Solved

ntkrpamp.exe causing BSOD in SBS 2003

Posted on 2009-06-29
5
2,637 Views
Last Modified: 2013-12-12
Please find the results of the mini dump below.
This is SBS 2003 and it crashed almost  everyday (with different causes) This one is the recent one.
Can someone please advise :(

i have run         

!analyze -v;r;kv;lmtn


Event log:
Reason Code: 0x805000f
 Bug ID:
 Bugcheck String: 0x000000c2 (0x00000007, 0x0000121a, 0x00000000, 0x000ffff8)
 Comment: 0x000000c2 (0x00000007, 0x0000121a, 0x00000000, 0x000ffff8)

Microsoft (R) Windows Debugger Version 6.11.0001.404 X86

Copyright (c) Microsoft Corporation. All rights reserved.

 

 

Loading Dump File [c:\windows\minidump\Mini062909-01.dmp]

Mini Kernel Dump File: Only registers and stack trace are available

 

WARNING: Inaccessible path: 'c:\windows\i386'

Symbol search path is: srv*c:\symbols*http://msdl.microsoft.com/download/symbols

Executable search path is: c:\windows\i386

Windows Server 2003 Kernel Version 3790 (Service Pack 2) MP (2 procs) Free x86 compatible

Product: LanManNt, suite: SmallBusiness TerminalServer SmallBusinessRestricted SingleUserTS

Built by: 3790.srv03_sp2_gdr.090319-1204

Machine Name:

Kernel base = 0x80800000 PsLoadedModuleList = 0x808a6ea8

Debug session time: Mon Jun 29 23:35:00.655 2009 (GMT+12)

System Uptime: 5 days 13:37:54.324

Loading Kernel Symbols

...............................................................

.........................................

Loading User Symbols

Loading unloaded module list

.........

*******************************************************************************

*                                                                             *

*                        Bugcheck Analysis                                    *

*                                                                             *

*******************************************************************************

 

Use !analyze -v to get detailed debugging information.

 

BugCheck C2, {7, 121a, 0, ffff8}

 

Probably caused by : ntkrpamp.exe ( nt!ExFreePoolWithTag+477 )

 

Followup: MachineOwner

---------

 

1: kd> !analyze -v;r;kv;lmtn

*******************************************************************************

*                                                                             *

*                        Bugcheck Analysis                                    *

*                                                                             *

*******************************************************************************

 

BAD_POOL_CALLER (c2)

The current thread is making a bad pool request.  Typically this is at a bad IRQL level or double freeing the same allocation, etc.

Arguments:

Arg1: 00000007, Attempt to free pool which was already freed

Arg2: 0000121a, (reserved)

Arg3: 00000000, Memory contents of the pool block

Arg4: 000ffff8, Address of the block of pool being deallocated

 

Debugging Details:

------------------

 

 

BUGCHECK_STR:  0xc2_7

 

CUSTOMER_CRASH_COUNT:  1

 

DEFAULT_BUCKET_ID:  DRIVER_FAULT_SERVER_MINIDUMP

 

PROCESS_NAME:  System

 

CURRENT_IRQL:  0

 

LAST_CONTROL_TRANSFER:  from 808927bb to 80827c83

 

STACK_TEXT:  

