Jump to content
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble

MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, register and become a site sponsor/subscriber and ads will be disabled automatically. 


Sign in to follow this  
seamus151

BDSOD Stop Error 0X000000F4

Recommended Posts

I have 8 computers that have BSOD every morning I come into work. I thought maybe it was LANDesk's Inventory Scanner that was causing it. I found on each machine a event id of 17 "Inventory Scanner and the following info of "LDIScn32: bind failed." So I ran a manual inventory scanner with no problems.

I ran a chkdsk /f /r with the following results

Checking file system on C:

The type of the file system is NTFS.

A disk check has been scheduled.

Windows will now check the disk.

Cleaning up minor inconsistencies on the drive.

Cleaning up 114 unused index entries from index $SII of file 0x9.

Cleaning up 114 unused index entries from index $SDH of file 0x9.

Cleaning up 114 unused security descriptors.

CHKDSK is verifying file data (stage 4 of 5)...

File data verification completed.

CHKDSK is verifying free space (stage 5 of 5)...

Free space verification is complete.

CHKDSK discovered free space marked as allocated in the

master file table (MFT) bitmap.

Windows has made corrections to the file system.

156199994 KB total disk space.

11921588 KB in 36716 files.

11084 KB in 3930 indexes.

0 KB in bad sectors.

112578 KB in use by the system.

65536 KB occupied by the log file.

144154744 KB available on disk.

4096 bytes in each allocation unit.

39049998 total allocation units on disk.

36038686 allocation units available on disk.

Internal Info:

70 a1 00 00 d0 9e 00 00 f3 c4 00 00 00 00 00 00 p...............

63 00 00 00 02 00 00 00 b1 03 00 00 00 00 00 00 c...............

20 16 21 03 00 00 00 00 be d4 01 16 00 00 00 00 .!.............

2a fc a8 03 00 00 00 00 9c 82 c2 ff 00 00 00 00 *...............

d0 34 ba db 05 00 00 00 18 13 15 ff 06 00 00 00 .4..............

f0 b6 01 ca 00 00 00 00 90 38 07 00 6c 8f 00 00 .........8..l...

00 00 00 00 00 d0 a2 d7 02 00 00 00 5a 0f 00 00 ............Z...

I checked the minidump file and this is what it contained:

Opened log file 'c:\debuglog.txt'

0: kd> .sympath srv*c:\symbols*http://msdl.microsoft.com/download/symbols

Symbol search path is: srv*c:\symbols*http://msdl.microsoft.com/download/symbols

0: kd> .reload;!analyze -v;r;kv;lmnt;.logclose;q

Loading Kernel Symbols

....................................................................................................

.............................

Loading User Symbols

Loading unloaded module list

..................

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************

CRITICAL_OBJECT_TERMINATION (f4)

A process or thread crucial to system operation has unexpectedly exited or been

terminated.

Several processes and threads are necessary for the operation of the

system; when they are terminated (for any reason), the system can no

longer function.

Arguments:

Arg1: 00000003, Process

Arg2: 86340da0, Terminating object

Arg3: 86340f14, Process image file name

Arg4: 805d13b6, Explanatory message (ascii)

Debugging Details:

------------------

Unable to load image SYMEVENT.SYS, Win32 error 0n2

*** WARNING: Unable to verify timestamp for SYMEVENT.SYS

*** ERROR: Module load completed but symbols could not be loaded for SYMEVENT.SYS

PROCESS_OBJECT: 86340da0

IMAGE_NAME: csrss.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 0

MODULE_NAME: csrss

FAULTING_MODULE: 00000000

PROCESS_NAME: csrss.exe

EXCEPTION_CODE: (NTSTATUS) 0xc0000006 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The required data was not placed into memory because of an I/O error status of "0x%08lx".

