Occasional BSODs - random STOP messages - use of verifier.exe causes crash

Whenever windows it writes a system event log and a minidump. What display card and antivirus are you using?

Check system event 1001 and it has the content of the blue screen
Control Panel -> Adminstrative Tools -> Event Viewer -> System -> Event 1001. Copy the content and paste it back here

Do you find the minidump at the folder \winnt\minidump. If no, you disable the dump taking.

Enable minidump
Control Panel --> System --> Advance --> Startup and Recovery --> Write debugging information --> tick minidump
Reboot to make it effective

The adaptor is an onboard Intel 82865G. I am not using any anti-virus

There is no event 1001. When the system crashes it apparently doesn't write anything to the event log.

Minidump is enabled but the last file written to it is dated the second of this month and unfortunately the system has crashed much more recently!

Would you like me to send  this file to you and if so how should I do it?

David

Attach the minidump at any webspace. BTW do you mean the system crash and you have to press reset button to reboot the system. I wonder why no minidump is taken when the system is crashed.

The Minidump file created on the second of December is at:

http://www.david-g.net/Mini.zip 

I do not know what event triggered the creation of this file.

It does seem that for some reason these random BSODs create neither an entry in the event log or a Minidump file.

I apologise for using the imprecise word "crash" - I meant a BSOD after which it is necessary to use the reset button.

The BSOD produced during the the boot process after running verifier.exe as described in my original posting did not produce either an entry in the event log or a minidump presumably because it was caused by the same problem.

Other events on the system do produce event log entries and minidump files.

David

Hi cgaski,

From the dump I find out you've installed Grandmars PV256C Mpeg card driver (cap7134.sys) which is the culprit. Because I have installed the same MPEG card at one of my PC,  I find out after I finish TV capturing, sometimes the windows is overaid. The interium solution, when TV capture is started, don't do any at the PC. When TV capture finishes, reboot PC. I've searched the grandmars web site and they don't have the new patches.

The following are my failing record. It has different bugcheck code 0A, 50, 8E and D1. I've three incidences, the failing module is cap256.sys.

            DRIVER_IRQL_NOT_LESS_OR_EQUAL                                          
            Bugcheck            Data Addr      Instr Addr            IRQL            Root cause      Overlaid data      Overlaid Starting Adr
04/08/14      mpegcap      D1/EI      User Adsp      0580097E      F99F59F4      a347bus.sys      2            F9A04480 is invalid      818A0EE8      
04/09/29      mpegcap      D1/EI      Sys Adsp      85DC84DC      F96FBFFF      nv4_mini.sys+74FFFF      2            Instuction F96FC000 is overlaid      3C7F3C80       F96FC000
04/10/04      explorer      D1/EI      User Adsp      5E7F6C7F      F99F66D4      d346bus.sys      2            F9A04854 is zero      00000000      
            PAGE_FAULT_IN_NONPAGED_AREA                                                      
04/09/24      system      50/EI      Sys Adsp      BF7F0020      805110A7      nt!MiSessionPoolFreed                              
04/09/12      mpegcap      50      Sys Adsp      E2D9D000      F96279AD      cap256.sys                  logic error at cap256.sys            
04/08/25      explorer      50/EI      Sys Adsp      E11C0000      BF867A02      win32k+0x67a02                  storage E117F9FC is invalid      007F1C7F      
04/08/10      mpegcap      50      Sys Adsp      E291F000      F95869AD      cap256.sys                  logic error at cap256.sys            
04/10/01      mpegcap      50      Sys Adsp      E2B18000      F95869AD      cap256.sys                  logic error at cap256.sys            
            IRQL_NOT_LESS_OR_EQUAL                                                      
04/07/29      mpegcap      0A/DI      Invalid Adr      FFFFFFFC      8053254F      nt!SwapContext+4f      99            811D5750 is zero      00000000      
04/08/13      Idle      0A/EI      Sys Adsp      C7ACC74B      804FBC8B      nt!KiReadyThread      2            8165051C is invalid      C7ACC74B      
04/09/29      mpegcap      0A/EI      Low Memory      00000004      805145D8      nt!MiRemovePageByColor      2            ??            
                                                                  
