[Help] Windows Live Messenger killing Win XP Pro SP2!

[Cr4z33]

I have latest WLM 8.0.0812 and I am using it for a couple of weeks.

Now from one day to another it has become very dangerous for my system.

If I try to reboot/shutdown the system, WLM kills Windows suddenly without a BSOD or something else and resets my computer.

Same thing happens if I try to close WLM.

I post below some of the several different crash dumps and a screenshot of running tasks.

:help:

Microsoft ® Windows Debugger Version 6.6.0007.5

Copyright © Microsoft Corporation. All rights reserved.

Loading Dump File [C:\WINDOWS\Minidump\Mini102106-02.dmp]Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: *** Invalid ***

****************************************************************************

* Symbol loading may be unreliable without a symbol search path. *

* Use .symfix to have the debugger choose a symbol path. *

* After setting your symbol path, use .reload to refresh symbol locations. *

****************************************************************************

Executable search path is:

*********************************************************************

* Symbols can not be loaded because symbol path is not initialized. *

* *

* The Symbol Path can be set by: *

* using the _NT_SYMBOL_PATH environment variable. *

* using the -y <symbol_path> argument when starting the debugger. *

* using .sympath and .sympath+ *

*********************************************************************

Unable to load image ntoskrnl.exe, Win32 error 2

*** WARNING: Unable to verify timestamp for ntoskrnl.exe

*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe

Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible

Product: WinNt, suite: TerminalServer SingleUserTS

Kernel base = 0x804d7000 PsLoadedModuleList = 0x805531a0

Debug session time: Sat Oct 21 08:55:05.875 2006 (GMT+2)

System Uptime: 0 days 0:23:02.383

*********************************************************************

* Symbols can not be loaded because symbol path is not initialized. *

* *

* The Symbol Path can be set by: *

* using the _NT_SYMBOL_PATH environment variable. *

* using the -y <symbol_path> argument when starting the debugger. *

* using .sympath and .sympath+ *

*********************************************************************

Unable to load image ntoskrnl.exe, Win32 error 2

*** WARNING: Unable to verify timestamp for ntoskrnl.exe

*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe

Loading Kernel Symbols

....................................................................................................

..............................................

Loading User Symbols

Loading unloaded module list

..........

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 100000D1, {1, 2, 8, 1}

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

Probably caused by : ntoskrnl.exe ( nt+192a7 )

Followup: MachineOwner

---------

kd> !analyze -v

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)

An attempt was made to access a pageable (or completely invalid) address at an

interrupt request level (IRQL) that is too high. This is usually

caused by drivers using improper addresses.

If kernel debugger is available get stack backtrace.

Arguments:

Arg1: 00000001, memory referenced

Arg2: 00000002, IRQL

Arg3: 00000008, value 0 = read operation, 1 = write operation

Arg4: 00000001, address which referenced memory

Debugging Details:

------------------

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

MODULE_NAME: nt

FAULTING_MODULE: 804d7000 nt

DEBUG_FLR_IMAGE_TIMESTAMP: 42250a1d

WRITE_ADDRESS: unable to get nt!MmSpecialPoolStart

unable to get nt!MmSpecialPoolEnd

unable to get nt!MmPoolCodeStart

unable to get nt!MmPoolCodeEnd

00000001

CURRENT_IRQL: 2

FAULTING_IP:

+1

00000001 ?? ???

CUSTOMER_CRASH_COUNT: 2

DEFAULT_BUCKET_ID: WRONG_SYMBOLS

BUGCHECK_STR: 0xD1

LAST_CONTROL_TRANSFER: from 804f02a7 to 00000001

STACK_TEXT:

WARNING: Frame IP not in any known module. Following frames may be wrong.

a658ac04 804f02a7 856eb6c8 850af980 8525821c 0x1

a658ac20 80571cd0 850af980 00000000 850af980 nt+0x192a7

a658ac3c 80573bbb 8525821c 850af980 850afa5c nt+0x9acd0

a658ac58 805749c9 86ca3b90 00000103 852581c0 nt+0x9cbbb

a658ad00 8056d326 00000c8c 000008a8 00000000 nt+0x9d9c9

a658ad34 8053c808 00000c8c 000008a8 00000000 nt+0x96326

a658ad64 7c91eb94 badb0d00 076ae900 a6a0fd98 nt+0x65808

a658ad68 badb0d00 076ae900 a6a0fd98 a6a0fdcc 0x7c91eb94

a658ad6c 076ae900 a6a0fd98 a6a0fdcc 00000000 0xbadb0d00

a658ad70 a6a0fd98 a6a0fdcc 00000000 00000000 0x76ae900

a658ad74 a6a0fdcc 00000000 00000000 00000000 0xa6a0fd98

a658ad78 00000000 00000000 00000000 00000000 0xa6a0fdcc

STACK_COMMAND: kb

FOLLOWUP_IP:

nt+192a7

804f02a7 ?? ???

