superg65
asked on
Could someone check my interpretation of a Win XP BSOD dump file readout please?
Hi
I have had the odd BSOD lately in what had been a very stable Win XP Pro SP3 machine. The notable change to the system was that I had added a SATA HDD to it - the other 2 drives are IDE. It is an Albatron K8NF4X socket 939 board with nForce4 chipset - latest drivers and bios.
Went through the process of decoding the dmp file from the BSOD and it is pasted below.
Seems to me it is pointing to vdatant.sys as the culprit for the stop error - google says this is a Zonealarm file which I am using. Been using Zonealarm for ages - seems a little strange that it suddenly has started to play up.
The faulting IP address of 804e66c3 8b3486 indicates that it is the kernal (ntkrnlpa.exe) that is falling over, causing the BSOD but is it vdatant.sys that is triggering it?
Hopefully someone can confirm this or shed some further light on what it could be or I should look for.
Thanks in advance for your time.
Cheers
Graeme
Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [c:\Mini052709-02.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: srv*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: c:\windows\i386
Windows XP Kernel Version 2600 (Service Pack 3) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp3_gdr.090206-1 234
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x80554040
Debug session time: Wed May 27 22:35:52.937 2009 (GMT+12)
System Uptime: 0 days 0:41:41.546
Loading Kernel Symbols
.......................... .......... .......... .......... .......
.......................... .......... .......... .....
Loading User Symbols
Loading unloaded module list
.....
************************** ********** ********** ********** ********** ********** ***
* *
* Bugcheck Analysis *
* *
************************** ********** ********** ********** ********** ********** ***
Use !analyze -v to get detailed debugging information.
BugCheck 1000000A, {89ff800c, 2, 0, 804e66c3}
Unable to load image vsdatant.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for vsdatant.sys
*** ERROR: Module load completed but symbols could not be loaded for vsdatant.sys
Probably caused by : vsdatant.sys ( vsdatant+302b5 )
Followup: MachineOwner
---------
kd> !analyze -v
************************** ********** ********** ********** ********** ********** ***
* *
* Bugcheck Analysis *
* *
************************** ********** ********** ********** ********** ********** ***
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 89ff800c, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: 804e66c3, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: 89ff800c
CURRENT_IRQL: 2
FAULTING_IP:
nt!CcGetVacbLargeOffset+71
804e66c3 8b3486 mov esi,dword ptr [esi+eax*4]
CUSTOMER_CRASH_COUNT: 2
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: update.exe
LAST_CONTROL_TRANSFER: from 804e796c to 804e66c3
STACK_TEXT:
b3c6e4d0 804e796c 89cf1268 0334e000 00000000 nt!CcGetVacbLargeOffset+0x 71
b3c6e504 804e30fd 00cf1268 0334e000 00000000 nt!CcGetVirtualAddress+0x7 0
b3c6e594 8055f81d 89cf13c0 b3c6e5d4 00001000 nt!CcPinFileData+0x7f
b3c6e608 b7e19bc3 89cf13c0 b3c6e648 00001000 nt!CcPreparePinWrite+0x93
b3c6e688 b7e19d21 e149e2d8 e14425f0 00000080 Ntfs!LfsGetLbcb+0x5b
b3c6e69c b7e199a2 e149e2d8 000000b0 e14425f0 Ntfs!LfsPrepareLfcbForLogR ecord+0x4a
b3c6e6cc b7e196d6 e149e2d8 e14425f0 00000002 Ntfs!LfsWriteLogRecordInto LogPage+0x 5c
b3c6e7a8 b7e191ff e14425f0 00000002 b3c6e868 Ntfs!LfsWrite+0x2f7
b3c6e92c b7e34c37 8875c530 e14a29e0 8858c6f8 Ntfs!NtfsWriteLog+0x6a2
b3c6e9f8 b7e76576 8875c530 e14a29e0 02b127f8 Ntfs!NtOfsPutData+0x2fa
b3c6ea8c b7e4e265 8875c530 e45b6d90 e45b6cc8 Ntfs!NtfsWriteUsnJournalCh anges+0x19 c
b3c6eaa0 b7e2cf9e 8875c530 8875c530 e45b6d90 Ntfs!NtfsCheckpointCurrent Transactio n+0x1b
b3c6eacc b7e23c33 8875c530 88a22a40 886cf1d8 Ntfs!NtfsSetBasicInfo+0x33 5
b3c6eb38 b7dfbb3b 8875c530 886cf1d8 886cf1d8 Ntfs!NtfsCommonSetInformat ion+0x44a
b3c6eba0 804ee129 89d0b020 886cf1d8 886cf38c Ntfs!NtfsFsdSetInformation +0xa3
b3c6ebb0 b7ea9f45 00000000 89c9b3c0 8881e268 nt!IopfCallDriver+0x31
b3c6ebc4 804ee129 89cb5848 886cf1d8 886cf1d8 sr!SrSetInformation+0x179
b3c6ebd4 b7eb1e9b 89bd7d80 886cf1d8 89ba9c18 nt!IopfCallDriver+0x31
b3c6ebf8 b7eb206b b3c6ec18 89bd7d80 00000000 fltMgr!FltpLegacyProcessin gAfterPreC allbacksCo mpleted+0x 20b
b3c6ec30 804ee129 89bd7d80 886cf1d8 886cf1e8 fltMgr!FltpDispatch+0x11f
b3c6ec40 80570889 00000000 00000004 b4e8e120 nt!IopfCallDriver+0x31
b3c6ecf0 b4e8e2b5 00000718 0006e260 0006e138 nt!NtSetInformationFile+0x 585
WARNING: Stack unwind information not available. Following frames may be wrong.
b3c6ed48 8053d648 00000718 0006e260 0006e138 vsdatant+0x302b5
b3c6ed48 7c90e514 00000718 0006e260 0006e138 nt!KiFastCallEntry+0xf8
0006e4b8 00000000 00000000 00000000 00000000 0x7c90e514
STACK_COMMAND: kb
FOLLOWUP_IP:
vsdatant+302b5
b4e8e2b5 ?? ???
