Lee W, MVP
asked on
Analyzing Crash Dumps
I have usually relied on the STOP error and a google search to determine the cause of a crash... but I know I can open the .dmp file generated and examine that for probably more thorough information. Can anyone tell me what software will open this file? I have access to TechNet and MSDN, so I think I should be able to get my hands on the appropriate tool... I just don't know what that tool is, so I guess that's the question - what's the tool??
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
leew:
Well I can say the problem you seem to be having is most likly steming from bad drivers. But could absolutly be a problem with the RAM. Be sure to double check you video drivers as well.
As far as I know "Unloaded modules" are drivers which were not loaded/intitialized. This could be the problem as well. Looking over it, it has a few audio entries. Reinstalling audio drivers might be in order as well.
Hope this is of help. As always, if you have any questions, feel free to ask.
Regards,
Jay
Well I can say the problem you seem to be having is most likly steming from bad drivers. But could absolutly be a problem with the RAM. Be sure to double check you video drivers as well.
As far as I know "Unloaded modules" are drivers which were not loaded/intitialized. This could be the problem as well. Looking over it, it has a few audio entries. Reinstalling audio drivers might be in order as well.
Hope this is of help. As always, if you have any questions, feel free to ask.
Regards,
Jay
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Fascinating... using dumpchk, I got the stop error code and parameters as follows:
Bugcheck code 000000D1
Arguments 00000003 00000002 00000000 f2112917
(I believe that was also displayed shortly after executing kd). I then looked up the memory address of f2112917, which, if I understand this all correctly, falls in between f2110000 [and] f211e2c0 [which happens to be] mvstdi5x mvstdi5x.sys Thu Sep 02 15:18:40 2004 (41377210), which, when I look it up, is the McAfee Enterprise 8 Mini-Firewall. SOOOOOO, if I'm interpreting this correctly, something is creating a problem with mvstdi5x.sys OR there is a problem with mvstdi5x.sys. My first attempt to fix this problem should probably be checking for updates to McAfee Enterprise 8. Am I right?
Opened log file 'c:\debuglog100205-01.txt'
1: kd> .sympath srv*c:\symbols*http://msdl.microsoft.com/download/symbols
Symbol search path is: srv*c:\symbols*http://msdl.microsoft.com/download/symbols
1: kd> .reload;!analyze -v;r;kv;lmnt;.logclose;q
Unable to load image ntoskrnl.exe, Win32 error 2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Loading Kernel Symbols
.......................... .......... .......... .......... .......... .......... .......... .......... ......
Loading unloaded module list
........
Loading User Symbols
No export analyze found
eax=82af513c ebx=0000000a ecx=00000000 edx=40000000 esi=f2112917 edi=00000003
eip=8046b12c esp=f24238d0 ebp=f24238e4 iopl=0 nv up ei ng nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000286
nt+0x6b12c:
8046b12c ?? ???
ChildEBP RetAddr Args to Child
WARNING: Stack unwind information not available. Following frames may be wrong.
f24238cc 00000000 00000003 00000002 00000000 nt+0x6b12c
start end module name
80062000 80078e00 hal hal.dll Thu Mar 20 21:04:11 2003 (3E7A731B)
80400000 805a2840 nt ntoskrnl.exe Fri May 06 07:44:59 2005 (427B58BB)
a0000000 a0001000 win32k win32k.sys unavailable (00000000)
a018f000 a0190000 atidrab atidrab.dll unavailable (00000000)
a07e0000 a07e1000 RDPDD RDPDD.dll unavailable (00000000)
bdc12000 bdc27f20 RDPWD RDPWD.SYS Fri Jun 17 02:41:40 2005 (42B270A4)
bdce3000 bdce5100 EntDrv50 EntDrv50.sys Wed Jul 28 03:16:11 2004 (410752BB)
bdcf7000 bdd116e0 naiavf5x naiavf5x.sys Fri Aug 20 07:42:57 2004 (4125E3C1)
be3df000 be3e1f20 spud spud.sys Fri Nov 19 18:36:27 1999 (3835DEFB)
be71b000 be72aa20 ipsec ipsec.sys Tue Apr 29 19:04:59 2003 (3EAF051B)
be773000 be795ac0 Fastfat Fastfat.SYS Thu Dec 02 22:33:50 2004 (41AFDE9E)
be7e6000 be7f6600 ipnat ipnat.sys Wed Aug 11 19:42:38 2004 (411AAEEE)
be91f000 be92e600 Cdfs Cdfs.SYS Fri Apr 01 20:23:36 2005 (424DF418)
be98f000 be997a60 termdd termdd.sys Fri Mar 21 16:43:08 2003 (3E7B876C)
