We help IT Professionals succeed at work.

Blue screen restarts on Terminal Server due to app issue

I'm using Terminal Services on Server 2008 to host our enterprise mail order app at a remote location. We've been experiencing daily blue screen reboots. I ran chkdsk and Memtest with no errors. Today I looked at the dump file today to see what might be causing it, and it appears the culprit is the very app I'm hosting: MOMWIN.EXE.

Any clue what exactly might be causing the kernel panic? I've tried reinstalling the app with no change. I don't get any errors on installation. The app vendor doesn't support TS, but they say many clients have used it successfully.

Dump code is attached.
thanks
1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************
 
KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003.  This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG.  This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG.  This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 81864343, The address that the exception occurred at
Arg3: 97f68840, Trap Frame
Arg4: 00000000
 
Debugging Details:
------------------
 
 
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
 
FAULTING_IP: 
nt!RtlInitUnicodeString+1b
81864343 f266af          repne scas word ptr es:[edi]
 
TRAP_FRAME:  97f68840 -- (.trap 0xffffffff97f68840)
ErrCode = 00000000
eax=00000000 ebx=fe424fd8 ecx=ffffffec edx=97f68914 esi=fe412fe8 edi=fe425000
eip=81864343 esp=97f688b4 ebp=97f68924 iopl=0         nv up ei pl zr na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010246
nt!RtlInitUnicodeString+0x1b:
81864343 f266af          repne scas word ptr es:[edi]
Resetting default scope
 
CUSTOMER_CRASH_COUNT:  1
 
DEFAULT_BUCKET_ID:  DRIVER_FAULT_SERVER_MINIDUMP
 
BUGCHECK_STR:  0x8E
 
PROCESS_NAME:  momwin.exe
 
CURRENT_IRQL:  0
 
LAST_CONTROL_TRANSFER:  from 97f68914 to 81864343
 
STACK_TEXT:  
97f688b8 97f68914 fe424fda ffffffff 91633634 nt!RtlInitUnicodeString+0x1b
WARNING: Frame IP not in any known module. Following frames may be wrong.
97f68924 9181f18b 040104fa 00000006 00000002 0x97f68914
97f68a0c 9182ecdd 040104fa 00000006 00000002 win32k+0x13f18b
97f68abc 91804739 040104fa 0110007e 97f68b04 win32k+0x14ecdd
97f68b2c 918055bf 040104fa fe40c578 00c8d0d4 win32k+0x124739
97f68b98 9181f6f1 040104fa 00000000 fe40fa68 win32k+0x1255bf
97f68bf0 9176d29f 00000017 040104fa 00000004 win32k+0x13f6f1
97f68c38 9178c215 fe40fa68 040104fa 00000001 win32k+0x8d29f
97f68cb4 9178d85d fe40fa68 00000085 01040450 win32k+0xac215
97f68ccc 917667ad fe40fa68 00000085 01040450 win32k+0xad85d
97f68ce8 9178d814 fe40fa68 00000085 01040450 win32k+0x867ad
97f68d20 81869a1a 0001013c 00000085 01040450 win32k+0xad814
97f68d20 77939a94 0001013c 00000085 01040450 nt!KiFastCallEntry+0x12a
0012af3c 00000000 00000000 00000000 00000000 0x77939a94
 
 
STACK_COMMAND:  kb
 
FOLLOWUP_IP: 
win32k+13f18b
9181f18b ??              ???
 
SYMBOL_STACK_INDEX:  2
 
SYMBOL_NAME:  win32k+13f18b
 
FOLLOWUP_NAME:  MachineOwner
 
MODULE_NAME: win32k
 
IMAGE_NAME:  win32k.sys
 
DEBUG_FLR_IMAGE_TIMESTAMP:  49edb40e
 
FAILURE_BUCKET_ID:  0x8E_win32k+13f18b
 
BUCKET_ID:  0x8E_win32k+13f18b
 
Followup: MachineOwner

Open in new window

Comment
Watch Question

Hi -
The bugcheck 0x8e = kernel threw an exception; the exception is the important one here = 0xc0000005 = memory access violation
win32k.sys may have been named as the probable cause, but it is not.  If this is software related, win32k.sys "took" the blame because it is the driver that is identifiable on the stack text because of the Microsoft symbols that are available for it.
I would appreciate it if you would re-run Windbg.  When it comes time to click on the blue !analyze -v please do not.  Instead, please paste the commands below (also found in the code snippet box) into the kd> command line found at the bottom of the Windbg GUI.  This will provide me with additional information that will hopefully yield a clue.
!analyze -v;r;kv;lmtn;lmtsmn;.bugcheck
 The 0xc..5 exception can be RAM or the item that I usually find it related to is a personal firewall, like those found in KIS, NIS, N360, etc... the Internet Security products.  Are any of these installed?
Of course a bad driver may be at fault here as well.  Have you ever run the Driver verifier?  Hold off for now until I can see the additional output from Windbg, but here are the instructions for it in a post that I wrote some time ago - http://www.techsupportforum.com/2110308-post3.html
Regards. . .
jcgriff2

!analyze -v;r;kv;lmtn;lmtsmn;.bugcheck

Open in new window

Author

Commented:
Here's the result of your command in windbg.

I should also say that I removed all the original system RAM and installed a different brand with no change.

I haven't installed any Internet Security products.

I have not run the driver verifier.

