Jump to content

winxp auto reboot/logout?

sirpelidor

By sirpelidor
in Windows XP

 Share

Recommended Posts

sirpelidor

sirpelidor

Posted
Posted

hi there,

this happens to me quite a few times at work that, my xp auto reboot after idle for a while.

the first time when it happened, i thought it must be window update crap, but after this happens few more time, I got a bad feeling my box has been hacked?

How to tell when and what caused the last restart?

I tried look at Event Viewr (applcation, security, system) so far I can't find anything useful :(

thanks!

Link to comment
Share on other sites

sirpelidor

sirpelidor

Posted
  • Author
Posted

aahh after take a look at the EventViewer - System section very carefully, i found the following msg:

The computer has rebooted from a bugcheck. The bugcheck was: 0x1000000a (0x80000011, 0x0000001c, 0x00000000, 0x804fc495). A dump was saved in: C:\WINDOWS\Minidump\Mini072108-02.dmp.

Now that I found the dmp file, I noticed its nothing but a brunch of monster characters. What program can analysis the dmp file?

Thank you!

Link to comment
Share on other sites
sirpelidor

sirpelidor

Posted
  • Author
Posted (edited)

i was able to view the dump file, but lack of window knowledge, I have no idea what I was really look at :(

all i issued was: dumpchk.exe myFile.dmp

and i got these (basically its complaining i don't have the correct symbols, but I don't see any symbol files from the dump directory)

anyone know how to read this? Thank you


#########################################################################################

Microsoft ® Windows Debugger Version 6.9.0003.113 X86
Copyright © Microsoft Corporation. All rights reserved.


Loading Dump File [c:\WINDOWS\Minidump\Mini072108-02.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path.           *
* Use .symfix to have the debugger choose a symbol path.                   *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is: 
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
*                                                                   *
* The Symbol Path can be set by:                                    *
*   using the _NT_SYMBOL_PATH environment variable.                 *
*   using the -y <symbol_path> argument when starting the debugger. *
*   using .sympath and .sympath+                                    *
*********************************************************************
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055c700
Debug session time: Mon Jul 21 17:51:19.390 2008 (GMT-5)
System Uptime: 0 days 3:03:05.609
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
*                                                                   *
* The Symbol Path can be set by:                                    *
*   using the _NT_SYMBOL_PATH environment variable.                 *
*   using the -y <symbol_path> argument when starting the debugger. *
*   using .sympath and .sympath+                                    *
*********************************************************************
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Loading Kernel Symbols
....................................................................................................
....................................................................................................
.
.....................
Loading User Symbols
Loading unloaded module list
.................
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000000A, {80000011, 1c, 0, 804fc495}

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!KPRCB                                      ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!KPRCB                                      ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
*                                                                   *
* The Symbol Path can be set by:                                    *
*   using the _NT_SYMBOL_PATH environment variable.                 *
*   using the -y <symbol_path> argument when starting the debugger. *
*   using .sympath and .sympath+                                    *
*********************************************************************
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
*                                                                   *
* The Symbol Path can be set by:                                    *
*   using the _NT_SYMBOL_PATH environment variable.                 *
*   using the -y <symbol_path> argument when starting the debugger. *
*   using .sympath and .sympath+                                    *
*********************************************************************
Probably caused by : ntoskrnl.exe ( nt+25495 )

Followup: MachineOwner
---------

----- 32 bit Kernel Mini Dump Analysis

DUMP_HEADER32:
MajorVersion        0000000f
MinorVersion        00000a28
KdSecondaryVersion  00000000
DirectoryTableBase  0ae40820
PfnDataBase         819c6000
PsLoadedModuleList  8055c700
PsActiveProcessHead 80562818
MachineImageType    0000014c
NumberProcessors    00000002
BugCheckCode        1000000a
BugCheckParameter1  80000011
BugCheckParameter2  0000001c
BugCheckParameter3  00000000
BugCheckParameter4  804fc495
PaeEnabled          00000001
KdDebuggerDataBlock 8054c2e0
SecondaryDataState  00000000
ProductType         00000001
SuiteMask           00000110
MiniDumpFields      00000dff 