beb3f000 beb64920 sfmsrv sfmsrv.sys Mon Sep 09 20:17:41 2002 (3D7D3A25)
bedbd000 bedc5560 ipfltdrv ipfltdrv.sys Sat Oct 30 18:35:58 1999 (381B72CE)
bedcd000 bedd5240 Fips Fips.SYS Tue May 09 11:28:29 2000 (39182E9D)
bee5d000 bee97440 srv srv.sys Tue May 03 04:10:42 2005 (42773202)
bef10000 bef21f80 wdmaud wdmaud.sys Wed Apr 16 00:23:02 2003 (3E9CDAA6)
bf012000 bf031140 afd afd.sys Mon Apr 11 17:31:21 2005 (425AECA9)
bf032000 bf0562a0 sfmatalk sfmatalk.sys Fri Aug 16 08:28:12 2002 (3D5CEFDC)
bf091000 bf0c4040 exifs exifs.sys Tue Jun 18 02:13:17 2002 (3D0ECF7D)
bf17d000 bf1888c0 sysaudio sysaudio.sys Wed Apr 16 00:21:44 2003 (3E9CDA58)
bfa05000 bfa1a180 dump_atapi dump_atapi.sys Tue Apr 01 13:08:25 2003 (3E89D599)
bfa43000 bfaaca40 mrxsmb mrxsmb.sys Fri Apr 01 20:23:32 2005 (424DF414)
bfabf000 bfaebac0 rdbss rdbss.sys Mon Apr 11 17:31:22 2005 (425AECAA)
bfaec000 bfb13000 vmm vmm.sys Fri Oct 01 18:32:54 2004 (415DDB16)
bfb13000 bfb3dd00 netbt netbt.sys Fri Apr 01 20:23:24 2005 (424DF40C)
bfb3e000 bfb8c1a0 tcpip tcpip.sys Thu May 12 06:24:58 2005 (42832EFA)
bfcf5000 bfd1f3a0 update update.sys Wed Apr 16 00:22:01 2003 (3E9CDA69)
bfd32000 bfd55060 rdpdr rdpdr.sys Fri Mar 21 16:43:14 2003 (3E7B8772)
bfd56000 bfd7b200 n100nt5 n100nt5.sys Mon Jun 13 17:11:39 2005 (42ADF68B)
bfd7c000 bfda5680 smc9452m smc9452m.sys Thu May 15 06:33:43 2003 (3EC36D07)
bfda6000 bfdc5d00 KS KS.SYS Wed Dec 04 12:09:38 2002 (3DEE36D2)
bfdc6000 bfdea1e0 portcls portcls.sys Wed Apr 16 00:11:22 2003 (3E9CD7EA)
bfdeb000 bfe0c160 ctlsb16 ctlsb16.sys Sat Oct 23 16:09:27 1999 (381215F7)
bfe0d000 bfe1e6c0 atimpab atimpab.sys Wed Nov 10 18:34:06 1999 (382A00EE)
bfe1f000 bfe35ba0 ndiswan ndiswan.sys Tue Apr 29 19:05:01 2003 (3EAF051D)
bfe7e000 bfe93be0 Mup Mup.sys Thu Dec 02 22:37:23 2004 (41AFDF73)
bfe94000 bfebdaa0 NDIS NDIS.sys Tue Apr 29 19:05:01 2003 (3EAF051D)
bfebe000 bff3b480 Ntfs Ntfs.sys Tue May 10 05:20:29 2005 (42807CDD)
bff3c000 bff4d7c0 KSecDD KSecDD.sys Sat Sep 20 20:32:19 2003 (3F6CF193)
bff4e000 bff601c0 Dfs Dfs.sys Tue Feb 11 21:19:06 2003 (3E49AF1A)
bff61000 bff62000 fltmgr fltmgr.sys unavailable (00000000)
bff83000 bff95180 SCSIPORT SCSIPORT.SYS Thu Dec 30 00:53:36 2004 (41D397E0)
bff96000 bffaa940 adpu160m adpu160m.sys Wed Feb 21 20:07:15 2001 (3A946643)
bffab000 bffc0180 atapi atapi.sys Tue Apr 01 13:08:25 2003 (3E89D599)
bffc1000 bffe29c0 dmio dmio.sys Wed Jan 15 14:47:04 2003 (3E25BAB8)
bffe3000 bffff5a0 ftdisk ftdisk.sys Thu Dec 02 22:29:58 2004 (41AFDDB6)
f2000000 f200e6a0 pci pci.sys Wed Jan 15 14:44:07 2003 (3E25BA07)
f2010000 f201b680 isapnp isapnp.sys Wed Jan 15 14:43:47 2003 (3E25B9F3)
f2020000 f2028700 CLASSPNP CLASSPNP.SYS Wed Jan 15 14:42:51 2003 (3E25B9BB)
f2050000 f205e000 VMNetSrv VMNetSrv.sys Mon Jun 14 21:18:09 2004 (40CE4E51)
f2060000 f206ca80 rasl2tp rasl2tp.sys Tue Apr 29 19:05:06 2003 (3EAF0522)
f2070000 f207bc40 raspptp raspptp.sys Wed May 14 19:47:00 2003 (3EC2D574)
f2080000 f208ea20 parallel parallel.sys Wed Jan 15 14:47:14 2003 (3E25BAC2)
f2090000 f209c4c0 VIDEOPRT VIDEOPRT.SYS Wed Jan 15 14:47:20 2003 (3E25BAC8)
f20a0000 f20ab680 i8042prt i8042prt.sys Wed Apr 16 00:00:59 2003 (3E9CD57B)
f20b0000 f20b9ce0 NDProxy NDProxy.SYS Thu Sep 30 19:25:35 1999 (37F3F16F)
f20d0000 f20d9be0 usbhub usbhub.sys Tue Mar 18 18:30:41 2003 (3E77AC21)
f20f0000 f20f8fa0 Npfs Npfs.SYS Sat Oct 09 19:58:07 1999 (37FFD68F)
f2100000 f2108680 msgpc msgpc.sys Wed Jan 15 14:54:25 2003 (3E25BC71)
f2110000 f211e2c0 mvstdi5x mvstdi5x.sys Thu Sep 02 15:18:40 2004 (41377210)
f2120000 f21281a0 netbios netbios.sys Tue Oct 12 15:34:19 1999 (38038D3B)
f2280000 f2285520 PCIIDEX PCIIDEX.SYS Tue Feb 25 13:31:08 2003 (3E5BB66C)
f2288000 f228f5a0 MountMgr MountMgr.sys Thu Dec 02 22:33:01 2004 (41AFDE6D)
f2290000 f2296760 ultra ultra.sys Wed Oct 09 12:29:50 2002 (3DA4597E)
f2298000 f229f720 disk disk.sys Wed Jan 15 14:43:05 2003 (3E25B9C9)
f22a0000 f22a5100 agp440 agp440.sys Wed Jan 15 14:47:07 2003 (3E25BABB)
f22c8000 f22cc400 ptilink ptilink.sys Wed Jan 15 14:47:15 2003 (3E25BAC3)
f22d8000 f22dc0e0 raspti raspti.sys Fri Oct 08 16:45:10 1999 (37FE57D6)
f2308000 f230ec40 cdrom cdrom.sys Wed Jan 15 14:43:04 2003 (3E25B9C8)
f2310000 f2317f40 uhcd uhcd.sys Wed Jan 15 14:45:50 2003 (3E25BA6E)
