Vista Crashes

C

chriskmee

New Member
I bought this brand new laptop from hp with vista home premium. I have had 8 crashes in the few months ive owned it. I was wondering if you guys could help me out with figuring out what is happening, which brings me to my next question.
How can i show you my files? i know i can compress them and post them, but if i did the windbg myself and just copy and pasted my results, would that be all that is needed? I have done this windbg before, but i dont exactly know what to do with my results. (i also use the !analyze command, or something like that)
dv9500t
2gigs ram
2 160gb 5400rpm sata drives
core 2 duo t7700 (2.4ghtz)
Nvinia G-force 8600mgs
vista home premium

If i do copy and paste my results, is there anything i should black out for security reasons? is there a max length of a post?

Any help is greatly appreciated, ill try to post my results or files after school today, thank you!
 
Last edited:
what do you mean to say by post your files ?
basically the usual routine is HijackthisLogs, you can post that.
and you can specify the crashes also this may help us resolve the problem matey :)
 
ok, when i said post the files, i meant to say "do i have to attatch the actual file/upload it, or can i just debug it and copy all the information winbdg gives me (a bunch of technical info about the crash). It would be easier to just copy the text i get back than to upload all the files

the files are crash dump files (dmp) located in the folder C:\Windows\Minidump

basically what would happen is that i would try to do something, such as open my computer or my e-mail, or it would happen when i wasnt around. The computer would go to a Blue screen with while letters, at the bottom saying something like "creating dump file". then the computer would restart normally (except for the bootloader will give the option of starting with cmd, and safe mode etc. along with start windows normally)

Please explain this HiJackThisLog
 
Last edited:
here is an example of what i mean by "posting the text i get back from debugging the file using windbg." This is my first crash file of 8, if this is enough to know what the problem was, i can make 7 more posts with one dump in each of them






Loading Dump File [C:\Windows\Minidump\Mini110407-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is:

SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Vista Kernel Version 6000 MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 6000.16514.x86fre.vista_gdr.070627-1500
Kernel base = 0x81c00000 PsLoadedModuleList = 0x81d11db0
Debug session time: Sun Nov 4 18:51:06.800 2007 (GMT-8)
System Uptime: 1 days 3:56:14.636
Loading Kernel Symbols
..................................................................................................................................................................
Loading User Symbols
Loading unloaded module list
.....................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000008E, {c0000005, 81ce752b, b36346a4, 0}

*** WARNING: Unable to verify timestamp for mfehidk.sys
*** ERROR: Module load completed but symbols could not be loaded for mfehidk.sys


Probably caused by : fileinfo.sys ( fileinfo!FIStreamGetInfo+108 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 81ce752b, The address that the exception occurred at
Arg3: b36346a4, Trap Frame
Arg4: 00000000

Debugging Details:
------------------




EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

FAULTING_IP:
nt!ExAllocatePoolWithTag+520
81ce752b 894804 mov dword ptr [eax+4],ecx

TRAP_FRAME: b36346a4 -- (.trap 0xffffffffb36346a4)
ErrCode = 00000002
eax=7c659668 ebx=8363c184 ecx=8363b3cc edx=00000001 esi=8363b0d0 edi=b55950d0
eip=81ce752b esp=b3634718 ebp=b3634760 iopl=0 nv up ei pl nz ac po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010212
nt!ExAllocatePoolWithTag+0x520:
81ce752b 894804 mov dword ptr [eax+4],ecx ds:0023:7c65966c=????????
Resetting default scope