TRIAGE_DUMP32:
ServicePackBuild      00000200 
SizeOfDump            00010000 
ValidOffset           0000fffc 
ContextOffset         00000320 
ExceptionOffset       000007d0 
MmOffset              00001068 
UnloadedDriversOffset 000010a0 
PrcbOffset            00001878 
ProcessOffset         000024c8 
ThreadOffset          00002728 
CallStackOffset       00002980 
SizeOfCallStack       0000049c 
DriverListOffset      000030b0 
DriverCount           000000df 
StringPoolOffset      000072e8 
StringPoolSize        00001f68 
BrokenDriverOffset    00000000 
TriageOptions         00000041 
TopOfStack            a676db64 
DebuggerDataOffset    00002e20 
DebuggerDataSize      00000290 
DataBlocksOffset      00009250 
DataBlocksCount       00000005 
  804fc000 - 804fcfff at offset 000092a0
  87dab000 - 87dabfff at offset 0000a2a0
  880ae000 - 880aefff at offset 0000b2a0
  ba398000 - ba398fff at offset 0000c2a0
  80552000 - 80552fff at offset 0000d2a0
  Max offset e2a0, 7d60 from end of file


Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055c700
Debug session time: Mon Jul 21 17:51:19.390 2008 (GMT-5)
System Uptime: 0 days 3:03:05.609
start    end        module name
804d7000 806e2000   nt        Wed Feb 28 03:15:54 2007 (45E5484A)
806e2000 80702d00   hal       Mon Oct 30 06:27:29 2006 (4545E1A1)
a6633000 a665d180   kmixer    Wed Jun 14 03:47:45 2006 (448FCD31)
a73b5000 a73f5280   HTTP      Thu Mar 16 19:33:09 2006 (441A03C5)
a7456000 a7465900   Cdfs      Wed Aug 04 01:14:09 2004 (41107EB1)
a7654000 a7668400   wdmaud    Wed Jun 14 04:00:44 2006 (448FD03C)
a77e2000 a77f6520   naveng    Tue May 06 12:46:44 2008 (48209984)
a77f7000 a78c66e0   navex15   Tue May 06 12:45:51 2008 (4820994F)
a7aef000 a7afdd80   sysaudio  Wed Aug 04 01:15:54 2004 (41107F1A)
a7d07000 a7d09d00   vstor2    Thu Dec 15 22:28:34 2005 (43A24272)
a7dd7000 a7ddad00   vmnetuserif  Thu Dec 15 22:21:18 2005 (43A240BE)
a7e17000 a7e68480   srv       Mon Aug 14 05:34:39 2006 (44E051BF)
a7f59000 a7fdb000   CVPNDRVA  Fri Jan 07 13:14:28 2005 (41DEDF94)
a7fdb000 a7fde100   mdmxsdk   Wed Oct 05 18:58:05 2005 (4344688D)
a80a3000 a80ba280   vmx86     Thu Dec 15 21:57:08 2005 (43A23B14)
a80bb000 a80e6d80   mrxdav    Tue Dec 18 03:51:33 2007 (47679825)
a81af000 a81b9000   hcmon     Thu Dec 15 22:20:04 2005 (43A24074)
a8563000 a8565600   wg6n      Wed Jan 10 03:43:54 2007 (45A4B55A)
a8567000 a8569600   wg5n      Wed Jan 10 03:43:53 2007 (45A4B559)
a856b000 a856d600   wg4n      Wed Jan 10 03:43:51 2007 (45A4B557)
a864b000 a864e080   s24trans  Tue May 29 17:29:28 2007 (465CA948)
a8653000 a8656280   ndisuio   Wed Aug 04 01:03:10 2004 (41107C1E)
a865f000 a86778c0   tfsnudfa  Mon Mar 15 14:05:45 2004 (4055FE89)
a8678000 a86900e0   tfsnudf   Mon Mar 15 14:05:02 2004 (4055FE5E)
a86a9000 a86ab600   wg3n      Wed Jan 10 03:43:50 2007 (45A4B556)
a86b9000 a86cdfa0   tfsnifs   Mon Mar 15 14:04:55 2004 (4055FE57)
a87da000 a87dd760   tfsnopio  Mon Mar 15 14:05:24 2004 (4055FE74)
a880e000 a8825480   dump_atapi  Wed Aug 04 00:59:41 2004 (41107B4D)
a8826000 a8844000   EraserUtilRebootDrv  Thu Jan 17 20:44:27 2008 (4790128B)
a8844000 a88a4000   eeCtrl    Thu Jan 17 20:44:27 2008 (4790128B)