f2328000 f232cfc0 USBD USBD.SYS Wed Jan 22 12:05:33 2003 (3E2ECF5D)
f2340000 f2345ec0 kbdclass kbdclass.sys Thu Feb 20 11:37:30 2003 (3E55044A)
f2350000 f2356100 parport parport.sys Wed Jan 15 14:47:13 2003 (3E25BAC1)
f2360000 f2361000 fdc fdc.sys unavailable (00000000)
f2370000 f2375400 mouclass mouclass.sys Thu Feb 20 11:37:45 2003 (3E550459)
f2380000 f2386a20 EFS EFS.SYS Wed Jan 15 14:46:55 2003 (3E25BAAF)
f2398000 f239ca60 flpydisk flpydisk.sys Wed Jan 15 14:42:52 2003 (3E25B9BC)
f23b8000 f23bd240 Msfs Msfs.SYS Tue Oct 26 19:21:32 1999 (3816377C)
f23c8000 f23cc8c0 TDTCP TDTCP.SYS Fri Mar 21 16:43:08 2003 (3E7B876C)
f23d8000 f23dfd00 wanarp wanarp.sys Fri Aug 16 08:25:01 2002 (3D5CEF1D)
f2410000 f2412a20 BOOTVID BOOTVID.dll Wed Nov 03 20:24:33 1999 (3820E051)
f2414000 f2416d00 PartMgr PartMgr.sys Wed Jan 15 14:43:07 2003 (3E25B9CB)
f2494000 f24962e0 ndistapi ndistapi.sys Wed Jan 15 14:54:15 2003 (3E25BC67)
f24a0000 f24a3e60 TDI TDI.SYS Wed Jan 15 14:56:26 2003 (3E25BCEA)
f24ac000 f24ae540 gameenum gameenum.sys Wed Jan 15 14:45:32 2003 (3E25BA5C)
f24f8000 f24fb580 vga vga.sys Sat Sep 25 14:37:40 1999 (37ED1674)
f2500000 f2501100 intelide intelide.sys Wed Feb 19 12:19:09 2003 (3E53BC8D)
f2502000 f2503d20 Diskperf Diskperf.sys Wed Feb 12 16:34:38 2003 (3E4ABDEE)
f2504000 f2505000 dmload dmload.sys unavailable (00000000)
f2506000 f25077e0 cmdide cmdide.sys Wed Dec 22 16:54:17 1999 (38614889)
f2516000 f2517ca0 Fs_Rec Fs_Rec.SYS Wed Jan 15 14:53:30 2003 (3E25BC3A)
f251e000 f251fe40 rasacd rasacd.sys Sat Sep 25 14:41:23 1999 (37ED1753)
f25ac000 f25ad000 ParVdm ParVdm.SYS unavailable (00000000)
f25c8000 f25c8f80 WMILIB WMILIB.SYS Sat Sep 25 14:36:47 1999 (37ED163F)
f25d5000 f25d5a40 audstub audstub.sys Sat Sep 25 14:35:33 1999 (37ED15F5)
f25eb000 f25ec000 swenum swenum.sys Wed Dec 04 12:10:07 2002 (3DEE36EF)
f25fd000 f25fe000 Null Null.SYS unavailable (00000000)
f25ff000 f25ffee0 Beep Beep.SYS Wed Oct 20 18:18:59 1999 (380E3FD3)
f2602000 f2602f80 mnmdd mnmdd.SYS Sat Sep 25 14:37:40 1999 (37ED1674)
f2632000 f2632f80 dump_WMILIB dump_WMILIB.SYS Sat Sep 25 14:36:47 1999 (37ED163F)
Unloaded modules:
bdc82000 bdca7000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
beec3000 beee8000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
bf15d000 bf16a000 DMusic.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
bf16d000 bf17b000 swmidi.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
bf19d000 bf1ad000 Serial.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
f2130000 f2139000 redbook.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f23a8000 f23ad000 Cdaudio.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
f24f0000 f24f3000 Sfloppy.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
Closing open log file c:\debuglog100205-01.txt
Bugcheck code 000000D1
Arguments 00000003 00000002 00000000 f2112917
(I believe that was also displayed shortly after executing kd). I then looked up the memory address of f2112917, which, if I understand this all correctly, falls in between f2110000 [and] f211e2c0 [which happens to be] mvstdi5x mvstdi5x.sys Thu Sep 02 15:18:40 2004 (41377210), which, when I look it up, is the McAfee Enterprise 8 Mini-Firewall. SOOOOOO, if I'm interpreting this correctly, something is creating a problem with mvstdi5x.sys OR there is a problem with mvstdi5x.sys. My first attempt to fix this problem should probably be checking for updates to McAfee Enterprise 8. Am I right?
Opened log file 'c:\debuglog100205-01.txt'
1: kd> .sympath srv*c:\symbols*http://msdl.microsoft.com/download/symbols
Symbol search path is: srv*c:\symbols*http://msdl.microsoft.com/download/symbols
1: kd> .reload;!analyze -v;r;kv;lmnt;.logclose;q
Unable to load image ntoskrnl.exe, Win32 error 2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Loading Kernel Symbols
..........................
Loading unloaded module list
........
Loading User Symbols
No export analyze found
eax=82af513c ebx=0000000a ecx=00000000 edx=40000000 esi=f2112917 edi=00000003
eip=8046b12c esp=f24238d0 ebp=f24238e4 iopl=0 nv up ei ng nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000286
nt+0x6b12c:
8046b12c ?? ???
ChildEBP RetAddr Args to Child
WARNING: Stack unwind information not available. Following frames may be wrong.