SYMBOL_STACK_INDEX: 16
SYMBOL_NAME: vsdatant+302b5
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: vsdatant
IMAGE_NAME: vsdatant.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4874da4c
FAILURE_BUCKET_ID: 0xA_vsdatant+302b5
BUCKET_ID: 0xA_vsdatant+302b5
Followup: MachineOwner
---------
kd> !analyze -v
************************** ********** ********** ********** ********** ********** ***
* *
* Bugcheck Analysis *
* *
************************** ********** ********** ********** ********** ********** ***
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 89ff800c, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: 804e66c3, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: 89ff800c
CURRENT_IRQL: 2
FAULTING_IP:
nt!CcGetVacbLargeOffset+71
804e66c3 8b3486 mov esi,dword ptr [esi+eax*4]
CUSTOMER_CRASH_COUNT: 2
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: update.exe
LAST_CONTROL_TRANSFER: from 804e796c to 804e66c3
STACK_TEXT:
b3c6e4d0 804e796c 89cf1268 0334e000 00000000 nt!CcGetVacbLargeOffset+0x 71
b3c6e504 804e30fd 00cf1268 0334e000 00000000 nt!CcGetVirtualAddress+0x7 0
b3c6e594 8055f81d 89cf13c0 b3c6e5d4 00001000 nt!CcPinFileData+0x7f
b3c6e608 b7e19bc3 89cf13c0 b3c6e648 00001000 nt!CcPreparePinWrite+0x93
b3c6e688 b7e19d21 e149e2d8 e14425f0 00000080 Ntfs!LfsGetLbcb+0x5b
b3c6e69c b7e199a2 e149e2d8 000000b0 e14425f0 Ntfs!LfsPrepareLfcbForLogR ecord+0x4a
b3c6e6cc b7e196d6 e149e2d8 e14425f0 00000002 Ntfs!LfsWriteLogRecordInto LogPage+0x 5c
b3c6e7a8 b7e191ff e14425f0 00000002 b3c6e868 Ntfs!LfsWrite+0x2f7
b3c6e92c b7e34c37 8875c530 e14a29e0 8858c6f8 Ntfs!NtfsWriteLog+0x6a2
b3c6e9f8 b7e76576 8875c530 e14a29e0 02b127f8 Ntfs!NtOfsPutData+0x2fa
b3c6ea8c b7e4e265 8875c530 e45b6d90 e45b6cc8 Ntfs!NtfsWriteUsnJournalCh anges+0x19 c
b3c6eaa0 b7e2cf9e 8875c530 8875c530 e45b6d90 Ntfs!NtfsCheckpointCurrent Transactio n+0x1b
b3c6eacc b7e23c33 8875c530 88a22a40 886cf1d8 Ntfs!NtfsSetBasicInfo+0x33 5
b3c6eb38 b7dfbb3b 8875c530 886cf1d8 886cf1d8 Ntfs!NtfsCommonSetInformat ion+0x44a
b3c6eba0 804ee129 89d0b020 886cf1d8 886cf38c Ntfs!NtfsFsdSetInformation +0xa3
b3c6ebb0 b7ea9f45 00000000 89c9b3c0 8881e268 nt!IopfCallDriver+0x31
b3c6ebc4 804ee129 89cb5848 886cf1d8 886cf1d8 sr!SrSetInformation+0x179
b3c6ebd4 b7eb1e9b 89bd7d80 886cf1d8 89ba9c18 nt!IopfCallDriver+0x31
b3c6ebf8 b7eb206b b3c6ec18 89bd7d80 00000000 fltMgr!FltpLegacyProcessin gAfterPreC allbacksCo mpleted+0x 20b
b3c6ec30 804ee129 89bd7d80 886cf1d8 886cf1e8 fltMgr!FltpDispatch+0x11f
b3c6ec40 80570889 00000000 00000004 b4e8e120 nt!IopfCallDriver+0x31
b3c6ecf0 b4e8e2b5 00000718 0006e260 0006e138 nt!NtSetInformationFile+0x 585
WARNING: Stack unwind information not available. Following frames may be wrong.
b3c6ed48 8053d648 00000718 0006e260 0006e138 vsdatant+0x302b5
b3c6ed48 7c90e514 00000718 0006e260 0006e138 nt!KiFastCallEntry+0xf8
0006e4b8 00000000 00000000 00000000 00000000 0x7c90e514
STACK_COMMAND: kb
FOLLOWUP_IP:
vsdatant+302b5
b4e8e2b5 ?? ???