b9bbead4 808927bb 000000c2 00000007 0000121a nt!KeBugCheckEx+0x1b

b9bbeb3c 8087c551 000ffff8 00000000 b9bbebbc nt!ExFreePoolWithTag+0x477

b9bbeb5c f7b4e18a 88900c60 b9bbebbc b9bbeb90 nt!ExDeleteResourceLite+0x3f

b9bbeb6c f7b84c27 88900c60 e3124980 f1a709a8 Ntfs!NtfsFreeEresource+0x6b

b9bbeb90 f7b4d212 884fbdc8 b9bbebbc b9bbebc6 Ntfs!NtfsDeleteFcb+0x4e

b9bbebe0 f7b821f9 884fbdc8 8aa277f8 f1a709a8 Ntfs!NtfsTeardownFromLcb+0x1e2

b9bbec38 f7b4f137 884fbdc8 f1a70a70 f1a70bf8 Ntfs!NtfsTeardownStructures+0x12c

b9bbec64 f7b8f0a9 884fbdc8 f1a70a70 f1a70bf8 Ntfs!NtfsDecrementCloseCounts+0xa9

b9bbecec f7b891d8 884fbdc8 f1a70a70 f1a709a8 Ntfs!NtfsCommonClose+0x3a1

b9bbed80 80880469 00000000 00000000 87b49858 Ntfs!NtfsFspClose+0xe2

b9bbedac 80949b7c 00000000 00000000 00000000 nt!ExpWorkerThread+0xeb

b9bbeddc 8088e092 8088037e 80000000 00000000 nt!PspSystemThreadStartup+0x2e

00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16

 

 

STACK_COMMAND:  kb

 

FOLLOWUP_IP: 

nt!ExFreePoolWithTag+477

808927bb ff75fc          push    dword ptr [ebp-4]

 

SYMBOL_STACK_INDEX:  1

 

SYMBOL_NAME:  nt!ExFreePoolWithTag+477

 

FOLLOWUP_NAME:  MachineOwner

 

MODULE_NAME: nt

 

IMAGE_NAME:  ntkrpamp.exe

 

DEBUG_FLR_IMAGE_TIMESTAMP:  49c21e56

 

FAILURE_BUCKET_ID:  0xc2_7_nt!ExFreePoolWithTag+477

 

BUCKET_ID:  0xc2_7_nt!ExFreePoolWithTag+477

 

Followup: MachineOwner

---------

 

eax=f772713c ebx=0000121a ecx=00000000 edx=000ffff8 esi=f7727120 edi=000001ff

eip=80827c83 esp=b9bbeabc ebp=b9bbead4 iopl=0         nv up ei ng nz na pe nc

cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00000286

nt!KeBugCheckEx+0x1b:

80827c83 5d              pop     ebp

ChildEBP RetAddr  Args to Child              

b9bbead4 808927bb 000000c2 00000007 0000121a nt!KeBugCheckEx+0x1b (FPO: [5,0,0])

b9bbeb3c 8087c551 000ffff8 00000000 b9bbebbc nt!ExFreePoolWithTag+0x477 (FPO: [2,16,4])

b9bbeb5c f7b4e18a 88900c60 b9bbebbc b9bbeb90 nt!ExDeleteResourceLite+0x3f (FPO: [1,3,4])

b9bbeb6c f7b84c27 88900c60 e3124980 f1a709a8 Ntfs!NtfsFreeEresource+0x6b (FPO: [1,0,4])

b9bbeb90 f7b4d212 884fbdc8 b9bbebbc b9bbebc6 Ntfs!NtfsDeleteFcb+0x4e (FPO: [3,3,4])

b9bbebe0 f7b821f9 884fbdc8 8aa277f8 f1a709a8 Ntfs!NtfsTeardownFromLcb+0x1e2 (FPO: [SEH])

b9bbec38 f7b4f137 884fbdc8 f1a70a70 f1a70bf8 Ntfs!NtfsTeardownStructures+0x12c (FPO: [SEH])

b9bbec64 f7b8f0a9 884fbdc8 f1a70a70 f1a70bf8 Ntfs!NtfsDecrementCloseCounts+0xa9 (FPO: [7,0,4])

b9bbecec f7b891d8 884fbdc8 f1a70a70 f1a709a8 Ntfs!NtfsCommonClose+0x3a1 (FPO: [SEH])

b9bbed80 80880469 00000000 00000000 87b49858 Ntfs!NtfsFspClose+0xe2 (FPO: [SEH])

b9bbedac 80949b7c 00000000 00000000 00000000 nt!ExpWorkerThread+0xeb (FPO: [1,5,0])

b9bbeddc 8088e092 8088037e 80000000 00000000 nt!PspSystemThreadStartup+0x2e (FPO: [SEH])

00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16

start    end        module name

80800000 80a5a000   nt       ntkrpamp.exe Thu Mar 19 23:28:38 2009 (49C21E56)