f24238cc 00000000 00000003 00000002 00000000 nt+0x6b12c
start end module name
80062000 80078e00 hal hal.dll Thu Mar 20 21:04:11 2003 (3E7A731B)
80400000 805a2840 nt ntoskrnl.exe Fri May 06 07:44:59 2005 (427B58BB)
a0000000 a0001000 win32k win32k.sys unavailable (00000000)
a018f000 a0190000 atidrab atidrab.dll unavailable (00000000)
a07e0000 a07e1000 RDPDD RDPDD.dll unavailable (00000000)
bdc12000 bdc27f20 RDPWD RDPWD.SYS Fri Jun 17 02:41:40 2005 (42B270A4)
bdce3000 bdce5100 EntDrv50 EntDrv50.sys Wed Jul 28 03:16:11 2004 (410752BB)
bdcf7000 bdd116e0 naiavf5x naiavf5x.sys Fri Aug 20 07:42:57 2004 (4125E3C1)
be3df000 be3e1f20 spud spud.sys Fri Nov 19 18:36:27 1999 (3835DEFB)
be71b000 be72aa20 ipsec ipsec.sys Tue Apr 29 19:04:59 2003 (3EAF051B)
be773000 be795ac0 Fastfat Fastfat.SYS Thu Dec 02 22:33:50 2004 (41AFDE9E)
be7e6000 be7f6600 ipnat ipnat.sys Wed Aug 11 19:42:38 2004 (411AAEEE)
be91f000 be92e600 Cdfs Cdfs.SYS Fri Apr 01 20:23:36 2005 (424DF418)
be98f000 be997a60 termdd termdd.sys Fri Mar 21 16:43:08 2003 (3E7B876C)
beb3f000 beb64920 sfmsrv sfmsrv.sys Mon Sep 09 20:17:41 2002 (3D7D3A25)
bedbd000 bedc5560 ipfltdrv ipfltdrv.sys Sat Oct 30 18:35:58 1999 (381B72CE)
bedcd000 bedd5240 Fips Fips.SYS Tue May 09 11:28:29 2000 (39182E9D)
bee5d000 bee97440 srv srv.sys Tue May 03 04:10:42 2005 (42773202)
bef10000 bef21f80 wdmaud wdmaud.sys Wed Apr 16 00:23:02 2003 (3E9CDAA6)
bf012000 bf031140 afd afd.sys Mon Apr 11 17:31:21 2005 (425AECA9)
bf032000 bf0562a0 sfmatalk sfmatalk.sys Fri Aug 16 08:28:12 2002 (3D5CEFDC)
bf091000 bf0c4040 exifs exifs.sys Tue Jun 18 02:13:17 2002 (3D0ECF7D)
bf17d000 bf1888c0 sysaudio sysaudio.sys Wed Apr 16 00:21:44 2003 (3E9CDA58)
bfa05000 bfa1a180 dump_atapi dump_atapi.sys Tue Apr 01 13:08:25 2003 (3E89D599)
bfa43000 bfaaca40 mrxsmb mrxsmb.sys Fri Apr 01 20:23:32 2005 (424DF414)
bfabf000 bfaebac0 rdbss rdbss.sys Mon Apr 11 17:31:22 2005 (425AECAA)
bfaec000 bfb13000 vmm vmm.sys Fri Oct 01 18:32:54 2004 (415DDB16)
bfb13000 bfb3dd00 netbt netbt.sys Fri Apr 01 20:23:24 2005 (424DF40C)
bfb3e000 bfb8c1a0 tcpip tcpip.sys Thu May 12 06:24:58 2005 (42832EFA)
bfcf5000 bfd1f3a0 update update.sys Wed Apr 16 00:22:01 2003 (3E9CDA69)
bfd32000 bfd55060 rdpdr rdpdr.sys Fri Mar 21 16:43:14 2003 (3E7B8772)
bfd56000 bfd7b200 n100nt5 n100nt5.sys Mon Jun 13 17:11:39 2005 (42ADF68B)
bfd7c000 bfda5680 smc9452m smc9452m.sys Thu May 15 06:33:43 2003 (3EC36D07)
bfda6000 bfdc5d00 KS KS.SYS Wed Dec 04 12:09:38 2002 (3DEE36D2)
bfdc6000 bfdea1e0 portcls portcls.sys Wed Apr 16 00:11:22 2003 (3E9CD7EA)
bfdeb000 bfe0c160 ctlsb16 ctlsb16.sys Sat Oct 23 16:09:27 1999 (381215F7)
bfe0d000 bfe1e6c0 atimpab atimpab.sys Wed Nov 10 18:34:06 1999 (382A00EE)
bfe1f000 bfe35ba0 ndiswan ndiswan.sys Tue Apr 29 19:05:01 2003 (3EAF051D)
bfe7e000 bfe93be0 Mup Mup.sys Thu Dec 02 22:37:23 2004 (41AFDF73)
bfe94000 bfebdaa0 NDIS NDIS.sys Tue Apr 29 19:05:01 2003 (3EAF051D)
bfebe000 bff3b480 Ntfs Ntfs.sys Tue May 10 05:20:29 2005 (42807CDD)
bff3c000 bff4d7c0 KSecDD KSecDD.sys Sat Sep 20 20:32:19 2003 (3F6CF193)
bff4e000 bff601c0 Dfs Dfs.sys Tue Feb 11 21:19:06 2003 (3E49AF1A)
bff61000 bff62000 fltmgr fltmgr.sys unavailable (00000000)
bff83000 bff95180 SCSIPORT SCSIPORT.SYS Thu Dec 30 00:53:36 2004 (41D397E0)
bff96000 bffaa940 adpu160m adpu160m.sys Wed Feb 21 20:07:15 2001 (3A946643)
bffab000 bffc0180 atapi atapi.sys Tue Apr 01 13:08:25 2003 (3E89D599)
bffc1000 bffe29c0 dmio dmio.sys Wed Jan 15 14:47:04 2003 (3E25BAB8)
bffe3000 bffff5a0 ftdisk ftdisk.sys Thu Dec 02 22:29:58 2004 (41AFDDB6)
f2000000 f200e6a0 pci pci.sys Wed Jan 15 14:44:07 2003 (3E25BA07)
f2010000 f201b680 isapnp isapnp.sys Wed Jan 15 14:43:47 2003 (3E25B9F3)
f2020000 f2028700 CLASSPNP CLASSPNP.SYS Wed Jan 15 14:42:51 2003 (3E25B9BB)
f2050000 f205e000 VMNetSrv VMNetSrv.sys Mon Jun 14 21:18:09 2004 (40CE4E51)
f2060000 f206ca80 rasl2tp rasl2tp.sys Tue Apr 29 19:05:06 2003 (3EAF0522)
f2070000 f207bc40 raspptp raspptp.sys Wed May 14 19:47:00 2003 (3EC2D574)
f2080000 f208ea20 parallel parallel.sys Wed Jan 15 14:47:14 2003 (3E25BAC2)
f2090000 f209c4c0 VIDEOPRT VIDEOPRT.SYS Wed Jan 15 14:47:20 2003 (3E25BAC8)
f20a0000 f20ab680 i8042prt i8042prt.sys Wed Apr 16 00:00:59 2003 (3E9CD57B)