SYMBOL_STACK_INDEX: 16
SYMBOL_NAME: vsdatant+302b5
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: vsdatant
IMAGE_NAME: vsdatant.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4874da4c
FAILURE_BUCKET_ID: 0xA_vsdatant+302b5
BUCKET_ID: 0xA_vsdatant+302b5
Followup: MachineOwner
---------
kd> lmvm vsdatant
start end module name
b4e5e000 b4ebd0e0 vsdatant T (no symbols)
Loaded symbol image file: vsdatant.sys
Image path: vsdatant.sys
Image name: vsdatant.sys
Timestamp: Thu Jul 10 03:33:32 2008 (4874DA4C)
CheckSum: 00068FDC
ImageSize: 0005F0E0
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
kd> lm n t
start end module name
804d7000 806cf680 nt ntkrnlpa.exe Fri Feb 06 23:32:51 2009 (498C11D3)
806d0000 806f0300 hal halaacpi.dll Mon Apr 14 06:31:27 2008 (4802517F)
b3d5f000 b3d9fa80 HTTP HTTP.sys Mon Apr 14 06:53:48 2008 (480256BC)
b4024000 b4027800 asyncmac asyncmac.sys Mon Apr 14 06:57:27 2008 (48025797)
b42f0000 b4341880 srv srv.sys Thu Dec 11 23:57:07 2008 (4940F203)
b445a000 b4486180 mrxdav mrxdav.sys Mon Apr 14 06:32:42 2008 (480251CA)
b468f000 b46b2180 Fastfat Fastfat.SYS Mon Apr 14 07:14:28 2008 (48025B94)
b49f7000 b49fa900 ndisuio ndisuio.sys Mon Apr 14 06:55:57 2008 (4802573D)
b4d13000 b4d2a900 dump_atapi dump_atapi.sys Mon Apr 14 06:40:29 2008 (4802539D)
b4d53000 b4da0f00 avgldx86 avgldx86.sys Fri Apr 10 22:37:14 2009 (49DF215A)
b4da1000 b4e10280 mrxsmb mrxsmb.sys Sat Oct 25 00:21:07 2008 (4901AFA3)
b4e11000 b4e3be80 rdbss rdbss.sys Mon Apr 14 07:28:38 2008 (48025EE6)
b4e3c000 b4e5dd00 afd afd.sys Thu Aug 14 22:04:35 2008 (48A40333)
b4e5e000 b4ebd0e0 vsdatant vsdatant.sys Thu Jul 10 03:33:32 2008 (4874DA4C)
b4ebe000 b4ee5c00 netbt netbt.sys Mon Apr 14 07:20:59 2008 (48025D1B)
b4ee6000 b4f0b500 ipnat ipnat.sys Mon Apr 14 06:57:10 2008 (48025786)
b4f0c000 b4f24e00 avgtdix avgtdix.sys Tue Apr 07 01:42:27 2009 (49DA06C3)
b4f25000 b4f7d480 tcpip tcpip.sys Fri Jun 20 23:51:09 2008 (485B99AD)
b4f7e000 b4f90600 ipsec ipsec.sys Mon Apr 14 07:19:42 2008 (48025CCE)
b4fb1000 b4fd4000 klif klif.sys Tue May 15 20:40:47 2007 (4649720F)
b7353000 b73b0f00 update update.sys Mon Apr 14 06:39:46 2008 (48025372)
b73b1000 b73b3900 Dxapi Dxapi.sys Sat Aug 18 08:53:19 2001 (3B7D843F)
b73d9000 b7408e80 rdpdr rdpdr.sys Mon Apr 14 06:32:50 2008 (480251D2)
b7425000 b7435e00 psched psched.sys Mon Apr 14 06:56:36 2008 (48025764)
b7436000 b744c580 ndiswan ndiswan.sys Mon Apr 14 07:20:41 2008 (48025D09)
b744d000 b7460900 parport parport.sys Mon Apr 14 06:40:09 2008 (48025389)
b7461000 b7474f00 VIDEOPRT VIDEOPRT.SYS Mon Apr 14 06:44:39 2008 (48025497)
b7475000 b7c23b20 nv4_mini nv4_mini.sys Fri May 01 18:30:33 2009 (49FA9709)
b7c24000 b7d0d480 NVNRM NVNRM.SYS Sat Aug 02 06:35:57 2008 (4893578D)
b7d0e000 b7d30700 ks ks.sys Mon Apr 14 07:16:34 2008 (48025C12)
b7d31000 b7d54200 USBPORT USBPORT.SYS Mon Apr 14 06:45:34 2008 (480254CE)
b7d59000 b7d5bf80 mouhid mouhid.sys Sat Aug 18 08:47:57 2001 (3B7D82FD)
b7d61000 b7d63880 hidusb hidusb.sys Mon Apr 14 06:45:27 2008 (480254C7)
b7d9d000 b7db6b80 Mup Mup.sys Mon Apr 14 07:17:05 2008 (48025C31)
b7db7000 b7dcb000 srescan srescan.sys Wed Dec 05 11:30:06 2007 (4755D4EE)
b7dcb000 b7df7980 NDIS NDIS.sys Mon Apr 14 07:20:35 2008 (48025D03)
b7df8000 b7e84600 Ntfs Ntfs.sys Mon Apr 14 07:15:49 2008 (48025BE5)
b7e85000 b7e9b880 KSecDD KSecDD.sys Mon Apr 14 06:31:40 2008 (4802518C)
b7e9c000 b7eadf00 sr sr.sys Mon Apr 14 06:36:50 2008 (480252C2)
b7eae000 b7ecdb00 fltMgr fltMgr.sys Mon Apr 14 06:32:58 2008 (480251DA)
b7ece000 b7ee5880 SCSIPORT SCSIPORT.SYS Mon Apr 14 06:40:29 2008 (4802539D)
b7ee6000 b7f0b000 nvgts nvgts.sys Tue Aug 19 13:53:21 2008 (48AA2791)
