Solved

Need blue screen dump check file analysis expert

Posted on 2007-11-27
4
2,130 Views
Last Modified: 2008-09-17
About once or twice a week, my server reboots.  It is an SBS 2003 with SP2. Event id 1003 is logged in the event viewer.  Unfortunately, it is a server that someone built on PC hardware, so this could even be a simple hardware issue.  Microsofts error reporting thinks it's a device driver.  I've checked the Window s Update site for driver updates, and it is up to date.  

Here are some of the errors:
Error code 1000000a, parameter1 00000008, parameter2 d0000002, parameter3 00000000, parameter4 808408de.

Another:
Error code 1000000a, parameter1 00000050, parameter2 d000001b, parameter3 00000001, parameter4 8083d64d.

The latest:
Error code 1000008e, parameter1 c0000005, parameter2 808408de, parameter3 b8484a98, parameter4 00000000.

I ran dumpchk, and here are the results.



Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\WINDOWS\Minidump>dumpchk
Usage: dumpchk [-y <sympath>] <dumpfile>

C:\WINDOWS\Minidump>dumpchk -y c:\windows\symbols c:\windows\mini082807-01.dmp
Loading dump file c:\windows\mini082807-01.dmp

Microsoft (R) Windows Debugger  Version 5.2.3790.3959
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [c:\windows\mini082807-01.dmp]
Could not open dump file [c:\windows\mini082807-01.dmp], Win32 error 2
    "The system cannot find the file specified."
**** DebugClient cannot open DumpFile - error 80070002

C:\WINDOWS\Minidump>dumpchk -y c:\windows\symbols c:\windows\Mini082807-01.dmp
Loading dump file c:\windows\Mini082807-01.dmp

Microsoft (R) Windows Debugger  Version 5.2.3790.3959
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [c:\windows\Mini082807-01.dmp]
Could not open dump file [c:\windows\Mini082807-01.dmp], Win32 error 2
    "The system cannot find the file specified."
**** DebugClient cannot open DumpFile - error 80070002

C:\WINDOWS\Minidump>dumpchk -y c:\windows\symbols c:\windows\minidump\Mini082807
-01.dmp
Loading dump file c:\windows\minidump\Mini082807-01.dmp

Microsoft (R) Windows Debugger  Version 5.2.3790.3959
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [c:\windows\minidump\Mini082807-01.dmp]
Could not open dump file [c:\windows\minidump\Mini082807-01.dmp], Win32 error 10
06
    "The volume for a file has been externally altered so that the opened file i
s no longer valid."
**** DebugClient cannot open DumpFile - error 800703ee

C:\WINDOWS\Minidump>dumpchk -y c:\windows\symbols c:\windows\minidump\Mini082807
-01.dmp
Loading dump file c:\windows\minidump\Mini082807-01.dmp

Microsoft (R) Windows Debugger  Version 5.2.3790.3959
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [c:\windows\minidump\Mini082807-01.dmp]
Could not open dump file [c:\windows\minidump\Mini082807-01.dmp], Win32 error 10
06
    "The volume for a file has been externally altered so that the opened file i
s no longer valid."
**** DebugClient cannot open DumpFile - error 800703ee

C:\WINDOWS\Minidump>dumpchk -y c:\windows\symbols c:\windows\minidump\Mini082707
-01.dmp
Loading dump file c:\windows\minidump\Mini082707-01.dmp

