Solved

Computer continuously blue screens and reboots

Posted on 2008-06-16
18
1,139 Views
Last Modified: 2008-08-25
Hi there,

I'm having a bit of trouble with my home built server running Microsoft Windows 2003, with VMWare with a few linux images on it.

About a month ago it did this, but it happened about every 20 min or so.  I did a memtest and found that I had a bad stick of ram and then replaced it.  I did a memtest after I put in the new ram and it came up fine.  I'm not sure why this is happening now.

Here are some of the specs of the computer:

MSI 945P Neo5-F LGA 775 Intel 945P ATX Intel Motherboard
Intel Core 2 Duo E6550 Conroe 2.33GHz LGA 775 65W Dual-Core Processor Model BX80557E6550
Broadway Com Corp OKIA-BLACK-550 550W ATX Power Supply
4GB of RAM all same brand, but not all the same exact model

In there error log here is the error:

Error code 1000008e, parameter1 c0000005, parameter2 a813ad3f, parameter3 f7626aa0, parameter4 00000000.

When sending the error report, Microsoft tells me it is a problem with a device driver.

I have checked, and I have all of the latest drivers over at MSI.

Anyone have any input?

Thanks
0
Comment
Question by:nsavoie
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 11
  • 3
  • 2
  • +1
18 Comments
 
LVL 26

Expert Comment

by:PCBONEZ
ID: 21798510

You may have a variant of this virus which fakes being a driver:
http://support.microsoft.com/kb/903251/en-us
0
 
LVL 23

Expert Comment

by:phototropic
ID: 21800447
This thread refers to a problem similar to yours:

http://www.experts-exchange.com/Operating_Systems/WinXP/Q_21729266.html#a15913510

In this case the virus was a rogue driver : i386p.sys (http://www.greatis.com/appdata/d/i/i386p.sys.htm)

I would suggest scanning your pc with Hijackthis:

http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

Please post the scan log here.
0
 
LVL 1

Author Comment

by:nsavoie
ID: 21802877
Here is the log of HiJack This:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:44:09 AM, on 6/17/2008
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\Documents and Settings\Administrator.CW-MAIN\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\Inetpub\wwwroot\hottproxy\HoTTProxy.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\dns.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\ntfrs.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\lserver.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\VMware\VMware Server\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\Dfssvc.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\dmadmin.exe
C:\Program Files\VMware\VMware Server\bin\vmware-vmx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator.CW-MAIN\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/softAdmin.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [04EB85A6_7175_4E87_9583_3D80793AD067] Temporary value - please remove
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2563267524-1697408974-720798080-1009\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Backup User')
O4 - HKUS\S-1-5-18\..\Run: []  (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: []  (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O10 - Broken Internet access because of LSP provider 'c:\documents and settings\administrator.cw-main\windows\system32\mswsock.dll' missing
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O15 - ESC Trusted Zone: http://runonce.msn.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1194569529046
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1210180000659
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D3CCEFAF-8EE1-40FE-BE25-366E2B016DAB} (Microsoft Virtual Server VMRC Control) - http://cw-main.criticalwire.com:1024/VirtualServer/activex/VMRCActiveXClient.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = criticalwire.com
O17 - HKLM\Software\..\Telephony: DomainName = criticalwire.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{3DF5B2D2-F894-420B-8394-29E42B834BB8}: NameServer = 76.243.116.174,68.94.156.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = criticalwire.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = criticalwire.com
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware Registration Service (vmserverdWin32) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

--
End of file - 8813 bytes
0
Forrester Webinar: xMatters Delivers 261% ROI

Guest speaker Dean Davison, Forrester Principal Consultant, explains how a Fortune 500 communication company using xMatters found these results: Achieved a 261% ROI, Experienced $753,280 in net present value benefits over 3 years and Reduced MTTR by 91% for tier 1 incidents.

 
LVL 1

Author Comment

by:nsavoie
ID: 21802937
The last 6 Minidumps can be found here:

http://citrix.criticalwire.com/minidump.zip
0
 
LVL 1

Author Comment

by:nsavoie
ID: 21803177
I did a stress test with the following:

http://mersenne.org/gimps/p95v2414.zip

And it said:

FATAL ERROR: Rounding was 0.5, expected less than 0.4
Hardware failure detected, consult stress.txt file.
Execution halted.

Where do I go from here to test which piece of hardware it was?

Thanks everyone.
0
 
LVL 1

Author Comment

by:nsavoie
ID: 21804293
Sorry one more thing.  I was poking around in the event log and found this:

The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000008e (0xc0000005, 0xa813ad3f, 0xf7626aa0, 0x00000000). A dump was saved in: C:\WINDOWS\MEMORY.DMP.

