• Announcements

    • xper

      MSFN Sponsorship and AdBlockers!   07/10/2016

      Dear members, MSFN is made available via subscriptions, donations and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, become a site sponsor and ads will be disabled automatically and by subscribing you get other sponsor benefits.
gOber

Bad_pool_caller

23 posts in this topic

Hello,

I need help. SOmetimes i always got blue screen

Bad_pool_caller stop: 0x000000c2 (0x00000007,0x00000cd4,0x02130041,0x88616210)

Anyone expert help me please

thanks

Anton

0

Share this post


Link to post
Share on other sites

You need to prepare your system to create a kernel memory dump the next time it bugchecks (bluescreens):

- Right-click My Computer, click Properties

- Click the Advanced tab

- Click the Settings button under Startup and Recovery

- Under Write debugging information, select Kernel memory dump

- Click OK

- Click the Settings button under Performance

- Click the Advanced tab

- Click the Change button

- Ensure that the drive on which the Windows folder resides (the 'boot' drive) has a page file at least as large as the RAM you have installed plus 50MB

(e.g. if you have 1GB RAM on a default installation, the page file needs to go up to at least 1074MB on the C: drive - if the range already covers this then no change is required)

- Click OK on each of the 3 open windows

When the system next bugchecks it will display a status message "Beginning dump of physical memory" and work up to 100% before restarting.

After restarting, the memory dump is copied from %systemdrive%\pagefile.sys to %systemroot%\MEMORY.DMP.

Zip up the MEMORY.DMP file and upload it to any of the free file sharing sites and post a link here so we can download it for analysis.

0

Share this post


Link to post
Share on other sites
You need to prepare your system to create a kernel memory dump the next time it bugchecks (bluescreens):

- Right-click My Computer, click Properties

- Click the Advanced tab

- Click the Settings button under Startup and Recovery

- Under Write debugging information, select Kernel memory dump

- Click OK

- Click the Settings button under Performance

- Click the Advanced tab

- Click the Change button

- Ensure that the drive on which the Windows folder resides (the 'boot' drive) has a page file at least as large as the RAM you have installed plus 50MB

(e.g. if you have 1GB RAM on a default installation, the page file needs to go up to at least 1074MB on the C: drive - if the range already covers this then no change is required)

- Click OK on each of the 3 open windows

When the system next bugchecks it will display a status message "Beginning dump of physical memory" and work up to 100% before restarting.

After restarting, the memory dump is copied from %systemdrive%\pagefile.sys to %systemroot%\MEMORY.DMP.

Zip up the MEMORY.DMP file and upload it to any of the free file sharing sites and post a link here so we can download it for analysis.

Hello,

Sorry late reply..

I already try update my driver and so far is work fine for me. But i still do your step. But i don't understand about re size ram. I have 2gb ram. (DUAL) please see my SS

wtiyjmzzjm5rnkzhry0a.jpg

all size is setting automatically. I must manual setting?

thanks

Anton

Edited by gOber
0

Share this post


Link to post
Share on other sites

That's fine as is it, no need to change it from those settings - the page file is on the boot drive and can grow to at least 2098MB (2048+50) - which is also the largest you could possibly need for a kernel dump on a 32-bit system too.

0

Share this post


Link to post
Share on other sites
That's fine as is it, no need to change it from those settings - the page file is on the boot drive and can grow to at least 2098MB (2048+50) - which is also the largest you could possibly need for a kernel dump on a 32-bit system too.

Actually, untrue. When you dump the box it only reads the "Initial size" number, and as such this has the possibility for not being large enough for a kernel dump (can be up to 2GB, if this is x86), and definitely not enough for a complete dump.

I would suggest changing the initial size to at least 2200 and rebooting before expecting this to work properly.

0

Share this post


Link to post
Share on other sites
Actually, untrue. When you dump the box it only reads the "Initial size" number, and as such this has the possibility for not being large enough for a kernel dump (can be up to 2GB, if this is x86), and definitely not enough for a complete dump.
You live & learn, cheers :)

Though in practicality I don't think I've seen a kernel dump larger than ~800MB even from x64 Server systems.

0

Share this post


Link to post
Share on other sites
Actually, untrue. When you dump the box it only reads the "Initial size" number, and as such this has the possibility for not being large enough for a kernel dump (can be up to 2GB, if this is x86), and definitely not enough for a complete dump.
You live & learn, cheers :)

Though in practicality I don't think I've seen a kernel dump larger than ~800MB even from x64 Server systems.

Hello,

I got BSOD again... and i already upload my dump file..

here http://rapidshare.com/files/138902786/MEMORYy.rar.html actually size 196MB after rar 38mb

hope can help me..

thanks

Edited by gOber
0

Share this post


Link to post
Share on other sites
That's fine as is it, no need to change it from those settings - the page file is on the boot drive and can grow to at least 2098MB (2048+50) - which is also the largest you could possibly need for a kernel dump on a 32-bit system too.

Actually, untrue. When you dump the box it only reads the "Initial size" number, and as such this has the possibility for not being large enough for a kernel dump (can be up to 2GB, if this is x86), and definitely not enough for a complete dump.

I would suggest changing the initial size to at least 2200 and rebooting before expecting this to work properly.

Ok i will change after mr snrub see my dump file

thank

anton

0

Share this post


Link to post
Share on other sites

gOber, this is completely off-topic, but do you have a "ram optimizer" in that screenshot? :P

0

Share this post


Link to post
Share on other sites

I once had a Bad_pool_caller stop and after 1/2 hour, I found out one of the RAM module on that laptop was bad.

It doesn't mean it's you case, but I'd test the ram extensively.

0

Share this post


Link to post
Share on other sites

The problem in this dump is a "double free" of a nonpaged pool allocation - a driver has already freed up an allocation and then tries to free it again, so it's not a corruption and not something you can trap easily with a crash dump (if at all).

The culprit driver here looks like Zone Labs' vsdatant.sys - I'm guessing Zone Alarm or the security suite.

Windows XP Kernel Version 2600 (Service Pack 3) MP (2 procs) Free x86 compatible

Product: WinNt, suite: TerminalServer SingleUserTS

Built by: 2600.xpsp.080413-2111

Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720

Debug session time: Thu Aug 21 04:48:05.484 2008 (GMT+2)

System Uptime: 0 days 4:15:37.190

BAD_POOL_CALLER (c2)

The current thread is making a bad pool request. Typically this is at a bad IRQL level or double freeing the same allocation, etc.

