[Vadikan]

Kolpen, дампы к сообщению прикрепите, плиз - кнопка справа.

[Kolpen]

после 5 часов стабильной работы два синих экранам предыдущего содержания. если надо могу из первого сообщения перекрепить старые, только чето в это сообщение непойму как их дабавить редактируя

[Vadikan]

Kolpen,

Код:

Crash date:         Tue Jun  2 23:48:38.055 2009 (GMT+4)
Stop error code:    0xD1
Process name:       explorer.exe
Probably caused by: ndis.sys ( ndisndisMTimerDpcX+b6 )

Второй - на тот же драйвер указывает.

ndis - похоже, одна из самых плохо решаемых проблем. Могу дать только общие рекомендации: http://www.oszone.net/8774/Drivers_List#general
Если ничего не поможет, попробуйте удалить фаервол или комплексное ПО, включающее в себя фаервол (включите встроенный брандмауэр).
Если есть возможность, попробуйте заменить сетевую карту.

[Kolpen]

я правильно понел судя по ссылке мне делать чтоли все средства? проверят память жесткий диск и обновлять все дрова, обновить биос? Вот еще днем дампы делал там навреное тоже самое...

[Kolpen]

вот недавно был синий экран ошибка была другая после перезагрузки интернет трафик непрохадил, через 40 минут подобная ошибка типо 0.000000FC в этом разделе тем для этой ошибке нет, надо было создать новую? очень нужна помощь.

[Virtual]

skiliner,
отвечу на твои вопросы в личке.
1. как самостоятельно анализировать дампы
http://forum.oszone.net/thread-130713.html
2. БП попробуй сменить на более свежий, заведомо исправный, и более мощьный
3.

читать дальше »

---------
Loading Dump File [F:\kdfe_Dump_Analize\DumpS\Mini052109-02.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_rtm.040803-2158
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805644a0
Debug session time: Thu May 21 04:48:10.421 2009 (GMT+6)
System Uptime: 0 days 1:35:22.139

BugCheck 100000D1, {f433024e, 2, 0, f433024e}

Unable to load image Vax347b.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for Vax347b.sys
*** ERROR: Module load completed but symbols could not be loaded for Vax347b.sys
*** WARNING: Unable to verify timestamp for Sandbox.SYS
*** ERROR: Module load completed but symbols could not be loaded for Sandbox.SYS
Probably caused by : Vax347b.sys ( Vax347b+dca2 )

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: f433024e, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: f433024e, address which referenced memory

Debugging Details:

READ_ADDRESS: f433024e

CURRENT_IRQL: 2

FAULTING_IP:
afd!AfdIssueDeviceControl+10d
f433024e 687a0233f4 push offset afd!AfdSetContext+0x140 (f433027a)

CUSTOMER_CRASH_COUNT: 2

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0xD1

PROCESS_NAME: firefox.exe

LAST_CONTROL_TRANSFER: from f432ce59 to f433024e

FAILED_INSTRUCTION_ADDRESS:
afd!AfdIssueDeviceControl+10d
f433024e 687a0233f4 push offset afd!AfdSetContext+0x140 (f433027a)

STACK_TEXT:
b9fe9b58 f432ce59 841acab8 b9fe9b78 0000000c afd!AfdIssueDeviceControl+0x10d
b9fe9b84 f43365b5 841acab8 00000004 00000000 afd!AfdSetEventHandler+0x2e
b9fe9bc0 f433617e 8431f028 870546c0 b9fe9c10 afd!AfdCleanup+0x619
b9fe9bd0 804e19ee 85a2d4f8 840cee70 840cee70 afd!AfdDispatch+0xbb
b9fe9be0 8057e818 8431f010 873e7ca0 00000001 nt!IopfCallDriver+0x31
b9fe9c10 80570c83 841a4c50 85a2d4f8 001f01ff nt!IopCloseFile+0x26b
b9fe9c40 80570dd6 841a4c50 0131f010 873e7ca0 nt!ObpDecrementHandleCount+0x11b
b9fe9c68 80570cfc e3b21688 8431f028 00000790 nt!ObpCloseHandleTableEntry+0x14d
b9fe9cb0 80570d46 00000790 00000001 00000000 nt!ObpCloseHandle+0x87
b9fe9cc4 f77b4ca2 00000790 00000001 00000003 nt!NtClose+0x1d
WARNING: Stack unwind information not available. Following frames may be wrong.
b9fe9cec f42dfe4a 00000790 b9fe9d64 08a7f50c Vax347b+0xdca2
b9fe9d58 804ddf0f 00000790 08a7f56c 7c90eb94 Sandbox+0x4e4a
b9fe9d58 7c90eb94 00000790 08a7f56c 7c90eb94 nt!KiFastCallEntry+0xfc
08a7f56c 00000000 00000000 00000000 00000000 0x7c90eb94


STACK_COMMAND: kb

FOLLOWUP_IP:
Vax347b+dca2
f77b4ca2 ?? ???

SYMBOL_STACK_INDEX: a

SYMBOL_NAME: Vax347b+dca2

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: Vax347b

IMAGE_NAME: Vax347b.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 426c9fbc

FAILURE_BUCKET_ID: 0xD1_CODE_AV_BAD_IP_Vax347b+dca2

BUCKET_ID: 0xD1_CODE_AV_BAD_IP_Vax347b+dca2

---------
Loading Dump File [F:\kdfe_Dump_Analize\DumpS\Mini052309-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_rtm.040803-2158
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805644a0
Debug session time: Sat May 23 03:28:15.890 2009 (GMT+6)
System Uptime: 0 days 8:24:30.593
Loading Kernel Symbols

BugCheck 100000D1, {f433024e, 2, 0, f433024e}

Unable to load image Vax347b.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for Vax347b.sys
*** ERROR: Module load completed but symbols could not be loaded for Vax347b.sys
*** WARNING: Unable to verify timestamp for Sandbox.SYS
*** ERROR: Module load completed but symbols could not be loaded for Sandbox.SYS
Probably caused by : Vax347b.sys ( Vax347b+dca2 )

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: f433024e, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: f433024e, address which referenced memory

Debugging Details:

READ_ADDRESS: f433024e

CURRENT_IRQL: 2

FAULTING_IP:
afd!AfdIssueDeviceControl+10d
f433024e 687a0233f4 push offset afd!AfdSetContext+0x140 (f433027a)