BUGCHECK_STR: 0xF4_IOERR

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

STACK_TEXT:

f76f149c 805d055d 000000f4 00000003 86340da0 nt!KeBugCheckEx+0x1b

f76f14c0 805d1461 805d13b6 86340da0 86340f14 nt!PspCatchCriticalBreak+0x75

f76f14f0 a9c9d175 86340fe8 c0000006 86035b18 nt!NtTerminateProcess+0x7d

WARNING: Stack unwind information not available. Following frames may be wrong.

f76f1574 805409ac ffffffff c0000006 f76f19b0 SYMEVENT+0x12175

f76f1574 f76f19d8 ffffffff c0000006 f76f19b0 nt!KiFastCallEntry+0xfc

05c80030 00000000 00000000 00000000 00000000 0xf76f19d8

STACK_COMMAND: kb

FOLLOWUP_NAME: MachineOwner

FAILURE_BUCKET_ID: 0xF4_IOERR_IMAGE_csrss.exe

BUCKET_ID: 0xF4_IOERR_IMAGE_csrss.exe

Followup: MachineOwner

---------

eax=ffdff13c ebx=86340da0 ecx=00000000 edx=00000000 esi=86340da0 edi=85ab5998

eip=804f9f13 esp=f76f1484 ebp=f76f149c iopl=0 nv up ei ng nz na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000286

nt!KeBugCheckEx+0x1b:

804f9f13 5d pop ebp

ChildEBP RetAddr Args to Child

f76f149c 805d055d 000000f4 00000003 86340da0 nt!KeBugCheckEx+0x1b (FPO: [Non-Fpo])

f76f14c0 805d1461 805d13b6 86340da0 86340f14 nt!PspCatchCriticalBreak+0x75 (FPO: [Non-Fpo])

f76f14f0 a9c9d175 86340fe8 c0000006 86035b18 nt!NtTerminateProcess+0x7d (FPO: [Non-Fpo])

WARNING: Stack unwind information not available. Following frames may be wrong.

f76f1574 805409ac ffffffff c0000006 f76f19b0 SYMEVENT+0x12175

f76f1574 f76f19d8 ffffffff c0000006 f76f19b0 nt!KiFastCallEntry+0xfc (FPO: [0,0] TrapFrame @ f76f1574)

05c80030 00000000 00000000 00000000 00000000 0xf76f19d8

start end module name

804d7000 806e2000 nt ntkrpamp.exe Wed Feb 28 04:15:54 2007 (45E5484A)

806e2000 80702d00 hal halmacpi.dll Wed Aug 04 01:59:09 2004 (41107B2D)

a85d7000 a85e9720 naveng naveng.sys Thu Feb 28 20:21:51 2008 (47C75E2F)

a85ea000 a86c2f80 navex15 navex15.sys Thu Feb 28 20:20:50 2008 (47C75DF2)

a86c3000 a86e6000 Fastfat Fastfat.SYS Wed Aug 04 02:14:15 2004 (41107EB7)

a9005000 a9056480 srv srv.sys Mon Aug 14 06:34:39 2006 (44E051BF)

a934f000 a937ad80 mrxdav mrxdav.sys Tue Dec 18 04:51:33 2007 (47679825)

a976b000 a976e900 ndisuio ndisuio.sys Fri Aug 18 05:36:45 2006 (44E58A2D)

a987b000 a9892480 dump_atapi dump_atapi.sys Wed Aug 04 01:59:41 2004 (41107B4D)

a9893000 a98b6000 RVG6USB RVG6USB.sys Tue Oct 03 10:24:52 2006 (452272B4)

a98de000 a98fc000 EraserUtilRebootDrv EraserUtilRebootDrv.sys Thu Jan 17 21:44:27 2008 (4790128B)

a98fc000 a995c000 eeCtrl eeCtrl.sys Thu Jan 17 21:44:27 2008 (4790128B)

a995c000 a99caa80 mrxsmb mrxsmb.sys Tue Jun 20 04:50:24 2006 (4497B6D0)

a99cb000 a99f5a00 rdbss rdbss.sys Fri May 05 05:47:55 2006 (445B1F4B)

a99f6000 a9a58000 SPBBCDrv SPBBCDrv.sys Wed Jan 10 19:09:29 2007 (45A58039)

a9a58000 a9a79d00 afd afd.sys Wed Aug 04 02:14:13 2004 (41107EB5)

