Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Constant BSOD's followed with..


  • Please log in to reply
4 replies to this topic

#1 jbrdbr111x

jbrdbr111x

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 02 October 2009 - 01:48 PM

Lately I've been getting constant BSOD's followed with the message after rebooting " The system has recovered from a serious error."

Attached is the .dmp file I found in the technical link.. every time I click " send error report to windows" and it finishes, another one pops up again and again..

I've run memtest and all came out just fine, I've never touched my BIOS and my pc is self built.. my drivers are all up to date as far as I know, any help please?!?!?

Windows XP SP3
PD 3.2ghz processor
4gb DDR2 ram
Nvidia GeForce 8600 GT video card with 512mb on board memory
ASUS P5VD2-VM SE Motherboard
Hitachi 500gb SATA hard drive..
550w Power up, power supply..

Case is well cleaned out of any dust and I've left the side off in case it was heat, but doesn't seem to make a difference.. Please help!!

Attached Files



BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,866 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:08:44 PM

Posted 02 October 2009 - 03:03 PM

You might try following the procedures outlined at Help Diagnosing BSODs And Crashes (BC) - http://www.bleepingcomputer.com/forums/t/176011/how-to-receive-help-diagnosing-blue-screens-and-windows-crashes/

I would also suggest...not using .zip files for items you want viewers to look at. I can only go by my own reaction but I look for pasted content or a link, while being very reluctant to click on any type of file sent as an attachment.

Note that the guidelines for BSOD errors...indicate posting the analyzed content of .dmp files...so that everyone reading it can easily see it and develop ideas/suggestions which might be useful.

And...if you have been getting multiple BSODs...then you probably have multiple .dmp files which can be analyzed for clues.

Louis

#3 jbrdbr111x

jbrdbr111x
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 03 October 2009 - 12:57 AM

Ok here's my debug info as per the instructions..


Microsoft ® Windows Debugger Version 6.11.0001.404 X86
Copyright © Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Documents and Settings\Jeremy's PC\Desktop\Mini091009-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 3) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 2600.xpsp_sp3_gdr.090206-1234
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805634c0
Debug session time: Thu Sep 10 13:50:32.709 2009 (GMT-4)
System Uptime: 0 days 2:46:14.407
Loading Kernel Symbols
...............................................................
..............................................................
Loading User Symbols
Loading unloaded module list
..............
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000008E, {c0000005, bf83c54f, b7f86a88, 0}

Probably caused by : win32k.sys ( win32k!xxxCallHook2+e6 )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: bf83c54f, The address that the exception occurred at
Arg3: b7f86a88, Trap Frame
Arg4: 00000000

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

FAULTING_IP:
win32k!xxxCallHook2+e6
bf83c54f 8b9960010000 mov ebx,dword ptr [ecx+160h]

TRAP_FRAME: b7f86a88 -- (.trap 0xffffffffb7f86a88)
ErrCode = 00000000
eax=e311eea0 ebx=e3e06468 ecx=00000000 edx=e3e193c0 esi=e3e06468 edi=b9e856f0
eip=bf83c54f esp=b7f86afc ebp=b7f86b5c iopl=0 nv up ei pl nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010202
win32k!xxxCallHook2+0xe6:
bf83c54f 8b9960010000 mov ebx,dword ptr [ecx+160h] ds:0023:00000160=????????
Resetting default scope

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x8E

PROCESS_NAME: logon.scr

LAST_CONTROL_TRANSFER: from bf83c8a0 to bf83c54f

STACK_TEXT:
b7f86b5c bf83c8a0 03e856f0 00000006 00000200 win32k!xxxCallHook2+0xe6
b7f86b78 bf822124 00000006 00000200 00000002 win32k!xxxCallHook+0x26
b7f86c98 bf801ea2 00000200 b7f86d18 00000000 win32k!xxxScanSysQueue+0x11a1
b7f86cec bf819e57 b7f86d18 000025ff 00000000 win32k!xxxRealInternalGetMessage+0x335
b7f86d4c 804dd99f 0006fd30 00000000 00000000 win32k!NtUserGetMessage+0x27
b7f86d4c 7c90e514 0006fd30 00000000 00000000 nt!KiFastCallEntry+0xfc
WARNING: Frame IP not in any known module. Following frames may be wrong.
0006fce4 00000000 00000000 00000000 00000000 0x7c90e514