f20b0000 f20b9ce0 NDProxy NDProxy.SYS Thu Sep 30 19:25:35 1999 (37F3F16F)
f20d0000 f20d9be0 usbhub usbhub.sys Tue Mar 18 18:30:41 2003 (3E77AC21)
f20f0000 f20f8fa0 Npfs Npfs.SYS Sat Oct 09 19:58:07 1999 (37FFD68F)
f2100000 f2108680 msgpc msgpc.sys Wed Jan 15 14:54:25 2003 (3E25BC71)
f2110000 f211e2c0 mvstdi5x mvstdi5x.sys Thu Sep 02 15:18:40 2004 (41377210)
f2120000 f21281a0 netbios netbios.sys Tue Oct 12 15:34:19 1999 (38038D3B)
f2280000 f2285520 PCIIDEX PCIIDEX.SYS Tue Feb 25 13:31:08 2003 (3E5BB66C)
f2288000 f228f5a0 MountMgr MountMgr.sys Thu Dec 02 22:33:01 2004 (41AFDE6D)
f2290000 f2296760 ultra ultra.sys Wed Oct 09 12:29:50 2002 (3DA4597E)
f2298000 f229f720 disk disk.sys Wed Jan 15 14:43:05 2003 (3E25B9C9)
f22a0000 f22a5100 agp440 agp440.sys Wed Jan 15 14:47:07 2003 (3E25BABB)
f22c8000 f22cc400 ptilink ptilink.sys Wed Jan 15 14:47:15 2003 (3E25BAC3)
f22d8000 f22dc0e0 raspti raspti.sys Fri Oct 08 16:45:10 1999 (37FE57D6)
f2308000 f230ec40 cdrom cdrom.sys Wed Jan 15 14:43:04 2003 (3E25B9C8)
f2310000 f2317f40 uhcd uhcd.sys Wed Jan 15 14:45:50 2003 (3E25BA6E)
f2328000 f232cfc0 USBD USBD.SYS Wed Jan 22 12:05:33 2003 (3E2ECF5D)
f2340000 f2345ec0 kbdclass kbdclass.sys Thu Feb 20 11:37:30 2003 (3E55044A)
f2350000 f2356100 parport parport.sys Wed Jan 15 14:47:13 2003 (3E25BAC1)
f2360000 f2361000 fdc fdc.sys unavailable (00000000)
f2370000 f2375400 mouclass mouclass.sys Thu Feb 20 11:37:45 2003 (3E550459)
f2380000 f2386a20 EFS EFS.SYS Wed Jan 15 14:46:55 2003 (3E25BAAF)
f2398000 f239ca60 flpydisk flpydisk.sys Wed Jan 15 14:42:52 2003 (3E25B9BC)
f23b8000 f23bd240 Msfs Msfs.SYS Tue Oct 26 19:21:32 1999 (3816377C)
f23c8000 f23cc8c0 TDTCP TDTCP.SYS Fri Mar 21 16:43:08 2003 (3E7B876C)
f23d8000 f23dfd00 wanarp wanarp.sys Fri Aug 16 08:25:01 2002 (3D5CEF1D)
f2410000 f2412a20 BOOTVID BOOTVID.dll Wed Nov 03 20:24:33 1999 (3820E051)
f2414000 f2416d00 PartMgr PartMgr.sys Wed Jan 15 14:43:07 2003 (3E25B9CB)
f2494000 f24962e0 ndistapi ndistapi.sys Wed Jan 15 14:54:15 2003 (3E25BC67)
f24a0000 f24a3e60 TDI TDI.SYS Wed Jan 15 14:56:26 2003 (3E25BCEA)
f24ac000 f24ae540 gameenum gameenum.sys Wed Jan 15 14:45:32 2003 (3E25BA5C)
f24f8000 f24fb580 vga vga.sys Sat Sep 25 14:37:40 1999 (37ED1674)
f2500000 f2501100 intelide intelide.sys Wed Feb 19 12:19:09 2003 (3E53BC8D)
f2502000 f2503d20 Diskperf Diskperf.sys Wed Feb 12 16:34:38 2003 (3E4ABDEE)
f2504000 f2505000 dmload dmload.sys unavailable (00000000)
f2506000 f25077e0 cmdide cmdide.sys Wed Dec 22 16:54:17 1999 (38614889)
f2516000 f2517ca0 Fs_Rec Fs_Rec.SYS Wed Jan 15 14:53:30 2003 (3E25BC3A)
f251e000 f251fe40 rasacd rasacd.sys Sat Sep 25 14:41:23 1999 (37ED1753)
f25ac000 f25ad000 ParVdm ParVdm.SYS unavailable (00000000)
f25c8000 f25c8f80 WMILIB WMILIB.SYS Sat Sep 25 14:36:47 1999 (37ED163F)
f25d5000 f25d5a40 audstub audstub.sys Sat Sep 25 14:35:33 1999 (37ED15F5)
f25eb000 f25ec000 swenum swenum.sys Wed Dec 04 12:10:07 2002 (3DEE36EF)
f25fd000 f25fe000 Null Null.SYS unavailable (00000000)
f25ff000 f25ffee0 Beep Beep.SYS Wed Oct 20 18:18:59 1999 (380E3FD3)
f2602000 f2602f80 mnmdd mnmdd.SYS Sat Sep 25 14:37:40 1999 (37ED1674)
f2632000 f2632f80 dump_WMILIB dump_WMILIB.SYS Sat Sep 25 14:36:47 1999 (37ED163F)
Unloaded modules:
bdc82000 bdca7000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
beec3000 beee8000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
bf15d000 bf16a000 DMusic.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
bf16d000 bf17b000 swmidi.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
bf19d000 bf1ad000 Serial.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
f2130000 f2139000 redbook.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f23a8000 f23ad000 Cdaudio.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
f24f0000 f24f3000 Sfloppy.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
Closing open log file c:\debuglog100205-01.txt
Hi Lee,
Your interpretation is correct but the problem may be hardware problem. You have to analyze 3 to 4 minidumps in order to confirm the culprit. If they all crashes with the same instruction address, it is unlikely it is hardware problem cos hardware problem occurs randomly.