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0xD1

PROCESS_NAME: firefox.exe

LAST_CONTROL_TRANSFER: from f432ce59 to f433024e

FAILED_INSTRUCTION_ADDRESS:
afd!AfdIssueDeviceControl+10d
f433024e 687a0233f4 push offset afd!AfdSetContext+0x140 (f433027a)

STACK_TEXT:
8903cb58 f432ce59 846249b8 8903cb78 0000000c afd!AfdIssueDeviceControl+0x10d
8903cb84 f43365b5 846249b8 00000004 00000000 afd!AfdSetEventHandler+0x2e
8903cbc0 f433617e 835fa028 8704d030 8903cc10 afd!AfdCleanup+0x619
8903cbd0 804e19ee 85d0e460 85be2588 85be2588 afd!AfdDispatch+0xbb
8903cbe0 8057e818 835fa010 873e7ca0 00000001 nt!IopfCallDriver+0x31
8903cc10 80570c83 843b9da0 85d0e460 001f01ff nt!IopCloseFile+0x26b
8903cc40 80570dd6 843b9da0 015fa010 873e7ca0 nt!ObpDecrementHandleCount+0x11b
8903cc68 80570cfc e2f0ac08 835fa028 00000434 nt!ObpCloseHandleTableEntry+0x14d
8903ccb0 80570d46 00000434 00000001 00000000 nt!ObpCloseHandle+0x87
8903ccc4 f77b4ca2 00000434 00000001 00000003 nt!NtClose+0x1d
WARNING: Stack unwind information not available. Following frames may be wrong.
8903ccec f42dfe4a 00000434 8903cd64 09dff50c Vax347b+0xdca2
8903cd58 804ddf0f 00000434 09dff56c 7c90eb94 Sandbox+0x4e4a
8903cd58 7c90eb94 00000434 09dff56c 7c90eb94 nt!KiFastCallEntry+0xfc
09dff56c 00000000 00000000 00000000 00000000 0x7c90eb94


STACK_COMMAND: kb

FOLLOWUP_IP:
Vax347b+dca2
f77b4ca2 ?? ???

SYMBOL_STACK_INDEX: a

SYMBOL_NAME: Vax347b+dca2

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: Vax347b

IMAGE_NAME: Vax347b.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 426c9fbc

FAILURE_BUCKET_ID: 0xD1_CODE_AV_BAD_IP_Vax347b+dca2

BUCKET_ID: 0xD1_CODE_AV_BAD_IP_Vax347b+dca2

---------
Loading Dump File [F:\kdfe_Dump_Analize\DumpS\Mini052709-01.dmp]

Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_rtm.040803-2158
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805644a0
Debug session time: Wed May 27 02:57:06.921 2009 (GMT+6)
System Uptime: 0 days 9:32:08.633

Use !analyze -v to get detailed debugging information.

BugCheck 100000D1, {f446924e, 2, 0, f446924e}

Unable to load image Vax347b.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for Vax347b.sys
*** ERROR: Module load completed but symbols could not be loaded for Vax347b.sys
*** WARNING: Unable to verify timestamp for Sandbox.SYS
*** ERROR: Module load completed but symbols could not be loaded for Sandbox.SYS
Probably caused by : Vax347b.sys ( Vax347b+dca2 )

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: f446924e, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: f446924e, address which referenced memory

Debugging Details:

READ_ADDRESS: f446924e

CURRENT_IRQL: 2

FAULTING_IP:
afd!AfdIssueDeviceControl+10d
f446924e 687a9246f4 push offset afd!AfdSetContext+0x140 (f446927a)

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0xD1

PROCESS_NAME: firefox.exe

LAST_CONTROL_TRANSFER: from f4465e59 to f446924e

FAILED_INSTRUCTION_ADDRESS:
afd!AfdIssueDeviceControl+10d
f446924e 687a9246f4 push offset afd!AfdSetContext+0x140 (f446927a)

STACK_TEXT:
f7548b58 f4465e59 846196c8 f7548b78 0000000c afd!AfdIssueDeviceControl+0x10d
f7548b84 f446f5b5 846196c8 00000004 00000000 afd!AfdSetEventHandler+0x2e
f7548bc0 f446f17e 8449fb50 86f3ea20 f7548c10 afd!AfdCleanup+0x619
f7548bd0 804e19ee 85de2708 84459b80 84459b80 afd!AfdDispatch+0xbb
f7548be0 8057e818 8449fb38 873e7ad0 00000001 nt!IopfCallDriver+0x31
f7548c10 80570c83 83613020 85de2708 001f01ff nt!IopCloseFile+0x26b
f7548c40 80570dd6 83613020 0149fb38 873e7ad0 nt!ObpDecrementHandleCount+0x11b
f7548c68 80570cfc e27033a8 8449fb50 00000648 nt!ObpCloseHandleTableEntry+0x14d
f7548cb0 80570d46 00000648 00000001 00000000 nt!ObpCloseHandle+0x87
f7548cc4 f7794ca2 00000648 00000001 00000003 nt!NtClose+0x1d
WARNING: Stack unwind information not available. Following frames may be wrong.
f7548cec f4418e4a 00000648 f7548d64 06dff50c Vax347b+0xdca2
f7548d58 804ddf0f 00000648 06dff56c 7c90eb94 Sandbox+0x4e4a
f7548d58 7c90eb94 00000648 06dff56c 7c90eb94 nt!KiFastCallEntry+0xfc
06dff56c 00000000 00000000 00000000 00000000 0x7c90eb94


STACK_COMMAND: kb

FOLLOWUP_IP:
Vax347b+dca2
f7794ca2 ?? ???

SYMBOL_STACK_INDEX: a

SYMBOL_NAME: Vax347b+dca2

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: Vax347b

IMAGE_NAME: Vax347b.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 426c9fbc

FAILURE_BUCKET_ID: 0xD1_CODE_AV_BAD_IP_Vax347b+dca2

BUCKET_ID: 0xD1_CODE_AV_BAD_IP_Vax347b+dca2

---------
Loading Dump File [F:\kdfe_Dump_Analize\DumpS\Mini052709-02.dmp]

Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_rtm.040803-2158
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805644a0
Debug session time: Wed May 27 03:41:09.015 2009 (GMT+6)
System Uptime: 0 days 0:42:40.739

Use !analyze -v to get detailed debugging information.

