Seeking help to interpret MiniDumps

Hi folks,

I've a big favour to ask. Is someone able to interpret the minidumps below to point me in the right direction to resolve a sporadic (once or twice / week) BSOD issue I've been having (somewhat embarrassingly) pretty much since I built a PC ~ a year ago.

I don't usually like to admit defeat, but I've spent weeks reading through countless threads on here / hundreds of articles/blog posts elsewhere, but I'm just chasing my tail.

I assume (probably incorrectly) that it is a driver issue, but have been unable to determine which driver.

Anyway, below are the last few minidumps - please let me know if you need any further info from me (I don't mean to get presumptuous, but many thanks in advance!!!!):


Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS.1\Minidump\Mini032309-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: srv*C:\SymbolCache*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp.050928-1517
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x80553320
Debug session time: Mon Mar 23 23:11:43.203 2009 (GMT+11)
System Uptime: 2 days 9:03:40.786
Loading Kernel Symbols
...............................................................
..............................................................
Loading User Symbols
Loading unloaded module list
................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000000A, {eff0c7b3, 2, 1, 805004a1}

Probably caused by : hardware ( nt!KiWaitTest+15 )

Followup: MachineOwner
---------

kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: eff0c7b3, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: 805004a1, address which referenced memory

Debugging Details:
------------------


WRITE_ADDRESS: eff0c7b3

CURRENT_IRQL: 2

FAULTING_IP:
nt!KiWaitTest+15
805004a1 088b038955f8 or byte ptr [ebx-7AA76FDh],cl

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0xA

PROCESS_NAME: firefox.exe

MISALIGNED_IP:
nt!KiWaitTest+15
805004a1 088b038955f8 or byte ptr [ebx-7AA76FDh],cl

LAST_CONTROL_TRANSFER: from 804ff2b8 to 805004a1

STACK_TEXT:
f79b3e98 804ff2b8 485472ed 00000032 f79b3fc0 nt!KiWaitTest+0x15
f79b3fa4 804ff477 48547251 000001de ffdff000 nt!KiTimerListExpire+0x7a
f79b3fd0 80540ead 80552100 00000000 00c89b32 nt!KiTimerExpiration+0xaf
f79b3ff4 80540b7a f341ad44 00000000 00000000 nt!KiRetireDpcList+0x46
f79b3ff8 f341ad44 00000000 00000000 00000000 nt!KiDispatchInterrupt+0x2a
WARNING: Frame IP not in any known module. Following frames may be wrong.
80540b7a 00000000 00000009 bb835675 00000128 0xf341ad44


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!KiWaitTest+15
805004a1 088b038955f8 or byte ptr [ebx-7AA76FDh],cl

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: nt!KiWaitTest+15

FOLLOWUP_NAME: MachineOwner

IMAGE_NAME: hardware

DEBUG_FLR_IMAGE_TIMESTAMP: 0

MODULE_NAME: hardware

FAILURE_BUCKET_ID: IP_MISALIGNED

BUCKET_ID: IP_MISALIGNED

Followup: MachineOwner
---------













Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS.1\Minidump\Mini031509-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: srv*C:\SymbolCache*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp.050928-1517
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x80553320
Debug session time: Sun Mar 15 09:48:10.826 2009 (GMT+11)
System Uptime: 0 days 6:06:21.122
Loading Kernel Symbols
...............................................................
.............................................................
Loading User Symbols
Loading unloaded module list
..............
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 100000D1, {c5dd66e3, 5, 0, f73f5c16}

Probably caused by : atapi.sys ( atapi!AtapiInterrupt+564 )

Followup: MachineOwner
---------

kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: c5dd66e3, memory referenced
Arg2: 00000005, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: f73f5c16, address which referenced memory

Debugging Details:
------------------


READ_ADDRESS: c5dd66e3

CURRENT_IRQL: 5

FAULTING_IP:
atapi!AtapiInterrupt+564
f73f5c16 ff7324 push dword ptr [ebx+24h]