a9a7a000 a9aa1c00 netbt netbt.sys Wed Aug 04 02:14:36 2004 (41107ECC)

a9aa2000 a9add000 SYMTDI SYMTDI.SYS Mon Feb 12 20:10:06 2007 (45D10FEE)

a9add000 a9b34e80 tcpip tcpip.sys Tue Oct 30 13:20:52 2007 (472767F4)

a9b35000 a9b47400 ipsec ipsec.sys Wed Aug 04 02:14:27 2004 (41107EC3)

a9c77000 a9c8b000 Savrtpel Savrtpel.sys Wed Sep 06 17:26:26 2006 (44FF3D02)

a9c8b000 a9cad000 SYMEVENT SYMEVENT.SYS Tue Nov 07 22:38:37 2006 (4551513D)

a9cad000 a9d05000 savrt savrt.sys Wed Sep 06 17:26:23 2006 (44FF3CFF)

a9ebd000 a9f1cf00 Senfilt Senfilt.sys Mon Mar 13 12:40:28 2006 (4415A07C)

a9f1d000 a9f3e700 portcls portcls.sys Tue Mar 16 14:58:17 2004 (40574E49)

a9f3f000 a9f7f000 ADIHdAud ADIHdAud.sys Wed Jul 05 16:08:26 2006 (44AC1C3A)

bf000000 bf011580 dxg dxg.sys Wed Aug 04 02:00:51 2004 (41107B93)

bf012000 bf024000 igxprd32 igxprd32.dll Fri Oct 06 17:23:30 2006 (4526C952)

bf024000 bf04d000 igxpgd32 igxpgd32.dll Fri Oct 06 17:23:20 2006 (4526C948)

bf04d000 bf1ad420 igxpdv32 igxpdv32.DLL Fri Oct 06 17:22:52 2006 (4526C92C)

bf1ae000 bf3e1000 igxpdx32 igxpdx32.DLL Fri Oct 06 17:24:40 2006 (4526C998)

bf800000 bf9c2180 win32k win32k.sys Tue Apr 10 06:37:38 2007 (461B68F2)

bffa0000 bffe5c00 ATMFD ATMFD.DLL Wed Aug 04 03:56:56 2004 (411096C8)

f6f4b000 f6f4d900 Dxapi Dxapi.sys Fri Aug 17 16:53:19 2001 (3B7D843F)

f700b000 f7063e80 update update.sys Wed Sep 19 06:57:19 2007 (46F1008F)

f7068000 f706ba00 kbdhid kbdhid.sys Wed Aug 04 01:58:33 2004 (41107B09)

f7070000 f7073900 SMCLIB SMCLIB.SYS Fri Aug 17 16:50:56 2001 (3B7D83B0)

f707c000 f707e280 rasacd rasacd.sys Fri Aug 17 16:55:39 2001 (3B7D84CB)

f708c000 f70bc100 rdpdr rdpdr.sys Wed Aug 04 02:01:10 2004 (41107BA6)

f70bd000 f70cde00 psched psched.sys Wed Aug 04 02:04:16 2004 (41107C60)

f70ce000 f70e4680 ndiswan ndiswan.sys Wed Aug 04 02:14:30 2004 (41107EC6)

f70e5000 f7107680 ks ks.sys Wed Aug 04 02:15:20 2004 (41107EF8)

f7108000 f711b900 parport parport.sys Wed Aug 04 01:59:04 2004 (41107B28)

f711c000 f7147000 b57xp32 b57xp32.sys Wed Jun 06 15:50:59 2007 (46671023)

f7147000 f716d000 HDAudBus HDAudBus.sys Thu Aug 12 20:45:52 2004 (411C0F40)

f716d000 f7190080 USBPORT USBPORT.SYS Mon Oct 23 07:14:41 2006 (453CA421)

f7191000 f72b1880 igxpmp32 igxpmp32.sys Fri Oct 06 17:23:59 2006 (4526C96F)

