Machine gets BSOD, and reboots.
-
Machine gets BSOD, and reboots.
Hi all.
2 things:
1) I wanted to know if it is possible to change the limit of the concurrent
incomplete connections.
2) Is there any way/tool with which I could close a specific connection?
(What I mean is that I'd like to do netstat and then select a connection, by ip+port, and disconnect it. using PID is not good because some programs create a lot of connections).
This is the BSOD info:
------------------------------------
Product: Windows Operating System
Event ID: 4226
Source: Tcpip
Version: 5.2
Symbolic Name: EVENT_TCPIP_TCP_CONNECT_LIMIT_REACHED
Message: TCP/IP has reached the security limit imposed on the number of concurrent (incomplete) TCP connect attempts.
------------------------------------
TIA.
-
I get that all the time in EventViewer but do not get a BSoD
:weird:
For a BSoD you need to follow this following procedure (courtesy of Jephree):
In order to get details please do the following:
Go to start | search (type in) .dmp
Note the location of your .dmp files.
If there are no .dmp files then Search for: minidump
Remember this location and the path that leads to it.
(OR my way is Goto C:\WINDOWS and then search for Minidump and if it has files in it)
Then:
1) Download and install the
Debugging Tool from Microsoft
All you need do is download and install this. Make no attempt to start or run it.
2) Download and install this
debugwiz
This is a DOS based batch file that will command the above Microsoft Tools.
3) Open the Wiz & Browse to, or paste in the path to, your .dmp file.
4) After the Wiz creates a Text document attach it back to this thread.
If you are looking for links on how to interpret this data for yourself try here first:
http://www.wd-3.com/archive/registercontext.htm
Last edited by Kazna3; 31-10-2006 at 08:49 AM.
-
Hi.
I tried the wizard - let it ran more than an hour got only the log's header.
I ran what I so in the "Advanced" line (!analyze -v;r;kv;lmtn) in the wizard in the windbg:
--------------- Output Copy&Paste from windbg --------------
Microsoft (R) Windows Debugger Version 6.6.0007.5
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\WINDOWS\MEMORY.DMP]
Kernel Complete Dump File: Full address space is available
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: C:\WINDOWS;C:\WINDOWS\system32;C:\WINDOWS\system32 \drivers
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrnlmp.exe -
Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_gdr.050301-1519
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805624a0
Debug session time: Wed Nov 1 18:59:49.968 2006 (GMT+2)
System Uptime: 0 days 17:31:59.667
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrnlmp.exe -
Loading Kernel Symbols
.................................................. .................................................. ....................
Loading User Symbols
Loading unloaded module list
.................
************************************************** *****************************
* *
* Bugcheck Analysis *
* *
************************************************** *****************************
Use !analyze -v to get detailed debugging information.
BugCheck C2, {7, cd4, 2060013, 81523548}
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
Processing initial command '!analyze -v;r;kv;lmtn'
*** ERROR: Module load completed but symbols could not be loaded for vsdatant.sys
************************************************** ***********************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!PVOID ***
*** ***
************************************************** ***********************
unable to get nt!MmSpecialPoolStart
unable to get nt!MmSpecialPoolEnd
************************************************** ***********************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_POOL_HEADER ***
*** ***
************************************************** ***********************
unable to get nt!MmPoolCodeStart
unable to get nt!MmPoolCodeEnd
************************************************** ***********************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_POOL_HEADER ***
*** ***
************************************************** ***********************
************************************************** ***********************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_POOL_TRACKER_BIG_PAGES ***
*** ***
************************************************** ***********************
Cannot get _POOL_TRACKER_BIG_PAGES type size
************************************************** ***********************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
************************************************** ***********************
************************************************** ***********************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
************************************************** ***********************
************************************************** ***********************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
************************************************** ***********************
************************************************** ***********************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
************************************************** ***********************
************************************************** ***********************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
************************************************** ***********************
Probably caused by : vsdatant.sys ( vsdatant+3e6e1 )
Followup: MachineOwner
---------
1: kd> !analyze -v;r;kv;lmtn
************************************************** *****************************
* *
* Bugcheck Analysis *
* *
************************************************** *****************************
BAD_POOL_CALLER (c2)
The current thread is making a bad pool request. Typically this is at a bad IRQL level or double freeing the same allocation, etc.