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0xD1

PROCESS_NAME: Idle

LAST_CONTROL_TRANSFER: from f73f865a to f73f5c16

STACK_TEXT:
80548f08 f73f865a 50fcb370 86fc926c 80548fd0 atapi!AtapiInterrupt+0x564
80548f1c 8054086d 86fc9008 86fcb030 00010005 atapi!IdePortInterrupt+0x18
80548f1c f76d1c4e 86fc9008 86fcb030 00010005 nt!KiInterruptDispatch+0x3d
80548fd0 80540e10 00000000 0000000e 00000000 processr!AcpiC1Idle+0x12
80548fd4 00000000 0000000e 00000000 00000000 nt!KiIdleLoop+0x10


STACK_COMMAND: kb

FOLLOWUP_IP:
atapi!AtapiInterrupt+564
f73f5c16 ff7324 push dword ptr [ebx+24h]

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: atapi!AtapiInterrupt+564

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: atapi

IMAGE_NAME: atapi.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 42cb1b92

FAILURE_BUCKET_ID: 0xD1_atapi!AtapiInterrupt+564

BUCKET_ID: 0xD1_atapi!AtapiInterrupt+564

Followup: MachineOwner
---------













Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS.1\Minidump\Mini030709-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: srv*C:\SymbolCache*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp.050928-1517
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x80553320
Debug session time: Sat Mar 7 12:54:09.421 2009 (GMT+11)
System Uptime: 0 days 2:37:52.000
Loading Kernel Symbols
...............................................................
...............................................................
Loading User Symbols
Loading unloaded module list
.............
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000007F, {8, 80042000, 0, 0}

*** WARNING: Unable to verify timestamp for SiWinAcc.sys
*** ERROR: Module load completed but symbols could not be loaded for SiWinAcc.sys
Probably caused by : hardware ( SiWinAcc+325 )

Followup: MachineOwner
---------

kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

UNEXPECTED_KERNEL_MODE_TRAP_M (1000007f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault). The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
use .trap on that value
Else
.trap on the appropriate frame will show where the trap was taken
(on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 00000008, EXCEPTION_DOUBLE_FAULT
Arg2: 80042000
Arg3: 00000000
Arg4: 00000000

Debugging Details:
------------------


BUGCHECK_STR: 0x7f_8

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

PROCESS_NAME: jqs.exe

MISALIGNED_IP:
nt!MiLocateAndReserveWsle+a
80502a6e c3 ret

LAST_CONTROL_TRANSFER: from 8051163b to 80502a6e

STACK_TEXT:
f2db0894 8051163b c6081000 c0630408 81ea5cb0 nt!MiLocateAndReserveWsle+0xa
f2db08cc 80512d28 00000000 c6081000 c0630408 nt!MiCompleteProtoPteFault+0x1c5
f2db0944 8051bf00 e13ca608 c6081000 c0630408 nt!MiDispatchFault+0x618
f2db09a8 805170a0 00000000 c6081000 00000000 nt!MmAccessFault+0x7b4
f2db0a04 8055d860 c6081000 00000000 85633c20 nt!MmCheckCachedPageState+0x56c
f2db0a90 f72c2368 855f9028 f2db0b44 00001000 nt!CcCopyRead+0x3da
f2db0b6c f72c2016 855c4008 85633c08 00000001 Ntfs!NtfsCommonRead+0xcc2
f2db0c0c 804edf35 86bea340 85633c08 86f6b270 Ntfs!NtfsFsdRead+0x22d
f2db0c1c f7363459 f2db0c6c 804edf35 86beabf0 nt!IopfCallDriver+0x31
f2db0c24 804edf35 86beabf0 85633c08 86f6a4e0 sr!SrPassThrough+0x31
f2db0c34 f79a4325 f79a49ea 86bdef00 85633c08 nt!IopfCallDriver+0x31
WARNING: Stack unwind information not available. Following frames may be wrong.
f2db0c6c 804edf35 86bdef00 86beabf0 806d02d0 SiWinAcc+0x325
f2db0c7c 80573cd6 85633dbc 85633c08 855f9028 nt!IopfCallDriver+0x31
f2db0c90 80570d1e 86bdef00 85633c08 855f9028 nt!IopSynchronousServiceTail+0x60
f2db0d38 8053c958 00000214 00000000 00000000 nt!NtReadFile+0x580
f2db0d38 7c90eb94 00000214 00000000 00000000 nt!KiFastCallEntry+0xf8
00acfbf0 00000000 00000000 00000000 00000000 0x7c90eb94