Hope it can help you
cpc2004
Your interpretation is correct but the problem may be hardware problem. You have to analyze 3 to 4 minidumps in order to confirm the culprit. If they all crashes with the same instruction address, it is unlikely it is hardware problem cos hardware problem occurs randomly.
Hope it can help you
cpc2004
For example if it is overheat and cause instruction address alignment problem at f2112917 and it is not software error.
ASKER
Will do, thanks.
Thanks to both of you - this is pretty much just what I was looking for.
Thanks to both of you - this is pretty much just what I was looking for.
leew:
No problem.
Regards,
Jay
No problem.
Regards,
Jay
ASKER
I didn't want to go through all these files manually... so I wrote a script that SEEMS to be working for me. Would appreciate it if cpc2004 were to take a look at it - run it against some dumps he may have and confirm it's outputing good information. Suggestions are, of course, welcome.
Here's the script:
-------------------------- ----8<---- ------ analyze.cmd -------------------------- -
@echo off
Set DebuggerPath=C:\Program Files\Debugging Tools for Windows
Set SymbolsFolderPath=C:\Symbo ls
For /f "tokens=*" %%a in ('cd') do set curdir=%%a
if "%1" == "*" Goto AnalyzeAll
if "%1" == "" Goto Help
Goto ProcessDump
:Help
Echo %0 - Analyze one or more crash dumps
Echo.
echo USAGE:
echo.
echo %0 * ^| filename.dmp
echo.
echo * - Analyze ALL dmp files in the directory
echo filename.dmp - Analyze only this specific dump
echo.
echo This script will create a file in dmp file directory called %0.log
echo This file contains the Bug Check code and the debugger's opinion
echo of which file caused the crash.
echo.
Goto EOF
:AnalyzeAll
For /f "tokens=1" %%z in ('dir /a-d /b *.dmp') Do Call :ProcessDump %%z
Start Notepad "%curdir%\analyze.log"
Goto EOF
:ProcessDump
cd /d "%debuggerpath%"
if not exist kd.script (
echo .symfix>>kd.script
echo !analyze -v>>kd.script
echo q>>kd.script
) ELSE (
Echo %0: ***kd.script found - using existing file.***
)
kd -z %curdir%\%1 -logo %curdir%\%1.log -y srv*%symbolsfolderpath%*http://msdl.microsoft.com/download/symbols -v -cf kd.script"
For /f "Skip=2 tokens=*" %%a in ('find "BugCheck" %curdir%\%1.log') do Echo %1 Bug Check: %%a>>%curdir%\analyze.log
For /f "Skip=2 tokens=*" %%a in ('find /i "probably caused by" %curdir%\%1.log') do Echo %1 Probable Cause: %%a>>%curdir%\analyze.log
Echo.>>%curdir%\analyze.lo g
:EOF
cd /d %curdir%
If "%0" NEQ ":ProcessDump" If Exist "%curdir%\analyze.log" Start Notepad "%curdir%\analyze.log"
-------------------------- ----8<---- ------ analyze.cmd -------------------------- -
Now, using the script, I generated this "analyze.log" file - which seems to confirm my earlier suspicians as all of them seem to have the same basic info:
Mini081705-01.dmp Bug Check: BugCheck D1, {3, 2, 0, f2112917}
Mini081705-01.dmp Probable Cause: Probably caused by : mvstdi5x.sys ( mvstdi5x+2917 )
Mini082005-01.dmp Bug Check: BugCheck D1, {3, 2, 0, f2112917}
Mini082005-01.dmp Probable Cause: Probably caused by : mvstdi5x.sys ( mvstdi5x+2917 )
Mini082205-01.dmp Bug Check: BugCheck D1, {3, 2, 0, f2112917}
Mini082205-01.dmp Probable Cause: Probably caused by : mvstdi5x.sys ( mvstdi5x+2917 )
Mini082605-01.dmp Bug Check: BugCheck D1, {3, 2, 0, f2102917}
Mini082605-01.dmp Probable Cause: Probably caused by : mvstdi5x.sys ( mvstdi5x+2917 )
Mini082905-01.dmp Bug Check: BugCheck D1, {3, 2, 0, f2112917}
Mini082905-01.dmp Probable Cause: Probably caused by : mvstdi5x.sys ( mvstdi5x+2917 )
Mini090105-01.dmp Bug Check: BugCheck D1, {3, 2, 0, f2112917}
Mini090105-01.dmp Probable Cause: Probably caused by : mvstdi5x.sys ( mvstdi5x+2917 )
Mini090305-01.dmp Bug Check: BugCheck D1, {3, 2, 0, f2112917}
Mini090305-01.dmp Probable Cause: Probably caused by : mvstdi5x.sys ( mvstdi5x+2917 )
Mini090405-01.dmp Bug Check: BugCheck D1, {3, 2, 0, f2112917}
Mini090405-01.dmp Probable Cause: Probably caused by : mvstdi5x.sys ( mvstdi5x+2917 )
Mini090505-01.dmp Bug Check: BugCheck D1, {3, 2, 0, f2112917}
Mini090505-01.dmp Probable Cause: Probably caused by : mvstdi5x.sys ( mvstdi5x+2917 )
Mini091205-01.dmp Bug Check: BugCheck D1, {3, 2, 0, f2112917}
Mini091205-01.dmp Probable Cause: Probably caused by : mvstdi5x.sys ( mvstdi5x+2917 )
Mini091305-01.dmp Bug Check: BugCheck D1, {3, 2, 0, f2112917}
Mini091305-01.dmp Probable Cause: Probably caused by : mvstdi5x.sys ( mvstdi5x+2917 )
Mini091405-01.dmp Bug Check: BugCheck D1, {3, 2, 0, f2112917}
Mini091405-01.dmp Probable Cause: Probably caused by : mvstdi5x.sys ( mvstdi5x+2917 )
Mini092005-01.dmp Bug Check: BugCheck D1, {3, 2, 0, f2112917}
Mini092005-01.dmp Probable Cause: Probably caused by : mvstdi5x.sys ( mvstdi5x+2917 )
Mini092305-01.dmp Bug Check: BugCheck D1, {3, 2, 0, f2112917}
Mini092305-01.dmp Probable Cause: Probably caused by : mvstdi5x.sys ( mvstdi5x+2917 )
Mini092605-01.dmp Bug Check: BugCheck D1, {3, 2, 0, f2112917}
Mini092605-01.dmp Probable Cause: Probably caused by : mvstdi5x.sys ( mvstdi5x+2917 )
Mini092705-01.dmp Bug Check: BugCheck D1, {3, 2, 0, f2112917}
Mini092705-01.dmp Probable Cause: Probably caused by : mvstdi5x.sys ( mvstdi5x+2917 )
Mini100205-01.dmp Bug Check: BugCheck D1, {3, 2, 0, f2112917}
Mini100205-01.dmp Probable Cause: Probably caused by : mvstdi5x.sys ( mvstdi5x+2917 )
Here's the script:
--------------------------
@echo off
Set DebuggerPath=C:\Program Files\Debugging Tools for Windows
Set SymbolsFolderPath=C:\Symbo
For /f "tokens=*" %%a in ('cd') do set curdir=%%a
if "%1" == "*" Goto AnalyzeAll
if "%1" == "" Goto Help
Goto ProcessDump
:Help
Echo %0 - Analyze one or more crash dumps
Echo.