STACK_COMMAND: kb

FOLLOWUP_IP:
win32k!xxxCallHook2+e6
bf83c54f 8b9960010000 mov ebx,dword ptr [ecx+160h]

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: win32k!xxxCallHook2+e6

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: win32k

IMAGE_NAME: win32k.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 49e87572

FAILURE_BUCKET_ID: 0x8E_win32k!xxxCallHook2+e6

BUCKET_ID: 0x8E_win32k!xxxCallHook2+e6

Followup: MachineOwner
---------


And another found in a different directory..


Microsoft ® Windows Debugger Version 6.11.0001.404 X86
Copyright © Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Documents and Settings\Jeremy's PC\Desktop\Mini100109-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 3) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 2600.xpsp_sp3_gdr.090206-1234
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805634c0
Debug session time: Thu Oct 1 15:16:29.343 2009 (GMT-4)
System Uptime: 3 days 23:14:13.445
Loading Kernel Symbols
...............................................................
.............................................................
Loading User Symbols
Loading unloaded module list
.................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000000A, {4, 1c, 1, 804e1476}

Probably caused by : ntkrnlmp.exe ( nt!KiInsertTimerTable+4e )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 00000004, memory referenced
Arg2: 0000001c, IRQL
Arg3: 00000001, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: 804e1476, address which referenced memory

Debugging Details:
------------------


WRITE_ADDRESS: 00000004

CURRENT_IRQL: 1c

FAULTING_IP:
nt!KiInsertTimerTable+4e
804e1476 894204 mov dword ptr [edx+4],eax

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0xA

PROCESS_NAME: chrome.exe

LAST_CONTROL_TRANSFER: from 804e14da to 804e1476

STACK_TEXT:
b2018ca8 804e14da ffff810c ffffffff 4493ff8e nt!KiInsertTimerTable+0x4e
b2018cc4 804e2130 ffff810c ffffffff 8056a498 nt!KiInsertTreeTimer+0x7d
b2018ce4 804ea180 00af4ac0 ffff810c ffffffff nt!KeSetTimerEx+0x4d
b2018d40 804dd99f 00000290 05ccfeec 00000000 nt!NtSetTimer+0x237
b2018d40 7c90e514 00000290 05ccfeec 00000000 nt!KiFastCallEntry+0xfc
WARNING: Frame IP not in any known module. Following frames may be wrong.
05ccfef4 00000000 00000000 00000000 00000000 0x7c90e514


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!KiInsertTimerTable+4e
804e1476 894204 mov dword ptr [edx+4],eax

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: nt!KiInsertTimerTable+4e

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 498c19b5

FAILURE_BUCKET_ID: 0xA_nt!KiInsertTimerTable+4e

BUCKET_ID: 0xA_nt!KiInsertTimerTable+4e

Followup: MachineOwner
---------

And one last of one of the earlier .dmp files....

Microsoft ® Windows Debugger Version 6.11.0001.404 X86
Copyright © Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Documents and Settings\Jeremy's PC\Desktop\Mini092709-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 3) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 2600.xpsp_sp3_gdr.090206-1234
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805634c0
Debug session time: Sun Sep 27 13:37:19.562 2009 (GMT-4)
System Uptime: 3 days 0:27:34.861
Loading Kernel Symbols
...............................................................
.............................................................
Loading User Symbols
Loading unloaded module list
............................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 10000050, {ff800b3e, 0, ff800b3e, 0}


Could not read faulting driver name
Probably caused by : hardware

Followup: MachineOwner
---------
*** Possible invalid call from bf813d88 ( win32k!SfnDWORD+0xaa )
*** Expected target bf800b2a ( win32k!EnterCrit+0x0 )

1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: ff800b3e, memory referenced.
Arg2: 00000000, value 0 = read operation, 1 = write operation.
Arg3: ff800b3e, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 00000000, (reserved)

Debugging Details:
------------------


Could not read faulting driver name

READ_ADDRESS: ff800b3e

FAULTING_IP:
+325952f015edfdc
ff800b3e ?? ???