a88a4000 a8912a80   mrxsmb    Tue Jun 20 03:50:24 2006 (4497B6D0)
a8913000 a893da00   rdbss     Fri May 05 04:47:55 2006 (445B1F4B)
a893e000 a8961000   Fastfat   Wed Aug 04 01:14:15 2004 (41107EB7)
a89a1000 a89a97e0   tfsncofs  Mon Mar 15 14:05:17 2004 (4055FE6D)
a89c1000 a89ca560   drvnddm   Fri Feb 27 14:22:34 2004 (403FA70A)
a8a01000 a8a22c80   afd       Fri Jun 20 05:44:37 2008 (485B8A15)
a8a23000 a8a4ac00   netbt     Wed Aug 04 01:14:36 2004 (41107ECC)
a8a73000 a8a93f00   ipnat     Wed Sep 29 17:28:36 2004 (415B3714)
a8a94000 a8aebf80   tcpip     Fri Jun 20 05:45:10 2008 (485B8A36)
a8aec000 a8afe400   ipsec     Wed Aug 04 01:14:27 2004 (41107EC3)
a8b37000 a8b3e000   VMparport  Thu Dec 15 22:18:24 2005 (43A24010)
a8b57000 a8b5b500   watchdog  Wed Aug 04 01:07:32 2004 (41107D24)
a8b87000 a8b89900   Dxapi     Fri Aug 17 15:53:19 2001 (3B7D843F)
a8c7c000 a8c90000   Savrtpel  Wed Sep 06 16:26:26 2006 (44FF3D02)
a8c90000 a8cb2000   SYMEVENT  Tue Nov 07 21:38:37 2006 (4551513D)
a8cb2000 a8d0a000   savrt     Wed Sep 06 16:26:23 2006 (44FF3CFF)
a8d0a000 a8d0c180   VCdRom    Wed Dec 19 13:44:58 2001 (3C20EE3A)
a8d0e000 a8d11d80   aw_host5  Thu Oct 23 09:32:19 2003 (3F97E673)
a8d2e000 a8d31900   SMCLIB    Fri Aug 17 15:50:56 2001 (3B7D83B0)
a8d32000 a8de8000   HSX_CNXT  Thu Dec 01 19:40:05 2005 (438FA5F5)
a8de8000 a8edf000   HSX_DPV   Thu Dec 01 19:40:52 2005 (438FA624)
a8edf000 a8f19000   HSXHWAZL  Thu Dec 01 19:40:10 2005 (438FA5FA)
a8f19000 a8f3a700   portcls   Tue Mar 16 13:58:17 2004 (40574E49)
a8f3b000 a9058940   sthda     Thu May 10 11:00:01 2007 (46434181)
b9121000 b9123820   awlegacy  Mon Nov 17 17:06:47 2003 (3FB95487)
b9125000 b9127a60   dsload    Fri Oct 21 19:50:18 2005 (43598CCA)
b9131000 b9134a00   kbdhid    Wed Aug 04 00:58:33 2004 (41107B09)
b9135000 b9137f80   mouhid    Fri Aug 17 15:47:57 2001 (3B7D82FD)
b913d000 b9140c00   mxopswd   Wed Apr 06 17:05:23 2005 (42545D23)
b9141000 b9199e80   update    Mon Apr 23 05:32:54 2007 (462C8B56)
b920a000 b9212880   Fips      Fri Aug 17 20:31:49 2001 (3B7DC585)
b923a000 b926a100   rdpdr     Wed Aug 04 01:01:10 2004 (41107BA6)
b926b000 b927be00   psched    Wed Aug 04 01:04:16 2004 (41107C60)
b927c000 b9292680   ndiswan   Wed Aug 04 01:14:30 2004 (41107EC6)
b9293000 b92ad160   dne2000   Thu Jul 24 21:55:48 2003 (3F209C34)
b92ae000 b92d0680   ks        Wed Aug 04 01:15:20 2004 (41107EF8)
b92d1000 b92e4900   parport   Wed Aug 04 00:59:04 2004 (41107B28)
b92e9000 b92ecf00   APPDRV    Wed Jun 30 10:39:34 2004 (40E2DEB6)
b930d000 b9327f40   Apfiltr   Wed Sep 28 06:57:18 2005 (433A851E)
b9328000 b934ae80   USBPORT   Wed Aug 04 01:08:34 2004 (41107D62)
b934b000 b9374000   b57xp32   Thu Mar 09 19:20:08 2006 (4410D448)
b9374000 b958fe80   NETw4x32  Wed Aug 08 10:17:50 2007 (46B9DE9E)
b9590000 b95b5000   HDAudBus  Fri Jan 07 19:07:15 2005 (41DF3243)
b95b5000 b95c8780   VIDEOPRT  Wed Aug 04 01:07:04 2004 (41107D08)
b95c9000 b9b39be0   igxpmp32  Fri Mar 30 16:34:13 2007 (460D8255)
b9b3a000 b9b46000   usbccid   Fri May 13 19:27:55 2005 (4285460B)
b9b5a000 b9b62060   dsgrab_01c8338d47757246  Fri Oct 21 19:50:32 2005 (43598CD8)
b9b7a000 b9b82d80   HIDCLASS  Wed Aug 04 01:08:18 2004 (41107D52)