            KERNEL_MODE_EXCEPTION_NOT_HANDLED (No recovery routine)                                                         
04/09/01      mpegcap      8E      Low Memory      00000010      F9AD1ED8      stream.sys+ed8                  F4148AF8 is zero      00000000      
04/08/29      vstudio      8E      User Adsp      0180017F      80535DE3      nt!ExAllocatePoolWithTag+671                  Address 0180017F is read only ??      0180017F/2F7F2F7F      E147D550
04/08/25      services      8E      User Adsp      2E7F2E7F      80609A52      nt!CmpGetNameControlBlock+a4                  E1F922B4 is invalid      2E7F2E7F      E1F92000
04/09/26      notepad      8E      User Adsp      3C7F3B9F      BF87F7D6      win32k!EngCopyBits+0x1cd                  F32A9B90 is invalid      3C7F3B7F      
04/10/09      csrss      8E      User Adsp      3C7F3C86      BF87B61C      win32k.sys+7b61c                  E2ACF1B8 is invalid      3C7F3C80      
04/11/22      mpegcap      8E      User Adsp      4E5664C4      F96CD044      nv4_mini.sys+1e044                              
                                                                  
            FAT_FILE_SYSTEM (23)                                                      
04/09/01      explorer      23      User Adsp      4F984F61      F98F512B      Fastfat+0x512b                  4F984F61            
            SYSTEM_THREEAD_EXCEPTION_NOT_HANDLED                                                      
04/07/13             7E      Low Memory      00000004      B2DB56E5      usbscan+16E5

My apology my mpeg driver is cap7156 and your driver cap7134. I think cap7134 is the TV card driver.

I think cap7156 and cap7134 has the same software developer. If cap7156 has memory overlaid  problem at cap7156, cap7134.sys may have the same problem.  From your minidump, this is memory overlaid problem.

The TV capture card is something called 10 moons TV Master. I had a look at the drivers on the CD Rom that came with it and sure enough there is cap7134.sys.

From recollection the BSODing probably started a few days after I installed it. I didn't associate the installation and the BSODing because the problems didn't start till several days, maybe a week, after installation. Of course I now know that the there may be periods of days between BSODs.

I have been to the manufacturer's website and downloaded the latest drivers but the downloaded cap7134.sys has the same date as the one on the CD Rom that came with the card.

I'm afraid the only work around is to buy another capture card! This is hardly a financial disaster because the 10 moons card only cost about $20 US.

(I am located in Hong Kong and 10 moons are located in Shenzhen which is just over the border in China so I phoned them but the Technical Support Department didn't speak sufficient English to make the call useful...). I will e-mail them and if I get anything useful I will post it. In the e-mail I will also mention your similar problems with cap7156.sys. Of course it may be that 10 moons only produce the hardware but it's worth a try.

Many thanks for your help - I am pretty sure you have cracked the problem. I will uninstall the 10 moons hardware and software and report back in a week's time hopefully to confirm that the BSODing has stopped.

David

China and Taiwan TV capture manufacturere, they only produce the hardware and the software device drivers are developed by software company. I think cap7156.sys and cap7134.sys are developed by the same software developer but the hardware is owned by different hardware manufacturer.

I was quite literally within seconds of going out to buy a new capture card when I received an e-mail from 10 moons in reply to my e-mail saying that their driver crashed my system with the following text:

"  Uninstall the driver from equipment management . Delete the files oem*.*  that in c:\winnt\inf. Uninstall the application and delete 10moons folder . And then restart the computer. Install driver and application. That will be OK."

I had done what they said, (I zipped the OEM files before deleting them just in case...), and will now wait and see what happens.

Does it seem to you that this procedure makes sense?

David

Do you resolve the problem after you reinstall the TV card driver?

I was starting to think that the problem had been resolved until the system did a spontaneous reboot last night. I don't of course no whether the cause of this reboot was the same as that of the previous BSODs but it should be possible to discover whether this was the case because it created a minidump.

I have put the file up at:

http://www.david-g.net/Mini2.zip 

If this file shows that cap7134.sys was involved I will resume my trip to buy another capture card.

Incidentally, I discovered why no minidumps were being created after the 22nd of this month. On that date I created a page file on a different physical drive and reduce the size of the page file on the C drive to zero. I only subsequently discovered that minidumps are only created if there is a page file on the boot drive so I recreated a page file on this drive.

I look forward with great anticipation to hearing what is in the minidump!

David

I don't think the vendor provides the correct solution. If the diriver has software problem, the vendor must provide an upgrade. Re-install the software does not resolve the problem. I think this is because the software developer mainly test their software at XP platform and not at W2K platform.

I've processed your dump and it looks like it is memory overlaid. Actually I hate memory overlay as it is very diificult to find out the culprit. For overlaid problem, we need a full memory dump and minidump is insufficient. I have over 20 full dumps in my hard disk to diagnostic my stupid MPEG card driver.