b7f0b000 b7f22900 atapi atapi.sys Mon Apr 14 06:40:29 2008 (4802539D)
b7f23000 b7f48700 dmio dmio.sys Mon Apr 14 06:44:45 2008 (4802549D)
b7f49000 b7f67880 ftdisk ftdisk.sys Sat Aug 18 08:52:41 2001 (3B7D8419)
b7f68000 b7f78a80 pci pci.sys Mon Apr 14 06:36:43 2008 (480252BB)
b7f79000 b7fa6d80 ACPI ACPI.sys Mon Apr 14 06:36:33 2008 (480252B1)
b80a8000 b80b1180 isapnp isapnp.sys Mon Apr 14 06:36:40 2008 (480252B8)
b80b8000 b80c2580 MountMgr MountMgr.sys Mon Apr 14 06:39:45 2008 (48025371)
b80c8000 b80d4c80 VolSnap VolSnap.sys Mon Apr 14 06:41:00 2008 (480253BC)
b80d8000 b80e0e00 disk disk.sys Mon Apr 14 06:40:46 2008 (480253AE)
b80e8000 b80f4180 CLASSPNP CLASSPNP.SYS Mon Apr 14 07:16:21 2008 (48025C05)
b8168000 b8175000 AmdPPM AmdPPM.sys Tue Apr 17 09:46:33 2007 (4623EEB9)
b8178000 b8182480 imapi imapi.sys Mon Apr 14 06:40:57 2008 (480253B9)
b8188000 b8197600 cdrom cdrom.sys Mon Apr 14 06:40:45 2008 (480253AD)
b8198000 b81a6100 redbook redbook.sys Mon Apr 14 06:40:27 2008 (4802539B)
b81a8000 b81b2000 nvnetbus nvnetbus.sys Sat Aug 02 06:36:24 2008 (489357A8)
b81b8000 b81c7c00 serial serial.sys Mon Apr 14 07:15:44 2008 (48025BE0)
b81c8000 b81d4880 rasl2tp rasl2tp.sys Mon Apr 14 07:19:43 2008 (48025CCF)
b81d8000 b81e2200 raspppoe raspppoe.sys Mon Apr 14 06:57:31 2008 (4802579B)
b81e8000 b81f3d00 raspptp raspptp.sys Mon Apr 14 07:19:47 2008 (48025CD3)
b81f8000 b8200900 msgpc msgpc.sys Mon Apr 14 06:56:32 2008 (48025760)
b8208000 b8211f00 termdd termdd.sys Mon Apr 14 06:38:36 2008 (4802532C)
b8218000 b8226880 usbhub usbhub.sys Mon Apr 14 06:45:36 2008 (480254D0)
b8228000 b8231e80 NDProxy NDProxy.SYS Mon Apr 14 06:57:28 2008 (48025798)
b8238000 b8245600 NVENETFD NVENETFD.sys Sat Aug 02 06:36:19 2008 (489357A3)
b8288000 b8290700 wanarp wanarp.sys Mon Apr 14 06:57:20 2008 (48025790)
b8298000 b82a0780 netbios netbios.sys Mon Apr 14 06:56:01 2008 (48025741)
b82b8000 b82c2e00 Fips Fips.SYS Mon Apr 14 06:33:27 2008 (480251F7)
b82c8000 b82d1000 HIDCLASS HIDCLASS.SYS Mon Apr 14 06:45:25 2008 (480254C5)
b82e8000 b82f7900 Cdfs Cdfs.SYS Mon Apr 14 07:14:21 2008 (48025B8D)
b8328000 b832e180 PCIIDEX PCIIDEX.SYS Mon Apr 14 06:40:29 2008 (4802539D)
b8330000 b8334d00 PartMgr PartMgr.sys Mon Apr 14 06:40:48 2008 (480253B0)
b8370000 b8376700 USBSTOR USBSTOR.SYS Mon Apr 14 06:45:37 2008 (480254D1)
b83a0000 b83a4300 usbohci usbohci.sys Mon Apr 14 06:45:34 2008 (480254CE)
b83a8000 b83af600 usbehci usbehci.sys Mon Apr 14 06:45:34 2008 (480254CE)
b83b0000 b83b1000 fdc fdc.sys unavailable (00000000)
b83b8000 b83bca80 TDI TDI.SYS Mon Apr 14 07:00:04 2008 (48025834)
b83c0000 b83c4580 ptilink ptilink.sys Sat Aug 18 08:49:53 2001 (3B7D8371)
b83c8000 b83cc080 raspti raspti.sys Sat Aug 18 08:55:32 2001 (3B7D84C4)
b83d0000 b83d6000 kbdclass kbdclass.sys Mon Apr 14 06:39:46 2008 (48025372)
b83d8000 b83dda00 mouclass mouclass.sys Mon Apr 14 06:39:47 2008 (48025373)
b83e0000 b83e5000 flpydisk flpydisk.sys Mon Apr 14 06:40:24 2008 (48025398)
b83f0000 b83f6180 HIDPARSE HIDPARSE.SYS Mon Apr 14 06:45:22 2008 (480254C2)
b83f8000 b83fd200 vga vga.sys Mon Apr 14 06:44:40 2008 (48025498)
b8400000 b8404a80 Msfs Msfs.SYS Mon Apr 14 06:32:38 2008 (480251C6)
b8408000 b840f880 Npfs Npfs.SYS Mon Apr 14 06:32:38 2008 (480251C6)
b8410000 b8417d80 usbccgp usbccgp.sys Mon Apr 14 06:45:38 2008 (480254D2)
b8418000 b841d280 avgmfx86 avgmfx86.sys Tue Feb 24 22:31:56 2009 (49A3BE8C)
b8428000 b842c500 watchdog watchdog.sys Mon Apr 14 06:44:59 2008 (480254AB)
b84b8000 b84bb000 BOOTVID BOOTVID.dll Sat Aug 18 08:49:09 2001 (3B7D8345)
b8538000 b853b900 kbdhid kbdhid.sys Mon Apr 14 06:39:47 2008 (48025373)
