Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Blue Screens - Constant Restarts


  • Please log in to reply
24 replies to this topic

#1 cooldudenz

cooldudenz

  • Members
  • 250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Christchurch
  • Local time:05:27 AM

Posted 02 October 2006 - 04:59 AM

Hey hopefully someone can help, I keep getting Blue screens poping up, not the blue screen of death but the memory dump one. It comes on for a split second then the computer restarts. It usally takes about 5 - 8 trys to boot the computer, it will either get almost to the logon screen then it will pop up and restart, or it will jst come up with a plain dark blueish screen ( like the logon screen but with no words ) and the mouse wont move so i need to restart. + it does it randomly wile the computers on.
Its only there 4 a spilt second so i dont no what it says, i no theres a memory dump log but i dont no how to read it, but bits and peices ive spotted are something about " usbport.exe " ( i think ) and
00X0000 00X0000 ect ( long line of numbers something like those ) ( i think that has something to do with my hardware...)

Im running windows XP home
AMD Athlon XP 2400+
768Mb Ram
Service pack 1

If someone could help that would be great. Thanks heaps

BC AdBot (Login to Remove)

 


#2 acklan

acklan

    Bleepin' cat's meow


  • Members
  • 8,529 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Baton Rouge, La.
  • Local time:03:27 AM

Posted 02 October 2006 - 05:09 AM

If you can get your computer to boot long enough to make some changes try the following. Then start your computer and go to the Event Viewer and see what error messages are listed.
Start> Programs> Administrative Tools> Event Viewer

[1.
Right-click My Computer, and then click Properties.

2.
Click the Advanced tab.

3.
Under Startup and Recovery, click Settings to open the Startup and Recovery dialog box.

4.
Clear the Automatically restart check box, and click OK the necessary number of times.

5.
Restart your computer for the settings to take effect.



resource: http://www.microsoft.com/windowsxp/using/h...el_02may13.mspx
"2007 & 2008 Windows Shell/User Award"

#3 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:04:27 AM

Posted 02 October 2006 - 05:51 AM

Event Viewer BC Tutorial
http://www.bleepingcomputer.com/forums/t/40108/how-to-use-event-viewer/

Search your hard drive for .dmp or .mdmp files.
Use this link to perform an analysis on them and post the results here: http://forums.majorgeeks.com/showthread.php?t=35246

You can also search for what the event ID number means here:
http://www.eventid.net/search.asp

Post the information in the dmp or mdmp log here and we will help you determine what is causing it.

#4 cooldudenz

cooldudenz
  • Topic Starter

  • Members
  • 250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Christchurch
  • Local time:05:27 AM

Posted 03 October 2006 - 02:23 AM

Ok thanks for the replys, heres the info from windbg.exe
That should be the latest one, there was about 35 of them.
There were a few errors in event viewer but i wasnt really sure what i was looking 4, there was a few errors and alot of information and a few warnings under system, alot of errors under apps.


Microsoft ® Windows Debugger Version 6.6.0007.5
Copyright © Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini090906-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 1) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 2600.xpsp2.050301-1526
Kernel base = 0x804d4000 PsLoadedModuleList = 0x8054c850
Debug session time: Sat Sep 9 03:20:48.375 2006 (GMT+13)
System Uptime: 0 days 0:00:26.937
Loading Kernel Symbols
.........................................................................................................
Loading User Symbols
Loading unloaded module list
...
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck A, {0, 2, 1, 804e1893}

Probably caused by : ntoskrnl.exe ( nt!KiUnlinkThread+44 )

Followup: MachineOwner
---------

kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 00000000, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, value 0 = read operation, 1 = write operation
Arg4: 804e1893, address which referenced memory

Debugging Details:
------------------


WRITE_ADDRESS: 00000000

CURRENT_IRQL: 2

FAULTING_IP:
nt!KiUnlinkThread+44
804e1893 8910 mov dword ptr [eax],edx

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0xA

PROCESS_NAME: lsass.exe

TRAP_FRAME: f5878c70 -- (.trap fffffffff5878c70)
ErrCode = 00000002
eax=00000000 ebx=00000000 ecx=83a08da8 edx=00000000 esi=83a08da8 edi=83829cb0
eip=804e1893 esp=f5878ce4 ebp=f5878d04 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
nt!KiUnlinkThread+0x44:
804e1893 8910 mov dword ptr [eax],edx ds:0023:00000000=????????
Resetting default scope

