Foros de Windows

[jose_cast]

Hola, bueno mi pc tiene un nuevo problema. Cada tanto se reinicia y en el visor de registro de sucesos del sistema me aparece que lo hace luego de una comprobacion de errores. Cuando compré la pc, venia con windows vista, ahora tiene windows 7.
La he configurado para que no se reinicie automaticamente y para que guarde un volcado completo de memoria en un archivo dump. Luego los abri con el windows debugging tools y hay dos errores que se repiten, uno del kernel (que mal) y otro de la memoria ram.

El del kernel me dice esto:

Código: Seleccionar todo

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003.  This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG.  This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG.  This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 82a424ba, The address that the exception occurred at
Arg3: a3093b70, Trap Frame
Arg4: 00000000

Debugging Details:
------------------

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

*************************************************************************
***                                                                   ***
***                                                                   ***
***    Either you specified an unqualified symbol, or your debugger   ***
***    doesn't have full symbol information.  Unqualified symbol      ***
***    resolution is turned off by default. Please either specify a   ***
***    fully qualified symbol module!symbolname, or enable resolution ***
***    of unqualified symbols by typing ".symopt- 100". Note that   ***
***    enabling unqualified symbol resolution with network symbol     ***
***    server shares in the symbol path may cause the debugger to     ***
***    appear to hang for long periods of time when an incorrect      ***
***    symbol name is typed or the network symbol server is down.     ***
***                                                                   ***
***    For some commands to work properly, your symbol path           ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
TRIAGER: Could not open triage file : C:\Program Files\Windows Kits\8.0\Debuggers\x86\triage

\modclass.ini, error 2

ADDITIONAL_DEBUG_TEXT: 
Use '!findthebuild' command to search for the target build information.
If the build information is available, run '!findthebuild -s ; .reload' to set symbol path and load

symbols.

MODULE_NAME: nt

FAULTING_MODULE: 82840000 nt

DEBUG_FLR_IMAGE_TIMESTAMP:  4ea76ed3

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - La instrucci n en 0x%08lx hace referencia a la memoria en 0x

%08lx. La memoria no se pudo %s.

FAULTING_IP:
nt+2024ba
82a424ba 0fb6510f        movzx   edx,byte ptr [ecx+0Fh]

TRAP_FRAME:  a3093b70 -- (.trap 0xffffffffa3093b70)
ErrCode = 00000000
eax=94746098 ebx=00000000 ecx=00000000 edx=0000242f esi=a3093cec edi=00000000
eip=82a424ba esp=a3093be4 ebp=a3093be8 iopl=0         nv up ei ng nz na po nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010282
nt+0x2024ba:
82a424ba 0fb6510f        movzx   edx,byte ptr [ecx+0Fh]     ds:0023:0000000f=??
Resetting default scope

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT

BUGCHECK_STR:  0x8E

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from 82a24faf to 82a424ba

STACK_TEXT: 
WARNING: Stack unwind information not available. Following frames may be wrong.
a3093be8 82a24faf 00000000 a3093cec a3093ce8 nt+0x2024ba
a3093c80 82a286e4 84ae6828 00000000 00000000 nt+0x1e4faf
a3093cbc 82a284ff 84ae6828 00000000 84fc8000 nt+0x1e86e4
a3093cf0 82a283b1 00000009 84fc8000 00000018 nt+0x1e84ff
a3093cf4 00000000 84fc8000 00000018 8280ec01 nt+0x1e83b1


STACK_COMMAND:  kb

FOLLOWUP_IP:
nt+2024ba
82a424ba 0fb6510f        movzx   edx,byte ptr [ecx+0Fh]

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  nt+2024ba

FOLLOWUP_NAME:  MachineOwner

IMAGE_NAME:  ntkrnlpa.exe

BUCKET_ID:  WRONG_SYMBOLS

Followup: MachineOwner

Nota: Todos los reportes sobre el kernel dicen lo mismo pero al final de los mismos aparecen arhivos marcados como los posibles responsables y no entiendo lo que dice entre parentesis:

Probably caused by : vtdisp.dll ( vtdisp+1f4b2 )

Probably caused by : ntkrnlpa.exe ( nt+2024ba )


Ahora el de la memoria no lo pondre completo porque ya la he revisado con memtest86+ v4.20 y no encontró problemas, pero les pongo una seccion de lo que aparece en uno de los resportes:

Código: Seleccionar todo

MEMORY_MANAGEMENT (1a)
    # Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 00041287, The subtype of the bugcheck.
Arg2: 00000000
Arg3: 00000000
Arg4: 00000000

No se como examinar individualmente ese parametro.


Gracias.

[Azimut]

Hola, a mi lo de

La instrucci n en 0x%08lx hace referencia a la memoria en 0x

%08lx. La memoria no se pudo %s.

me suena a posible fallo de la ram, yo le pasaria un memtest86+ para asegurarme, además de un chkdsk c: /r

[Diegonew]

http://www.resplendence.com/whocrashed

Funciona

[jose_cast]

Gracias por contestar.

@Azimut: hice el test con memtest86+ en su ultima version la 4.20 y no arrojo errores. Cabe destacar que solo lo deje dar 4 pasadas, en este foro tu recomendabas 3 pasadas.
El comando chkdsk /r tampoco arrojo errores.

@Diegonew: El crashdump analisis me arrojo lo siguiente

Código: Seleccionar todo

Crash Dump Analysis
--------------------------------------------------------------------------------

Crash dump directory: C:\Windows\Minidump

Crash dumps are enabled on your computer.


On Thu 10/05/2012 07:35:24 p.m. GMT your computer crashed
crash dump file: C:\Windows\Minidump\051012-19828-01.dmp
This was probably caused by the following module: ntkrnlpa.exe (nt+0x4686B)
Bugcheck code: 0xA (0xFFFFFFFFC0398860, 0x0, 0x0, 0xFFFFFFFF828AF6E1)
Error: IRQL_NOT_LESS_OR_EQUAL
file path: C:\Windows\system32\ntkrnlpa.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that Microsoft Windows or a kernel-mode driver accessed paged memory at DISPATCH_LEVEL or above.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.


On Thu 10/05/2012 07:35:24 p.m. GMT your computer crashed
crash dump file: C:\Windows\memory.dmp
This was probably caused by the following module: ntkrpamp.exe (nt+0x4686B)
Bugcheck code: 0xA (0xFFFFFFFFC0398860, 0x0, 0x0, 0xFFFFFFFF828AF6E1)
Error: IRQL_NOT_LESS_OR_EQUAL
Bug check description: This indicates that Microsoft Windows or a kernel-mode driver accessed paged memory at DISPATCH_LEVEL or above.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: ntkrpamp.exe .
Google query: ntkrpamp.exe IRQL_NOT_LESS_OR_EQUAL




On Tue 08/05/2012 02:33:52 p.m. GMT your computer crashed
crash dump file: C:\Windows\Minidump\050812-22843-01.dmp
This was probably caused by the following module: ntkrnlpa.exe (nt+0x85A23)
Bugcheck code: 0x1A (0x41287, 0x0, 0x0, 0x0)
Error: MEMORY_MANAGEMENT
file path: C:\Windows\system32\ntkrnlpa.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that a severe memory management error occurred.
This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.


On Tue 08/05/2012 01:19:50 p.m. GMT your computer crashed
crash dump file: C:\Windows\Minidump\050812-20312-01.dmp
This was probably caused by the following module: ntkrnlpa.exe (nt+0x2024BA)
Bugcheck code: 0x1000008E (0xFFFFFFFFC0000005, 0xFFFFFFFF82A504BA, 0xFFFFFFFFA563DB70, 0x0)
Error: KERNEL_MODE_EXCEPTION_NOT_HANDLED_M
file path: C:\Windows\system32\ntkrnlpa.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that a kernel-mode program generated an exception which the error handler did not catch.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.