Arguments:
Arg1: 00000007, Attempt to free pool which was already freed
Arg2: 00000cd4, (reserved)
Arg3: 02060013, Memory contents of the pool block
Arg4: 81523548, Address of the block of pool being deallocated
Debugging Details:
------------------
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
************************************************** ***********************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_POOL_HEADER ***
*** ***
************************************************** ***********************
************************************************** ***********************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_POOL_HEADER ***
*** ***
************************************************** ***********************
************************************************** ***********************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_POOL_TRACKER_BIG_PAGES ***
*** ***
************************************************** ***********************
Cannot get _POOL_TRACKER_BIG_PAGES type size
************************************************** ***********************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
************************************************** ***********************
************************************************** ***********************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
************************************************** ***********************
************************************************** ***********************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
************************************************** ***********************
************************************************** ***********************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
************************************************** ***********************
************************************************** ***********************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
************************************************** ***********************
FAULTING_MODULE: 804d7000 nt
DEBUG_FLR_IMAGE_TIMESTAMP: 43798224
POOL_ADDRESS: 81523548
BUGCHECK_STR: 0xc2_7
DEFAULT_BUCKET_ID: WRONG_SYMBOLS
LAST_CONTROL_TRANSFER: from 80550fc5 to 805371aa
STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
f8964910 80550fc5 000000c2 00000007 00000cd4 nt!KeBugCheckEx+0x1b
f8964960 f647b417 81523548 00000000 f89649a8 nt!ExFreePool+0xbf1
f8964970 f647aca7 81689658 816896ec 816896ec tcpip!TCPClose+0x16
f89649a8 f63e36e1 82068030 81689658 f63e2fe1 tcpip!TCPDispatch+0x101
f89649b4 f63e2fe1 82068030 81689658 00000002 vsdatant+0x3e6e1
f89649e8 f63e3665 82068030 81689658 81689658 vsdatant+0x3dfe1
f8964a84 804ebe96 f8964aa4 0000000c ffdff538 vsdatant+0x3e665
00000000 00000000 00000000 00000000 00000000 nt!ExIsResourceAcquiredExclusiveLite+0x18a
STACK_COMMAND: kb
FOLLOWUP_IP:
vsdatant+3e6e1
f63e36e1 c20c00 ret 0Ch
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: vsdatant+3e6e1
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: vsdatant
IMAGE_NAME: vsdatant.sys
BUCKET_ID: WRONG_SYMBOLS
Followup: MachineOwner
---------
eax=f87c513c ebx=00000cd4 ecx=00000000 edx=81689658 esi=81523540 edi=816896ec
eip=805371aa esp=f89648f8 ebp=f8964910 iopl=0 nv up ei ng nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000286
nt!KeBugCheckEx+0x1b:
805371aa 5d pop ebp
ChildEBP RetAddr Args to Child
WARNING: Stack unwind information not available. Following frames may be wrong.