Microsoft (R) Windows Debugger  Version 5.2.3790.3959
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [c:\windows\minidump\Mini082707-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: c:\windows\symbols
Symbol search path is: c:\windows\symbols
Executable search path is:
*********************************************************************
* Analyzing Minidumps requires access to the actual executable      *
* images for the crashed system                                     *
*                                                                   *
* The Executable Image Path can be set by:                          *
*   using the _NT_EXECUTABLE_IMAGE_PATH environment variable.       *
*   using the -i <image_path> argument when starting the debugger.  *
*   using .exepath and .exepath+                                    *
*********************************************************************
Unable to load image ntoskrnl.exe
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Windows Server 2003 Kernel Version 3790 (Service Pack 2) MP (2 procs) Free x86 c
ompatible
Product: LanManNt, suite: SmallBusiness TerminalServer SmallBusinessRestricted S
ingleUserTS
Kernel base = 0x80800000 PsLoadedModuleList = 0x808af9c8
Debug session time: Mon Aug 27 03:35:55 2007
System Uptime: 7 days 0:39:32.634
*********************************************************************
* Analyzing Minidumps requires access to the actual executable      *
* images for the crashed system                                     *
*                                                                   *
* The Executable Image Path can be set by:                          *
*   using the _NT_EXECUTABLE_IMAGE_PATH environment variable.       *
*   using the -i <image_path> argument when starting the debugger.  *
*   using .exepath and .exepath+                                    *
*********************************************************************
Unable to load image ntoskrnl.exe
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Loading Kernel Symbols
................................................................................
........................................
Loading unloaded module list
.................
Loading User Symbols
The call to LoadLibrary(ext) failed, Win32 error 2
    "The system cannot find the file specified."
Please check your debugger configuration and/or network access.
The call to LoadLibrary(exts) failed, Win32 error 2
    "The system cannot find the file specified."
Please check your debugger configuration and/or network access.
The call to LoadLibrary(kext) failed, Win32 error 2
    "The system cannot find the file specified."
Please check your debugger configuration and/or network access.
The call to LoadLibrary(kdexts) failed, Win32 error 2
    "The system cannot find the file specified."
Please check your debugger configuration and/or network access.
The call to LoadLibrary(ext) failed, Win32 error 2
    "The system cannot find the file specified."
Please check your debugger configuration and/or network access.
The call to LoadLibrary(exts) failed, Win32 error 2
    "The system cannot find the file specified."
Please check your debugger configuration and/or network access.
The call to LoadLibrary(kext) failed, Win32 error 2
    "The system cannot find the file specified."
Please check your debugger configuration and/or network access.
The call to LoadLibrary(kdexts) failed, Win32 error 2
    "The system cannot find the file specified."
Please check your debugger configuration and/or network access.
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************
Bugcheck code 1000000A
Arguments 00000008 d0000002 00000000 808408de

ChildEBP RetAddr  Args to Child
808a33e8 8083dbf1 8a354c80 808a3404 8a7480e0 nt!KeRevertToUserAffinityThread+0x1
26
808a3428 f7389faa 8a6d05d0 00000000 00000001 nt!KeRemoveByKeyDeviceQueue+0xe7
Unable to load image atapi.sys
*** WARNING: Unable to verify timestamp for atapi.sys
808a345c 8082e109 8a748028 89410b38 89410b38 atapi!IdeSendCommand+0x372
808a3480 f7389ddc 8a748028 89410b38 00000000 nt!IopWriteTriageDump+0x367
808a34b0 80840153 8a748028 89410b38 8a726e50 atapi!IdeSendCommand+0x1a4
808a34c4 f73885be 00000000 8950e460 00000001 nt!KeForceResumeThread+0xd1
808a34dc f738a12f f73893aa 8950e460 8a726e50 atapi!IssueIdentify+0x7ac
808a34fc f738a90c 8a726e50 8a5323b0 8a726ef8 atapi!IdeSendCommand+0x4f7
808a352c f738ac94 8a35a008 8a726ef8 808a35a7 atapi!IdeSendPassThroughCommand+0x5
88
808a35a8 8083d99a 8a74809c 8a748028 00000000 atapi!AtapiResetController+0x294
808a3600 80839b2f 00000000 0000000e 00000000 nt!KeRemoveDeviceQueue+0x12
808a6b40 00000000 808a6b48 808a6b48 808a6b50 nt!KeSetEvent+0x147

----- 32 bit Kernel Mini Dump Analysis

DUMP_HEADER32:
MajorVersion        0000000f
MinorVersion        00000ece
DirectoryTableBase  00039000
PfnDataBase         81800000
PsLoadedModuleList  808af9c8
PsActiveProcessHead 808b5be8
MachineImageType    0000014c
NumberProcessors    00000002
BugCheckCode        1000000a
BugCheckParameter1  00000008
BugCheckParameter2  d0000002
BugCheckParameter3  00000000
BugCheckParameter4  808408de
PaeEnabled          00000000
KdDebuggerDataBlock 8089d3e0
SecondaryDataState  00000000
ProductType         00000002
SuiteMask           00000131
MiniDumpFields      00000dff

TRIAGE_DUMP32:
ServicePackBuild      00000200
SizeOfDump            00010000
ValidOffset           0000fffc
ContextOffset         00000320
ExceptionOffset       000007d0
MmOffset              00001068
UnloadedDriversOffset 000010a0
PrcbOffset            00001878
ProcessOffset         00002738
ThreadOffset          000029b0
CallStackOffset       00002c00
SizeOfCallStack       00000558
DriverListOffset      00003470
DriverCount           00000079
StringPoolOffset      00005860
StringPoolSize        00001090
BrokenDriverOffset    00000000
TriageOptions         00000041
TopOfStack            808a3358
DebuggerDataOffset    00003158
DebuggerDataSize      00000318
DataBlocksOffset      000068f0
DataBlocksCount       00000004
  d0000000 - d0000fff at offset 00006930
  80840000 - 80840fff at offset 00007930
  8a354000 - 8a354fff at offset 00008930
  8a7dd000 - 8a7ddfff at offset 00009930
  Max offset a930, d6d0 from end of file