echo USAGE:
echo.
echo %0 * ^| filename.dmp
echo.
echo * - Analyze ALL dmp files in the directory
echo filename.dmp - Analyze only this specific dump
echo.
echo This script will create a file in dmp file directory called %0.log
echo This file contains the Bug Check code and the debugger's opinion
echo of which file caused the crash.
echo.
Goto EOF
:AnalyzeAll
For /f "tokens=1" %%z in ('dir /a-d /b *.dmp') Do Call :ProcessDump %%z
Start Notepad "%curdir%\analyze.log"
Goto EOF
:ProcessDump
cd /d "%debuggerpath%"
if not exist kd.script (
echo .symfix>>kd.script
echo !analyze -v>>kd.script
echo q>>kd.script
) ELSE (
Echo %0: ***kd.script found - using existing file.***
)
kd -z %curdir%\%1 -logo %curdir%\%1.log -y srv*%symbolsfolderpath%*http://msdl.microsoft.com/download/symbols -v -cf kd.script"
For /f "Skip=2 tokens=*" %%a in ('find "BugCheck" %curdir%\%1.log') do Echo %1 Bug Check: %%a>>%curdir%\analyze.log
For /f "Skip=2 tokens=*" %%a in ('find /i "probably caused by" %curdir%\%1.log') do Echo %1 Probable Cause: %%a>>%curdir%\analyze.log
Echo.>>%curdir%\analyze.lo
:EOF
cd /d %curdir%
If "%0" NEQ ":ProcessDump" If Exist "%curdir%\analyze.log" Start Notepad "%curdir%\analyze.log"
--------------------------
Now, using the script, I generated this "analyze.log" file - which seems to confirm my earlier suspicians as all of them seem to have the same basic info:
Mini081705-01.dmp Bug Check: BugCheck D1, {3, 2, 0, f2112917}
Mini081705-01.dmp Probable Cause: Probably caused by : mvstdi5x.sys ( mvstdi5x+2917 )
Mini082005-01.dmp Bug Check: BugCheck D1, {3, 2, 0, f2112917}
Mini082005-01.dmp Probable Cause: Probably caused by : mvstdi5x.sys ( mvstdi5x+2917 )
Mini082205-01.dmp Bug Check: BugCheck D1, {3, 2, 0, f2112917}
Mini082205-01.dmp Probable Cause: Probably caused by : mvstdi5x.sys ( mvstdi5x+2917 )
Mini082605-01.dmp Bug Check: BugCheck D1, {3, 2, 0, f2102917}
Mini082605-01.dmp Probable Cause: Probably caused by : mvstdi5x.sys ( mvstdi5x+2917 )
Mini082905-01.dmp Bug Check: BugCheck D1, {3, 2, 0, f2112917}
Mini082905-01.dmp Probable Cause: Probably caused by : mvstdi5x.sys ( mvstdi5x+2917 )
Mini090105-01.dmp Bug Check: BugCheck D1, {3, 2, 0, f2112917}
Mini090105-01.dmp Probable Cause: Probably caused by : mvstdi5x.sys ( mvstdi5x+2917 )
Mini090305-01.dmp Bug Check: BugCheck D1, {3, 2, 0, f2112917}
Mini090305-01.dmp Probable Cause: Probably caused by : mvstdi5x.sys ( mvstdi5x+2917 )
Mini090405-01.dmp Bug Check: BugCheck D1, {3, 2, 0, f2112917}
Mini090405-01.dmp Probable Cause: Probably caused by : mvstdi5x.sys ( mvstdi5x+2917 )
Mini090505-01.dmp Bug Check: BugCheck D1, {3, 2, 0, f2112917}
Mini090505-01.dmp Probable Cause: Probably caused by : mvstdi5x.sys ( mvstdi5x+2917 )
Mini091205-01.dmp Bug Check: BugCheck D1, {3, 2, 0, f2112917}
Mini091205-01.dmp Probable Cause: Probably caused by : mvstdi5x.sys ( mvstdi5x+2917 )
Mini091305-01.dmp Bug Check: BugCheck D1, {3, 2, 0, f2112917}
Mini091305-01.dmp Probable Cause: Probably caused by : mvstdi5x.sys ( mvstdi5x+2917 )
Mini091405-01.dmp Bug Check: BugCheck D1, {3, 2, 0, f2112917}
Mini091405-01.dmp Probable Cause: Probably caused by : mvstdi5x.sys ( mvstdi5x+2917 )
Mini092005-01.dmp Bug Check: BugCheck D1, {3, 2, 0, f2112917}
Mini092005-01.dmp Probable Cause: Probably caused by : mvstdi5x.sys ( mvstdi5x+2917 )
Mini092305-01.dmp Bug Check: BugCheck D1, {3, 2, 0, f2112917}
Mini092305-01.dmp Probable Cause: Probably caused by : mvstdi5x.sys ( mvstdi5x+2917 )
Mini092605-01.dmp Bug Check: BugCheck D1, {3, 2, 0, f2112917}
Mini092605-01.dmp Probable Cause: Probably caused by : mvstdi5x.sys ( mvstdi5x+2917 )
Mini092705-01.dmp Bug Check: BugCheck D1, {3, 2, 0, f2112917}
Mini092705-01.dmp Probable Cause: Probably caused by : mvstdi5x.sys ( mvstdi5x+2917 )
Mini100205-01.dmp Bug Check: BugCheck D1, {3, 2, 0, f2112917}
Mini100205-01.dmp Probable Cause: Probably caused by : mvstdi5x.sys ( mvstdi5x+2917 )
I will test it and get back to you.
