Minidump Analysis?

[Terratoch]

I have some experience with programming, I am entering my 4th year in college as a CS Major, however, this is beyond me. I had to beat my brains out just to be able to LOOK at this, but I still get nothing out of it.
I will just cut to the chase.
While playing World of Warcraft, I constantly get a BSOD that restarts my computer before I get the chance to read it. Fortunately I have managed to catch just one line of the screen, something like:
IRQL_NOT_LESS_OR_EQUAL_TO.
I googled it and it gave me a blue screen screenshot that looked right. Then I learned about debugging programs and how to look in the minidump files, bla bla bla, and now I am here.
The most recent file looks like this. I have since uninstalled my Daemon Tools, wondering if that may solve the problem, but I am not holding my breath at all. If anyone can tell me what is wrong, and can help me at all, I would be very grateful.

Microsoft (R) Windows Debugger Version 6.7.0005.1
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini071007-02.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: *** Invalid ***
************************************************** **************************
* Symbol loading may be unreliable without a symbol search path. *
* Use .symfix to have the debugger choose a symbol path. *
* After setting your symbol path, use .reload to refresh symbol locations. *
************************************************** **************************
Executable search path is:
************************************************** *******************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
************************************************** *******************
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055c700
Debug session time: Tue Jul 10 00:24:18.609 2007 (GMT-4)
System Uptime: 0 days 0:06:28.329
************************************************** *******************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
************************************************** *******************
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Loading Kernel Symbols
.................................................. .................................................. ..............................
Loading User Symbols
Loading unloaded module list
..........
Unable to load image USBPORT.SYS, Win32 error 0n2
*** WARNING: Unable to verify timestamp for USBPORT.SYS
*** ERROR: Module load completed but symbols could not be loaded for USBPORT.SYS
************************************************** *****************************
* *
* Bugcheck Analysis *
* *
************************************************** *****************************

Use !analyze -v to get detailed debugging information.

BugCheck 100000D1, {ff084d9d, 1e, 0, ba25ace6}

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

Probably caused by : USBPORT.SYS ( USBPORT+bce6 )

Followup: MachineOwner
---------

[CCT]

I suspect one of your USB port devices is sharing an IRQ and is in conflict when operating a graphics intensive operation.

Check IRQ sharing in device manager, look for what shares with your vid card and switch USB devices around, etc.

[NooNoo]

Also, turn off automatically restart so the error stays put until you turn off the machine...

Right click my computer, properties, advanced tab, start up and recovery settings button, uncheck automatically restart (near the bottom).

IRQL stop errors are usually about bad drivers.

[Terratoch]

Thank you for the tips, but as for the IRQ Conflicts, I could find nothing. But I have yet ANOTHER minidump. Any analysis and advice as to how to resolve my problem would be even more appreciated.

Microsoft (R) Windows Debugger Version 6.7.0005.1
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini071007-05.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: *** Invalid ***
************************************************** **************************
* Symbol loading may be unreliable without a symbol search path. *
* Use .symfix to have the debugger choose a symbol path. *
* After setting your symbol path, use .reload to refresh symbol locations. *
************************************************** **************************
Executable search path is:
************************************************** *******************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
************************************************** *******************
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055c700
Debug session time: Tue Jul 10 12:56:08.765 2007 (GMT-4)
System Uptime: 0 days 9:22:34.496
************************************************** *******************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
************************************************** *******************
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Loading Kernel Symbols
.................................................. .................................................. ................................
Loading User Symbols
Loading unloaded module list
................
************************************************** *****************************
* *
* Bugcheck Analysis *
* *
************************************************** *****************************

Use !analyze -v to get detailed debugging information.

BugCheck B8, {0, 0, 0, 0}

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

*** WARNING: Unable to verify timestamp for hal.dll
*** ERROR: Module load completed but symbols could not be loaded for hal.dll
*** WARNING: Unable to verify timestamp for NDIS.sys
*** ERROR: Module load completed but symbols could not be loaded for NDIS.sys
*** WARNING: Unable to verify timestamp for vsdatant.sys
*** ERROR: Module load completed but symbols could not be loaded for vsdatant.sys
Probably caused by : vsdatant.sys ( vsdatant+35789 )

Followup: MachineOwner
---------

1: kd> !analyze -v
************************************************** *****************************
* *
* Bugcheck Analysis *
* *
************************************************** *****************************

ATTEMPTED_SWITCH_FROM_DPC (b8)
A wait operation, attach process, or yield was attempted from a DPC routine.
This is an illegal operation and the stack track will lead to the offending
code and original DPC routine.
Arguments:
Arg1: 00000000, Original thread which is the cause of the failure
Arg2: 00000000, New thread
Arg3: 00000000, Stack address of the original thread
Arg4: 00000000