Thanks for your help.
KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003.  This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG.  This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG.  This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 81864343, The address that the exception occurred at
Arg3: 97f68840, Trap Frame
Arg4: 00000000
 
Debugging Details:
------------------
 
 
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
 
FAULTING_IP: 
nt!RtlInitUnicodeString+1b
81864343 f266af          repne scas word ptr es:[edi]
 
TRAP_FRAME:  97f68840 -- (.trap 0xffffffff97f68840)
ErrCode = 00000000
eax=00000000 ebx=fe424fd8 ecx=ffffffec edx=97f68914 esi=fe412fe8 edi=fe425000
eip=81864343 esp=97f688b4 ebp=97f68924 iopl=0         nv up ei pl zr na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010246
nt!RtlInitUnicodeString+0x1b:
81864343 f266af          repne scas word ptr es:[edi]
Resetting default scope
 
CUSTOMER_CRASH_COUNT:  1
 
DEFAULT_BUCKET_ID:  DRIVER_FAULT_SERVER_MINIDUMP
 
BUGCHECK_STR:  0x8E
 
PROCESS_NAME:  momwin.exe
 
CURRENT_IRQL:  0
 
LAST_CONTROL_TRANSFER:  from 97f68914 to 81864343
 
STACK_TEXT:  
97f688b8 97f68914 fe424fda ffffffff 91633634 nt!RtlInitUnicodeString+0x1b
WARNING: Frame IP not in any known module. Following frames may be wrong.
97f68924 9181f18b 040104fa 00000006 00000002 0x97f68914
97f68a0c 9182ecdd 040104fa 00000006 00000002 win32k+0x13f18b
97f68abc 91804739 040104fa 0110007e 97f68b04 win32k+0x14ecdd
97f68b2c 918055bf 040104fa fe40c578 00c8d0d4 win32k+0x124739
97f68b98 9181f6f1 040104fa 00000000 fe40fa68 win32k+0x1255bf
97f68bf0 9176d29f 00000017 040104fa 00000004 win32k+0x13f6f1
97f68c38 9178c215 fe40fa68 040104fa 00000001 win32k+0x8d29f
97f68cb4 9178d85d fe40fa68 00000085 01040450 win32k+0xac215
97f68ccc 917667ad fe40fa68 00000085 01040450 win32k+0xad85d
97f68ce8 9178d814 fe40fa68 00000085 01040450 win32k+0x867ad
97f68d20 81869a1a 0001013c 00000085 01040450 win32k+0xad814
97f68d20 77939a94 0001013c 00000085 01040450 nt!KiFastCallEntry+0x12a
0012af3c 00000000 00000000 00000000 00000000 0x77939a94
 
 
STACK_COMMAND:  kb
 
FOLLOWUP_IP: 
win32k+13f18b
9181f18b ??              ???
 