LAST_CONTROL_TRANSFER: from 804ddb88 to 8052b591

STACK_TEXT:
f5878c54 804ddb88 0000000a 00000000 00000002 nt!KeBugCheckEx+0x19
f5878c54 804e1893 0000000a 00000000 00000002 nt!KiTrap0E+0x219
f5878ce0 804e2b87 805497e0 e1824d98 00000000 nt!KiUnlinkThread+0x44
f5878cf0 804e3814 8399eb98 805497f8 805497e0 nt!KeSetEventBoostPriority+0x9a
f5878d04 80557751 00000000 80587928 f5878d64 nt!ExReleaseResourceLite+0xf9
f5878d0c 80587928 f5878d64 0083f930 805878ab nt!CmpUnlockRegistry+0x37
f5878d58 804dad01 000002f8 00000000 00000000 nt!NtFlushKey+0x8d
f5878d58 7ffe0304 000002f8 00000000 00000000 nt!KiSystemService+0xc4
0083f944 00000000 00000000 00000000 00000000 SharedUserData!SystemCallStub+0x4


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!KiUnlinkThread+44
804e1893 8910 mov dword ptr [eax],edx

SYMBOL_STACK_INDEX: 2

SYMBOL_NAME: nt!KiUnlinkThread+44

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntoskrnl.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 422517e4

FAILURE_BUCKET_ID: 0xA_W_nt!KiUnlinkThread+44

BUCKET_ID: 0xA_W_nt!KiUnlinkThread+44

Followup: MachineOwner
---------

#5 cooldudenz

cooldudenz
  • Topic Starter

  • Members
  • 250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Christchurch
  • Local time:05:27 AM

Posted 03 October 2006 - 05:24 AM

Ok there seems to be a few different error msg's depening on what file i open. But i have not had a crash all day since i cleared the automatically restart check box... was that ment 2 fix it or is that just random?

heres a different windbg file. This one says its caused by memory corruption, others say


"
Unable to load image vsdatant.sys, Win32 error 2
*** WARNING: Unable to verify timestamp for vsdatant.sys
*** ERROR: Module load completed but symbols could not be loaded for vsdatant.sys
Probably caused by : vsdatant.sys ( vsdatant+27022 )
"

"
Unable to load image avg7rsxp.sys, Win32 error 2
*** WARNING: Unable to verify timestamp for avg7rsxp.sys
*** ERROR: Module load completed but symbols could not be loaded for avg7rsxp.sys
Unable to load image d346bus.sys, Win32 error 2
*** WARNING: Unable to verify timestamp for d346bus.sys
*** ERROR: Module load completed but symbols could not be loaded for d346bus.sys
Probably caused by : avg7rsxp.sys ( avg7rsxp+220d )
"

" Probably caused by : ntoskrnl.exe ( nt!KiRetireDpcList+53 ) "

" Probably caused by : SCSIPORT.SYS ( SCSIPORT!SpReleaseRemoveLock+a ) "


Thats about all i can see without going though them all ( picking at random )


Microsoft ® Windows Debugger Version 6.6.0007.5
Copyright © Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini091506-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 1) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 2600.xpsp2.050301-1526
Kernel base = 0x804d4000 PsLoadedModuleList = 0x8054c850
Debug session time: Fri Sep 15 17:09:59.390 2006 (GMT+13)
System Uptime: 1 days 2:49:22.977
Loading Kernel Symbols
...............................................................................................................
Loading User Symbols
Loading unloaded module list
....................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1A, {780, c0318bd0, 81db12c8, 9233ccd0}

Probably caused by : memory_corruption ( nt!MmUnmapViewInSystemCache+3f2 )

Followup: MachineOwner
---------

kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

MEMORY_MANAGEMENT (1a)
# Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 00000780, The PTEs mapping the argument system cache view have been
corrupted.
Arg2: c0318bd0
Arg3: 81db12c8
Arg4: 9233ccd0