f8964910 80550fc5 000000c2 00000007 00000cd4 nt!KeBugCheckEx+0x1b
f8964960 f647b417 81523548 00000000 f89649a8 nt!ExFreePool+0xbf1
f8964970 f647aca7 81689658 816896ec 816896ec tcpip!TCPClose+0x16 (FPO: [Non-Fpo])
f89649a8 f63e36e1 82068030 81689658 f63e2fe1 tcpip!TCPDispatch+0x101 (FPO: [Non-Fpo])
f89649b4 f63e2fe1 82068030 81689658 00000002 vsdatant+0x3e6e1
f89649e8 f63e3665 82068030 81689658 81689658 vsdatant+0x3dfe1
f8964a84 804ebe96 f8964aa4 0000000c ffdff538 vsdatant+0x3e665
00000000 00000000 00000000 00000000 00000000 nt!ExIsResourceAcquiredExclusiveLite+0x18a
start end module name
804d7000 806fd000 nt ntkrnlmp.exe Wed Mar 02 02:57:27 2005 (42250F77)
806fd000 8071dd00 hal halmacpi.dll Wed Aug 04 07:59:09 2004 (41107B2D)
bf000000 bf011580 dxg dxg.sys Wed Aug 04 08:00:51 2004 (41107B93)
bf012000 bf3a3b80 nv4_disp nv4_disp.dll Tue Nov 30 22:54:05 2004 (41ACDDED)
bf800000 bf9c1100 win32k win32k.sys Thu Oct 06 02:05:44 2005 (43446A58)
f3329000 f3369280 HTTP HTTP.sys Fri Mar 17 02:33:09 2006 (441A03C5)
f3cca000 f3cd9900 Cdfs Cdfs.SYS Wed Aug 04 08:14:09 2004 (41107EB1)
f3e49000 f3e5d400 wdmaud wdmaud.sys Wed Jun 14 11:00:44 2006 (448FD03C)
f40b6000 f40d07c0 naiavf5x naiavf5x.sys Tue Nov 02 19:32:39 2004 (4187C4B7)
f4121000 f4143080 RDPWD RDPWD.SYS Fri Jun 10 01:52:39 2005 (42A8D647)
f41b4000 f41c2d80 sysaudio sysaudio.sys Wed Aug 04 08:15:54 2004 (41107F1A)
f4554000 f45a5480 srv srv.sys Mon Aug 14 12:34:39 2006 (44E051BF)
f45be000 f45c0b80 secdrv secdrv.sys Thu Nov 14 13:52:30 2002 (3DD38E7E)
f45ce000 f4649000 CVPNDRVA CVPNDRVA.sys Wed Aug 04 10:54:31 2004 (4110A447)
f4671000 f469d400 mrxdav mrxdav.sys Wed Aug 04 08:00:49 2004 (41107B91)
f50da000 f50dd280 ndisuio ndisuio.sys Wed Aug 04 08:03:10 2004 (41107C1E)
f6286000 f629d480 dump_atapi dump_atapi.sys Wed Aug 04 07:59:41 2004 (41107B4D)
f629e000 f62c1000 Fastfat Fastfat.SYS Wed Aug 04 08:14:15 2004 (41107EB7)
f62e9000 f6357a00 mrxsmb mrxsmb.sys Fri May 05 11:41:42 2006 (445B1DD6)
f6358000 f6382a00 rdbss rdbss.sys Fri May 05 11:47:55 2006 (445B1F4B)
f6383000 f63a4d00 afd afd.sys Wed Aug 04 08:14:13 2004 (41107EB5)
f63a5000 f63fe940 vsdatant vsdatant.sys Tue Nov 15 08:37:24 2005 (43798224)
f6427000 f644ec00 netbt netbt.sys Wed Aug 04 08:14:36 2004 (41107ECC)
f644f000 f646ff00 ipnat ipnat.sys Thu Sep 30 00:28:36 2004 (415B3714)
f6470000 f64c7d80 tcpip tcpip.sys Thu Apr 20 13:51:47 2006 (444775D3)
f64c8000 f64da400 ipsec ipsec.sys Wed Aug 04 08:14:27 2004 (41107EC3)
f7623000 f7656200 update update.sys Wed Aug 04 07:58:32 2004 (41107B08)
f7657000 f7687100 rdpdr rdpdr.sys Wed Aug 04 08:01:10 2004 (41107BA6)
f7688000 f7698e00 psched psched.sys Wed Aug 04 08:04:16 2004 (41107C60)
f7699000 f76af680 ndiswan ndiswan.sys Wed Aug 04 08:14:30 2004 (41107EC6)
f76b0000 f76ca160 dne2000 dne2000.sys Fri Jul 25 04:55:48 2003 (3F209C34)
f76cb000 f76e2800 SCSIPORT SCSIPORT.SYS Wed Aug 04 07:59:39 2004 (41107B4B)
