BSOD Stop 0x000000f7

[QueBert]

this is what it's saying


A driver has overrun a stack-based buffer. This overrun could potentially allow a malicious user to gain access to gain control of this machine.

Here is what happened, last night I was sleeping and woke up when my PC rebooted on it's own, I watched the XP screen come up, then it went blank I watched it for a a few minutes and my user login screen never came up. I was too tired to mess with it so I got up today and rebooted, it came up fine. I used my PC a few hours and didn't notice any problems. I checked and there was no minidump. I turned off my PC later in the day, and when I turned it back on same blank screen without XP ever fully loading. Reboot, BSOD. Safe Mode is the only thing that works.

I have installed no new hardware, drivers or software in a long time. in Safe mode I removed my video drivers and that did nothing. I'm thinking a upgrade install of XP might fix this. But I would like to know how to fix it from the ground level, or at least troubleshoot it so I know what caused it. A reinstall of XP (if it even works) wouldn't help me understand anything here.

Hijack this log looks good, ran Spybot, Ad-Aware doesn't seem to run in Safe Mode, well it won't run for me. So I'm somewhat out of ideas, but since I can boot to safe mode fine I know it should be fixable, even if it'll require a ton of work.

help or ideas would be lovely, thanks

 

[myocardia]

You need to tell us the rest of the letters and numbers, so we can find out what it means. It should look something like this-- STOP: 0x000000F7 (0x00740065, 0x0000113B, 0xFFFFEEC4, 0x00000000).

 

[robisbell]

it's a good chance that you've got a Virus, or your system has been hacked. I'd manually save any documents that you consider important and wipe the HDD, then zero the HDD, then reload Windows, install a good AV (not mcaffee or norton), and a good AS.

 

[QueBert]

myocardia - it's 0x000000 000048e6 ffffb719 0000000

to robisbell, I run Avast and I ran Trendmicro House Call and nothing came up, formatting wouldn't fix it in my eyes. I fix problems by figuring them out not formatting. If I format I run the risk of it happening again (assuming it's not just something random causing it) and that would leave my option as formatting again to "fix it" I want to figure out why it's happening and repair it then. Since 95% of what I do is email and go on ATOT I would rather stay in Safe Mode 24/7 until I solve the issue as opposed to doing a format/clean install.

 

[Mark R]

DRIVER_OVERRAN_STACK_BUFFER indicates a driver problem.

This could be a driver that has been hijacked by a virus, a driver used by a virus, a low-quality driver that is just buggy, or some sort of faulty hardware that is causing a driver to crash.

If you are certain that nothing has changed with your hardware, and you've done some basic hardware diagnostics (e.g. ran a memory test, etc.) and it's fine, then you could try a system restore to the last good restore point. This may be able to disable out a recently installed virus, allowing you to run a proper anti-virus for more permanent cleaning.

 

[QueBert]

Mark R - I have system restore shut off, doing more troubleshooting I figure out it's my Razer Barracuda's driver causing the BSOD. I removed them and it booted fine 3 times in a row. Trying to re-install them gave me the same BSOD both times I tried to re-install during the exact same spot of the install. I tried the latest drivers from Razer's web site but it didn't help. I hope my sound card isn't fff'ed up, but I can't figure out what else it could be since I know that is causing the BSOD. I guess for the time being while I research this I'll go back to on board sound.

As far as a virus that's possible but I removed them and re-installed the drivers from scratch. I don't know what else to do right now...

 

[MadAmos]

You may be on the right track I have had very poor experiences with razer drivers and finaly just gave up and went back to logitech and all has been good again.

Amos

 

[QueBert]

I have Razer everything and have never had problems with any drivers, the sound card has been working flawlessly for a few months now. I think if anything something happened to the card itself. Very frustrating, this is such a sweet sounding sound card. Guess I'll look into RMA'ing if I can't get it working in a few days.

 

[dclive]

Originally posted by: QueBert
I have Razer everything and have never had problems with any drivers, the sound card has been working flawlessly for a few months now. I think if anything something happened to the card itself. Very frustrating, this is such a sweet sounding sound card. Guess I'll look into RMA'ing if I can't get it working in a few days.

Read the .sig and read up on the website for info on how to debug your BSOD issue. Post the result of !analyze -v here and we can look at what's causing this.