BugCheck 100000D1, {f446924e, 2, 0, f446924e}

Unable to load image Vax347b.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for Vax347b.sys
*** ERROR: Module load completed but symbols could not be loaded for Vax347b.sys
*** WARNING: Unable to verify timestamp for Sandbox.SYS
*** ERROR: Module load completed but symbols could not be loaded for Sandbox.SYS
Probably caused by : Vax347b.sys ( Vax347b+dca2 )

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: f446924e, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: f446924e, address which referenced memory

Debugging Details:

READ_ADDRESS: f446924e

CURRENT_IRQL: 2

FAULTING_IP:
afd!AfdIssueDeviceControl+10d
f446924e 687a9246f4 push offset afd!AfdSetContext+0x140 (f446927a)

CUSTOMER_CRASH_COUNT: 2

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0xD1

PROCESS_NAME: firefox.exe

LAST_CONTROL_TRANSFER: from f4465e59 to f446924e

FAILED_INSTRUCTION_ADDRESS:
afd!AfdIssueDeviceControl+10d
f446924e 687a9246f4 push offset afd!AfdSetContext+0x140 (f446927a)

STACK_TEXT:
ba3c0b58 f4465e59 844eea80 ba3c0b78 0000000c afd!AfdIssueDeviceControl+0x10d
ba3c0b84 f446f5b5 844eea80 00000004 00000000 afd!AfdSetEventHandler+0x2e
ba3c0bc0 f446f17e 8598f908 8701fd78 ba3c0c10 afd!AfdCleanup+0x619
ba3c0bd0 804e19ee 870a75e0 844f8008 844f8008 afd!AfdDispatch+0xbb
ba3c0be0 8057e818 8598f8f0 873e7ca0 00000001 nt!IopfCallDriver+0x31
ba3c0c10 80570c83 84542990 870a75e0 001f01ff nt!IopCloseFile+0x26b
ba3c0c40 80570dd6 84542990 0198f8f0 873e7ca0 nt!ObpDecrementHandleCount+0x11b
ba3c0c68 80570cfc e1250878 8598f908 00000644 nt!ObpCloseHandleTableEntry+0x14d
ba3c0cb0 80570d46 00000644 00000001 00000000 nt!ObpCloseHandle+0x87
ba3c0cc4 f7794ca2 00000644 00000001 00000003 nt!NtClose+0x1d
WARNING: Stack unwind information not available. Following frames may be wrong.
ba3c0cec f4418e4a 00000644 ba3c0d64 0b1af50c Vax347b+0xdca2
ba3c0d58 804ddf0f 00000644 0b1af56c 7c90eb94 Sandbox+0x4e4a
ba3c0d58 7c90eb94 00000644 0b1af56c 7c90eb94 nt!KiFastCallEntry+0xfc
0b1af56c 00000000 00000000 00000000 00000000 0x7c90eb94


STACK_COMMAND: kb

FOLLOWUP_IP:
Vax347b+dca2
f7794ca2 ?? ???

SYMBOL_STACK_INDEX: a

SYMBOL_NAME: Vax347b+dca2

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: Vax347b

IMAGE_NAME: Vax347b.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 426c9fbc

FAILURE_BUCKET_ID: 0xD1_CODE_AV_BAD_IP_Vax347b+dca2

BUCKET_ID: 0xD1_CODE_AV_BAD_IP_Vax347b+dca2

--
Loading Dump File [F:\kdfe_Dump_Analize\DumpS\Mini052709-03.dmp]

Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_rtm.040803-2158
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805644a0
Debug session time: Wed May 27 03:47:08.281 2009 (GMT+6)
System Uptime: 0 days 0:04:38.987
--

BugCheck 100000D1, {f446924e, 2, 0, f446924e}

Unable to load image Vax347b.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for Vax347b.sys
*** ERROR: Module load completed but symbols could not be loaded for Vax347b.sys
*** WARNING: Unable to verify timestamp for Sandbox.SYS
*** ERROR: Module load completed but symbols could not be loaded for Sandbox.SYS
Probably caused by : Vax347b.sys ( Vax347b+dca2 )

Followup: MachineOwner
--

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: f446924e, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: f446924e, address which referenced memory

Debugging Details:

READ_ADDRESS: f446924e

CURRENT_IRQL: 2

FAULTING_IP:
afd!AfdIssueDeviceControl+10d
f446924e 687a9246f4 push offset afd!AfdSetContext+0x140 (f446927a)

CUSTOMER_CRASH_COUNT: 3

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0xD1

PROCESS_NAME: firefox.exe

LAST_CONTROL_TRANSFER: from f4465e59 to f446924e

FAILED_INSTRUCTION_ADDRESS:
afd!AfdIssueDeviceControl+10d
f446924e 687a9246f4 push offset afd!AfdSetContext+0x140 (f446927a)

STACK_TEXT:
b9a75b58 f4465e59 844ffe58 b9a75b78 0000000c afd!AfdIssueDeviceControl+0x10d
b9a75b84 f446f5b5 844ffe58 00000004 00000000 afd!AfdSetEventHandler+0x2e
b9a75bc0 f446f17e 84509848 86f88f38 b9a75c10 afd!AfdCleanup+0x619
b9a75bd0 804e19ee 85a064f8 844b4c70 844b4c70 afd!AfdDispatch+0xbb
b9a75be0 8057e818 84509830 873e7ad0 00000001 nt!IopfCallDriver+0x31
b9a75c10 80570c83 845a67b8 85a064f8 001f01ff nt!IopCloseFile+0x26b
b9a75c40 80570dd6 845a67b8 01509830 873e7ad0 nt!ObpDecrementHandleCount+0x11b
b9a75c68 80570cfc e3e6f5e8 84509848 00000448 nt!ObpCloseHandleTableEntry+0x14d
b9a75cb0 80570d46 00000448 00000001 00000000 nt!ObpCloseHandle+0x87
b9a75cc4 f7794ca2 00000448 00000001 00000003 nt!NtClose+0x1d
WARNING: Stack unwind information not available. Following frames may be wrong.
b9a75cec f4418e4a 00000448 b9a75d64 0466f50c Vax347b+0xdca2
b9a75d58 804ddf0f 00000448 0466f56c 7c90eb94 Sandbox+0x4e4a
b9a75d58 7c90eb94 00000448 0466f56c 7c90eb94 nt!KiFastCallEntry+0xfc
0466f56c 00000000 00000000 00000000 00000000 0x7c90eb94


STACK_COMMAND: kb

FOLLOWUP_IP:
Vax347b+dca2
f7794ca2 ?? ???