Use !analyze -v to get detailed debugging information.
BugCheck 1E, {c000001d, a07398dc, ffffffff, e35dd868}
Probably caused by : ntoskrnl.exe ( nt+2f77a )
c000001d is the NT status code which stands for STATUS_ILLEGAL_INSTRUCTION

Before you got BSOD, did you use TV card to watch TV. If yes, the crash may be caused the cap7134.sys overlaid Windows Storage. If you can recall what did you do before the system crash, it is definitely helpful to diagnostic the problem,

Suggestion
Uninstall the TV capture card and if the system does not capture for one week. Moon TV capture card is the culprit.

Many thanks for your response.

I think it might be helpful if I provide a bit of history of the problem.

I needed to convert some video clips into mpegs so on the 17th this month I bought the video capture card. On an unrelated subject I had been backing up on to DVDs but this was getting a bit laborious so while I was at it I bought a 40 gig IDE drive to use for back-up. As I already mentioned I moved the page file on to this drive to give me a bit more room on C

I installed this hardware and everything seemed to work fine. A few days later I started getting the BSODs. Because the problem and did not immediately follows the installation of the hardware I did not associate the two.

Prior to this installation I had been getting occasional spontaneous reboots which did not produce an entry in the event log but did produce minidumps. I did an extensive check of the Ram in the machine which didn't show any problems. I have put a minidump produced on the 30th September up at:

http://www.david-g.net/Mini3.zip

 If the events detailed in Mini3 are similar to those in Mini2 I would think that we can be reasonably certain that the latest reboot has nothing to do with the capture card. Both these events are at course spontaneous reboots and not BSODs.

If this is indeed the case I could set the machine to do a full dump on the next occasion - presuming I have enough space on C.  I believe full dumps are pretty big?

Since I reinstalled 10 moons after first deleting all the  oem files , (there were 145 of them!), I haven't had a BSOD.  It's still too early to say definitely but maybe that problem is fixed. (Having typed that I am now expecting a BSOD any second!)

I'm a bit reluctant to uninstall the capture card because I still have quite a few captures to do. Of course if the machine BSODs again I'm will go and buy another one. (It's not the cost that makes me reluctant to do this - it's the hassle...)

David

I've processed three minidumps. The failing module is win32k.sys and ntoskrnl.exe. They are windows core component which is unlikely is the culpirt. Debug bugcheck 1E and 50 requires to examine the stack trace to find caller and usally the caller is the culprit.  The current process is also have 40% chance to be the culprit and the minidump does not the have the current process and current thread information. Only full dump have the information. From your description it looks like there have a well hidden faulty device driver within your W2K. Since your problem does not occurs very frequently, I think the problem may be related to software error of the sound card or video card device under certain specific condition. My first windows blue screen is device driver of the on-board sound card driver. After I install new sound card and I find out another problem which is the MPEG card driver.

As you know software video capturing using a lot of CPU resource to perform video capturing because your moon TV master card is only cost around US$20 which must be software mpeg coding and not hardware. The sound capturing makes use of the built-in sound card. Maybe this is the reason why your windows crashes more frequent recently because of your creative sound card driver problem. I prefer to use hardware MPEG card as the quaility is much better.

Mini092504-01.dmp (25th Sep 2004)
BugCheck 1E, {c0000005, a001cdbf, 1, 0}
Probably caused by : win32k.sys ( win32k+1cdbf )

Mini120204-01.dmp (2nd Dec 2004)
BugCheck 50, {a10a0b09, 0, a10a0b09, 2}
Probably caused by : ntoskrnl.exe ( nt+4b3bc )

Mini121804-01.dmp (18th Dec 2004)
BugCheck 1E, {c000001d, a07398dc, ffffffff, e35dd868}
Probably caused by : ntoskrnl.exe ( nt+2f77a )

You need a full dump to find the root cause. The size of the full dump is same as ram size. Let say your ram size is 512MB and the full dump is 512MB. It will saved at \windows\memory.dump. You have to copy the dump size to another directory unless you specify the option "don't overwrite the dump".

Re-post if you have a full memory dump.

At 7:57am this morning, (as it's Sunday I was still in bed!) the system did a spontaneous reboot, (there was no entry in the event log.), and a full dump was captured. I have put this up at:

http://www.david-g.net/DumpFull.zip 

It is of course quite large, (180 Megs), but I would be very grateful if you could have a look at it and look forward to hearing your comments.

