Blue Screen and Restart On Vista

DELL XPS M1530
Vista Ultimate
AVG Free 8.0 Anti Virus

That time I was on a Skype phone and a blue screen suddenly displayed and system was restarted. What I remembered from that blue screen is Dumping memory sentence displayed.

The system was restarting and before loading Windows, the options of Safe Mode, etc were displayed. And I chose Start Windows Normally.

And when I back to Windows, it seems that nothing happens. But I do really worried about my laptop

1. What happened? Was it a virus / trojan attacking my system? If yes, how to overcome it?

2. Recently BEFORE the bluescreen, I used to get my webcam lamp and the video on and off during Skype video call. Somebody on this forums ever told me that it might be caused by malware. Does this problem related with the bluescreen/causal of the bluescreen I got?

3. I use a portable USB harddrive. Recently BEFORE the bluescreen, I also having a problem of it won't be SAFELY REMOVED from the system EVEN when I have closed all applications and EVEN if I don't access it at all. It still rejected to be removed. Windows said that other application is still using it.
Does this problem related with the bluescreen/causal of the bluescreen I got?

4. What does Windows Defender function? It did not warn me at all when the bluescreen happened.

5. Does bluescreen and restart always virus / trojan? Might it be other problem?

6. Does BLUESCREEN and restart harm my laptop hardware? I mean will it damage the hardware? Because I just worried that the system was not shutted down normally and suddenly restarted when I open a lot of applications.

How to solve this and what AV is the best recommendation?

Thank you very much.

 

Dude, it's not necessarily a virus/malware problem. You didn't give much for others to work with. What is your system config? What did you install recently? Do a memtest86 maybe (to look for memory error)? Do a checkdisk?

There are lots of possibilities for BSOD.

 

Thank God, I thought it was virus because of other problem I also experience, like the safe remove and ALSO I forgot to mentioned that why did I about twice experiencing flick on display when I browse using IE 7.

Those problems brought me to analyze that there is a virus / malware.

My config:
Intel T9300
4GB RAM
200GB harddrive
120GB portable harddrive Maxtor One Touch
nVIDIA GeForce 8600M GT 256MB DDR3
Vista Ultimate

I don't install anything on my laptop. Just AVG 8.0 Free Edition anti virus, Skype, WinAmp and Yahoo Messenger application.

Could it be the Skype cause the blue screen?

Both Windows Defender and AVG do not react anything AFTER this bluescreen and it seems allright but I do really worried.

What can you recommend? And you said that there are a lot of possibilities that cause BSOD? What are they? My friend said that it could be crash on Windows, what cause the crash?

Thank you very much.

 

Check if there is a Minidump folder in the Windows Directory, and upload the latest .dmp file in it.

 

How to get the latest .dmp file? And what do you mean by upload? Overwrite it with the latest one?

What is the relation between Minidump folder and the .dmp file with the blue screen I got? Does it the cause or it is the solution?

Thank you.

 

Drive (C:\ etc) > Windows > Minidump > latest minidump file (*.dmp)

The BSOD info is in it, and may help you to reach a solution. Upload it here as an attachment.

 

Ok I will check it then. I have read on google that there are a lot of blue screen issue. By the way how to attach a file on this message? I haven't seen one.


Thank you.

 

Well, you locate the latest .dmp file (will have name as date), and add it to .zip

Then here, when posting > Go Advanced > and look in the various formatting options, and you'll see "Attachments".

 

Andy here I have uploaded the mini file like you suggest.

I'll be waiting for the reply.

Thank you very much.

 

Forgot to check this thread.
Is the system stable now ?

 

Have you checked the dmp file I attached? How was the result?

What can be checked from that file which shows something is not right?

Now everything is fine. Can it be happen again? More than once or twice?

How to prevent and repair that problem?

Thank you.

 

Yes. I've just had a look at it. Pretty Lame.

Says only Pool Corruption, and info points out ntkrpamp.exe (nt!) {NT Kernel & System}. Its most probably a driver issue (memory access violation C5), since the error is mainly in Window's Dynamic Memory Allocation stuff.

To find out the faulty device/driver, check the System Log in Event Viewer for errors. (Run > EventVwr.msc)

Also, try installing a different version of the "Video Capture Device Driver" (oem02dev.sys), and if you can somehow get the hang of using the Driver Verifier, here are the instructions to set it up for Pool Tracking. (Run > CMD > Verifier ↵

Also, here is the general troubleshooting guide for 0x7E in XP, should be applicable for Vista as well. http://support.microsoft.com/kb/330182

If you have some time at your hands, might as well defrag the pagefile and HDD, run a RegTest ( CCleaner/ Uniblue) run a HDD diagnostic test ( WD Diagnostics/ HD Tune), and a Memory Test ( Memtest, UBCD, Vista)

Code:

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 81d272cb, The address that the exception occurred at
Arg3: 8c373b38, Exception Record Address
Arg4: 8c373834, Context Record Address