b854c000 b854fd80 serenum serenum.sys Mon Apr 14 06:40:12 2008 (4802538C)
b8550000 b8552780 ndistapi ndistapi.sys Mon Apr 14 06:57:27 2008 (48025797)
b8570000 b8573c80 mssmbios mssmbios.sys Mon Apr 14 06:36:45 2008 (480252BD)
b85a4000 b85a6280 rasacd rasacd.sys Sat Aug 18 08:55:39 2001 (3B7D84CB)
b85a8000 b85a9b80 kdcom kdcom.dll Sat Aug 18 08:49:10 2001 (3B7D8346)
b85aa000 b85ab100 WMILIB WMILIB.SYS Sat Aug 18 09:07:23 2001 (3B7D878B)
b85ac000 b85ad700 dmload dmload.sys Sat Aug 18 08:58:15 2001 (3B7D8567)
b85b6000 b85b7100 swenum swenum.sys Mon Apr 14 06:39:52 2008 (48025378)
b85b8000 b85b9280 USBD USBD.SYS Sat Aug 18 09:02:58 2001 (3B7D8682)
b85ba000 b85bba80 ParVdm ParVdm.SYS Sat Aug 18 08:49:49 2001 (3B7D836D)
b85bc000 b85bdf00 Fs_Rec Fs_Rec.SYS Sat Aug 18 08:49:37 2001 (3B7D8361)
b85be000 b85bf080 Beep Beep.SYS Sat Aug 18 08:47:33 2001 (3B7D82E5)
b85c0000 b85c1080 mnmdd mnmdd.SYS Sat Aug 18 08:57:28 2001 (3B7D8538)
b85c2000 b85c3080 RDPCDD RDPCDD.sys Sat Aug 18 08:46:56 2001 (3B7D82C0)
b85c4000 b85c5100 dump_WMILIB dump_WMILIB.SYS Sat Aug 18 09:07:23 2001 (3B7D878B)
b8670000 b8670d00 pciide pciide.sys Sat Aug 18 08:51:49 2001 (3B7D83E5)
b872d000 b872dd00 dxgthk dxgthk.sys Sat Aug 18 08:53:12 2001 (3B7D8438)
b8777000 b8777b80 Null Null.SYS Sat Aug 18 08:47:39 2001 (3B7D82EB)
b87f6000 b87f6c00 audstub audstub.sys Sat Aug 18 08:59:40 2001 (3B7D85BC)
bd000000 bd011600 dxg dxg.sys Mon Apr 14 06:38:27 2008 (48025323)
bd012000 bd5b1880 nv4_disp nv4_disp.dll Fri May 01 18:22:30 2009 (49FA9526)
bf800000 bf9c2e00 win32k win32k.sys Tue Feb 10 00:13:13 2009 (49900FC9)
bffa0000 bffe5c00 ATMFD ATMFD.DLL Mon Apr 14 12:09:55 2008 (4802A0D3)
Unloaded modules:
b8430000 b8437000 USBSTOR.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
b82a8000 b82b1000 processr.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
b85a0000 b85a4000 kbdhid.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
b83e8000 b83ed000 Cdaudio.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
b859c000 b859f000 Sfloppy.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
I have had the odd BSOD lately in what had been a very stable Win XP Pro SP3 machine. The notable change to the system was that I had added a SATA HDD to it - the other 2 drives are IDE. It is an Albatron K8NF4X socket 939 board with nForce4 chipset - latest drivers and bios.
Went through the process of decoding the dmp file from the BSOD and it is pasted below.
Seems to me it is pointing to vdatant.sys as the culprit for the stop error - google says this is a Zonealarm file which I am using. Been using Zonealarm for ages - seems a little strange that it suddenly has started to play up.
The faulting IP address of 804e66c3 8b3486 indicates that it is the kernal (ntkrnlpa.exe) that is falling over, causing the BSOD but is it vdatant.sys that is triggering it?
Hopefully someone can confirm this or shed some further light on what it could be or I should look for.
Thanks in advance for your time.
Cheers
Graeme
Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [c:\Mini052709-02.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: srv*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: c:\windows\i386
Windows XP Kernel Version 2600 (Service Pack 3) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp3_gdr.090206-1
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x80554040
Debug session time: Wed May 27 22:35:52.937 2009 (GMT+12)
System Uptime: 0 days 0:41:41.546
Loading Kernel Symbols
..........................
..........................
Loading User Symbols
Loading unloaded module list
.....
