MaxxNet
asked on
Win2K box gives blue screen then memory dump
I have a Windows2000 machine (SP4) that will not boot normally. I can boot into safe mode with no problem. If I try to boot normally, I see the windows white splash screen with the progress bar then the machine blue screens, does a complete memory dump, and reboots again. (it just goes around in a circle; booting, memory dump,rebooting unless I boot into safe mode.)
No new hardware has been added to the machine
The owner of this machine claims this starting happening after she was prompted to install a Windows update. (possibly Windows Installer 3.1)
I have both a mini dump and a complete memory dump but have not yet analized them.
Thanks.
No new hardware has been added to the machine
The owner of this machine claims this starting happening after she was prompted to install a Windows update. (possibly Windows Installer 3.1)
I have both a mini dump and a complete memory dump but have not yet analized them.
Thanks.
What is the STOP code?
ASKER
STOP: 0x0000007F (0x000000008, 0x000000000, 0x000000000, 0x000000000)
UNEXPECTED_KERNEL_MODE_TRA P
UNEXPECTED_KERNEL_MODE_TRA
Try testing the memory. I've had this exact same thing happen with a laptop. After trying to format and whatnot first, I finally went and changed the memory sticks, and I was done.
That's what MS says: http://support.microsoft.com/kb/137539/en-us ("General causes of "STOP 0x0000007F" errors")
To determine an approximate cause, examine the parameters at the top of the STOP screen:
**STOP 0x0000007F (0x000000XX, 0x00000000, 0x00000000, 0x00000000)
UNEXPECTED_KERNEL_MODE_TRA P
The most important parameter is the first one (0x0000000X) which may have several different values. The cause of this trap can vary, depending on the value of this parameter. All traps that cause a STOP 0x7F can be found in any Intel x86 microprocessor reference manual as they are specific to the x86 platform. Here are some of the most common ones:
Values Meaning
---------- --------------------
0x00000000 Divide by Zero Error
0x00000004 Overflow
0x00000005 Bounds Check Fault
0x00000006 Invalid Opcode
0x00000008 Double Fault
So, in your case, that's
Double fault
A double fault occurs when an exception occurs while trying to call the handler for a prior exception. Normally, the two exceptions can be handled serially, however there are several exceptions that cannot be handled serially and in this situation the processor signals a double fault. The two primary causes for this are hardware and kernel stack overflows. Hardware problems are usually related to CPU, RAM, or bus. Kernel stack overflows are almost always caused by faulty kernel-mode drivers.
What module/driver is the BSOD info relating to?
To determine an approximate cause, examine the parameters at the top of the STOP screen:
**STOP 0x0000007F (0x000000XX, 0x00000000, 0x00000000, 0x00000000)
UNEXPECTED_KERNEL_MODE_TRA
The most important parameter is the first one (0x0000000X) which may have several different values. The cause of this trap can vary, depending on the value of this parameter. All traps that cause a STOP 0x7F can be found in any Intel x86 microprocessor reference manual as they are specific to the x86 platform. Here are some of the most common ones:
Values Meaning
---------- --------------------
0x00000000 Divide by Zero Error
0x00000004 Overflow
0x00000005 Bounds Check Fault
0x00000006 Invalid Opcode
0x00000008 Double Fault
So, in your case, that's
Double fault
A double fault occurs when an exception occurs while trying to call the handler for a prior exception. Normally, the two exceptions can be handled serially, however there are several exceptions that cannot be handled serially and in this situation the processor signals a double fault. The two primary causes for this are hardware and kernel stack overflows. Hardware problems are usually related to CPU, RAM, or bus. Kernel stack overflows are almost always caused by faulty kernel-mode drivers.
What module/driver is the BSOD info relating to?
You can download memtest here http://www.memtest.org/download/1.65/memtest86+-1.65.floppy.zip
Another cause could be bad motherboard.
See here. http://support.microsoft.com/kb/q137539/
I would contact the manufacturer of your pc and see if you are still under warranty.
Typically a hardware issue but sometimes could be software.
Here are some more articles that may be helpful.
http://support.microsoft.com/search/default.aspx?mode=s&cat=false&query=0x0000007F+UNEXPECTED_KERNEL_MODE_TRAP&srch=sup
Another cause could be bad motherboard.
See here. http://support.microsoft.com/kb/q137539/
I would contact the manufacturer of your pc and see if you are still under warranty.
Typically a hardware issue but sometimes could be software.