SYMBOL_STACK_INDEX: a

SYMBOL_NAME: Vax347b+dca2

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: Vax347b

IMAGE_NAME: Vax347b.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 426c9fbc

FAILURE_BUCKET_ID: 0xD1_CODE_AV_BAD_IP_Vax347b+dca2

BUCKET_ID: 0xD1_CODE_AV_BAD_IP_Vax347b+dca2

---------
Loading Dump File [F:\kdfe_Dump_Analize\DumpS\Mini052709-04.dmp]

Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_rtm.040803-2158
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805644a0
Debug session time: Wed May 27 04:09:57.328 2009 (GMT+6)
System Uptime: 0 days 0:21:27.059


BugCheck 100000C5, {e45f2000, 2, 1, 805524d5}

Probably caused by : win32k.sys ( win32k!HeavyAllocPool+74 )

DRIVER_CORRUPTED_EXPOOL (c5)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is
caused by drivers that have corrupted the system pool. Run the driver
verifier against any new (or suspect) drivers, and if that doesn't turn up
the culprit, then use gflags to enable special pool.
Arguments:
Arg1: e45f2000, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, value 0 = read operation, 1 = write operation
Arg4: 805524d5, address which referenced memory

Debugging Details:

BUGCHECK_STR: 0xC5_2

CURRENT_IRQL: 2

FAULTING_IP:
nt!ExAllocatePoolWithTag+863
805524d5 8906 mov dword ptr [esi],eax

CUSTOMER_CRASH_COUNT: 4

DEFAULT_BUCKET_ID: COMMON_SYSTEM_FAULT

PROCESS_NAME: outpost.exe

LAST_CONTROL_TRANSFER: from bf802a8e to 805524d5

STACK_TEXT:
ba58fba0 bf802a8e 00000001 00000000 38306847 nt!ExAllocatePoolWithTag+0x863
ba58fbc0 bf805a96 00000458 38306847 00000000 win32k!HeavyAllocPool+0x74
ba58fbe0 bf826978 00000458 00000008 00000000 win32k!AllocateObject+0xaa
ba58fc34 bf82d00f 00000001 00000100 00000000 win32k!PALMEMOBJ::bCreatePalette+0xde
ba58fca8 bf82d554 b9010cd2 00000002 0c670000 win32k!GreCreateDIBitmapReal+0x281
ba58fd38 804ddf0f b9010cd2 00000000 00000000 win32k!NtGdiCreateDIBSection+0x18f
ba58fd38 7c90eb94 b9010cd2 00000000 00000000 nt!KiFastCallEntry+0xfc
WARNING: Frame IP not in any known module. Following frames may be wrong.
00c6f298 00000000 00000000 00000000 00000000 0x7c90eb94


STACK_COMMAND: kb

FOLLOWUP_IP:
win32k!HeavyAllocPool+74
bf802a8e 8bd0 mov edx,eax

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: win32k!HeavyAllocPool+74

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: win32k

IMAGE_NAME: win32k.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 41107f7a

FAILURE_BUCKET_ID: 0xC5_2_win32k!HeavyAllocPool+74

BUCKET_ID: 0xC5_2_win32k!HeavyAllocPool+74

----
Loading Dump File [F:\kdfe_Dump_Analize\DumpS\Mini052709-05.dmp]

Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_rtm.040803-2158
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805644a0
Debug session time: Wed May 27 04:48:29.687 2009 (GMT+6)
System Uptime: 0 days 0:37:12.402

BugCheck 100000D1, {f446924e, 2, 0, f446924e}

Unable to load image Vax347b.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for Vax347b.sys
*** ERROR: Module load completed but symbols could not be loaded for Vax347b.sys
*** WARNING: Unable to verify timestamp for Sandbox.SYS
*** ERROR: Module load completed but symbols could not be loaded for Sandbox.SYS
Probably caused by : Vax347b.sys ( Vax347b+dca2 )

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: f446924e, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: f446924e, address which referenced memory

Debugging Details:

READ_ADDRESS: f446924e

CURRENT_IRQL: 2

FAULTING_IP:
afd!AfdIssueDeviceControl+10d
f446924e 687a9246f4 push offset afd!AfdSetContext+0x140 (f446927a)

CUSTOMER_CRASH_COUNT: 5

DEFAULT_BUCKET_ID: COMMON_SYSTEM_FAULT

BUGCHECK_STR: 0xD1

PROCESS_NAME: firefox.exe

LAST_CONTROL_TRANSFER: from f4465e59 to f446924e

FAILED_INSTRUCTION_ADDRESS:
afd!AfdIssueDeviceControl+10d
f446924e 687a9246f4 push offset afd!AfdSetContext+0x140 (f446927a)

STACK_TEXT:
b9ca1b58 f4465e59 84531308 b9ca1b78 0000000c afd!AfdIssueDeviceControl+0x10d
b9ca1b84 f446f5b5 84531308 00000004 00000000 afd!AfdSetEventHandler+0x2e
b9ca1bc0 f446f17e 845ede80 8735fdd8 b9ca1c10 afd!AfdCleanup+0x619
b9ca1bd0 804e19ee 85deb628 83643008 83643008 afd!AfdDispatch+0xbb
b9ca1be0 8057e818 845ede68 873e7ca0 00000001 nt!IopfCallDriver+0x31
b9ca1c10 80570c83 8356e500 85deb628 001f01ff nt!IopCloseFile+0x26b
b9ca1c40 80570dd6 8356e500 015ede68 873e7ca0 nt!ObpDecrementHandleCount+0x11b
b9ca1c68 80570cfc e13ae760 845ede80 000001f0 nt!ObpCloseHandleTableEntry+0x14d
b9ca1cb0 80570d46 000001f0 00000001 00000000 nt!ObpCloseHandle+0x87
b9ca1cc4 f7794ca2 000001f0 00000001 00000003 nt!NtClose+0x1d
WARNING: Stack unwind information not available. Following frames may be wrong.
b9ca1cec f4418e4a 000001f0 b9ca1d64 0afaf50c Vax347b+0xdca2
b9ca1d58 804ddf0f 000001f0 0afaf56c 7c90eb94 Sandbox+0x4e4a
b9ca1d58 7c90eb94 000001f0 0afaf56c 7c90eb94 nt!KiFastCallEntry+0xfc
0afaf56c 00000000 00000000 00000000 00000000 0x7c90eb94


STACK_COMMAND: kb

FOLLOWUP_IP:
Vax347b+dca2
f7794ca2 ?? ???