Windows Server 2003 Kernel Version 3790 (Service Pack 2) MP (2 procs) Free x86 c
ompatible
Product: LanManNt, suite: SmallBusiness TerminalServer SmallBusinessRestricted S
ingleUserTS
Kernel base = 0x80800000 PsLoadedModuleList = 0x808af9c8
Debug session time: Mon Aug 27 03:35:55 2007
System Uptime: 7 days 0:39:32.634
start    end        module name
80800000 80a7a000   nt             Checksum: 00269C05  Timestamp: Mon Mar 05 05:
02:02 2007 (45EC14CA)
80a7a000 80aa6000   hal            Checksum: 00021C2C  Timestamp: Fri Feb 16 21:
48:26 2007 (45D6972A)
b65ed000 b65ff320   NAVENG         Checksum: 00015B2A  Timestamp: Sat Jun 23 11:
23:20 2007 (467D6518)
b6600000 b66d1c40   NAVEX15        Checksum: 000D7951  Timestamp: Sat Jun 23 10:
48:39 2007 (467D5CF7)
b72cb000 b72f6000   RDPWD          Checksum: 00027066  Timestamp: Fri Feb 16 21:
44:38 2007 (45D69646)
b74f3000 b7531000   NAVAP          Checksum: 0003FDFE  Timestamp: Fri May 02 21:
08:14 2003 (3EB340AE)
b7581000 b7591a60   SYMEVENT       Checksum: 00018D6C  Timestamp: Tue May 13 22:
45:43 2003 (3EC1D807)
b7812000 b781b000   asyncmac       Checksum: 0000D4F9  Timestamp: Tue Mar 25 00:
11:27 2003 (3E80011F)
b8081000 b80ab000   Fastfat        Checksum: 0002CC8F  Timestamp: Fri Feb 16 22:
27:55 2007 (45D6A06B)
b86c3000 b86d4000   NAVAPEL        Checksum: 0000D4D9  Timestamp: Fri May 02 21:
08:21 2003 (3EB340B5)
b87ec000 b883c000   HTTP           Checksum: 00056124  Timestamp: Fri Feb 16 22:
28:12 2007 (45D6A07C)
b89a0000 b89a3ee0   Aspi32         Checksum: 00013DCE  Timestamp: Mon May 06 09:
43:02 2002 (3CD6B296)
b89a4000 b8a01000   srv            Checksum: 0005AEFC  Timestamp: Fri Feb 16 22:
27:20 2007 (45D6A048)
b8a29000 b8a5c000   mrxdav         Checksum: 0003DFFB  Timestamp: Fri Feb 16 21:
50:49 2007 (45D697B9)
b8b86000 b8bb5e60   exifs          Checksum: 00036DFD  Timestamp: Thu Aug 25 17:
29:05 2005 (430E6251)
b8bde000 b8bf3000   Cdfs           Checksum: 00015D3A  Timestamp: Fri Feb 16 22:
27:08 2007 (45D6A03C)
b8bf3000 b8c04000   Fips           Checksum: 0000B9EB  Timestamp: Fri Feb 16 22:
26:33 2007 (45D6A019)
b8c04000 b8c7a000   mrxsmb         Checksum: 00074736  Timestamp: Fri Feb 16 22:
28:15 2007 (45D6A07F)
b8c7a000 b8caa000   rdbss          Checksum: 000346F8  Timestamp: Fri Feb 16 22:
27:37 2007 (45D6A059)
b8caa000 b8cd4000   afd            Checksum: 00025770  Timestamp: Fri Feb 16 22:
28:16 2007 (45D6A080)
b8cd4000 b8d05000   netbt          Checksum: 0002E9F6  Timestamp: Fri Feb 16 22:
28:57 2007 (45D6A0A9)
b8d05000 b8d95000   tcpip          Checksum: 0006B568  Timestamp: Fri Feb 16 22:
28:05 2007 (45D6A075)
b8d95000 b8dae000   ipsec          Checksum: 0001DA9A  Timestamp: Fri Feb 16 22:
29:28 2007 (45D6A0C8)
b8dd6000 b8deb000   usbhub         Checksum: 0001E7B9  Timestamp: Fri Feb 16 22:
13:05 2007 (45D69CF1)
b8e0b000 b8e6a000   update         Checksum: 0006445C  Timestamp: Mon May 28 05:
15:16 2007 (465AC7D4)
b8f0a000 b8f14000   dump_scsiport       Checksum: 000062CA  Timestamp: Fri Feb 1
6 22:07:44 2007 (45D69BB0)
b8fca000 b8fd7000   wanarp         Checksum: 0000969A  Timestamp: Fri Feb 16 21:
59:17 2007 (45D699B5)
b8fda000 b8fe4000   flpydisk       Checksum: 000132D1  Timestamp: Tue Mar 25 00:
04:32 2003 (3E7FFF80)
b9086000 b9087000   dxgthk         Checksum: 000019C5  Timestamp: unavailable (0
0000000)
b93a4000 b93ae000   Dxapi          Checksum: 0001039A  Timestamp: Tue Mar 25 00:
06:01 2003 (3E7FFFD9)
b94a4000 b94ab000   parvdm         Checksum: 000023C8  Timestamp: Tue Mar 25 00:
03:49 2003 (3E7FFF55)
b951c000 b9529000   Npfs           Checksum: 00015D8A  Timestamp: Fri Feb 16 21:
50:36 2007 (45D697AC)
b953c000 b954a000   msgpc          Checksum: 0001679D  Timestamp: Fri Feb 16 21:
58:37 2007 (45D6998D)
b95ec000 b95f5000   hidusb         Checksum: 0000BFEC  Timestamp: Tue Mar 25 00:
10:17 2003 (3E8000D9)
b965c000 b9662300   HIDPARSE       Checksum: 000156D7  Timestamp: Fri Feb 16 22:
12:35 2007 (45D69CD3)
b97d4000 b97df000   Msfs           Checksum: 000118ED  Timestamp: Fri Feb 16 21:
50:33 2007 (45D697A9)
b98b4000 b98eb000   rdpdr          Checksum: 00031FE4  Timestamp: Fri Feb 16 21:
51:00 2007 (45D697C4)
b98eb000 b98fd000   raspptp        Checksum: 00013B9A  Timestamp: Fri Feb 16 22:
29:20 2007 (45D6A0C0)