This is available here:

http://citrix.criticalwire.com/memory.zip

(Although it is quite big.  About 65mb)
0
 
LVL 1

Author Comment

by:nsavoie
ID: 21806225
I'm going to be doing a few tests on it tonight, including memtest.  Is there anything else that I should try?
0
 
LVL 26

Expert Comment

by:PCBONEZ
ID: 21808185
If you will be inside the case anyway take a look at the capacitors while you are in there. Look for bloating or split tops.
www.badcaps.net
I don't suspect that is the problem here but it takes like 30 seconds to check when you are in there anyway.

.
0
 
LVL 1

Author Comment

by:nsavoie
ID: 21809574
I didn't get your response until after I was at the server, I can check back tomorrow.  The memtest passed 5 times with no errors.  

hmm ?
0
 
LVL 23

Expert Comment

by:phototropic
ID: 21810880
OK. Your HJT log is showing some issues, but not the infection that might cause the symptoms you describe. To be doubly sure, you could check the registry for the following:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
Winlogon\Notify\msctl32.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i386p

If both are absent, then it looks like trouble shooting hardware is the way forward...
0
 
LVL 1

Author Comment

by:nsavoie
ID: 21811901
=/ Nothing ..Man wouldn't that of been nice if this was a software problem! Here are two pictures of the registry just to be sure I didn't miss anything.

http://citrix.criticalwire.com/registry1.png

http://citrix.criticalwire.com/registry2.png

I'm going back to the server later today to check the capacitors.

What other tests should I try?
0
 
LVL 1

Author Comment

by:nsavoie
ID: 21812888
Sorry, I forgot these pictures too.. The capacitors look ok... (No bulging or leaking)

http://citrix.criticalwire.com/capacitor1.jpg

http://citrix.criticalwire.com/capacitor2.jpg

http://citrix.criticalwire.com/capacitor3.jpg
0
 
LVL 1

Author Comment

by:nsavoie
ID: 21817373
Just providing some more information incase anyone needs it:

Here is my Motherboard:

http://www.newegg.com/Product/Product.aspx?Item=N82E16813130099

And here is my power supply:

http://www.newegg.com/Product/Product.aspx?Item=N82E16817162018
0
 
LVL 1

Author Comment

by:nsavoie
ID: 21827866
Made some progress tonight.  As of last night, my computer wouldn't boot.  I thought that the problem was completely separate from this problem that I've been having but I don't think it was.

Right now I have to sticks of PNY and two sticks of Kingston,  Putting in the Kingston does not allow me to see any picture on the screen, but both the PNY work.  I'm bringing the Kingston back and going to see if I can get some PNY.  Hopefully this was the entire problem and would explain the blue screening!

I'll update as soon as I get the new RAM.

Thanks for your input everyone.
0
 
LVL 23

Expert Comment

by:phototropic
ID: 21829596
Swapping RAM is the simplest fix...

Good luck!
0
 
LVL 2

Expert Comment

by:bkdragon23
ID: 21839725
If your problem persists with the new ram, these are other potential problem areas that might cause these types of problems:

-Power Supply (Check Voltage / Swap with Known-Good unit of sufficient Wattage)
-Video Card (Check Capacitors here too, but more likely a video memory problem if this is the culprit)
-Processor (It's always a pain to find a known good for this one)

If you have any known-good components to swap with your existing hardware, that would be the best. Make sure you do not swap more than one component at a time so you know which one it was.

I have also taken a look at the minidumps, and these were the drivers that potentially caused the failures:

SiWinAcc.sys - NForce SATA driver (recommend re-installing driver) [OCCURRED 1 TIME]
ntkrnlmp.exe - Core windows driver (suggests hardware failure) [OCCURRED 1 TIME]
vmx86.sys - VMWare driver (it happened a lot, but not sure if re-installing VMWare will fix this problem) [OCCURRED 4 TIMES]

With the ntkrnlmp.exe file being one of the causes, and the SATA driver being another, I would recommend you try running your SATA hard drive with the IDE turned off in BIOS (assuming you have the OS on SATA and you have an IDE controller to turn off).

All-in-all, I still think it is hardware related. Keep us posted and Good Luck!
0
 
LVL 2

Expert Comment

by:bkdragon23
ID: 21839727
By the way, this is when we start the bets on which component it is.  I say, Power Supply (hehe).
0
 
LVL 1

Accepted Solution

by:
nsavoie earned 0 total points
ID: 21855350
Alright, I think the problem was faulty RAM, either that or the Kingston 1gb sticks that I had weren't compatible with the latest bios of my mb.

Haven't had any problems yet!  Will post again if anythin comes up
0

Featured Post

Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
how to sync tablet drawings to a desktop PC (so both windows are active) 3 52
DNS/WINS in a domain 10 94
data internet through mobile 14 94
watsup photo saving 6 26
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Microsoft will be releasing the Windows 10 Creators Update in just a matter of weeks. Are you prepared? Follow these steps to ensure everything goes smoothly and you don't lose valuable data on your PC.
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
The viewer will learn how to successfully download and install the SARDU utility on Windows 7, without downloading adware.

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question