locked
Need Help with BSOD Minidump Files RRS feed

  • Question

  • Hello,

    I tried doing this on my own with installing the Debugging Tools, but I'm not having much success and having some problems with that.  So, frustrated, I turn for help here with people that do it on a regular basis!

    I believe most of the messages have been driver related, and I've updated everything to the best of my knowledge and ability.  So I'm looking to the Minidump to find out exactly which driver file it is that I'm missing.  However, I believe the initial minidump wasn't driver related.  First happened when I was starting up a program I hadn't used in a while, and as it was updating, I got my first BSOD.  Ever since then, it's been quite random.  I didn't get a chance to catch the message.

    Anything you guys can do would be appreciated.

    Minidump files are located here: http://www.4shared.com/file/54EWdoIA/Minidump.html

    Thursday, November 18, 2010 2:27 PM

Answers

All replies

  • My bad.  I found a BIOS update.  Applied.  Still got BSOD.  Minidump file of that particular event is located here: http://www.4shared.com/file/vxW2O1Zt/111810-28688-01.html

    Thursday, November 18, 2010 2:48 PM
  • Mark Russinovich did a video on crash dump analysis:

    http://www.youtube.com/watch?v=JSeNWvjhBfg

     

    Thursday, November 18, 2010 4:20 PM
  • Appears to be caused by the atheros driver (usually a wireless LAN
    card). Your version is from 2009. Please update your wireless drivers
    and see if the issue persists. In addition, you can upload the files to
    skydrive, which is usually a little nicer to work with,
     
     
    1: kd> lmvm athrx
    start             end                 module name
    fffff880`03c13000 fffff880`03d6b000   athrx    T (no symbols)
        Loaded symbol image file: athrx.sys
        Image path: \SystemRoot\system32\DRIVERS\athrx.sys
        Image name: athrx.sys
        Timestamp:        Tue Jun 09 12:06:49 2009 (4A2EA4B9)
        CheckSum:         0015FE99
        ImageSize:        00158000
        Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
     
    1: kd>  !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
     
    DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
    An attempt was made to access a pageable (or completely invalid) address at an
    interrupt request level (IRQL) that is too high.  This is usually
    caused by drivers using improper addresses.
    If kernel debugger is available get stack backtrace.
    Arguments:
    Arg1: 0000000000000044, memory referenced
    Arg2: 0000000000000002, IRQL
    Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
    Arg4: fffff88003e8e8c1, address which referenced memory
     
    Debugging Details:
    ------------------
     READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002cb10e0
     0000000000000044
     
    CURRENT_IRQL:  2
     
    FAULTING_IP:
    athrx+5c8c1
    fffff880`03e8e8c1 8b4044          mov     eax,dword ptr [rax+44h]
     
    CUSTOMER_CRASH_COUNT:  1
     
    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
     
    BUGCHECK_STR:  0xD1
     
    PROCESS_NAME:  System
     
    TRAP_FRAME:  fffff8800affd380 -- (.trap 0xfffff8800affd380)
    NOTE: The trap frame does not contain all registers.
    Some register values may be zeroed or incorrect.
    rax=0000000000000000 rbx=0000000000000000 rcx=fffffa8003f51df8
    rdx=fffffa8003f51df8 rsi=0000000000000000 rdi=0000000000000000
    rip=fffff88003e8e8c1 rsp=fffff8800affd510 rbp=0000000000000000
     r8=0000000000000000  r9=fffffa80053661e8 r10=fffffa80052eca70
    r11=fffffa8003f51df8 r12=0000000000000000 r13=0000000000000000
    r14=0000000000000000 r15=0000000000000000
    iopl=0         nv up ei ng nz na pe nc
    athrx+0x5c8c1:
    fffff880`03e8e8c1 8b4044          mov     eax,dword ptr [rax+44h] ds:3f50:00000000`00000044=????????
    Resetting default scope
     
    LAST_CONTROL_TRANSFER:  from fffff80002a78ca9 to fffff80002a79740
     
    STACK_TEXT:
    fffff880`0affd238 fffff800`02a78ca9 : 00000000`0000000a 00000000`00000044 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
    fffff880`0affd240 fffff800`02a77920 : fffffa80`05306030 00000000`00000000 fffffa80`04c4d1a0 fffffa80`05513190 : nt!KiBugCheckDispatch+0x69
    fffff880`0affd380 fffff880`03e8e8c1 : fffffa80`03f51df8 00000000`00000000 00000000`00000000 fffffa80`05290030 : nt!KiPageFault+0x260
    fffff880`0affd510 fffffa80`03f51df8 : 00000000`00000000 00000000`00000000 fffffa80`05290030 fffffa80`0000001a : athrx+0x5c8c1
    fffff880`0affd518 00000000`00000000 : 00000000`00000000 fffffa80`05290030 fffffa80`0000001a fffffa80`069d6610 : 0xfffffa80`03f51df8
     STACK_COMMAND:  kb
     
    FOLLOWUP_IP:
    athrx+5c8c1
    fffff880`03e8e8c1 8b4044          mov     eax,dword ptr [rax+44h]
     
    SYMBOL_STACK_INDEX:  3
     
    SYMBOL_NAME:  athrx+5c8c1
     
    FOLLOWUP_NAME:  MachineOwner
     
    MODULE_NAME: athrx
     
    IMAGE_NAME:  athrx.sys
     
    DEBUG_FLR_IMAGE_TIMESTAMP:  4a2ea4b9
     
    FAILURE_BUCKET_ID:  X64_0xD1_athrx+5c8c1
     
    BUCKET_ID:  X64_0xD1_athrx+5c8c1
     
    Followup: MachineOwner
    ---------
     
     

    -- Mike Burr
    Thursday, November 18, 2010 5:14 PM
  • Hi Mike,

    Thanks for the help.  However, I'm a bit confused.  My network adapters recognized by the PC are Atheros AR8121/AR8114 PIC-E Ethernet Controller, Microsoft Virtual WiFi Miniport Adapter and Netgear WPN311 Rangemax Wireless PCI Adapter.