Here are some more articles that may be helpful.
http://support.microsoft.com/search/default.aspx?mode=s&cat=false&query=0x0000007F+UNEXPECTED_KERNEL_MODE_TRAP&srch=sup
ASKER
Ran MEMTEST86 and turn up no errors. I did the analysis on MEMORY.dmp and it appears to point to a driver that is causing the problem. If it's a driver, how can I determine which one? Here is the text from the analysis:
Opened log file 'c:\debuglogfull.txt'
kd> .sympath c:\windows\symbols
Symbol search path is: c:\windows\symbols
kd> .reload;!analyze -v;r;kv;lmnt;.logclose;q
*** WARNING: symbols timestamp is wrong 0x4344ec59 0x3ee6c002 for ntoskrnl.exe
Loading Kernel Symbols
.......................... .......... .......... .......... .......... .......... .......
Loading User Symbols
........
Loading unloaded module list
....*** WARNING: symbols timestamp is wrong 0x41e648e0 0x3ef274dc for ntdll.dll
************************** ********** ********** ********** ********** ********** ***
* *
* Bugcheck Analysis *
* *
************************** ********** ********** ********** ********** ********** ***
UNEXPECTED_KERNEL_MODE_TRA P (7f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault). The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
use .trap on that value
Else
.trap on the appropriate frame will show where the trap was taken
(on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 00000008, EXCEPTION_DOUBLE_FAULT
Arg2: 00000000
Arg3: 00000000
Arg4: 00000000
Debugging Details:
------------------
BUGCHECK_STR: 0x7f_8
DEFAULT_BUCKET_ID: DRIVER_FAULT
LAST_CONTROL_TRANSFER: from f000eef3 to 80466df9
STACK_TEXT:
00000000 f000eef3 f000e2c3 f000eef3 f000eef3 nt!Dr_kit6_a+0x53
WARNING: Frame IP not in any known module. Following frames may be wrong.
00000000 00000000 f000e2c3 f000eef3 f000eef3 0xf000eef3
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!Dr_kit6_a+53
80466df9 ebef jmp nt!Dr_kit6_a+0x44 (80466dea)
SYMBOL_STACK_INDEX: 0
FOLLOWUP_NAME: MachineOwner
SYMBOL_NAME: nt!Dr_kit6_a+53
MODULE_NAME: nt
IMAGE_NAME: ntoskrnl.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4344ec59
FAILURE_BUCKET_ID: 0x7f_8_nt!Dr_kit6_a+53
BUCKET_ID: 0x7f_8_nt!Dr_kit6_a+53
Followup: MachineOwner
---------
eax=ffdff13c ebx=0000007f ecx=80036000 edx=00000000 esi=00000000 edi=00000000
eip=80466df9 esp=8046ebb8 ebp=00000000 iopl=0 nv up di ng nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000086
nt!Dr_kit6_a+0x53:
80466df9 ebef jmp nt!Dr_kit6_a+0x44 (80466dea)
ChildEBP RetAddr Args to Child
00000000 f000eef3 f000e2c3 f000eef3 f000eef3 nt!Dr_kit6_a+0x53
WARNING: Frame IP not in any known module. Following frames may be wrong.
00000000 00000000 f000e2c3 f000eef3 f000eef3 0xf000eef3
start end module name
5ff90000 5ff9c000 CSRSRV CSRSRV.dll Thu Jan 13 05:09:48 2005 (41E648EC)
5ffa0000 5ffae000 basesrv basesrv.dll Thu Jan 13 05:09:46 2005 (41E648EA)
5fff0000 5fff4000 csrss csrss.exe Thu Jun 19 22:44:27 2003 (3EF2750B)
77e10000 77e79000 USER32 USER32.dll Thu Apr 21 04:08:41 2005 (42675F89)
77f40000 77f7c000 GDI32 GDI32.dll Thu Dec 29 08:15:55 2005 (43B3E18B)
77f80000 77ffc000 ntdll ntdll.dll Thu Jan 13 05:09:36 2005 (41E648E0)
7c570000 7c623000 KERNEL32 KERNEL32.dll Thu Jan 06 04:17:41 2005 (41DD0235)
7cc30000 7cc70000 winsrv winsrv.dll Fri Sep 23 07:03:26 2005 (4333E0FE)
80062000 80072520 hal halacpi.dll Thu Mar 20 21:04:40 2003 (3E7A7338)
