Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

keep getting 0x8E BSODs randomly


  • Please log in to reply
7 replies to this topic

#1 josephtx

josephtx

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:33 AM

Posted 28 October 2009 - 03:10 PM

the BSODs occur at seemingly random times, and occur once every 3-4 days.

this is my minidump of the latest BSOD crash:


Microsoft ® Windows Debugger Version 6.11.0001.404 X86
Copyright © Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini102809-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 3) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 2600.xpsp_sp3_gdr.090804-1435
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720
Debug session time: Wed Oct 28 15:48:00.078 2009 (GMT-4)
System Uptime: 2 days 0:51:49.772
Loading Kernel Symbols
...............................................................
................................................................
...............................................
Loading User Symbols
Loading unloaded module list
..................................................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000008E, {c0000005, 6c, a73bec44, 0}

Probably caused by : Unknown_Image ( ANALYSIS_INCONCLUSIVE )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 0000006c, The address that the exception occurred at
Arg3: a73bec44, Trap Frame
Arg4: 00000000

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

FAULTING_IP:
+16
0000006c ?? ???

TRAP_FRAME: a73bec44 -- (.trap 0xffffffffa73bec44)
ErrCode = 00000010
eax=00000000 ebx=806e63b8 ecx=ba2cae63 edx=ffffffdf esi=8575f880 edi=806e6410
eip=0000006c esp=a73becb8 ebp=00000000 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
0000006c ?? ???
Resetting default scope

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x8E

PROCESS_NAME: svchost.exe

LAST_CONTROL_TRANSFER: from 84ddd008 to 0000006c

STACK_TEXT:
WARNING: Frame IP not in any known module. Following frames may be wrong.
a73becb4 84ddd008 8057ae7b a73bed64 01e3f0c8 0x6c
00000000 00000000 00000000 00000000 00000000 0x84ddd008


STACK_COMMAND: .trap 0xffffffffa73bec44 ; kb

SYMBOL_NAME: ANALYSIS_INCONCLUSIVE

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: Unknown_Module

IMAGE_NAME: Unknown_Image

DEBUG_FLR_IMAGE_TIMESTAMP: 0

FAILURE_BUCKET_ID: 0x8E_ANALYSIS_INCONCLUSIVE

BUCKET_ID: 0x8E_ANALYSIS_INCONCLUSIVE

Followup: MachineOwner
---------



any help would be greatly appreciated. thanks!

BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 56,082 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:08:33 AM

Posted 28 October 2009 - 03:29 PM

Have you checked thoroughly for malware?

Louis

#3 josephtx

josephtx
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:33 AM

Posted 28 October 2009 - 03:45 PM

I'm currently running Malwarebytes Anti-Malware, and after which I'll run ComboFix. Is there anything else I should run? And I was thinking of doing a memtest thereafter.

#4 hamluis

hamluis

    Moderator


  • Moderator
  • 56,082 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:08:33 AM

Posted 28 October 2009 - 03:54 PM

Do not run ComboFix, do not post ComboFix or HJT logs in this forum :thumbsup:. This is not a malware forum and there is no point in posting malware forum tools here, the result will just be a transfer of your thread to a non-Windows XP forum. If it turns out that it's something other than operating system issues that you experience...the thread will be moved at that time to the appropriate forum.

You might run SUPERAntiSpyware, if Malwarebytes comes up empty.

If you run Memtest, be sure to run the correct version...Memtest86+ - Advanced Memory Diagnostic Tool - http://www.memtest.org/#downiso .

Louis

#5 rowal5555

rowal5555

    Just enough info to be armed & dangerous...


  • Members
  • 2,644 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:St Kilda, Dunedin. South Island. NZ
  • Local time:02:33 AM

Posted 28 October 2009 - 04:49 PM

A handy little tool which reads the minidump file and suggests the likely culprit which may need updating -

http://www.nirsoft.net/utils/blue_screen_view.html

rowal5555 (Rob )                                                             

Avid supporter of Bleeping Computer's
Team 38444

You can help find a cure


 


#6 josephtx

josephtx
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:33 AM

Posted 28 October 2009 - 05:02 PM

thanks that's a handy tool!

but it highlighted only hal.dll (Hardware Abstraction Layer DLL) and ntoskrnl.exe (NT Kernel & System), which doesn't say much.

#7 hamluis

hamluis

    Moderator


  • Moderator
  • 56,082 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:08:33 AM

Posted 28 October 2009 - 06:38 PM

Not sure you used this before, Help Diagnosing BSODs And Crashes (BC) - http://www.bleepingcomputer.com/forums/t/176011/how-to-receive-help-diagnosing-blue-screens-and-windows-crashes/ .

Louis

#8 josephtx

josephtx
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:33 AM

Posted 28 October 2009 - 07:49 PM

hmm SUPERAntiSpyware found 5 trojans, most of which were either false positives (verified this by uploading to VirusTotal.com) or just adware(?) .

also updated my bios firmware, graphics (got a second monitor) and mouse (got a new mouse) drivers.

i'll observe to see if any more BSODs appear, and if so, next step is to use memcheck.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users