On Sat 05/05/2012 05:47:59 a.m. GMT your computer crashed
crash dump file: C:\Windows\Minidump\050512-20234-01.dmp
This was probably caused by the following module: ntkrnlpa.exe (nt+0x85A23)
Bugcheck code: 0x1A (0x41287, 0x0, 0x0, 0x0)
Error: MEMORY_MANAGEMENT
file path: C:\Windows\system32\ntkrnlpa.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that a severe memory management error occurred.
This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.


On Thu 03/05/2012 05:35:15 a.m. GMT your computer crashed
crash dump file: C:\Windows\Minidump\050312-19734-01.dmp
This was probably caused by the following module: vtdisp.dll (vtdisp+0x1F4B2)
Bugcheck code: 0x1000008E (0xFFFFFFFFC0000005, 0xFFFFFFFF8821F4B2, 0xFFFFFFFFA662C744, 0x0)
Error: KERNEL_MODE_EXCEPTION_NOT_HANDLED_M
file path: C:\Windows\system32\vtdisp.dll
product: UniChrome(Pro) IGP Driver
company: VIA/S3 Graphics Co, Ltd.
description: VIA/S3G Graphics Driver
Bug check description: This indicates that a kernel-mode program generated an exception which the error handler did not catch.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: vtdisp.dll (VIA/S3G Graphics Driver, VIA/S3 Graphics Co, Ltd.).
Google query: vtdisp.dll VIA/S3 Graphics Co, Ltd. KERNEL_MODE_EXCEPTION_NOT_HANDLED_M




On Thu 03/05/2012 02:31:18 a.m. GMT your computer crashed
crash dump file: C:\Windows\Minidump\050212-22484-01.dmp
This was probably caused by the following module: ntkrnlpa.exe (nt+0x2024BA)
Bugcheck code: 0x1000008E (0xFFFFFFFFC0000005, 0xFFFFFFFF82A424BA, 0xFFFFFFFFA3093B70, 0x0)
Error: KERNEL_MODE_EXCEPTION_NOT_HANDLED_M
file path: C:\Windows\system32\ntkrnlpa.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that a kernel-mode program generated an exception which the error handler did not catch.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.



--------------------------------------------------------------------------------
Conclusion
--------------------------------------------------------------------------------

7 crash dumps have been found and analyzed. 2 third party drivers have been identified to be causing system crashes on your computer. It is strongly suggested that you check for updates for these drivers on their company websites. Click on the links below to search with Google for updates for these drivers:

vtdisp.dll (VIA/S3G Graphics Driver, VIA/S3 Graphics Co, Ltd.)

ntkrpamp.exe

If no updates for these drivers are available, try searching with Google on the names of these drivers in combination the errors that have been reported for these drivers and include the brand and model name of your computer as well in the query. This often yields interesting results from discussions from users who have been experiencing similar problems.


Read the topic general suggestions for troubleshooting system crashes for more information.

Note that it's not always possible to state with certainty whether a reported driver is actually responsible for crashing your system or that the root cause is in another module. Nonetheless it's suggested you look for updates for the products that these drivers belong to and regularly visit Windows update or enable automatic updates for Windows. In case a piece of malfunctioning hardware is causing trouble, a search with Google on the bug check errors together with the model name and brand of your computer may help you investigate this further.


Lamentablemente para el driver vtdisp.dll no hay actualizaciones. Con respecto a ntkrpamp.exe no puedo ver que causa el error porque los simbolos del kernel estan mal.

[Azimut]

Pues va a ser de soft. No se me ocurre más que preguntarte si le pusiste los drivers correctamente cuando la formateaste para ponerle Win-7?

[jose_cast]

Pues los drives se instalaban pero al segundo windows me decia que no se habian instalado bien y sí Queria que se instalen automáticamente con la configuracion adecuada proporcionada por windows. Puse que sí y listo. Supongo que eso pasó xq no eran compatibles pero mi pc antés tenia windows vista y con los mismos drivers.