f76e3000 f772d000 dtscsi dtscsi.sys Wed Nov 02 22:36:12 2005 (4369233C)
f772d000 f774fe80 USBPORT USBPORT.SYS Wed Aug 04 08:08:34 2004 (41107D62)
f7750000 f7773980 portcls portcls.sys Wed Aug 04 08:15:47 2004 (41107F13)
f7774000 f7801300 smwdm smwdm.sys Fri Aug 29 21:08:57 2003 (3F4FA4C9)
f783c000 f785e680 ks ks.sys Wed Aug 04 08:15:20 2004 (41107EF8)
f785f000 f7872800 parport parport.sys Wed Aug 04 07:59:04 2004 (41107B28)
f7873000 f7886780 VIDEOPRT VIDEOPRT.SYS Wed Aug 04 08:07:04 2004 (41107D08)
f7887000 f7b399e0 nv4_mini nv4_mini.sys Tue Nov 30 22:58:16 2004 (41ACDEE8)
f7b52000 f7b54900 Dxapi Dxapi.sys Fri Aug 17 22:53:19 2001 (3B7D843F)
f7bbb000 f7bc4f00 termdd termdd.sys Wed Aug 04 07:58:52 2004 (41107B1C)
f7bcb000 f7bd3900 msgpc msgpc.sys Wed Aug 04 08:04:11 2004 (41107C5B)
f7bdb000 f7be6d00 raspptp raspptp.sys Wed Aug 04 08:14:26 2004 (41107EC2)
f7beb000 f7bf5200 raspppoe raspppoe.sys Wed Aug 04 08:05:06 2004 (41107C92)
f7bfb000 f7c07880 rasl2tp rasl2tp.sys Wed Aug 04 08:14:21 2004 (41107EBD)
f7c2b000 f7c39b80 drmk drmk.sys Wed Aug 04 08:07:54 2004 (41107D3A)
f7c3b000 f7c48e80 redbook redbook.sys Wed Aug 04 07:59:34 2004 (41107B46)
f8227000 f822ac80 mssmbios mssmbios.sys Wed Aug 04 08:07:47 2004 (41107D33)
f8243000 f8245580 ndistapi ndistapi.sys Fri Aug 17 22:55:29 2001 (3B7D84C1)
f826f000 f8289580 Mup Mup.sys Wed Aug 04 08:15:20 2004 (41107EF8)
f828a000 f82b6a80 NDIS NDIS.sys Wed Aug 04 08:14:27 2004 (41107EC3)
f82b7000 f8343480 Ntfs Ntfs.sys Wed Aug 04 08:15:06 2004 (41107EEA)
f8344000 f835a780 KSecDD KSecDD.sys Wed Aug 04 07:59:45 2004 (41107B51)
f835b000 f836ce80 sr sr.sys Wed Aug 04 08:06:22 2004 (41107CDE)
f836d000 f838c780 fltMgr fltMgr.sys Mon Aug 21 11:14:57 2006 (44E97991)
f838d000 f83a4480 atapi atapi.sys Wed Aug 04 07:59:41 2004 (41107B4D)
f83a5000 f83ca780 dmio dmio.sys Wed Aug 04 08:07:13 2004 (41107D11)
f83cb000 f83e9880 ftdisk ftdisk.sys Fri Aug 17 22:52:41 2001 (3B7D8419)
f83ea000 f83fa780 pci pci.sys Wed Aug 04 08:07:45 2004 (41107D31)
f83fb000 f8428b80 ACPI ACPI.sys Wed Aug 04 08:07:35 2004 (41107D27)
f8429000 f8440800 SPTD5629 SPTD5629.SYS Wed Aug 04 07:59:39 2004 (41107B4B)
f8441000 f8514000 sptd sptd.sys Tue Nov 08 19:13:59 2005 (4370DCD7)
f8535000 f853dc00 isapnp isapnp.sys Fri Aug 17 22:58:01 2001 (3B7D8559)
f8545000 f854f500 MountMgr MountMgr.sys Wed Aug 04 07:58:29 2004 (41107B05)
f8555000 f8561c00 VolSnap VolSnap.sys Wed Aug 04 08:00:14 2004 (41107B6E)
f8565000 f856de00 disk disk.sys Wed Aug 04 07:59:53 2004 (41107B59)
f8575000 f8581200 CLASSPNP CLASSPNP.SYS Wed Aug 04 08:14:26 2004 (41107EC2)
f8585000 f858fe80 uagp35 uagp35.sys Wed Aug 04 08:07:43 2004 (41107D2F)
f8595000 f859e080 SISAGPX SISAGPX.sys Fri Jul 18 03:58:19 2003 (3F17543B)
f85c5000 f85d1180 cdrom cdrom.sys Wed Aug 04 07:59:52 2004 (41107B58)