f72b2000 f72c5f00 VIDEOPRT VIDEOPRT.SYS Thu Aug 03 10:02:07 2006 (44D201DF)

f731f000 f7339580 Mup Mup.sys Wed Aug 04 02:15:20 2004 (41107EF8)

f733a000 f7366a80 NDIS NDIS.sys Wed Aug 04 02:14:27 2004 (41107EC3)

f7367000 f73f3400 Ntfs Ntfs.sys Fri Feb 09 06:10:31 2007 (45CC56A7)

f73f4000 f740a780 KSecDD KSecDD.sys Wed Aug 04 01:59:45 2004 (41107B51)

f740b000 f741cf00 sr sr.sys Wed Aug 04 02:06:22 2004 (41107CDE)

f741d000 f743c780 fltMgr fltMgr.sys Mon Aug 21 05:14:57 2006 (44E97991)

f743d000 f7454800 SCSIPORT SCSIPORT.SYS Wed Aug 04 01:59:39 2004 (41107B4B)

f7455000 f746c480 atapi atapi.sys Wed Aug 04 01:59:41 2004 (41107B4D)

f746d000 f7492700 dmio dmio.sys Wed Aug 04 02:07:13 2004 (41107D11)

f7493000 f74b1880 ftdisk ftdisk.sys Fri Aug 17 16:52:41 2001 (3B7D8419)

f74b2000 f74c2a80 pci pci.sys Wed Aug 04 02:07:45 2004 (41107D31)

f74c3000 f74f0d80 ACPI ACPI.sys Wed Aug 04 02:07:35 2004 (41107D27)

f75f2000 f75fac00 isapnp isapnp.sys Fri Aug 17 16:58:01 2001 (3B7D8559)

f7602000 f760c500 MountMgr MountMgr.sys Wed Aug 04 01:58:29 2004 (41107B05)

f7612000 f761ec80 VolSnap VolSnap.sys Wed Aug 04 02:00:14 2004 (41107B6E)

f7622000 f762ae00 disk disk.sys Wed Aug 04 01:59:53 2004 (41107B59)

f7632000 f763e200 CLASSPNP CLASSPNP.SYS Wed Aug 04 02:14:26 2004 (41107EC2)

f7652000 f765f120 GKUPRO2D GKUPRO2D.sys Fri Jul 16 05:21:01 2004 (40F79DFD)

f7672000 f7681900 Cdfs Cdfs.SYS Wed Aug 04 02:14:09 2004 (41107EB1)

f7702000 f770ad00 intelppm intelppm.sys Wed Aug 04 01:59:19 2004 (41107B37)

f7712000 f7721d80 serial serial.sys Wed Aug 04 02:15:51 2004 (41107F17)

f7722000 f772c380 imapi imapi.sys Wed Aug 04 02:00:12 2004 (41107B6C)

f7732000 f773e180 cdrom cdrom.sys Wed Aug 04 01:59:52 2004 (41107B58)

f7742000 f7750080 redbook redbook.sys Wed Aug 04 01:59:34 2004 (41107B46)

f7752000 f775e880 rasl2tp rasl2tp.sys Wed Aug 04 02:14:21 2004 (41107EBD)

f7762000 f776c200 raspppoe raspppoe.sys Wed Aug 04 02:05:06 2004 (41107C92)

f7772000 f777dd00 raspptp raspptp.sys Wed Aug 04 02:14:26 2004 (41107EC2)

f7782000 f778a900 msgpc msgpc.sys Wed Aug 04 02:04:11 2004 (41107C5B)

f7792000 f779bf00 termdd termdd.sys Wed Aug 04 01:58:52 2004 (41107B1C)

f77a2000 f77b0780 usbhub usbhub.sys Mon Oct 23 07:14:42 2006 (453CA422)

f77b2000 f77bb480 NDProxy NDProxy.SYS Fri Aug 17 16:55:30 2001 (3B7D84C2)

f77d2000 f77e0b80 drmk drmk.sys Wed Aug 04 02:07:54 2004 (41107D3A)

f7812000 f781b000 HIDCLASS HIDCLASS.SYS Tue Oct 31 06:26:12 2006 (454724C4)