80400000 8059cd80 nt ntoskrnl.exe Thu Oct 06 05:20:25 2005 (4344EC59)
a0000000 a0190000 win32k win32k.sys Thu Oct 06 05:33:42 2005 (4344EF76)
bc824000 bc9fe780 nv4_disp nv4_disp.dll Fri Apr 13 19:55:38 2001 (3AD791FA)
bea0f000 bea2b440 dump_IntelATA dump_IntelATA.sys Tue May 30 13:10:52 2000 (3933F61C)
bea54000 beabda40 mrxsmb mrxsmb.sys Fri Apr 01 20:23:32 2005 (424DF414)
bead0000 beafcac0 rdbss rdbss.sys Mon Apr 11 17:31:22 2005 (425AECAA)
beafd000 beb727c0 VETMONNT VETMONNT.SYS Sun Apr 25 21:33:58 2004 (408C6706)
beb9b000 bebc5d00 netbt netbt.sys Fri Apr 01 20:23:24 2005 (424DF40C)
bebc6000 bec141a0 tcpip tcpip.sys Thu May 12 06:24:58 2005 (42832EFA)
bec39000 bec3c580 vga vga.sys Sat Sep 25 14:37:40 1999 (37ED1674)
bec5d000 bec76260 VETFDDNT VETFDDNT.SYS Sun Apr 25 21:34:00 2004 (408C6708)
bfc77000 bfca13a0 update update.sys Wed Apr 16 00:22:01 2003 (3E9CDA69)
bfca2000 bfcb8ba0 ndiswan ndiswan.sys Tue Apr 29 19:05:01 2003 (3EAF051D)
bfcb9000 bfcdd1e0 portcls portcls.sys Wed Apr 16 00:11:22 2003 (3E9CD7EA)
bfcde000 bfcfdd00 ks ks.sys Wed Dec 04 12:09:38 2002 (3DEE36D2)
bfcfe000 bfd64b60 sbpci sbpci.sys Thu Jun 15 14:32:54 2000 (39492156)
bfd65000 bfd8c000 WMPCI54G WMPCI54G.SYS Thu Dec 12 21:22:01 2002 (3DF94449)
bfd8c000 bfe406c0 nv4_mini nv4_mini.sys Fri Apr 13 19:49:13 2001 (3AD79079)
bfe61000 bfe76be0 Mup Mup.sys Thu Dec 02 22:37:23 2004 (41AFDF73)
bfe77000 bfea0aa0 NDIS NDIS.sys Tue Apr 29 19:05:01 2003 (3EAF051D)
bfea1000 bff1e480 Ntfs Ntfs.sys Tue May 10 05:20:29 2005 (42807CDD)
bff1f000 bff307c0 KSecDD KSecDD.sys Sat Sep 20 20:32:19 2003 (3F6CF193)
bff31000 bff525a0 fltmgr fltmgr.sys Thu Apr 14 02:59:00 2005 (425E14B4)
bff53000 bff65180 SCSIPORT SCSIPORT.SYS Thu Jul 14 08:24:06 2005 (42D65966)
bff66000 bff82440 intelata intelata.sys Tue May 30 13:10:52 2000 (3933F61C)
bff83000 bff98180 atapi atapi.sys Tue Apr 01 13:08:25 2003 (3E89D599)
bff99000 bffba9c0 dmio dmio.sys Wed Jan 15 14:47:04 2003 (3E25BAB8)
bffbb000 bffd75a0 ftdisk ftdisk.sys Thu Dec 02 22:29:58 2004 (41AFDDB6)
bffd8000 bffffc20 ACPI ACPI.sys Wed Jan 15 14:44:22 2003 (3E25BA16)
eb400000 eb40e6a0 pci pci.sys Wed Jan 15 14:44:07 2003 (3E25BA07)
eb410000 eb41b680 isapnp isapnp.sys Wed Jan 15 14:43:47 2003 (3E25B9F3)
eb420000 eb428700 CLASSPNP CLASSPNP.SYS Wed Jan 15 14:42:51 2003 (3E25B9BB)
eb460000 eb46c4c0 VIDEOPRT VIDEOPRT.SYS Wed Jan 15 14:47:20 2003 (3E25BAC8)
eb470000 eb47b680 i8042prt i8042prt.sys Wed Apr 16 00:00:59 2003 (3E9CD57B)
eb480000 eb48f400 serial serial.sys Wed Apr 16 00:19:39 2003 (3E9CD9DB)
eb490000 eb49ca80 rasl2tp rasl2tp.sys Tue Apr 29 19:05:06 2003 (3EAF0522)
eb4a0000 eb4abc40 raspptp raspptp.sys Wed May 14 19:47:00 2003 (3EC2D574)
eb4b0000 eb4bea20 parallel parallel.sys Wed Jan 15 14:47:14 2003 (3E25BAC2)
eb530000 eb539be0 usbhub usbhub.sys Tue Mar 18 18:30:41 2003 (3E77AC21)
eb540000 eb549ce0 NDProxy NDProxy.SYS Thu Sep 30 19:25:35 1999 (37F3F16F)
eb590000 eb598fa0 Npfs Npfs.SYS Sat Oct 09 19:58:07 1999 (37FFD68F)
eb5a0000 eb5a8680 msgpc msgpc.sys Wed Jan 15 14:54:25 2003 (3E25BC71)
eb5b0000 eb5b81a0 netbios netbios.sys Tue Oct 12 15:34:19 1999 (38038D3B)
eb680000 eb685520 PCIIDEX PCIIDEX.SYS Tue Feb 25 13:31:08 2003 (3E5BB66C)
eb688000 eb68f4c0 MountMgr MountMgr.sys Tue Aug 16 04:40:55 2005 (4301A697)
eb690000 eb697720 disk disk.sys Wed Jan 15 14:43:05 2003 (3E25B9C9)