**************************
* *
* Bugcheck Analysis *
* *
**************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000000A, {89ff800c, 2, 0, 804e66c3}
Unable to load image vsdatant.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for vsdatant.sys
*** ERROR: Module load completed but symbols could not be loaded for vsdatant.sys
Probably caused by : vsdatant.sys ( vsdatant+302b5 )
Followup: MachineOwner
---------
kd> !analyze -v
**************************
* *
* Bugcheck Analysis *
* *
**************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 89ff800c, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: 804e66c3, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: 89ff800c
CURRENT_IRQL: 2
FAULTING_IP:
nt!CcGetVacbLargeOffset+71
804e66c3 8b3486 mov esi,dword ptr [esi+eax*4]
CUSTOMER_CRASH_COUNT: 2
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: update.exe
LAST_CONTROL_TRANSFER: from 804e796c to 804e66c3
STACK_TEXT:
b3c6e4d0 804e796c 89cf1268 0334e000 00000000 nt!CcGetVacbLargeOffset+0x
b3c6e504 804e30fd 00cf1268 0334e000 00000000 nt!CcGetVirtualAddress+0x7
b3c6e594 8055f81d 89cf13c0 b3c6e5d4 00001000 nt!CcPinFileData+0x7f
b3c6e608 b7e19bc3 89cf13c0 b3c6e648 00001000 nt!CcPreparePinWrite+0x93
b3c6e688 b7e19d21 e149e2d8 e14425f0 00000080 Ntfs!LfsGetLbcb+0x5b
b3c6e69c b7e199a2 e149e2d8 000000b0 e14425f0 Ntfs!LfsPrepareLfcbForLogR
b3c6e6cc b7e196d6 e149e2d8 e14425f0 00000002 Ntfs!LfsWriteLogRecordInto
b3c6e7a8 b7e191ff e14425f0 00000002 b3c6e868 Ntfs!LfsWrite+0x2f7
b3c6e92c b7e34c37 8875c530 e14a29e0 8858c6f8 Ntfs!NtfsWriteLog+0x6a2
b3c6e9f8 b7e76576 8875c530 e14a29e0 02b127f8 Ntfs!NtOfsPutData+0x2fa
b3c6ea8c b7e4e265 8875c530 e45b6d90 e45b6cc8 Ntfs!NtfsWriteUsnJournalCh
b3c6eaa0 b7e2cf9e 8875c530 8875c530 e45b6d90 Ntfs!NtfsCheckpointCurrent
b3c6eacc b7e23c33 8875c530 88a22a40 886cf1d8 Ntfs!NtfsSetBasicInfo+0x33
b3c6eb38 b7dfbb3b 8875c530 886cf1d8 886cf1d8 Ntfs!NtfsCommonSetInformat
b3c6eba0 804ee129 89d0b020 886cf1d8 886cf38c Ntfs!NtfsFsdSetInformation
b3c6ebb0 b7ea9f45 00000000 89c9b3c0 8881e268 nt!IopfCallDriver+0x31
b3c6ebc4 804ee129 89cb5848 886cf1d8 886cf1d8 sr!SrSetInformation+0x179
b3c6ebd4 b7eb1e9b 89bd7d80 886cf1d8 89ba9c18 nt!IopfCallDriver+0x31
b3c6ebf8 b7eb206b b3c6ec18 89bd7d80 00000000 fltMgr!FltpLegacyProcessin
b3c6ec30 804ee129 89bd7d80 886cf1d8 886cf1e8 fltMgr!FltpDispatch+0x11f
b3c6ec40 80570889 00000000 00000004 b4e8e120 nt!IopfCallDriver+0x31
b3c6ecf0 b4e8e2b5 00000718 0006e260 0006e138 nt!NtSetInformationFile+0x
WARNING: Stack unwind information not available. Following frames may be wrong.
b3c6ed48 8053d648 00000718 0006e260 0006e138 vsdatant+0x302b5
b3c6ed48 7c90e514 00000718 0006e260 0006e138 nt!KiFastCallEntry+0xf8
0006e4b8 00000000 00000000 00000000 00000000 0x7c90e514
STACK_COMMAND: kb
FOLLOWUP_IP:
vsdatant+302b5
b4e8e2b5 ?? ???
SYMBOL_STACK_INDEX: 16
SYMBOL_NAME: vsdatant+302b5
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: vsdatant
IMAGE_NAME: vsdatant.sys
DEBUG_FLR_IMAGE_TIMESTAMP:
FAILURE_BUCKET_ID: 0xA_vsdatant+302b5
BUCKET_ID: 0xA_vsdatant+302b5
Followup: MachineOwner
---------
kd> !analyze -v
**************************
* *
* Bugcheck Analysis *
* *
**************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 89ff800c, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: 804e66c3, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: 89ff800c
CURRENT_IRQL: 2
FAULTING_IP:
nt!CcGetVacbLargeOffset+71
804e66c3 8b3486 mov esi,dword ptr [esi+eax*4]
CUSTOMER_CRASH_COUNT: 2
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: update.exe
LAST_CONTROL_TRANSFER: from 804e796c to 804e66c3
STACK_TEXT:
b3c6e4d0 804e796c 89cf1268 0334e000 00000000 nt!CcGetVacbLargeOffset+0x
b3c6e504 804e30fd 00cf1268 0334e000 00000000 nt!CcGetVirtualAddress+0x7
b3c6e594 8055f81d 89cf13c0 b3c6e5d4 00001000 nt!CcPinFileData+0x7f
b3c6e608 b7e19bc3 89cf13c0 b3c6e648 00001000 nt!CcPreparePinWrite+0x93
b3c6e688 b7e19d21 e149e2d8 e14425f0 00000080 Ntfs!LfsGetLbcb+0x5b
b3c6e69c b7e199a2 e149e2d8 000000b0 e14425f0 Ntfs!LfsPrepareLfcbForLogR
b3c6e6cc b7e196d6 e149e2d8 e14425f0 00000002 Ntfs!LfsWriteLogRecordInto
b3c6e7a8 b7e191ff e14425f0 00000002 b3c6e868 Ntfs!LfsWrite+0x2f7
b3c6e92c b7e34c37 8875c530 e14a29e0 8858c6f8 Ntfs!NtfsWriteLog+0x6a2
b3c6e9f8 b7e76576 8875c530 e14a29e0 02b127f8 Ntfs!NtOfsPutData+0x2fa
b3c6ea8c b7e4e265 8875c530 e45b6d90 e45b6cc8 Ntfs!NtfsWriteUsnJournalCh
b3c6eaa0 b7e2cf9e 8875c530 8875c530 e45b6d90 Ntfs!NtfsCheckpointCurrent
b3c6eacc b7e23c33 8875c530 88a22a40 886cf1d8 Ntfs!NtfsSetBasicInfo+0x33
b3c6eb38 b7dfbb3b 8875c530 886cf1d8 886cf1d8 Ntfs!NtfsCommonSetInformat
b3c6eba0 804ee129 89d0b020 886cf1d8 886cf38c Ntfs!NtfsFsdSetInformation
b3c6ebb0 b7ea9f45 00000000 89c9b3c0 8881e268 nt!IopfCallDriver+0x31
b3c6ebc4 804ee129 89cb5848 886cf1d8 886cf1d8 sr!SrSetInformation+0x179
b3c6ebd4 b7eb1e9b 89bd7d80 886cf1d8 89ba9c18 nt!IopfCallDriver+0x31
b3c6ebf8 b7eb206b b3c6ec18 89bd7d80 00000000 fltMgr!FltpLegacyProcessin
b3c6ec30 804ee129 89bd7d80 886cf1d8 886cf1e8 fltMgr!FltpDispatch+0x11f
b3c6ec40 80570889 00000000 00000004 b4e8e120 nt!IopfCallDriver+0x31
b3c6ecf0 b4e8e2b5 00000718 0006e260 0006e138 nt!NtSetInformationFile+0x
WARNING: Stack unwind information not available. Following frames may be wrong.