Leew, i already have the symbol packs. How would i use the script? I am not much of a programmer.
Hi Leew,
Your script is perfect and it can find out the culprit of simple problems. However for complicate problem it may provide wrong information. I need to explain the the meaning of " Probably caused by : mvstdi5x.sys ( mvstdi5x+2917 )' as kd scan the stack trace and look for the first occurence of non-Microsoft module and then microsoft routine. This assumption may be incorrect.
For example
BugCheck 1000000A, {10, 2, 1, 804f6268}
Probably caused by : SYMEVENT.SYS ( SYMEVENT+b124 )
STACK_TEXT:
f3d0d848 804f5feb dfba0000 03e163f0 00000000 nt!MmCopyToCachedPage+0x3b a
f3d0d8d8 804f5e75 82d17008 03e163f0 f3d0d91c nt!CcMapAndCopy+0x1a9
f3d0d964 f85beb66 82ddd638 f3d0db34 00000010 nt!CcCopyWrite+0x28e
f3d0db58 f85bbc97 829c24a0 82dce748 82dce748 Ntfs!NtfsCommonWrite+0x1d2 a
f3d0dbbc 804e37f7 82f57020 82dce748 82f96bf8 Ntfs!NtfsFsdWrite+0xf3
f3d0dbcc f865e3ca 804e8a39 00000000 f3d0dc84 nt!IopfCallDriver+0x31
f3d0dbdc 804e37f7 82fcd3c8 e10d8d28 f3d0dc34 sr!SrWrite+0xaa
f3d0dbec f62f5124 00000000 f3d0dc34 82cb8778 nt!IopfCallDriver+0x31
WARNING: Stack unwind information not available. Following frames may be wrong.
f3d0dc84 805784c0 82e12bf0 82dce748 82ddd638 SYMEVENT+0xb124
f3d0dd38 804de7ec 000017b0 00000000 00000000 nt!NtWriteFile+0x602
f3d0dd38 7c90eb94 000017b0 00000000 00000000 nt!KiFastCallEntry+0xf8
0208fdb0 00000000 00000000 00000000 00000000 0x7c90eb94
Kb reports that ithe culprit is SYMEVENT.SYS and actually the correct answer is faulty ram. This is reason why KB reports that it is probably caused by xxxxx.
Your script is perfect and it can find out the culprit of simple problems. However for complicate problem it may provide wrong information. I need to explain the the meaning of " Probably caused by : mvstdi5x.sys ( mvstdi5x+2917 )' as kd scan the stack trace and look for the first occurence of non-Microsoft module and then microsoft routine. This assumption may be incorrect.
For example
BugCheck 1000000A, {10, 2, 1, 804f6268}
Probably caused by : SYMEVENT.SYS ( SYMEVENT+b124 )
STACK_TEXT:
f3d0d848 804f5feb dfba0000 03e163f0 00000000 nt!MmCopyToCachedPage+0x3b
f3d0d8d8 804f5e75 82d17008 03e163f0 f3d0d91c nt!CcMapAndCopy+0x1a9
f3d0d964 f85beb66 82ddd638 f3d0db34 00000010 nt!CcCopyWrite+0x28e
f3d0db58 f85bbc97 829c24a0 82dce748 82dce748 Ntfs!NtfsCommonWrite+0x1d2
f3d0dbbc 804e37f7 82f57020 82dce748 82f96bf8 Ntfs!NtfsFsdWrite+0xf3
f3d0dbcc f865e3ca 804e8a39 00000000 f3d0dc84 nt!IopfCallDriver+0x31
f3d0dbdc 804e37f7 82fcd3c8 e10d8d28 f3d0dc34 sr!SrWrite+0xaa
f3d0dbec f62f5124 00000000 f3d0dc34 82cb8778 nt!IopfCallDriver+0x31
WARNING: Stack unwind information not available. Following frames may be wrong.
f3d0dc84 805784c0 82e12bf0 82dce748 82ddd638 SYMEVENT+0xb124
f3d0dd38 804de7ec 000017b0 00000000 00000000 nt!NtWriteFile+0x602
f3d0dd38 7c90eb94 000017b0 00000000 00000000 nt!KiFastCallEntry+0xf8
0208fdb0 00000000 00000000 00000000 00000000 0x7c90eb94
Kb reports that ithe culprit is SYMEVENT.SYS and actually the correct answer is faulty ram. This is reason why KB reports that it is probably caused by xxxxx.
ASKER
Unloaded modules:
bdc82000 bdca7000 kmixer.sys Timestamp: unavailable (00000000)
beec3000 beee8000 kmixer.sys Timestamp: unavailable (00000000)
bf15d000 bf16a000 DMusic.sys Timestamp: unavailable (00000000)
bf16d000 bf17b000 swmidi.sys Timestamp: unavailable (00000000)
bf19d000 bf1ad000 Serial.SYS Timestamp: unavailable (00000000)
f2130000 f2139000 redbook.sys Timestamp: unavailable (00000000)
f23a8000 f23ad000 Cdaudio.SYS Timestamp: unavailable (00000000)
f24f0000 f24f3000 Sfloppy.SYS Timestamp: unavailable (00000000)
What exactly are "unloaded modules"
I've had repeated crashes on a 2000 server that happened since I put in an older but supposedly working dual 10/100 Compaq NIC card. I DOWNGRADED the drive and it became more solid, but still crashes seemingly randomly, roughly 3-4 times a week. The above "unloaded modules occur in the first mini dump I have from 8/17 and the last from 10/2 - and I suspect in all the others (16 more) between.
The stop error is a D1, which COULD be faulty RAM but from how I'm reading things, is PROBABLY a bad driver. (I do need to upgrade a disk or two in the server and will likely power down and reseat the RAM - ABOUT 8/15, I did some work on it and took out the RAM and then put it back in - maybe something isn't seated quite right - or perhaps I blew a stick).