Computer seizes, and I get a dark blue screen with an error message:

[Accipiter22]

how do I turn off usb/gaming/parallel ports?? from the bios?

 

[Bozo Galora]

O.K. let me try to dig out my dump file reader
thats one dump file - you said you had 3?? Or all same?

I still cant get a handle on this situation..........
So you are saying you get the bluescreen immediately upon format completion, BEFORE even putting in the XP CD for install??
a buffer stack overrun right from the bios load after format reboot????
And it happens ALWAYS, or intermittently?
With windows XP and without windows XP?

Edit:
Yes turn off everything in bios (disabled)

BTW What KB and mouse are you using?

 

[Accipiter22]

Originally posted by: Bozo Galora
O.K. let me try to dig out my dump file reader
thats one dump file - you said you had 3?? Or all same?

I still cant get a handle on this situation..........
So you are saying you get the bluescreen immediately upon format completion, BEFORE even putting in the XP CD for install??
a buffer stack overrun right from the bios load after format reboot????
And it happens ALWAYS, or intermittently?
With windows XP and without windows XP?

there's 3 different dump files, I just posted the most recent one.....

I don't get the bluescreen immediately upon format completion...and i definetly don't get it while XP is installing, but after XP installs I'll start getting it intermittently...I might be idling, or playing BF2, or working on my budget....there doesn't seem to be any rhyme or reason to when it happens. I never do anything outside of XP so I don't know if it happens there...but I did run memtest for hours the other day with no problem....I will say this, it seems to happen MORE frequently when I'm installing something, say a program.

 

[Accipiter22]

Originally posted by: Bozo Galora
O.K. let me try to dig out my dump file reader
thats one dump file - you said you had 3?? Or all same?

I still cant get a handle on this situation..........
So you are saying you get the bluescreen immediately upon format completion, BEFORE even putting in the XP CD for install??
a buffer stack overrun right from the bios load after format reboot????
And it happens ALWAYS, or intermittently?
With windows XP and without windows XP?

Edit:
Yes turn off everything in bios (disabled)

BTW What KB and mouse are you using?

KB is a gateway....mouse, well I've used 3 actually, I switched between an old one for a slightly newer one, and now I'm using a brand new Logitech cordless infared mouse..

 

[Bozo Galora]

nm

 

[Accipiter22]

thanks! here's what I have:

Asus A8V mobo
2 sticks corsair valueram
nec dvd/cd
AMD 3500+ E6 (or whatever was after venice)
a floppy drive
6800 GT (AGP)
Creative Audigy 2.


I haven't removed stuff one by one, I'm going to try that this weekend

 

[Accipiter22]

also, I have noticed that when installing sound drivers, I frequently get that screen...

 

[Accipiter22]

http://dl3.uploadgalaxy.com/files/ee19a4a70965/Mini062206-01.dmp.html
http://dl3.uploadgalaxy.com/files/e67b56a473eb/Mini062206-02.dmp.html
http://dl3.uploadgalaxy.com/files/09174e75d0a4/Mini062106-03.dmp.html


here's a few more dump files...


what do you use to analyze theM??

 

[Bozo Galora]

If you insert and go to the XP CD (prefereably XP SP2), right click explore, you will see support tools

in the support tools folder there is a sup cab file that has dumpchk.exe in it.
create a file called dump on "C" and extract dumpchk.exe to it
then drag your .dmp files to the same folder
open a command prompt (start/run/cmd)

if XP O/S is on "C", then

C:>windows>cd\ (change directory backspace - root)
C:>
C:>cd dump
C:>dump
C:>dump>dumpchk.exe mini062106-1.dmp (note space after .exe)
then hit enter

Now you can analyze your own stuff!!!
(Do not confuse "0"s and "O"'s every letter number must be correct)

Edit: If it were me, I would take audigy and break it in half.

