Computer continuously blue screens and reboots

Hi there,

I'm having a bit of trouble with my home built server running Microsoft Windows 2003, with VMWare with a few linux images on it.

About a month ago it did this, but it happened about every 20 min or so.  I did a memtest and found that I had a bad stick of ram and then replaced it.  I did a memtest after I put in the new ram and it came up fine.  I'm not sure why this is happening now.

Here are some of the specs of the computer:

MSI 945P Neo5-F LGA 775 Intel 945P ATX Intel Motherboard
Intel Core 2 Duo E6550 Conroe 2.33GHz LGA 775 65W Dual-Core Processor Model BX80557E6550
Broadway Com Corp OKIA-BLACK-550 550W ATX Power Supply
4GB of RAM all same brand, but not all the same exact model

In there error log here is the error:

Error code 1000008e, parameter1 c0000005, parameter2 a813ad3f, parameter3 f7626aa0, parameter4 00000000.

When sending the error report, Microsoft tells me it is a problem with a device driver.

I have checked, and I have all of the latest drivers over at MSI.

Anyone have any input?

Who is Participating?

Improve company productivity with a Business Account.Sign Up

nsavoieConnect With a Mentor Author Commented:
Alright, I think the problem was faulty RAM, either that or the Kingston 1gb sticks that I had weren't compatible with the latest bios of my mb.

Haven't had any problems yet!  Will post again if anythin comes up

You may have a variant of this virus which fakes being a driver:
This thread refers to a problem similar to yours:

In this case the virus was a rogue driver : i386p.sys (

I would suggest scanning your pc with Hijackthis:

Please post the scan log here.
Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

nsavoieAuthor Commented:
Here is the log of HiJack This:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:44:09 AM, on 6/17/2008
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\Documents and Settings\Administrator.CW-MAIN\WINDOWS\System32\smss.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\VMware\VMware Server\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
C:\Program Files\VMware\VMware Server\bin\vmware-vmx.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator.CW-MAIN\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/softAdmin.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [04EB85A6_7175_4E87_9583_3D80793AD067] Temporary value - please remove
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2563267524-1697408974-720798080-1009\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Backup User')
O4 - HKUS\S-1-5-18\..\Run: []  (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: []  (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O10 - Broken Internet access because of LSP provider 'c:\documents and settings\\windows\system32\mswsock.dll' missing
O15 - Trusted Zone:
O15 - Trusted Zone:
O15 - Trusted Zone:
O15 - ESC Trusted Zone:
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O16 - DPF: {D3CCEFAF-8EE1-40FE-BE25-366E2B016DAB} (Microsoft Virtual Server VMRC Control) -
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain =
O17 - HKLM\Software\..\Telephony: DomainName =
O17 - HKLM\System\CCS\Services\Tcpip\..\{3DF5B2D2-F894-420B-8394-29E42B834BB8}: NameServer =,
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain =
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain =
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware Registration Service (vmserverdWin32) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

End of file - 8813 bytes
nsavoieAuthor Commented:
The last 6 Minidumps can be found here:
nsavoieAuthor Commented:
I did a stress test with the following:

And it said:

FATAL ERROR: Rounding was 0.5, expected less than 0.4
Hardware failure detected, consult stress.txt file.
Execution halted.

Where do I go from here to test which piece of hardware it was?

Thanks everyone.
nsavoieAuthor Commented:
Sorry one more thing.  I was poking around in the event log and found this:

The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000008e (0xc0000005, 0xa813ad3f, 0xf7626aa0, 0x00000000). A dump was saved in: C:\WINDOWS\MEMORY.DMP.

This is available here:

(Although it is quite big.  About 65mb)
nsavoieAuthor Commented:
I'm going to be doing a few tests on it tonight, including memtest.  Is there anything else that I should try?
If you will be inside the case anyway take a look at the capacitors while you are in there. Look for bloating or split tops.
I don't suspect that is the problem here but it takes like 30 seconds to check when you are in there anyway.

nsavoieAuthor Commented:
I didn't get your response until after I was at the server, I can check back tomorrow.  The memtest passed 5 times with no errors.  

hmm ?
OK. Your HJT log is showing some issues, but not the infection that might cause the symptoms you describe. To be doubly sure, you could check the registry for the following:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\


If both are absent, then it looks like trouble shooting hardware is the way forward...
nsavoieAuthor Commented:
=/ Nothing ..Man wouldn't that of been nice if this was a software problem! Here are two pictures of the registry just to be sure I didn't miss anything.

I'm going back to the server later today to check the capacitors.

What other tests should I try?
nsavoieAuthor Commented:
Sorry, I forgot these pictures too.. The capacitors look ok... (No bulging or leaking)
nsavoieAuthor Commented:
Just providing some more information incase anyone needs it:

Here is my Motherboard:

And here is my power supply:
nsavoieAuthor Commented:
Made some progress tonight.  As of last night, my computer wouldn't boot.  I thought that the problem was completely separate from this problem that I've been having but I don't think it was.

Right now I have to sticks of PNY and two sticks of Kingston,  Putting in the Kingston does not allow me to see any picture on the screen, but both the PNY work.  I'm bringing the Kingston back and going to see if I can get some PNY.  Hopefully this was the entire problem and would explain the blue screening!

I'll update as soon as I get the new RAM.

Thanks for your input everyone.
Swapping RAM is the simplest fix...

Good luck!
If your problem persists with the new ram, these are other potential problem areas that might cause these types of problems:

-Power Supply (Check Voltage / Swap with Known-Good unit of sufficient Wattage)
-Video Card (Check Capacitors here too, but more likely a video memory problem if this is the culprit)
-Processor (It's always a pain to find a known good for this one)

If you have any known-good components to swap with your existing hardware, that would be the best. Make sure you do not swap more than one component at a time so you know which one it was.

I have also taken a look at the minidumps, and these were the drivers that potentially caused the failures:

SiWinAcc.sys - NForce SATA driver (recommend re-installing driver) [OCCURRED 1 TIME]
ntkrnlmp.exe - Core windows driver (suggests hardware failure) [OCCURRED 1 TIME]
vmx86.sys - VMWare driver (it happened a lot, but not sure if re-installing VMWare will fix this problem) [OCCURRED 4 TIMES]

With the ntkrnlmp.exe file being one of the causes, and the SATA driver being another, I would recommend you try running your SATA hard drive with the IDE turned off in BIOS (assuming you have the OS on SATA and you have an IDE controller to turn off).

All-in-all, I still think it is hardware related. Keep us posted and Good Luck!
By the way, this is when we start the bets on which component it is.  I say, Power Supply (hehe).
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.