b9b9a000 b9ba2ae0   CdpPacket  Thu Jan 24 20:35:23 2008 (47994AEB)
b9bca000 b9bd8100   usbhub    Wed Aug 04 01:08:40 2004 (41107D68)
b9be2000 b9be4800   VMNET     Thu Dec 16 02:13:19 2004 (41C1439F)
b9be6000 b9be8580   vmnetadapter  Thu Dec 16 02:13:25 2004 (41C143A5)
b9bee000 b9bf1c80   mssmbios  Wed Aug 04 01:07:47 2004 (41107D33)
b9bf2000 b9bf4580   hidusb    Fri Aug 17 16:02:16 2001 (3B7D8658)
b9c1f000 b9c21580   ndistapi  Fri Aug 17 15:55:29 2001 (3B7D84C1)
b9c33000 b9c35500   GEARAspiWDM  Tue Jan 29 11:00:57 2008 (479F5BC9)
b9c5b000 b9c75580   Mup       Wed Aug 04 01:15:20 2004 (41107EF8)
b9c76000 b9c8e200   Teefer    Wed Jan 10 03:32:24 2007 (45A4B2A8)
b9c8f000 b9cbba80   NDIS      Wed Aug 04 01:14:27 2004 (41107EC3)
b9cbc000 b9d48400   Ntfs      Fri Feb 09 05:10:31 2007 (45CC56A7)
b9d49000 b9d5bf00   WudfPf    Thu Sep 28 20:55:43 2006 (451C7D1F)
b9d5c000 b9d72780   KSecDD    Wed Aug 04 00:59:45 2004 (41107B51)
b9d73000 b9d87840   drvmcdb   Fri Feb 13 20:49:21 2004 (402D8CB1)
b9d88000 b9d99f00   sr        Wed Aug 04 01:06:22 2004 (41107CDE)
b9d9a000 b9db9780   fltmgr    Mon Aug 21 04:14:57 2006 (44E97991)
b9dba000 b9de5d80   dac2w2k   Fri Aug 17 15:52:13 2001 (3B7D83FD)
b9de6000 b9dfee00   adpu160m  Wed May 30 04:18:22 2001 (3B14BADE)
b9dff000 b9e16480   atapi     Wed Aug 04 00:59:41 2004 (41107B4D)
b9e17000 b9eec700   iaStor    Wed Oct 12 14:07:10 2005 (434D5EDE)
b9eed000 b9f04800   SCSIPORT  Wed Aug 04 00:59:39 2004 (41107B4B)
b9f05000 b9f2a700   dmio      Wed Aug 04 01:07:13 2004 (41107D11)
b9f2b000 b9f49880   ftdisk    Fri Aug 17 15:52:41 2001 (3B7D8419)
b9f4a000 b9f67480   pcmcia    Wed Aug 04 01:07:45 2004 (41107D31)
b9f68000 b9f78a80   pci       Wed Aug 04 01:07:45 2004 (41107D31)
b9f79000 b9fa6d80   ACPI      Wed Aug 04 01:07:35 2004 (41107D27)
ba0a8000 ba0b0c00   isapnp    Fri Aug 17 15:58:01 2001 (3B7D8559)
ba0b8000 ba0c2500   MountMgr  Wed Aug 04 00:58:29 2004 (41107B05)
ba0c8000 ba0d4c80   VolSnap   Wed Aug 04 01:00:14 2004 (41107B6E)
ba0d8000 ba0e5e80   aic78xx   Thu May 10 15:23:40 2001 (3AFAF8CC)
ba0e8000 ba0f0180   ql10wnt   Fri Aug 17 15:52:14 2001 (3B7D83FE)
ba0f8000 ba101e00   ql1240    Fri Aug 17 15:52:14 2001 (3B7D83FE)
ba108000 ba115780   aic78u2   Thu May 10 15:23:41 2001 (3AFAF8CD)
ba118000 ba120f80   ultra     Fri Aug 17 15:52:19 2001 (3B7D8403)
ba128000 ba131d80   ql1080    Fri Aug 17 15:52:18 2001 (3B7D8402)
ba138000 ba143f80   ql1280    Fri Aug 17 15:52:16 2001 (3B7D8400)
ba148000 ba153100   ql12160   Fri Aug 17 15:52:18 2001 (3B7D8402)
ba158000 ba160e00   disk      Wed Aug 04 00:59:53 2004 (41107B59)
ba168000 ba174200   CLASSPNP  Wed Aug 04 01:14:26 2004 (41107EC2)
ba178000 ba182500   viaagp    Wed Aug 04 01:07:42 2004 (41107D2E)
ba188000 ba192080   sisagp    Wed Aug 04 01:07:42 2004 (41107D2E)
ba198000 ba1a2700   alim1541  Wed Aug 04 01:07:40 2004 (41107D2C)
ba1a8000 ba1b2800   amdagp    Wed Aug 04 01:07:42 2004 (41107D2E)
ba1b8000 ba1c2580   agp440    Wed Aug 04 01:07:40 2004 (41107D2C)
ba1c8000 ba1d2f80   agpCPQ    Wed Aug 04 01:07:42 2004 (41107D2E)
ba1e8000 ba1f0700   wanarp    Wed Aug 04 01:04:57 2004 (41107C89)
ba1f8000 ba200700   netbios   Wed Aug 04 01:03:19 2004 (41107C27)