Arguments:

Arg1: 00000007, Attempt to free pool which was already freed

Arg2: 00000cd4, (reserved)

Arg3: 02060001, Memory contents of the pool block

Arg4: 888ac380, Address of the block of pool being deallocated

DEFAULT_BUCKET_ID: DRIVER_FAULT

STACK_TEXT:

bacf78b8 8054b583 000000c2 00000007 00000cd4 nt!KeBugCheckEx+0x1b

bacf7908 ae962782 888ac380 00000000 bacf7950 nt!ExFreePoolWithTag+0x2a3

bacf7918 ae962450 888f9c68 888f9cfc 888f9cfc tcpip!TCPClose+0x16

bacf7950 ae8ef0c1 8a0af5e8 888f9c68 ae8ee9cd tcpip!TCPDispatch+0x101

bacf795c ae8ee9cd 8a0af5e8 888f9c68 00000002 vsdatant+0x450c1

bacf7990 ae8ef04a 8a0af5e8 888f9c68 888f9c68 vsdatant+0x449cd

bacf79b4 ae8eeee7 897e87a0 ae8ef057 888f9c68 vsdatant+0x4504a

bacf79bc ae8ef057 888f9c68 8a0ab5e0 8a0a60d8 vsdatant+0x44ee7

bacf79ec 8053721f 00000000 bacf7a28 80537283 vsdatant+0x45057

bacf7a40 bab384c9 ae999690 bab384d4 ae998000 nt!ExNotifyCallback+0x43

bacf7a58 ae965c0b 02999680 ae965c16 898636f4 TDI!CTEScheduleDelayedEvent+0x35

bacf7a70 ae95b65a 8a0b0da8 02cf7ab0 00000001 tcpip!LoopXmit+0x6a

bacf7aa0 ae95b79f ae9994c0 0100007f 88bf0880 tcpip!SendIPPacket+0x193

bacf7bec 888e5d68 00000000 89032c68 00000000 tcpip!IPTransmit+0x289e

bacf7c48 804ef18f 8a0af5e8 888f9c68 888f9c68 0x888e5d68

bacf7cbc 80583af8 888e5d68 00000000 00000000 nt!IopfCallDriver+0x31

bacf7cf4 805bb466 008e5d80 00000000 888e5d68 nt!IopDeleteFile+0x132

bacf7d10 805266ca 888e5d80 00000000 8052667e nt!ObpRemoveObjectRoutine+0xe0

bacf7d28 ae88bc0f 88944468 889443f0 ae888cb6 nt!ObfDereferenceObject+0x4c

bacf7d3c ae88bbbc 889443f0 ae88a7a8 bacf7d68 afd!AfdFreeConnectionResources+0x38

bacf7d4c ae88886a 88944468 8a12a1f0 8a215740 afd!AfdFreeConnection+0x5c

bacf7d68 80576ad5 8a215740 00000000 8056485c afd!AfdDoWork+0x51

bacf7d7c 8053876d 8a12a1f0 00000000 8a5bd8b8 nt!IopProcessWorkItem+0x13

bacf7dac 805cff64 8a12a1f0 00000000 00000000 nt!ExpWorkerThread+0xef

bacf7ddc 805460de 8053867e 00000001 00000000 nt!PspSystemThreadStartup+0x34

00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16

FOLLOWUP_IP:

vsdatant+450c1

ae8ef0c1 c20c00 ret 0Ch

1: kd> !pool 888ac380

Pool page 888ac380 region is Nonpaged pool

888ac000 size: 228 previous size: 0 (Free) GeN-

888ac228 size: 70 previous size: 228 (Allocated) GeN-

888ac298 size: 8 previous size: 70 (Free) AfdC

888ac2a0 size: d0 previous size: 8 (Allocated) FMsl

888ac370 size: 8 previous size: d0 (Free) File

*888ac378 size: 30 previous size: 8 (Free) *TCPc

Pooltag TCPc : TCP/IP network protocol, Binary : TCP

888ac3a8 size: c58 previous size: 30 (Free) Ddk

1: kd> dc 888ac378 888ac3a8-1

888ac378 02060001 63504354 88adb188 00000000 ....TCPc........

888ac388 bad00101 02040001 00000000 888ac394 ................

888ac398 888ac394 899a9c18 888f9c68 00000000 ........h.......

1: kd> lmvm vsdatant

start end module name

ae8aa000 ae9090e0 vsdatant (no symbols)

Loaded symbol image file: vsdatant.sys

Image path: \SystemRoot\System32\vsdatant.sys

Image name: vsdatant.sys

Timestamp: Wed Jul 09 17:33:32 2008 (4874DA4C)

CheckSum: 00068FDC

ImageSize: 0005F0E0

File version: 7.0.483.0

Product version: 7.0.483.0

File flags: 0 (Mask 3F)

File OS: 40004 NT Win32

File type: 2.0 Dll

File date: 00000000.00000000

Translations: 0409.04e4

CompanyName: Zone Labs, LLC

ProductName: TrueVector Device Driver

InternalName: vsdatant

OriginalFilename: vsdatant.sys

ProductVersion: 7.0.483.000

FileVersion: 7.0.483.000

FileDescription: TrueVector Device Driver

LegalCopyright: Copyright © 1998-2006, Zone Labs, LLC

Virtual memory and running process summary shows no particular issue:

1: kd> !vm

*** Virtual Memory Usage ***

Physical Memory: 523883 ( 2095532 Kb)

Page File: \??\C:\pagefile.sys

Current: 1572864 Kb Free Space: 1528732 Kb

Minimum: 1572864 Kb Maximum: 3145728 Kb

Available Pages: 248404 ( 993616 Kb)

ResAvail Pages: 436781 ( 1747124 Kb)

Locked IO Pages: 229 ( 916 Kb)

Free System PTEs: 173801 ( 695204 Kb)

Free NP PTEs: 32766 ( 131064 Kb)

Free Special NP: 0 ( 0 Kb)

Modified Pages: 202 ( 808 Kb)

Modified PF Pages: 202 ( 808 Kb)

NonPagedPool Usage: 7565 ( 30260 Kb)

NonPagedPool Max: 65536 ( 262144 Kb)

PagedPool 0 Usage: 9806 ( 39224 Kb)

PagedPool 1 Usage: 3665 ( 14660 Kb)

PagedPool 2 Usage: 3688 ( 14752 Kb)

PagedPool 3 Usage: 3643 ( 14572 Kb)

PagedPool 4 Usage: 3636 ( 14544 Kb)

PagedPool Usage: 24438 ( 97752 Kb)

PagedPool Maximum: 92160 ( 368640 Kb)

Shared Commit: 5223 ( 20892 Kb)

Special Pool: 0 ( 0 Kb)

Shared Process: 3566 ( 14264 Kb)