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

BUGCHECK_STR: 0x8E

PROCESS_NAME: explorer.exe

CURRENT_IRQL: 0

LAST_CONTROL_TRANSFER: from 806aeba6 to 81ce752b

STACK_TEXT:
b3634760 806aeba6 00000001 0000010c 6e664d46 nt!ExAllocatePoolWithTag+0x520
b3634780 806af52b 83f743c0 00000000 83f743c0 fltmgr!FltpAllocateFileNameInformation+0x22
b3634798 8069af13 83f743c0 00000000 00000000 fltmgr!FltpCreateFileNameInformation+0x8d
b36347c8 8069b37c 8520b46c 00000000 b3634860 fltmgr!FltpGetFileNameInformation+0x31b
b36347f0 8068aace 00d22c18 00000401 b3634824 fltmgr!FltGetFileNameInformation+0x120
b3634840 8068ace7 83d22c18 b3634860 0026c97e fileinfo!FIStreamGetInfo+0x108
b3634878 8069512d 83d22c18 b363489c 32106827 fileinfo!FIPostCreateCallback+0x133
b36348dc 80697fa8 00d22bb8 00000000 83d22bb8 fltmgr!FltpPerformPostCallbacks+0x1f1
b36348f0 806984de 83d22bb8 853a9b00 b3634930 fltmgr!FltpProcessIoCompletion+0x10
b3634900 80698aec 8590b460 853a9b00 83d22bb8 fltmgr!FltpPassThroughCompletion+0x94
b3634930 806aaa91 b3634950 00000000 00000000 fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x2ba
b363497c 81c27fae 8590b460 858e9008 853a9cfc fltmgr!FltpCreate+0x2a1
b3634994 9f9acdf4 84036bdc 84036b80 00000002 nt!IofCallDriver+0x63
WARNING: Stack unwind information not available. Following frames may be wrong.
b36349bc 9f99df1b 853a9b00 b3634a70 853a9b00 mfehidk+0x15df4
b36349e0 9f99e58c 853a9b00 853a9cd8 8424aa10 mfehidk+0x6f1b
b3634a78 9f9ac049 8424aa10 853a9b00 b3634ab0 mfehidk+0x758c
b3634a88 9f9ac099 b3634a98 9fa3ea88 9fa3ea88 mfehidk+0x15049
b3634ab0 81c27fae 9fa3ea88 853a9b00 8424aa6c mfehidk+0x15099
b3634ac8 81d96f3c b363f0c0 83e9a61c 85746e08 nt!IofCallDriver+0x63
b3634b80 81deeebf 85746e20 00000000 83e9a578 nt!IopParseDevice+0xcff
b3634c10 81dec66f 00000000 b3634c68 00000040 nt!ObpLookupObjectName+0x615
b3634c70 81d839c4 0559e3f8 00000000 81c77501 nt!ObOpenObjectByName+0x13c
b3634ce4 81d8ec72 0559e444 c0140080 0559e3f8 nt!IopCreateFile+0x5ec
b3634d30 81c8c92a 0559e444 c0140080 0559e3f8 nt!NtCreateFile+0x34
b3634d30 77120f34 0559e444 c0140080 0559e3f8 nt!KiFastCallEntry+0x12a
0559e438 00000000 00000000 00000000 00000000 0x77120f34


STACK_COMMAND: kb

FOLLOWUP_IP:
fileinfo!FIStreamGetInfo+108
8068aace 85c0 test eax,eax

SYMBOL_STACK_INDEX: 5

SYMBOL_NAME: fileinfo!FIStreamGetInfo+108

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: fileinfo

IMAGE_NAME: fileinfo.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4549ae1f

FAILURE_BUCKET_ID: 0x8E_fileinfo!FIStreamGetInfo+108

BUCKET_ID: 0x8E_fileinfo!FIStreamGetInfo+108

Followup: MachineOwner
---------
 
Last edited:
Driver problem. You need to tell us when does the crash occur. When it crashes, what were you usually doing before that?
 
lol, thats a good one, lets just say randomly....
i know what your saying, but it does specifically say in there explorer.exe, doesnt that mean it was explorer.exe that made it crash? like this next one, says winmail, isnt it windows mail that made it crash?

Microsoft (R) Windows Debugger Version 6.8.0004.0 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\Minidump\Mini112507-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is:

SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Vista Kernel Version 6000 MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 6000.16551.x86fre.vista_gdr.070828-1515
Kernel base = 0x82000000 PsLoadedModuleList = 0x82111e10
Debug session time: Sun Nov 25 21:09:23.036 2007 (GMT-8)
System Uptime: 0 days 10:34:10.567
Loading Kernel Symbols
.............................................................................................................................................................................
Loading User Symbols
Loading unloaded module list
............
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 50, {95647587, 0, 940c4754, 2}


Could not read faulting driver name


Probably caused by : win32k.sys ( win32k!jMapCharset+61 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: 95647587, memory referenced.
Arg2: 00000000, value 0 = read operation, 1 = write operation.
Arg3: 940c4754, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 00000002, (reserved)

Debugging Details:
------------------


Could not read faulting driver name



READ_ADDRESS: GetPointerFromAddress: unable to read from 821315ac
Unable to read MiSystemVaType memory at 821117e0
95647587