SYMBOL_STACK_INDEX:  2
 
SYMBOL_NAME:  win32k+13f18b
 
FOLLOWUP_NAME:  MachineOwner
 
MODULE_NAME: win32k
 
IMAGE_NAME:  win32k.sys
 
DEBUG_FLR_IMAGE_TIMESTAMP:  49edb40e
 
FAILURE_BUCKET_ID:  0x8E_win32k+13f18b
 
BUCKET_ID:  0x8E_win32k+13f18b
 
Followup: MachineOwner
---------
 
eax=00000000 ebx=fe424fd8 ecx=ffffffec edx=97f68914 esi=fe412fe8 edi=fe425000
eip=81864343 esp=97f688b4 ebp=97f68924 iopl=0         nv up ei pl zr na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010246
nt!RtlInitUnicodeString+0x1b:
81864343 f266af          repne scas word ptr es:[edi]
ChildEBP RetAddr  Args to Child              
97f688b8 97f68914 fe424fda ffffffff 91633634 nt!RtlInitUnicodeString+0x1b (FPO: [2,2,0])
WARNING: Frame IP not in any known module. Following frames may be wrong.
97f68924 9181f18b 040104fa 00000006 00000002 0x97f68914
97f68a0c 9182ecdd 040104fa 00000006 00000002 win32k+0x13f18b
97f68abc 91804739 040104fa 0110007e 97f68b04 win32k+0x14ecdd
97f68b2c 918055bf 040104fa fe40c578 00c8d0d4 win32k+0x124739
97f68b98 9181f6f1 040104fa 00000000 fe40fa68 win32k+0x1255bf
97f68bf0 9176d29f 00000017 040104fa 00000004 win32k+0x13f6f1
97f68c38 9178c215 fe40fa68 040104fa 00000001 win32k+0x8d29f
97f68cb4 9178d85d fe40fa68 00000085 01040450 win32k+0xac215
97f68ccc 917667ad fe40fa68 00000085 01040450 win32k+0xad85d
97f68ce8 9178d814 fe40fa68 00000085 01040450 win32k+0x867ad
97f68d20 81869a1a 0001013c 00000085 01040450 win32k+0xad814
97f68d20 77939a94 0001013c 00000085 01040450 nt!KiFastCallEntry+0x12a (FPO: [0,3] TrapFrame @ 97f68d44)
0012af3c 00000000 00000000 00000000 00000000 0x77939a94
start    end        module name
80408000 80410000   kdcom    kdcom.dll    Sat Jan 19 01:31:53 2008 (4791A769)
80410000 80470000   mcupdate_GenuineIntel mcupdate_GenuineIntel.dll Sat Jan 19 01:29:43 2008 (4791A6E7)
80470000 80481000   PSHED    PSHED.dll    Sat Jan 19 01:31:21 2008 (4791A749)
80481000 80489000   BOOTVID  BOOTVID.dll  Sat Jan 19 01:27:15 2008 (4791A653)
80489000 804ca000   CLFS     CLFS.SYS     Fri Jan 18 23:28:01 2008 (47918A61)
804ca000 805aa000   CI       CI.dll       Sat Jan 19 01:31:08 2008 (4791A73C)
805c2000 805e0000   ataport  ataport.SYS  Fri Jan 18 23:49:40 2008 (47918F74)
805e0000 805f7000   rasl2tp  rasl2tp.sys  Fri Jan 18 23:56:33 2008 (47919111)
80600000 8060d000   WDFLDR   WDFLDR.SYS   Fri Jan 18 23:52:19 2008 (47919013)
8060e000 80719000   NDIS     NDIS.SYS     Fri Jan 18 23:55:51 2008 (479190E7)
80719000 80744000   msrpc    msrpc.sys    Fri Jan 18 23:48:15 2008 (47918F1F)
80744000 8077e000   NETIO    NETIO.SYS    Fri Jan 18 23:56:19 2008 (47919103)
8077e000 807fa000   Wdf01000 Wdf01000.sys Fri Jan 18 23:52:21 2008 (47919015)
81812000 81bcb000   nt       ntkrpamp.exe Mon Mar 02 20:02:28 2009 (49AC8FB4)
81bcb000 81bfe000   hal      halmacpi.dll Fri Jan 18 23:27:20 2008 (47918A38)
81e0f000 81e55000   acpi     acpi.sys     Fri Jan 18 23:32:48 2008 (47918B80)
81e55000 81e5e000   WMILIB   WMILIB.SYS   Fri Jan 18 23:53:08 2008 (47919044)
81e5e000 81e66000   msisadrv msisadrv.sys Fri Jan 18 23:32:51 2008 (47918B83)
81e66000 81e8d000   pci      pci.sys      Fri Jan 18 23:32:57 2008 (47918B89)
81e8d000 81e9c000   partmgr  partmgr.sys  Fri Jan 18 23:49:54 2008 (47918F82)
81e9c000 81eab000   volmgr   volmgr.sys   Fri Jan 18 23:49:51 2008 (47918F7F)
81eab000 81ef5000   volmgrx  volmgrx.sys  Fri Jan 18 23:50:00 2008 (47918F88)
81ef5000 81efc000   pciide   pciide.sys   Fri Jan 18 23:49:42 2008 (47918F76)
81efc000 81f0a000   PCIIDEX  PCIIDEX.SYS  Fri Jan 18 23:49:40 2008 (47918F74)
81f0a000 81f1a000   mountmgr mountmgr.sys Fri Jan 18 23:49:13 2008 (47918F59)
81f1a000 81fe8000   iastor   iastor.sys   Tue Apr 15 19:07:31 2008 (48054343)
81fe8000 81ff0000   atapi    atapi.sys    Fri Jan 18 23:49:40 2008 (47918F74)
81ff0000 81ffb000   ndistapi ndistapi.sys Fri Jan 18 23:56:24 2008 (47919108)