PagedPool Commit: 24438 ( 97752 Kb)

Driver Commit: 4490 ( 17960 Kb)

Committed pages: 210183 ( 840732 Kb)

Commit limit: 876542 ( 3506168 Kb)

Total Private: 166545 ( 666180 Kb)

0a7c war3.exe 57184 ( 228736 Kb)

0750 firefox.exe 27261 ( 109044 Kb)

0080 iexplore.exe 27193 ( 108772 Kb)

01d4 avp.exe 10246 ( 40984 Kb)

039c vsmon.exe 8637 ( 34548 Kb)

07a4 RTHDCPL.exe 4920 ( 19680 Kb)

02f4 svchost.exe 4683 ( 18732 Kb)

0444 HDSentinel.exe 4172 ( 16688 Kb)

0360 explorer.exe 4046 ( 16184 Kb)

075c zlclient.exe 2977 ( 11908 Kb)

0598 winlogon.exe 2025 ( 8100 Kb)

05d0 lsass.exe 1099 ( 4396 Kb)

0408 vmware-authd.ex 1095 ( 4380 Kb)

02ec IDMan.exe 1064 ( 4256 Kb)

0500 svchost.exe 980 ( 3920 Kb)

0704 avp.exe 978 ( 3912 Kb)

0524 xRaidSetup.exe 865 ( 3460 Kb)

01f8 spoolsv.exe 861 ( 3444 Kb)

0680 svchost.exe 783 ( 3132 Kb)

0428 nvsvc32.exe 698 ( 2792 Kb)

044c svchost.exe 640 ( 2560 Kb)

06ec rundll32.exe 636 ( 2544 Kb)

07f8 SoundMan.exe 509 ( 2036 Kb)

06b8 svchost.exe 504 ( 2016 Kb)

0580 csrss.exe 492 ( 1968 Kb)

05c4 services.exe 470 ( 1880 Kb)

0688 svchost.exe 433 ( 1732 Kb)

0d58 alg.exe 330 ( 1320 Kb)

0c90 ping.exe 288 ( 1152 Kb)

0480 vmnat.exe 232 ( 928 Kb)

02b0 vmnetdhcp.exe 195 ( 780 Kb)

036c smss.exe 42 ( 168 Kb)

0004 System 7 ( 28 Kb)

0484 war3.exe 0 ( 0 Kb)

Did you have a problem with Warcraft 3?

There are 2 processes war3.exe, one has an elapsed time of ~4 days and has 0 handles, implying the process did not close properly - the second instance has been running ~18 hours:

1: kd> !process 0 0 war3.exe

PROCESS 892f1020 SessionId: 0 Cid: 0484 Peb: 7ffd5000 ParentCid: 0f88

DirBase: 0b180440 ObjectTable: 00000000 HandleCount: 0.

Image: war3.exe

PROCESS 8924d020 SessionId: 0 Cid: 0a7c Peb: 7ffde000 ParentCid: 0e80

DirBase: 0b180460 ObjectTable: e60de848 HandleCount: 2920.

Image: war3.exe

You also have VMWare installed, so it might be these 2 products (Zone Labs and VMWare) not playing nicely:

1: kd> lmvm vm*

start end module name

b178e000 b1798480 vmci (export symbols) vmci.sys

Loaded symbol image file: vmci.sys

Image path: \??\C:\WINDOWS\system32\Drivers\vmci.sys

Image name: vmci.sys

Timestamp: Thu Jun 19 02:45:11 2008 (4859AC17)

CheckSum: 000102A1

ImageSize: 0000A480

File version: 6.5.0.3129

Product version: 6.5.0.3129

File flags: 0 (Mask 3F)

File OS: 40004 NT Win32

File type: 3.7 Driver

File date: 00000000.00000000

Translations: 0409.04b0

CompanyName: VMware, Inc.

ProductName: VMware kernel driver

InternalName: vmci.sys

OriginalFilename: vmci.sys

ProductVersion: e.x.p build-99530

FileVersion: e.x.p

FileDescription: VMware kernel driver

LegalCopyright: Copyright © 1998-2008 VMware, Inc.

b335e000 b3364000 vmnetbridge (no symbols)

Loaded symbol image file: vmnetbridge.sys

Image path: \SystemRoot\system32\DRIVERS\vmnetbridge.sys

Image name: vmnetbridge.sys

Timestamp: Thu Jun 19 03:26:56 2008 (4859B5E0)

CheckSum: 00015E55

ImageSize: 00006000

Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0

b54b5000 b54b9c00 vmnetuserif (no symbols)

Loaded symbol image file: vmnetuserif.sys

Image path: \??\C:\WINDOWS\system32\drivers\vmnetuserif.sys

Image name: vmnetuserif.sys

Timestamp: Thu Jun 19 03:26:32 2008 (4859B5C8)

CheckSum: 00015C3F

ImageSize: 00004C00

Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0

b9b43000 b9b46b00 VMkbd (no symbols)

Loaded symbol image file: VMkbd.sys

Image path: \??\C:\WINDOWS\system32\drivers\VMkbd.sys

Image name: VMkbd.sys

Timestamp: Thu Jun 19 04:19:43 2008 (4859C23F)

CheckSum: 00005A54

ImageSize: 00003B00

Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0

ba067000 ba069f00 VMNET (export symbols) VMNET.SYS

Loaded symbol image file: VMNET.SYS

Image path: \SystemRoot\system32\DRIVERS\VMNET.SYS

Image name: VMNET.SYS

Timestamp: Thu Jun 19 03:26:22 2008 (4859B5BE)

CheckSum: 0000772F

ImageSize: 00002F00

File version: 4.0.2.0

Product version: 4.0.2.0

File flags: 0 (Mask 3F)

File OS: 40004 NT Win32

File type: 3.7 Driver

File date: 00000000.00000000

Translations: 0409.04b0

CompanyName: VMware, Inc.

ProductName: VMware virtual network driver (32-bit)

InternalName: VMnet.sys

OriginalFilename: VMnet.sys

ProductVersion: 4.0.2.0 build-99530

FileVersion: 4.0.2.0

FileDescription: VMware virtual network driver (32-bit)

LegalCopyright: Copyright © 1998-2008 VMware, Inc.

bada4000 bada6680 vmnetadapter (no symbols)

Loaded symbol image file: vmnetadapter.sys

Image path: \SystemRoot\system32\DRIVERS\vmnetadapter.sys

Image name: vmnetadapter.sys

Timestamp: Thu Jun 19 03:26:25 2008 (4859B5C1)

CheckSum: 0000BC14

ImageSize: 00002680

Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0

badbe000 badc0000 VMparport (no symbols)

Loaded symbol image file: VMparport.sys

Image path: \??\C:\WINDOWS\system32\Drivers\VMparport.sys

Image name: VMparport.sys

Timestamp: Thu Jun 19 02:44:23 2008 (4859ABE7)

CheckSum: 0001193F

ImageSize: 00002000

File version: 6.5.0.3129

Product version: 6.5.0.3129

File flags: 0 (Mask 3F)

File OS: 40004 NT Win32

File type: 3.7 Driver

File date: 00000000.00000000

Translations: 0409.04b0

CompanyName: VMware, Inc.