eb698000 eb69d100 agp440 agp440.sys Wed Jan 15 14:47:07 2003 (3E25BABB)
eb6b0000 eb6b4a60 flpydisk flpydisk.sys Wed Jan 15 14:42:52 2003 (3E25B9BC)
eb700000 eb705400 mouclass mouclass.sys Thu Feb 20 11:37:45 2003 (3E550459)
eb708000 eb70ea20 EFS EFS.SYS Wed Jan 15 14:46:55 2003 (3E25BAAF)
eb710000 eb715ec0 kbdclass kbdclass.sys Thu Feb 20 11:37:30 2003 (3E55044A)
eb718000 eb71fd00 wanarp wanarp.sys Fri Aug 16 08:25:01 2002 (3D5CEF1D)
eb720000 eb726580 fdc fdc.sys Wed Jan 15 14:42:51 2003 (3E25B9BB)
eb740000 eb746100 parport parport.sys Wed Jan 15 14:47:13 2003 (3E25BAC1)
eb750000 eb757f40 uhcd uhcd.sys Wed Jan 15 14:45:50 2003 (3E25BA6E)
eb758000 eb75d160 cmosa cmosa.SYS Tue Apr 04 15:13:57 2000 (38EA3EF5)
eb768000 eb76cfc0 USBD USBD.SYS Wed Jan 22 12:05:33 2003 (3E2ECF5D)
eb778000 eb77ec40 cdrom cdrom.sys Wed Jan 15 14:43:04 2003 (3E25B9C8)
eb780000 eb787000 GEARAspiWDM GEARAspiWDM.sys Wed Feb 02 00:19:49 2005 (420062F5)
eb788000 eb78cf20 VET_FILT VET-FILT.SYS Sun Apr 25 21:33:58 2004 (408C6706)
eb7c0000 eb7c4400 ptilink ptilink.sys Wed Jan 15 14:47:15 2003 (3E25BAC3)
eb7d0000 eb7d40e0 raspti raspti.sys Fri Oct 08 16:45:10 1999 (37FE57D6)
eb7f0000 eb7f5240 Msfs Msfs.SYS Tue Oct 26 19:21:32 1999 (3816377C)
eb810000 eb812a20 BOOTVID BOOTVID.dll Wed Nov 03 20:24:33 1999 (3820E051)
eb814000 eb816d00 PartMgr PartMgr.sys Wed Jan 15 14:43:07 2003 (3E25B9CB)
eb884000 eb887640 serenum serenum.sys Wed Jan 15 14:47:01 2003 (3E25BAB5)
eb894000 eb8962e0 ndistapi ndistapi.sys Wed Jan 15 14:54:15 2003 (3E25BC67)
eb8a4000 eb8a7e60 TDI TDI.SYS Wed Jan 15 14:56:26 2003 (3E25BCEA)
eb8c0000 eb8c36c0 dump_diskdump dump_diskdump.sys Tue Feb 25 14:18:04 2003 (3E5BC16C)
eb8c4000 eb8c79e0 VET_REC VET-REC.SYS Sun Apr 25 21:33:57 2004 (408C6705)
eb900000 eb901100 intelide intelide.sys Wed Feb 19 12:19:09 2003 (3E53BC8D)
eb902000 eb903d20 Diskperf Diskperf.sys Wed Feb 12 16:34:38 2003 (3E4ABDEE)
eb904000 eb905b80 dmload dmload.sys Wed Jan 15 14:47:06 2003 (3E25BABA)
eb97c000 eb97dca0 Fs_Rec Fs_Rec.SYS Wed Jan 15 14:53:30 2003 (3E25BC3A)
eb988000 eb989e40 rasacd rasacd.sys Sat Sep 25 14:41:23 1999 (37ED1753)
eb9c8000 eb9c8f80 WMILIB WMILIB.SYS Sat Sep 25 14:36:47 1999 (37ED163F)
eb9c9000 eb9c9b00 PCIIde PCIIde.sys Wed Jan 15 14:43:03 2003 (3E25B9C7)
eb9ca000 eb9cacc0 idebd idebd.sys Tue Feb 22 20:20:15 2000 (38B335CF)
eb9e8000 eb9e8a40 audstub audstub.sys Sat Sep 25 14:35:33 1999 (37ED15F5)
eb9f2000 eb9f3000 swenum swenum.sys Wed Dec 04 12:10:07 2002 (3DEE36EF)
eb9fd000 eb9fd9e0 Null Null.SYS Sat Sep 25 14:34:58 1999 (37ED15D2)
eb9ff000 eb9ffee0 Beep Beep.SYS Wed Oct 20 18:18:59 1999 (380E3FD3)
eba03000 eba03f80 mnmdd mnmdd.SYS Sat Sep 25 14:37:40 1999 (37ED1674)
Unloaded modules:
eb5c0000 eb5c9000 redbook.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
eb980000 eb982000 sglfb.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
eb7e0000 eb7e5000 Cdaudio.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
bec41000 bec44000 Sfloppy.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
Closing open log file c:\debuglogfull.txt
Opened log file 'c:\debuglogfull.txt'
kd> .sympath c:\windows\symbols
Symbol search path is: c:\windows\symbols
kd> .reload;!analyze -v;r;kv;lmnt;.logclose;q
*** WARNING: symbols timestamp is wrong 0x4344ec59 0x3ee6c002 for ntoskrnl.exe
Loading Kernel Symbols
..........................