SYMBOL_STACK_INDEX: 1

FOLLOWUP_NAME: MachineOwner

IMAGE_NAME: ntoskrnl.exe

SYMBOL_NAME: nt+192a7

BUCKET_ID: WRONG_SYMBOLS

Followup: MachineOwner

---------

kd> .restart /f

Loading Dump File [C:\WINDOWS\Minidump\Mini102106-02.dmp]

Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: *** Invalid ***

****************************************************************************

* Symbol loading may be unreliable without a symbol search path. *

* Use .symfix to have the debugger choose a symbol path. *

* After setting your symbol path, use .reload to refresh symbol locations. *

****************************************************************************

Executable search path is:

*********************************************************************

* Symbols can not be loaded because symbol path is not initialized. *

* *

* The Symbol Path can be set by: *

* using the _NT_SYMBOL_PATH environment variable. *

* using the -y <symbol_path> argument when starting the debugger. *

* using .sympath and .sympath+ *

*********************************************************************

Unable to load image ntoskrnl.exe, Win32 error 2

*** WARNING: Unable to verify timestamp for ntoskrnl.exe

*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe

Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible

Product: WinNt, suite: TerminalServer SingleUserTS

Kernel base = 0x804d7000 PsLoadedModuleList = 0x805531a0

Debug session time: Sat Oct 21 08:55:05.875 2006 (GMT+2)

System Uptime: 0 days 0:23:02.383

*********************************************************************

* Symbols can not be loaded because symbol path is not initialized. *

* *

* The Symbol Path can be set by: *

* using the _NT_SYMBOL_PATH environment variable. *

* using the -y <symbol_path> argument when starting the debugger. *

* using .sympath and .sympath+ *

*********************************************************************

Unable to load image ntoskrnl.exe, Win32 error 2

*** WARNING: Unable to verify timestamp for ntoskrnl.exe

*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe

Loading Kernel Symbols

....................................................................................................

..............................................

Loading User Symbols

Loading unloaded module list

..........

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 100000D1, {1, 2, 8, 1}

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

Probably caused by : ntoskrnl.exe ( nt+192a7 )

Followup: MachineOwner

---------

kd> !analyze -v

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)

An attempt was made to access a pageable (or completely invalid) address at an

interrupt request level (IRQL) that is too high. This is usually

caused by drivers using improper addresses.

If kernel debugger is available get stack backtrace.

Arguments:

Arg1: 00000001, memory referenced

Arg2: 00000002, IRQL

Arg3: 00000008, value 0 = read operation, 1 = write operation

Arg4: 00000001, address which referenced memory

Debugging Details:

------------------

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

MODULE_NAME: nt

FAULTING_MODULE: 804d7000 nt

DEBUG_FLR_IMAGE_TIMESTAMP: 42250a1d

WRITE_ADDRESS: unable to get nt!MmSpecialPoolStart

unable to get nt!MmSpecialPoolEnd

unable to get nt!MmPoolCodeStart

unable to get nt!MmPoolCodeEnd

00000001

CURRENT_IRQL: 2

FAULTING_IP:

+1

00000001 ?? ???

CUSTOMER_CRASH_COUNT: 2

DEFAULT_BUCKET_ID: WRONG_SYMBOLS

BUGCHECK_STR: 0xD1

LAST_CONTROL_TRANSFER: from 804f02a7 to 00000001

STACK_TEXT:

WARNING: Frame IP not in any known module. Following frames may be wrong.

