Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Old Windows 2000 server BSOD acpi.sys


  • Please log in to reply
2 replies to this topic

#1 Steevow

Steevow

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 17 December 2012 - 07:58 PM

I read the topic of this forum and smiled.
That's exactly what this is!

I have an old Windows 2000 server running in a closet on a DSL line, providing a small amount of mail, web, FTP for two users.

It's been there so long I can't even remember when I set it up. Maybe 10 years. I haven't really had to touch it for a long time. It's only got port 80, 110, 25, 587, and one or two others forwarded to it which is why a lack of security updates hasn't been a problem. It's been remote managed the little it has needed.

So anyway, let me post what it says in the BSOD and if someone has another idea maybe it's something else.

It's failed on reboot a few times, and blue screen of death mentioning ACPI.sys.
Not the apci advanced power management, but ACPI. Part of windows disk drive stuff.

One of the reboots today saved a dump, and here is the event log entry:

The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x00000037, 0x00000002, 0x00000001, 0xbffddec8). Microsoft Windows 2000 [v15.2195]. A dump was saved in: C:\WINNT\MEMORY.DMP.

I did find an old thread with Elise that mentioned this and she mentioned a rootkit.

I can't see how I could have a rootkit, no one has email, it's no one's desktop, no one executes anything on it. The thread was unfinished, the guy didn't post when he had success. Tacky!

There are no illustrative entries in event log, repeated stuff about network problems as expected on a dsl line, nothing that would give a clue to what the problem here is.

But when I went to the machine today it had an error message about a file that had been replaced, it seemed like it had been replaced with an earlier version. I didn't catch the name of the file and I looked through the event log for it and I couldn't find it.

I tried to run SFC but I couldn't lay my hands on the original windows 2000 CD. Heh. After all these years. I'll find it.

I cancelled SFC but here are the entries it made before I cancelled it in event log:

The system file c:\winnt\system32\fs2.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user.
]. This file is necessary to maintain system stability.

The system file c:\winnt\system32\is50.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user.
]. This file is necessary to maintain system stability.

The system file c:\winnt\system32\is60.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user.
]. This file is necessary to maintain system stability.

The system file c:\winnt\system32\ksolay.ax could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user.
]. This file is necessary to maintain system stability.

The system file c:\winnt\twain_32\miitwain\sm9232.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user.
]. This file is necessary to maintain system stability.

The system file c:\winnt\twain_32\miitwain\sm9332.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user.
]. This file is necessary to maintain system stability.

The system file c:\winnt\system32\thawbrkr.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user.
]. This file is necessary to maintain system stability.

I am not at that location so I can't do anything very active step by step test wise. But I could take a USB drive over with specific tools on it and run them, take it back but that would get pretty involved. Hopefully someone can give me some ideas. I was gonna take combofix over and run it, but I am not even sure it runs on Windows 2000.

BC AdBot (Login to Remove)

 


#2 Steevow

Steevow
  • Topic Starter

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 21 December 2012 - 01:37 AM

No one has any advice on this?

#3 Baltboy

Baltboy

    Bleepin' Flame Head


  • BC Advisor
  • 1,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pennsylvania
  • Local time:11:47 PM

Posted 06 January 2013 - 07:00 PM

Since the file that seems to be causing this error is a windows system driver it can be like grasping at straws. Typically the error you posted is caused by either bad hardware or bad drivers. I fno new software of any kind has been installed I would start by removing and reinstalling all of the drivers for the system. If that did not work then I would begin to suspect that either the some of the memory or possibly a hard drive is failing.
Get your facts first, then you can distort them as you please.
Mark Twain




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users