Loading User Symbols
........
Loading unloaded module list
....*** WARNING: symbols timestamp is wrong 0x41e648e0 0x3ef274dc for ntdll.dll
**************************
* *
* Bugcheck Analysis *
* *
**************************
UNEXPECTED_KERNEL_MODE_TRA
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault). The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
use .trap on that value
Else
.trap on the appropriate frame will show where the trap was taken
(on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 00000008, EXCEPTION_DOUBLE_FAULT
Arg2: 00000000
Arg3: 00000000
Arg4: 00000000
Debugging Details:
------------------
BUGCHECK_STR: 0x7f_8
DEFAULT_BUCKET_ID: DRIVER_FAULT
LAST_CONTROL_TRANSFER: from f000eef3 to 80466df9
STACK_TEXT:
00000000 f000eef3 f000e2c3 f000eef3 f000eef3 nt!Dr_kit6_a+0x53
WARNING: Frame IP not in any known module. Following frames may be wrong.
00000000 00000000 f000e2c3 f000eef3 f000eef3 0xf000eef3
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!Dr_kit6_a+53
80466df9 ebef jmp nt!Dr_kit6_a+0x44 (80466dea)
SYMBOL_STACK_INDEX: 0
FOLLOWUP_NAME: MachineOwner
SYMBOL_NAME: nt!Dr_kit6_a+53
MODULE_NAME: nt
IMAGE_NAME: ntoskrnl.exe
DEBUG_FLR_IMAGE_TIMESTAMP:
FAILURE_BUCKET_ID: 0x7f_8_nt!Dr_kit6_a+53
BUCKET_ID: 0x7f_8_nt!Dr_kit6_a+53
Followup: MachineOwner
---------
eax=ffdff13c ebx=0000007f ecx=80036000 edx=00000000 esi=00000000 edi=00000000
eip=80466df9 esp=8046ebb8 ebp=00000000 iopl=0 nv up di ng nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000086
nt!Dr_kit6_a+0x53:
80466df9 ebef jmp nt!Dr_kit6_a+0x44 (80466dea)
ChildEBP RetAddr Args to Child
00000000 f000eef3 f000e2c3 f000eef3 f000eef3 nt!Dr_kit6_a+0x53
WARNING: Frame IP not in any known module. Following frames may be wrong.
