Please, someone look into a BSOD dump file

Bellzemos

Distinguished
Sep 27, 2014
108
0
18,690
Hello!

My friend gave me an old laptop to look at and it seems in a poor condition. I found several BSOD memory dumps and looked into them (Nirsoft) but am not savvy enough to see the real cause. I tried testing laptop's RAM with Memtest but after it runs for a minute it shuts down (the laptop shuts down - probably by overheating). At least the HDD SMART shows that the HDD is in a good condition. I have saved all the data from the laptop and now it's ready for a repair.

So, if someone (who knows more than me) could look into the latest dump file (download link below) and tell what could be the reason for the BSOD I'd really appreciate it.

Download:
http://wikisend.com/download/133586/Mini101014-01.dmp

Thank you!
 
Solution
I would be looing for malware attacking win32k.sys by loading as a bogus font.
(or just a corrupted font, not malware related)

on windows 7 you would delete the font cache dat file.
I think it is at c:\windows\system32\fntcache.dat on xp

see http://www.ehow.com/how_8136371_delete-font-caches-windows-xp.html

-----------
The bugcheck was in win32k.sys
here is the stack:
1: kd> k
ChildEBP RetAddr
a4d33b68 bf85fd72 win32k!PFEOBJ::vFreepfdg+0x45
a4d33b88 bf8e0a88 win32k!RFONTOBJ::bDeleteRFONT+0x1d
a4d33bac bf8e0f80 win32k!PUBLIC_PFTOBJ::bLoadAFont+0x21f
a4d33bd4 bf8beb9b win32k!PFTOBJ::bUnloadWorkhorse+0x112
a4d33c00 bf8be82e win32k!vCleanupPrivateFonts+0x4d
a4d33c18 bf8bcede win32k!NtGdiCloseProcess+0xb9
a4d33c30 bf8ba08f...
I would be looing for malware attacking win32k.sys by loading as a bogus font.
(or just a corrupted font, not malware related)

on windows 7 you would delete the font cache dat file.
I think it is at c:\windows\system32\fntcache.dat on xp

see http://www.ehow.com/how_8136371_delete-font-caches-windows-xp.html

-----------
The bugcheck was in win32k.sys
here is the stack:
1: kd> k
ChildEBP RetAddr
a4d33b68 bf85fd72 win32k!PFEOBJ::vFreepfdg+0x45
a4d33b88 bf8e0a88 win32k!RFONTOBJ::bDeleteRFONT+0x1d
a4d33bac bf8e0f80 win32k!PUBLIC_PFTOBJ::bLoadAFont+0x21f
a4d33bd4 bf8beb9b win32k!PFTOBJ::bUnloadWorkhorse+0x112
a4d33c00 bf8be82e win32k!vCleanupPrivateFonts+0x4d
a4d33c18 bf8bcede win32k!NtGdiCloseProcess+0xb9
a4d33c30 bf8ba08f win32k!GdiProcessCallout+0x102
a4d33c4c 805d1e6b win32k!W32pProcessCallout+0x5c
a4d33cf0 805d2153 nt!PspExitThread+0x409
a4d33cfc 804ff99b nt!PsExitSpecialApc+0x23
a4d33d4c 80541853 nt!KiDeliverApc+0x1af
a4d33d4c 7c90e514 nt!KiServiceExit+0x59
WARNING: Frame IP not in any known module. Following frames may be wrong.
0468fcdc 00000000 0x7c90e514





ok, this is a pretty old system
the BIOS is dated 12/19/2006
Manufacturer Hewlett-Packard
Product Name HP Compaq nw8440 (EY693AW#ABD)
Version F.0F
Processor Version Intel(R) Core(TM) Duo CPU T2600 @ 2.16GHz

 
Solution