8c608000 8c63a000   fltmgr   fltmgr.sys   Fri Jan 18 23:28:10 2008 (47918A6A)
8c63a000 8c6ab000   ksecdd   ksecdd.sys   Fri Jan 18 23:41:20 2008 (47918D80)
8c6ab000 8c792000   tcpip    tcpip.sys    Fri Jan 18 23:56:48 2008 (47919120)
8c792000 8c7ad000   fwpkclnt fwpkclnt.sys Fri Jan 18 23:55:44 2008 (479190E0)
8c7ad000 8c7b4e00   storflt  storflt.sys  Sat Nov 17 20:29:44 2007 (473FA398)
8c7b5000 8c7f6000   storport storport.sys Fri Jan 18 23:49:49 2008 (47918F7D)
8c803000 8c912000   Ntfs     Ntfs.sys     Fri Jan 18 23:28:54 2008 (47918A96)
8c912000 8c94b000   volsnap  volsnap.sys  Fri Jan 18 23:50:10 2008 (47918F92)
8c94b000 8c953000   spldr    spldr.sys    Thu Jun 21 19:29:17 2007 (467B17DD)
8c953000 8c962000   mup      mup.sys      Fri Jan 18 23:28:20 2008 (47918A74)
8c962000 8c973000   disk     disk.sys     Fri Jan 18 23:49:47 2008 (47918F7B)
8c973000 8c994000   CLASSPNP CLASSPNP.SYS Fri Jan 18 23:49:36 2008 (47918F70)
8c994000 8c99d000   crcdisk  crcdisk.sys  Fri Jan 18 23:50:29 2008 (47918FA5)
8c9aa000 8c9c4000   serial   serial.sys   Fri Jan 18 23:49:34 2008 (47918F6E)
8c9c4000 8c9f2000   msiscsi  msiscsi.sys  Fri Jan 18 23:50:44 2008 (47918FB4)
8c9f2000 8c9fd000   TDI      TDI.SYS      Fri Jan 18 23:57:10 2008 (47919136)
8fc00000 8fcce000   dump_iaStor dump_iaStor.sys Tue Apr 15 19:07:31 2008 (48054343)
8fcce000 8fcd9000   tunnel   tunnel.sys   Fri Jan 18 23:55:50 2008 (479190E6)
8fcd9000 8fce8000   intelppm intelppm.sys Fri Jan 18 23:27:20 2008 (47918A38)
8fce8000 8fcf4000   vgapnp   vgapnp.sys   Fri Jan 18 23:52:06 2008 (47919006)
8fcf4000 8fd15000   VIDEOPRT VIDEOPRT.SYS Fri Jan 18 23:52:10 2008 (4791900A)
8fd15000 8fd22000   watchdog watchdog.sys Fri Jan 18 23:35:29 2008 (47918C21)
8fd22000 8fd2d000   usbuhci  usbuhci.sys  Fri Jan 18 23:53:20 2008 (47919050)
8fd2d000 8fd6b000   USBPORT  USBPORT.SYS  Fri Jan 18 23:53:23 2008 (47919053)
8fd6b000 8fd7a000   usbehci  usbehci.sys  Fri Jan 18 23:53:21 2008 (47919051)
8fd7a000 8fd8c000   HDAudBus HDAudBus.sys Tue Nov 27 17:18:41 2007 (474CA5D1)
8fd8c000 8fda4000   cdrom    cdrom.sys    Fri Jan 18 23:49:50 2008 (47918F7E)
8fda4000 8fdd7000   yk60x86  yk60x86.sys  Mon Oct 02 02:05:41 2006 (4520BA45)
8fdd7000 8fde6200   ohci1394 ohci1394.sys Fri Jan 18 23:53:33 2008 (4791905D)
8fde7000 8fdf4080   1394BUS  1394BUS.SYS  Fri Jan 18 23:53:27 2008 (47919057)
8fdf5000 8fdff000   serenum  serenum.sys  Fri Jan 18 23:49:29 2008 (47918F69)
90003000 90026000   ndiswan  ndiswan.sys  Fri Jan 18 23:56:32 2008 (47919110)
90026000 90035000   raspppoe raspppoe.sys Fri Jan 18 23:56:33 2008 (47919111)
90035000 90049000   raspptp  raspptp.sys  Fri Jan 18 23:56:34 2008 (47919112)
90049000 9005e000   rassstp  rassstp.sys  Fri Jan 18 23:56:43 2008 (4791911B)
9005e000 900e7000   rdpdr    rdpdr.sys    Sat Jan 19 00:02:27 2008 (47919273)
900e7000 900f7000   termdd   termdd.sys   Sat Jan 19 00:01:06 2008 (47919222)
900f7000 90102000   kbdclass kbdclass.sys Fri Jan 18 23:49:14 2008 (47918F5A)
90102000 9010d000   mouclass mouclass.sys Fri Jan 18 23:49:14 2008 (47918F5A)
9010d000 9010e380   swenum   swenum.sys   Fri Jan 18 23:49:20 2008 (47918F60)
9010f000 90139000   ks       ks.sys       Fri Jan 18 23:49:21 2008 (47918F61)
90139000 90143000   mssmbios mssmbios.sys Fri Jan 18 23:32:55 2008 (47918B87)
90143000 90150000   umbus    umbus.sys    Fri Jan 18 23:53:40 2008 (47919064)
90150000 90184000   usbhub   usbhub.sys   Fri Jan 18 23:53:40 2008 (47919064)
90184000 90195000   NDProxy  NDProxy.SYS  Fri Jan 18 23:56:28 2008 (4791910C)
90195000 901d4000   HdAudio  HdAudio.sys  Wed Nov 01 20:43:11 2006 (45494D2F)
901d4000 901de000   Dxapi    Dxapi.sys    Fri Jan 18 23:36:12 2008 (47918C4C)
901de000 901ed000   monitor  monitor.sys  Fri Jan 18 23:52:19 2008 (47919013)
90208000 90235000   portcls  portcls.sys  Fri Jan 18 23:53:17 2008 (4791904D)
