Link to home
Create AccountLog in
Avatar of Mark Litin
Mark LitinFlag for United States of America

asked on

BSOD on XP-pro Code: 027, Kaspersky at fault?

Hi

A client has been plagued by a recurring BSOD either during or shortly after boot.

The analysis from the minidump is below.  I think I did this right...

If seems to me that a Kasperky-based file kltdi.sys is at fault, based on the dump analysis, but I can't see how, or what exactly to do other than removing the file.

Can anyone confirm my conclusions or add any additional input to clarify my approach to take care of this?  I'm not very experienced in dump analysis. Thanks so much.

The dump analysis is below and the dump file attached


file is attached

************************


Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [c:\Mini0513.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: c:\windows\symbols
Executable search path is: f:\I386
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 3) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720
Debug session time: Mon May 13 13:35:09.562 2013 (UTC - 5:00)
System Uptime: 0 days 0:02:55.218
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Loading Kernel Symbols
...............................................................
................................................................
.....
Loading User Symbols
Loading unloaded module list
...............
Unable to load image rdbss.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for rdbss.sys
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 27, {baad00a3, a7c01258, a7c00f54, 8a5a9b20}

*** WARNING: Unable to verify timestamp for mfetdik.sys
*** ERROR: Module load completed but symbols could not be loaded for mfetdik.sys
*** WARNING: Unable to verify timestamp for netbt.sys
*** WARNING: Unable to verify timestamp for mrxsmb.sys
Unable to load image nlem32nt.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for nlem32nt.sys
*** ERROR: Module load completed but symbols could not be loaded for nlem32nt.sys
Probably caused by : kltdi.sys ( kltdi+1391 )

Followup: MachineOwner
---------

1: kd> !analyze -y

Unknown option '-y'
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 27, {baad00a3, a7c01258, a7c00f54, 8a5a9b20}

Probably caused by : kltdi.sys ( kltdi+1391 )

Followup: MachineOwner
---------
Mini0513.dmp
ASKER CERTIFIED SOLUTION
Avatar of Rob Miners
Rob Miners
Flag of Australia image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of Mark Litin

ASKER

Thanks for the excellent observation and suggestions.  l'm surprised that Kaspersky would have permitted installation with another AV present.

I'll make these changes and write back.

Thanks!
I've requested that this question be closed as follows:

Accepted answer: 0 points for mlitin's comment #a39163361

for the following reason:

Thanks.  Evidently, Kaspersky allowed itself to be installed with remnants of McAfee still there.  I removed Kaspersky and renamed the MacAfee file, and all was better.

Thanks for the tip.
Kaspersky and McAfee remnant were in fact the bad guys.

Thanks for the the tip!
Your welcome and it's good to see that your up and running :)