Debugging Details:
------------------

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

FAULTING_IP:
nt!ExFreePoolWithTag+43d
81d272cb 0fb74ffa        movzx   ecx,word ptr [edi-6]

EXCEPTION_RECORD:  8c373b38 -- (.exr 0xffffffff8c373b38)
.exr 0xffffffff8c373b38
ExceptionAddress: 81d272cb (nt!ExFreePoolWithTag+0x0000043d)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 00000000
   Parameter[1]: 00000040
Attempt to read from address 00000040

CONTEXT:  8c373834 -- (.cxr 0xffffffff8c373834)
.cxr 0xffffffff8c373834
eax=00000000 ebx=00000004 ecx=00000000 edx=90a90140 esi=00000046 edi=00000046
eip=81d272cb esp=8c373c00 ebp=8c373c5c iopl=0         nv up ei pl nz na po nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010202
nt!ExFreePoolWithTag+0x43d:
81d272cb 0fb74ffa        movzx   ecx,word ptr [edi-6]     ds:0023:00000040=????
.cxr
Resetting default scope

CUSTOMER_CRASH_COUNT:  1

PROCESS_NAME:  System

CURRENT_IRQL:  0

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

READ_ADDRESS: GetPointerFromAddress: unable to read from 81d70868
Unable to read MiSystemVaType memory at 81d50420
 00000040

BUGCHECK_STR:  0x7E

DEFAULT_BUCKET_ID:  NULL_CLASS_PTR_DEREFERENCE

LAST_CONTROL_TRANSFER:  from 81d263ae to 81d272cb

STACK_TEXT: 
8c373c5c 81d263ae 00000046 00000000 00000008 nt!ExFreePoolWithTag+0x43d
8c373c6c 90a9066b 00000046 90a949b2 00000046 nt!ExFreePool+0xf
WARNING: Stack unwind information not available. Following frames may be wrong.
8c373c9c 90a905a2 90a865f2 90a83b10 90a83b30 OEM02Dev+0x1066b
8c373d00 909045fd 8510b2a0 8b1b1b40 8510b468 OEM02Dev+0x105a2
8c373d20 90921952 0010b214 8c373d44 90907805 ks!CKsPin::ProcessingObjectWork+0x9a
8c373d2c 90907805 8510b214 81d3b178 84719580 ks!KsWorkSinkItemWorker+0xe
8c373d44 81c71445 8b1b1b20 00000000 84719580 ks!WorkerThread+0x45
8c373d7c 81e0eb18 8b1b1b20 efcc2be9 00000000 nt!ExpWorkerThread+0xfd
8c373dc0 81c67a2e 81c71348 00000002 00000000 nt!PspSystemThreadStartup+0x9d
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16


FOLLOWUP_IP:
nt!ExFreePool+f
81d263ae 5d              pop     ebp

SYMBOL_STACK_INDEX:  1

SYMBOL_NAME:  nt!ExFreePool+f

FOLLOWUP_NAME:  Pool_corruption

IMAGE_NAME:  Pool_Corruption

DEBUG_FLR_IMAGE_TIMESTAMP:  0

MODULE_NAME: Pool_Corruption

STACK_COMMAND:  .cxr 0xffffffff8c373834 ; kb

FAILURE_BUCKET_ID:  0x7E_nt!ExFreePool+f

BUCKET_ID:  0x7E_nt!ExFreePool+f

Followup: Pool_corruption

 

1. So this is not a virus caused problem isn't it?

2. Does this problem only affecting Vista and software scope only? Or it also affecting the hardware?

3. How can a driver file or something related with the hardware cause this problem? I was so surprised because I have used computer for so many years and I never have this problem.
And also this is my first laptop so I am so worried.

4. Will this happen again? More than twice or three times?

5. "If you have some time at your hands, might as well defrag the pagefile and HDD, run a RegTest (CCleaner/Uniblue) run a HDD diagnostic test (WD Diagnostics/HD Tune), and a Memory Test (Memtest, UBCD, Vista)"

Do all the Utility Tool you've mentioned are third party? Or Vista has already have it?

6. I have mentioned on my FIRST post that recently I was experiencing the webcam On and Off during Skype phone and also about 3 times a FLICK screen appear on IE and IE stop working.
Do all those things have any relationship with this blue screen?

7. Is this a COMMON problem in Vista? Is this a bug of Vista? Or this is a serious problem in a context of computer?

Please give me each information above detailed per question.

Thank you very much.

 

1. Doesn't look like, but I cannot say for sure, because bugchecks don't really give much info regarding virus attacks. The best you can do is Google "0x7E Virus", and see the results you get. If you're not happy with AVG, I would advise to run a scan using Avira or KIS trial.
   
2. Its normally related to the OS, but anything to do with memory, can be due to a physical fault in one of the modules or the memory settings or one of the memory chips itself. Since the BIOS is locked, you could check from the manufacturer's site for any BIOS updates addressing memory issues, and run either Vista's own memory tester or download Memtest86, which is a very good/clean memory stressing tool. Apart from that, if you want to do stuff in Vista, you can download Orthos and run a Blend Test, to check for memory faults within windows.
   