90235000 9025a000   drmk     drmk.sys     Sat Jan 19 00:53:02 2008 (47919E4E)
9025a000 90263000   Fs_Rec   Fs_Rec.SYS   Fri Jan 18 23:27:57 2008 (47918A5D)
90263000 9026a000   Null     Null.SYS     Fri Jan 18 23:49:12 2008 (47918F58)
9026a000 90271000   Beep     Beep.SYS     Fri Jan 18 23:49:10 2008 (47918F56)
90271000 90288000   dfsc     dfsc.sys     Fri Jan 18 23:28:20 2008 (47918A74)
9028d000 90293380   HIDPARSE HIDPARSE.SYS Fri Jan 18 23:53:16 2008 (4791904C)
90294000 902a0000   vga      vga.sys      Fri Jan 18 23:52:06 2008 (47919006)
902a0000 902a8000   RDPCDD   RDPCDD.sys   Sat Jan 19 00:01:08 2008 (47919224)
902a8000 902b0000   rdpencdd rdpencdd.sys Sat Jan 19 00:01:09 2008 (47919225)
902b0000 902bb000   Msfs     Msfs.SYS     Fri Jan 18 23:28:08 2008 (47918A68)
902bb000 902c9000   Npfs     Npfs.SYS     Fri Jan 18 23:28:09 2008 (47918A69)
902c9000 902d2000   rasacd   rasacd.sys   Fri Jan 18 23:56:31 2008 (4791910F)
902d2000 902e8000   tdx      tdx.sys      Fri Jan 18 23:55:58 2008 (479190EE)
902e8000 902fc000   smb      smb.sys      Fri Jan 18 23:55:27 2008 (479190CF)
902fc000 90344000   afd      afd.sys      Fri Jan 18 23:57:00 2008 (4791912C)
90344000 90376000   netbt    netbt.sys    Fri Jan 18 23:55:33 2008 (479190D5)
90376000 9038c000   pacer    pacer.sys    Fri Jan 18 23:55:53 2008 (479190E9)
9038c000 9039a000   netbios  netbios.sys  Fri Jan 18 23:55:45 2008 (479190E1)
9039a000 903ad000   wanarp   wanarp.sys   Fri Jan 18 23:56:31 2008 (4791910F)
903ad000 903e9000   rdbss    rdbss.sys    Fri Jan 18 23:28:34 2008 (47918A82)
903e9000 903f3000   nsiproxy nsiproxy.sys Fri Jan 18 23:55:50 2008 (479190E6)
903f3000 90400000   crashdmp crashdmp.sys Fri Jan 18 23:49:43 2008 (47918F77)
91630000 91656000   RDPDD    RDPDD.dll    Sat Jan 19 00:01:34 2008 (4791923E)
916e0000 918e2000   win32k   win32k.sys   Tue Apr 21 06:54:54 2009 (49EDB40E)
918f0000 91907000   dxg      dxg.sys      Fri Jan 18 23:36:11 2008 (47918C4B)
91920000 91929000   TSDDD    TSDDD.dll    unavailable (00000000)
919a0000 919a8000   framebuf framebuf.dll unavailable (00000000)
919b0000 919fc000   ATMFD    ATMFD.DLL    Fri Jan 18 23:36:13 2008 (47918C4D)
95a0c000 95a27000   luafv    luafv.sys    Fri Jan 18 23:30:35 2008 (47918AFB)
95a27000 95a37000   lltdio   lltdio.sys   Fri Jan 18 23:55:03 2008 (479190B7)
95a37000 95a4a000   rspndr   rspndr.sys   Fri Jan 18 23:55:03 2008 (479190B7)
95a4a000 95a63000   bowser   bowser.sys   Fri Jan 18 23:28:26 2008 (47918A7A)
95a63000 95a78000   mpsdrv   mpsdrv.sys   Fri Jan 18 23:54:45 2008 (479190A5)
95a78000 95a97000   mrxsmb   mrxsmb.sys   Fri Jan 18 23:28:33 2008 (47918A81)
95a97000 95ad0000   mrxsmb10 mrxsmb10.sys Tue Aug 26 20:05:40 2008 (48B4A864)
95ad0000 95b7f000   spsys    spsys.sys    Thu Jun 21 19:33:02 2007 (467B18BE)
95b7f000 95b97000   mrxsmb20 mrxsmb20.sys Fri Jan 18 23:28:35 2008 (47918A83)
95b97000 95be3000   srv      srv.sys      Mon Dec 15 20:42:35 2008 (4947159B)
9700c000 97077000   HTTP     HTTP.sys     Fri Jan 18 23:55:21 2008 (479190C9)
97086000 97164000   peauth   peauth.sys   Mon Oct 23 03:55:32 2006 (453C8384)
97164000 9716e000   secdrv   secdrv.SYS   Wed Sep 13 08:18:32 2006 (45080528)
9716e000 9718b000   srvnet   srvnet.sys   Fri Jan 18 23:29:11 2008 (47918AA7)
9718b000 97192000   SSPORT   SSPORT.sys   Tue Nov 21 18:52:06 2006 (45639F36)
97192000 9719e000   tcpipreg tcpipreg.sys Fri Jan 18 23:56:07 2008 (479190F7)
9719e000 971c5000   srv2     srv2.sys     Fri Jan 18 23:29:14 2008 (47918AAA)
971c5000 971d0000   tdtcp    tdtcp.sys    Sat Jan 19 00:01:08 2008 (47919224)
971d0000 971dc000   tssecsrv tssecsrv.sys Sat Jan 19 00:01:15 2008 (4791922B)
98609000 9863c000   RDPWD    RDPWD.SYS    Sat Jan 19 00:01:16 2008 (4791922C)
9863c000 98652000   cdfs     cdfs.sys     Fri Jan 18 23:28:02 2008 (47918A62)
 