Debugging Details:
------------------

***** Kernel symbols are WRONG. Please fix symbols to do analysis.


FAULTING_MODULE: 804d7000 nt

DEBUG_FLR_IMAGE_TIMESTAMP: 46859c82

CUSTOMER_CRASH_COUNT: 5

DEFAULT_BUCKET_ID: WRONG_SYMBOLS

BUGCHECK_STR: 0xB8

LAST_CONTROL_TRANSFER: from 80544e9b to 804f9dc6

STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
bacdb940 80544e9b 000000b8 ffffffff 00000202 nt+0x22dc6
bacdb968 806e6aeb badb0d00 806e26b8 00000000 nt+0x6de9b
bacdba00 ba51c56e 89807880 891c69d0 88dc3a84 hal+0x4aeb
bacdba58 ba503a08 00000000 88ddd008 00000001 NDIS+0x1956e
bacdba74 b7a11789 897c41f0 87188df0 00000000 NDIS+0xa08
bacdba78 897c41f0 87188df0 00000000 bacdbad0 vsdatant+0x35789
bacdba7c 87188df0 00000000 bacdbad0 897c41f0 0x897c41f0
bacdba80 00000000 bacdbad0 897c41f0 00000001 0x87188df0


STACK_COMMAND: kb

FOLLOWUP_IP:
vsdatant+35789
b7a11789 ?? ???

SYMBOL_STACK_INDEX: 5

SYMBOL_NAME: vsdatant+35789

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: vsdatant

IMAGE_NAME: vsdatant.sys

BUCKET_ID: WRONG_SYMBOLS

Followup: MachineOwner
---------

1: kd> lmvm nt
start end module name
804d7000 806e2000 nt T (no symbols)
Loaded symbol image file: ntoskrnl.exe
Image path: ntoskrnl.exe
Image name: ntoskrnl.exe
Timestamp: Wed Feb 28 03:38:53 2007 (45E53F9D)
CheckSum: 001F873F
ImageSize: 0020B000
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
1: kd> lmvm vsdatant
start end module name
b79dc000 b7a3b100 vsdatant T (no symbols)
Loaded symbol image file: vsdatant.sys
Image path: vsdatant.sys
Image name: vsdatant.sys
Timestamp: Fri Jun 29 19:57:54 2007 (46859C82)
CheckSum: 000606FF
ImageSize: 0005F100
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0

Thanks again.

[CCT]

http://www.annoyances.org/exec/forum/win2000/1086723085

[Terratoch]

Thanks someone said the problem may be virus related and I wanted to attack it from every angle. Could the problem be related to my new CD/DVD RW Drive? It is a SATA drive: LITE-ON DVDRW LH-20A1S. Looking in I just found something interesting. It was mentioned that the problem may be related to an IRQ Conflict between my video card and the USB ports. I checked but the video card shows IRQ 16, and it does not share it with... anything that I could find. However, in the device manager, it shows my NVIDIA nForce 590/570/550 Serial ATA Controller on IRQ 22, which is the same IRQ as the Standard Enhanced PCI USB Host Controller. I will submit a screenshot. I really have no idea what I'm talking about, I'm just providing all the information I can find and hoping that a solution can be devised from what I am finding. In case it helps, my motherboard is an ASUS M2N32-SLI Deluxe Wireless Edition Socket AM2 NVIDIA nForce 590 SLI MCP ATX AMD Motherboard, my Processor is an AMD Athlon 64 X2 5200+ Windsor 2.6GHz 2 x 1MB L2 Cache Socket AM2 Processor and my video card is an ASUS EN7950GT/HTDP/512M GeForce 7950GT 512MB 256-bit GDDR3 PCI Express x16 HDCP Splendid Video Card. In looking at everything, I see a bunch of IRQ that are the same. I have no idea what this means, or how to fix it. Any and all help in resolving this will be much appreciated. And the newest error message that I found is: A Wait Operation, Attach Process, or Yield was attempted from a DPC Routine. Another solution attempt I tried was using ForceASPI. I have since removed it, if this was a mistake, please let me know so I can re-do it.
Here is the screenshot with all the information that I believe was relevant, and that could fit.

[NooNoo]

With the best will in the world, you are over thinking this.

The screen shot gives very little useful information. The full stop error, however would be very useful.


Since vsdatant.sys is part of zone alarm firewall have you thought about disabling zone alarm and trying to reproduce the BSOD?
Have you looked to see if there are any updates/patches for your version of ZA?
Have you checked the event viewer?

[Terratoch]

I removed Zone Alarm, and that got rid of the old error message, but then I got a new one:

Microsoft (R) Windows Debugger Version 6.7.0005.1
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini071107-02.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: *** Invalid ***
************************************************** **************************
* Symbol loading may be unreliable without a symbol search path. *
* Use .symfix to have the debugger choose a symbol path. *
* After setting your symbol path, use .reload to refresh symbol locations. *
************************************************** **************************
Executable search path is:
************************************************** *******************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
************************************************** *******************
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055c700
Debug session time: Wed Jul 11 02:36:25.328 2007 (GMT-4)
System Uptime: 0 days 1:04:25.936
************************************************** *******************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
************************************************** *******************
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Loading Kernel Symbols
.................................................. .................................................. .........................
Loading User Symbols
Loading unloaded module list
.......................
************************************************** *****************************
* *
* Bugcheck Analysis *
* *
************************************************** *****************************

Use !analyze -v to get detailed debugging information.