ba208000 ba210d00   intelppm  Wed Aug 04 00:59:19 2004 (41107B37)
ba218000 ba224e00   i8042prt  Wed Aug 04 01:14:36 2004 (41107ECC)
ba228000 ba237d80   serial    Wed Aug 04 01:15:51 2004 (41107F17)
ba238000 ba242380   imapi     Wed Aug 04 01:00:12 2004 (41107B6C)
ba248000 ba254180   cdrom     Wed Aug 04 00:59:52 2004 (41107B58)
ba258000 ba266080   redbook   Wed Aug 04 00:59:34 2004 (41107B46)
ba278000 ba284880   rasl2tp   Wed Aug 04 01:14:21 2004 (41107EBD)
ba288000 ba292200   raspppoe  Wed Aug 04 01:05:06 2004 (41107C92)
ba298000 ba2a3d00   raspptp   Wed Aug 04 01:14:26 2004 (41107EC2)
ba2a8000 ba2b0900   msgpc     Wed Aug 04 01:04:11 2004 (41107C5B)
ba2b8000 ba2c1f00   termdd    Wed Aug 04 00:58:52 2004 (41107B1C)
ba2c8000 ba2d1480   NDProxy   Fri Aug 17 15:55:30 2001 (3B7D84C2)
ba2f8000 ba306b80   drmk      Wed Aug 04 01:07:54 2004 (41107D3A)
ba328000 ba32e200   PCIIDEX   Wed Aug 04 00:59:40 2004 (41107B4C)
ba330000 ba334900   PartMgr   Fri Aug 17 20:32:23 2001 (3B7DC5A7)
ba338000 ba33ca80   sparrow   Fri Dec 08 11:40:58 2000 (3A311D2A)
ba340000 ba346780   asc       Fri Aug 17 15:51:58 2001 (3B7D83EE)
ba348000 ba34c380   mraid35x  Fri Aug 17 15:52:11 2001 (3B7D83FB)
ba350000 ba354880   i2omp     Wed Aug 04 01:00:49 2004 (41107B91)
ba358000 ba35ff80   symc8xx   Fri Dec 08 11:40:59 2000 (3A311D2B)
ba360000 ba366ee0   sym_hi    Tue Mar 20 00:51:22 2001 (3AB6EFDA)
ba368000 ba36f7e0   sym_u3    Tue Mar 20 00:36:17 2001 (3AB6EC51)
ba370000 ba375c00   ABP480N5  Fri Aug 17 15:51:59 2001 (3B7D83EF)
ba378000 ba37d780   asc3350p  Fri Aug 17 15:52:01 2001 (3B7D83F1)
ba380000 ba384ee0   dpti2o    Tue Mar 20 14:07:16 2001 (3AB7AA64)
ba388000 ba38eaa0   perc2     Mon Apr 23 05:51:37 2001 (3AE40939)
ba390000 ba396560   hpn       Mon Apr 23 05:51:37 2001 (3AE40939)
ba3a0000 ba3a5000   WGX       Wed Jan 10 03:29:39 2007 (45A4B203)
ba3c0000 ba3c6780   USBSTOR   Wed Aug 04 01:08:44 2004 (41107D6C)
ba3d0000 ba3d6180   HIDPARSE  Wed Aug 04 01:08:15 2004 (41107D4F)
ba3e0000 ba3e5a80   ssrtln    Wed Jan 14 21:18:02 2004 (4006066A)
ba3e8000 ba3ee420   tfsnboio  Mon Mar 15 14:05:04 2004 (4055FE60)
ba3f8000 ba3fd200   vga       Wed Aug 04 01:07:06 2004 (41107D0A)
ba400000 ba405000   usbuhci   Wed Aug 04 01:08:34 2004 (41107D62)
ba408000 ba40e800   usbehci   Wed Aug 04 01:08:34 2004 (41107D62)
ba410000 ba415a00   mouclass  Wed Aug 04 00:58:32 2004 (41107B08)
ba418000 ba41e000   kbdclass  Wed Aug 04 00:58:32 2004 (41107B08)
ba420000 ba424a80   Msfs      Wed Aug 04 01:00:37 2004 (41107B85)
ba428000 ba42f880   Npfs      Wed Aug 04 01:00:38 2004 (41107B86)
ba448000 ba44c680   wpsdrvnt  Wed Jan 10 03:41:16 2007 (45A4B4BC)
ba450000 ba454880   TDI       Wed Aug 04 01:07:47 2004 (41107D33)
ba460000 ba464580   ptilink   Fri Aug 17 15:49:53 2001 (3B7D8371)
ba470000 ba474080   raspti    Fri Aug 17 15:55:32 2001 (3B7D84C4)
ba480000 ba484b80   AegisP    Mon Mar 26 13:37:21 2007 (460812E1)
ba488000 ba48f580   Modem     Wed Aug 04 01:08:04 2004 (41107D44)
ba4a0000 ba4a5b80   vmnetbridge  Thu Dec 15 22:21:23 2005 (43A240C3)
ba4b8000 ba4bb000   BOOTVID   Fri Aug 17 15:49:09 2001 (3B7D8345)
ba4bc000 ba4be480   compbatt  Fri Aug 17 15:57:58 2001 (3B7D8556)
ba4c0000 ba4c3700   BATTC     Fri Aug 17 15:57:52 2001 (3B7D8550)