a658ac04 804f02a7 856eb6c8 850af980 8525821c 0x1

a658ac20 80571cd0 850af980 00000000 850af980 nt+0x192a7

a658ac3c 80573bbb 8525821c 850af980 850afa5c nt+0x9acd0

a658ac58 805749c9 86ca3b90 00000103 852581c0 nt+0x9cbbb

a658ad00 8056d326 00000c8c 000008a8 00000000 nt+0x9d9c9

a658ad34 8053c808 00000c8c 000008a8 00000000 nt+0x96326

a658ad64 7c91eb94 badb0d00 076ae900 a6a0fd98 nt+0x65808

a658ad68 badb0d00 076ae900 a6a0fd98 a6a0fdcc 0x7c91eb94

a658ad6c 076ae900 a6a0fd98 a6a0fdcc 00000000 0xbadb0d00

a658ad70 a6a0fd98 a6a0fdcc 00000000 00000000 0x76ae900

a658ad74 a6a0fdcc 00000000 00000000 00000000 0xa6a0fd98

a658ad78 00000000 00000000 00000000 00000000 0xa6a0fdcc

STACK_COMMAND: kb

FOLLOWUP_IP:

nt+192a7

804f02a7 ?? ???

SYMBOL_STACK_INDEX: 1

FOLLOWUP_NAME: MachineOwner

IMAGE_NAME: ntoskrnl.exe

SYMBOL_NAME: nt+192a7

BUCKET_ID: WRONG_SYMBOLS

Followup: MachineOwner

---------

Microsoft ® Windows Debugger Version 6.6.0007.5

Copyright © Microsoft Corporation. All rights reserved.

Loading Dump File [C:\WINDOWS\Minidump\Mini102106-03.dmp]Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: *** Invalid ***

****************************************************************************

* Symbol loading may be unreliable without a symbol search path. *

* Use .symfix to have the debugger choose a symbol path. *

* After setting your symbol path, use .reload to refresh symbol locations. *

****************************************************************************

Executable search path is:

*********************************************************************

* Symbols can not be loaded because symbol path is not initialized. *

* *

* The Symbol Path can be set by: *

* using the _NT_SYMBOL_PATH environment variable. *

* using the -y <symbol_path> argument when starting the debugger. *

* using .sympath and .sympath+ *

*********************************************************************

Unable to load image ntoskrnl.exe, Win32 error 2

*** WARNING: Unable to verify timestamp for ntoskrnl.exe

*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe

Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible

Product: WinNt, suite: TerminalServer SingleUserTS

Kernel base = 0x804d7000 PsLoadedModuleList = 0x805531a0

Debug session time: Sat Oct 21 09:29:08.546 2006 (GMT+2)

System Uptime: 0 days 0:33:20.056

*********************************************************************

* Symbols can not be loaded because symbol path is not initialized. *

* *

* The Symbol Path can be set by: *

* using the _NT_SYMBOL_PATH environment variable. *

* using the -y <symbol_path> argument when starting the debugger. *

* using .sympath and .sympath+ *

*********************************************************************

Unable to load image ntoskrnl.exe, Win32 error 2

*** WARNING: Unable to verify timestamp for ntoskrnl.exe

*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe

Loading Kernel Symbols

....................................................................................................

.................................................

Loading User Symbols

Loading unloaded module list

...........

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000007F, {d, 0, 0, 0}

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

Probably caused by : ntoskrnl.exe ( nt+192a7 )

Followup: MachineOwner

---------

kd> t

^ No runnable debuggees error in 't'

kd> !analyze -v

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************

UNEXPECTED_KERNEL_MODE_TRAP_M (1000007f)

This means a trap occurred in kernel mode, and it's a trap of a kind

that the kernel isn't allowed to have/catch (bound trap) or that

is always instant death (double fault). The first number in the

bugcheck params is the number of the trap (8 = double fault, etc)

Consult an Intel x86 family manual to learn more about what these

traps are. Here is a *portion* of those codes:

If kv shows a taskGate

use .tss on the part before the colon, then kv.

Else if kv shows a trapframe

use .trap on that value

Else

.trap on the appropriate frame will show where the trap was taken

(on x86, this will be the ebp that goes with the procedure KiTrap)

Endif

kb will then show the corrected stack.