Debugging Details:
------------------


BUGCHECK_STR: 0x1a_780

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

PROCESS_NAME: System

LAST_CONTROL_TRANSFER: from 8051e578 to 8052b591

STACK_TEXT:
f7baab28 8051e578 0000001a 00000780 c0318bd0 nt!KeBugCheckEx+0x19
f7baab74 80557c6f c62f4000 83706590 00000000 nt!MmUnmapViewInSystemCache+0x3f2
f7baab88 804ed0dd 83bc2110 82af1ce0 00000001 nt!CcUnmapVacb+0x28
f7baabb8 804ee887 00100000 00000001 00000000 nt!CcUnmapVacbArray+0xdd
f7baac3c 804ece70 82af1ce0 07f80000 00000000 nt!CcGetVacbMiss+0x71
f7baac74 804fe3b1 00af1ce0 07f80000 00000000 nt!CcGetVirtualAddress+0x92
f7baad2c 804eab2e 83bce050 8054f7e0 83bcd3c8 nt!CcPerformReadAhead+0x18e
f7baad74 804e0f89 83bce050 00000000 83bcd3c8 nt!CcWorkerThread+0x147
f7baadac 805609b0 83bce050 00000000 00000000 nt!ExpWorkerThread+0xfe
f7baaddc 804e8c54 804e0eb6 00000000 00000000 nt!PspSystemThreadStartup+0x34
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!MmUnmapViewInSystemCache+3f2
8051e578 0039 add byte ptr [ecx],bh

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: nt!MmUnmapViewInSystemCache+3f2

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

DEBUG_FLR_IMAGE_TIMESTAMP: 422517e4

IMAGE_NAME: memory_corruption

FAILURE_BUCKET_ID: 0x1a_780_nt!MmUnmapViewInSystemCache+3f2

BUCKET_ID: 0x1a_780_nt!MmUnmapViewInSystemCache+3f2

Followup: MachineOwner
---------

#6 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:04:27 AM

Posted 03 October 2006 - 05:35 AM

The dmp file is pointing to "Probably caused by : ntoskrnl.exe" which is usually caused by:
1. A Keyboard issue
2. Miscellaneous corruption
3. Corrupt boot.ini file or a missing boot.ini file.
4. Missing or corrupt ntoskrnl.exe file.
5. Corrupted hard disk drive or severely corrupted Windows.

Lets try the easiest fixes first:

To start with - try a different keyboard if you have one or boot with the keyboard unplugged or if wireless the wireless device for the keyboard unplugged from the usb port if you do not have access to a different keyboard.

If the situation persists:

Do you know exactly when this problem started?
If you do, and it is less than three weeks ago try booting to safe mode with command prompt.
1.Restart your computer, and then press F8 during the initial startup to start your computer in Safe Mode with a command prompt.
2.Log on to your computer with an administrator account or with an account that has administrator credentials.
3.Type the following command at a command prompt, and then press ENTER:

%systemroot%\system32\restore\rstrui.exe

4.Follow the instructions that appear on the screen to restore your computer to an earlier state.

If that is not successful:

Boot into safe mode and select "Last Known Good Configuration".

If that is not successful:

Do you have the Microsoft Windows CD for this computer?
(not a restore cd provided by the computer manufacturer)

If you do, and the problem still persists after you tried the keyboard fix you need to try rebuilding the boot.ini file

To do that you boot from the Windows CD (not a restore cd provided by the computer's manufacturer) and enter the recovery console by pressing "R" when the Microsoft Setup menu appears on-screen.
(you may have to change the boot order in bios to have the cd as the first boot device instead of the hard drive if it won't boot from the cd)

Unless you have set a bios password, which most users do not, when the prompt for Administrator comes up leave the password box empty and press enter.

Once at the command prompt type bootcfg /rebuild to start the rebuild process. (notice: there is a space between bootcfg and the /)

Once it completes type "exit" without the quotation marks.
(The above assumes you have only one operating system on the computer and it is not multi-booting with more than one op system)

Let us know.

#7 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:04:27 AM

Posted 03 October 2006 - 06:18 AM

It usually takes about 5 - 8 trys to boot the computer


If you can get it to boot successfully:

To stop the spontaneous rebooting and instead get an error screen (bsod) you can read please perform the following steps:
1.Right-click My Computer.
2.Select Properties.
3.In the System Properties, select the tab Advanced.
4.In the box called Startup and Recovery, click Settings.
5.A new window will open:
6.Uncheck the box "Automatically restart" in the group System Failure
7.Confirm the changes in both Windows by clicking OK.
Whenever a critical system failure occurs now, you will see a blue screen with a cryptic description of the error. However, the content of this message might help in finding the appropriate solution to the problem.

#8 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:05:27 AM

Posted 03 October 2006 - 07:57 AM

There's also errors in the logs that point to AVG and to ZoneAlarm (in addition to the memory error). So, try this:

1) Run this free memory tester (please read and follow the directions exactly): http://www.memtest86.com/

Run it for at least 2 hours (overnight is better). If you get errors, your memory is bad (although some folks say that "a few errors" are OK - I disagree. What happens if the error occurs while balancing your checkbook?)

2) Download the latest versions of AVG and ZoneAlarm. Uninstall the old versions and reinstall the new versions.