BugCheck B8, {0, 0, 0, 0}

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

*** WARNING: Unable to verify timestamp for hal.dll
*** ERROR: Module load completed but symbols could not be loaded for hal.dll
*** WARNING: Unable to verify timestamp for tcpip.sys
*** ERROR: Module load completed but symbols could not be loaded for tcpip.sys
Probably caused by : tcpip.sys ( tcpip+8247 )

Followup: MachineOwner
---------

1: kd> !analyze -v
************************************************** *****************************
* *
* Bugcheck Analysis *
* *
************************************************** *****************************

ATTEMPTED_SWITCH_FROM_DPC (b8)
A wait operation, attach process, or yield was attempted from a DPC routine.
This is an illegal operation and the stack track will lead to the offending
code and original DPC routine.
Arguments:
Arg1: 00000000, Original thread which is the cause of the failure
Arg2: 00000000, New thread
Arg3: 00000000, Stack address of the original thread
Arg4: 00000000

Debugging Details:
------------------

***** Kernel symbols are WRONG. Please fix symbols to do analysis.


MODULE_NAME: tcpip

FAULTING_MODULE: 804d7000 nt

DEBUG_FLR_IMAGE_TIMESTAMP: 444775d3

CUSTOMER_CRASH_COUNT: 2

DEFAULT_BUCKET_ID: WRONG_SYMBOLS

BUGCHECK_STR: 0xB8

LAST_CONTROL_TRANSFER: from 80544e9b to 804f9dc6

STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
bacd7bc0 80544e9b 000000b8 ffffffff 00000202 nt+0x22dc6
bacd7be8 806e484f badb0d00 00000004 8977b5f0 nt+0x6de9b
bacd7c7c b749b247 89990348 8055b0a0 00000000 hal+0x284f
bacd7c9c b749b560 00000002 00000002 00000000 tcpip+0x8247
bacd7d18 b74933ec b74dbb38 00000000 bab38980 tcpip+0x8560
bacd7d28 805450bf b74dbb48 b74dbb38 cdbf4be2 tcpip+0x3ec
bacd7d2c b74dbb48 b74dbb38 cdbf4be2 01c7c385 nt+0x6e0bf
bacd7d30 b74dbb38 cdbf4be2 01c7c385 8055b0a0 tcpip+0x48b48
bacd7d34 cdbf4be2 01c7c385 8055b0a0 bab3ae20 tcpip+0x48b38
bacd7d38 01c7c385 8055b0a0 bab3ae20 bab38c50 0xcdbf4be2
bacd7d3c 8055b0a0 bab3ae20 bab38c50 00000000 0x1c7c385
bacd7d40 bab3ae20 bab38c50 00000000 bab3ae20 nt+0x840a0
bacd7d44 bab38c50 00000000 bab3ae20 80544fa4 0xbab3ae20
bacd7d48 00000000 bab3ae20 80544fa4 00000000 0xbab38c50


STACK_COMMAND: kb

FOLLOWUP_IP:
tcpip+8247
b749b247 ?? ???

SYMBOL_STACK_INDEX: 3

FOLLOWUP_NAME: MachineOwner

IMAGE_NAME: tcpip.sys

SYMBOL_NAME: tcpip+8247

BUCKET_ID: WRONG_SYMBOLS

Followup: MachineOwner
---------

1: kd> lmvm tcpip
start end module name
b7493000 b74ead80 tcpip T (no symbols)
Loaded symbol image file: tcpip.sys
Image path: tcpip.sys
Image name: tcpip.sys
Timestamp: Thu Apr 20 07:51:47 2006 (444775D3)
CheckSum: 0005F865
ImageSize: 00057D80
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
1: kd> lmvm nt
start end module name
804d7000 806e2000 nt T (no symbols)
Loaded symbol image file: ntoskrnl.exe
Image path: ntoskrnl.exe
Image name: ntoskrnl.exe
Timestamp: Wed Feb 28 03:38:53 2007 (45E53F9D)
CheckSum: 001F873F
ImageSize: 0020B000
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
That is 90% greek to me.
This came when I alt-tabbed out of the game with Firefox up. I also went into my machine and tinkered around a bit, and learned that two of the cases USB ports were not plugged into the motherboard. I had opened it with the intention of unplugging them to see if that would help at all, but since this was already the case, I plugged them back in and moved my USB Mouse and Keyboard to the front two USB ports.

[NooNoo]

Either your ethernet card is dying or the driver is corrupt - start with a new driver.

[Terratoch]

i sincerely hope not this motherboard is brand new. I will try a new driver, but it has 2 ethernet ports.

[NooNoo]

Make and model of motherboard?

[Terratoch]

ASUS M2N32-SLI Deluxe Wireless Edition Socket AM2 NVIDIA nForce 590 SLI MCP ATX AMD Motherboard

[Terratoch]

Do you know what this 1394 Net Adapter is? Could that be causing the problem?

[NooNoo]

drivers are here

[Terratoch]

I will try them out. Thanks very much for all the assistance.