f85f5000 f85fe480 NDProxy NDProxy.SYS Fri Aug 17 22:55:30 2001 (3B7D84C2)
f8615000 f8623100 usbhub usbhub.sys Wed Aug 04 08:08:40 2004 (41107D68)
f8625000 f8633460 mvstdi5x mvstdi5x.sys Thu Oct 07 18:35:49 2004 (41657065)
f8635000 f863d700 wanarp wanarp.sys Wed Aug 04 08:04:57 2004 (41107C89)
f8645000 f864d700 netbios netbios.sys Wed Aug 04 08:03:19 2004 (41107C27)
f8655000 f865d880 Fips Fips.SYS Sat Aug 18 03:31:49 2001 (3B7DC585)
f8775000 f877eb00 intelppm intelppm.sys Wed Aug 04 07:59:19 2004 (41107B37)
f8785000 f8794900 serial serial.sys Wed Aug 04 08:15:51 2004 (41107F17)
f8795000 f87a1800 i8042prt i8042prt.sys Wed Aug 04 08:14:36 2004 (41107ECC)
f87a5000 f87af380 imapi imapi.sys Wed Aug 04 08:00:12 2004 (41107B6C)
f87b5000 f87bb200 PCIIDEX PCIIDEX.SYS Wed Aug 04 07:59:40 2004 (41107B4C)
f87bd000 f87c1900 PartMgr PartMgr.sys Sat Aug 18 03:32:23 2001 (3B7DC5A7)
f87fd000 f8802500 TDTCP TDTCP.SYS Wed Aug 04 07:58:52 2004 (41107B1C)
f884d000 f8854000 fdc fdc.sys unavailable (FFFFFFFE)
f8855000 f885af80 kbdclass kbdclass.sys Wed Aug 04 07:58:32 2004 (41107B08)
f885d000 f8862980 mouclass mouclass.sys Wed Aug 04 07:58:32 2004 (41107B08)
f8865000 f8869280 usbohci usbohci.sys Wed Aug 04 08:08:34 2004 (41107D62)
f886d000 f8873800 usbehci usbehci.sys Wed Aug 04 08:08:34 2004 (41107D62)
f8875000 f887ce00 sisnic sisnic.sys Wed Jul 10 10:39:32 2002 (3D2BF2C4)
f8885000 f8889880 TDI TDI.SYS Wed Aug 04 08:07:47 2004 (41107D33)
f888d000 f8891580 ptilink ptilink.sys Fri Aug 17 22:49:53 2001 (3B7D8371)
f8895000 f8899080 raspti raspti.sys Fri Aug 17 22:55:32 2001 (3B7D84C4)
f88a5000 f88aa000 flpydisk flpydisk.sys Wed Aug 04 07:59:24 2004 (41107B3C)
f88bd000 f88c2200 vga vga.sys Wed Aug 04 08:07:06 2004 (41107D0A)
f88c5000 f88c9a80 Msfs Msfs.SYS Wed Aug 04 08:00:37 2004 (41107B85)
f88cd000 f88d4880 Npfs Npfs.SYS Wed Aug 04 08:00:38 2004 (41107B86)
f88dd000 f88e1500 watchdog watchdog.sys Wed Aug 04 08:07:32 2004 (41107D24)
f8945000 f8948000 BOOTVID BOOTVID.dll Fri Aug 17 22:49:09 2001 (3B7D8345)
f8a05000 f8a07280 rasacd rasacd.sys Fri Aug 17 22:55:39 2001 (3B7D84CB)
f8a19000 f8a1bf00 ws2ifsl ws2ifsl.sys Fri Aug 17 22:55:58 2001 (3B7D84DE)
f8a21000 f8a24c80 serenum serenum.sys Wed Aug 04 07:59:06 2004 (41107B2A)
f8a25000 f8a27980 gameenum gameenum.sys Wed Aug 04 08:08:20 2004 (41107D54)
f8a35000 f8a36b80 kdcom kdcom.dll Fri Aug 17 22:49:10 2001 (3B7D8346)
f8a37000 f8a38100 WMILIB WMILIB.SYS Fri Aug 17 23:07:23 2001 (3B7D878B)
f8a39000 f8a3a700 dmload dmload.sys Fri Aug 17 22:58:15 2001 (3B7D8567)
f8a4d000 f8a4e120 aeaudio aeaudio.sys Mon Apr 01 16:39:14 2002 (3CA87112)
f8a57000 f8a58100 swenum swenum.sys Wed Aug 04 07:58:41 2004 (41107B11)
f8a7f000 f8a80280 USBD USBD.SYS Fri Aug 17 23:02:58 2001 (3B7D8682)
f8a85000 f8a86f00 Fs_Rec Fs_Rec.SYS Fri Aug 17 22:49:37 2001 (3B7D8361)
f8a87000 f8a88080 Beep Beep.SYS Fri Aug 17 22:47:33 2001 (3B7D82E5)