80a5a000 80a86000   hal      halmacpi.dll Sat Feb 17 18:48:26 2007 (45D6972A)

b8032000 b8068000   dump_adpAHCI dump_adpAHCI.sys Fri Jul 29 16:54:55 2005 (42E9B69F)

b8320000 b832a000   dump_scsiport dump_scsiport.sys Sat Feb 17 19:07:44 2007 (45D69BB0)

b8bee000 b8c19000   RDPWD    RDPWD.SYS    Sat Feb 17 18:44:38 2007 (45D69646)

b9d93000 b9d9e000   TDTCP    TDTCP.SYS    Sat Feb 17 18:44:32 2007 (45D69640)

b9dcb000 b9e1b000   HTTP     HTTP.sys     Sat Feb 17 19:28:12 2007 (45D6A07C)

b9fd3000 ba031000   srv      srv.sys      Fri Dec 12 00:35:59 2008 (4940FB1F)

ba059000 ba08c000   mrxdav   mrxdav.sys   Mon Dec 17 23:49:07 2007 (47665423)

ba328000 ba357e60   exifs    exifs.sys    Fri Aug 26 12:29:05 2005 (430E6251)

ba4ce000 ba4df000   Fips     Fips.SYS     Sat Feb 17 19:26:33 2007 (45D6A019)

ba4df000 ba51e000   klif     klif.sys     Wed Apr 01 23:46:17 2009 (49D345F9)

ba546000 ba5bc000   mrxsmb   mrxsmb.sys   Sat Sep 06 03:26:52 2008 (48C14FBC)

ba5bc000 ba5ec000   rdbss    rdbss.sys    Sat Feb 17 19:27:37 2007 (45D6A059)

ba5ec000 ba616000   afd      afd.sys      Fri Oct 17 04:44:36 2008 (48F76164)

ba616000 ba647000   netbt    netbt.sys    Sat Feb 17 19:28:57 2007 (45D6A0A9)

ba647000 ba6d7000   tcpip    tcpip.sys    Sat Jun 21 02:20:25 2008 (485BBCA9)

ba6d7000 ba6f0000   ipsec    ipsec.sys    Sat Feb 17 19:29:28 2007 (45D6A0C8)

ba72a000 ba75b680   UDFReadr UDFReadr.SYS Fri Feb 04 16:02:55 2005 (4202E5DF)

ba76e000 ba790780   DVDVRRdr_xp DVDVRRdr_xp.SYS Fri Feb 04 16:06:31 2005 (4202E6B7)

ba7a1000 ba7a4c00   mxopswd  mxopswd.sys  Thu Apr 07 10:05:23 2005 (42545D23)

ba7cb000 ba812280   cdudf_xp cdudf_xp.SYS Fri Feb 04 16:16:15 2005 (4202E8FF)

ba903000 ba90b000   rasacd   rasacd.sys   Tue Mar 25 20:11:50 2003 (3E800136)

ba90b000 ba912000   dxgthk   dxgthk.sys   Tue Mar 25 20:05:52 2003 (3E7FFFD0)

ba923000 ba93fb80   pwd_2k   pwd_2k.SYS   Fri Feb 04 15:49:47 2005 (4202E2CB)

ba988000 ba99d000   usbhub   usbhub.sys   Sat Feb 17 19:13:05 2007 (45D69CF1)

ba99d000 ba9fc000   update   update.sys   Tue May 29 00:15:16 2007 (465AC7D4)

ba9fc000 baa23000   ks       ks.sys       Sat Feb 17 19:30:40 2007 (45D6A110)

baa23000 baa5a000   rdpdr    rdpdr.sys    Sat Feb 17 18:51:00 2007 (45D697C4)

baa7a000 baa84000   Dxapi    Dxapi.sys    Tue Mar 25 20:06:01 2003 (3E7FFFD9)

baada000 baae7000   netbios  netbios.sys  Sat Feb 17 18:58:29 2007 (45D69985)

baaea000 baaf7000   wanarp   wanarp.sys   Sat Feb 17 18:59:17 2007 (45D699B5)

baafa000 bab0c000   raspptp  raspptp.sys  Sat Feb 17 19:29:20 2007 (45D6A0C0)

bab34000 bab4d000   ndiswan  ndiswan.sys  Sat Feb 17 19:29:22 2007 (45D6A0C2)

bab4d000 bab61000   rasl2tp  rasl2tp.sys  Sat Feb 17 19:29:02 2007 (45D6A0AE)