David

I've downloaded the dump and the failing process is explorer. I have to spend some time to study it. Today I have an appointment at today and I will get back my finding to you at tomorrow.  

BugCheck 1E, {c0000005, a0100400, 0, 2e8}
Probably caused by : win32k.sys ( win32k!EngReleaseSemaphore+106a1 )

0: kd> !process
PROCESS 84eb1400  SessionId: 0  Cid: 04d0    Peb: 7ffdf000  ParentCid: 04c8
    DirBase: 1135b000  ObjectTable: 84eb4c88  TableSize: 476.
    Image: explorer.exe
    VadRoot 84c846e8 Clone 0 Private 2609. Modified 19902. Locked 0.
    DeviceMap 853e8248
    Token                             e3e54d50
    ElapsedTime                       16:38:38.0890
    UserTime                          0:00:00.0468
    KernelTime                        0:00:01.0943
    QuotaPoolUsage[PagedPool]         62152
    QuotaPoolUsage[NonPagedPool]      44816
    Working Set Sizes (now,min,max)  (3407, 50, 345) (13628KB, 200KB, 1380KB)
    PeakWorkingSetSize                3408
    VirtualSize                       70 Mb
    PeakVirtualSize                   147 Mb
    PageFaultCount                    77199
    MemoryPriority                    FOREGROUND
    BasePriority                      8
    CommitCharge                      3178

This is overlay problem and it is hard to find out the culprit. I've scanned all the processes and I find out process stisvc.exe used a lot of CPU time. Stisvc.exe is an executable which is installed by Windows tofether with digital cameras, scanners or another graphical input devices. Do you use TV capture intensively recently?

PROCESS 84f02b20  SessionId: 0  Cid: 0410    Peb: 7ffdf000  ParentCid: 01fc
    DirBase: 0f895000  ObjectTable: 84f03668  TableSize:  90.
    Image: stisvc.exe
    VadRoot 84ef6528 Clone 0 Private 183. Modified 91. Locked 0.
    DeviceMap 853e8248
    Token                             e379b230
    ElapsedTime                       16:38:49.0781
    UserTime                          0:00:13.0226
    KernelTime                        0:00:44.0142

Merry Christmas
cpc2004

Hi,

I hope you had a good Christmas.

I only use TV capture occasionally and I had the spontaneous reboot problem before it was installed. I do have a digital camera application - that again and that is only used very occasionally.

Since I reinstalled the capture software I have not had a BSOD but every few days I get a spontaneous reboot which generates a Minidump but as I say this has been happening since before the video capture software was installed.

Looking in the Minidump directory I see that two were generated on Christmas Day but none since. I have put these up at:

http://www.david-g.net/XmasMinidump.zip 

In case they might be of any use. If you think it would be of any help I could set the machine back to doing a full dump rather than a Minidump.

David

I've processed the minidumps and their symptoms are exactly the same as the full dump taken on 19th Dec. I can't figure out why there have 3 stack trace when I process the dump at XP and W2K.  I have XP and W2K but I don't have W2K. I will install W2K at one of my spare Hard Disk and run windbg at my new W2K. Maybe I can have more stack trace at W2K SP4. It will take a couple of days.

What is up? If you still get the bsod, attach the dump here.

Hi,

Yup, it's still BSODing. I have put the five latest Minidumps up at:

http://www.consul-net.net/05Dump.zip 

David

The minidumps have different bugcheck codes and has no pattern. It maybe the hardware error at the motherboard as only hardware error does not have pattern.

Mini011505-02.dmp 76 (00000000, 84bc99e0, 00000039, 00000000) nt+40ec7
Mini012005-01.dmp 1E (c0000005, b77774ff, 00000001, 04291a24) nt+565a2
Mini012205-01.dmp 1E (c0000005, 0042c72b, 00000000, 0042c72b) nt+565a2
Mini012105-02.dmp 7F (0000000d, 00000000, 00000000, 00000000) nt+6a602
Mini012105-01.dmp 24 (0019025e, b6da34b4, b6da3504, bfef61ac) Ntfs+331ac

Yes, a hardware problem would also explain the fact that the BSODs occur at random times, sometimes in the middle of the night when very few applications are open, and at apparently random intervals.

What checks could I carry out to try and locate the problem?

David

What motherboard and CPU are you using?

The board is an Intel D865GBF with a 2.4 gig Pentium 4 processor

I think it is hardware error at the motherboard or faulty PSU.

Do you have any update for your PC probem?