b3c6ed48 8053d648 00000718 0006e260 0006e138 vsdatant+0x302b5
b3c6ed48 7c90e514 00000718 0006e260 0006e138 nt!KiFastCallEntry+0xf8
0006e4b8 00000000 00000000 00000000 00000000 0x7c90e514
STACK_COMMAND: kb
FOLLOWUP_IP:
vsdatant+302b5
b4e8e2b5 ?? ???
SYMBOL_STACK_INDEX: 16
SYMBOL_NAME: vsdatant+302b5
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: vsdatant
IMAGE_NAME: vsdatant.sys
DEBUG_FLR_IMAGE_TIMESTAMP:
FAILURE_BUCKET_ID: 0xA_vsdatant+302b5
BUCKET_ID: 0xA_vsdatant+302b5
Followup: MachineOwner
---------
kd> lmvm vsdatant
start end module name
b4e5e000 b4ebd0e0 vsdatant T (no symbols)
Loaded symbol image file: vsdatant.sys
Image path: vsdatant.sys
Image name: vsdatant.sys
Timestamp: Thu Jul 10 03:33:32 2008 (4874DA4C)
CheckSum: 00068FDC
ImageSize: 0005F0E0
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
kd> lm n t
start end module name
804d7000 806cf680 nt ntkrnlpa.exe Fri Feb 06 23:32:51 2009 (498C11D3)
806d0000 806f0300 hal halaacpi.dll Mon Apr 14 06:31:27 2008 (4802517F)
b3d5f000 b3d9fa80 HTTP HTTP.sys Mon Apr 14 06:53:48 2008 (480256BC)
b4024000 b4027800 asyncmac asyncmac.sys Mon Apr 14 06:57:27 2008 (48025797)
b42f0000 b4341880 srv srv.sys Thu Dec 11 23:57:07 2008 (4940F203)
b445a000 b4486180 mrxdav mrxdav.sys Mon Apr 14 06:32:42 2008 (480251CA)
b468f000 b46b2180 Fastfat Fastfat.SYS Mon Apr 14 07:14:28 2008 (48025B94)
b49f7000 b49fa900 ndisuio ndisuio.sys Mon Apr 14 06:55:57 2008 (4802573D)
b4d13000 b4d2a900 dump_atapi dump_atapi.sys Mon Apr 14 06:40:29 2008 (4802539D)
b4d53000 b4da0f00 avgldx86 avgldx86.sys Fri Apr 10 22:37:14 2009 (49DF215A)
b4da1000 b4e10280 mrxsmb mrxsmb.sys Sat Oct 25 00:21:07 2008 (4901AFA3)
b4e11000 b4e3be80 rdbss rdbss.sys Mon Apr 14 07:28:38 2008 (48025EE6)
b4e3c000 b4e5dd00 afd afd.sys Thu Aug 14 22:04:35 2008 (48A40333)
b4e5e000 b4ebd0e0 vsdatant vsdatant.sys Thu Jul 10 03:33:32 2008 (4874DA4C)
b4ebe000 b4ee5c00 netbt netbt.sys Mon Apr 14 07:20:59 2008 (48025D1B)
b4ee6000 b4f0b500 ipnat ipnat.sys Mon Apr 14 06:57:10 2008 (48025786)
b4f0c000 b4f24e00 avgtdix avgtdix.sys Tue Apr 07 01:42:27 2009 (49DA06C3)
b4f25000 b4f7d480 tcpip tcpip.sys Fri Jun 20 23:51:09 2008 (485B99AD)
b4f7e000 b4f90600 ipsec ipsec.sys Mon Apr 14 07:19:42 2008 (48025CCE)
b4fb1000 b4fd4000 klif klif.sys Tue May 15 20:40:47 2007 (4649720F)
b7353000 b73b0f00 update update.sys Mon Apr 14 06:39:46 2008 (48025372)
b73b1000 b73b3900 Dxapi Dxapi.sys Sat Aug 18 08:53:19 2001 (3B7D843F)
b73d9000 b7408e80 rdpdr rdpdr.sys Mon Apr 14 06:32:50 2008 (480251D2)
b7425000 b7435e00 psched psched.sys Mon Apr 14 06:56:36 2008 (48025764)
b7436000 b744c580 ndiswan ndiswan.sys Mon Apr 14 07:20:41 2008 (48025D09)
b744d000 b7460900 parport parport.sys Mon Apr 14 06:40:09 2008 (48025389)
b7461000 b7474f00 VIDEOPRT VIDEOPRT.SYS Mon Apr 14 06:44:39 2008 (48025497)
b7475000 b7c23b20 nv4_mini nv4_mini.sys Fri May 01 18:30:33 2009 (49FA9709)
b7c24000 b7d0d480 NVNRM NVNRM.SYS Sat Aug 02 06:35:57 2008 (4893578D)
b7d0e000 b7d30700 ks ks.sys Mon Apr 14 07:16:34 2008 (48025C12)
b7d31000 b7d54200 USBPORT USBPORT.SYS Mon Apr 14 06:45:34 2008 (480254CE)