Arguments:

Arg1: 0000000d, EXCEPTION_GP_FAULT

Arg2: 00000000

Arg3: 00000000

Arg4: 00000000

Debugging Details:

------------------

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

MODULE_NAME: nt

FAULTING_MODULE: 804d7000 nt

DEBUG_FLR_IMAGE_TIMESTAMP: 42250a1d

BUGCHECK_STR: 0x7f_d

CUSTOMER_CRASH_COUNT: 3

DEFAULT_BUCKET_ID: WRONG_SYMBOLS

LAST_CONTROL_TRANSFER: from 804f02a7 to 8194c75c

STACK_TEXT:

WARNING: Frame IP not in any known module. Following frames may be wrong.

a6f49c04 804f02a7 00000000 84e25988 84f917ec 0x8194c75c

a6f49c20 80571cd0 84e25988 00000000 84e25988 nt+0x192a7

a6f49c3c 80573bbb 84f917ec 84e25988 84e25a64 nt+0x9acd0

a6f49c58 805749c9 862518d0 00000103 84f91790 nt+0x9cbbb

a6f49d00 8056d326 00000c68 000008e8 00000000 nt+0x9d9c9

a6f49d34 8053c808 00000c68 000008e8 00000000 nt+0x96326

a6f49d64 7c91eb94 badb0d00 0437e900 a75ffd98 nt+0x65808

a6f49d68 badb0d00 0437e900 a75ffd98 a75ffdcc 0x7c91eb94

a6f49d6c 0437e900 a75ffd98 a75ffdcc 00000000 0xbadb0d00

a6f49d70 a75ffd98 a75ffdcc 00000000 00000000 0x437e900

a6f49d74 a75ffdcc 00000000 00000000 00000000 0xa75ffd98

a6f49d78 00000000 00000000 00000000 00000000 0xa75ffdcc

STACK_COMMAND: kb

FOLLOWUP_IP:

nt+192a7

804f02a7 ?? ???

SYMBOL_STACK_INDEX: 1

FOLLOWUP_NAME: MachineOwner

IMAGE_NAME: ntoskrnl.exe

SYMBOL_NAME: nt+192a7

BUCKET_ID: WRONG_SYMBOLS

Followup: MachineOwner

---------

Microsoft ® Windows Debugger Version 6.6.0007.5

Copyright © Microsoft Corporation. All rights reserved.

Loading Dump File [C:\WINDOWS\Minidump\Mini102006-04.dmp]Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: *** Invalid ***

****************************************************************************

* Symbol loading may be unreliable without a symbol search path. *

* Use .symfix to have the debugger choose a symbol path. *

* After setting your symbol path, use .reload to refresh symbol locations. *

****************************************************************************

Executable search path is:

*********************************************************************

* Symbols can not be loaded because symbol path is not initialized. *

* *

* The Symbol Path can be set by: *

* using the _NT_SYMBOL_PATH environment variable. *

* using the -y <symbol_path> argument when starting the debugger. *

* using .sympath and .sympath+ *

*********************************************************************

Unable to load image ntoskrnl.exe, Win32 error 2

*** WARNING: Unable to verify timestamp for ntoskrnl.exe

*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe

Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible

Product: WinNt, suite: TerminalServer SingleUserTS

Kernel base = 0x804d7000 PsLoadedModuleList = 0x805531a0

Debug session time: Fri Oct 20 13:52:09.078 2006 (GMT+2)

System Uptime: 0 days 1:05:58.582

*********************************************************************

* Symbols can not be loaded because symbol path is not initialized. *

* *

* The Symbol Path can be set by: *

* using the _NT_SYMBOL_PATH environment variable. *

* using the -y <symbol_path> argument when starting the debugger. *

* using .sympath and .sympath+ *

*********************************************************************

Unable to load image ntoskrnl.exe, Win32 error 2

*** WARNING: Unable to verify timestamp for ntoskrnl.exe

*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe

Loading Kernel Symbols

....................................................................................................

.................................................

Loading User Symbols

Loading unloaded module list

............

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 100000D1, {1, 2, 8, 1}

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

Probably caused by : ntoskrnl.exe ( nt+192a7 )

Followup: MachineOwner

---------

kd> !analyze -v

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)

An attempt was made to access a pageable (or completely invalid) address at an

interrupt request level (IRQL) that is too high. This is usually

caused by drivers using improper addresses.

If kernel debugger is available get stack backtrace.

Arguments:

Arg1: 00000001, memory referenced

Arg2: 00000002, IRQL

Arg3: 00000008, value 0 = read operation, 1 = write operation

Arg4: 00000001, address which referenced memory

Debugging Details:

------------------

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

MODULE_NAME: nt

FAULTING_MODULE: 804d7000 nt

DEBUG_FLR_IMAGE_TIMESTAMP: 42250a1d

WRITE_ADDRESS: unable to get nt!MmSpecialPoolStart

unable to get nt!MmSpecialPoolEnd

unable to get nt!MmPoolCodeStart

unable to get nt!MmPoolCodeEnd

00000001

CURRENT_IRQL: 2

FAULTING_IP:

+1

00000001 ?? ???