ProductName: VMware parallel port driver

InternalName: VMparport.sys

OriginalFilename: VMparport.sys

ProductVersion: e.x.p build-99530

FileVersion: e.x.p

FileDescription: VMware parallel port driver

LegalCopyright: Copyright © 1998-2008 VMware, Inc.

Onboard Marvell Yukon NIC driver seems pretty recent:

1: kd> !sysinfo machineid

Machine ID Information [From Smbios 2.4, DMIVersion 36, Size=1197]

BiosVendor = Award Software International, Inc.

BiosVersion = F10H

BiosReleaseDate = 04/24/2008

SystemManufacturer = Gigabyte Technology Co., Ltd.

SystemProductName = 965G-DS3

SystemFamily =

SystemVersion =

SystemSKU =

BaseBoardManufacturer = Gigabyte Technology Co., Ltd.

BaseBoardProduct = 965G-DS3

BaseBoardVersion =

1: kd> lmvm yk*

start end module name

b9420000 b9466880 yk51x86 (no symbols)

Loaded symbol image file: yk51x86.sys

Image path: \SystemRoot\system32\DRIVERS\yk51x86.sys

Image name: yk51x86.sys

Timestamp: Tue May 20 15:03:14 2008 (4832CC12)

CheckSum: 00054588

ImageSize: 00046880

Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0

Depending on how consistent the dumps are (always have the same stack or the same drivers in the stack, same bugcheck code, etc.) this could be a RAM fault as it's nonpaged pool (resident in physical memory), but I would be more inclined to believe a driver fault.

I would go down the route of either uninstalling VMWare to see if the problem goes away, or the Zone Labs software so long as you are behind a NAT router.

Or wait until the next dump is produced and we can check for consistency (i.e. always network-related activity on the crashing thread stack).

A few hours testing overnight with memtest86 would not be a bad idea either.

0

Share this post


Link to post
Share on other sites
gOber, this is completely off-topic, but do you have a "ram optimizer" in that screenshot? :P

What do you mind? I not understand Sir. Please tell me more detail coz im newbie :blushing:

0

Share this post


Link to post
Share on other sites

Dear Mr Snrub,

Thank you for your all reply sir....

The problem in this dump is a "double free" of a nonpaged pool allocation - a driver has already freed up an allocation and then tries to free it again, so it's not a corruption and not something you can trap easily with a crash dump (if at all).

The culprit driver here looks like Zone Labs' vsdatant.sys - I'm guessing Zone Alarm or the security suite.

Windows XP Kernel Version 2600 (Service Pack 3) MP (2 procs) Free x86 compatible

Product: WinNt, suite: TerminalServer SingleUserTS

Built by: 2600.xpsp.080413-2111

Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720

Debug session time: Thu Aug 21 04:48:05.484 2008 (GMT+2)

System Uptime: 0 days 4:15:37.190

BAD_POOL_CALLER (c2)

The current thread is making a bad pool request. Typically this is at a bad IRQL level or double freeing the same allocation, etc.

Arguments:

Arg1: 00000007, Attempt to free pool which was already freed

Arg2: 00000cd4, (reserved)

Arg3: 02060001, Memory contents of the pool block

Arg4: 888ac380, Address of the block of pool being deallocated

DEFAULT_BUCKET_ID: DRIVER_FAULT

STACK_TEXT:

bacf78b8 8054b583 000000c2 00000007 00000cd4 nt!KeBugCheckEx+0x1b

bacf7908 ae962782 888ac380 00000000 bacf7950 nt!ExFreePoolWithTag+0x2a3

bacf7918 ae962450 888f9c68 888f9cfc 888f9cfc tcpip!TCPClose+0x16

bacf7950 ae8ef0c1 8a0af5e8 888f9c68 ae8ee9cd tcpip!TCPDispatch+0x101

bacf795c ae8ee9cd 8a0af5e8 888f9c68 00000002 vsdatant+0x450c1

bacf7990 ae8ef04a 8a0af5e8 888f9c68 888f9c68 vsdatant+0x449cd

bacf79b4 ae8eeee7 897e87a0 ae8ef057 888f9c68 vsdatant+0x4504a

bacf79bc ae8ef057 888f9c68 8a0ab5e0 8a0a60d8 vsdatant+0x44ee7

bacf79ec 8053721f 00000000 bacf7a28 80537283 vsdatant+0x45057

bacf7a40 bab384c9 ae999690 bab384d4 ae998000 nt!ExNotifyCallback+0x43

bacf7a58 ae965c0b 02999680 ae965c16 898636f4 TDI!CTEScheduleDelayedEvent+0x35

bacf7a70 ae95b65a 8a0b0da8 02cf7ab0 00000001 tcpip!LoopXmit+0x6a

bacf7aa0 ae95b79f ae9994c0 0100007f 88bf0880 tcpip!SendIPPacket+0x193

bacf7bec 888e5d68 00000000 89032c68 00000000 tcpip!IPTransmit+0x289e

bacf7c48 804ef18f 8a0af5e8 888f9c68 888f9c68 0x888e5d68

bacf7cbc 80583af8 888e5d68 00000000 00000000 nt!IopfCallDriver+0x31

bacf7cf4 805bb466 008e5d80 00000000 888e5d68 nt!IopDeleteFile+0x132

bacf7d10 805266ca 888e5d80 00000000 8052667e nt!ObpRemoveObjectRoutine+0xe0

bacf7d28 ae88bc0f 88944468 889443f0 ae888cb6 nt!ObfDereferenceObject+0x4c

bacf7d3c ae88bbbc 889443f0 ae88a7a8 bacf7d68 afd!AfdFreeConnectionResources+0x38

bacf7d4c ae88886a 88944468 8a12a1f0 8a215740 afd!AfdFreeConnection+0x5c

bacf7d68 80576ad5 8a215740 00000000 8056485c afd!AfdDoWork+0x51

bacf7d7c 8053876d 8a12a1f0 00000000 8a5bd8b8 nt!IopProcessWorkItem+0x13

bacf7dac 805cff64 8a12a1f0 00000000 00000000 nt!ExpWorkerThread+0xef

bacf7ddc 805460de 8053867e 00000001 00000000 nt!PspSystemThreadStartup+0x34

00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16

FOLLOWUP_IP:

vsdatant+450c1

ae8ef0c1 c20c00 ret 0Ch

1: kd> !pool 888ac380

Pool page 888ac380 region is Nonpaged pool

888ac000 size: 228 previous size: 0 (Free) GeN-

888ac228 size: 70 previous size: 228 (Allocated) GeN-

888ac298 size: 8 previous size: 70 (Free) AfdC

888ac2a0 size: d0 previous size: 8 (Allocated) FMsl

888ac370 size: 8 previous size: d0 (Free) File

*888ac378 size: 30 previous size: 8 (Free) *TCPc

Pooltag TCPc : TCP/IP network protocol, Binary : TCP

888ac3a8 size: c58 previous size: 30 (Free) Ddk

1: kd> dc 888ac378 888ac3a8-1

888ac378 02060001 63504354 88adb188 00000000 ....TCPc........

888ac388 bad00101 02040001 00000000 888ac394 ................

888ac398 888ac394 899a9c18 888f9c68 00000000 ........h.......

1: kd> lmvm vsdatant

start end module name

ae8aa000 ae9090e0 vsdatant (no symbols)

Loaded symbol image file: vsdatant.sys

Image path: \SystemRoot\System32\vsdatant.sys

Image name: vsdatant.sys

Timestamp: Wed Jul 09 17:33:32 2008 (4874DA4C)

CheckSum: 00068FDC

ImageSize: 0005F0E0

File version: 7.0.483.0

Product version: 7.0.483.0

File flags: 0 (Mask 3F)

File OS: 40004 NT Win32

File type: 2.0 Dll

File date: 00000000.00000000

Translations: 0409.04e4

CompanyName: Zone Labs, LLC

ProductName: TrueVector Device Driver

InternalName: vsdatant

OriginalFilename: vsdatant.sys

ProductVersion: 7.0.483.000

FileVersion: 7.0.483.000

FileDescription: TrueVector Device Driver

LegalCopyright: Copyright © 1998-2006, Zone Labs, LLC

So i must uninstall ZoneLabs or discuss with ZA Forum?

Virtual memory and running process summary shows no particular issue:

1: kd> !vm

*** Virtual Memory Usage ***

Physical Memory: 523883 ( 2095532 Kb)

Page File: \??\C:\pagefile.sys

Current: 1572864 Kb Free Space: 1528732 Kb

Minimum: 1572864 Kb Maximum: 3145728 Kb

Available Pages: 248404 ( 993616 Kb)

ResAvail Pages: 436781 ( 1747124 Kb)

Locked IO Pages: 229 ( 916 Kb)

Free System PTEs: 173801 ( 695204 Kb)

Free NP PTEs: 32766 ( 131064 Kb)

Free Special NP: 0 ( 0 Kb)

Modified Pages: 202 ( 808 Kb)

Modified PF Pages: 202 ( 808 Kb)

NonPagedPool Usage: 7565 ( 30260 Kb)

NonPagedPool Max: 65536 ( 262144 Kb)

PagedPool 0 Usage: 9806 ( 39224 Kb)

PagedPool 1 Usage: 3665 ( 14660 Kb)

PagedPool 2 Usage: 3688 ( 14752 Kb)

PagedPool 3 Usage: 3643 ( 14572 Kb)

PagedPool 4 Usage: 3636 ( 14544 Kb)

PagedPool Usage: 24438 ( 97752 Kb)

PagedPool Maximum: 92160 ( 368640 Kb)

Shared Commit: 5223 ( 20892 Kb)

Special Pool: 0 ( 0 Kb)

Shared Process: 3566 ( 14264 Kb)

PagedPool Commit: 24438 ( 97752 Kb)

Driver Commit: 4490 ( 17960 Kb)

Committed pages: 210183 ( 840732 Kb)

Commit limit: 876542 ( 3506168 Kb)

Total Private: 166545 ( 666180 Kb)

0a7c war3.exe 57184 ( 228736 Kb)

0750 firefox.exe 27261 ( 109044 Kb)

0080 iexplore.exe 27193 ( 108772 Kb)

01d4 avp.exe 10246 ( 40984 Kb)

039c vsmon.exe 8637 ( 34548 Kb)

07a4 RTHDCPL.exe 4920 ( 19680 Kb)

02f4 svchost.exe 4683 ( 18732 Kb)

0444 HDSentinel.exe 4172 ( 16688 Kb)

0360 explorer.exe 4046 ( 16184 Kb)

075c zlclient.exe 2977 ( 11908 Kb)

0598 winlogon.exe 2025 ( 8100 Kb)

05d0 lsass.exe 1099 ( 4396 Kb)

0408 vmware-authd.ex 1095 ( 4380 Kb)

02ec IDMan.exe 1064 ( 4256 Kb)

0500 svchost.exe 980 ( 3920 Kb)

0704 avp.exe 978 ( 3912 Kb)

0524 xRaidSetup.exe 865 ( 3460 Kb)

01f8 spoolsv.exe 861 ( 3444 Kb)

0680 svchost.exe 783 ( 3132 Kb)

0428 nvsvc32.exe 698 ( 2792 Kb)

044c svchost.exe 640 ( 2560 Kb)

06ec rundll32.exe 636 ( 2544 Kb)

07f8 SoundMan.exe 509 ( 2036 Kb)

06b8 svchost.exe 504 ( 2016 Kb)

0580 csrss.exe 492 ( 1968 Kb)

05c4 services.exe 470 ( 1880 Kb)

0688 svchost.exe 433 ( 1732 Kb)

0d58 alg.exe 330 ( 1320 Kb)

0c90 ping.exe 288 ( 1152 Kb)

0480 vmnat.exe 232 ( 928 Kb)

02b0 vmnetdhcp.exe 195 ( 780 Kb)

036c smss.exe 42 ( 168 Kb)

0004 System 7 ( 28 Kb)

0484 war3.exe 0 ( 0 Kb)

Ok thanks

Did you have a problem with Warcraft 3?

There are 2 processes war3.exe, one has an elapsed time of ~4 days and has 0 handles, implying the process did not close properly - the second instance has been running ~18 hours:

1: kd> !process 0 0 war3.exe

PROCESS 892f1020 SessionId: 0 Cid: 0484 Peb: 7ffd5000 ParentCid: 0f88

DirBase: 0b180440 ObjectTable: 00000000 HandleCount: 0.