 

[QueBert]

dclive - DOH! I checked for minidumps all last night when he kept BSOD'ing durring the startup and there was nothing. Today I didn't think to check during the driver install hummm. going to go that right now

here is the latest minidump (I had 2 today)
-------------------------------------------------


DRIVER_OVERRAN_STACK_BUFFER (f7)
A driver has overrun a stack-based buffer. This overrun could potentially
allow a malicious user to gain control of this machine.
DESCRIPTION
A driver overran a stack-based buffer (or local variable) in a way that would
have overwritten the function's return address and jumped back to an arbitrary
address when the function returned. This is the classic "buffer overrun"
hacking attack and the system has been brought down to prevent a malicious user
from gaining complete control of it.
Do a kb to get a stack backtrace -- the last routine on the stack before the
buffer overrun handlers and bugcheck call is the one that overran its local
variable(s).
Arguments:
Arg1: 00000000, Actual security check cookie from the stack
Arg2: 000048e7, Expected security check cookie
Arg3: ffffb718, Complement of the expected security check cookie
Arg4: 00000000, zero

Debugging Details:
------------------


FAULTING_IP:
ACPI!AcpiArbFindSuitableRange+2f1
f748c73b c9 leave

GSFAILURE_FUNCTION: ACPI!AcpiArbFindSuitableRange

GSFAILURE_MODULE_COOKIE: <unavailable> ACPI!__security_cookie [ f748792c ]

GSFAILURE_ANALYSIS_TEXT: !gs output:
Stack buffer overrun analysis follows:

Corruption occured in ACPI!AcpiArbFindSuitableRange or one of its callers
Error reading real canary at 0xf748792c
Warning: Unable to read real canary complement at 0x00000000
(OK - it is not present in all cases)
GS analysis will be limited due to previous errors
Corrupted cookie value (0x00000000) too generic, skipping read bit-flip check
The canary doesn't look corrupted. Not sure how we got here
Determining __gs_reportfailure version failed. Guessing...
Detected off-by-4 bug in __report_gsfailure, saved ESP will be corrected to ESP+4.
Error 16386 getting EBP and ESP
EBP/ESP appear correct. (EBP-ESP) matches local storage set up in the function prolog

Function ACPI!AcpiArbFindSuitableRange:
Funtion has no locals
no candidate buffer found

Stack buffer overrun analysis complete.


BUGCHECK_STR: STACK_BUFFER_OVERRUN

SECURITY_COOKIE: Expected 000048e7 found 00000000

CUSTOMER_CRASH_COUNT: 2

DEFAULT_BUCKET_ID: DRIVER_FAULT

PROCESS_NAME: System

FOLLOWUP_IP:
ACPI!AcpiArbFindSuitableRange+2f1
f748c73b c9 leave

SYMBOL_NAME: ACPI!AcpiArbFindSuitableRange+2f1

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: ACPI

IMAGE_NAME: ACPI.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 41107d27

STACK_COMMAND: kb

FAILURE_BUCKET_ID: STACK_BUFFER_OVERRUN_ACPI!AcpiArbFindSuitableRange+2f1

BUCKET_ID: STACK_BUFFER_OVERRUN_ACPI!AcpiArbFindSuitableRange+2f1

Followup: MachineOwner



I remember you helped me with another BSOD issue I had last year dclive, maybe this makes sense to you, it definitely doesn't look as simple to me as most where it will say "nv4.dll" or something that points to an exact file. I do know both crashes did happen at the same point of the driver install for my sound card, and I installed other drivers with no issues today.

just noticed this coming up before the analyze

Map Fastfat.sys:
Image region 1f700:2180 does not fit in mapping
Probably caused by : ACPI.sys ( ACPI!AcpiArbFindSuitableRange+2f1 )

 

[dclive]

what did the other minidump show?

if you disable all non-MS drivers via msconfig does the problem continue?

 

[QueBert]

dclive - the 1st minidump looks identical to me, I didn't try diagnostic mode in msconfig and reinstalling the drivers. But I know the system wouldn't boot at all with the sound card drivers installed, as soon as I removed them in safe mode everything was good. And the BSOD didn't come back until I tried to reinstall the sound card drivers again. I'm not so sure it's the sound card drivers themselves, but maybe something else causing the drivers to sh!t out on me. Like I said in the original post, I haven't installed anything in the past week except my cell phone software, and have not put any hardware in, or added/removed/updated any drivers. System has ran pretty much 100% for a few months now without a hint of a problem. Now I have the sound card thing, and when I try to do an upgrade install of XP it craps out for the last 2 files and says they don't exist, they're just random .SYS files where the name changes every time I reboot and re-run the setup. They're not anything you can find on Google so I'm assuming they're just junk but I dunno what's causing that.

