BSOD on XP-pro Code: 027, Kaspersky at fault?
Hi
A client has been plagued by a recurring BSOD either during or shortly after boot.
The analysis from the minidump is below. I think I did this right...
If seems to me that a Kasperky-based file kltdi.sys is at fault, based on the dump analysis, but I can't see how, or what exactly to do other than removing the file.
Can anyone confirm my conclusions or add any additional input to clarify my approach to take care of this? I'm not very experienced in dump analysis. Thanks so much.
The dump analysis is below and the dump file attached
file is attached
************************
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [c:\Mini0513.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: c:\windows\symbols
Executable search path is: f:\I386
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 3) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720
Debug session time: Mon May 13 13:35:09.562 2013 (UTC - 5:00)
System Uptime: 0 days 0:02:55.218
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Loading Kernel Symbols
..........................
..........................
.....
Loading User Symbols
Loading unloaded module list
...............
Unable to load image rdbss.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for rdbss.sys
**************************
* *
* Bugcheck Analysis *
* *
**************************
Use !analyze -v to get detailed debugging information.
BugCheck 27, {baad00a3, a7c01258, a7c00f54, 8a5a9b20}
*** WARNING: Unable to verify timestamp for mfetdik.sys
*** ERROR: Module load completed but symbols could not be loaded for mfetdik.sys
*** WARNING: Unable to verify timestamp for netbt.sys
*** WARNING: Unable to verify timestamp for mrxsmb.sys
Unable to load image nlem32nt.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for nlem32nt.sys
*** ERROR: Module load completed but symbols could not be loaded for nlem32nt.sys
Probably caused by : kltdi.sys ( kltdi+1391 )
Followup: MachineOwner
---------
1: kd> !analyze -y
Unknown option '-y'
**************************
* *
* Bugcheck Analysis *
* *
**************************
Use !analyze -v to get detailed debugging information.
BugCheck 27, {baad00a3, a7c01258, a7c00f54, 8a5a9b20}
Probably caused by : kltdi.sys ( kltdi+1391 )
Followup: MachineOwner
---------
Mini0513.dmp
A client has been plagued by a recurring BSOD either during or shortly after boot.
The analysis from the minidump is below. I think I did this right...
If seems to me that a Kasperky-based file kltdi.sys is at fault, based on the dump analysis, but I can't see how, or what exactly to do other than removing the file.
Can anyone confirm my conclusions or add any additional input to clarify my approach to take care of this? I'm not very experienced in dump analysis. Thanks so much.
The dump analysis is below and the dump file attached
file is attached
************************
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [c:\Mini0513.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: c:\windows\symbols
Executable search path is: f:\I386
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 3) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720
Debug session time: Mon May 13 13:35:09.562 2013 (UTC - 5:00)
System Uptime: 0 days 0:02:55.218
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Loading Kernel Symbols
..........................
..........................
.....
Loading User Symbols
Loading unloaded module list
...............
Unable to load image rdbss.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for rdbss.sys
**************************
* *
* Bugcheck Analysis *
* *
**************************
Use !analyze -v to get detailed debugging information.
BugCheck 27, {baad00a3, a7c01258, a7c00f54, 8a5a9b20}
*** WARNING: Unable to verify timestamp for mfetdik.sys
*** ERROR: Module load completed but symbols could not be loaded for mfetdik.sys
*** WARNING: Unable to verify timestamp for netbt.sys
*** WARNING: Unable to verify timestamp for mrxsmb.sys
Unable to load image nlem32nt.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for nlem32nt.sys
*** ERROR: Module load completed but symbols could not be loaded for nlem32nt.sys
Probably caused by : kltdi.sys ( kltdi+1391 )
Followup: MachineOwner
---------
1: kd> !analyze -y
Unknown option '-y'
**************************
* *
* Bugcheck Analysis *
* *
**************************
Use !analyze -v to get detailed debugging information.
BugCheck 27, {baad00a3, a7c01258, a7c00f54, 8a5a9b20}
Probably caused by : kltdi.sys ( kltdi+1391 )
Followup: MachineOwner
---------
Mini0513.dmp
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I've requested that this question be closed as follows:
Accepted answer: 0 points for mlitin's comment #a39163361
for the following reason:
Thanks. Evidently, Kaspersky allowed itself to be installed with remnants of McAfee still there. I removed Kaspersky and renamed the MacAfee file, and all was better.
Thanks for the tip.
Accepted answer: 0 points for mlitin's comment #a39163361
for the following reason:
Thanks. Evidently, Kaspersky allowed itself to be installed with remnants of McAfee still there. I removed Kaspersky and renamed the MacAfee file, and all was better.
Thanks for the tip.
ASKER
Kaspersky and McAfee remnant were in fact the bad guys.
Thanks for the the tip!
Thanks for the the tip!
Your welcome and it's good to see that your up and running :)
ASKER
I'll make these changes and write back.
Thanks!