SYMBOL_STACK_INDEX: a

SYMBOL_NAME: Vax347b+dca2

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: Vax347b

IMAGE_NAME: Vax347b.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 426c9fbc

FAILURE_BUCKET_ID: 0xD1_CODE_AV_BAD_IP_Vax347b+dca2

BUCKET_ID: 0xD1_CODE_AV_BAD_IP_Vax347b+dca2

---------
Loading Dump File [F:\kdfe_Dump_Analize\DumpS\Mini052809-01.dmp]

Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_rtm.040803-2158
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805644a0
Debug session time: Thu May 28 05:04:13.937 2009 (GMT+6)
System Uptime: 0 days 7:11:23.660


BugCheck 100000D1, {f446924e, 2, 0, f446924e}

Unable to load image Vax347b.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for Vax347b.sys
*** ERROR: Module load completed but symbols could not be loaded for Vax347b.sys
*** WARNING: Unable to verify timestamp for Sandbox.SYS
*** ERROR: Module load completed but symbols could not be loaded for Sandbox.SYS
Probably caused by : Vax347b.sys ( Vax347b+dca2 )

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: f446924e, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: f446924e, address which referenced memory

Debugging Details:

READ_ADDRESS: f446924e

CURRENT_IRQL: 2

FAULTING_IP:
afd!AfdIssueDeviceControl+10d
f446924e 687a9246f4 push offset afd!AfdSetContext+0x140 (f446927a)

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0xD1

PROCESS_NAME: firefox.exe

LAST_CONTROL_TRANSFER: from f4465e59 to f446924e

FAILED_INSTRUCTION_ADDRESS:
afd!AfdIssueDeviceControl+10d
f446924e 687a9246f4 push offset afd!AfdSetContext+0x140 (f446927a)

STACK_TEXT:
b9e8eb58 f4465e59 842df028 b9e8eb78 0000000c afd!AfdIssueDeviceControl+0x10d
b9e8eb84 f446f5b5 842df028 00000004 00000000 afd!AfdSetEventHandler+0x2e
b9e8ebc0 f446f17e 85960830 871ac6c8 b9e8ec10 afd!AfdCleanup+0x619
b9e8ebd0 804e19ee 87065f18 8414ae00 8414ae00 afd!AfdDispatch+0xbb
b9e8ebe0 8057e818 85960818 873e7ad0 00000001 nt!IopfCallDriver+0x31
b9e8ec10 80570c83 83f07020 87065f18 001f01ff nt!IopCloseFile+0x26b
b9e8ec40 80570dd6 83f07020 01960818 873e7ad0 nt!ObpDecrementHandleCount+0x11b
b9e8ec68 80570cfc e3cac180 85960830 000006f8 nt!ObpCloseHandleTableEntry+0x14d
b9e8ecb0 80570d46 000006f8 00000001 00000000 nt!ObpCloseHandle+0x87
b9e8ecc4 f7794ca2 000006f8 00000001 00000003 nt!NtClose+0x1d
WARNING: Stack unwind information not available. Following frames may be wrong.
b9e8ecec f4418e4a 000006f8 b9e8ed64 0651f50c Vax347b+0xdca2
b9e8ed58 804ddf0f 000006f8 0651f56c 7c90eb94 Sandbox+0x4e4a
b9e8ed58 7c90eb94 000006f8 0651f56c 7c90eb94 nt!KiFastCallEntry+0xfc
0651f56c 00000000 00000000 00000000 00000000 0x7c90eb94


STACK_COMMAND: kb

FOLLOWUP_IP:
Vax347b+dca2
f7794ca2 ?? ???

SYMBOL_STACK_INDEX: a

SYMBOL_NAME: Vax347b+dca2

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: Vax347b

IMAGE_NAME: Vax347b.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 426c9fbc

FAILURE_BUCKET_ID: 0xD1_CODE_AV_BAD_IP_Vax347b+dca2

BUCKET_ID: 0xD1_CODE_AV_BAD_IP_Vax347b+dca2

----
Loading Dump File [F:\kdfe_Dump_Analize\DumpS\Mini052909-01.dmp]

Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_rtm.040803-2158
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805644a0
Debug session time: Fri May 29 02:32:19.703 2009 (GMT+6)
System Uptime: 0 days 3:20:59.414

BugCheck 100000D1, {f446924e, 2, 0, f446924e}

Unable to load image Vax347b.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for Vax347b.sys
*** ERROR: Module load completed but symbols could not be loaded for Vax347b.sys
*** WARNING: Unable to verify timestamp for Sandbox.SYS
*** ERROR: Module load completed but symbols could not be loaded for Sandbox.SYS
Probably caused by : Vax347b.sys ( Vax347b+dca2 )

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: f446924e, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: f446924e, address which referenced memory

Debugging Details:

READ_ADDRESS: f446924e

CURRENT_IRQL: 2

FAULTING_IP:
afd!AfdIssueDeviceControl+10d
f446924e 687a9246f4 push offset afd!AfdSetContext+0x140 (f446927a)

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0xD1

PROCESS_NAME: firefox.exe

LAST_CONTROL_TRANSFER: from f4465e59 to f446924e

FAILED_INSTRUCTION_ADDRESS:
afd!AfdIssueDeviceControl+10d
f446924e 687a9246f4 push offset afd!AfdSetContext+0x140 (f446927a)

STACK_TEXT:
b9cf5b58 f4465e59 85b0b718 b9cf5b78 0000000c afd!AfdIssueDeviceControl+0x10d
b9cf5b84 f446f5b5 85b0b718 00000004 00000000 afd!AfdSetEventHandler+0x2e
b9cf5bc0 f446f17e 8369e610 86fae030 b9cf5c10 afd!AfdCleanup+0x619
b9cf5bd0 804e19ee 85cef548 8348e008 8348e008 afd!AfdDispatch+0xbb
b9cf5be0 8057e818 8369e5f8 873e7ca0 00000001 nt!IopfCallDriver+0x31
b9cf5c10 80570c83 834d1020 85cef548 001f01ff nt!IopCloseFile+0x26b
b9cf5c40 80570dd6 834d1020 0169e5f8 873e7ca0 nt!ObpDecrementHandleCount+0x11b
b9cf5c68 80570cfc e3de9390 8369e610 000006f8 nt!ObpCloseHandleTableEntry+0x14d
b9cf5cb0 80570d46 000006f8 00000001 00000000 nt!ObpCloseHandle+0x87
b9cf5cc4 f7794ca2 000006f8 00000001 00000003 nt!NtClose+0x1d
WARNING: Stack unwind information not available. Following frames may be wrong.
b9cf5cec f4418e4a 000006f8 b9cf5d64 070ef50c Vax347b+0xdca2
b9cf5d58 804ddf0f 000006f8 070ef56c 7c90eb94 Sandbox+0x4e4a
b9cf5d58 7c90eb94 000006f8 070ef56c 7c90eb94 nt!KiFastCallEntry+0xfc
070ef56c 00000000 00000000 00000000 00000000 0x7c90eb94


STACK_COMMAND: kb

FOLLOWUP_IP:
Vax347b+dca2
f7794ca2 ?? ???

