TechSpot

Help with BSOD on Toshiba laptop (XP minidumps)

By Gabbon
Sep 3, 2010
Post New Reply
  1. I'm trying to trace a fault on my laptop that's been occurring with increasing frequency--so I guess it's a motherboard issue or RAM.

    Can anyone help out with interpreting the attached minidumps?

    I'll attach the latest six.

    Thanks so much.
     

    Attached Files:

  2. B00kWyrm

    B00kWyrm TechSpot Paladin Posts: 1,556   +18

    Please start here: http://www.techspot.com/vb/topic51365.html

    This will take you through several tests, including testing your memory with memtest.
    I would strongly suggest that you start at the start, and work your way systematically.

    When you repost, please provide
    a. system specs (Yes it is a Toshiba, but please tell me more).
    b. OS / SP, and running software, especially security software (AV, Firewall, ETC)
    You appear to be running XP SP3. What else is running?
    c. when the bsod happens (what were you doing when the system failed).

    I have been looking over your dumps, and this additional information will be helpful.
    While several of your errors indicate memory issues, the question is why.
    Drivers can corrupt memory.
    Heat may cause memory corruption.
    Faulty memory chips may be the cause.
    Faulty capacitors on the main board may be the cause
    Improper memory settings
    Overclocking ...

    Malicious Software may sometimes cause some memory errors, leading to BSOD.
    Sometimes good programs may conflict, such as two firewalls or two av programs.

    This will take further analysis. I will repost after you reply.
     
  3. Gabbon

    Gabbon TS Rookie Topic Starter Posts: 23

    Thanks so much for your reply (I didn't notice it until just now).

    I have let memtest 4.00+ run twice, both times for more than 8 hours, and neither time has it detected errors.

    I also suspected the HDD. One of the tests I ran, it failed once, but after low-level formatting, it seemed to be operating fine, and passed at least three different HDD tests.

    I tried uninstalling Zonealarm, and updating drivers, but this did not help in the slightest. I also re-image the laptop OS regularly, which I think rules out malicious software as the culprit.

    The model # is A65-S1067, and it's running with 256+512RAM (512 in the expansion port)
    OS is Win SP SP3.

    The laptop is 5 years old now, so it's not surprising if the hardware is beginning to fail. The BSOD's have been occuring for about 1 year now.

    They almost always occur after I wake the computer from suspend (I have disabled hibernate). Most commonly the first thing I click on after waking it is Mozilla thunderbird, or Mozilla firefox.

    Other things I have noticed on a software level that are not as desirable is that the toshiba powersaver application will sometimes fail, and need to be shut down. The only other unusual software problem is the occasional zonealarm notifications that various application files failed the bootup check (I forget what it's called). these notices usually disappear on a re-boot.

    Any direction on where to find the problem would be great. If you think it's the caps, I've opened the case before & could check if there's any visibly bad caps.

    Thanks

    ----------
    edited to add that the laptop hasn't been overclocked, and I hadn't changed any major settings to the installation when the BSOD's began.
     
  4. B00kWyrm

    B00kWyrm TechSpot Paladin Posts: 1,556   +18

    No Problem Gabbon. Glad to help, at your pace. I will be notified when you reply.
    I am not yet convinced that you have a hardware problem. I believe it is a driver issue.
    I would assume you have updated ZA periodically?
    It could be that one of these updates precipitated your problems. See below.

    Mini090310-01.dmp
    BugCheck 1000008E, {c0000005, 805fc902, ed32abe8, 0}
    If I am reading this correctly this one relates to “power state”.
    (8E) These are nearly always hardware compatibility issues (which sometimes means a driver issue or a need for a BIOS upgrade).
    Right now I am reluctant to recommend the bios upgrade as it may only compound your problems. I don't want you to "brick" your system! ;) And I think other issues are primary.

    Mini082710-01.dmp
    BugCheck 100000D1, {6d5cbe20, 6, 1, f840538f}
    Unable to load image AGRSM.sys, Win32 error 0n2
    PROCESS_NAME: firefox.exe
    (D1) The most typical cause is a bad device driver (one that uses improper addresses). It can also be caused by caused by faulty or mismatched RAM, or a damaged pagefile.
    AGRSM.sys = TOSHIBA V92 Software Modem
    Therefore this is related to networking.
    It may be related to coming out of suspend, or it may be related to ZA.

