Blue Screen Crash On Windows 7 on Welcome Screen
Sometimes when my PC is starting up, I get a blue screen immediately after the welcome screen. it happens 2/3 times.
These are the problem details
_______________________________________________________________________________________________________
Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7600.2.0.0.256.1
Locale ID: 1033
Additional information about the problem:
BCCode: 3b
BCP1: 00000000C0000005
BCP2: FFFFF80003299448
BCP3: FFFFF8800978E630
BCP4: 0000000000000000
OS Version: 6_1_7600
Service Pack: 0_0
Product: 256_1
Files that help describe the problem:
C:\Windows\Minidump\012911-15584-01.dmp
C:\Users\Bluegenie\AppData\Local\Temp\WER-49452-0.sysdata.xml
Read our privacy statement online:
http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409
If the online privacy statement is not available, please read our privacy statement offline:
C:\Windows\system32\en-US\erofflps.txt
_______________________________________________________________________________________________________
Please help me as soon as possible.
Thanks!
Here are some .dmp files that I've attached:-
012911-17269-01.dmp
012911-16068-01.dmp
January 29th, 2011 1:02pm
Sometimes when my PC is starting up, I get a blue screen immediately after the welcome screen. it happens 2/3 times.
These are the problem details
_______________________________________________________________________________________________________
Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7600.2.0.0.256.1
Locale ID: 1033
Additional information about the problem:
BCCode: 3b
BCP1: 00000000C0000005
BCP2: FFFFF80003299448
BCP3: FFFFF8800978E630
BCP4: 0000000000000000
OS Version: 6_1_7600
Service Pack: 0_0
Product: 256_1
Files that help describe the problem:
C:\Windows\Minidump\012911-15584-01.dmp
C:\Users\Bluegenie\AppData\Local\Temp\WER-49452-0.sysdata.xml
Read our privacy statement online:
http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409
If the online privacy statement is not available, please read our privacy statement offline:
C:\Windows\system32\en-US\erofflps.txt
_______________________________________________________________________________________________________
Please help me as soon as possible.
Thanks!
Here are some .dmp files that I've attached:-
012911-17269-01.dmp
012911-16068-01.dmp
Windows Debugger found a problem in ataport.sys file. What should I do?
Free Windows Admin Tool Kit Click here and download it now
January 29th, 2011 1:34pm
Windows Debugger found a problem in ataport.sys file. What should I do?
Check your HDD cable. Can you uplaod the dmps somewhere else? I can't download them.
// Edit
I got the dumps and it maybe casued by 1 of those 2 drivers:
GEARAspiWDM.sys Mon May 18 14:17:04 2009
SCDEmu.SYS Tue Aug 07 17:19:48 2007
This driver provides virtual CD/DVD and can casue the ATAport issues. So update [1] the GEAR driver, please. The
SCDEmu.SYS is part of PowerISO DVD Drive. So upodate or remove the tool.
André
[1]
http://www.gearsoftware.com/support/drivers.php
"A programmer is just a tool which converts caffeine into code" CLIP- Stellvertreter http://www.winvistaside.de/
January 29th, 2011 2:55pm
The ataport.sys problem is solved but I got another Blue Screen and this time Windows Debugger found a problem in msrpc.sys file.
The dump file is attached by me here..
013011-19562-01.dmp
Free Windows Admin Tool Kit Click here and download it now
January 30th, 2011 2:18am
Bug Check 0xF7: DRIVER_OVERRAN_STACK_BUFFER
This indicates that a driver has overrun a stack-based buffer.
A driver has overrun a stack-based buffer. This overrun could potentially
allow a malicious user to gain control of this machine.
DESCRIPTION
A driver overran a stack-based buffer (or local variable) in a way that would
have overwritten the function's return address and jumped back to an arbitrary
address when the function returned. This is the classic "buffer overrun"
hacking attack and the system has been brought down to prevent a malicious user
from gaining complete control of it.