00000000 00000000 f000e2c3 f000eef3 f000eef3 0xf000eef3
start end module name
5ff90000 5ff9c000 CSRSRV CSRSRV.dll Thu Jan 13 05:09:48 2005 (41E648EC)
5ffa0000 5ffae000 basesrv basesrv.dll Thu Jan 13 05:09:46 2005 (41E648EA)
5fff0000 5fff4000 csrss csrss.exe Thu Jun 19 22:44:27 2003 (3EF2750B)
77e10000 77e79000 USER32 USER32.dll Thu Apr 21 04:08:41 2005 (42675F89)
77f40000 77f7c000 GDI32 GDI32.dll Thu Dec 29 08:15:55 2005 (43B3E18B)
77f80000 77ffc000 ntdll ntdll.dll Thu Jan 13 05:09:36 2005 (41E648E0)
7c570000 7c623000 KERNEL32 KERNEL32.dll Thu Jan 06 04:17:41 2005 (41DD0235)
7cc30000 7cc70000 winsrv winsrv.dll Fri Sep 23 07:03:26 2005 (4333E0FE)
80062000 80072520 hal halacpi.dll Thu Mar 20 21:04:40 2003 (3E7A7338)
80400000 8059cd80 nt ntoskrnl.exe Thu Oct 06 05:20:25 2005 (4344EC59)
a0000000 a0190000 win32k win32k.sys Thu Oct 06 05:33:42 2005 (4344EF76)
bc824000 bc9fe780 nv4_disp nv4_disp.dll Fri Apr 13 19:55:38 2001 (3AD791FA)
bea0f000 bea2b440 dump_IntelATA dump_IntelATA.sys Tue May 30 13:10:52 2000 (3933F61C)
bea54000 beabda40 mrxsmb mrxsmb.sys Fri Apr 01 20:23:32 2005 (424DF414)
bead0000 beafcac0 rdbss rdbss.sys Mon Apr 11 17:31:22 2005 (425AECAA)
beafd000 beb727c0 VETMONNT VETMONNT.SYS Sun Apr 25 21:33:58 2004 (408C6706)
beb9b000 bebc5d00 netbt netbt.sys Fri Apr 01 20:23:24 2005 (424DF40C)
bebc6000 bec141a0 tcpip tcpip.sys Thu May 12 06:24:58 2005 (42832EFA)
bec39000 bec3c580 vga vga.sys Sat Sep 25 14:37:40 1999 (37ED1674)
bec5d000 bec76260 VETFDDNT VETFDDNT.SYS Sun Apr 25 21:34:00 2004 (408C6708)
bfc77000 bfca13a0 update update.sys Wed Apr 16 00:22:01 2003 (3E9CDA69)
bfca2000 bfcb8ba0 ndiswan ndiswan.sys Tue Apr 29 19:05:01 2003 (3EAF051D)
bfcb9000 bfcdd1e0 portcls portcls.sys Wed Apr 16 00:11:22 2003 (3E9CD7EA)
bfcde000 bfcfdd00 ks ks.sys Wed Dec 04 12:09:38 2002 (3DEE36D2)
bfcfe000 bfd64b60 sbpci sbpci.sys Thu Jun 15 14:32:54 2000 (39492156)
bfd65000 bfd8c000 WMPCI54G WMPCI54G.SYS Thu Dec 12 21:22:01 2002 (3DF94449)
bfd8c000 bfe406c0 nv4_mini nv4_mini.sys Fri Apr 13 19:49:13 2001 (3AD79079)
bfe61000 bfe76be0 Mup Mup.sys Thu Dec 02 22:37:23 2004 (41AFDF73)
bfe77000 bfea0aa0 NDIS NDIS.sys Tue Apr 29 19:05:01 2003 (3EAF051D)
bfea1000 bff1e480 Ntfs Ntfs.sys Tue May 10 05:20:29 2005 (42807CDD)
bff1f000 bff307c0 KSecDD KSecDD.sys Sat Sep 20 20:32:19 2003 (3F6CF193)
bff31000 bff525a0 fltmgr fltmgr.sys Thu Apr 14 02:59:00 2005 (425E14B4)
bff53000 bff65180 SCSIPORT SCSIPORT.SYS Thu Jul 14 08:24:06 2005 (42D65966)
bff66000 bff82440 intelata intelata.sys Tue May 30 13:10:52 2000 (3933F61C)
bff83000 bff98180 atapi atapi.sys Tue Apr 01 13:08:25 2003 (3E89D599)
bff99000 bffba9c0 dmio dmio.sys Wed Jan 15 14:47:04 2003 (3E25BAB8)
bffbb000 bffd75a0 ftdisk ftdisk.sys Thu Dec 02 22:29:58 2004 (41AFDDB6)
bffd8000 bffffc20 ACPI ACPI.sys Wed Jan 15 14:44:22 2003 (3E25BA16)
eb400000 eb40e6a0 pci pci.sys Wed Jan 15 14:44:07 2003 (3E25BA07)
eb410000 eb41b680 isapnp isapnp.sys Wed Jan 15 14:43:47 2003 (3E25B9F3)
eb420000 eb428700 CLASSPNP CLASSPNP.SYS Wed Jan 15 14:42:51 2003 (3E25B9BB)
eb460000 eb46c4c0 VIDEOPRT VIDEOPRT.SYS Wed Jan 15 14:47:20 2003 (3E25BAC8)
eb470000 eb47b680 i8042prt i8042prt.sys Wed Apr 16 00:00:59 2003 (3E9CD57B)
eb480000 eb48f400 serial serial.sys Wed Apr 16 00:19:39 2003 (3E9CD9DB)
eb490000 eb49ca80 rasl2tp rasl2tp.sys Tue Apr 29 19:05:06 2003 (3EAF0522)
eb4a0000 eb4abc40 raspptp raspptp.sys Wed May 14 19:47:00 2003 (3EC2D574)
eb4b0000 eb4bea20 parallel parallel.sys Wed Jan 15 14:47:14 2003 (3E25BAC2)
