OS system headaches...

I have Windows XP. I've been experiencing blue screen crashes and I would appreciate some insight into these and other occurrences. I looked at my event viewer and recorded the following:

Event Viewer – System
Source: MRxSmb
Category: None
Event ID: 3032
Numerous– all day occurrence

Source: Disk
Category: None
Event ID: 51
Numerous- all day occurrence

Source: Service Control Manager
Category: None
Event ID: 7023

Save Dump – 08/01 at 9:25 pm
Event ID: 1001
The computer rebooted from a bugchecker. The bugcheck was: 0x10000007e,0xc0000005, 0xf84e6326, 0xf8b07b70, 0xf8b0786c}

Save Dump – 08/01 at 7:13 pm
Event ID: 1001
The computer rebooted from a bugchecker. The bugcheck was:
0x000000c2{0x000000cd4, 0x320f000,0xe3fe7aa0}

Source: Disk – 08/01 at 7:41 pm
Event ID: 51
An error was detected on device\Device\Harddisk1\D during a paging operation.

Event Viewer – Security
Category: Policy Change
ID: 615

User: NT AUTHORITY\NETWORK SERVICE

"IPSec Services: IPSec Services has experienced critical failure and has shut down with error code: The network connection was aborted by the local system.
Stopped IPSec can be potential security hazard to the machine. Please contact your machine administrator to re-start the service".
----------

To make matter worse for myself, I updated to Services pack 3 serveral days ago. Wish I'd put it off a little longer. And I have MS Installer windows that opens during startup that's driving me CRAZY. But, I’ve experienced no other blue screen crashes since 08/01. The chkdsk utility has run on more than one occasion, but the NO other crashes since it last run on 08/01 which was the last time the chkdsk utility opened on its own. I've also scanned my system over the weekend with SpyBot, SuperAntiSpyware, Malwarebytes, combofix, etc. I’ve been googling some of these event codes. I know these are serious, but I don’t know what to do about them. Any help would be appreciated.

 

From the little bit of research I just did, it seems to be primarily an issue with your network adapter, and/or the way it handles data. If you have a PCI ethernet card you can install temporarily (disable the ethernet adapter you're using now whether it's a card or on board) try it and see if the problems persist. I'd also run a full diagnostic on your hard drive. You can download the free tools from your hard drive maker's web site. The following error has me a bit worried about the hard drive:

 

Sorry for the slow response, but I've been researching my computer problems. I not savvy enough to explore the PCI ethernet card option. I've been looking into the system messages in event viewer. But, after yet another blue screen crash (the first in about a week), I was able to write down the error codes as well as copy the codes in event viewer. Here's what I recorded:


IRQL_NOT_LESS_OR_EQUAL

Stop: 0x0000000A (Ox83448E8G, 0x00000002, 0x0000000, ox804FDDFF)

If problem persists, consider Disable BIOS memory options such as caching or shadowing.


Here's the information for the event viewer (System):

The computer has rebooted from a bugcheck. The bugcheck was: 0x000000c2 (0x00000007, 0x00000cd4, 0x06000004, 0xe5e39800). A dump was saved in: C:\WINDOWS\Minidump\Mini080908-02.dmp.


Hope this help you. Looking for solution.

 

Sorry for the slow reply, but I've been researching the messages in my event viewer. But since your last past, I experienced a blue screen crash (my first in about week). Here's the message error codes:

IRQL_NOT_LESS_OR_EQUAL

Stop: 0x0000000A (0x83448E8G, 0x00000002, 0x0000000, 0x804FDDFF)

Here's the message of the save dump from the crash recorded in event viewer (system):

The computer has rebooted from a bugcheck. The bugcheck was: 0x000000c2 (0x00000007, 0x00000cd4, 0x06000004, 0xe5e39800). A dump was saved in: C:\WINDOWS\Minidump\Mini080908-02.dmp.


Hope this sheds new light on my dilemmas.