Image: war3.exe

PROCESS 8924d020 SessionId: 0 Cid: 0a7c Peb: 7ffde000 ParentCid: 0e80

DirBase: 0b180460 ObjectTable: e60de848 HandleCount: 2920.

Image: war3.exe

Yes, Mostly im got BSOD when i played Warcarft 3(DOTA) But i already install latest VGA driver but still same

You also have VMWare installed, so it might be these 2 products (Zone Labs and VMWare) not playing nicely:

1: kd> lmvm vm*

start end module name

b178e000 b1798480 vmci (export symbols) vmci.sys

Loaded symbol image file: vmci.sys

Image path: \??\C:\WINDOWS\system32\Drivers\vmci.sys

Image name: vmci.sys

Timestamp: Thu Jun 19 02:45:11 2008 (4859AC17)

CheckSum: 000102A1

ImageSize: 0000A480

File version: 6.5.0.3129

Product version: 6.5.0.3129

File flags: 0 (Mask 3F)

File OS: 40004 NT Win32

File type: 3.7 Driver

File date: 00000000.00000000

Translations: 0409.04b0

CompanyName: VMware, Inc.

ProductName: VMware kernel driver

InternalName: vmci.sys

OriginalFilename: vmci.sys

ProductVersion: e.x.p build-99530

FileVersion: e.x.p

FileDescription: VMware kernel driver

LegalCopyright: Copyright © 1998-2008 VMware, Inc.

b335e000 b3364000 vmnetbridge (no symbols)

Loaded symbol image file: vmnetbridge.sys

Image path: \SystemRoot\system32\DRIVERS\vmnetbridge.sys

Image name: vmnetbridge.sys

Timestamp: Thu Jun 19 03:26:56 2008 (4859B5E0)

CheckSum: 00015E55

ImageSize: 00006000

Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0

b54b5000 b54b9c00 vmnetuserif (no symbols)

Loaded symbol image file: vmnetuserif.sys

Image path: \??\C:\WINDOWS\system32\drivers\vmnetuserif.sys

Image name: vmnetuserif.sys

Timestamp: Thu Jun 19 03:26:32 2008 (4859B5C8)

CheckSum: 00015C3F

ImageSize: 00004C00

Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0

b9b43000 b9b46b00 VMkbd (no symbols)

Loaded symbol image file: VMkbd.sys

Image path: \??\C:\WINDOWS\system32\drivers\VMkbd.sys

Image name: VMkbd.sys

Timestamp: Thu Jun 19 04:19:43 2008 (4859C23F)

CheckSum: 00005A54

ImageSize: 00003B00

Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0

ba067000 ba069f00 VMNET (export symbols) VMNET.SYS

Loaded symbol image file: VMNET.SYS

Image path: \SystemRoot\system32\DRIVERS\VMNET.SYS

Image name: VMNET.SYS

Timestamp: Thu Jun 19 03:26:22 2008 (4859B5BE)

CheckSum: 0000772F

ImageSize: 00002F00

File version: 4.0.2.0

Product version: 4.0.2.0

File flags: 0 (Mask 3F)

File OS: 40004 NT Win32

File type: 3.7 Driver

File date: 00000000.00000000

Translations: 0409.04b0

CompanyName: VMware, Inc.

ProductName: VMware virtual network driver (32-bit)

InternalName: VMnet.sys

OriginalFilename: VMnet.sys

ProductVersion: 4.0.2.0 build-99530

FileVersion: 4.0.2.0

FileDescription: VMware virtual network driver (32-bit)

LegalCopyright: Copyright © 1998-2008 VMware, Inc.

bada4000 bada6680 vmnetadapter (no symbols)

Loaded symbol image file: vmnetadapter.sys

Image path: \SystemRoot\system32\DRIVERS\vmnetadapter.sys

Image name: vmnetadapter.sys

Timestamp: Thu Jun 19 03:26:25 2008 (4859B5C1)

CheckSum: 0000BC14

ImageSize: 00002680

Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0

badbe000 badc0000 VMparport (no symbols)

Loaded symbol image file: VMparport.sys

Image path: \??\C:\WINDOWS\system32\Drivers\VMparport.sys

Image name: VMparport.sys

Timestamp: Thu Jun 19 02:44:23 2008 (4859ABE7)

CheckSum: 0001193F

ImageSize: 00002000

File version: 6.5.0.3129

Product version: 6.5.0.3129

File flags: 0 (Mask 3F)

File OS: 40004 NT Win32

File type: 3.7 Driver

File date: 00000000.00000000

Translations: 0409.04b0

CompanyName: VMware, Inc.

ProductName: VMware parallel port driver

InternalName: VMparport.sys

OriginalFilename: VMparport.sys

ProductVersion: e.x.p build-99530

FileVersion: e.x.p

FileDescription: VMware parallel port driver

LegalCopyright: Copyright © 1998-2008 VMware, Inc.

Onboard Marvell Yukon NIC driver seems pretty recent:

1: kd> !sysinfo machineid

Machine ID Information [From Smbios 2.4, DMIVersion 36, Size=1197]

BiosVendor = Award Software International, Inc.

BiosVersion = F10H

BiosReleaseDate = 04/24/2008

SystemManufacturer = Gigabyte Technology Co., Ltd.

SystemProductName = 965G-DS3

SystemFamily =

SystemVersion =

SystemSKU =

BaseBoardManufacturer = Gigabyte Technology Co., Ltd.

BaseBoardProduct = 965G-DS3

BaseBoardVersion =

1: kd> lmvm yk*

start end module name

b9420000 b9466880 yk51x86 (no symbols)

Loaded symbol image file: yk51x86.sys

Image path: \SystemRoot\system32\DRIVERS\yk51x86.sys

Image name: yk51x86.sys

Timestamp: Tue May 20 15:03:14 2008 (4832CC12)

CheckSum: 00054588

ImageSize: 00046880

Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0

So, i must uninstall this software? or update latest version?

Depending on how consistent the dumps are (always have the same stack or the same drivers in the stack, same bugcheck code, etc.) this could be a RAM fault as it's nonpaged pool (resident in physical memory), but I would be more inclined to believe a driver fault.

I would go down the route of either uninstalling VMWare to see if the problem goes away, or the Zone Labs software so long as you are behind a NAT router.

Or wait until the next dump is produced and we can check for consistency (i.e. always network-related activity on the crashing thread stack).

A few hours testing overnight with memtest86 would not be a bad idea either.

Mr. Snurb... do you think my memory got error? If yes maybe i must buy new one?

SOrry if my language english to bad

Thank

gOber

0

Share this post


Link to post
Share on other sites

He suggested that problem might me ZoneAlarm. If you have it, remove it and see if you'll get BSOD again.