eb530000 eb539be0 usbhub usbhub.sys Tue Mar 18 18:30:41 2003 (3E77AC21)
eb540000 eb549ce0 NDProxy NDProxy.SYS Thu Sep 30 19:25:35 1999 (37F3F16F)
eb590000 eb598fa0 Npfs Npfs.SYS Sat Oct 09 19:58:07 1999 (37FFD68F)
eb5a0000 eb5a8680 msgpc msgpc.sys Wed Jan 15 14:54:25 2003 (3E25BC71)
eb5b0000 eb5b81a0 netbios netbios.sys Tue Oct 12 15:34:19 1999 (38038D3B)
eb680000 eb685520 PCIIDEX PCIIDEX.SYS Tue Feb 25 13:31:08 2003 (3E5BB66C)
eb688000 eb68f4c0 MountMgr MountMgr.sys Tue Aug 16 04:40:55 2005 (4301A697)
eb690000 eb697720 disk disk.sys Wed Jan 15 14:43:05 2003 (3E25B9C9)
eb698000 eb69d100 agp440 agp440.sys Wed Jan 15 14:47:07 2003 (3E25BABB)
eb6b0000 eb6b4a60 flpydisk flpydisk.sys Wed Jan 15 14:42:52 2003 (3E25B9BC)
eb700000 eb705400 mouclass mouclass.sys Thu Feb 20 11:37:45 2003 (3E550459)
eb708000 eb70ea20 EFS EFS.SYS Wed Jan 15 14:46:55 2003 (3E25BAAF)
eb710000 eb715ec0 kbdclass kbdclass.sys Thu Feb 20 11:37:30 2003 (3E55044A)
eb718000 eb71fd00 wanarp wanarp.sys Fri Aug 16 08:25:01 2002 (3D5CEF1D)
eb720000 eb726580 fdc fdc.sys Wed Jan 15 14:42:51 2003 (3E25B9BB)
eb740000 eb746100 parport parport.sys Wed Jan 15 14:47:13 2003 (3E25BAC1)
eb750000 eb757f40 uhcd uhcd.sys Wed Jan 15 14:45:50 2003 (3E25BA6E)
eb758000 eb75d160 cmosa cmosa.SYS Tue Apr 04 15:13:57 2000 (38EA3EF5)
eb768000 eb76cfc0 USBD USBD.SYS Wed Jan 22 12:05:33 2003 (3E2ECF5D)
eb778000 eb77ec40 cdrom cdrom.sys Wed Jan 15 14:43:04 2003 (3E25B9C8)
eb780000 eb787000 GEARAspiWDM GEARAspiWDM.sys Wed Feb 02 00:19:49 2005 (420062F5)
eb788000 eb78cf20 VET_FILT VET-FILT.SYS Sun Apr 25 21:33:58 2004 (408C6706)
eb7c0000 eb7c4400 ptilink ptilink.sys Wed Jan 15 14:47:15 2003 (3E25BAC3)
eb7d0000 eb7d40e0 raspti raspti.sys Fri Oct 08 16:45:10 1999 (37FE57D6)
eb7f0000 eb7f5240 Msfs Msfs.SYS Tue Oct 26 19:21:32 1999 (3816377C)
eb810000 eb812a20 BOOTVID BOOTVID.dll Wed Nov 03 20:24:33 1999 (3820E051)
eb814000 eb816d00 PartMgr PartMgr.sys Wed Jan 15 14:43:07 2003 (3E25B9CB)
eb884000 eb887640 serenum serenum.sys Wed Jan 15 14:47:01 2003 (3E25BAB5)
eb894000 eb8962e0 ndistapi ndistapi.sys Wed Jan 15 14:54:15 2003 (3E25BC67)
eb8a4000 eb8a7e60 TDI TDI.SYS Wed Jan 15 14:56:26 2003 (3E25BCEA)
eb8c0000 eb8c36c0 dump_diskdump dump_diskdump.sys Tue Feb 25 14:18:04 2003 (3E5BC16C)
eb8c4000 eb8c79e0 VET_REC VET-REC.SYS Sun Apr 25 21:33:57 2004 (408C6705)
eb900000 eb901100 intelide intelide.sys Wed Feb 19 12:19:09 2003 (3E53BC8D)
eb902000 eb903d20 Diskperf Diskperf.sys Wed Feb 12 16:34:38 2003 (3E4ABDEE)
eb904000 eb905b80 dmload dmload.sys Wed Jan 15 14:47:06 2003 (3E25BABA)
eb97c000 eb97dca0 Fs_Rec Fs_Rec.SYS Wed Jan 15 14:53:30 2003 (3E25BC3A)
eb988000 eb989e40 rasacd rasacd.sys Sat Sep 25 14:41:23 1999 (37ED1753)
eb9c8000 eb9c8f80 WMILIB WMILIB.SYS Sat Sep 25 14:36:47 1999 (37ED163F)
eb9c9000 eb9c9b00 PCIIde PCIIde.sys Wed Jan 15 14:43:03 2003 (3E25B9C7)
eb9ca000 eb9cacc0 idebd idebd.sys Tue Feb 22 20:20:15 2000 (38B335CF)
eb9e8000 eb9e8a40 audstub audstub.sys Sat Sep 25 14:35:33 1999 (37ED15F5)
eb9f2000 eb9f3000 swenum swenum.sys Wed Dec 04 12:10:07 2002 (3DEE36EF)
eb9fd000 eb9fd9e0 Null Null.SYS Sat Sep 25 14:34:58 1999 (37ED15D2)
eb9ff000 eb9ffee0 Beep Beep.SYS Wed Oct 20 18:18:59 1999 (380E3FD3)
eba03000 eba03f80 mnmdd mnmdd.SYS Sat Sep 25 14:37:40 1999 (37ED1674)
Unloaded modules:
eb5c0000 eb5c9000 redbook.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
eb980000 eb982000 sglfb.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
eb7e0000 eb7e5000 Cdaudio.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