ba4c4000 ba4c7a80   cpqarray  Fri Aug 17 15:52:05 2001 (3B7D83F5)
ba4c8000 ba4cb200   aha154x   Fri Aug 17 15:51:59 2001 (3B7D83EF)
ba4cc000 ba4cff80   symc810   Fri Dec 08 11:40:59 2000 (3A311D2B)
ba4d0000 ba4d3980   dac960nt  Fri Aug 17 15:52:13 2001 (3B7D83FD)
ba4d4000 ba4d6f00   amsint    Fri Aug 17 15:52:01 2001 (3B7D83F1)
ba4d8000 ba4dba00   asc3550   Fri Aug 17 15:51:56 2001 (3B7D83EC)
ba4dc000 ba4dfe80   ini910u   Fri Aug 17 15:52:07 2001 (3B7D83F7)
ba4e0000 ba4e3680   cbidf2k   Fri Aug 17 15:52:06 2001 (3B7D83F6)
ba4e4000 ba4e7320   Gernuwa   Mon Apr 21 12:00:31 2003 (3EA423AF)
ba574000 ba576280   wmiacpi   Wed Aug 04 01:07:39 2004 (41107D2B)
ba57c000 ba57f700   CmBatt    Wed Aug 04 01:07:39 2004 (41107D2B)
ba58c000 ba58e280   rasacd    Fri Aug 17 15:55:39 2001 (3B7D84CB)
ba598000 ba59bc80   serenum   Wed Aug 04 00:59:06 2004 (41107B2A)
ba5a8000 ba5a9b80   kdcom     Fri Aug 17 15:49:10 2001 (3B7D8346)
ba5aa000 ba5ab100   WMILIB    Fri Aug 17 16:07:23 2001 (3B7D878B)
ba5ac000 ba5ad480   aliide    Fri Aug 17 15:51:54 2001 (3B7D83EA)
ba5ae000 ba5af580   intelide  Wed Aug 04 00:59:40 2004 (41107B4C)
ba5b0000 ba5b1380   toside    Fri Aug 17 15:51:52 2001 (3B7D83E8)
ba5b2000 ba5b3500   viaide    Wed Aug 04 00:59:42 2004 (41107B4E)
ba5b4000 ba5b5a00   cmdide    Fri Aug 17 15:51:51 2001 (3B7D83E7)
ba5b6000 ba5b7700   dmload    Fri Aug 17 15:58:15 2001 (3B7D8567)
ba5b8000 ba5b9e00   cd20xrnt  Fri Aug 17 15:52:04 2001 (3B7D83F4)
ba5ba000 ba5bb580   perc2hib  Mon Apr 23 05:51:37 2001 (3AE40939)
ba5c0000 ba5c1100   swenum    Wed Aug 04 00:58:41 2004 (41107B11)
ba5cc000 ba5cd280   USBD      Fri Aug 17 16:02:58 2001 (3B7D8682)
ba5d4000 ba5d6000   i2omgmt   Wed Aug 04 01:00:50 2004 (41107B92)
ba5e4000 ba5e55c0   sscdbhk5  Wed Jan 14 21:18:14 2004 (40060676)
ba5e6000 ba5e7f00   Fs_Rec    Fri Aug 17 15:49:37 2001 (3B7D8361)
ba5e8000 ba5e9080   Beep      Fri Aug 17 15:47:33 2001 (3B7D82E5)
ba5ec000 ba5edde0   awechomd  Fri Mar 05 11:52:22 2004 (4048BE56)
ba5f4000 ba5f5080   mnmdd     Fri Aug 17 15:57:28 2001 (3B7D8538)
ba606000 ba607080   RDPCDD    Fri Aug 17 15:46:56 2001 (3B7D82C0)
ba622000 ba623100   dump_WMILIB  Fri Aug 17 16:07:23 2001 (3B7D878B)
ba636000 ba637a80   ParVdm    Fri Aug 17 15:49:49 2001 (3B7D836D)
ba66a000 ba66b8a0   tfsnpool  Mon Mar 15 14:04:56 2004 (4055FE58)
ba670000 ba670d00   pciide    Fri Aug 17 15:51:49 2001 (3B7D83E5)
ba688000 ba688880   tfsndres  Mon Mar 15 14:05:51 2004 (4055FE8F)
ba6d6000 ba6d6fe0   tfsndrct  Mon Mar 15 14:05:22 2004 (4055FE72)
ba740000 ba740b80   Null      Fri Aug 17 15:47:39 2001 (3B7D82EB)
ba7cb000 ba7cbc00   audstub   Fri Aug 17 15:59:40 2001 (3B7D85BC)
ba7f0000 ba7f0d00   dxgthk    Fri Aug 17 15:53:12 2001 (3B7D8438)
bf000000 bf011580   dxg       Wed Aug 04 01:00:51 2004 (41107B93)
bf012000 bf024000   igxprd32  Fri Mar 30 16:33:54 2007 (460D8242)
bf024000 bf04e000   igxpgd32  Fri Mar 30 16:33:48 2007 (460D823C)
bf04e000 bf1d7cc0   igxpdv32  Fri Mar 30 16:33:33 2007 (460D822D)
bf1d8000 bf454000   igxpdx32  Fri Mar 30 16:34:40 2007 (460D8270)
bf800000 bf9c2800   win32k    Wed Mar 19 04:46:46 2008 (47E0E106)
bffa0000 bffe5c00   ATMFD     Wed Aug 04 02:56:56 2004 (411096C8)