Cheers ;)

0

Share this post


Link to post
Share on other sites
He suggested that problem might me ZoneAlarm. If you have it, remove it and see if you'll get BSOD again.

Cheers ;)

Hi,

Ok thank... btw if i only disable ZA can? or must full uninstall?

thank

gOber

0

Share this post


Link to post
Share on other sites
Hi,

Ok thank... btw if i only disable ZA can? or must full uninstall?

thank

gOber

To remove filter drivers, you MUST uninstall. Disabling leaves the drivers intact and enabled, just without any work to do from the controlling application in user-mode. Since the problem with a filter driver can happen regardless of whether the app is enabled or not, you have to actually uninstall to do a valid test.

0

Share this post


Link to post
Share on other sites
Hi,

Ok thank... btw if i only disable ZA can? or must full uninstall?

thank

gOber

To remove filter drivers, you MUST uninstall. Disabling leaves the drivers intact and enabled, just without any work to do from the controlling application in user-mode. Since the problem with a filter driver can happen regardless of whether the app is enabled or not, you have to actually uninstall to do a valid test.

Hello,

Ok thank you for your respond.. Maybe i will try uninstall Vmware then let see tomorrow i will report to you.

thank

gOber

0

Share this post


Link to post
Share on other sites

Hello Again,

I already uninstall vmware and still got BSOD :( but i still keep my firewall coz im still waiting email from microsoft to see my dump report.

I will give report again later..

thanks

Anton

0

Share this post


Link to post
Share on other sites

Only a minidump, so not much info to extract, but it's the same bugcheck and underlying reason - an attempt to free a memory allocation which has already been freed.

Windows XP Kernel Version 2600 (Service Pack 3) MP (2 procs) Free x86 compatible

Product: WinNt, suite: TerminalServer SingleUserTS

Built by: 2600.xpsp.080413-2111

Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720

Debug session time: Tue Aug 26 16:14:51.406 2008 (GMT+2)

System Uptime: 0 days 4:47:58.968

BAD_POOL_CALLER (c2)

The current thread is making a bad pool request. Typically this is at a bad IRQL level or double freeing the same allocation, etc.

Arguments:

Arg1: 00000007, Attempt to free pool which was already freed

Arg2: 00000cd4, (reserved)

Arg3: 02130007, Memory contents of the pool block

Arg4: 88c100d8, Address of the block of pool being deallocated

STACK_TEXT:

bacebcd4 8054b583 000000c2 00000007 00000cd4 nt!KeBugCheckEx+0x1b

bacebd24 805c1014 88c100d8 00000000 88e84ee0 nt!ExFreePoolWithTag+0x2a3

bacebd4c 805bb46e 00000000 88e84ef8 00000001 nt!ObpFreeObject+0x142

bacebd64 805bb8b8 88e84ef8 00000001 80562f20 nt!ObpRemoveObjectRoutine+0xe8

bacebd7c 8053876d 00000000 00000000 8a5bd020 nt!ObpProcessRemoveObjectQueue+0x36

bacebdac 805cff64 00000000 00000000 00000000 nt!ExpWorkerThread+0xef

bacebddc 805460de 8053867e 00000000 00000000 nt!PspSystemThreadStartup+0x34

00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16

1: kd> !pool 88c100d8

Pool page 88c100d8 region is Unknown

88c10000 size: 98 previous size: 0 (Allocated) File (Protected)

88c10098 size: 38 previous size: 98 (Free) ....

*88c100d0 size: 98 previous size: 38 (Free ) *File (Protected)

Pooltag File : File objects

88c10168 size: a0 previous size: 98 (Free ) AfdC (Protected)

88c10208 size: 20 previous size: a0 (Allocated) ReTa

...

// Here is the raw dump of the problematic pool allocation:

1: kd> dc 88c100d0 88c10168-1

88c100d0 02130007 e56c6946 88b72330 00000000 ....Fil.0#......

88c100e0 00000000 00000000 bad0b0b0 c2000800 ................

88c100f0 00000000 00000000 00700005 8a077cf0 ..........p..|..

88c10100 00000000 88cdb350 00000002 00000000 ....P...........

88c10110 00000000 00000000 00000000 00000000 ................

88c10120 00000000 00040000 00000000 00000000 ................

88c10130 00000000 00000000 00000000 00000000 ................

88c10140 00000000 00000000 00000000 00000000 ................

88c10150 00000000 00040000 00000000 88c1015c ............\...

88c10160 88c1015c 00000000

// The pool allocation immediately before is also freed (looks like some USB communication driver allocation), but doesn't appear to have been a typical overrun as the header after is still intact:

1: kd> dc 88c10098 88c100d0-1

88c10098 00070013 00000000 89373c88 89309c50 .........<7.P.0.

88c100a8 88b9c748 00000000 00000010 88d816a0 H...............

88c100b8 022a0004 70627375 8a5246a8 0000020e ..*.usbp.FR.....

88c100c8 00000144 00000100 D.......

Can't see from this dump what driver was freeing the memory, but as before it could be the victim not the cause - this allocation was last used for a File object, where before it was related to networking (TCP).

The following driver I thought was installed by VMWare for its emulated NIC, but it is still loaded in this dump, and look at the date on it...

1: kd> lmvm el90xbc5

start end module name

b94dd000 b94ed400 el90xbc5 (deferred)

Image path: el90xbc5.sys

Image name: el90xbc5.sys

Timestamp: Tue Jul 17 01:40:19 2001 (3B537B63)

CheckSum: 0001DD13

ImageSize: 00010400

File version: 4.5.0.0

Product version: 5.0.0.0

File flags: 8 (Mask 3F) Private

File OS: 40004 NT Win32

File type: 3.6 Driver

File date: 00000000.00000000

Translations: 0409.04b0

CompanyName: 3Com Corporation

ProductName: 3Com EtherLink PCI

InternalName: EL90XBC5.SYS

OriginalFilename: EL90XBC5.SYS

ProductVersion: 5.00

FileVersion: 4.05.00.0000

FileDescription: 3Com EtherLink PCI Driver

LegalCopyright: Copyright 1994-2001, 3Com Corporation.

I don't think this is an onboard device from the last time I checked the specs, so if you don't have one of these installed it may be a good idea to see if it's in Device Manager, and maybe even rename/delete the file on disk to prevent it being loaded.

Though it's not a filter driver so I don't see how it should be interfering... I'd stick with the ZoneAlarm plan for now.

0

Share this post


Link to post
Share on other sites
Only a minidump, so not much info to extract, but it's the same bugcheck and underlying reason - an attempt to free a memory allocation which has already been freed.