 

[dclive]

if you disable all non-MS drivers via msconfig does the problem continue?

 

[QueBert]

Originally posted by: dclive
if you disable all non-MS drivers via msconfig does the problem continue?

Sorry I didn't catch this the first time, I mean I read it but wasn't thinking. I will start in diag mode and see if the drivers will install, VERY good idea. I think that's what you mean any ways lol. That does make sense, I can rule out driver conflict then.

 

[myocardia]

Originally posted by: QueBert
I haven't installed anything in the past week except my cell phone software, and have not put any hardware in, or added/removed/updated any drivers.

Well, at least you've figured out what's causing the problem. That's a start. I must have missed that in the OP.

 

[dclive]

Originally posted by: QueBert

Originally posted by: dclive
if you disable all non-MS drivers via msconfig does the problem continue?

Sorry I didn't catch this the first time, I mean I read it but wasn't thinking. I will start in diag mode and see if the drivers will install, VERY good idea. I think that's what you mean any ways lol. That does make sense, I can rule out driver conflict then.

No; please read the webguide (see my .sig) on msconfig -- basically go to msconfig's services and disable all non-MS stuff, then reboot and see what happens. (If you can't boot after doing so, simply use last known good.)

Cell phone sw does sound like the culprit.

 

[QueBert]

Originally posted by: dclive

Originally posted by: QueBert

Originally posted by: dclive
if you disable all non-MS drivers via msconfig does the problem continue?

Sorry I didn't catch this the first time, I mean I read it but wasn't thinking. I will start in diag mode and see if the drivers will install, VERY good idea. I think that's what you mean any ways lol. That does make sense, I can rule out driver conflict then.

No; please read the webguide (see my .sig) on msconfig -- basically go to msconfig's services and disable all non-MS stuff, then reboot and see what happens. (If you can't boot after doing so, simply use last known good.)

Cell phone sw does sound like the culprit.

My system is running fine, if I switch to diag mode in msconfig it works just the same. Only time I have a problem is when I'm trying to install my sound card drivers, it craps out during the install. I'm about to remove the cell phone software, it didn't hit me until later yesterday that I had installed it, that's why I didn't mention it in the OP.

*edit*

removed the Nokia software, rebooted, tried to install sound card drivers again, same BSOD at the same point. I give up...

 

[myocardia]

Originally posted by: QueBert
*edit*

removed the Nokia software, rebooted, tried to install sound card drivers again, same BSOD at the same point. I give up...

Quebert, since the cell phone software doesn't seem to bethe culprit (you would have to manually remove all traces of it in the registry, to be sure), I would recommend you first dowload and use (it doesn't have to be installed) MemTest HCI, which is about 10x better than MemTest86. Let it run for a few hours, at least.

If it passes MemTest, I would definitely recommend downloading and using RootKit revealer. The download link is at the extreme bottom of that very informative page. You may very well have a rootkit, a type of virus that most antivirus software doesn't even check for, much less "catch". BTW, you're aware that you can reload Windows without reformatting your drive or reinstalling your software, aren't you? Let me know if you want to know how.


edit: Oh yeah, I almost forgot. If dclive and I ever give you differing opinions on something, and that something involves overclocking or hardware, then take my advice. If it involves Windows, the Windows registry, etc, then definitely take his advice. Nice little site you have there, dclive.

 

[QueBert]

thanks myocardia, I've never heard of MemTest but I'm going to run it in a bit. I'm running Rootket Revealer right now, getting a lot of security mismatch & keys contain embedded nulls, looks like i need to read up on it to see what's what.

 

[dclive]

Enable kernel-sized dumps, ensure you have a pagefile on c:, and then force another dump/bsod. Analyze the dump again (do it a few times - crash then analyze) and let us know what you find. This time, analyze c:\windows\memory.dmp (the kernel dump) not the minidumps.

 

[QueBert]

I want to say thank you to dclive, myocardia, Mark R, MadAmos & robisbell. I ended up doing a repair install of XP and my sound is now working, I have no idea what the install fixed or if it'll keep working but I was out of ideas on trying to "fix it" properly. I did take all the advice here and at least try to come up with a reason but my brain couldn't figure it out.

I tried installing Vista (horrible experience lol) anyone who wants to assist there I started a new thread. I'm still interested in dual booting Vista.