 

[evilsaint]

Originally posted by: Bozo Galora
If you insert and go to the XP CD (prefereably XP SP2), right click explore, you will see support tools

in the support tools folder there is a sup cab file that has dumpchk.exe in it.
create a file called dump on "C" and extract dumpchk.exe to it
then drag your .dmp files to the same folder
open a command prompt (start/run/cmd)

if XP O/S is on "C", then

C:>windows>cd\ (change directory backspace - root)
C:>
C:>cd dump
C:>dump
C:>dump>dumpchk.exe mini062106-1.dmp (note space after .exe)
then hit enter

Now you can analyze your own stuff!!!
(Do not confuse "0"s and "O"'s every letter number must be correct)

Edit: If it were me, I would take audigy and break it in half.

QFT :laugh: Those things LIVE on BSOD's...

 

[Accipiter22]

Originally posted by: Bozo Galora
If you insert and go to the XP CD (prefereably XP SP2), right click explore, you will see support tools

in the support tools folder there is a sup cab file that has dumpchk.exe in it.
create a file called dump on "C" and extract dumpchk.exe to it
then drag your .dmp files to the same folder
open a command prompt (start/run/cmd)

if XP O/S is on "C", then

C:>windows>cd\ (change directory backspace - root)
C:>
C:>cd dump
C:>dump
C:>dump>dumpchk.exe mini062106-1.dmp (note space after .exe)
then hit enter

Now you can analyze your own stuff!!!
(Do not confuse "0"s and "O"'s every letter number must be correct)

Edit: If it were me, I would take audigy and break it in half.

OUCH! I bet creative doesn't put that on the back of the box anytime soon.......my mobo does have onboard sound...

 

[Accipiter22]

another question: how come there's multiple things listed in the dump file, like are all those things causing hte crash at once?

edit: AAAUGH MY EYES....kmixer.sys was listed like 10 times in every single dump file, that and cdaudio and some audigy files...ugh

 

[Accipiter22]

ugh....so for these log files, there's like 15 files listed, are ALL of those causing the crash????I'd have to uninstall my hard drive, cd/dvd, sound card, and floppy if I'm reading this right. This is such bullshit

 

[Bozo Galora]

are you a quadraplegic?

go to the device manager, remove the creative items, which will also remove drivers
shutdown, pull the card and reboot

 

[Accipiter22]

Originally posted by: Bozo Galora
are you a quadraplegic?

go to the device manager, remove the creative items, which will also remove drivers
shutdown, pull the card and reboot

that's the thing, there's still creative crap there...and if I remove the creative stuff I lose sound

 

[dclive]

Bonzo - dumpchk only checks the consistency of the dump. To actually read and do something with the dump, you need to get the debugger and set up a symbol files directory - THEN you can know what's going wrong. dumpchk's output just looks like a few DLLs in the dump - meaningless.

OP:

I tried to download a dump (#3) but it keeps saying it's preparing my file, and I'm never prompted to download the file. If OP would exactly follow the directions in my .sig, I'd be happy to give them a quick look.

Please be sure to run mpsreports and send me the resulting .cab file.

 

[dclive]

OP: Please completely disable system restore on all drives. Does anything change?

Please run mpsreports, send me the .cab output file, and give me all the dumps you've got.

 

[dclive]

Originally posted by: dclive
OP: Please completely disable system restore on all drives. Does anything change?

Please run mpsreports, send me the .cab output file, and give me all the dumps you've got.

OP??

Also still need MPS Reports....

 

[Accipiter22]

Originally posted by: dclive
OP: Please completely disable system restore on all drives. Does anything change?

Please run mpsreports, send me the .cab output file, and give me all the dumps you've got.

I never had system restore on

 

[dclive]

Originally posted by: Accipiter22

Originally posted by: dclive
OP: Please completely disable system restore on all drives. Does anything change?

Please run mpsreports, send me the .cab output file, and give me all the dumps you've got.

I never had system restore on

Interesting, because the DLL that System Restore depends on is what the debugger is pointing the finger to - and not just once, but every single time. See results below.