b98fd000 b9916000   ndiswan        Checksum: 00021659  Timestamp: Fri Feb 16 22:
29:22 2007 (45D6A0C2)
b9916000 b992a000   rasl2tp        Checksum: 0001D4BD  Timestamp: Fri Feb 16 22:
29:02 2007 (45D6A0AE)
b992a000 b99418a0   aeaudio        Checksum: 0001D6F6  Timestamp: Thu Mar 13 14:
54:09 2003 (3E70FE01)
b9942000 b9957000   drmk           Checksum: 000109BA  Timestamp: Fri Feb 16 22:
12:29 2007 (45D69CCD)
b9957000 b9980000   portcls        Checksum: 00031CAE  Timestamp: Fri Feb 16 22:
30:03 2007 (45D6A0EB)
b9980000 b9a0d300   smwdm          Checksum: 0009C8D6  Timestamp: Mon Jun 02 10:
42:12 2003 (3EDB8C74)
b9a0e000 b9a35000   ks             Checksum: 0002DD89  Timestamp: Fri Feb 16 22:
30:40 2007 (45D6A110)
b9a35000 b9a49000   redbook        Checksum: 00011CDD  Timestamp: Fri Feb 16 22:
07:26 2007 (45D69B9E)
b9a49000 b9a5e000   cdrom          Checksum: 0001CAE1  Timestamp: Fri Feb 16 22:
07:48 2007 (45D69BB4)
b9a5e000 b9a76000   parport        Checksum: 00021142  Timestamp: Fri Feb 16 22:
06:42 2007 (45D69B72)
b9a76000 b9a8b000   serial         Checksum: 0001E1B9  Timestamp: Fri Feb 16 22:
06:46 2007 (45D69B76)
b9a8b000 b9a9e000   i8042prt       Checksum: 000184DF  Timestamp: Fri Feb 16 22:
30:40 2007 (45D6A110)
b9a9e000 b9ac1800   e100b325       Checksum: 00024E74  Timestamp: Tue Mar 04 11:
56:25 2003 (3E6504E9)
b9ac2000 b9aec000   USBPORT        Checksum: 00027A92  Timestamp: Fri Feb 16 22:
12:59 2007 (45D69CEB)
b9aec000 b9b08000   VIDEOPRT       Checksum: 000223AF  Timestamp: Fri Feb 16 22:
10:30 2007 (45D69C56)
b9bc4000 b9bcb000   Beep           Checksum: 0000B82F  Timestamp: Tue Mar 25 00:
03:04 2003 (3E7FFF28)
b9bd4000 b9bdc000   mnmdd          Checksum: 0000B73B  Timestamp: Tue Mar 25 00:
07:53 2003 (3E800049)
b9be4000 b9bec000   RDPCDD         Checksum: 00008EDA  Timestamp: Tue Mar 25 00:
03:05 2003 (3E7FFF29)
ba865000 ba873000   HIDCLASS       Checksum: 00016280  Timestamp: Tue Mar 25 00:
10:17 2003 (3E8000D9)
ba885000 ba891000   vgapnp         Checksum: 00006842  Timestamp: Fri Feb 16 22:
10:30 2007 (45D69C56)
ba895000 ba8a1000   TAPE           Checksum: 00006465  Timestamp: Fri Feb 16 22:
08:04 2007 (45D69BC4)
ba8a5000 ba8ae000   watchdog       Checksum: 00009AB6  Timestamp: Fri Feb 16 22:
11:45 2007 (45D69CA1)
ba8d5000 ba8e2000   netbios        Checksum: 00011592  Timestamp: Fri Feb 16 21:
58:29 2007 (45D69985)
bf800000 bf9cf000   win32k         Checksum: 001CB099  Timestamp: Thu Mar 01 06:
59:28 2007 (45E6EA50)
bf9cf000 bf9e6000   dxg            Checksum: 00012550  Timestamp: Fri Feb 16 22:
14:39 2007 (45D69D4F)
bff40000 bff48000   framebuf       Checksum: 0000373F  Timestamp: Tue Mar 25 02:
46:25 2003 (3E802571)
f708a000 f7093000   ndistapi       Checksum: 00010072  Timestamp: Fri Feb 16 21:
59:19 2007 (45D699B7)
f709a000 f70a9000   dump_hpt3xx       Checksum: 00013922  Timestamp: Tue Mar 25
00:05:15 2003 (3E7FFFAB)
f70da000 f70e9000   raspppoe       Checksum: 0001208D  Timestamp: Fri Feb 16 21:
59:23 2007 (45D699BB)
f70ea000 f70f8000   NDProxy        Checksum: 0000EC7F  Timestamp: Fri Feb 16 21:
59:21 2007 (45D699B9)
f710a000 f7115000   kbdclass       Checksum: 00007486  Timestamp: Fri Feb 16 22:
05:39 2007 (45D69B33)
f712a000 f7134000   serenum        Checksum: 00009B3C  Timestamp: Fri Feb 16 22:
06:44 2007 (45D69B74)
f713a000 f7145000   fdc            Checksum: 00011681  Timestamp: Fri Feb 16 22:
07:16 2007 (45D69B94)
f714a000 f7155000   ptilink        Checksum: 0000D201  Timestamp: Fri Feb 16 22:
06:38 2007 (45D69B6E)
f715a000 f7163000   mssmbios       Checksum: 0000C632  Timestamp: Fri Feb 16 21:
59:12 2007 (45D699B0)
f7212000 f7231000   Mup            Checksum: 00023FA8  Timestamp: Fri Feb 16 22:
27:41 2007 (45D6A05D)
f7231000 f7270000   NDIS           Checksum: 0003CA0F  Timestamp: Fri Feb 16 22:
28:49 2007 (45D6A0A1)
f7270000 f7305000   Ntfs           Checksum: 00097DDD  Timestamp: Fri Feb 16 22:
27:23 2007 (45D6A04B)
f7305000 f732b000   KSecDD         Checksum: 00024591  Timestamp: Fri Feb 16 21:
46:32 2007 (45D696B8)
f732b000 f7350000   fltmgr         Checksum: 00028DAD  Timestamp: Fri Feb 16 21:
51:08 2007 (45D697CC)
f7350000 f7363000   CLASSPNP       Checksum: 0000EFB8  Timestamp: Fri Feb 16 22:
28:16 2007 (45D6A080)
f7363000 f7382000   SCSIPORT       Checksum: 00029278  Timestamp: Fri Feb 16 22:
28:41 2007 (45D6A099)
f7382000 f739f000   atapi          Checksum: 0001D4C5  Timestamp: Fri Feb 16 22:
07:34 2007 (45D69BA6)
f739f000 f73c9000   volsnap        Checksum: 00029843  Timestamp: Fri Feb 16 22:
08:23 2007 (45D69BD7)
f73c9000 f73f5000   dmio           Checksum: 000270C9  Timestamp: Fri Feb 16 22:
10:44 2007 (45D69C64)
f73f5000 f741c000   ftdisk         Checksum: 00024F7A  Timestamp: Fri Feb 16 22:
08:05 2007 (45D69BC5)
f741c000 f7432000   pci            Checksum: 0001E42B  Timestamp: Fri Feb 16 21:
59:03 2007 (45D699A7)
f7432000 f7466000   ACPI           Checksum: 00032E63  Timestamp: Fri Feb 16 21:
58:47 2007 (45D69997)
f7487000 f7490000   WMILIB         Checksum: 00004365  Timestamp: Tue Mar 25 00:
13:00 2003 (3E80017C)
f7497000 f74a6000   isapnp         Checksum: 0000DC0C  Timestamp: Fri Feb 16 21:
58:57 2007 (45D699A1)
f74a7000 f74b4000   PCIIDEX        Checksum: 00010ED8  Timestamp: Fri Feb 16 22:
07:32 2007 (45D69BA4)
f74b7000 f74c7000   MountMgr       Checksum: 00018F39  Timestamp: Fri Feb 16 22:
05:35 2007 (45D69B2F)
f74c7000 f74d2000   PartMgr        Checksum: 0000EE27  Timestamp: Fri Feb 16 22:
29:25 2007 (45D6A0C5)
f74d7000 f74e2000   sym_u3         Checksum: 00014E9A  Timestamp: Fri Oct 29 15:
15:26 2004 (4182C0FE)
f74e7000 f74f6000   hpt3xx         Checksum: 00013922  Timestamp: Tue Mar 25 00:
05:15 2003 (3E7FFFAB)
f74f7000 f7507000   disk           Checksum: 00017691  Timestamp: Fri Feb 16 22:
07:51 2007 (45D69BB7)
f7507000 f7513000   Dfs            Checksum: 00016C54  Timestamp: Fri Feb 16 21:
51:17 2007 (45D697D5)
f7517000 f7521000   crcdisk        Checksum: 0001142A  Timestamp: Fri Feb 16 22:
09:50 2007 (45D69C2E)
f7547000 f754f880   SMBios         Checksum: 00015915  Timestamp: Tue Feb 04 11:
33:18 2003 (3E40157E)
f7557000 f7561000   mouclass       Checksum: 000062DB  Timestamp: Tue Mar 25 00:
03:09 2003 (3E7FFF2D)
f7597000 f75a0000   raspti         Checksum: 0001246A  Timestamp: Fri Feb 16 21:
59:23 2007 (45D699BB)
f75d7000 f75e2000   TDTCP          Checksum: 0000F683  Timestamp: Fri Feb 16 21:
44:32 2007 (45D69640)
f7657000 f7666000   termdd         Checksum: 0000ED7D  Timestamp: Fri Feb 16 21:
44:32 2007 (45D69640)
f7667000 f7672000   TDI            Checksum: 0000C620  Timestamp: Fri Feb 16 22:
01:19 2007 (45D69A2F)
f7687000 f7696000   intelppm       Checksum: 0001690F  Timestamp: Fri Feb 16 21:
48:30 2007 (45D6972E)
f7707000 f770f000   kdcom          Checksum: 0000E3AA  Timestamp: Tue Mar 25 00:
08:00 2003 (3E800050)
f770f000 f7717000   BOOTVID        Checksum: 00008BE3  Timestamp: Tue Mar 25 00:
07:58 2003 (3E80004E)
f7717000 f771e000   pciide         Checksum: 00009478  Timestamp: Tue Mar 25 00:
04:46 2003 (3E7FFF8E)
f771f000 f7726000   intelide       Checksum: 0000B3A2  Timestamp: Fri Feb 16 22:
07:32 2007 (45D69BA4)
f7727000 f772e000   dmload         Checksum: 00004F35  Timestamp: Tue Mar 25 00:
08:08 2003 (3E800058)
f772f000 f7735e40   iomdisk        Checksum: 00007665  Timestamp: Wed Jul 31 13:
59:04 2002 (3D484F98)
f7797000 f779f000   rasacd         Checksum: 000067ED  Timestamp: Tue Mar 25 00:
11:50 2003 (3E800136)
f77af000 f77b7000   audstub        Checksum: 00005AA7  Timestamp: Tue Mar 25 00:
09:12 2003 (3E800098)
f77cf000 f77d4180   usbuhci        Checksum: 0000FDE1  Timestamp: Fri Feb 16 22:
13:02 2007 (45D69CEE)
f77d7000 f77dea40   sf             Checksum: 0001094F  Timestamp: Thu May 08 21:
00:55 2003 (3EBB27F7)
f77df000 f77e5b80   usbehci        Checksum: 00016935  Timestamp: Fri Feb 16 22:
12:56 2007 (45D69CE8)
f77e7000 f77ef000   qdatwin        Checksum: 00007375  Timestamp: Tue Aug 01 12:
25:32 2006 (44CFAAAC)
f77ef000 f77f7000   Fs_Rec         Checksum: 0000F5E9  Timestamp: Tue Mar 25 00:
08:36 2003 (3E800074)
f780f000 f7816000   Null           Checksum: 0000C34A  Timestamp: Tue Mar 25 00:
03:05 2003 (3E7FFF29)
f7897000 f7899980   compbatt       Checksum: 0000741E  Timestamp: Fri Feb 16 21:
58:51 2007 (45D6999B)
f789b000 f789e900   BATTC          Checksum: 0000CFF6  Timestamp: Fri Feb 16 21:
58:46 2007 (45D69996)
f79b3000 f79b4580   USBD           Checksum: 0000A359  Timestamp: Tue Mar 25 00:
10:39 2003 (3E8000EF)
f79bd000 f79be280   swenum         Checksum: 00006FC6  Timestamp: Fri Feb 16 22:
05:56 2007 (45D69B44)