3) Perform a full system scan for malware (here's a free, online scanner: http://safety.live.com/ )

Finally, there's a description of the Blue Screen error messages at this link:
http://www.bleepingcomputer.com/forums/t/40108/how-to-use-event-viewer/
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#9 cooldudenz

cooldudenz
  • Topic Starter

  • Members
  • 250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Christchurch
  • Local time:05:27 AM

Posted 03 October 2006 - 12:17 PM

Ok thanks, ill try all that, had another msg this one was caused by " nv4_mini.sys"
Get back to you soon with info on that memory test test.

#10 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:04:27 AM

Posted 03 October 2006 - 02:47 PM

Did it say
DRIVER_IRQ_NOT_LESS_OR_EQUAL nv4_mini.sys ?

#11 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:05:27 AM

Posted 03 October 2006 - 03:17 PM

The nv4_mini.sys file is most likely a component of your nVidia video drivers.

Now, let's look at what we've got:
A crash in system files (ntoskrnl.exe)
A crash in the firewall (vsdatant.sys)
A crash in antivirus files (avg7rsxp.sys)
A problem with SCSI miniport driver (SCSIPORT.SYS)
Possible memory corruption
A crash in the video driver (nv4_mini.sys)

What do these all have in common? - they all involve programs that address the lower levels of hardware on or through the motherboard.

IMO, it's most likely one of the followiing:
1) Malware
2) Corrupt motherboard/chipset drivers
3) Bad motherboard.

For the malware - do a scan at http://safety.live.com/
For the drivers - uninstall the current drivers and install the latest one's from the manufacture's website
For the bad motherboard - reset your CMOS (in case it was corrupted). Check the board for problems by looking at all of it. Don't forget to check for bad caps ( http://www.badcaps.net )
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#12 cooldudenz

cooldudenz
  • Topic Starter

  • Members
  • 250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Christchurch
  • Local time:05:27 AM

Posted 03 October 2006 - 07:37 PM

Ok.. alot of stuff lol well

Enthusiast - U said could be a keyboard issue, i do have drivers for a wireless keyboard and mouse that i had 4 a little wile. ill uninstall them.

I had already restored my computer back as far as i could, but i cant remember when it started ive been to busy to try fix it till now.

I have the windows cd somewere ill give that a go if all eles fails.

Yes it did say " DRIVER_IRQ_NOT_LESS_OR_EQUAL nv4_mini.sys ? "
The Symbolic name for stop error msg was the DRIVER_IRQ_NOT_LESS_OR_EQUAL
and the File error occured in said nv4_mini.sys

usasma - Cant figer out how to work that memory tester, looks like i need to run it off a floppy? my floppy drive doesnt work.

Ive uninstall zonealarm, it ended up blocking all internet connections after its been running awile so i might as well get rid of it.

Pretty sure my computers free of all malware i do regular scans, But ill do another full check.

Also how do i reset my cmos?

#13 acklan

acklan

    Bleepin' cat's meow


  • Members
  • 8,529 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Baton Rouge, La.
  • Local time:03:27 AM

Posted 03 October 2006 - 11:33 PM

Could be corrupted sectors on a failing hard drive. Use a stand alone S.M.A.R.T. drive utility to scan your drive for errors. I know Digital Dolly has one, but it needs to be run from a CD image. Enthusiast or usasma may be able to recommend one that runs from a floppy.
"2007 & 2008 Windows Shell/User Award"

#14 cooldudenz

cooldudenz
  • Topic Starter

  • Members
  • 250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Christchurch
  • Local time:05:27 AM

Posted 03 October 2006 - 11:54 PM

Hmmm harddrive problem you say... Didnt think of that, didnt think it could be a cause but my master HDD did crash about a year ago but i formated and reinstalled windows and it was fine. ill do a google for something to check it if anyone could recommend one it would be good. That online scanner found a few things but everytime i run it i get a blue screen, got a new one with " fetnd5b.sys " which i think is another thing to do with my video card, im reinstalling it now. the one i get when scanning was just numbers like " 00X0000A ect " if thats important ill do the scan again and write it down.

Edited by cooldudenz, 04 October 2006 - 12:00 AM.


#15 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:04:27 AM

Posted 04 October 2006 - 08:18 AM

usasma - Cant figer out how to work that memory tester, looks like i need to run it off a floppy? my floppy drive doesnt work.


You can run the following memory test from a cd.
It also has a complete tutorial so it will explain how to use it

Windows Memory Test Diagnostic
http://oca.microsoft.com/en/windiag.asp#top




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users