bab61000 bab79000   parport  parport.sys  Sat Feb 17 19:06:42 2007 (45D69B72)

bab79000 bab8e000   serial   serial.sys   Sat Feb 17 19:06:46 2007 (45D69B76)

bab8e000 babaa000   VIDEOPRT VIDEOPRT.SYS Sat Feb 17 19:10:30 2007 (45D69C56)

babaa000 baccf000   ati2mtag ati2mtag.sys Wed Apr 13 14:01:17 2005 (425C7D6D)

baccf000 bacf9000   USBPORT  USBPORT.SYS  Sat Feb 17 19:12:59 2007 (45D69CEB)

bacf9000 bad19500   b57xp32  b57xp32.sys  Wed Apr 06 11:38:30 2005 (42532176)

bf800000 bf9d0000   win32k   win32k.sys   Tue Feb 10 00:30:06 2009 (499013BE)

bf9d0000 bf9e7000   dxg      dxg.sys      Sat Feb 17 19:14:39 2007 (45D69D4F)

bf9e7000 bfa23000   ati2dvag ati2dvag.dll Wed Apr 13 14:01:39 2005 (425C7D83)

bfa23000 bfa55000   ati2cqag ati2cqag.dll Wed Apr 13 13:26:52 2005 (425C755C)

bfa55000 bfa87000   atikvmag atikvmag.dll Wed Apr 13 13:32:39 2005 (425C76B7)

f7215000 f723a000   fltmgr   fltmgr.sys   Sat Feb 17 18:51:08 2007 (45D697CC)

f723a000 f724d000   CLASSPNP CLASSPNP.SYS Sat Feb 17 19:28:16 2007 (45D6A080)

f724d000 f726c000   SCSIPORT SCSIPORT.SYS Sat Feb 17 19:28:41 2007 (45D6A099)

f726c000 f72a2000   adpAHCI  adpAHCI.sys  Fri Jul 29 16:54:55 2005 (42E9B69F)

f72a2000 f72bf000   atapi    atapi.sys    Sat Feb 17 19:07:34 2007 (45D69BA6)

f72bf000 f72e9000   volsnap  volsnap.sys  Sat Feb 17 19:08:23 2007 (45D69BD7)

f72e9000 f7315000   dmio     dmio.sys     Sat Feb 17 19:10:44 2007 (45D69C64)

f7315000 f733c000   ftdisk   ftdisk.sys   Sat Feb 17 19:08:05 2007 (45D69BC5)

f733c000 f7352000   pci      pci.sys      Sat Feb 17 18:59:03 2007 (45D699A7)

f7352000 f7386000   ACPI     ACPI.sys     Sat Feb 17 18:58:47 2007 (45D69997)

f7487000 f7490000   WMILIB   WMILIB.SYS   Tue Mar 25 20:13:00 2003 (3E80017C)

f7497000 f74a6000   isapnp   isapnp.sys   Sat Feb 17 18:58:57 2007 (45D699A1)

f74a7000 f74b4000   PCIIDEX  PCIIDEX.SYS  Sat Feb 17 19:07:32 2007 (45D69BA4)

f74b7000 f74c7000   MountMgr MountMgr.sys Sat Feb 17 19:05:35 2007 (45D69B2F)

f74c7000 f74d2000   PartMgr  PartMgr.sys  Sat Feb 17 19:29:25 2007 (45D6A0C5)

f74d7000 f74e7000   disk     disk.sys     Sat Feb 17 19:07:51 2007 (45D69BB7)

f74e7000 f74f3000   Dfs      Dfs.sys      Sat Feb 17 18:51:17 2007 (45D697D5)

f74f7000 f7501000   crcdisk  crcdisk.sys  Sat Feb 17 19:09:50 2007 (45D69C2E)

f7517000 f7522000   Msfs     Msfs.SYS     Sat Feb 17 18:50:33 2007 (45D697A9)

f7527000 f7533000   vga      vga.sys      Sat Feb 17 19:10:30 2007 (45D69C56)

f7537000 f7545000   NDProxy  NDProxy.SYS  Sat Feb 17 18:59:21 2007 (45D699B9)