SYMBOL_STACK_INDEX: a

SYMBOL_NAME: Vax347b+dca2

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: Vax347b

IMAGE_NAME: Vax347b.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 426c9fbc

FAILURE_BUCKET_ID: 0xD1_CODE_AV_BAD_IP_Vax347b+dca2

BUCKET_ID: 0xD1_CODE_AV_BAD_IP_Vax347b+dca2

quit:

что за зверь такой Vax347b.sys?
везде засветился outpost со своим драйвером Sandbox
так что похоже пока БП не виноват, но обновить его стоит.

1. обновить (снести) outpost
2. проверится на "зверей" в системе
3. и поставь наконец-то SP3. SP2 это готовое блюдо для зверей в сети

[Virtual]

Kolpen, последние 2 дампа ссылаются на glausb.sys но!!! крах системы опять при вызове ndis!ndisMTimerDpcX+0xb6

ЗЫ имхо, дляпотестить
1.снести все антивири (так как странный какойто момент, крах происходит при приходе данных по сети, и последующей попытки их получить в буфер, может на самом деле антивирь или вирус гадит, со своим фильтром контента)
2. обновить систему
3. поставить сетевую карточку в другой слот (если внутренняя, то ее отключить и установить внешнюю).

ЗЫЗЫ может на "зловредов" стоит проверится?
интересная закономерность в дампах в стеке.

читать дальше »

Microsoft (R) Windows Debugger Version 6.11.0001.402 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [F:\kdfe_Dump_Analize\DumpS\Mini060209-05.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: srv*symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: srv*symbols *http://msdl.microsoft.com/download/symbols
Windows Server 2008/Windows Vista Kernel Version 6001 (Service Pack 1) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 6001.18063.x86fre.vistasp1_gdr.080425-1930
Machine Name:
Kernel base = 0x8204a000 PsLoadedModuleList = 0x82161c70
Debug session time: Tue Jun 2 17:35:05.110 2009 (GMT+6)
System Uptime: 0 days 0:07:03.905
Loading Kernel Symbols
...............................................................
................................................................
....................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck D1, {2e312f50, 2, 8, 2e312f50}

Probably caused by : ntkrpamp.exe ( nt!KiTrap0E+2ac )

Followup: MachineOwner
---------

0: kd> kd: Reading initial command '!analyze -v; q'
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 2e312f50, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000008, value 0 = read operation, 1 = write operation
Arg4: 2e312f50, address which referenced memory

Debugging Details:
------------------


READ_ADDRESS: GetPointerFromAddress: unable to read from 82181868
Unable to read MiSystemVaType memory at 82161420
2e312f50

CURRENT_IRQL: 2

FAULTING_IP:
+1ad952f0006db1c
2e312f50 ?? ???

PROCESS_NAME: System

CUSTOMER_CRASH_COUNT: 5

DEFAULT_BUCKET_ID: COMMON_SYSTEM_FAULT

BUGCHECK_STR: 0xD1

TRAP_FRAME: 8213fa98 -- (.trap 0xffffffff8213fa98)
ErrCode = 00000010
eax=01ffffff ebx=00000000 ecx=8213fa78 edx=8213f864 esi=88004908 edi=87dcfaa0
eip=2e312f50 esp=8213fb0c ebp=87fe1858 iopl=0 nv up ei ng nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010282
2e312f50 ?? ???
Resetting default scope

LAST_CONTROL_TRANSFER: from 2e312f50 to 820a4d84

FAILED_INSTRUCTION_ADDRESS:
+1ad952f0006db1c
2e312f50 ?? ???