Unloaded modules:
a679e000 a67c9000   kmixer.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
a67f1000 a681c000   kmixer.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
a695c000 a6987000   kmixer.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
a69ff000 a6a2a000   kmixer.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
a6d4a000 a6d75000   kmixer.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
a7606000 a7631000   kmixer.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
a7631000 a7654000   aec.sys 
    Timestamp: unavailable (00000000)
    Checksum:  00000000
ba768000 ba769000   drmkaud.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
a796f000 a797c000   DMusic.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
a79b7000 a79c5000   swmidi.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
ba64a000 ba64c000   splitter.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
a8b97000 a8bac000   naveng.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
a8bac000 a8c7c000   navex15.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
a894a000 a8961000   ialmsbw.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
ba268000 ba271000   processr.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
ba3d8000 ba3dd000   Cdaudio.SYS
    Timestamp: unavailable (00000000)
    Checksum:  00000000
b92ed000 b92f0000   Sfloppy.SYS
    Timestamp: unavailable (00000000)
    Checksum:  00000000
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000000A, {80000011, 1c, 0, 804fc495}

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!KPRCB                                      ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!KPRCB                                      ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
*                                                                   *
* The Symbol Path can be set by:                                    *
*   using the _NT_SYMBOL_PATH environment variable.                 *
*   using the -y <symbol_path> argument when starting the debugger. *
*   using .sympath and .sympath+                                    *
*********************************************************************
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
*                                                                   *
* The Symbol Path can be set by:                                    *
*   using the _NT_SYMBOL_PATH environment variable.                 *
*   using the -y <symbol_path> argument when starting the debugger. *
*   using .sympath and .sympath+                                    *
*********************************************************************
Probably caused by : ntoskrnl.exe ( nt+25495 )