 

Debug those memory dumps.

http://forums.majorgeeks.com/showthread.php?t=35246

 

I managed to run the Microsoft Debugging Tools, but I need some help to decipher what I'm dealing with:

Microsoft (R) Windows Debugger Version 6.9.0003.113 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini080908-04.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft./com.download/symbols
Executable search path is:
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 3) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055b1c0
Debug session time: Sat Aug 9 21:40:04.593 2008 (GMT-4)
System Uptime: 0 days 0:16:01.167
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Loading Kernel Symbols
.............................................................................................................................................
Loading User Symbols
Loading unloaded module list
..........
Unable to load image Ntfs.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for Ntfs.sys
*** ERROR: Module load completed but symbols could not be loaded for Ntfs.sys
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000007F, {8, 80042000, 0, 0}

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

*** WARNING: Unable to verify timestamp for cavasm.sys
*** ERROR: Module load completed but symbols could not be loaded for cavasm.sys
*** WARNING: Unable to verify timestamp for fltmgr.sys
*** ERROR: Module load completed but symbols could not be loaded for fltmgr.sys
*** WARNING: Unable to verify timestamp for cmdguard.sys
*** ERROR: Module load completed but symbols could not be loaded for cmdguard.sys
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
Probably caused by : cavasm.sys ( cavasm+7941 )

Followup: MachineOwner
---------
kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

UNEXPECTED_KERNEL_MODE_TRAP_M (1000007f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault). The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
use .trap on that value
Else
.trap on the appropriate frame will show where the trap was taken
(on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 00000008, EXCEPTION_DOUBLE_FAULT
Arg2: 80042000
Arg3: 00000000
Arg4: 00000000