STACK_TEXT:
8213fa98 2e312f50 badb0d00 8213f864 8213faf0 nt!KiTrap0E+0x2ac
WARNING: Frame IP not in any known module. Following frames may be wrong.
8213fb08 480a0d31 3a74736f 3046465b 433a3a32 0x2e312f50
8213fb0c 3a74736f 3046465b 433a3a32 39313a5d 0x480a0d31
8213fb10 3046465b 433a3a32 39313a5d 0a0d3030 0x3a74736f
8213fb14 433a3a32 39313a5d 0a0d3030 753a544e 0x3046465b
8213fb18 39313a5d 0a0d3030 753a544e 3a646975 0x433a3a32
8213fb1c 0a0d3030 753a544e 3a646975 62373463 0x39313a5d
8213fb20 753a544e 3a646975 62373463 62613565 0xa0d3030
8213fb24 3a646975 62373463 62613565 3834322d 0x753a544e
8213fb28 62373463 62613565 3834322d 36342d31 0x3a646975
8213fb2c 62613565 3834322d 36342d31 382d6236 0x62373463
8213fb30 3834322d 36342d31 382d6236 2d383031 0x62613565
8213fb34 36342d31 382d6236 2d383031 65643564 0x3834322d
8213fb38 382d6236 2d383031 65643564 37326434 0x36342d31
8213fb3c 2d383031 65643564 37326434 34326131 0x382d6236
8213fb40 65643564 37326434 34326131 544e0a0d 0x2d383031
8213fb44 37326434 34326131 544e0a0d 73733a53 0x65643564
8213fb48 34326131 544e0a0d 73733a53 623a7064 0x37326434
8213fb4c 544e0a0d 73733a53 623a7064 79626579 0x34326131
8213fb50 73733a53 623a7064 79626579 4c0a0d65 0x544e0a0d
8213fb54 623a7064 79626579 4c0a0d65 7461636f 0x73733a53
8213fb58 79626579 4c0a0d65 7461636f 3a6e6f69 0x623a7064
8213fb5c 4c0a0d65 7461636f 3a6e6f69 70747468 0x79626579
8213fb60 7461636f 3a6e6f69 70747468 5b2f2f3a 0x4c0a0d65
8213fb64 3a6e6f69 70747468 5b2f2f3a 30386566 0x7461636f
8213fb68 70747468 5b2f2f3a 30386566 63343a3a 0x3a6e6f69
8213fb6c 5b2f2f3a 30386566 63343a3a 64383a62 0x70747468
8213fb70 30386566 63343a3a 64383a62 393a3535 0x5b2f2f3a
8213fb74 63343a3a 64383a62 393a3535 3a336136 0x30386566
8213fb78 64383a62 393a3535 3a336136 61363561 0x63343a3a
8213fb7c 393a3535 3a336136 61363561 38323a5d 0x64383a62
8213fb80 3a336136 61363561 38323a5d 752f3936 0x393a3535
8213fb84 61363561 38323a5d 752f3936 68706e70 0x3a336136
8213fb88 38323a5d 752f3936 68706e70 2f74736f 0x61363561
8213fb8c 752f3936 68706e70 2f74736f 69686475 0x38323a5d
8213fb90 68706e70 2f74736f 69686475 69706173 0x752f3936
8213fb94 2f74736f 69686475 69706173 6c6c642e 0x68706e70
8213fb98 69686475 69706173 6c6c642e 6e6f633f 0x2f74736f
8213fb9c 69706173 6c6c642e 6e6f633f 746e6574 0x69686475
8213fba0 6c6c642e 6e6f633f 746e6574 6975753d 0x69706173
8213fba4 6e6f633f 746e6574 6975753d 35363a64 0x6c6c642e
8213fba8 746e6574 6975753d 35363a64 63646664 0x6e6f633f
8213fbac 6975753d 35363a64 63646664 652d3835 0x746e6574
8213fbb0 35363a64 63646664 652d3835 2d353761 0x6975753d
8213fbb4 63646664 652d3835 2d353761 63336134 0x35363a64
8213fbb8 652d3835 2d353761 63336134 6137382d 0x63646664
8213fbbc 2d353761 63336134 6137382d 33612d62 0x652d3835
8213fbc0 63336134 6137382d 33612d62 61356665 0x2d353761
8213fbc4 6137382d 33612d62 61356665 38323830 0x63336134
8213fbc8 33612d62 61356665 38323830 0a0d3433 0x6137382d
8213fbcc 61356665 38323830 0a0d3433 3a4e5355 0x33612d62
8213fbd0 38323830 0a0d3433 3a4e5355 64697575 0x61356665
8213fbd4 0a0d3433 3a4e5355 64697575 3734633a 0x38323830
8213fbd8 3a4e5355 64697575 3734633a 61356562 0xa0d3433
8213fbdc 64697575 3734633a 61356562 34322d62 0x3a4e5355
8213fbe0 3734633a 61356562 34322d62 342d3138 0x64697575
8213fbe4 61356562 34322d62 342d3138 2d623636 0x3734633a
8213fbe8 34322d62 342d3138 2d623636 38303138 0x61356562
8213fce8 82100510 87460080 00460058 2ca0061f 0x34322d62
8213fd50 820fef9d 00000000 0000000e 00000000 nt!KiRetireDpcList+0x147
8213fd54 00000000 0000000e 00000000 00000000 nt!KiIdleLoop+0x49


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!KiTrap0E+2ac
820a4d84 833d648c178200 cmp dword ptr [nt!KiFreezeFlag (82178c64)],0

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: nt!KiTrap0E+2ac

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntkrpamp.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 4812bd71

FAILURE_BUCKET_ID: 0xD1_CODE_AV_BAD_IP_nt!KiTrap0E+2ac

BUCKET_ID: 0xD1_CODE_AV_BAD_IP_nt!KiTrap0E+2ac

Followup: MachineOwner
---------

quit:

F:\kdfe_Dump_Analize>echo off


Microsoft (R) Windows Debugger Version 6.11.0001.402 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [F:\kdfe_Dump_Analize\DumpS\Mini060209-06.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: srv*symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: srv*symbols *http://msdl.microsoft.com/download/symbols
Windows Server 2008/Windows Vista Kernel Version 6001 (Service Pack 1) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 6001.18063.x86fre.vistasp1_gdr.080425-1930
Machine Name:
Kernel base = 0x82000000 PsLoadedModuleList = 0x82117c70
Debug session time: Tue Jun 2 18:11:10.464 2009 (GMT+6)
System Uptime: 0 days 0:26:56.317
Loading Kernel Symbols
...............................................................
................................................................
....................
Loading User Symbols
Loading unloaded module list
...
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck D1, {2f505454, 2, 8, 2f505454}

Unable to load image \SystemRoot\system32\DRIVERS\glausb.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for glausb.sys
*** ERROR: Module load completed but symbols could not be loaded for glausb.sys
Probably caused by : glausb.sys ( glausb+6611 )

Followup: MachineOwner
---------

1: kd> kd: Reading initial command '!analyze -v; q'
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 2f505454, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000008, value 0 = read operation, 1 = write operation
Arg4: 2f505454, address which referenced memory

Debugging Details:
------------------


READ_ADDRESS: GetPointerFromAddress: unable to read from 82137868
Unable to read MiSystemVaType memory at 82117420
2f505454

CURRENT_IRQL: 2

FAULTING_IP:
+1ad952f0006db1c
2f505454 ?? ???

PROCESS_NAME: System

CUSTOMER_CRASH_COUNT: 6

DEFAULT_BUCKET_ID: COMMON_SYSTEM_FAULT

BUGCHECK_STR: 0xD1

TRAP_FRAME: 803eca98 -- (.trap 0xffffffff803eca98)
ErrCode = 00000010
eax=01ffffff ebx=00000000 ecx=803eca78 edx=803ec864 esi=87c18940 edi=87f444a0
eip=2f505454 esp=803ecb0c ebp=87efa600 iopl=0 nv up ei ng nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010282
2f505454 ?? ???
Resetting default scope

LAST_CONTROL_TRANSFER: from 2f505454 to 8205ad84

FAILED_INSTRUCTION_ADDRESS:
+1ad952f0006db1c
2f505454 ?? ???