Unloaded modules:
b6600000 b66d2000   NAVEX15.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
b65ed000 b6600000   NAVENG.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
b6600000 b66d2000   NAVEX15.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
b65ed000 b6600000   NAVENG.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
b6600000 b66d2000   NAVEX15.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
b65ed000 b6600000   NAVENG.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
b6600000 b66d2000   NAVEX15.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
b65ed000 b6600000   NAVENG.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
b670d000 b67df000   NAVEX15.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
b66fa000 b670d000   NAVENG.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
b670d000 b67df000   NAVEX15.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
b66fa000 b670d000   NAVENG.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
b73f9000 b74cb000   NAVEX15.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
b731e000 b7331000   NAVENG.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
b94dc000 b94ea000   imapi.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
b958c000 b9598000   vga.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
f7807000 f780f000   Sfloppy.SYS
    Timestamp: unavailable (00000000)
    Checksum:  00000000

The call to LoadLibrary(ext) failed, Win32 error 2
    "The system cannot find the file specified."
Please check your debugger configuration and/or network access.
The call to LoadLibrary(exts) failed, Win32 error 2
    "The system cannot find the file specified."
Please check your debugger configuration and/or network access.
The call to LoadLibrary(kext) failed, Win32 error 2
    "The system cannot find the file specified."
Please check your debugger configuration and/or network access.
The call to LoadLibrary(kdexts) failed, Win32 error 2
    "The system cannot find the file specified."
Please check your debugger configuration and/or network access.
No export analyze found
Finished dump check
0
Comment
Question by:bleujaegel
  • 2
  • 2
4 Comments
 