    Mini082610-01.dmp
    BugCheck 19, {20, 828fd130, 828fd158, a050003}
    Unable to load image ntoskrnl.exe, Win32 error 0n2
    Probably caused by : memory_corruption ( nt!MiRemoveUnusedSegments+423 )
    PROCESS_NAME: plugin-containe
    (19) Device driver issues are probably the most common, but this can have diverse causes including bad sectors or other disk write issues, and problems with some routers.
    See here for information on plugin-container: http://www.technogadge.com/how-to-stop-firefox-plugin-container-exe-process/
    Since this is related to your browser, this is related to networking.
    It may be related to ZA.

    Mini082510-02.dmp
    BugCheck 1000000A, {d, 1c, 0, 804e20bc}
    Unable to load image vsdatant.sys, Win32 error 0n2
    PROCESS_NAME: logonui.exe
    (A) Typically due to a bad driver, or faulty or incompatible hardware or software.
    vsdatant.sys = ZoneAlarm
    Since this is pointing to ZA, again related to networking.

    Mini082510-01.dmp
    BugCheck 10000050, {fefeff06, 0, 804dd949, 0}
    Could not read faulting driver name
    BUCKET_ID: BAD_STACK
    (50) Defective memory (including main memory, L2 RAM cache, video RAM) or incompatible software (including remote control and antivirus software) might cause this Stop message, as may other hardware problems (e.g., incorrect SCSI termination or a flawed PCI card).
    Because of your other dumps, I am suspecting that this is really a driver problem.
    Because AV is known to produce this kind of problem from time to time, it may be related to your ZA security software.

    Mini081810-01.dmp
    BugCheck 19, {20, 82a9f000, 82a9f158, a2b0000}
    Unable to load image mrxsmb.sys, Win32 error 0n2
    PROCESS_NAME: ctfmon.exe
    IMAGE_NAME: memory_corruption
    (19) Device driver issues are probably the msot common, but this can have diverse causes including bad sectors or other disk write issues, and problems with some routers.
    mrxsmb.sys = Networking driver from MS.
    Notice the relationship to Networking, and to routers. Again, I am suspecting ZA as the cause.

    Summary:
    All of the errors but one seem directly related to Internet Activity. ZoneAlarm has been known to be problematic for some users. For a long time, I had recommended it. No more. I find others much more to my liking for many reasons.

    I recommend downloading freeware Online Armor (my current choice: It had been recommended to me by Route44),
    or Comodo, (previously used and still installed on one system).
    or Kerio by Sunbelt (highly recommended by another colleague!)

    Pick ONE (Only ONE!) of the following, download it to your desktop.
    http://www.techspot.com/downloads/4499-online-armor-free.html
    http://www.techspot.com/downloads/3702-comodo-firewall-pro.html
    http://www.techspot.com/downloads/117-kerio-personal-firewall.html

    Having more than one firewall will cause conflicts, crashes, and greater insecurity, not greater security. You should have only one installed on your system.
    I also recommend having a good AV: My current choice is Avira.
    Again, ONLY ONE should be installed for the same reasons.

    Also download and install Everest if you have not yet done so. This will help us look at other aspects of your system, to see if you have overheating issues. I note that you have opened the case. I assume you would have cleaned out any accumulated dust. Even so, overheating may have begun to be an issue.

    After downloading
    Go to this thread and copy the instructions for uninstalling ZA.

    http://www.techspot.com/vb/topic115386-2.html
    Go to post 30 by mflynn. Save the instructions to a text file and print them out. You will need the instructions. ZA is notoriously difficult to uninstall!

    Print these (My instructions in this post) too.

    Run Everest, and post your report.
    If you have had any more BSODs post them as well.
    Be prepared for the next step... but you might wait to act until I look at these reports.

    After I see your reports, I plan to have you do the following.