The thing is still doing spontaneous re boots with a average interval of a few days although occasionally it will do it twice within a few hours.

If, as you suggest, it is a hardware problem I have no idea how to set about diagnosing which component is responsible. It obviously isn't practical to go through the machine trying a replacement processor, main board, etc. It would probably be cheaper to throw the machine away and buy another one...

David

I have W2K3 and XP but I don't have the W2K.  As you are using W2K SP4 and use windbg at XP or W2K3 could not process the W2K dump properly. I have the W2K install CD-ROM, I will install W2K at my PC. I will re-process your dumps and update you at this weekend.

Today I install W2k SP4 at one of PC and reprocess your dump at my W2K. I have a new findig, most of the dumps have the following bucket id and I believe that your intel CPU is faulty.

DEFAULT_BUCKET_ID:  INTEL_CPU_MICROCODE_ZERO

OK, thanks.

I have ordered a new processor from the States. (The 800 Meg bus version of the 2.4 gig Pentium is not available here in Hong Kong which is a shame because processors are much cheaper here...).

I will update you when I have received, installed and run the new CPU for a few days.

David

Have you installed the new CPU? Does it fix the problem?

Unfortunately I have not yet received the new processor - it appears that FedEx may have lost it. I am corresponding with the vendor.

Since the day I authorised the payment from my credit card of $176 for a new processor and its shipment to Hong Kong the machine has not spontaneously rebooted once.

I can only presume that the existing CPU on processing my e-mail saw the trash can looming and decided to behave...

Rest assured, I will keep you up-to-date.

David

Update

The company in the States from whom I ordered the CPU, (Mr Tech), maintain that it was collected from their premises by FedEx.

FedEx say that they are still awaiting instructions to collect it. In the meantime Mr Tech have got my money but I haven't got the processor....

I'm trying to reclaim the money from my credit card company.

The machine is still very occasionally spontaneously re booting but nowhere near as frequently as it was doing when I first contacted you. This is fortunate because I'm concerned that by the time Mr Tech and FedEx have decided who has got the CPU it will have become obsolete!

I will keep you updated,

David

Attach the latest minidump at any Webspace. Maybe I have new finding,

www.consul-net.net/Mini03-04.zip

After further analysis, the debug report of Mini120204-01.dmp shows that it is  SINGLE_BIT_CPU_CALL_ERROR

Mini120204-01.dmp 50 (a10a0b09, 00000000, a10a0b09, 00000002) win32k!PhkFirstValid+0x0  
      STACK_TEXT:  
      WARNING: Frame IP not in any known module. Following frames may be wrong.
      b76d7c78 a001c458 5a27c9b2 00000003 00000001 0xa10a0b09
      b76d7c94 a0000bae 0000007d 00000001 b76d7d0c win32k!xxxCallHook+0x1e
      b76d7cdc a00773f7 b76d7d0c 000021ff 00000000 win32k!xxxInternalGetMessage+0x3aa
      b76d7d48 80466ef9 0012f9f0 00000000 00000000 win32k!NtUserPeekMessage+0x5c
      b76d7d48 77e117da 0012f9f0 00000000 00000000 nt!KiSystemService+0xc9
      0012f974 00000000 00000000 00000000 00000000 0x77e117da

      POSSIBLE_INVALID_CONTROL_TRANSFER:  from a001c453 to a00a0b09
      SINGLE_BIT_ERROR:  dbdbdbdb
      TWO_BIT_ERROR:  dbdbdbdb
      FOLLOWUP_NAME:  MachineOwner
      MODULE_NAME:  hardware
      IMAGE_NAME:  hardware
      DEBUG_FLR_IMAGE_TIMESTAMP:  0
      STACK_COMMAND:  .trap ffffffffb76d7c08 ; kb
      BUCKET_ID:  SINGLE_BIT_CPU_CALL_ERROR
      Followup: MachineOwner

Many thanks for the further analysis.

Would I be right in thinking that a Single Bit CPU Call Error is likely to be caused a fault in the CPU itself?

David

Yes it is a hardware problem at CPU.

Okay, thanks.

As soon as my credit card company has managed to recover my money from Mr Tech, (the supplier that has failed to send me a CPU), I will order one from a reputable source and let you know what happens.

In the meantime I can live with the problem because for some reason the crashes have become less frequent and are now only happening once or twice a week.

Thanks again for your help,

David

Do you have any update of the problem?

Refer to mircosoft website about cap7134.sys
http://oca.microsoft.com/en/respons...c35230a&SID=703

Do you fix the computer hardware problem?