Followup: MachineOwner
---------

Finished dump check

Edited by Yzöwl
code tags added
Link to comment
Share on other sites
JedMeister

JedMeister

Posted
Posted

I would suggest you upload the dump file here and hopefully one of the clever cookies round here who can read dump files will come to your aid. Check back over your event log and see if there are any other codes or just that one. Good luck

Link to comment
Share on other sites
Mr Snrub

Mr Snrub

Posted
Posted
Loading Dump File [c:\WINDOWS\Minidump\Mini072108-02.dmp]

Mini Kernel Dump File: Only registers and stack trace are available

You should set your machine to create a kernel memory dump, it is not often that a minidump has enough useful information in it to diagnose the problem.

Right-click My Computer, click Properties

Select Advanced tab

Click Settings button at the bottom, under "Startup and Recovery"

Under "Write debugging information" select "Kernel memory dump"

Click OK

Click Settings button at the top, under "Performance"

Select Advanced tab

Click Change button

Ensure that there is a page file on the C: drive at least as large as the amount of RAM you have installed, plus 50MB

(e.g. if you have 1GB installed, it should be at least 1074MB)

If it is already at least this large, don't change anything - if you have moved the page file to another volume then you need to make a change or a dump file cannot be created.

Click OK on all the open windows

When the next bugcheck occurs, the system should create a dump of kernel memory in C:\Windows\MEMORY.DMP - make a copy of this file, compress it and upload it somewhere we can take a look (there are plenty of free file hosting sites around).

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...