CUSTOMER_CRASH_COUNT: 4

DEFAULT_BUCKET_ID: WRONG_SYMBOLS

BUGCHECK_STR: 0xD1

LAST_CONTROL_TRANSFER: from 804f02a7 to 00000001

STACK_TEXT:

WARNING: Frame IP not in any known module. Following frames may be wrong.

a8080c04 804f02a7 855b6f14 8503ce70 84f411dc 0x1

a8080c20 80571cd0 8503ce70 00000000 8503ce70 nt+0x192a7

a8080c3c 80573bbb 84f411dc 8503ce70 8503cf4c nt+0x9acd0

a8080c58 805749c9 864f9860 00000103 84f41180 nt+0x9cbbb

a8080d00 8056d326 00000aa8 00000980 00000000 nt+0x9d9c9

a8080d34 8053c808 00000aa8 00000980 00000000 nt+0x96326

a8080d64 7c91eb94 badb0d00 041ee900 a823cd98 nt+0x65808

a8080d68 badb0d00 041ee900 a823cd98 a823cdcc 0x7c91eb94

a8080d6c 041ee900 a823cd98 a823cdcc 00000000 0xbadb0d00

a8080d70 a823cd98 a823cdcc 00000000 00000000 0x41ee900

a8080d74 a823cdcc 00000000 00000000 00000000 0xa823cd98

a8080d78 00000000 00000000 00000000 00000000 0xa823cdcc

STACK_COMMAND: kb

FOLLOWUP_IP:

nt+192a7

804f02a7 ?? ???

SYMBOL_STACK_INDEX: 1

FOLLOWUP_NAME: MachineOwner

IMAGE_NAME: ntoskrnl.exe

SYMBOL_NAME: nt+192a7

BUCKET_ID: WRONG_SYMBOLS

Followup: MachineOwner

---------

[jcarle]

99% of all BSOD are hardware related. Check your hardware.

1) Check your CPU fan and heatsink for proper ventilation (dust-free and turning freely)

2) Run a memtest

3) Chkdsk your hard drive

4) Run your hard drive's manufacturer's diagnostics on your hard drive

5) Check your power supply

[Cr4z33]

99% of all BSOD are hardware related. Check your hardware.

1) Check your CPU fan and heatsink for proper ventilation (dust-free and turning freely)

2) Run a memtest

3) Chkdsk your hard drive

4) Run your hard drive's manufacturer's diagnostics on your hard drive

5) Check your power supply

Sorry, I forgot to say I have other 2 win xp partitions and there're no problems at all with WLM.

Will do anyway a deep chkdsk scan.

[jcarle]

If you have no hardware problem, then check your drivers, run SFC and windows updates.

If you still have problems, then perhaps your windows installation is corrupt.

[LLXX]

Did you really have to post an image of the task manager with all that empty space at the bottom?

[CoffeeFiend]

If you're gonna do crash dump analysis (or use windbg or kd at all really), you might wanna fix your symbol path first...

[Cr4z33]

If you're gonna do crash dump analysis (or use windbg or kd at all really), you might wanna fix your symbol path first...

Sorry how can I fix it?

[CoffeeFiend]

Look under File -> Symbol File Path, or just ctrl-s, or the .sympath command. Then paste something like:

SRV*c:\somewhere*http://msdl.microsoft.com/download/symbols

(replace that "somewhere" part for whatever place you want your symbol local cache to be). The 2nd part is MS' symbol server's URL (it'll pull the required symbols as needed from it, instead of you having to install a bunch of large symbol packages for each OS/SP targeted)

If you use windbg or kd often enough, you might want to set the _NT_SYMBOL_PATH environment variable. Personally, as I use it a fair bit, I set it at the same time the debugging tools get installed unattended (they're just a standard msi file) via a reg tweak:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment]
"_NT_SYMBOL_PATH"="SRV*c:\\somewhere*http://msdl.microsoft.com/download/symbols"

Don't forget to change the path again! (yet another reg tweak I hadn't bothered sharing yet)