    If I go to my motherboard's manufacturer (ASUS PK5PL-CM) website, the most current drivers there for the Atheros LAN ARE from 2009.  I then go to look at Netgear's site.  Their most current version is from 2007.

    I did a clean install of the driver for the Atheros from ASUS.  We'll see what happens.

    EDIT:  Nope, still blue screens. Uploaded the most current Minidump to my SkyDrive. <iframe title ="Preview" scrolling="no" marginheight="0" marginwidth="0" frameborder="0" style="width:98px;height:115px;padding:0;background-color:#fcfcfc;" src="http://cid-98a88fb90ed1a8d5.office.live.com/embedicon.aspx/Public/111810-28470-01.dmp"></iframe>
    Thursday, November 18, 2010 5:51 PM
  • Thursday, November 18, 2010 5:58 PM
  • The new BSOD seems to still be failing with the atheros driver, I
    noticed that you have AVG installed, does it have a firewall component
    installed/running? It would be interesting to see whether disabling AVG
    fixes the errors...
     

    -- Mike Burr
    Friday, November 19, 2010 4:12 PM
  • Tried both disabling in normal mode.  Still occurs.  Also occurs in safe mode with networking (without AVG ever having run in the first place).

    The computer does remain stable with no BSOD in plain ol' safe mode.

    This is very weird.  I was playing with no problems all day and it just suddenly happened.  Sigh!

    Friday, November 19, 2010 6:29 PM
  • Strange, at this point, can you enable driver verifier for all of the drivers (using the verifier.exe command) and upload the latest dumps?

    -- Mike Burr
    Friday, November 19, 2010 8:01 PM
  • Would you like me to keep it in Safe Mode with Networking or normal?

    EDIT: Booted into safe mode with networking (just to eliminate whatever interferences, maybe from AVG or what).  Ran verifier.exe, to verify all drives installed on the computer.  Had to restart in order to run it.  Now, I can't even get windows to start.  Can't start windows normally without it BSOD.  Launced Startup Repair.  Still waiting on that, and if I can ever get in, I'll give you the Minidumps

    Friday, November 19, 2010 8:35 PM
  • OK, you should be able to get into safe mode to disable driver verifier.
     

    -- Mike Burr
    Saturday, November 20, 2010 12:13 PM
  • Also, give this a try:

    In Safe Mode disable the Driver Verifier:

    Start > type verifier in the Search programs and files box and press "Enter" > Delete existing settings > Finish

    Then restart the computer in Normal Mode.

    Locate the wireless adapter in the Device Manager and right-click the device > Update driver software >  Search automatically for updated driver software

    Does it find an updated driver?

    Saturday, November 20, 2010 1:43 PM
  • Strange, it didn't make as many minidumps as BSOD I had yesterday...  Uploaded two to my Skydrive: http://cid-98a88fb90ed1a8d5.office.live.com/browse.aspx/Public

    Disabled verifier in Safe Mode.  Restarted.  Got into Windows no problem.  Ran Device Manager, asked it to update the Atheros device.  And nope, "The best driver software for your device is already installed.  Windows has determined the driver software for your device is up to date." 

    I tried for all of the rest of the things in my network devices (the Netgear wireless card) and it did "Windows has successfully updated your driver software."  It's not the device giving the error, but I figured it can't hurt.  It's also the device that online, I could only find a 2007 update.  I will update if I get a BSOD over the weekend.  If not, I'll make this answered.

    Saturday, November 20, 2010 3:47 PM
  • Actually, the device that was giving the error was the Netgear wireless card.

    The Netgear WPN311 is based on an Atheros chipset and the driver for the Netgear WPN311 is the athrx.sys.

    So hopefully updating the driver for the WPN311 will help.

    If you check here:

    Device Manager > right-click the WPN311 > Properties > Driver > Driver Details > click on  C:\Windows\system32\DRIVERS\athrx.sys

    What is the "File version"? 

    Saturday, November 20, 2010 6:31 PM
  • Interesting.  I never would have guessed that the Netgear is operating off the Atheros chipset.  File version after Windows successfully updated it is 8.0.0.238.  Computer has been holding steady since my last post 3 hours ago.  This may have been the problem.
    Saturday, November 20, 2010 6:51 PM
  • OK, 8.0.0.238 is the latest driver available, via Windows Update, for the WPN311 according to the Microsoft Update Catalog (you have to install the ActiveX control to view and download):

    http://catalog.update.microsoft.com/v7/site/Search.aspx?q=%20WPN311

    Hopefully that driver, which is dated Oct 5, 2009, will solve the BSODs.

     

    • Marked as answer by Leo Huang Wednesday, November 24, 2010 9:16 AM
    Saturday, November 20, 2010 9:02 PM