Unloaded modules:
97077000 97086000   DgiVecp.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
8c99d000 8c9aa000   crashdmp.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
8fc00000 8fcce000   dump_iaStor.
    Timestamp: unavailable (00000000)
    Checksum:  00000000
90284000 9028d000   kbdhid.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
90271000 90284000   i8042prt.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
805aa000 805c2000   sacdrv.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
start    end        module name
8fde7000 8fdf4080   1394BUS  1394BUS.SYS  Fri Jan 18 23:53:27 2008 (47919057)
81e0f000 81e55000   acpi     acpi.sys     Fri Jan 18 23:32:48 2008 (47918B80)
902fc000 90344000   afd      afd.sys      Fri Jan 18 23:57:00 2008 (4791912C)
81fe8000 81ff0000   atapi    atapi.sys    Fri Jan 18 23:49:40 2008 (47918F74)
805c2000 805e0000   ataport  ataport.SYS  Fri Jan 18 23:49:40 2008 (47918F74)
919b0000 919fc000   ATMFD    ATMFD.DLL    Fri Jan 18 23:36:13 2008 (47918C4D)
9026a000 90271000   Beep     Beep.SYS     Fri Jan 18 23:49:10 2008 (47918F56)
80481000 80489000   BOOTVID  BOOTVID.dll  Sat Jan 19 01:27:15 2008 (4791A653)
95a4a000 95a63000   bowser   bowser.sys   Fri Jan 18 23:28:26 2008 (47918A7A)
9863c000 98652000   cdfs     cdfs.sys     Fri Jan 18 23:28:02 2008 (47918A62)
8fd8c000 8fda4000   cdrom    cdrom.sys    Fri Jan 18 23:49:50 2008 (47918F7E)
804ca000 805aa000   CI       CI.dll       Sat Jan 19 01:31:08 2008 (4791A73C)
8c973000 8c994000   CLASSPNP CLASSPNP.SYS Fri Jan 18 23:49:36 2008 (47918F70)
80489000 804ca000   CLFS     CLFS.SYS     Fri Jan 18 23:28:01 2008 (47918A61)
903f3000 90400000   crashdmp crashdmp.sys Fri Jan 18 23:49:43 2008 (47918F77)
8c994000 8c99d000   crcdisk  crcdisk.sys  Fri Jan 18 23:50:29 2008 (47918FA5)
90271000 90288000   dfsc     dfsc.sys     Fri Jan 18 23:28:20 2008 (47918A74)
8c962000 8c973000   disk     disk.sys     Fri Jan 18 23:49:47 2008 (47918F7B)
90235000 9025a000   drmk     drmk.sys     Sat Jan 19 00:53:02 2008 (47919E4E)
8fc00000 8fcce000   dump_iaStor dump_iaStor.sys Tue Apr 15 19:07:31 2008 (48054343)
901d4000 901de000   Dxapi    Dxapi.sys    Fri Jan 18 23:36:12 2008 (47918C4C)
918f0000 91907000   dxg      dxg.sys      Fri Jan 18 23:36:11 2008 (47918C4B)
8c608000 8c63a000   fltmgr   fltmgr.sys   Fri Jan 18 23:28:10 2008 (47918A6A)
919a0000 919a8000   framebuf framebuf.dll unavailable (00000000)
9025a000 90263000   Fs_Rec   Fs_Rec.SYS   Fri Jan 18 23:27:57 2008 (47918A5D)
8c792000 8c7ad000   fwpkclnt fwpkclnt.sys Fri Jan 18 23:55:44 2008 (479190E0)
81bcb000 81bfe000   hal      halmacpi.dll Fri Jan 18 23:27:20 2008 (47918A38)
8fd7a000 8fd8c000   HDAudBus HDAudBus.sys Tue Nov 27 17:18:41 2007 (474CA5D1)
90195000 901d4000   HdAudio  HdAudio.sys  Wed Nov 01 20:43:11 2006 (45494D2F)
9028d000 90293380   HIDPARSE HIDPARSE.SYS Fri Jan 18 23:53:16 2008 (4791904C)
9700c000 97077000   HTTP     HTTP.sys     Fri Jan 18 23:55:21 2008 (479190C9)
81f1a000 81fe8000   iastor   iastor.sys   Tue Apr 15 19:07:31 2008 (48054343)
8fcd9000 8fce8000   intelppm intelppm.sys Fri Jan 18 23:27:20 2008 (47918A38)
900f7000 90102000   kbdclass kbdclass.sys Fri Jan 18 23:49:14 2008 (47918F5A)
80408000 80410000   kdcom    kdcom.dll    Sat Jan 19 01:31:53 2008 (4791A769)
9010f000 90139000   ks       ks.sys       Fri Jan 18 23:49:21 2008 (47918F61)
8c63a000 8c6ab000   ksecdd   ksecdd.sys   Fri Jan 18 23:41:20 2008 (47918D80)
95a27000 95a37000   lltdio   lltdio.sys   Fri Jan 18 23:55:03 2008 (479190B7)
95a0c000 95a27000   luafv    luafv.sys    Fri Jan 18 23:30:35 2008 (47918AFB)
80410000 80470000   mcupdate_GenuineIntel mcupdate_GenuineIntel.dll Sat Jan 19 01:29:43 2008 (4791A6E7)
901de000 901ed000   monitor  monitor.sys  Fri Jan 18 23:52:19 2008 (47919013)
90102000 9010d000   mouclass mouclass.sys Fri Jan 18 23:49:14 2008 (47918F5A)
81f0a000 81f1a000   mountmgr mountmgr.sys Fri Jan 18 23:49:13 2008 (47918F59)
95a63000 95a78000   mpsdrv   mpsdrv.sys   Fri Jan 18 23:54:45 2008 (479190A5)
95a78000 95a97000   mrxsmb   mrxsmb.sys   Fri Jan 18 23:28:33 2008 (47918A81)
95a97000 95ad0000   mrxsmb10 mrxsmb10.sys Tue Aug 26 20:05:40 2008 (48B4A864)
95b7f000 95b97000   mrxsmb20 mrxsmb20.sys Fri Jan 18 23:28:35 2008 (47918A83)
902b0000 902bb000   Msfs     Msfs.SYS     Fri Jan 18 23:28:08 2008 (47918A68)
81e5e000 81e66000   msisadrv msisadrv.sys Fri Jan 18 23:32:51 2008 (47918B83)
8c9c4000 8c9f2000   msiscsi  msiscsi.sys  Fri Jan 18 23:50:44 2008 (47918FB4)
80719000 80744000   msrpc    msrpc.sys    Fri Jan 18 23:48:15 2008 (47918F1F)
90139000 90143000   mssmbios mssmbios.sys Fri Jan 18 23:32:55 2008 (47918B87)
8c953000 8c962000   mup      mup.sys      Fri Jan 18 23:28:20 2008 (47918A74)
8060e000 80719000   NDIS     NDIS.SYS     Fri Jan 18 23:55:51 2008 (479190E7)
81ff0000 81ffb000   ndistapi ndistapi.sys Fri Jan 18 23:56:24 2008 (47919108)
90003000 90026000   ndiswan  ndiswan.sys  Fri Jan 18 23:56:32 2008 (47919110)
90184000 90195000   NDProxy  NDProxy.SYS  Fri Jan 18 23:56:28 2008 (4791910C)
9038c000 9039a000   netbios  netbios.sys  Fri Jan 18 23:55:45 2008 (479190E1)
90344000 90376000   netbt    netbt.sys    Fri Jan 18 23:55:33 2008 (479190D5)