FAULTING_IP:
win32k!jMapCharset+61
940c4754 8b4014 mov eax,dword ptr [eax+14h]

MM_INTERNAL_CODE: 2

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

BUGCHECK_STR: 0x50

PROCESS_NAME: WinMail.exe

CURRENT_IRQL: 0

TRAP_FRAME: ad30baf8 -- (.trap 0xffffffffad30baf8)
ErrCode = 00000000
eax=95647573 ebx=ad30bbb2 ecx=ad30bbcc edx=080e8000 esi=ffa47238 edi=ffa2794e
eip=940c4754 esp=ad30bb6c ebp=ad30bb78 iopl=0 nv up ei pl nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010202
win32k!jMapCharset+0x61:
940c4754 8b4014 mov eax,dword ptr [eax+14h] ds:0023:95647587=????????
Resetting default scope

LAST_CONTROL_TRANSFER: from 8208fbb4 to 820a9ef2

STACK_TEXT:
ad30bae0 8208fbb4 00000000 95647587 00000000 nt!MmAccessFault+0x106
ad30bae0 940c4754 00000000 95647587 00000000 nt!KiTrap0E+0xdc
ad30bb78 94063e1f 000000b2 ad30bbcc ad30bca0 win32k!jMapCharset+0x61
ad30bb94 9411e501 ad30bca0 00000001 ad30bca0 win32k!PFEOBJ::bFilteredOut+0xbb
ad30bbd0 94063e8a ad30bc68 00000003 ad30bca0 win32k!FHOBJ::bScanLists+0x79
ad30bbf0 9406393b ad30bc60 00000001 ad30bc68 win32k!bScanTheList+0x53
ad30bc10 940632c3 ad30bc60 00000002 ad30bc60 win32k!bScanFamily+0x43
ad30bc70 94063007 00000000 000000b2 00000003 win32k!hefsEngineOnly+0x70
ad30bce4 94062e64 ffa64598 00000003 ffa047c8 win32k!GreEnumFontOpen+0x142
ad30bd40 8208caaa b20101b9 00000003 00000000 win32k!NtGdiEnumFontOpen+0xc5
ad30bd40 77c60f34 b20101b9 00000003 00000000 nt!KiFastCallEntry+0x12a
WARNING: Frame IP not in any known module. Following frames may be wrong.
0023f2e8 00000000 00000000 00000000 00000000 0x77c60f34


STACK_COMMAND: kb

FOLLOWUP_IP:
win32k!jMapCharset+61
940c4754 8b4014 mov eax,dword ptr [eax+14h]

SYMBOL_STACK_INDEX: 2

SYMBOL_NAME: win32k!jMapCharset+61

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: win32k

IMAGE_NAME: win32k.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 46d4d163

FAILURE_BUCKET_ID: 0x50_win32k!jMapCharset+61

BUCKET_ID: 0x50_win32k!jMapCharset+61

Followup: MachineOwner
---------
 
and this one, which says its a graphics card driver error.
the point is, i have no idea what i was doing when these crashes happen, i was in that kind of "im just doing random stuff on the computer" mode, not really remebering what the last button i pressed was. I was hoping you could find alot more information just looking at these files.




Microsoft (R) Windows Debugger Version 6.8.0004.0 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\Minidump\Mini112307-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is:

SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Vista Kernel Version 6000 MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 6000.16551.x86fre.vista_gdr.070828-1515
Kernel base = 0x82000000 PsLoadedModuleList = 0x82111e10
Debug session time: Fri Nov 23 20:46:41.138 2007 (GMT-8)
System Uptime: 1 days 8:26:21.693
Loading Kernel Symbols
......................................................................................................................................................................
Loading User Symbols
Loading unloaded module list
.........................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 116, {9004d008, 8b93aeb0, 0, 2}

Unable to load image \SystemRoot\system32\DRIVERS\nvlddmkm.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for nvlddmkm.sys
*** ERROR: Module load completed but symbols could not be loaded for nvlddmkm.sys


Probably caused by : nvlddmkm.sys ( nvlddmkm+4eb0 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

VIDEO_TDR_FAILURE (116)
Attempt to reset the display driver and recover from timeout failed.
Arguments:
Arg1: 9004d008, Optional pointer to internal TDR recovery context (TDR_RECOVERY_CONTEXT).
Arg2: 8b93aeb0, The pointer into responsible device driver module (e.g. owner tag).
Arg3: 00000000, Optional error code (NTSTATUS) of the last failed operation.
Arg4: 00000002, Optional internal context dependent data.