f7832000 f783a700 wanarp wanarp.sys Wed Aug 04 02:04:57 2004 (41107C89)

f7842000 f784a700 netbios netbios.sys Wed Aug 04 02:03:19 2004 (41107C27)

f7852000 f785d000 RVGFilter RVGFilter.SYS Fri Jun 16 09:06:03 2006 (4492ACBB)

f7862000 f786a880 Fips Fips.SYS Fri Aug 17 21:31:49 2001 (3B7DC585)

f7872000 f7878200 PCIIDEX PCIIDEX.SYS Wed Aug 04 01:59:40 2004 (41107B4C)

f787a000 f787e900 PartMgr PartMgr.sys Fri Aug 17 21:32:23 2001 (3B7DC5A7)

f7882000 f78891c0 cercsr6 cercsr6.sys Wed Dec 08 18:31:10 2004 (41B78EBE)

f792a000 f7930000 kbdclass kbdclass.sys Wed Aug 04 01:58:32 2004 (41107B08)

f7932000 f7937a00 mouclass mouclass.sys Wed Aug 04 01:58:32 2004 (41107B08)

f793a000 f793f080 usbuhci usbuhci.sys Mon Oct 23 07:14:42 2006 (453CA422)

f7942000 f7949600 usbehci usbehci.sys Mon Oct 23 07:14:40 2006 (453CA420)

f794a000 f7951100 UtcRs232 UtcRs232.sys Thu Nov 25 23:33:34 2004 (41A6B21E)

f7952000 f7956880 TDI TDI.SYS Wed Aug 04 02:07:47 2004 (41107D33)

f795a000 f795e580 ptilink ptilink.sys Fri Aug 17 16:49:53 2001 (3B7D8371)

f7962000 f7966080 raspti raspti.sys Fri Aug 17 16:55:32 2001 (3B7D84C4)

f796a000 f7970180 HIDPARSE HIDPARSE.SYS Wed Aug 04 02:08:15 2004 (41107D4F)

f798a000 f7990980 UTCUSB UTCUSB.sys Tue Nov 09 20:23:35 2004 (41916D97)

f7992000 f7997200 vga vga.sys Wed Aug 04 02:07:06 2004 (41107D0A)

f799a000 f79a1b80 usbccgp usbccgp.sys Wed Aug 04 02:08:45 2004 (41107D6D)

f79a2000 f79a6a80 Msfs Msfs.SYS Wed Aug 04 02:00:37 2004 (41107B85)

f79aa000 f79b1880 Npfs Npfs.SYS Wed Aug 04 02:00:38 2004 (41107B86)

f79d2000 f79d6500 watchdog watchdog.sys Wed Aug 04 02:07:32 2004 (41107D24)

f7a02000 f7a05000 BOOTVID BOOTVID.dll Fri Aug 17 16:49:09 2001 (3B7D8345)

f7a8e000 f7a90580 hidusb hidusb.sys Fri Aug 17 17:02:16 2001 (3B7D8658)

f7a96000 f7a98f80 mouhid mouhid.sys Fri Aug 17 16:47:57 2001 (3B7D82FD)

f7a9a000 f7a9ce80 ldblank ldblank.sys Tue Jun 21 12:32:04 2005 (42B84104)

f7a9e000 f7aa1c80 serenum serenum.sys Wed Aug 04 01:59:06 2004 (41107B2A)

f7aa6000 f7aa8580 ndistapi ndistapi.sys Fri Aug 17 16:55:29 2001 (3B7D84C1)

f7ac2000 f7ac5c80 mssmbios mssmbios.sys Wed Aug 04 02:07:47 2004 (41107D33)

f7af2000 f7af3b80 kdcom kdcom.dll Fri Aug 17 16:49:10 2001 (3B7D8346)

f7af4000 f7af5100 WMILIB WMILIB.SYS Fri Aug 17 17:07:23 2001 (3B7D878B)

f7af6000 f7af7700 dmload dmload.sys Fri Aug 17 16:58:15 2001 (3B7D8567)