80744000 8077e000   NETIO    NETIO.SYS    Fri Jan 18 23:56:19 2008 (47919103)
902bb000 902c9000   Npfs     Npfs.SYS     Fri Jan 18 23:28:09 2008 (47918A69)
903e9000 903f3000   nsiproxy nsiproxy.sys Fri Jan 18 23:55:50 2008 (479190E6)
81812000 81bcb000   nt       ntkrpamp.exe Mon Mar 02 20:02:28 2009 (49AC8FB4)
8c803000 8c912000   Ntfs     Ntfs.sys     Fri Jan 18 23:28:54 2008 (47918A96)
90263000 9026a000   Null     Null.SYS     Fri Jan 18 23:49:12 2008 (47918F58)
8fdd7000 8fde6200   ohci1394 ohci1394.sys Fri Jan 18 23:53:33 2008 (4791905D)
90376000 9038c000   pacer    pacer.sys    Fri Jan 18 23:55:53 2008 (479190E9)
81e8d000 81e9c000   partmgr  partmgr.sys  Fri Jan 18 23:49:54 2008 (47918F82)
81e66000 81e8d000   pci      pci.sys      Fri Jan 18 23:32:57 2008 (47918B89)
81ef5000 81efc000   pciide   pciide.sys   Fri Jan 18 23:49:42 2008 (47918F76)
81efc000 81f0a000   PCIIDEX  PCIIDEX.SYS  Fri Jan 18 23:49:40 2008 (47918F74)
97086000 97164000   peauth   peauth.sys   Mon Oct 23 03:55:32 2006 (453C8384)
90208000 90235000   portcls  portcls.sys  Fri Jan 18 23:53:17 2008 (4791904D)
80470000 80481000   PSHED    PSHED.dll    Sat Jan 19 01:31:21 2008 (4791A749)
902c9000 902d2000   rasacd   rasacd.sys   Fri Jan 18 23:56:31 2008 (4791910F)
805e0000 805f7000   rasl2tp  rasl2tp.sys  Fri Jan 18 23:56:33 2008 (47919111)
90026000 90035000   raspppoe raspppoe.sys Fri Jan 18 23:56:33 2008 (47919111)
90035000 90049000   raspptp  raspptp.sys  Fri Jan 18 23:56:34 2008 (47919112)
90049000 9005e000   rassstp  rassstp.sys  Fri Jan 18 23:56:43 2008 (4791911B)
903ad000 903e9000   rdbss    rdbss.sys    Fri Jan 18 23:28:34 2008 (47918A82)
902a0000 902a8000   RDPCDD   RDPCDD.sys   Sat Jan 19 00:01:08 2008 (47919224)
91630000 91656000   RDPDD    RDPDD.dll    Sat Jan 19 00:01:34 2008 (4791923E)
9005e000 900e7000   rdpdr    rdpdr.sys    Sat Jan 19 00:02:27 2008 (47919273)
902a8000 902b0000   rdpencdd rdpencdd.sys Sat Jan 19 00:01:09 2008 (47919225)
98609000 9863c000   RDPWD    RDPWD.SYS    Sat Jan 19 00:01:16 2008 (4791922C)
95a37000 95a4a000   rspndr   rspndr.sys   Fri Jan 18 23:55:03 2008 (479190B7)
97164000 9716e000   secdrv   secdrv.SYS   Wed Sep 13 08:18:32 2006 (45080528)
8fdf5000 8fdff000   serenum  serenum.sys  Fri Jan 18 23:49:29 2008 (47918F69)
8c9aa000 8c9c4000   serial   serial.sys   Fri Jan 18 23:49:34 2008 (47918F6E)
902e8000 902fc000   smb      smb.sys      Fri Jan 18 23:55:27 2008 (479190CF)
8c94b000 8c953000   spldr    spldr.sys    Thu Jun 21 19:29:17 2007 (467B17DD)
95ad0000 95b7f000   spsys    spsys.sys    Thu Jun 21 19:33:02 2007 (467B18BE)
95b97000 95be3000   srv      srv.sys      Mon Dec 15 20:42:35 2008 (4947159B)
9719e000 971c5000   srv2     srv2.sys     Fri Jan 18 23:29:14 2008 (47918AAA)
9716e000 9718b000   srvnet   srvnet.sys   Fri Jan 18 23:29:11 2008 (47918AA7)
9718b000 97192000   SSPORT   SSPORT.sys   Tue Nov 21 18:52:06 2006 (45639F36)
8c7ad000 8c7b4e00   storflt  storflt.sys  Sat Nov 17 20:29:44 2007 (473FA398)
8c7b5000 8c7f6000   storport storport.sys Fri Jan 18 23:49:49 2008 (47918F7D)
9010d000 9010e380   swenum   swenum.sys   Fri Jan 18 23:49:20 2008 (47918F60)
8c6ab000 8c792000   tcpip    tcpip.sys    Fri Jan 18 23:56:48 2008 (47919120)
97192000 9719e000   tcpipreg tcpipreg.sys Fri Jan 18 23:56:07 2008 (479190F7)
8c9f2000 8c9fd000   TDI      TDI.SYS      Fri Jan 18 23:57:10 2008 (47919136)
971c5000 971d0000   tdtcp    tdtcp.sys    Sat Jan 19 00:01:08 2008 (47919224)
902d2000 902e8000   tdx      tdx.sys      Fri Jan 18 23:55:58 2008 (479190EE)
900e7000 900f7000   termdd   termdd.sys   Sat Jan 19 00:01:06 2008 (47919222)
91920000 91929000   TSDDD    TSDDD.dll    unavailable (00000000)
971d0000 971dc000   tssecsrv tssecsrv.sys Sat Jan 19 00:01:15 2008 (4791922B)
8fcce000 8fcd9000   tunnel   tunnel.sys   Fri Jan 18 23:55:50 2008 (479190E6)
90143000 90150000   umbus    umbus.sys    Fri Jan 18 23:53:40 2008 (47919064)
8fd6b000 8fd7a000   usbehci  usbehci.sys  Fri Jan 18 23:53:21 2008 (47919051)
90150000 90184000   usbhub   usbhub.sys   Fri Jan 18 23:53:40 2008 (47919064)
8fd2d000 8fd6b000   USBPORT  USBPORT.SYS  Fri Jan 18 23:53:23 2008 (47919053)
8fd22000 8fd2d000   usbuhci  usbuhci.sys  Fri Jan 18 23:53:20 2008 (47919050)
90294000 902a0000   vga      vga.sys      Fri Jan 18 23:52:06 2008 (47919006)
8fce8000 8fcf4000   vgapnp   vgapnp.sys   Fri Jan 18 23:52:06 2008 (47919006)
8fcf4000 8fd15000   VIDEOPRT VIDEOPRT.SYS Fri Jan 18 23:52:10 2008 (4791900A)
81e9c000 81eab000   volmgr   volmgr.sys   Fri Jan 18 23:49:51 2008 (47918F7F)
81eab000 81ef5000   volmgrx  volmgrx.sys  Fri Jan 18 23:50:00 2008 (47918F88)
8c912000 8c94b000   volsnap  volsnap.sys  Fri Jan 18 23:50:10 2008 (47918F92)
9039a000 903ad000   wanarp   wanarp.sys   Fri Jan 18 23:56:31 2008 (4791910F)
8fd15000 8fd22000   watchdog watchdog.sys Fri Jan 18 23:35:29 2008 (47918C21)
8077e000 807fa000   Wdf01000 Wdf01000.sys Fri Jan 18 23:52:21 2008 (47919015)
80600000 8060d000   WDFLDR   WDFLDR.SYS   Fri Jan 18 23:52:19 2008 (47919013)
916e0000 918e2000   win32k   win32k.sys   Tue Apr 21 06:54:54 2009 (49EDB40E)
81e55000 81e5e000   WMILIB   WMILIB.SYS   Fri Jan 18 23:53:08 2008 (47919044)
8fda4000 8fdd7000   yk60x86  yk60x86.sys  Mon Oct 02 02:05:41 2006 (4520BA45)
 