Interestingly, the debugger also said that the buffer overrun is a common hack exploit. Seems unlikely, but then I looked and it turns out it appears your PC is directly on the public internet, without a router in between to protect you (is that possible?! Does anyone still actually do something that dangerous?!) Your IP, 71.192.x.x, appears to be a public address on the public internet. Get a NATting router and put it between your PC and your internet connection.

But then I saw that your system event log has dozens (no, hundreds) of chkdsk disk errors. Run chkdsk on your two systems, set to fix, and see if you can get your disks to come up clean. Run it until it comes back completely clean. It's hitting both C: and D:, per the errors:

6/25/2006 7:36:31 PM 1 2 55 Ntfs N/A x The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume D:.

(repeated plenty of times)

and

6/27/2006 9:34:53 PM 4 0 26 Application Popup N/A x wmp10.exe - Corrupt File The file or directory C:\DOCUME~1\x\LOCALS~1\Temp\IXP000.TMP is corrupt and unreadable. Please run the Chkdsk utility.

...repeated hundreds of times in slightly different ways.

..but then I went to your Application logs, where I saw you *are* running chkdsk (why didn't you mention this!?) and you're getting all kinds of errors:

6/27/2006 10:07:06 PM 4 0 1001 Winlogon N/A ACCIPITERII Checking file system on D: The type of the file system is NTFS. One of your disks needs to be checked for consistency. You may cancel the disk check, but it is strongly recommended that you continue. Windows will now check the disk. Cleaning up 3 unused index entries from index $SII of file 0x9. Cleaning up 3 unused index entries from index $SDH of file 0x9. Cleaning up 3 unused security descriptors. 218596454 KB total disk space. 14976856 KB in 15267 files. 4996 KB in 948 indexes. 0 KB in bad sectors. 89410 KB in use by the system. 65536 KB occupied by the log file. 203525192 KB available on disk. 4096 bytes in each allocation unit. 54649113 total allocation units on disk. 50881298 allocation units available on disk. Internal Info: 70 3f 00 00 62 3f 00 00 9a 58 00 00 00 00 00 00 p?..b?...X...... 29 02 00 00 00 00 00 00 32 00 00 00 00 00 00 00 ).......2....... 1e 85 66 00 00 00 00 00 04 d6 39 0a 00 00 00 00 ..f.......9..... 20 bc be 00 00 00 00 00 00 00 00 00 00 00 00 00 ............... 00 00 00 00 00 00 00 00 a2 ff 5f 12 00 00 00 00 .........._..... 99 9e 36 00 00 00 00 00 80 39 07 00 a3 3b 00 00 ..6......9...;.. 00 00 00 00 00 60 1d 92 03 00 00 00 b4 03 00 00 .....`..........

You're getting this constantly - again and again and again and again.

I suggest you check your entire disk subsystem.






Debug output:


Microsoft (R) Windows Debugger Version 6.6.0003.5
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Documents and Settings\....\desktop\....\Mini062706-02.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*x:\websymbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_rtm.040803-2158
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805531a0
Debug session time: Tue Jun 27 19:46:46.390 2006 (GMT-5)
System Uptime: 0 days 0:00:42.968
Loading Kernel Symbols
.............................................................................................................................
Loading User Symbols
Loading unloaded module list
..
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck F7, {12, 3ef3, ffffc10c, 0}

Probably caused by : sr.sys ( sr!SrGetAclInformation+12a )

Followup: MachineOwner
---------

*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

DRIVER_OVERRAN_STACK_BUFFER (f7)
A driver has overrun a stack-based buffer. This overrun could potentially
allow a malicious user to gain control of this machine.
DESCRIPTION
A driver overran a stack-based buffer (or local variable) in a way that would
have overwritten the function's return address and jumped back to an arbitrary
address when the function returned. This is the classic "buffer overrun"
hacking attack and the system has been brought down to prevent a malicious user
from gaining complete control of it.
Do a kb to get a stack backtrace -- the last routine on the stack before the
buffer overrun handlers and bugcheck call is the one that overran its local
variable(s).
Arguments:
Arg1: 00000012, Actual security check cookie from the stack
Arg2: 00003ef3, Expected security check cookie
Arg3: ffffc10c, Complement of the expected security check cookie
Arg4: 00000000, zero