3. A bad/incompatible/unstable driver can ruin the whole system, and cause it to do weird things. Here is the article for 0x7E....
4. If the BSOD culprit is not removed, then yes, all this will recur as long as its there.
   
5. Yes, they are 3rd Party, free (except Uniblue) and clean, but the Vista Memory Tester and Defrag tool is built-in.
   
6. Nothing mentioned about them in the bugcheck. Check the Application and System log in Event Viewer, and see if there are any errors related to them. If there are, reinstall a different version of Skype, and also your Display and Network drivers.
   
7. Its a very common problem. Try googling "0x0000007e", and it gets you >90,000 results. Causes are different though, and in some cases hard to find.

 

1. Its normally related to the OS, but anything to do with memory, can be due to a physical fault in one of the modules or the memory settings or one of the memory chips itself. Since the BIOS is locked, you could check from the manufacturer's site for any BIOS updates addressing memory issues, and run either Vista's own memory tester or download Memtest86, which is a very good/clean memory stressing tool. Apart from that, if you want to do stuff in Vista, you can download Orthos and run a Blend Test, to check for memory faults within windows.

So the physical memory module has any problem? Do you mean the memory or RAM( the hardware ) is DAMAGED?

2. A bad/incompatible/unstable driver can ruin the whole system, and cause it to do weird things. Here is the article for 0x7E....
Quote:
If you do not know the specific cause of the exception, consider the following issues:

1. Hardware incompatibility. Make sure that any new hardware that is installed is listed in the Microsoft Windows Marketplace Tested Products List.
2. Faulty device driver or system service. A faulty device driver or system service might be responsible for this error. Hardware issues, such as BIOS incompatibilities, memory conflicts, and IRQ conflicts can also generate this error.

How can a hardware incompatibility happened? DELL should have already checked it before they config the system and before they recommend the system to customers, right?


3. If the BSOD culprit is not removed, then yes, all this will recur as long as its there.
In my case what is the BSOD culprit that cause all these and should be cured?

4. Yes, they are 3rd Party, free (except Uniblue) and clean, but the Vista Memory Tester and Defrag tool is built-in.

Are they safe software to use?

5. Nothing mentioned about them in the bugcheck. Check the Application and System log in Event Viewer, and see if there are any errors related to them. If there are, reinstall a different version of Skype, and also your Display and Network drivers.

I already have the latest Skype. Or maybe I will stop my camera when on Skype.

6. The most important thing is does my laptop allright? How is the condition of the CPU, mainboard, RAM, harddrive and display card after this bluescreeen? I mean does this bluescreen error will DAMAGE one of them? If yes, which one?

7. How can it happen just now? I already have this laptop for 6 months and I have the Skype video call every week and I have no other software installed besides Skype, Winamp and Yahoo Messenger. That's it.
Why does since May until last week there are no problem?

8. You said that this is a common problem, right? So this can also happen not just to DELL laptops right?

Thanks.

 

Its unlikely it is damaged, but when I played around with a couple of "*=ignore" codes when debugging I got a weird followup:

Code:

FOLLOWUP_NAME:  [COLOR="Red"]Dynamic memory corruption detected when freeing memory[/COLOR]

MODULE_NAME: nt

IMAGE_NAME:  [COLOR="Red"]ntkrnlmp.exe[/COLOR]

Now I am not sure what that means, since I'm missing my Minidump Anthology book at the moment I can't go much deep into this, but it has something to do with the dynamic memory thing in windows, which somehow caused the memory pool to get corrupted. Nothing big, just one of your drivers had a collision with one of your 3rd Party software, accessed the memory in the wrong way, and caused a memory access violation error. Happens all the time.

I said before, that anything to do with the memory can be related to the physical memory as well. When a memory cell gets corrupted, a whole lot of weird things happen, and some are really hard to comprehend. So, as a precautionary measure, run a memtest (3rd-party or Vista) to check the memory cells for any error, so you can rule out any H/W fault. Same applies for the HDD, CPU, GPU.

Dell gets the driver from the device manufacturer, probably tests it intensively on each model, but Dell doesn't run the same 3rd Part apps as the end-user does.

Yes, they are safe to use, else I would not mention them.

Your CPU, Mainboard, GPU, HDD seem to be fine. Cannot say about memory. But best to run diagnosic tools to stress-test each one, so as to rule out H/W faults.

BSOD does not damage anything. A BSOD is displayed when the system encounters a critical system error, and causes it to shutdown, without saving anything except the dump, to prevent any further damage. It warns you of an error, or damage that could probably be caused. BSODs are nrmally related to H/W faults and incompatiblities, and Driver issues.

Did you install any new software, driver, etc. ? Check for a System Restore option for before May. One should always keep a working backup image using Acronis, so any problems - one can restore back to the previous stable state.

It can happen to anything that uses Windows Vista as an operating system. Vista is still new and has some weird bugchecks that are not yet described properly by even MSDN, so debugging them is a bit hard sometimes.