Edited October 23, 2006 by crahak

[Cr4z33]

Look under File -> Symbol File Path, or just ctrl-s, or the .sympath command. Then paste something like:

SRV*c:\somewhere*http://msdl.microsoft.com/download/symbols

(replace that "somewhere" part for whatever place you want your symbol local cache to be). The 2nd part is MS' symbol server's URL (it'll pull the required symbols as needed from it, instead of you having to install a bunch of large symbol packages for each OS/SP targeted)

If you use windbg or kd often enough, you might want to set the _NT_SYMBOL_PATH environment variable. Personally, as I use it a fair bit, I set it at the same time the debugging tools get installed unattended (they're just a standard msi file) via a reg tweak:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment]
"_NT_SYMBOL_PATH"="SRV*c:\\somewhere*http://msdl.microsoft.com/download/symbols"

Don't forget to change the path again! (yet another reg tweak I hadn't bothered sharing yet)

First of all, thank you very much for your help.

Here are again the previous dumps in the correct way.

Microsoft ® Windows Debugger Version 6.6.0007.5

Copyright © Microsoft Corporation. All rights reserved.

Loading Dump File [C:\WINDOWS\Minidump\Mini102106-02.dmp]Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*C:\Programmi\Microsoft\Debugging Tools for Windows\symbcache*http://msdl.microsoft.com/download/symbols

Executable search path is:

Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible

Product: WinNt, suite: TerminalServer SingleUserTS

Built by: 2600.xpsp_sp2_gdr.050301-1519

Kernel base = 0x804d7000 PsLoadedModuleList = 0x805531a0

Debug session time: Sat Oct 21 08:55:05.875 2006 (GMT+2)

System Uptime: 0 days 0:23:02.383

Loading Kernel Symbols

....................................................................................................

..............................................

Loading User Symbols

Loading unloaded module list

..........

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 100000D1, {1, 2, 8, 1}

Probably caused by : ntkrnlpa.exe ( nt!IoCancelIrp+6f )

Followup: MachineOwner

---------

kd> !analyze -v

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)

An attempt was made to access a pageable (or completely invalid) address at an

interrupt request level (IRQL) that is too high. This is usually

caused by drivers using improper addresses.

If kernel debugger is available get stack backtrace.

Arguments:

Arg1: 00000001, memory referenced

Arg2: 00000002, IRQL

Arg3: 00000008, value 0 = read operation, 1 = write operation

Arg4: 00000001, address which referenced memory

Debugging Details:

------------------

WRITE_ADDRESS: 00000001

CURRENT_IRQL: 2

FAULTING_IP:

+1

00000001 ?? ???

PROCESS_NAME: msnmsgr.exe

CUSTOMER_CRASH_COUNT: 2

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0xD1

LAST_CONTROL_TRANSFER: from 804f02a7 to 00000001

STACK_TEXT:

WARNING: Frame IP not in any known module. Following frames may be wrong.

a658ac04 804f02a7 856eb6c8 850af980 8525821c 0x1

a658ac20 80571cd0 850af980 00000000 850af980 nt!IoCancelIrp+0x6f

a658ac3c 80573bbb 8525821c 850af980 850afa5c nt!IopCancelAlertedRequest+0x28

a658ac58 805749c9 86ca3b90 00000103 852581c0 nt!IopSynchronousServiceTail+0xe1

a658ad00 8056d326 00000c8c 000008a8 00000000 nt!IopXxxControlFile+0x5e7

a658ad34 8053c808 00000c8c 000008a8 00000000 nt!NtDeviceIoControlFile+0x2a

a658ad34 7c91eb94 00000c8c 000008a8 00000000 nt!KiFastCallEntry+0xf8

076aea2c 00000000 00000000 00000000 00000000 0x7c91eb94

STACK_COMMAND: kb

FOLLOWUP_IP:

nt!IoCancelIrp+6f

804f02a7 b001 mov al,1

SYMBOL_STACK_INDEX: 1

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntkrnlpa.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 42250a1d

SYMBOL_NAME: nt!IoCancelIrp+6f

FAILURE_BUCKET_ID: 0xD1_W_nt!IoCancelIrp+6f

BUCKET_ID: 0xD1_W_nt!IoCancelIrp+6f

Followup: MachineOwner

---------

Microsoft ® Windows Debugger Version 6.6.0007.5

Copyright © Microsoft Corporation. All rights reserved.