Debugging Details:
------------------


FAULTING_IP:
sr!SrGetAclInformation+12a
f73f1744 e8ce22ffff call sr!_SEH_epilog (f73e3a17)

GSFAILURE_FUNCTION: sr!SrGetAclInformation

GSFAILURE_MODULE_COOKIE: <unavailable> sr!__security_cookie [ f73e538c ]

GSFAILURE_CORRUPTED_COOKIE: 00000012 [ ef955a48 ]

GSFAILURE_ANALYSIS_TEXT: !gs output:
Stack buffer overrun analysis follows:

Corruption occured in sr!SrGetAclInformation or one of its callers
Error reading real canary at 0xf73e538c
Error reading real canary complement at 0x00000000
GS analysis will be limited due to previous errors
Corrupted canary at 0xef955a48: 0x00000012
Corrupted cookie value (0x00000012) too generic, skipping read bit-flip check
EBP/ESP check skipped: No saved EBP in exception context
Function sr!SrGetAclInformation:
Funtion has no locals
no candidate buffer found

Stack buffer overrun analysis complete.


SECURITY_COOKIE: Expected 00003ef3 found 00000012

CUSTOMER_CRASH_COUNT: 2

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0xF7

LAST_CONTROL_TRANSFER: from f73e39ad to 804f8925

STACK_TEXT:
ef955990 f73e39ad 000000f7 00000012 00003ef3 nt!KeBugCheckEx+0x1b
ef9559b0 f73f1744 85cb9828 85d66e88 00000000 sr!__report_gsfailure+0x25
ef955a64 001f01ff 00000501 05000000 00000015 sr!SrGetAclInformation+0x12a
WARNING: Frame IP not in any known module. Following frames may be wrong.
ef955b04 f73eef22 ef955bf0 f73e3a2e f73e3e20 0x1f01ff
ef955a7c 320a1743 000003eb 3bab58ea 01c694dd sr!SrUpdateBytesWritten+0x8a
ef955b04 f73eef22 ef955bf0 f73e3a2e f73e3e20 0x320a1743
ef955a7c 320a1743 000003eb 3bab58ea 01c694dd sr!SrUpdateBytesWritten+0x8a
ef955b04 f73eef22 ef955bf0 f73e3a2e f73e3e20 0x320a1743
ef955a7c 320a1743 000003eb 3bab58ea 01c694dd sr!SrUpdateBytesWritten+0x8a
ef955b04 f73eef22 ef955bf0 f73e3a2e f73e3e20 0x320a1743
ef955a7c 320a1743 000003eb 3bab58ea 01c694dd sr!SrUpdateBytesWritten+0x8a
ef955b04 f73eef22 ef955bf0 f73e3a2e f73e3e20 0x320a1743
ef955a7c 320a1743 000003eb 3bab58ea 01c694dd sr!SrUpdateBytesWritten+0x8a
ef955b04 f73eef22 ef955bf0 f73e3a2e f73e3e20 0x320a1743
ef955a7c 320a1743 000003eb 3bab58ea 01c694dd sr!SrUpdateBytesWritten+0x8a
ef955b04 f73eef22 ef955bf0 f73e3a2e f73e3e20 0x320a1743
ef955a7c 320a1743 000003eb 3bab58ea 01c694dd sr!SrUpdateBytesWritten+0x8a
ef955b04 f73eef22 ef955bf0 f73e3a2e f73e3e20 0x320a1743
ef955a7c 320a1743 000003eb 3bab58ea 01c694dd sr!SrUpdateBytesWritten+0x8a
ef955b04 f73eef22 ef955bf0 f73e3a2e f73e3e20 0x320a1743
ef955a7c 320a1743 000003eb 3bab58ea 01c694dd sr!SrUpdateBytesWritten+0x8a
ef955b04 f73eef22 ef955bf0 f73e3a2e f73e3e20 0x320a1743
ef955a7c 320a1743 000003eb 3bab58ea 01c694dd sr!SrUpdateBytesWritten+0x8a
ef955b04 f73eef22 ef955bf0 f73e3a2e f73e3e20 0x320a1743
ef955a7c 320a1743 000003eb 3bab58ea 01c694dd sr!SrUpdateBytesWritten+0x8a
ef955b04 f73eef22 ef955bf0 f73e3a2e f73e3e20 0x320a1743
ef955a7c 320a1743 000003eb 3bab58ea 01c694dd sr!SrUpdateBytesWritten+0x8a
ef955b04 f73eef22 ef955bf0 f73e3a2e f73e3e20 0x320a1743
ef955a7c 320a1743 000003eb 3bab58ea 01c694dd sr!SrUpdateBytesWritten+0x8a