    Then, Go OFFLINE... disable your router/modem while you are doing this if need be.
    You may have an icon in your system tray that will allow you to disable your internet connection. Stay offline with this computer until you get your new firewall up.

    After going OFFLINE...
    Completely uninstall ZA using mflynns instructions.
    Then install the new firewall you downloaded earlier.

    See if the change of firewalls helps with the frequency of your BSODs.

    You do have one BSOD that seems related to your “suspend” mode.
    I too did not like this aspect of my Toshiba laptop.
    It never seemed to act the way it should. I do not remember now how I resolved my discontent. I moved to a Gateway about 5 years ago, and have been happy ever since. (Not that Toshiba is bad. My Toshiba served well for a number of years.)

    If changing firewalls does not reduce the frequency of BSOD’s then I will have another set of diagnostic steps for you. Please be aware that your process of re-imaging your drive may not be enough to ensure that you are free of malware. I am not saying that you have malware, but I have not ruled out the possibility yet. There does seem to be one or more driver issues involved. If it is not your Firewall (ZoneAlarm) then we need to look deeper to find the cause. If I begin to suspect that it is malware, I will let you know and refer you to the appropriate helpers for that issue.

    RE: ZA Removal... Please wait until I get back to you. I am trying to find a better / easier way to do it.

    ***** --- 4 hours later --- *****
    ***** I have a simpler way. *****

    Let me know when you are ready.
     
  5. Gabbon

    Gabbon TS Rookie Topic Starter Posts: 23

    OK, Sounds good.

    And yes, I opened the case to clear out the dust that had accumulated over the heat sink (I was encountering total shut-downs due to overheating before I cleared it away)

    A couple questions:

    1) I didn't see a free version of Everest to download. Do I just use a trial version, or am I missing something

    2) I've bought a second laptop, but still want to track the problems down on this one, so the option of doing a clean install on this laptop is on the table if that would make diagnostics easier--just let me know.

    Thanks
     
  6. B00kWyrm

    B00kWyrm TechSpot Paladin Posts: 1,556   +18

    Everest Free Edition
    http://www.techspot.com/downloads/4864-everest-free-edition.html

    If you do a clean install, that may be the fastest way to restore your system, (or maybe not depending on the problem).
    I doubt that it would help us to figure out what is currently the problem... It would simply (if all went well) eliminate the problem

    Your choice...
    • Restore / clean install... may get rid of the problem quickly, or may not, in which case we would be back to trying to sort it out.
    • Continue trying to sort it out, and possibly figure it out, or at some point possibly decide to clean install anyway.

    Here is another route to uninstall ZoneAlarm:
    [1] Go to *Control Center*> go to the *Preferences* tab of the *Overview* panel.
    [2] Clear the check box labeled *Load ZoneAlarm* at startup.
    [3] Reboot the computer.
    [4] In Windows start menu: Go to *Start> Programs> Zone Labs*
    [5] Click *Uninstall ZoneAlarm.*
    [6] During the uninstallation process, you will see a diaglog box titles "This is a security check from the Zone Labs security engine> Click *YES* in this dialog box.
    ---------
    This may work best in Safe Mode.
    To boot to safe mode, press f8 after power-up.
     
  7. Gabbon

    Gabbon TS Rookie Topic Starter Posts: 23

    OK, I've decided not to clean-install (it would be nice to track this fault down properly) and I've attached the everest report before I uninstalled ZoneAlarm (I now have Online Armor for my firewall).

    I've noticed over the last week that the laptop has not failed in this time-frame. The weather is a little cooler, so I'm wondering if indeed there have been some heat issues...

    What you've written has led to a few more questions--I wonder if you can help me with them:

    - You mentioned the possibility of malicious software, so, I'm a little more suspicious than I was before. I haven't been running an antivirus. Instead, I've been relying on periodic re-imaging of the HDD (executed through a linux boot disk). Only thing is that I've also maintained a cache for Firefox outside of the imaged OS partition so favourites could be manintained. So that move wasn't altogether airtight. Just now, however, I've re-imaged the HDD and deleted the cache before opening firefox, so this door should now be closed.

    - Building on what I've said above, are there any suggestions on a lightweight antivirus (only reason I've not used one is to keep the computer fast :) ).