Loading Dump File [C:\WINDOWS\Minidump\Mini102106-03.dmp]Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*C:\Programmi\Microsoft\Debugging Tools for Windows\symbcache*http://msdl.microsoft.com/download/symbols

Executable search path is:

Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible

Product: WinNt, suite: TerminalServer SingleUserTS

Built by: 2600.xpsp_sp2_gdr.050301-1519

Kernel base = 0x804d7000 PsLoadedModuleList = 0x805531a0

Debug session time: Sat Oct 21 09:29:08.546 2006 (GMT+2)

System Uptime: 0 days 0:33:20.056

Loading Kernel Symbols

....................................................................................................

.................................................

Loading User Symbols

Loading unloaded module list

...........

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000007F, {d, 0, 0, 0}

Probably caused by : ntkrnlpa.exe ( nt!IoCancelIrp+6f )

Followup: MachineOwner

---------

kd> !analyze -v

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************

UNEXPECTED_KERNEL_MODE_TRAP_M (1000007f)

This means a trap occurred in kernel mode, and it's a trap of a kind

that the kernel isn't allowed to have/catch (bound trap) or that

is always instant death (double fault). The first number in the

bugcheck params is the number of the trap (8 = double fault, etc)

Consult an Intel x86 family manual to learn more about what these

traps are. Here is a *portion* of those codes:

If kv shows a taskGate

use .tss on the part before the colon, then kv.

Else if kv shows a trapframe

use .trap on that value

Else

.trap on the appropriate frame will show where the trap was taken

(on x86, this will be the ebp that goes with the procedure KiTrap)

Endif

kb will then show the corrected stack.

Arguments:

Arg1: 0000000d, EXCEPTION_GP_FAULT

Arg2: 00000000

Arg3: 00000000

Arg4: 00000000

Debugging Details:

------------------

BUGCHECK_STR: 0x7f_d

CUSTOMER_CRASH_COUNT: 3

DEFAULT_BUCKET_ID: DRIVER_FAULT

PROCESS_NAME: msnmsgr.exe

LAST_CONTROL_TRANSFER: from 804f02a7 to 8194c75c

STACK_TEXT:

WARNING: Frame IP not in any known module. Following frames may be wrong.

a6f49c04 804f02a7 00000000 84e25988 84f917ec 0x8194c75c

a6f49c20 80571cd0 84e25988 00000000 84e25988 nt!IoCancelIrp+0x6f

a6f49c3c 80573bbb 84f917ec 84e25988 84e25a64 nt!IopCancelAlertedRequest+0x28

a6f49c58 805749c9 862518d0 00000103 84f91790 nt!IopSynchronousServiceTail+0xe1

a6f49d00 8056d326 00000c68 000008e8 00000000 nt!IopXxxControlFile+0x5e7

a6f49d34 8053c808 00000c68 000008e8 00000000 nt!NtDeviceIoControlFile+0x2a

a6f49d34 7c91eb94 00000c68 000008e8 00000000 nt!KiFastCallEntry+0xf8

0437ea2c 00000000 00000000 00000000 00000000 0x7c91eb94

STACK_COMMAND: kb

FOLLOWUP_IP:

nt!IoCancelIrp+6f

804f02a7 b001 mov al,1

SYMBOL_STACK_INDEX: 1

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntkrnlpa.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 42250a1d

SYMBOL_NAME: nt!IoCancelIrp+6f

FAILURE_BUCKET_ID: 0x7f_d_nt!IoCancelIrp+6f

BUCKET_ID: 0x7f_d_nt!IoCancelIrp+6f

Followup: MachineOwner

---------

Microsoft ® Windows Debugger Version 6.6.0007.5

Copyright © Microsoft Corporation. All rights reserved.

Loading Dump File [C:\WINDOWS\Minidump\Mini102006-04.dmp]Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*C:\Programmi\Microsoft\Debugging Tools for Windows\symbcache*http://msdl.microsoft.com/download/symbols

Executable search path is:

Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible

Product: WinNt, suite: TerminalServer SingleUserTS

Built by: 2600.xpsp_sp2_gdr.050301-1519

Kernel base = 0x804d7000 PsLoadedModuleList = 0x805531a0

Debug session time: Fri Oct 20 13:52:09.078 2006 (GMT+2)

System Uptime: 0 days 1:05:58.582

Loading Kernel Symbols

....................................................................................................