ef955b04 f73eef22 ef955bf0 f73e3a2e f73e3e20 0x320a1743
ef955a7c 320a1743 000003eb 3bab58ea 01c694dd sr!SrUpdateBytesWritten+0x8a
ef955b04 f73eef22 ef955bf0 f73e3a2e f73e3e20 0x320a1743
ef955a7c 320a1743 000003eb 3bab58ea 01c694dd sr!SrUpdateBytesWritten+0x8a
ef955b04 f73eef22 ef955bf0 f73e3a2e f73e3e20 0x320a1743
ef955a7c 320a1743 000003eb 3bab58ea 01c694dd sr!SrUpdateBytesWritten+0x8a
ef955b04 f73eef22 ef955bf0 f73e3a2e f73e3e20 0x320a1743
ef955a7c 320a1743 000003eb 3bab58ea 01c694dd sr!SrUpdateBytesWritten+0x8a
ef955b04 f73eef22 ef955bf0 f73e3a2e f73e3e20 0x320a1743
ef955a7c 320a1743 000003eb 3bab58ea 01c694dd sr!SrUpdateBytesWritten+0x8a
ef955b04 f73eef22 ef955bf0 f73e3a2e f73e3e20 0x320a1743
ef955a7c 320a1743 000003eb 3bab58ea 01c694dd sr!SrUpdateBytesWritten+0x8a
ef955b04 f73eef22 ef955bf0 f73e3a2e f73e3e20 0x320a1743
ef955a7c 320a1743 000003eb 3bab58ea 01c694dd sr!SrUpdateBytesWritten+0x8a
ef955b04 f73eef22 ef955bf0 f73e3a2e f73e3e20 0x320a1743
ef955a7c 320a1743 000003eb 3bab58ea 01c694dd sr!SrUpdateBytesWritten+0x8a
ef955b04 f73eef22 ef955bf0 f73e3a2e f73e3e20 0x320a1743
ef955a7c 320a1743 000003eb 3bab58ea 01c694dd sr!SrUpdateBytesWritten+0x8a
ef955b04 f73eef22 ef955bf0 f73e3a2e f73e3e20 0x320a1743
ef955a7c 320a1743 000003eb 3bab58ea 01c694dd sr!SrUpdateBytesWritten+0x8a
ef955b04 f73eef22 ef955bf0 f73e3a2e f73e3e20 0x320a1743
ef955a7c 320a1743 000003eb 3bab58ea 01c694dd sr!SrUpdateBytesWritten+0x8a
ef955b04 f73eef22 ef955bf0 f73e3a2e f73e3e20 0x320a1743
ef955a7c 320a1743 000003eb 3bab58ea 01c694dd sr!SrUpdateBytesWritten+0x8a
ef955b04 f73eef22 ef955bf0 f73e3a2e f73e3e20 0x320a1743
ef955a7c 320a1743 000003eb 3bab58ea 01c694dd sr!SrUpdateBytesWritten+0x8a
ef955b04 f73eef22 ef955bf0 f73e3a2e f73e3e20 0x320a1743
ef955a7c 320a1743 000003eb 3bab58ea 01c694dd sr!SrUpdateBytesWritten+0x8a
ef955b04 f73eef22 ef955bf0 f73e3a2e f73e3e20 0x320a1743
ef955a7c 320a1743 000003eb 3bab58ea 01c694dd sr!SrUpdateBytesWritten+0x8a
ef955b04 f73eef22 ef955bf0 f73e3a2e f73e3e20 0x320a1743
ef955a7c 320a1743 000003eb 3bab58ea 01c694dd sr!SrUpdateBytesWritten+0x8a
ef955b04 f73eef22 ef955bf0 f73e3a2e f73e3e20 0x320a1743
ef955a7c 320a1743 000003eb 3bab58ea 01c694dd sr!SrUpdateBytesWritten+0x8a
ef955b04 f73eef22 ef955bf0 f73e3a2e f73e3e20 0x320a1743
ef955a7c 320a1743 000003eb 3bab58ea 01c694dd sr!SrUpdateBytesWritten+0x8a
ef955b04 f73eef22 ef955bf0 f73e3a2e f73e3e20 0x320a1743
ef955a7c 320a1743 000003eb 3bab58ea 01c694dd sr!SrUpdateBytesWritten+0x8a
ef955b04 f73eef22 ef955bf0 f73e3a2e f73e3e20 0x320a1743
ef955a7c 320a1743 000003eb 3bab58ea 01c694dd sr!SrUpdateBytesWritten+0x8a
ef955b04 f73eef22 ef955bf0 f73e3a2e f73e3e20 0x320a1743
ef955a7c 320a1743 000003eb 3bab58ea 01c694dd sr!SrUpdateBytesWritten+0x8a
ef955b04 f73eef22 ef955bf0 f73e3a2e f73e3e20 0x320a1743
ef955a7c 320a1743 000003eb 3bab58ea 01c694dd sr!SrUpdateBytesWritten+0x8a
ef955b04 f73eef22 ef955bf0 f73e3a2e f73e3e20 0x320a1743
ef955a7c 320a1743 000003eb 3bab58ea 01c694dd sr!SrUpdateBytesWritten+0x8a