LVL 38

Accepted Solution

by:
ChiefIT earned 500 total points
ID: 20361673
I believe this is mismatched memory sticks to your MOBO or spyware on the server.
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 20362083
Yah:

This might be an instance of the hax door virus. I knew I have seen it before.
http://support.microsoft.com/kb/903251

May I recommend symantec's Haxdoor removal tool:
http://www.symantec.com/security_response/writeup.jsp?docid=2007-011109-2557-99
0
 
LVL 2

Author Comment

by:bleujaegel
ID: 20363339
I think you may be on to something with the mismatch issue.  I suspected that the memory may be defective, but hadn't even though about a mismatch.  Here is the PC-Wizard memory specs:

Information SPD EEPROM (DIMM1) :       
Manufacturer :      Kingston
Part Number :      K
Serial Number :      661CCD30
Type :      DDR-SDRAM PC-3200 (200 MHz)  -  [DDR-400]
Size :      512 MB (2 rows, 4 banks)
Module Buffered :      No
Module Registered :      No
Module SLi Ready (EPP) :      No
Width :      64-bit
Error Correction Capability :      No
Max. Burst Length :      8
Refresh :      Reduced (.5x)7.8 µs, Self Refresh
Voltage :      SSTL 2.5v
Prefetch Buffer :      2-bit
Manufacture :      Week 2 of 2004
Supported Frequencies :      133 MHz, 166 MHz, 200 MHz
CAS Latency (tCL) :      2 clocks @133 MHz, 2.5 clocks @166 MHz, 3 clocks @200 MHz
RAS to CAS (tRCD) :      2 clocks @133 MHz, 3 clocks @166 MHz, 3 clocks @200 MHz
RAS Precharge (tRP) :      2 clocks @133 MHz, 3 clocks @166 MHz, 3 clocks @200 MHz
Cycle Time (tRAS) :      6 clocks @133 MHz, 7 clocks @166 MHz, 8 clocks @200 MHz