f7547000 f7550000   ndistapi ndistapi.sys Sat Feb 17 18:59:19 2007 (45D699B7)

f7577000 f7586000   raspppoe raspppoe.sys Sat Feb 17 18:59:23 2007 (45D699BB)

f7587000 f7596000   intelppm intelppm.sys Sat Feb 17 18:48:30 2007 (45D6972E)

f7597000 f75a3000   USBSTOR  USBSTOR.SYS  Sat Feb 17 19:13:05 2007 (45D69CF1)

f75a7000 f75b1000   mouclass mouclass.sys Tue Mar 25 20:03:09 2003 (3E7FFF2D)

f75b7000 f75c0000   raspti   raspti.sys   Sat Feb 17 18:59:23 2007 (45D699BB)

f75c7000 f75d0000   watchdog watchdog.sys Sat Feb 17 19:11:45 2007 (45D69CA1)

f75d7000 f75e6000   termdd   termdd.sys   Sat Feb 17 18:44:32 2007 (45D69640)

f75e7000 f75f2000   TDI      TDI.SYS      Sat Feb 17 19:01:19 2007 (45D69A2F)

f75f7000 f7604000   Npfs     Npfs.SYS     Sat Feb 17 18:50:36 2007 (45D697AC)

f7607000 f7611000   serenum  serenum.sys  Sat Feb 17 19:06:44 2007 (45D69B74)

f7617000 f7622000   kbdclass kbdclass.sys Sat Feb 17 19:05:39 2007 (45D69B33)

f7657000 f7660000   mssmbios mssmbios.sys Sat Feb 17 18:59:12 2007 (45D699B0)

f7677000 f7682000   ptilink  ptilink.sys  Sat Feb 17 19:06:38 2007 (45D69B6E)

f76a7000 f76b5000   msgpc    msgpc.sys    Sat Feb 17 18:58:37 2007 (45D6998D)

f76b7000 f76c1d00   Cdr4_xp  Cdr4_xp.SYS  Fri Feb 04 16:06:35 2005 (4202E6BB)

f76e1000 f7707000   KSecDD   KSecDD.sys   Sat Feb 17 18:46:32 2007 (45D696B8)

f7707000 f770f000   kdcom    kdcom.dll    Tue Mar 25 20:08:00 2003 (3E800050)

f770f000 f7717000   BOOTVID  BOOTVID.dll  Tue Mar 25 20:07:58 2003 (3E80004E)

f7717000 f771e000   pciide   pciide.sys   Tue Mar 25 20:04:46 2003 (3E7FFF8E)

f771f000 f7726000   dmload   dmload.sys   Tue Mar 25 20:08:08 2003 (3E800058)

f772f000 f7735100   Cdralw2k Cdralw2k.SYS Fri Feb 04 16:09:29 2005 (4202E769)

f774f000 f7755b80   usbehci  usbehci.sys  Sat Feb 17 19:12:56 2007 (45D69CE8)

f7777000 f777f000   audstub  audstub.sys  Tue Mar 25 20:09:12 2003 (3E800098)

f777f000 f7787000   Fs_Rec   Fs_Rec.SYS   Tue Mar 25 20:08:36 2003 (3E800074)

f7787000 f778e000   Null     Null.SYS     Tue Mar 25 20:03:05 2003 (3E7FFF29)

f778f000 f7796000   Beep     Beep.SYS     Tue Mar 25 20:03:04 2003 (3E7FFF28)

f77a7000 f77ad300   HIDPARSE HIDPARSE.SYS Sat Feb 17 19:12:35 2007 (45D69CD3)

f77af000 f77b7000   mnmdd    mnmdd.SYS    Tue Mar 25 20:07:53 2003 (3E800049)

f77b7000 f77bf000   RDPCDD   RDPCDD.sys   Tue Mar 25 20:03:05 2003 (3E7FFF29)

f77ef000 f77f6000   parvdm   parvdm.sys   Tue Mar 25 20:03:49 2003 (3E7FFF55)

f77ff000 f7804180   usbuhci  usbuhci.sys  Sat Feb 17 19:13:02 2007 (45D69CEE)

f7827000 f7846000   Mup      Mup.sys      Sat Feb 17 19:27:41 2007 (45D6A05D)