STACK_COMMAND: kb

FOLLOWUP_IP:
sr!SrGetAclInformation+12a
f73f1744 e8ce22ffff call sr!_SEH_epilog (f73e3a17)

FAULTING_SOURCE_CODE:


SYMBOL_STACK_INDEX: 2

FOLLOWUP_NAME: MachineOwner

SYMBOL_NAME: sr!SrGetAclInformation+12a

MODULE_NAME: sr

IMAGE_NAME: sr.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 41107cde

FAILURE_BUCKET_ID: 0xF7_sr!SrGetAclInformation+12a

BUCKET_ID: 0xF7_sr!SrGetAclInformation+12a

Followup: MachineOwner
---------

 

[dclive]

To clarify and simplify:

1. The problems occur and continue to occur, even after reformatting and putting on very, very minimal drivers.
2. The problems occur again and again and again.
3. Disk issues are constant throughout the eventlogs, over and over again.

Suggestions:
1. Replace the disk subsystem (disk, cabling, controller) bit by bit until the constant disk errors go away. Start with the hard disk and a new IDE cable.
2. I bet that fixes it.

 

[Accipiter22]

i see you said to check my entire disk subsystem...is that different than just running check disk? NM i see you address it with the last post....


SOMETHING I DID FIND! Initially, when i first set up this rig, system restore was off...however I've reformatted at least 7 times trying to fix this problem, and on each subsequent reformat, I never turned it off...so you may be right. I'll see how it goes today with this off.

 

[dclive]

Originally posted by: Accipiter22
i see you said to check my entire disk subsystem...is that different than just running check disk? NM i see you address it with the last post....


SOMETHING I DID FIND! Initially, when i first set up this rig, system restore was off...however I've reformatted at least 7 times trying to fix this problem, and on each subsequent reformat, I never turned it off...so you may be right. I'll see how it goes today with this off.

So .... what's the latest?