Do a kb to get a stack backtrace -- the last routine on the stack before the
buffer overrun handlers and bugcheck call is the one that overran its local
variable(s).
http://msdn.microsoft.com/en-us/library/ff560389%28VS.85%29.aspx
STACK_TEXT:
nt!KeBugCheckEx
msrpc!_report_gsfailure+0x26
msrpc!_GSHandlerCheck+0x13
nt!RtlpExecuteHandlerForException+0xd
nt!RtlDispatchException+0x410
nt!KiDispatchException+0x16f
nt!KiExceptionDispatch+0xc2
nt!KiGeneralProtectionFault+0x10a
I checked what happens around the msrpc DLL and found this:
fffff880`0975e220 fffff880`0113ae34 msrpc!__PchSym_ <PERF> (msrpc+0x14e34)
fffff880`0975e228 fffff880`01133dc0 msrpc!NDR64_MEMSIZE_POINTER_QUEUE_ELEMENT::`vftable'+0x3b0
fffff880`0975e230 fffff880`01126000 msrpc!_security_check_cookie <PERF> (msrpc+0x0)
fffff880`0975e238 fffff880`0975f0f8
fffff880`0975e240 fffff880`0975e2e0
fffff880`0975e248 fffff800`032a7a90 nt!RtlDispatchException+0x410
fffff880`0975e250 fffff880`01133e6c msrpc!NDR64_MEMSIZE_POINTER_QUEUE_ELEMENT::`vftable'+0x45c
fffff880`0975e258 fffff880`0975e298
fffff880`0975e260 fffff880`0975f0f8
fffff880`0975e268 fffff880`01126000 msrpc!_security_check_cookie <PERF> (msrpc+0x0)
fffff880`0975e270 00000000`00000001
fffff880`0975e278 00000000`00000000
fffff880`0975e280 00000000`00000000
fffff880`0975e288 fffffa80`061aa568
fffff880`0975e290 fffff880`0975f620
fffff880`0975e298 fffff880`01126000 msrpc!_security_check_cookie <PERF> (msrpc+0x0)
1: kd> dqs
fffff880`0975e2a0 fffff880`01133e6c msrpc!NDR64_MEMSIZE_POINTER_QUEUE_ELEMENT::`vftable'+0x45c
fffff880`0975e2a8 fffff880`0975e800
fffff880`0975e2b0 00000000`00000000
fffff880`0975e2b8 fffff880`0113ad14 msrpc!__PchSym_ <PERF> (msrpc+0x14d14)
fffff880`0975e2c0 fffff880`09760000
fffff880`0975e2c8 fffff880`0975a000
fffff880`0975e2d0 00000000`00000000
fffff880`0975e2d8 fffff800`035896df nt!RtlpCopyEffectiveAce+0x1af
fffff880`0975e2e0 fffff880`0114b05d msrpc!LRPC_BASE_BINDING_HANDLE::BaseBindingCopy+0x15d
fffff880`0975e2e8 fffff880`01126000 msrpc!_security_check_cookie <PERF> (msrpc+0x0)
fffff880`0975e2f0 fffff880`0113ad14 msrpc!__PchSym_ <PERF> (msrpc+0x14d14)
fffff880`0975e2f8 fffff880`0975f620
fffff880`0975e300 00000000`00000000
fffff880`0975e308 fffff880`0975e330
fffff880`0975e310 fffff880`011276a4 msrpc!_GSHandlerCheck
fffff880`0975e318 fffff880`01133e6c msrpc!NDR64_MEMSIZE_POINTER_QUEUE_ELEMENT::`vftable'+0x45c
fffff880`0975e3e0 00000000`00000000
fffff880`0975e3e8 fffff800`03281992 nt!KiCommitThreadWait+0x1d2
fffff880`0975e3f0 fffff880`0975e800
fffff880`0975e428 fffff880`0114b37b msrpc!LRPC_FAST_BINDING_HANDLE::BindingCopy+0x8b
fffff880`0975e430 fffff880`01100470*** WARNING: Unable to verify timestamp for mfehidk.sys
*** ERROR: Module load completed but symbols could not be loaded for mfehidk.sys
mfehidk+0x59470
fffff880`0975e438 fffff880`01100460 mfehidk +0x59460
Image path: \SystemRoot\system32\drivers\mfehidk.sys
Image name: mfehidk.sys
Timestamp: Wed Oct 06 21:55:49 2010
This is a McAfee driver. So update McAfee, too.
André"A programmer is just a tool which converts caffeine into code" CLIP- Stellvertreter http://www.winvistaside.de/
January 30th, 2011 8:40am