    - You seemed fairly paranoid about an attack in the interim between uninstalling ZoneAlarm and installing Online Armor. Do you care to enlarge on what scenario you're enivisaging. I always thought a hack would generally either take longer, or be less likely in a short time frame... On a side thought, I'm running a firewall on my router (flashed with DD-WRT v24-sp1, standard), and while it doesn't filter like a software firewall, I thought it should at least block a fair few attempts. Any thoughts on that (my knowledge of hacks that firewalls prevent is fairly limited)?

    Thanks so much.
     

    Attached Files:

  8. B00kWyrm

    B00kWyrm TechSpot Paladin Posts: 1,556   +18

    Here is the message that has just been posted:
    The only thing I am noticing here is that your cpu temp is higher than I would like, but it seems still to be within spec / envelope. Your cpu may have been running hotter in the hotter weather, resulting in problems. The more clock-cycles being taken by overhead the hotter it will run. OA (vs ZA) should help.
    According to Intel’s spec sheet for your processor , your “case temperature” should not be less that 5°C, or greater than 75°C. What they are actually talking about is the operating temperature of your processor, not the ambient temperature inside the box. Despite this higher figure, 75°C, (vs your current temp 55 °C (131 °F)) – I am still somewhat concerned. My laptop does not run anywhere near this hot.

    I think you will be pleased. Less overhead as compared to ZA, and friendlier. I may have mentioned that I was a former ZA proponent, but a number of things caused me to change, and I have liked OA.

    This is good! ;)

    Re: Your Questions on Malware related issues…
    • Reimaging – I did begin training in malware removal, but only began. (I was unable to complete due to health reasons – though I may still go back). In any case - nowhere in the training that I completed was reimaging discussed as either preventive or remedy for malware. If I were you, I would ask Bobbye or Broni about this. They may be able to address it more thoroughly. I have some things I would like to say (out of what I learned) but I may be incorrect and so defer – referring you to our experts. For example, I do not know if this would be adequate response to some of the more malicious root-kits etc. (Malware has become exceedingly creative in how it hides!)
    • AntiVirus – Different people have their favorites. None are 100%, and all are slightly “behind the curve”. What I mean by this is: the AV is updated based upon virus definitions from viruses that are found “in the wild”. Can’t update until someone has been infected. What I like about Avira are these points...
      • Frequent updates – Twice daily.
      • One of the highest effectiveness ratings of any product available.
      • Ease of Use and transparency – The “Active Shield” feature does not use much overhead, and regular scans can be scheduled, or you can manual run scans as desired. I doubt you will experience any slowdown with this AV.
      • Free product with excellent support even for the free product on the Avira Forums.
      • Very few interferences with any other desirable program, and if glitches do develop, they are quickly discovered and resolved.
      I would not denigrate other programs. I just find Avira to be top-notch. As I said, others have their own favorites. And AV products that prove to work perfectly for one person may not for another. There are variations between systems.
    • A full security plan should include
      • Firewall (like OA, or Kerio by Sunbelt, etc)
      • Antivirus (Like Avira)
      • Regular updates to OS, and to programs like Java, Browser, “dotNet”, Adobe Acrobat, etc.
      • MBAM (MalwareBytes AntiMalware) – This checks for Spyware and registry changes, where AV’s look for programs (resident/running or simply present on the drive) that have been or are compromising your system. In some cases there are areas of overlap, but MBAM does do a unique job not done by AV.
      • (In my opinion this is optional) Spybot S&D – Some aspects of this program may now be outdated; go by the advice of the professionals here. One thing that is not outdated is their hosts file that will prevent connecting to “known malicious” websites. This hosts file is available without the package, but...
      • Periodic check-ups with a second AV opinion – there are several “on-line” scanners. Kasperky is good. Again, Bobbye and Broni can direct you to some of the other considered best currently.
    • If you suspect you may have malware, I would encourage you to visit our malware forum. Kind of like looking at a mole... is it cancer? pre-cancer? completely benign? At the least you will get a clean bill of health, and you can rest easier. At the worst, they can help identify a problem so that you can take corrective measures (for example, if banking data may have been compromised) and then to help you get cleaned up.
    • Paranoia – Yes… I am paranoid. But, being paranoid does not mean "nobody is out to get you". I have seen some direct people to switch firewalls without going off line first. I would never do that, especially in this era of high-speed connections. I have been hit by malware, and so I do everything I can to avoid it. This means I don’t go “streaking” (Running outside in my underwear or less…) And I practice safe surfing. Speaking of which…
    • Safe Surfing –
      • Jobeard is a great proponent of the idea of always surfing from a “limited”/”restricted” account. In other words, log into a restricted or USER account, rather than an Administrator account. This will help prevent inadvertently installing malware. Any downloads can then be checked for malware before installing them. If they are zipped they can be unzipped on the limited account and checked, and if safe then be installed from the administrator account.
      • Avoid like the plague any filesharing sites – This is the highest incident “vector” for the transmission of malware. This includes music sharing sites, and torrent/“pirate” sites. It includes the use of programs like bittorrent, etc.
      • If you have a legitimate/legal reason/need to use file sharing, then do so from within a sand-box, another layer of protection. Again… Jobeard is great at advocating layered protection!