STACK_COMMAND: kb

FOLLOWUP_IP:
SiWinAcc+325
f79a4325 ?? ???

SYMBOL_STACK_INDEX: b

SYMBOL_NAME: SiWinAcc+325

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: hardware

IMAGE_NAME: hardware

DEBUG_FLR_IMAGE_TIMESTAMP: 0

FAILURE_BUCKET_ID: IP_MISALIGNED

BUCKET_ID: IP_MISALIGNED

Followup: MachineOwner
---------




Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS.1\Minidump\Mini030409-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: srv*C:\SymbolCache*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp.050928-1517
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x80553320
Debug session time: Wed Mar 4 12:57:42.734 2009 (GMT+11)
System Uptime: 2 days 3:00:26.316
Loading Kernel Symbols
...............................................................
...............................................................
Loading User Symbols
Loading unloaded module list
.............................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 19, {20, 86be6d60, 86be7350, abe6d68}

Probably caused by : ntkrnlpa.exe ( nt!ExFreePoolWithTag+2a0 )

Followup: MachineOwner
---------

kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

BAD_POOL_HEADER (19)
The pool is already corrupt at the time of the current request.
This may or may not be due to the caller.
The internal pool links must be walked to figure out a possible cause of
the problem, and then special pool applied to the suspect tags or the driver
verifier to a suspect driver.
Arguments:
Arg1: 00000020, a pool block header size is corrupt.
Arg2: 86be6d60, The pool entry we were looking for within the page.
Arg3: 86be7350, The next pool entry.
Arg4: 0abe6d68, (reserved)

Debugging Details:
------------------


BUGCHECK_STR: 0x19_20

POOL_ADDRESS: 86be6d60

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

PROCESS_NAME: BrMfcMon.exe

LAST_CONTROL_TRANSFER: from 80543e06 to 804f8a51

STACK_TEXT:
f3456c34 80543e06 00000019 00000020 86be6d60 nt!KeBugCheckEx+0x1b
f3456c84 805b550f 86be6d68 e56c6946 86fe9090 nt!ExFreePoolWithTag+0x2a0
f3456ca8 805af6db 86be6d70 00000000 00000000 nt!ObpFreeObject+0x18d
f3456cc0 80521f73 86be6d88 00000000 000000e8 nt!ObpRemoveObjectRoutine+0xe7
f3456ce4 805b06d3 856929e0 e248d180 855ccbd8 nt!ObfDereferenceObject+0x5f
f3456cfc 805b0769 e248d180 86be6d88 000000e8 nt!ObpCloseHandleTableEntry+0x155
f3456d44 805b08a1 000000e8 00000001 00000000 nt!ObpCloseHandle+0x87
f3456d58 8053c958 000000e8 00c1fa6c 7c90eb94 nt!NtClose+0x1d
f3456d58 7c90eb94 000000e8 00c1fa6c 7c90eb94 nt!KiFastCallEntry+0xf8
WARNING: Frame IP not in any known module. Following frames may be wrong.
00c1fa6c 00000000 00000000 00000000 00000000 0x7c90eb94


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!ExFreePoolWithTag+2a0
80543e06 8b45f8 mov eax,dword ptr [ebp-8]