MM_INTERNAL_CODE: 0

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x50

PROCESS_NAME: chrome.exe

LAST_CONTROL_TRANSFER: from bf813d8d to ff800b3e

FAILED_INSTRUCTION_ADDRESS:
+325952f015edfdc
ff800b3e ?? ???

POSSIBLE_INVALID_CONTROL_TRANSFER: from bf813d88 to bf800b2a

STACK_TEXT:
WARNING: Frame IP not in any known module. Following frames may be wrong.
b099ab10 bf813d8d b9ebef60 0000000f 0000000f 0xff800b3e
b099ab80 bf813f1c b9ebef60 0000000f 00000000 win32k!SfnDWORD+0xaf
b099abc8 bf81410e 40ebef60 0000000f 00000000 win32k!xxxSendMessageToClient+0x176
b099ac14 bf80ecb1 b9ebef60 0000000f 00000000 win32k!xxxSendMessageTimeout+0x1a6
b099ac38 bf823e41 b9ebef60 0000000f 00000000 win32k!xxxSendMessage+0x1b
b099ac64 bf823d11 b9ebef60 00000000 0104003f win32k!xxxUpdateWindow2+0x79
b099ac84 bf814fdd b9ebef60 00000000 b099ad18 win32k!xxxInternalUpdateWindow+0x6f
b099acc8 bf814e63 b9ebef60 0104003f 00001141 win32k!xxxInternalInvalidate+0x148
b099acf4 bf823bc7 b9ebef60 b099ad18 00000000 win32k!xxxRedrawWindow+0x103
b099ad4c 804dd99f 004902b2 b099ad18 00000000 win32k!NtUserRedrawWindow+0xac
b099ad4c 7c90e514 004902b2 b099ad18 00000000 nt!KiFastCallEntry+0xfc
0012f034 00000000 00000000 00000000 00000000 0x7c90e514


STACK_COMMAND: kb

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: hardware

IMAGE_NAME: hardware

DEBUG_FLR_IMAGE_TIMESTAMP: 0

BUCKET_ID: CPU_CALL_ERROR

Followup: MachineOwner
---------
*** Possible invalid call from bf813d88 ( win32k!SfnDWORD+0xaa )
*** Expected target bf800b2a ( win32k!EnterCrit+0x0 )

Hopefully someone can help lead me to a solution..

#4 jbrdbr111x

jbrdbr111x
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 03 October 2009 - 09:57 AM

Bump..

#5 hamluis

hamluis

    Moderator


  • Moderator
  • 55,866 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:08:44 PM

Posted 03 October 2009 - 11:03 AM

Chrome.exe and logon.scr...are my two suspects.

Info on logon.scr: http://www.file.net/process/logon.scr.html

Info on chrome.exe: http://www.threatexpert.com/files/chrome.exe.html AND http://www.file.net/process/chrome.exe.html

I can't really say...either of these files could be simply damaged/corrupted, each employs drivers which can produce STOP errors such as you have...and either could be a malware item, depending on location, size, etc.

If I take the optimistic path...I would suggest uninstalling Google Chrome (if it is installed) and then reinstalling same and updating it.

For the time being, I would ignore the logon.scr file.

You need to insure that your system is configured in the following manner: How To Disable Automatic Restarts When Windows Crashes - http://www.bleepingcomputer.com/forums/t/74644/how-to-disable-automatic-restarts-when-windows-crashes/

You might also check Event Viewer for possible clues, How To Use Event Viewer - http://www.bleepingcomputer.com/forums/t/40108/how-to-use-event-viewer/

Louis




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users