f8a89000 f8a8a080 mnmdd mnmdd.SYS Fri Aug 17 22:57:28 2001 (3B7D8538)
f8a8b000 f8a8c080 RDPCDD RDPCDD.sys Fri Aug 17 22:46:56 2001 (3B7D82C0)
f8a97000 f8a98100 dump_WMILIB dump_WMILIB.SYS Fri Aug 17 23:07:23 2001 (3B7D878B)
f8aef000 f8af0a80 ParVdm ParVdm.SYS Fri Aug 17 22:49:49 2001 (3B7D836D)
f8af3000 f8af4880 RaInfo RaInfo.sys Mon Apr 12 11:39:30 2004 (407A63D2)
f8afd000 f8afdd00 pciide pciide.sys Fri Aug 17 22:51:49 2001 (3B7D83E5)
f8b18000 f8b18d00 dxgthk dxgthk.sys Fri Aug 17 22:53:12 2001 (3B7D8438)
f8ba6000 f8ba6b80 Null Null.SYS Fri Aug 17 22:47:39 2001 (3B7D82EB)
f8c51000 f8c51c80 LMImirr LMImirr.sys Mon May 22 23:40:41 2006 (44722FD9)
f8c52000 f8c52c00 audstub audstub.sys Fri Aug 17 22:59:40 2001 (3B7D85BC)
Unloaded modules:
f1582000 f15ad000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f1582000 f15ad000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f12bb000 f12e6000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f1784000 f17af000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f17d4000 f17ff000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f17d4000 f17ff000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f17d4000 f17ff000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f28a3000 f28ce000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f8c75000 f8c76000 drmkaud.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f3dfb000 f3e26000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f43c4000 f43d1000 DMusic.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f3e6e000 f3e7c000 swmidi.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f3e26000 f3e49000 aec.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f8aed000 f8aef000 splitter.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f8c88000 f8c89000 SiSPort.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f88b5000 f88ba000 Cdaudio.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
f8a01000 f8a04000 Sfloppy.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
-----------------------------------------------------
after that I wanted to try again with symbols loaded properly:
I think there was a problem with the
symbols\ntkrnlmp.pdb\AA1EE1B2A63A4232A379F3EFDDC4C FE82\ntkrnlmp.pd_
file...
(it was size 0, didnt find a matching .pdb file...)
did symfix in the command line of the windbg and it hanged on *BUSY*.
foudn a ntkenlmp.pd_ and downloaded it manualy but couldnt find how to extract the it (tried extrac32.exe and expand.exe from the windows dir...),
I'll be happy to know how to do that.
Thanks a lot for your time.
-
It's citing Zonealarm as the probable cause. It's out of date, so you can try updating it.
f63a5000 f63fe940 vsdatant vsdatant.sys Tue Nov 15 08:37:24 2005 (43798224) -->Belongs to Zonealarm.
-
well, I uninstalled the ZoneAlarm.
I'll post here if I'll have no BSODs in the next 2 weeks or so.
Thanks a lot.