f7b04000 f7b05300 kbstuff5 kbstuff5.sys Wed Nov 23 14:44:23 2005 (4384C697)

f7b06000 f7b07880 actrpcsc actrpcsc.sys Tue Sep 16 10:20:38 2003 (3F671C36)

f7b08000 f7b09100 swenum swenum.sys Wed Aug 04 01:58:41 2004 (41107B11)

f7b0a000 f7b0b280 USBD USBD.SYS Fri Aug 17 17:02:58 2001 (3B7D8682)

f7b10000 f7b11f00 Fs_Rec Fs_Rec.SYS Fri Aug 17 16:49:37 2001 (3B7D8361)

f7b12000 f7b13080 Beep Beep.SYS Fri Aug 17 16:47:33 2001 (3B7D82E5)

f7b14000 f7b15080 mnmdd mnmdd.SYS Fri Aug 17 16:57:28 2001 (3B7D8538)

f7b16000 f7b17080 RDPCDD RDPCDD.sys Fri Aug 17 16:46:56 2001 (3B7D82C0)

f7b1a000 f7b1b100 dump_WMILIB dump_WMILIB.SYS Fri Aug 17 17:07:23 2001 (3B7D878B)

f7b88000 f7b89a80 ParVdm ParVdm.SYS Fri Aug 17 16:49:49 2001 (3B7D836D)

f7bba000 f7bbad00 pciide pciide.sys Fri Aug 17 16:51:49 2001 (3B7D83E5)

f7c21000 f7c21b80 Null Null.SYS Fri Aug 17 16:47:39 2001 (3B7D82EB)

f7cc3000 f7cc3d00 dxgthk dxgthk.sys Fri Aug 17 16:53:12 2001 (3B7D8438)

f7cd1000 f7cd1840 idisw2km idisw2km.sys Wed Nov 23 14:45:10 2005 (4384C6C6)

f7ce2000 f7ce2d00 ldmirror ldmirror.sys Tue Jun 21 12:32:10 2005 (42B8410A)

f7ce3000 f7ce3e80 mirrorflt mirrorflt.sys Tue Jun 21 12:32:28 2005 (42B8411C)

f7ce4000 f7ce4c00 audstub audstub.sys Fri Aug 17 16:59:40 2001 (3B7D85BC)

Unloaded modules:

a8b09000 a8b1c000 naveng.sys

Timestamp: unavailable (00000000)

Checksum: 00000000

a8b1c000 a8bf5000 navex15.sys

Timestamp: unavailable (00000000)

Checksum: 00000000

a8d35000 a8d44000 sysaudio.sys

Timestamp: unavailable (00000000)

Checksum: 00000000

a88ec000 a8901000 wdmaud.sys

Timestamp: unavailable (00000000)

Checksum: 00000000

f7d32000 f7d33000 drmkaud.sys

Timestamp: unavailable (00000000)

Checksum: 00000000

a889e000 a88c9000 kmixer.sys

Timestamp: unavailable (00000000)

Checksum: 00000000

a88c9000 a88ec000 aec.sys

Timestamp: unavailable (00000000)

Checksum: 00000000

a89b9000 a89c6000 DMusic.sys

Timestamp: unavailable (00000000)

Checksum: 00000000

a8ef5000 a8f03000 swmidi.sys

Timestamp: unavailable (00000000)

Checksum: 00000000

f7b6e000 f7b70000 splitter.sys

Timestamp: unavailable (00000000)

Checksum: 00000000

a9b8b000 a9b9e000 naveng.sys

Timestamp: unavailable (00000000)

Checksum: 00000000

a9b9e000 a9c77000 navex15.sys

Timestamp: unavailable (00000000)

Checksum: 00000000

a9477000 a947b000 ACTR.SYS

Timestamp: unavailable (00000000)

Checksum: 00000000

a9b68000 a9b8b000 RVG6USB.sys

Timestamp: unavailable (00000000)

Checksum: 00000000

f7084000 f7088000 kbdhid.sys

Timestamp: unavailable (00000000)