bec41000 bec44000 Sfloppy.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
Closing open log file c:\debuglogfull.txt
ASKER
jkr,
Not sure what you mean by this question. How can I determine?
What module/driver is the BSOD info relating to?
Not sure what you mean by this question. How can I determine?
What module/driver is the BSOD info relating to?
May be a service. Try setting all services to manual and see if you get the blue screen.
If not, start re-enabling them and making note of which ones you are enabling.
OR
there was an error in there regarding IP: WARNING: Frame IP not in any known module. Following frames may be wrong.
00000000 00000000 f000e2c3 f000eef3 f000eef3 0xf000eef3
that doesn't look too normal. Maybe try re-applying SP4.
If this isn't a production system, then you could try uninstalling TCP/IP and then re-installing.
Then re-apply SP4
If not, start re-enabling them and making note of which ones you are enabling.
OR
there was an error in there regarding IP: WARNING: Frame IP not in any known module. Following frames may be wrong.
00000000 00000000 f000e2c3 f000eef3 f000eef3 0xf000eef3
that doesn't look too normal. Maybe try re-applying SP4.
If this isn't a production system, then you could try uninstalling TCP/IP and then re-installing.
Then re-apply SP4
>>WARNING: Frame IP not in any known module. Following frames may be wrong.
That's probably a stack overwrite (at least from my programming experience). So, if your CPU isn'T totally boken (and it isn't, the dumps can still be saved), I would rule a hardware problem and go for a repair install: http://support.microsoft.com/kb/292175 ("How to perform an in-place upgrade of Windows 2000")
BTW, the above also makes it impossible to detect which driver or other module was involved.
That's probably a stack overwrite (at least from my programming experience). So, if your CPU isn'T totally boken (and it isn't, the dumps can still be saved), I would rule a hardware problem and go for a repair install: http://support.microsoft.com/kb/292175 ("How to perform an in-place upgrade of Windows 2000")
BTW, the above also makes it impossible to detect which driver or other module was involved.
ASKER
I did the repair option from the Windows 2K install disk and everything seemed to go OK. At the end the blue setup screen said "repairs completed successfully" or something like that. Now, the problem is that it still won't boot, but I receive a different STOP message. I receive this message on booting after the white Windows splash screen with blue progress bar at the bottom:
STOP: C000026C Unable to load device driver \ systemroot\system32\driver s\intelide .sys
device driver could not be loaded.
Error status was 0xC000012F
Will not boot into Safe mode. I receive the same message. Is the HD dead?
STOP: C000026C Unable to load device driver \ systemroot\system32\driver
device driver could not be loaded.
Error status was 0xC000012F
Will not boot into Safe mode. I receive the same message. Is the HD dead?
ASKER
I researched KB article kbid=160495 Err Msg: STOP: C000026C Unable to Load Device Driver... and it gives a couple of solutions. I used the ERD to do the repair so I wasn't expecting problems. Looks like I'll need to follow the steps in KB article 164471 Replacing System Files Using a Modified Emergency Repair Disk. Looks fairly complicated. I'll try this tonight. Machine has been down for a week and user starting to get impatient. ;-)
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.