.................................................

Loading User Symbols

Loading unloaded module list

............

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 100000D1, {1, 2, 8, 1}

Probably caused by : ntkrnlpa.exe ( nt!IoCancelIrp+6f )

Followup: MachineOwner

---------

kd> !analyze -v

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)

An attempt was made to access a pageable (or completely invalid) address at an

interrupt request level (IRQL) that is too high. This is usually

caused by drivers using improper addresses.

If kernel debugger is available get stack backtrace.

Arguments:

Arg1: 00000001, memory referenced

Arg2: 00000002, IRQL

Arg3: 00000008, value 0 = read operation, 1 = write operation

Arg4: 00000001, address which referenced memory

Debugging Details:

------------------

WRITE_ADDRESS: 00000001

CURRENT_IRQL: 2

FAULTING_IP:

+1

00000001 ?? ???

PROCESS_NAME: msnmsgr.exe

CUSTOMER_CRASH_COUNT: 4

DEFAULT_BUCKET_ID: COMMON_SYSTEM_FAULT

BUGCHECK_STR: 0xD1

LAST_CONTROL_TRANSFER: from 804f02a7 to 00000001

STACK_TEXT:

WARNING: Frame IP not in any known module. Following frames may be wrong.

a8080c04 804f02a7 855b6f14 8503ce70 84f411dc 0x1

a8080c20 80571cd0 8503ce70 00000000 8503ce70 nt!IoCancelIrp+0x6f

a8080c3c 80573bbb 84f411dc 8503ce70 8503cf4c nt!IopCancelAlertedRequest+0x28

a8080c58 805749c9 864f9860 00000103 84f41180 nt!IopSynchronousServiceTail+0xe1

a8080d00 8056d326 00000aa8 00000980 00000000 nt!IopXxxControlFile+0x5e7

a8080d34 8053c808 00000aa8 00000980 00000000 nt!NtDeviceIoControlFile+0x2a

a8080d34 7c91eb94 00000aa8 00000980 00000000 nt!KiFastCallEntry+0xf8

041eea2c 00000000 00000000 00000000 00000000 0x7c91eb94

STACK_COMMAND: kb

FOLLOWUP_IP:

nt!IoCancelIrp+6f

804f02a7 b001 mov al,1

SYMBOL_STACK_INDEX: 1

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntkrnlpa.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 42250a1d

SYMBOL_NAME: nt!IoCancelIrp+6f

FAILURE_BUCKET_ID: 0xD1_W_nt!IoCancelIrp+6f

BUCKET_ID: 0xD1_W_nt!IoCancelIrp+6f

Followup: MachineOwner

---------

[LLXX]

Have you tried reinstalling WLM yet?

[Cr4z33]

Have you tried reinstalling WLM yet?

Yep, I even cleaned all Registry entries and files/folders left around in the HD.

[CoffeeFiend]

First of all, thank you very much for your help.

You're welcome

As for the dumps, there is no overly obvious thing there. I don't really think it's ntkrnlpa.exe (stack is seemingly corrupt), but the crash happens inside IoCancelIrp, IRP being driver messages [iO Request Packet] (and say it says: "This is usually caused by drivers"). Next up: DEFAULT_BUCKET_ID: DRIVER_FAULT (more than once), which usually means a driver problem. Then next we see DRIVER_IRQL_NOT_LESS_OR_EQUAL which is most of the time a misbehaving driver problem. UNEXPECTED_KERNEL_MODE_TRAP_M can also be caused by bad drivers (or bad hardware)

I don't believe it's WLM crashing at all. If anything it's just putting some more stress on a bad driver (NIC driver perhaps? Or firewall if using one). So anyways, looks like a driver problem to me (like a null pointer perhaps). Unfortunately it doesnt't point to a specific driver. Don't overlook the basics either (check your hardware too).

It would be helpful to have your hardware specs too. Event log info too. Lots of stuff really. But personally, if things were crashing so often, I'd likely reformat. It's often quicker to just reinstall than chasing such issues for hours. Hopefully problem doesn't appear again. And you get to test your latest unattended isntall on something else than a virtual machine for a change

[Cr4z33]

Yeah, it looks impossibile to me too to locate the cause of the crashes.

I think Windows has simply been messed up as I install/uninstall lots of stuff.

I am probably gonna reinstall everything.

Thank you for your cooperation