f7846000 f7897000   aar81xx  aar81xx.sys  Wed Jul 04 05:17:05 2007 (468A8491)

f799f000 f79a0280   swenum   swenum.sys   Sat Feb 17 19:05:56 2007 (45D69B44)

f79ab000 f79ac580   USBD     USBD.SYS     Tue Mar 25 20:10:39 2003 (3E8000EF)

f7a10000 f7a4f000   NDIS     NDIS.sys     Sat Feb 17 19:28:49 2007 (45D6A0A1)

f7b4a000 f7bdf000   Ntfs     Ntfs.sys     Sat Feb 17 19:27:23 2007 (45D6A04B)

 

Unloaded modules:

ba863000 ba86d000   dump_scsipor

    Timestamp: unavailable (00000000)

    Checksum:  00000000

ba498000 ba4ce000   dump_adpAHCI

    Timestamp: unavailable (00000000)

    Checksum:  00000000

baaba000 baac8000   imapi.sys

    Timestamp: unavailable (00000000)

    Checksum:  00000000

ba5d8000 ba5ec000   redbook.sys

    Timestamp: unavailable (00000000)

    Checksum:  00000000

f7697000 f76a0000   kbdhid.sys

    Timestamp: unavailable (00000000)

    Checksum:  00000000

ba8c0000 ba8d3000   i8042prt.sys

    Timestamp: unavailable (00000000)

    Checksum:  00000000

ba92b000 ba940000   cdrom.sys

    Timestamp: unavailable (00000000)

    Checksum:  00000000

f7627000 f7631000   Flpydisk.SYS

    Timestamp: unavailable (00000000)

    Checksum:  00000000

f7647000 f7652000   Fdc.SYS 

    Timestamp: unavailable (00000000)

    Checksum:  00000000

Open in new window

0
Comment
Question by:TiffanyLee
  • 3
5 Comments
 
LVL 87

Expert Comment

by:rindi
ID: 24743758
If there are always different causes, one dump alone one give much to go by. Also, if that is the case, it is often a hardware issue, so I would test the RAM using memtest86+ and the harddisk (if it is a single disk and not a raid array) using the HD manufacturer's diagnostic utility. You'll find both on the UBCD:

http://ultimatebootcd.com

If the disks are part of a raid array, you would have to test each HD as a single disk using a non raid controller. Make sure you don't have the server running while a disk is absent.
0
 
LVL 12

Expert Comment

by:John Griffith
ID: 24937143

Hi -
The bugcheck = 0xc2 (0x7,,,) = attempt to free already freed memory;  probable cause listed as the NT Kernel.  Given the fact that the system was up for 5.5 days at BSOD time, NT being erroneously blamed simply b/c there are symbols to ID it, the 3rd parm = 0x0 (pool header contents zeroed indicating the pool may have already been freed),   and seeing drivers of varying age including a very new Kaspersky lead me to believe the BSODs may be software-related.
NT was named as the probable cause because the real culprit - a 3rd party driver probably called by NT -  is hiding under NT's expansive memory range and is not as easily identified as NT is.  The best way to help flush this driver out is to run the Driver Verifier.
If the d/v flags a driver  it will cause a BSOD.  If the flagged driver starts during boot-up, you will not be able to get back into Windows until the driver is dealt with or you restore the system to a time prior to enabling the driver verifier.  Please read over these KBs about the recovery process for Server 2003 as I usually handle Vista & Windows 7 -
Driver Verifier & Server 2003 - http://support.microsoft.com/kb/251233
D/V info - http://support.microsoft.com/kb/244617
 
Please bring up a cmd/DOS prompt and follow the instructions in the code box in this post -   http://www.techsupportforum.com/2110308-post3.html

I went through the entire loaded driver listing and found that KIS had the most recent timestamp - April 2009.  I don't know when this update was applied, but it may have precipitated the BSODs.
Other drivers dating back to 2005 are in need of updates - especially Adaptec (RAID), Broadcom Ethernet, ATI Video, etc...  The full list is in the code box below.  There is a good chance that the driver updates will calm the BSODs and the running of the driver verifier unnecessary.
Have a good weekend. . .
jcgriff2
 