    Given your questions, and what I have felt appropriate to share with you, I will ask Jobeard, Bobbye and Broni to look in and offer their insights as well. Jobeard may be able to better address your router-firewall question also.

    If I missed anything, or raised new questions, please do repost.
    Meanwhile, I will ask the others to look in.
     
  9. jobeard

    jobeard TS Ambassador Posts: 13,517   +336

    Most of the 'cheap' routers we use at home provide only NAT and SPI. The NAT is necessary
    to create the LAN (ie allow multiple PCs to share the single ISP access).
    The SPI ensures that only packets which are part of a connection are sent to the NAT address;
    eg packet #15 to 192.168.1.2 port 137 can't be valid unless packets 1-14 have been seen.

    Lastly, unless the user has created a port forward mapping, only traffic that was created
    by the user should flow freely.

    The above are basics of routers, but a firewall exercises far more control and win/7's FW
    does a great job, especially for laptops at hotspots, in creating profiles where different rules are needed for different environments.

    Yes there is some 'filtering', but it is minuscule compared with the robustness of a FW;
    read that is big time insufficient.
     
  10. B00kWyrm

    B00kWyrm TechSpot Paladin Posts: 1,556   +18

    Thanks jobeard...
    It was my understanding that router-firewall was insufficient, but I have seen a few advocates;
    knowing your expertise with Routers and networking, I felt you were a good one to weigh in here.
    I appreciate your time and input!

    -Anti-Malware Team Opinion Update-
    BTW... Bobbye has responded to me with the opinion that you should do a malware check.
    @ Bobbye... Thanks for taking a look.
     
  11. jobeard

    jobeard TS Ambassador Posts: 13,517   +336

     
  12. Gabbon

    Gabbon TS Rookie Topic Starter Posts: 23

    Cool--that's a great explanation. And yes, the router has SPI enabled, and no port forwarding.
    A second question is that I've also enabled blocking of anonymous WAN requests (ping), Filtering of multicast, Filtering of NAT redirection, and filtering of IDENT (port 113). I have little idea of what these do--are they relevant?
    The router can also filter proxies, Cookies, Java Applets, and ActiveX, but I haven't enabled these (doing so seems to disable access to these for any connected computer--is that right?)

    @B00kWyrm
    Thank you so much for looking through the everest report, and your reply above. It's very helpful.

    Yes, you're right about the heat issues on the CPU. It's one of those PIV chips that really belong in a desktop. The heatsink is huge, and the heat output during processing rivals that of a floor heater :). Should I try stressing the system to see if it's simply heat that's making it unstable?

    Another question is that I tried installing online armour on my desktop, but it's 64-bit. Do you know any good free firewalls that support 64-bit processors?

    One last question on malware: Is there any extra options in re-imaging a disk that would ensure infections are erased? (eg. re-imaging the master boot record+first track, not just the partition)?
     