Checksum: 00000000

f7822000 f782f000 i8042prt.SYS

Timestamp: unavailable (00000000)

Checksum: 00000000

f7982000 f7987000 Cdaudio.SYS

Timestamp: unavailable (00000000)

Checksum: 00000000

f7a86000 f7a89000 Sfloppy.SYS

Timestamp: unavailable (00000000)

Checksum: 00000000

Closing open log file c:\debuglog.txt

I changed it to Memory dump to see if I can obtain any further info over the weekend. I dont have much experience analyzing .dmp files but I noticed SYMEVENT.SYS from Symantec AV was showing up. Could this be the culprit?

Any help would be greatly appreciated.

Edited by seamus151

Share this post


Link to post
Share on other sites

Hard to say for sure without the dump file to actually poke and prod memory, but yes, if you see a driver load in csrss.exe and immediately after you see nt!TerminateProcess, it's very, VERY likely it's your culprit ;). It is also very old for a symevent.sys (Tue Nov 07 22:38:37 2006) - considering this binary gets updated every 4 - 6 months from symantec, you are likely at least 3 versions behind. Note that this binary is usually only upgraded on major version upgrades of their software, otherwise it is never updated (and it can get pretty buggy when you're that far behind).

You can get the latest symevent plus installation instructions here.

Share this post


Link to post
Share on other sites

"Hard to say for sure without the dump file to actually poke and prod memory"

Did I not get you the whole dump file? I included in the post the commands i used to get the file....

"Opened log file 'c:\debuglog.txt'

0: kd> .sympath srv*c:\symbols*http://msdl.microsoft.com/download/symbols

Symbol search path is: srv*c:\symbols*http://msdl.microsoft.com/download/symbols

0: kd> .reload;!analyze -v;r;kv;lmnt;.logclose;q

Loading Kernel Symbols"

Is there something more I can do in the dump file to show more info? I have attached the actual dump file to this message....from the last two days. I changed the .dmp extension to .txt. It wouldnt allow me to attach a .dmp file.

I am checking out that link you provided me now! Thanks for your help!

Mini030508_01.txt

Mini030608_01.txt

Edited by seamus151

Share this post


Link to post
Share on other sites
Did I not get you the whole dump file? I included in the post the commands i used to get the file....

I meant that without the actual file opened up in windbg on my box, I can't be 100% certain - but I am 95% certain :).

Generally, .dmp files are far too large to upload - you're better off using a file hosting service.

Good luck :)

Share this post


Link to post
Share on other sites

Well I have 3 more PC's that Blue Screened. I was wondering if I send you the full memory dump file if you would be able to analyze it and see if I what I am missing. I updated all the symevent.sys files but to no avail. I noticed after I updated the symevent.sys files that the LANDesk Inventory Scanner error that was in the event viewer went away...so I don't know if that was part of the problem or not. At least 10 of the 14 PC's are still up but they seem to blue screen randomly.

Share this post


Link to post
Share on other sites
Well I have 3 more PC's that Blue Screened. I was wondering if I send you the full memory dump file if you would be able to analyze it and see if I what I am missing. I updated all the symevent.sys files but to no avail. I noticed after I updated the symevent.sys files that the LANDesk Inventory Scanner error that was in the event viewer went away...so I don't know if that was part of the problem or not. At least 10 of the 14 PC's are still up but they seem to blue screen randomly.

Make one available somewhere and post the link here, and we'll have a look.

Share this post


Link to post
Share on other sites

Roger that, I appreciate it. I am hopefully headed over there now to get it. It's Sunday so I may not be able to get into the building. I might have to wait until Monday. But I will get it posted with a link ASAP. Thanks for your help.

Share this post


Link to post
Share on other sites

Okay...U werent kidding when U said a full memory dump file was big! Mine is almost 1gb...any ideas where I can host that file at so y'all can examine it?

Share this post


Link to post
Share on other sites
Okay...U werent kidding when U said a full memory dump file was big! Mine is almost 1gb...any ideas where I can host that file at so y'all can examine it?
Zip or Rar it up, and check your PM.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×