2 processes war3.exe, one has an elapsed time of ~4 days and has 0 handles, implying the process did not close properly - the second instance has been running ~18 hours:1: kd> !process 0 0 war3.exePROCESS 892f1020 SessionId: 0 Cid: 0484 Peb: 7ffd5000 ParentCid: 0f88 DirBase: 0b180440 ObjectTable: 00000000 HandleCount: 0. Image: war3.exePROCESS 8924d020 SessionId: 0 Cid: 0a7c Peb: 7ffde000 ParentCid: 0e80 DirBase: 0b180460 ObjectTable: e60de848 HandleCount: 2920. Image: war3.exeYes, Mostly im got BSOD when i played Warcarft 3(DOTA) But i already install latest VGA driver but still sameYou also have VMWare installed, so it might be these 2 products (Zone Labs and VMWare) not playing nicely:1: kd> lmvm vm*start end module nameb178e000 b1798480 vmci (export symbols) vmci.sys Loaded symbol image file: vmci.sys Image path: \??\C:\WINDOWS\system32\Drivers\vmci.sys Image name: vmci.sys Timestamp: Thu Jun 19 02:45:11 2008 (4859AC17) CheckSum: 000102A1 ImageSize: 0000A480 File version: 6.5.0.3129 Product version: 6.5.0.3129 File flags: 0 (Mask 3F) File OS: 40004 NT Win32 File type: 3.7 Driver File date: 00000000.00000000 Translations: 0409.04b0 CompanyName: VMware, Inc. ProductName: VMware kernel driver InternalName: vmci.sys OriginalFilename: vmci.sys ProductVersion: e.x.p build-99530 FileVersion: e.x.p FileDescription: VMware kernel driver LegalCopyright: Copyright © 1998-2008 VMware, Inc.b335e000 b3364000 vmnetbridge (no symbols) Loaded symbol image file: vmnetbridge.sys Image path: \SystemRoot\system32\DRIVERS\vmnetbridge.sys Image name: vmnetbridge.sys Timestamp: Thu Jun 19 03:26:56 2008 (4859B5E0) CheckSum: 00015E55 ImageSize: 00006000 Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0b54b5000 b54b9c00 vmnetuserif (no symbols) Loaded symbol image file: vmnetuserif.sys Image path: \??\C:\WINDOWS\system32\drivers\vmnetuserif.sys Image name: vmnetuserif.sys Timestamp: Thu Jun 19 03:26:32 2008 (4859B5C8) CheckSum: 00015C3F ImageSize: 00004C00 Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0b9b43000 b9b46b00 VMkbd (no symbols) Loaded symbol image file: VMkbd.sys Image path: \??\C:\WINDOWS\system32\drivers\VMkbd.sys Image name: VMkbd.sys Timestamp: Thu Jun 19 04:19:43 2008 (4859C23F) CheckSum: 00005A54 ImageSize: 00003B00 Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0ba067000 ba069f00 VMNET (export symbols) VMNET.SYS Loaded symbol image file: VMNET.SYS Image path: \SystemRoot\system32\DRIVERS\VMNET.SYS Image name: VMNET.SYS Timestamp: Thu Jun 19 03:26:22 2008 (4859B5BE) CheckSum: 0000772F ImageSize: 00002F00 File version: 4.0.2.0 Product version: 4.0.2.0 File flags: 0 (Mask 3F) File OS: 40004 NT Win32 File type: 3.7 Driver File date: 00000000.00000000 Translations: 0409.04b0 CompanyName: VMware, Inc. ProductName: VMware virtual network driver (32-bit) InternalName: VMnet.sys OriginalFilename: VMnet.sys ProductVersion: 4.0.2.0 build-99530 FileVersion: 4.0.2.0 FileDescription: VMware virtual network driver (32-bit) LegalCopyright: Copyright © 1998-2008 VMware, Inc.bada4000 bada6680 vmnetadapter (no symbols) Loaded symbol image file: vmnetadapter.sys Image path: \SystemRoot\system32\DRIVERS\vmnetadapter.sys Image name: vmnetadapter.sys Timestamp: Thu Jun 19 03:26:25 2008 (4859B5C1) CheckSum: 0000BC14 ImageSize: 00002680 Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0badbe000 badc0000 VMparport (no symbols) Loaded symbol image file: VMparport.sys Image path: \??\C:\WINDOWS\system32\Drivers\VMparport.sys Image name: VMparport.sys Timestamp: Thu Jun 19 02:44:23 2008 (4859ABE7) CheckSum: 0001193F ImageSize: 00002000 File version: 6.5.0.3129 Product version: 6.5.0.3129 File flags: 0 (Mask 3F) File OS: 40004 NT Win32 File type: 3.7 Driver File date: 00000000.00000000 Translations: 0409.04b0 CompanyName: VMware, Inc. ProductName: VMware parallel port driver InternalName: VMparport.sys OriginalFilename: VMparport.sys ProductVersion: e.x.p build-99530 FileVersion: e.x.p FileDescription: VMware parallel port driver LegalCopyright: Copyright © 1998-2008 VMware, Inc.Onboard Marvell Yukon NIC driver seems pretty recent:1: kd> !sysinfo machineidMachine ID Information [From Smbios 2.4, DMIVersion 36, Size=1197]BiosVendor = Award Software International, Inc.BiosVersion = F10HBiosReleaseDate = 04/24/2008SystemManufacturer = Gigabyte Technology Co., Ltd.SystemProductName = 965G-DS3SystemFamily = SystemVersion = SystemSKU = BaseBoardManufacturer = Gigabyte Technology Co., Ltd.BaseBoardProduct = 965G-DS3BaseBoardVersion = 1: kd> lmvm yk*start end module nameb9420000 b9466880 yk51x86 (no symbols) Loaded symbol image file: yk51x86.sys Image path: \SystemRoot\system32\DRIVERS\yk51x86.sys Image name: yk51x86.sys Timestamp: Tue May 20 15:03:14 2008 (4832CC12) CheckSum: 00054588 ImageSize: 00046880 Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0So, i must uninstall this software? or update latest version?Depending on how consistent the dumps are (always have the same stack or the same drivers in the stack, same bugcheck code, etc.) this could be a RAM fault as it's nonpaged pool (resident in physical memory), but I would be more inclined to believe a driver fault.I would go down the route of either uninstalling VMWare to see if the problem goes away, or the Zone Labs software so long as you are behind a NAT router.Or wait until the next dump is produced and we can check for consistency (i.e. always network-related activity on the crashing thread stack).A few hours testing overnight with memtest86 would not be a bad idea either.Mr. Snurb... do you think my memory got error? If yes maybe i must buy new one?SOrry if my language english to badThankgOber Link to comment Share on other sites More sharing options...
mara- Posted August 21, 2008 Share Posted August 21, 2008 He suggested that problem might me ZoneAlarm. If you have it, remove it and see if you'll get BSOD again.Cheers Link to comment Share on other sites More sharing options...
gOber Posted August 21, 2008 Author Share Posted August 21, 2008 He suggested that problem might me ZoneAlarm. If you have it, remove it and see if you'll get BSOD again.Cheers Hi,Ok thank... btw if i only disable ZA can? or must full uninstall?thankgOber Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now