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: nt!ExFreePoolWithTag+2a0

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntkrnlpa.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 433b28b7

FAILURE_BUCKET_ID: 0x19_20_nt!ExFreePoolWithTag+2a0

BUCKET_ID: 0x19_20_nt!ExFreePoolWithTag+2a0

Followup: MachineOwner
---------



Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS.1\Minidump\Mini022809-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: srv*C:\SymbolCache*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp.050928-1517
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x80553320
Debug session time: Sat Feb 28 17:57:36.258 2009 (GMT+11)
System Uptime: 3 days 21:43:49.748
Loading Kernel Symbols
...............................................................
..............................................................
Loading User Symbols
Loading unloaded module list
...................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck C2, {7, cd4, 7ee, 85c1c65c}

Probably caused by : afd.sys ( afd!AfdFreeConnectionResources+38 )

Followup: MachineOwner
---------

kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

BAD_POOL_CALLER (c2)
The current thread is making a bad pool request. Typically this is at a bad IRQL level or double freeing the same allocation, etc.
Arguments:
Arg1: 00000007, Attempt to free pool which was already freed
Arg2: 00000cd4, (reserved)
Arg3: 000007ee, Memory contents of the pool block
Arg4: 85c1c65c, Address of the block of pool being deallocated

Debugging Details:
------------------


BUGCHECK_STR: 0xc2_7

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

PROCESS_NAME: System

LAST_CONTROL_TRANSFER: from 80543e06 to 804f8a51

STACK_TEXT:
f79d7c64 80543e06 000000c2 00000007 00000cd4 nt!KeBugCheckEx+0x1b
f79d7cb4 805b54c9 85c1c65c 00000000 00000000 nt!ExFreePoolWithTag+0x2a0
f79d7ce4 805af6db 859f0768 00000000 00000000 nt!ObpFreeObject+0x147
f79d7cfc 80521f73 859f0780 00000000 80521f14 nt!ObpRemoveObjectRoutine+0xe7
f79d7d20 f59cf9fd 85a214b0 85a21438 f59cccb6 nt!ObfDereferenceObject+0x5f
f79d7d34 f59cf9aa 85a21438 f59ce7a8 f79d7d60 afd!AfdFreeConnectionResources+0x38
f79d7d44 f59cc86a 85a214b0 85b5d490 85b79490 afd!AfdFreeConnection+0x5c
f79d7d60 8056ad5b 85b79490 00000000 8055a37c afd!AfdDoWork+0x51
f79d7d74 80533f22 85b5d490 00000000 86fc4da8 nt!IopProcessWorkItem+0x13
f79d7dac 805c4bc0 85b5d490 00000000 00000000 nt!ExpWorkerThread+0x100
f79d7ddc 805410f2 80533e22 00000001 00000000 nt!PspSystemThreadStartup+0x34
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16


STACK_COMMAND: kb

FOLLOWUP_IP:
afd!AfdFreeConnectionResources+38
f59cf9fd 895e0c mov dword ptr [esi+0Ch],ebx

SYMBOL_STACK_INDEX: 5

SYMBOL_NAME: afd!AfdFreeConnectionResources+38

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: afd

IMAGE_NAME: afd.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 41107eb5

FAILURE_BUCKET_ID: 0xc2_7_afd!AfdFreeConnectionResources+38

BUCKET_ID: 0xc2_7_afd!AfdFreeConnectionResources+38

Followup: MachineOwner
---------

 

Debugging is Not for the Faint at Heart

I had debugging on my old computer here at work and was jus starting to figure it out when I bought a new one and haven't had time to install yet. In the past when I nneded a minidump anlysis i had good result at Techspot.

Or you make a go of it yourself. Id start at:
http://support.microsoft.com/kb/156280/
and:
http://www.microsoft.com/whdc/devtools/debugging/debugstart.mspx?pf=true

 

ok, thanks guys.