0
 
LVL 12

Accepted Solution

by:
John Griffith earned 500 total points
ID: 24937575
My apologies... forgot the drivers in the code box.  The following s/b updated wherever possible -
bacf9000  b57xp32.sys  Wed Apr 06 11:38:30 2005 (42532176) - Broadcom Ethernet

			http://www.broadcom.com/support/ethernet_nic/faq_drivers.php
 

ba4df000  klif.sys     Wed Apr 01 23:46:17 2009 (49D345F9)  - KIS removal tool - 

			http://support.kaspersky.com/faq/?qid=208279463
 

f7846000  aar81xx.sys  Wed Jul 04 05:17:05 2007 (468A8491) - Adaptec RAID

f726c000  adpAHCI.sys  Fri Jul 29 16:54:55 2005 (42E9B69F)
 

ba99d000  update.sys   Tue May 29 00:15:16 2007 (465AC7D4) - this could be anything
 
 

bf9e7000  ati2dvag.dll Wed Apr 13 14:01:39 2005 (425C7D83) - ATI VISEO

babaa000  ati2mtag.sys Wed Apr 13 14:01:17 2005 (425C7D6D)

bfa55000  atikvmag.dll Wed Apr 13 13:32:39 2005 (425C76B7)

bfa23000  ati2cqag.dll Wed Apr 13 13:26:52 2005 (425C755C)
 

ba7a1000  mxopswd.sys  Thu Apr 07 10:05:23 2005 (42545D23) - Maxtor OneTouch
 
 

ba7cb000  cdudf_xp.SYS Fri Feb 04 16:16:15 2005 (4202E8FF)  ROXIO

f772f000  Cdralw2k.SYS Fri Feb 04 16:09:29 2005 (4202E769)

f76b7000  Cdr4_xp.SYS  Fri Feb 04 16:06:35 2005 (4202E6BB)

ba72a000  UDFReadr.SYS Fri Feb 04 16:02:55 2005 (4202E5DF)

ba923000  pwd_2k.SYS   Fri Feb 04 15:49:47 2005 (4202E2CB)

Open in new window

0
 

Author Comment

by:TiffanyLee
ID: 24947388
Thanks jcgriff2. Actually i have found the solution, but i forgot to close this topic. When i logged in to the server, there's a error message saying something like Maxtor has encountered an error which is mxopswd.sys  has caused the problem. So wat i did was to reinstall the driver for the Maxtor and it has no BSOD after that.  
Question: When you look at the minidump that i provided above, how can you tell which and which is the driver? I see that you have ba7a1000  mxopswd.sys  Thu Apr 07 10:05:23 2005 (42545D23) - Maxtor OneTouch as one of the suspected problem, how do you know?

0
 
LVL 12

Expert Comment

by:John Griffith
ID: 24951943
Hi -
The left number ba7a1000 is the beginning memory address for the driver for that BSOD.  I usually leave that one number there so I can differentiate this particular BSOD from another.  As for the driver itself and how I knew what it was or that it may be involved --- experience that I have been fortunate enough to learn by the processing of >> 100,000 dumps in the last 18 months.  Looking at these dumps so often, I have gotten to know which drivers should normally be there and their dates, those non-MS which are usually OK, and the ones that I have seen that cause BSODs.  Nothing is automated; it is all by eye-balling the drivers.
Not to say that I know anywhere near to everything....  I Google those that I cannot readily identify.  For example, the Adaptec RAID drivers were unfamiliar to me.
I wanted to thank you, too - for including the driver listing via the lmnt command on the debugger.  Most do not.  It helped me because I tend to look at BSODs from the software side first, unless a hardware failure is very evident.  Also, this was the first Server 2003 crash that I worked on as I usually handle Vista and Windows 7 BSODs  at my primary forum
I appreciate you coming back and posting the result.  Please do come back to EE again.
Regards. . .
jcgriff2
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

This article describes how to use the timestamp of existing data in a database to allow Tableau to calculate the prior work day instead of relying on case statements or if statements to calculate the days of the week.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
The viewer will learn how to set up a document for the web and print and the recommended PPI for printing.
The viewer will learn how to successfully download and install the SARDU utility on Windows 7, without downloading adware.

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now