 Information SPD EEPROM (DIMM2) :       
Manufacturer :      Unspecified
Part Number :      SUPERTALENT
Serial Number :      Unspecified
Type :      DDR-SDRAM PC-3200 (200 MHz)  -  [DDR-400]
Size :      1024 MB (2 rows, 4 banks)
Module Buffered :      No
Module Registered :      No
Module SLi Ready (EPP) :      No
Width :      64-bit
Error Correction Capability :      No
Max. Burst Length :      8
Refresh :      Reduced (.5x)7.8 µs, Self Refresh
Voltage :      SSTL 2.5v
Prefetch Buffer :      2-bit
Manufacture :      Week 31 of 2006
Supported Frequencies :      166 MHz, 200 MHz
CAS Latency (tCL) :      2.5 clocks @166 MHz, 3 clocks @200 MHz
RAS to CAS (tRCD) :      3 clocks @166 MHz, 3 clocks @200 MHz
RAS Precharge (tRP) :      3 clocks @166 MHz, 3 clocks @200 MHz
Cycle Time (tRAS) :      7 clocks @166 MHz, 8 clocks @200 MHz

 Information SPD EEPROM (DIMM3) :       
Manufacturer :      Kingston
Part Number :      K
Serial Number :      661CCB30
Type :      DDR-SDRAM PC-3200 (200 MHz)  -  [DDR-400]
Size :      512 MB (2 rows, 4 banks)
Module Buffered :      No
Module Registered :      No
Module SLi Ready (EPP) :      No
Width :      64-bit
Error Correction Capability :      No
Max. Burst Length :      8
Refresh :      Reduced (.5x)7.8 µs, Self Refresh
Voltage :      SSTL 2.5v
Prefetch Buffer :      2-bit
Manufacture :      Week 2 of 2004
Supported Frequencies :      133 MHz, 166 MHz, 200 MHz
CAS Latency (tCL) :      2 clocks @133 MHz, 2.5 clocks @166 MHz, 3 clocks @200 MHz
RAS to CAS (tRCD) :      2 clocks @133 MHz, 3 clocks @166 MHz, 3 clocks @200 MHz
RAS Precharge (tRP) :      2 clocks @133 MHz, 3 clocks @166 MHz, 3 clocks @200 MHz
Cycle Time (tRAS) :      6 clocks @133 MHz, 7 clocks @166 MHz, 8 clocks @200 MHz

 Information SPD EEPROM (DIMM4) :       
Manufacturer :      Unspecified
Part Number :      SUPERTALENT
Serial Number :      Unspecified
Type :      DDR-SDRAM PC-3200 (200 MHz)  -  [DDR-400]
Size :      1024 MB (2 rows, 4 banks)
Module Buffered :      No
Module Registered :      No
Module SLi Ready (EPP) :      No
Width :      64-bit
Error Correction Capability :      No
Max. Burst Length :      8
Refresh :      Reduced (.5x)7.8 µs, Self Refresh
Voltage :      SSTL 2.5v
Prefetch Buffer :      2-bit
Manufacture :      Week 31 of 2006
Supported Frequencies :      166 MHz, 200 MHz
CAS Latency (tCL) :      2.5 clocks @166 MHz, 3 clocks @200 MHz
RAS to CAS (tRCD) :      3 clocks @166 MHz, 3 clocks @200 MHz
RAS Precharge (tRP) :      3 clocks @166 MHz, 3 clocks @200 MHz
Cycle Time (tRAS) :      7 clocks @166 MHz, 8 clocks @200 MHz

 Memory Controller Information :       
Memory Controller :      Standard, FPM, EDO, Parity, ECC, SIMM, DIMM, Burst EDO, SDRAM
Number of connectors :      4
Max. Module Size :      1024 MB
Max. Memory Size :      4096 MB
Supported Speed :      70ns, 60ns
Supported Voltages :      3.3v
Error Detection Method :      64-bit ECC
Error Correction Capability :      None
Current/Supported Interleave :      1-way/1-way

I think I'll start by keeping the Kingston and pulling the Super Talent.  I've had very good luck with Kingston.  Even though it's older, I never have problems with it.

I doubt the virus is an issue.  We have Symantec corporate.  It is up to date, real-time is active, and it scans daily.

It might be a week before I get back there, but I'll keep you posted.  Thanks!
0
 
LVL 2

Author Comment

by:bleujaegel
ID: 22501618
You were right.  After replacing the memory and extensively testing, it hasn't had an issue yet.  Thanks for your feedback.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Small Business Server 2011. NOTE: This guide has been written using the preview version of SBS2011 therefore some of the screens may …
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now