Debugging Details:
------------------




FAULTING_IP:
nvlddmkm+4eb0
8b93aeb0 8b4c2404 mov ecx,dword ptr [esp+4]

DEFAULT_BUCKET_ID: GRAPHICS_DRIVER_TDR_FAULT

CUSTOMER_CRASH_COUNT: 1

BUGCHECK_STR: 0x116

PROCESS_NAME: System

CURRENT_IRQL: 0

STACK_TEXT:
8af43bc8 8b4bd9f8 00000116 9004d008 8b93aeb0 nt!KeBugCheckEx+0x1e
8af43bec 8b4be6d6 8b93aeb0 00000000 00000002 dxgkrnl!TdrBugcheckOnTimeout+0x8d
8af43c0c 8b45b9e5 00000000 00000102 9008aa38 dxgkrnl!TdrIsRecoveryRequired+0xa1
8af43c70 8b46ce3f 9008aa38 000000c0 00000000 dxgkrnl!VidSchiReportHwHang+0x2e4
8af43c9c 8b46cb9f 9008aa38 00000000 00000000 dxgkrnl!VidSchiCheckHwProgress+0x69
8af43cc8 8b449193 00000002 8e1ed508 9008a840 dxgkrnl!VidSchiWaitForSchedulerEvents+0x13f
8af43d58 8b46d093 9008aa38 00000000 9008aa38 dxgkrnl!VidSchiScheduleCommandToRun+0xac
8af43d6c 8b4acce2 9008aa38 9008f1f8 8af43dc0 dxgkrnl!VidSchiRun_PriorityTable+0xf
8af43d7c 82225526 9008aa38 8af48680 00000000 dxgkrnl!VidSchiWorkerThread+0x61
8af43dc0 8209159e 8b4acc81 9008aa38 00000000 nt!PspSystemThreadStartup+0x9d
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16


STACK_COMMAND: .bugcheck ; kb

FOLLOWUP_IP:
nvlddmkm+4eb0
8b93aeb0 8b4c2404 mov ecx,dword ptr [esp+4]

SYMBOL_NAME: nvlddmkm+4eb0

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nvlddmkm

IMAGE_NAME: nvlddmkm.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 46490faf

FAILURE_BUCKET_ID: 0x116_IMAGE_nvlddmkm.sys

BUCKET_ID: 0x116_IMAGE_nvlddmkm.sys

Followup: MachineOwner
---------
 
oh.... that sucks....is there any suggestions you could give me? or should i just hope Microsoft fixes them eventually?
 
Uninstall your current video drivers completely and reboot. Then delete any nVIDIA display driver/software's folder if they were not removed during the uninstallation. To do this, you should first enable Hidden Files & Folders:

Control Panel->Folder Option, click on "Show hidden files & folders", apply and ok. After that, clean it using DriverCleaner or DriverSweeper, reboot even if it doesn't ask you to after the cleaning. Next, go to nVIDIA's site and download a fresh copy of the latest driver. Make sure it is the correct model# for your card & Windows. After download, right-click the installation file and choose "Run as Administrator". See if that remedies the problem.

Note: To disable (UAC) User Account Control: Control Panel->User Account->choose your account name, check "Turn off User Account Control" and click ok. Go back to Control Panel, open Security Center. Click "Change how Security Center alerts me" and a dialog box will popup, then click on "Do not alert me and do not show notifications".
 
Uninstall your current video drivers completely and reboot. Then delete any nVIDIA display driver/software's folder if they were not removed during the uninstallation. To do this, you should first enable Hidden Files & Folders:

Control Panel->Folder Option, click on "Show hidden files & folders", apply and ok. After that, clean it using DriverCleaner or DriverSweeper, reboot even if it doesn't ask you to after the cleaning. Next, go to nVIDIA's site and download a fresh copy of the latest driver. Make sure it is the correct model# for your card & Windows. After download, right-click the installation file and choose "Run as Administrator". See if that remedies the problem.

Note: To disable (UAC) User Account Control: Control Panel->User Account->choose your account name, check "Turn off User Account Control" and click ok. Go back to Control Panel, open Security Center. Click "Change how Security Center alerts me" and a dialog box will popup, then click on "Do not alert me and do not show notifications".
Click to expand...
yea that is what i will do
try it and let us know how it goes
 
You must log in or register to reply here.
Back
Top