Random Blue Screen Error XP

[skateracl]

Hi,
Hope someone can help me.

System:
Dell Dimension 2350
Windows XP Home SP2
Intel P4 2GHZ
512mb


I'm getting random blue screen crashes, sometimes my system runs for hours, other times it crashes repeatedly and takes multiple attempts to boot. (Sometimes after crash won't boot or load windows and there is a black screen and I have to turn the power on/off a couple times and it will boot after a few tries.)

Errors:
IRQL_NOT_LESS_THAN_EQUAL
WIN32K.SYS

What I've tried:
Windows Update
Virus Scan (AVG FREE)
MemCheck (10 passes 0 errors)


Also tried updating bios but can't figure out how since I don't have a floppy anymore. I've read that this could be memory/hardware or driver issue, but can't figure out how to get to the root of the problem or fix anything. I'd like to be able to fix this without reformatting my main drive.

Any help would be great!
Thanks,

Adam

 

[skateracl]

Here are some of my recent minidump analysis:

*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c000001d, The exception code that was not handled
Arg2: 804e3b7c, The address that the exception occurred at
Arg3: f92f6a10, Trap Frame
Arg4: 00000000

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc000001d - {EXCEPTION} Illegal Instruction An attempt was made to execute an illegal instruction.

FAULTING_IP:
nt!KeWaitForMultipleObjects+283
804e3b7c ff ???

TRAP_FRAME: f92f6a10 -- (.trap 0xfffffffff92f6a10)
Unable to read trap frame at f92f6a10

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x8E

LAST_CONTROL_TRANSFER: from 006c0061 to 00490062

FAILED_INSTRUCTION_ADDRESS:
nt!KeWaitForMultipleObjects+283
804e3b7c ff ???

STACK_TEXT:
WARNING: Frame IP not in any known module. Following frames may be wrong.
f92f6a80 006c0061 007a0069 00000065 ffffffa8 0x490062
f92f6a84 007a0069 00000065 ffffffa8 00206b6e 0x6c0061
f92f6a88 00000000 ffffffa8 00206b6e 2a00b746 0x7a0069


STACK_COMMAND: .bugcheck ; kb

FOLLOWUP_IP:
nt!KeWaitForMultipleObjects+283
804e3b7c ff ???

SYMBOL_NAME: nt!KeWaitForMultipleObjects+283

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntoskrnl.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 498c1192

FAILURE_BUCKET_ID: 0x8E_BAD_IP_nt!KeWaitForMultipleObjects+283

BUCKET_ID: 0x8E_BAD_IP_nt!KeWaitForMultipleObjects+283

Followup: MachineOwner
---------


*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: bf804831, The address that the exception occurred at
Arg3: ef62a864, Trap Frame
Arg4: 00000000

Debugging Details:
------------------

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************

ADDITIONAL_DEBUG_TEXT:
Use '!findthebuild' command to search for the target build information.
If the build information is available, run '!findthebuild -s ; .reload' to set symbol path and load symbols.

MODULE_NAME: win32k

FAULTING_MODULE: 804d7000 nt

DEBUG_FLR_IMAGE_TIMESTAMP: 49e852d2

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

FAULTING_IP:
win32k+4831
bf804831 ?? ???

TRAP_FRAME: ef62a864 -- (.trap 0xffffffffef62a864)
Unable to read trap frame at ef62a864

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x8E

LAST_CONTROL_TRANSFER: from e2981778 to bf804831

STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
ef62a8d4 e2981778 e2981778 bf808700 e169b278 win32k+0x4831
ef62a910 bf8086ee e1816568 0185000f 00000000 0xe2981778
ef62a924 804de7ec ed010719 0185000f 0012ee18 win32k+0x86ee
ef62a934 7c90e514 badb0d00 0012ee00 bf8018f2 nt+0x77ec
ef62a938 badb0d00 0012ee00 bf8018f2 bf81204c 0x7c90e514
ef62a93c 0012ee00 bf8018f2 bf81204c 00000000 0xbadb0d00
ef62a940 bf8018f2 bf81204c 00000000 e174a13a 0x12ee00
ef62a944 bf81204c 00000000 e174a13a 00000120 win32k+0x18f2
ef62a948 00000000 e174a13a 00000120 0000014c win32k+0x1204c


STACK_COMMAND: kb

FOLLOWUP_IP:
win32k+4831
bf804831 ?? ???

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: win32k+4831

FOLLOWUP_NAME: MachineOwner

IMAGE_NAME: win32k.sys

BUCKET_ID: WRONG_SYMBOLS

Followup: MachineOwner
---------

*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 8b584f8a, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: 804dc0f6, address which referenced memory

Debugging Details:
------------------

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************

ADDITIONAL_DEBUG_TEXT:
Use '!findthebuild' command to search for the target build information.
If the build information is available, run '!findthebuild -s ; .reload' to set symbol path and load symbols.

MODULE_NAME: nt

FAULTING_MODULE: 804d7000 nt

DEBUG_FLR_IMAGE_TIMESTAMP: 4249ff84

WRITE_ADDRESS: unable to get nt!MmSpecialPoolStart
unable to get nt!MmSpecialPoolEnd
unable to get nt!MmPoolCodeStart
unable to get nt!MmPoolCodeEnd
8b584f8a

CURRENT_IRQL: 2

FAULTING_IP:
nt+50f6
804dc0f6 ff84c08a4f588b inc dword ptr [eax+eax*8-74A7B076h]

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0xA

LAST_CONTROL_TRANSFER: from 00000000 to 804e187f

STACK_TEXT:
f9566cac 00000000 8b584f8a 00000002 00000001 nt+0xa87f


STACK_COMMAND: .bugcheck ; kb

FOLLOWUP_IP:
nt+50f6
804dc0f6 ff84c08a4f588b inc dword ptr [eax+eax*8-74A7B076h]

SYMBOL_NAME: nt+50f6

FOLLOWUP_NAME: MachineOwner

IMAGE_NAME: ntoskrnl.exe

BUCKET_ID: WRONG_SYMBOLS

Followup: MachineOwner
---------