STACK_TEXT:
803eca98 2f505454 badb0d00 803ec864 803ecaf0 nt!KiTrap0E+0x2ac
WARNING: Frame IP not in any known module. Following frames may be wrong.
803ecb08 0d312e31 736f480a 465b3a74 3a323046 0x2f505454
803ecbb0 82740ba0 0255d0e8 803ecbf4 00000001 0xd312e31
803ecbec 82766bfc 856c4dd8 87636020 87636012 ndis!ndisLWM5IndicateReceive+0x31d
803ecc10 918c7611 875548c0 87636020 87636012 ndis!EthIndicateReceive+0x1f
803ecc44 918c84e3 875ab6f0 8744d540 87574908 glausb+0x6611
803ecc98 918c152a 87556008 87574908 8744d540 glausb+0x74e3
803eccb8 827332bf 00000000 8755604c 00000000 glausb+0x52a
803ecce8 820b6510 87556080 00556058 3746e6bd ndis!ndisMTimerDpcX+0xb6
803ecd50 820b4f9d 00000000 0000000e 00000000 nt!KiRetireDpcList+0x147
803ecd54 00000000 0000000e 00000000 00000000 nt!KiIdleLoop+0x49


STACK_COMMAND: kb

FOLLOWUP_IP:
glausb+6611
918c7611 ?? ???

SYMBOL_STACK_INDEX: 5

SYMBOL_NAME: glausb+6611

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: glausb

IMAGE_NAME: glausb.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 43330bcd

FAILURE_BUCKET_ID: 0xD1_CODE_AV_BAD_IP_glausb+6611

BUCKET_ID: 0xD1_CODE_AV_BAD_IP_glausb+6611

Followup: MachineOwner
---------

quit:

F:\kdfe_Dump_Analize>echo off


Microsoft (R) Windows Debugger Version 6.11.0001.402 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [F:\kdfe_Dump_Analize\DumpS\Mini060309-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: srv*symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: srv*symbols *http://msdl.microsoft.com/download/symbols
Windows Server 2008/Windows Vista Kernel Version 6001 (Service Pack 1) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 6001.18063.x86fre.vistasp1_gdr.080425-1930
Machine Name:
Kernel base = 0x82242000 PsLoadedModuleList = 0x82359c70
Debug session time: Wed Jun 3 04:23:56.817 2009 (GMT+6)
System Uptime: 0 days 2:33:49.120
Loading Kernel Symbols
...............................................................
................................................................
....................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck FC, {2f505454, 22ddb867, 803f0d38, 0}

Unable to load image \SystemRoot\system32\DRIVERS\glausb.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for glausb.sys
*** ERROR: Module load completed but symbols could not be loaded for glausb.sys
Probably caused by : glausb.sys ( glausb+6611 )

Followup: MachineOwner
---------

1: kd> kd: Reading initial command '!analyze -v; q'
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

ATTEMPTED_EXECUTE_OF_NOEXECUTE_MEMORY (fc)
An attempt was made to execute non-executable memory. The guilty driver
is on the stack trace (and is typically the current instruction pointer).
When possible, the guilty driver's name (Unicode string) is printed on
the bugcheck screen and saved in KiBugCheckDriver.
Arguments:
Arg1: 2f505454, Virtual address for the attempted execute.
Arg2: 22ddb867, PTE contents.
Arg3: 803f0d38, (reserved)
Arg4: 00000000, (reserved)

Debugging Details:
------------------


CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: VERIFIER_ENABLED_VISTA_MINIDUMP

BUGCHECK_STR: 0xFC

PROCESS_NAME: Wow.exe

CURRENT_IRQL: 2

TRAP_FRAME: 803f0d38 -- (.trap 0xffffffff803f0d38)
ErrCode = 00000011
eax=01ffffff ebx=00000000 ecx=803f0d18 edx=803f0b04 esi=9ff3d570 edi=a1bd5d10
eip=2f505454 esp=803f0dac ebp=a1b330a0 iopl=0 nv up ei ng nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010282
2f505454 ?? ???
Resetting default scope

LAST_CONTROL_TRANSFER: from 8229cbb4 to 822e7155

STACK_TEXT:
803f0d20 8229cbb4 00000008 2f505454 00000000 nt!MmAccessFault+0x10a
803f0d20 2f505454 00000008 2f505454 00000000 nt!KiTrap0E+0xdc
WARNING: Frame IP not in any known module. Following frames may be wrong.
803f0da8 0d312e31 736f480a 465b3a74 3a323046 0x2f505454
803f0e50 84b4dba0 0287a0e8 803f0e94 00000001 0xd312e31
803f0e8c 84b73bfc 87b71dd8 81963020 81963012 ndis!ndisLWM5IndicateReceive+0x31d
803f0eb0 92bd5611 a1a0c710 81963020 81963012 ndis!EthIndicateReceive+0x1f
803f0ee4 92bd64e3 9ffef7d0 9c0e7720 818848c8 glausb+0x6611
803f0f38 92bcf52a 81880008 818848c8 9c0e7720 glausb+0x74e3
803f0f58 84b402bf 00000000 8188004c 00000000 glausb+0x52a
803f0f88 822f8510 81880080 00880058 d1bafb6b ndis!ndisMTimerDpcX+0xb6
803f0ff4 822f69f5 b12abd10 00000000 00000000 nt!KiRetireDpcList+0x147
803f0ff8 b12abd10 00000000 00000000 00000000 nt!KiDispatchInterrupt+0x45
803f0ffc 00000000 00000000 00000000 00000000 0xb12abd10


STACK_COMMAND: kb

FOLLOWUP_IP:
glausb+6611
92bd5611 ?? ???

SYMBOL_STACK_INDEX: 6

SYMBOL_NAME: glausb+6611

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: glausb

IMAGE_NAME: glausb.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 43330bcd

FAILURE_BUCKET_ID: 0xFC_VRF_glausb+6611

BUCKET_ID: 0xFC_VRF_glausb+6611

Followup: MachineOwner
---------

quit:

[Kolpen]

стоял, касперский последний версии я его снес сегодня, ща ставлю нод32 проверю. ну касперским два дня назад проверялся все норм было.
проверил нодом нечего ненашел, ща буду ждать синего экрана надеюсь проблема была из за кис.

[Virtual]

Kolpen, не ставь пока нод, проверится лучше утилитами типа AVZ
если сам не справишся, то сходи на virusinfi.info или в аналог на этом форуме http://forum.oszone.net/forum-87.html

[Kolpen]

после удаление каспера, поставил нод проверился синего экрана нет уже с обеда надеюсь что проблема была в каспере всем спс за советы надеюсь у меня будет все ок)