Thank but microsoft support ask to me to do minidump. But i still waiting reply from microsoft

Windows XP Kernel Version 2600 (Service Pack 3) MP (2 procs) Free x86 compatible

Product: WinNt, suite: TerminalServer SingleUserTS

Built by: 2600.xpsp.080413-2111

Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720

Debug session time: Tue Aug 26 16:14:51.406 2008 (GMT+2)

System Uptime: 0 days 4:47:58.968

BAD_POOL_CALLER (c2)

The current thread is making a bad pool request. Typically this is at a bad IRQL level or double freeing the same allocation, etc.

Arguments:

Arg1: 00000007, Attempt to free pool which was already freed

Arg2: 00000cd4, (reserved)

Arg3: 02130007, Memory contents of the pool block

Arg4: 88c100d8, Address of the block of pool being deallocated

STACK_TEXT:

bacebcd4 8054b583 000000c2 00000007 00000cd4 nt!KeBugCheckEx+0x1b

bacebd24 805c1014 88c100d8 00000000 88e84ee0 nt!ExFreePoolWithTag+0x2a3

bacebd4c 805bb46e 00000000 88e84ef8 00000001 nt!ObpFreeObject+0x142

bacebd64 805bb8b8 88e84ef8 00000001 80562f20 nt!ObpRemoveObjectRoutine+0xe8

bacebd7c 8053876d 00000000 00000000 8a5bd020 nt!ObpProcessRemoveObjectQueue+0x36

bacebdac 805cff64 00000000 00000000 00000000 nt!ExpWorkerThread+0xef

bacebddc 805460de 8053867e 00000000 00000000 nt!PspSystemThreadStartup+0x34

00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16

1: kd> !pool 88c100d8

Pool page 88c100d8 region is Unknown

88c10000 size: 98 previous size: 0 (Allocated) File (Protected)

88c10098 size: 38 previous size: 98 (Free) ....

*88c100d0 size: 98 previous size: 38 (Free ) *File (Protected)

Pooltag File : File objects

88c10168 size: a0 previous size: 98 (Free ) AfdC (Protected)

88c10208 size: 20 previous size: a0 (Allocated) ReTa

...

// Here is the raw dump of the problematic pool allocation:

1: kd> dc 88c100d0 88c10168-1

88c100d0 02130007 e56c6946 88b72330 00000000 ....Fil.0#......

88c100e0 00000000 00000000 bad0b0b0 c2000800 ................

88c100f0 00000000 00000000 00700005 8a077cf0 ..........p..|..

88c10100 00000000 88cdb350 00000002 00000000 ....P...........

88c10110 00000000 00000000 00000000 00000000 ................

88c10120 00000000 00040000 00000000 00000000 ................

88c10130 00000000 00000000 00000000 00000000 ................

88c10140 00000000 00000000 00000000 00000000 ................

88c10150 00000000 00040000 00000000 88c1015c ............\...

88c10160 88c1015c 00000000

// The pool allocation immediately before is also freed (looks like some USB communication driver allocation), but doesn't appear to have been a typical overrun as the header after is still intact:

1: kd> dc 88c10098 88c100d0-1

88c10098 00070013 00000000 89373c88 89309c50 .........<7.P.0.

88c100a8 88b9c748 00000000 00000010 88d816a0 H...............

88c100b8 022a0004 70627375 8a5246a8 0000020e ..*.usbp.FR.....

88c100c8 00000144 00000100 D.......

Can't see from this dump what driver was freeing the memory, but as before it could be the victim not the cause - this allocation was last used for a File object, where before it was related to networking (TCP).

The following driver I thought was installed by VMWare for its emulated NIC, but it is still loaded in this dump, and look at the date on it...font="Courier New"]1: kd> lmvm el90xbc5

start end module name

b94dd000 b94ed400 el90xbc5 (deferred)

Image path: el90xbc5.sys

Image name: el90xbc5.sys

Timestamp: Tue Jul 17 01:40:19 2001 (3B537B63)

CheckSum: 0001DD13

ImageSize: 00010400

File version: 4.5.0.0

Product version: 5.0.0.0

File flags: 8 (Mask 3F) Private

File OS: 40004 NT Win32

File type: 3.6 Driver

File date: 00000000.00000000

Translations: 0409.04b0

CompanyName: 3Com Corporation

ProductName: 3Com EtherLink PCI

InternalName: EL90XBC5.SYS

OriginalFilename: EL90XBC5.SYS

ProductVersion: 5.00

FileVersion: 4.05.00.0000

FileDescription: 3Com EtherLink PCI Driver

LegalCopyright: Copyright 1994-2001, 3Com Corporation.

I don't think this is an onboard device from the last time I checked the specs, so if you don't have one of these installed it may be a good idea to see if it's in Device Manager, and maybe even rename/delete the file on disk to prevent it being loaded.

Though it's not a filter driver so I don't see how it should be interfering... I'd stick with the ZoneAlarm plan for now.

Yes 3com is not onboard device.. that for my LAN network but i never use again. i use onboard network for internet connection.

Ok i will try uninstall ZA later after get email from microsoft.....

Btw do you have other option be sides ZoneAlarm?

Thanks

gOber

0

Share this post


Link to post
Share on other sites

I used Zone Alarm Pro years ago, but found that it got slower and filled with more features that I didn't want in a personal firewall solution and so dumped it once the license expired.

Now I just use the built-in Windows Firewall, and rely on:

- NAT router to drop external attack attempts before they even reach any clients

- Windows Defender and anti-virus for malware detection

- UAC to prompt when a program is trying to do "something administrative" (I use Vista)

- common sense when browsing, downloading & receiving emails with attachments I don't expect or recognise

(As the NAT router takes care of the perimeter, the Windows Firewall is just protecting each client from its peers, just in case something managed to get in and hit one of the clients.)

0

Share this post


Link to post
Share on other sites
I used Zone Alarm Pro years ago, but found that it got slower and filled with more features that I didn't want in a personal firewall solution and so dumped it once the license expired.

Now I just use the built-in Windows Firewall, and rely on:

- NAT router to drop external attack attempts before they even reach any clients

- Windows Defender and anti-virus for malware detection

- UAC to prompt when a program is trying to do "something administrative" (I use Vista)

- common sense when browsing, downloading & receiving emails with attachments I don't expect or recognise

(As the NAT router takes care of the perimeter, the Windows Firewall is just protecting each client from its peers, just in case something managed to get in and hit one of the clients.)

Thank for your information sir... but i dont have router... only normal modem....

Ok i will report u again later Snrub.... sorry if my language english to bad...

Thank again

gOber

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.