  13. jobeard

    jobeard TS Ambassador Posts: 13,517   +336

    Yes they are, but personally, I like to keep like things together. I would block ports (ie port 113) using
    the firewall and not the router. PING and multicast are protocols, not ports, so let the router manage those.

    First, I highly doubt that the router can block cookies; these are just part of the HTTP data stream and not normally visable to the router - - unless you have a level2 or level3 professional router. What make/model router are you using?
     
  14. B00kWyrm

    B00kWyrm TechSpot Paladin Posts: 1,556   +18

    Win7 firewall

    Re: Win7 firewall
    For a 3d party product Comodo Internet Security (CIS) gets good marks.
    I have also seen good reports on Win7's native firewall.
    Maybe Jobeard will offer his opinon.

    I have used Comodo (32bit) on XP and found it satisfactory.
    I just liked OA better.
    Sorry about steering you toward a 32bit product for a 64bit system.
    My bad. :eek:
     
  15. jobeard

    jobeard TS Ambassador Posts: 13,517   +336

    I Started with Comodo and was very happy with it until a sequence of updates got to be a pain, whence I moved to Sunbelt Personal 4 - -
    which is still with me (on XP/Pro).

    If I were to run Win/7, I would opt for the default FW on Win/7. This is especially true for
    any laptop - - that FW understands three profiles
    • Work
    • Home
    • Hotspots
    and configures (or uses) the rules accordingly - - very impressive imo.
     
  16. Gabbon

    Gabbon TS Rookie Topic Starter Posts: 23

    Cool, thanks. It's a Linksys WRT54GL router, re-flashed with DD-WRT v24-sp1 std, firmware (http://dd-wrt.com/site/index)

    not at all. You gave the right firewall for the laptop. I was figuring I'd use it also for my desktop (only the desktop is 64-bit) :)

    OK--I'm just checking that I'm understanding correctly. You would just use the inbuilt firewall then in win7 (nothing else for a firewall)? Are there any extra settings that need configuring, or is it safe out the box?
     
  17. jobeard

    jobeard TS Ambassador Posts: 13,517   +336

    The default Win/7 FW is just fine (you always run ONLY one FW). You still need and A/V product, a means to control ActiveX,
    and many of us use a host file

    Your DD-WRT v24 features are described here, and
    are not listed. If you have other info on that subject, please pass us that reference :)
     
  18. Gabbon

    Gabbon TS Rookie Topic Starter Posts: 23

    Cool, thanks for the info above. I'll look into using a host file

    As for the router, here's a quick screen grab of the security options page: I've only tested the ActiveX filter, and yeah, it disabled any access to activeX (as far as I could tell). I can enable it & go to a site that requires cookies if that's a good way of telling (?)

    [​IMG]
     
  19. jobeard

    jobeard TS Ambassador Posts: 13,517   +336

    my my; that's certainly interesting. are there any options for each of those data streams
    or is it binary {ie ON vs OFF} ?
     
  20. Gabbon

    Gabbon TS Rookie Topic Starter Posts: 23

    As far as I can tell, it's just on and off. The version it's flashed with is the "standard" version, I don't know if any of the others have different options.

    So... Are any of those options useful? I don't know what the filter proxy does... and cookies, activeX and Java tend to be required for a lot of sites...

    Here's the paste of the "help" button on the router config page:
    Filter Proxy
    Blocks HTTP requests containing the "Host:" string.
    Filter Cookies
    Identifies HTTP requests that contain the "Cookie:" string and mangle the cookie. Attempts to stop cookies from being used.
    Filter Java Applets
    Blocks HTTP requests containing a URL ending in ".js" or ".class".
    Filter ActiveX
    Blocks HTTP requests containing a URL ending in ".ocx" or ".cab".
     
  21. jobeard

    jobeard TS Ambassador Posts: 13,517   +336

    those actions would certainly defeat the intended objects.

    Without the ability to choose preciesely one and not some anothers, those actions
    make surfing the net very difficult. IMO, these controls are only useful for SERVER systems
    which do not have browsers, as the all-or-nothing approach is not very viable in the real world.

    btw: get a copy of Spywareblaster to block bad ActiveX components :)
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.