Unloaded modules:
97077000 97086000   DgiVecp.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
8c99d000 8c9aa000   crashdmp.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
8fc00000 8fcce000   dump_iaStor.
    Timestamp: unavailable (00000000)
    Checksum:  00000000
90284000 9028d000   kbdhid.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
90271000 90284000   i8042prt.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
805aa000 805c2000   sacdrv.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
Bugcheck code 1000008E
Arguments c0000005 81864343 97f68840 00000000

Open in new window

Author

Commented:
jcgriff2? You with me here?
YES !  I am here.
Hi -
My apologies for not being on earlier.   The > 110 F temps here in the Southern California desert wreaked some havoc today.   I can't wait to get back home to New Jersey!
Are you using Ethernet?  Your Marvel Yukon Ethernet driver is very old and while I have no evidence pointing to it as a contributor to the BSODs, it certainly is not helping matters.
yk60x86.sys  Mon Oct 02 02:05:41 2006 (4520BA45)

Thank you for the added dump output - there may be a lead other than Marvel Yukon in it.
STACK_TEXT:  
97f688b8 97f68914 fe424fda ffffffff 91633634 nt!RtlInitUnicodeString+0x1b
WARNING: Frame IP not in any known module. Following frames may be wrong.
97f68924 9181f18b 040104fa 00000006 00000002 0x97f68914
97f68a0c 9182ecdd 040104fa 00000006 00000002 win32k+0x13f18b
97f68abc 91804739 040104fa 0110007e 97f68b04 win32k+0x14ecdd
97f68b2c 918055bf 040104fa fe40c578 00c8d0d4 win32k+0x124739
97f68b98 9181f6f1 040104fa 00000000 fe40fa68 win32k+0x1255bf
97f68bf0 9176d29f 00000017 040104fa 00000004 win32k+0x13f6f1
97f68c38 9178c215 fe40fa68 040104fa 00000001 win32k+0x8d29f
97f68cb4 9178d85d fe40fa68 00000085 01040450 win32k+0xac215
97f68ccc 917667ad fe40fa68 00000085 01040450 win32k+0xad85d
97f68ce8 9178d814 fe40fa68 00000085 01040450 win32k+0x867ad
97f68d20 81869a1a 0001013c 00000085 01040450 win32k+0xad814
97f68d20 77939a94 0001013c 00000085 01040450 nt!KiFastCallEntry+0x12a
0012af3c 00000000 00000000 00000000 00000000 0x77939a94
   
 That one line in BOLD may hold a key.  It has an unresolved memory address on it that may be the actual faulting 3rd party driver (no symbols for them).  win32k.sys took the hit here simply because it is was next in the logical order of succession - downward.
Please run the driver verifier.  Let it run -- we are hoping for a BSOD. Be sure to create a restore point per the instructions -  http://www.techsupportforum.com/2110308-post3.html   Include the MS driver storflt.sys in the selection of drivers for the driver verifier (see next as to th e reason).
Also, there was a hotfix  in mid 2008 for the MS driver storflt.sys.  Your storflt.sys has a timestamp =  Sat Nov 17 20:29:44 2007, which does pre-date the hot-fix as well as predating SP1 (it may not have been updated for SP1, but it is odd, not unheard of, to see a Nov 17 2007 date on it). Please see the accepted answer post by MSDN's Vincent Hu - (almost at end of thread) -
QUOTE = Vincent Hu, MSDN -   ".. storflt.sys is used by guest system to access the disk while on parent/host machine it is not used .."
http://social.technet.microsoft.com/Forums/en-US/winserverhyperv/thread/22fa0843-ae35-41fe-9756-397bdaaeea81
I am unsure if the above applies to you, but I did notice that the only MS drivers updated in the loaded driver listing were win32k & NT.  Are all of your Windows Updates in?  I do see that SP2 is not installed.   Any particular reason?  Did you have problems with SP2?
So... please update the Ethernet driver (before d/v), run the Driver Verifier (D/V) and please check on Windows Updates - you can click on this link to check - update.microsoft.com
 Please do the above 1st, when time permits, then do the following items below.  The dumps and msinfo32 I am requesting below may be unnecessary - depending on the D/V's outcome.
Regards. . .
jcgriff2
__________________________
           (HOLD OFF ON THIS UNTIL D/V RUNS. ..)
Are there other dumps?  If so, I would like to get them + the current one.  Also, I would like an msinfo32 NFO file.  Please copy all of the dumps out of \windows\minidump and run msinfo32 -
START | msinfo32 | save in default NFO format (default file ext = NFO)
Zip them up and attach to post.  If you encounter problems with attaching the zip, please let me know or use the email in my profile.  I will then post the results here in forum.
 
Link for Win Updt in my post did not take. Here is the link  - http://update.microsoft.com/microsoftupdate/v6/vistadefault.aspx?ln=en-us

Author

Commented:
Thanks for the continued help. Hope you're staying cool.

I am  using ethernet.

I'm using all canned Windows drivers because it's a home-built server, and when I installed the Vista driver for my video card it killed my display. This is my first experience with 2008, and I wasn't sure if the drivers would all be the same, but everything seemed to work with the default Windows drivers so I left them alone.

I hadn't installed SP2 because Windows Update didn't suggest it. I have applied all other hotfixes that WU suggested other than IE8. Do you think I should download and install SP2 before I try these other things?

thanks

Author

Commented:
Ok, I decided to install SP2 (as well as updating the ethernet driver), since I can only do it at night.

I started DV, though storfit.sys wasn't an option (I also checked not currently loaded drivers--not there). Maybe SP2 replaced/deleted it?

I also wasn't able to create a restore point since it's Server 2008.

I'll post if there are any BSODs. Please let me know if there's anything else I should do at this point.

thanks

Author

Commented:
60 hours and no blue screens so far...perhaps the ethernet driver or SP2 solved my problem (knock on wood). I'll continue to monitor it a few days.

Author

Commented:
I've had 2 reboots in the last 24 hours, and there haven't been any new .dmp files added to c:\\windows\minidump. Any idea why? I did a search for .dmp and the newest file is 8/3.
Hi -
Look for the file c:\windows\memory.dmp - it may be there from prior BSODs, but would be over-written each BSOD.  It is a full kernel dump and would be rather large - > 350 MB.Are your system crash settings set to minidump or full kernel?  Usually the latter produces both a full kernel + mini kernel.  
In my opinion, the Ethernet driver because of age would have been a contributing factor.  Using canned MS programs is not a problem; I usually do.  I was concerned about the MS driver ages, but SP2 would certainly take care of that issue.
Some 3rd party apps take over the crash dump process and produce their own dumps and Server would have produced none.  Do a system wide search for *.hdump *.kdump  or just *dmp*.* & see what appears.
RE: storflt.sys - here is aMS KB on it  - http://support.microsoft.com/kb/971527
Check wercon.exe, eventvwr.msc  and perfmon /rel  for additional info on the unknown restarts.  You should be able to get the approx time within a few minutes looking in the event viewer for "The system shutdown at xxxx was unexpected" xxxx= date/ time
And thank you --- I am keeping indoors & cool today.  Only 106 F out.
Regards. . .
jcgriff2

Author

Commented:
I haven't had any reboots since the 8/8, and there are no records of a blue screen happening since 8/3 (before SP2 and driver updates). I'm thinking maybe there was a power outage that caused the last reboots. I'll keep monitoring it.

Author

Commented:
I'm closing this question as I have had no more issues. Apparently it was either the ethernet driver or SP2 that was the solution. Thanks for your help jcgriff2!
Thank you... I was glad to be of help.  Apologies for late replies.  I am still finding my way around here.