Debugging Details:
------------------

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************

MODULE_NAME: cavasm

FAULTING_MODULE: 804d7000 nt

DEBUG_FLR_IMAGE_TIMESTAMP: 46264bc2

BUGCHECK_STR: 0x7f_8

CUSTOMER_CRASH_COUNT: 4

DEFAULT_BUCKET_ID: WRONG_SYMBOLS

LAST_CONTROL_TRANSFER: from f851da48 to 804e245e

STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
edf1c030 f851da48 83235b28 00000001 00000000 nt+0xb45e
edf1c070 f851db3b 83235ae8 00000001 00000000 Ntfs+0xa48
edf1c17c f853e8d2 edf1c7a4 83235a50 00000001 Ntfs+0xb3b
edf1c1c0 f853e02e edf1c7a4 83235a50 00000001 Ntfs+0x218d2
edf1c330 f85483f9 edf1c7a4 83235a50 82f6d4b8 Ntfs+0x2102e
edf1c4ac f8548225 edf1c7a4 e1bcac58 00000018 Ntfs+0x2b3f9
edf1c57c f8548a1e edf1c7a4 e1bcac58 00000000 Ntfs+0x2b225
edf1c788 f8542d4d edf1c7a4 82faf860 83236e88 Ntfs+0x2ba1e
edf1c900 804e37f7 83236520 82faf860 833b0790 Ntfs+0x25d4d
edf1c920 804e37f7 83236dd0 82faf860 833d3c50 nt+0xc7f7
edf1c938 f85c8941 83227ad8 82faf860 833b0580 nt+0xc7f7
edf1c94c 804e37f7 83227ad8 82faf860 833d3c50 cavasm+0x7941
edf1c964 f85c8941 83227778 82faf860 833b0580 nt+0xc7f7
edf1c978 804e37f7 83227778 82faf860 82faf860 cavasm+0x7941
edf1c9ac f860506b edf1c9cc 82d78c58 00000000 nt+0xc7f7
edf1c9e4 804e37f7 82d78c58 82faf860 82faf860 fltmgr+0x406b
edf1ca28 80567697 833ca7c0 82d78c58 00100001 nt+0xc7f7
edf1ca58 8056783f 833ca7c0 00000001 833ed040 nt+0x90697
edf1ca80 805678b0 e1000d38 82f1e220 00003840 nt+0x9083f
edf1cac8 805678fa 00003840 00000000 00000000 nt+0x908b0
edf1cadc 804de7ec 80003840 edf1cb8c 804dc8c1 nt+0x908fa
edf1cae8 804dc8c1 badb0d00 edf1cb60 833fca34 nt+0x77ec
edf1cb8c f85c6275 00000002 edf1cba4 f85c6749 nt+0x58c1
edf1cb98 f85c6749 00000001 edf1e34c f85c6a71 cavasm+0x5275
edf1cba4 f85c6a71 8301d608 f85c1e47 f85d5204 cavasm+0x5749
edf1e34c f85c99ec f85d41c8 83227ad8 e4118a86 cavasm+0x5a71
edf1e3bc f85c9e01 833d3c50 82eebed0 edf1e434 cavasm+0x89ec
edf1e3d8 f85ca9d5 82f94c80 82eebed0 82f37320 cavasm+0x8e01
edf1e440 f85cabd3 83227ad8 82f94c80 833b0580 cavasm+0x99d5
edf1e474 804e37f7 83227ad8 82f94c80 833b0580 cavasm+0x9bd3
edf1e48c f85cab98 83227778 82f94c80 82f94c90 nt+0xc7f7
edf1e4bc 804e37f7 83227778 82f94c80 82f94c80 cavasm+0x9b98
edf1e5ac 80563fec 833a6e30 00000000 827922f8 nt+0xc7f7
edf1e634 805684da 00000000 edf1e674 00000240 nt+0x8cfec
edf1e688 8056cbeb 00000000 00000000 00000000 nt+0x914da
edf1e704 80579c80 edf1e7c4 80000000 edf1e79c nt+0x95beb
edf1e74c f8617ac5 edf1e7c4 80000000 edf1e79c nt+0xa2c80
edf1e7c8 f861808a 00000000 82f860e0 edf1e7f4 fltmgr+0x16ac5
edf1e7d8 f8615c79 82f860e0 00000000 82f860e0 fltmgr+0x1708a
edf1e7f4 f861818e 82f860e0 00000000 82f860e0 fltmgr+0x14c79
edf1e810 f861876b 82f860e0 00000000 000000fe fltmgr+0x1718e
edf1e828 f86162a2 82f860e0 00000000 82f860e0 fltmgr+0x1776b
edf1e840 f8616365 80552000 82f860e0 edf1e87c fltmgr+0x152a2
edf1e850 f8606e0a 82f860e0 82ef8d1c 00000000 fltmgr+0x15365
edf1e87c f8607366 82f860e0 82d86bc0 82dc5b00 fltmgr+0x5e0a
edf1e8a4 eeae521c 00ef8d1c 00000101 edf1e8d8 fltmgr+0x6366
edf1e8f4 eead84d2 82d86bc0 edf1e924 edf1e964 cmdguard+0xd21c
edf1e904 f8602888 82ef8d1c edf1e924 edf1e954 cmdguard+0x4d2
edf1e964 f86042a0 00f1e9a8 82ef8cc0 82fedc44 fltmgr+0x1888
edf1e978 f8611217 edf1e9a8 f860f6aa 00000000 fltmgr+0x32a0
edf1e990 f8611742 edf1e9a8 831064b8 82fedaa0 fltmgr+0x10217
edf1e9c4 804e37f7 82d78c58 82feda90 82feda90 fltmgr+0x10742
edf1eab4 80577b38 82d78c58 00000000 82f4b7e0 nt+0xc7f7
edf1eaec 805686f5 830459e8 00000000 82f4b7e0 nt+0xa0b38
edf1eb74 805684da 000002c0 edf1ebb4 00000040 nt+0x916f5
edf1ebc8 8056cbeb 00000000 00000000 3c478001 nt+0x914da
edf1ec44 8056ccba 0368b6b4 00000080 0368b6c0 nt+0x95beb
edf1eca0 8056cd82 0368b6b4 00000080 0368b6c0 nt+0x95cba
edf1ece0 eeadaaff 0368b6b4 00000080 0368b6c0 nt+0x95d82
edf1ed44 804de7ec 0368b6b4 00000080 0368b6c0 cmdguard+0x2aff
edf1ed64 7c90e4f4 badb0d00 0368b5cc 00720054 nt+0x77ec
edf1ed68 badb0d00 0368b5cc 00720054 00730061 0x7c90e4f4
edf1ed6c 0368b5cc 00720054 00730061 00000000 0xbadb0d00
edf1ed70 00720054 00730061 00000000 00000000 0x368b5cc
edf1ed74 00730061 00000000 00000000 00000000 0x720054
edf1ed78 00000000 00000000 00000000 00000000 0x730061


STACK_COMMAND: kb

FOLLOWUP_IP:
cavasm+7941
f85c8941 ?? ???

SYMBOL_STACK_INDEX: b

SYMBOL_NAME: cavasm+7941

FOLLOWUP_NAME: MachineOwner

IMAGE_NAME: cavasm.sys

BUCKET_ID: WRONG_SYMBOLS

Followup: MachineOwner
---------

 

Hmmm, quite a few symbols errors. The symbols server might be down, being how I am not able to get to it.

Either way, its pointing to Comodo as the culprit. handle how you see fit, but I would start by removing it and seeing if stability returns.