b7d59000 b7d5bf80 mouhid mouhid.sys Sat Aug 18 08:47:57 2001 (3B7D82FD)
b7d61000 b7d63880 hidusb hidusb.sys Mon Apr 14 06:45:27 2008 (480254C7)
b7d9d000 b7db6b80 Mup Mup.sys Mon Apr 14 07:17:05 2008 (48025C31)
b7db7000 b7dcb000 srescan srescan.sys Wed Dec 05 11:30:06 2007 (4755D4EE)
b7dcb000 b7df7980 NDIS NDIS.sys Mon Apr 14 07:20:35 2008 (48025D03)
b7df8000 b7e84600 Ntfs Ntfs.sys Mon Apr 14 07:15:49 2008 (48025BE5)
b7e85000 b7e9b880 KSecDD KSecDD.sys Mon Apr 14 06:31:40 2008 (4802518C)
b7e9c000 b7eadf00 sr sr.sys Mon Apr 14 06:36:50 2008 (480252C2)
b7eae000 b7ecdb00 fltMgr fltMgr.sys Mon Apr 14 06:32:58 2008 (480251DA)
b7ece000 b7ee5880 SCSIPORT SCSIPORT.SYS Mon Apr 14 06:40:29 2008 (4802539D)
b7ee6000 b7f0b000 nvgts nvgts.sys Tue Aug 19 13:53:21 2008 (48AA2791)
b7f0b000 b7f22900 atapi atapi.sys Mon Apr 14 06:40:29 2008 (4802539D)
b7f23000 b7f48700 dmio dmio.sys Mon Apr 14 06:44:45 2008 (4802549D)
b7f49000 b7f67880 ftdisk ftdisk.sys Sat Aug 18 08:52:41 2001 (3B7D8419)
b7f68000 b7f78a80 pci pci.sys Mon Apr 14 06:36:43 2008 (480252BB)
b7f79000 b7fa6d80 ACPI ACPI.sys Mon Apr 14 06:36:33 2008 (480252B1)
b80a8000 b80b1180 isapnp isapnp.sys Mon Apr 14 06:36:40 2008 (480252B8)
b80b8000 b80c2580 MountMgr MountMgr.sys Mon Apr 14 06:39:45 2008 (48025371)
b80c8000 b80d4c80 VolSnap VolSnap.sys Mon Apr 14 06:41:00 2008 (480253BC)
b80d8000 b80e0e00 disk disk.sys Mon Apr 14 06:40:46 2008 (480253AE)
b80e8000 b80f4180 CLASSPNP CLASSPNP.SYS Mon Apr 14 07:16:21 2008 (48025C05)
b8168000 b8175000 AmdPPM AmdPPM.sys Tue Apr 17 09:46:33 2007 (4623EEB9)
b8178000 b8182480 imapi imapi.sys Mon Apr 14 06:40:57 2008 (480253B9)
b8188000 b8197600 cdrom cdrom.sys Mon Apr 14 06:40:45 2008 (480253AD)
b8198000 b81a6100 redbook redbook.sys Mon Apr 14 06:40:27 2008 (4802539B)
b81a8000 b81b2000 nvnetbus nvnetbus.sys Sat Aug 02 06:36:24 2008 (489357A8)
b81b8000 b81c7c00 serial serial.sys Mon Apr 14 07:15:44 2008 (48025BE0)
b81c8000 b81d4880 rasl2tp rasl2tp.sys Mon Apr 14 07:19:43 2008 (48025CCF)
b81d8000 b81e2200 raspppoe raspppoe.sys Mon Apr 14 06:57:31 2008 (4802579B)
b81e8000 b81f3d00 raspptp raspptp.sys Mon Apr 14 07:19:47 2008 (48025CD3)
b81f8000 b8200900 msgpc msgpc.sys Mon Apr 14 06:56:32 2008 (48025760)
b8208000 b8211f00 termdd termdd.sys Mon Apr 14 06:38:36 2008 (4802532C)
b8218000 b8226880 usbhub usbhub.sys Mon Apr 14 06:45:36 2008 (480254D0)
b8228000 b8231e80 NDProxy NDProxy.SYS Mon Apr 14 06:57:28 2008 (48025798)
b8238000 b8245600 NVENETFD NVENETFD.sys Sat Aug 02 06:36:19 2008 (489357A3)
b8288000 b8290700 wanarp wanarp.sys Mon Apr 14 06:57:20 2008 (48025790)
b8298000 b82a0780 netbios netbios.sys Mon Apr 14 06:56:01 2008 (48025741)
b82b8000 b82c2e00 Fips Fips.SYS Mon Apr 14 06:33:27 2008 (480251F7)
b82c8000 b82d1000 HIDCLASS HIDCLASS.SYS Mon Apr 14 06:45:25 2008 (480254C5)
b82e8000 b82f7900 Cdfs Cdfs.SYS Mon Apr 14 07:14:21 2008 (48025B8D)
b8328000 b832e180 PCIIDEX PCIIDEX.SYS Mon Apr 14 06:40:29 2008 (4802539D)
b8330000 b8334d00 PartMgr PartMgr.sys Mon Apr 14 06:40:48 2008 (480253B0)
b8370000 b8376700 USBSTOR USBSTOR.SYS Mon Apr 14 06:45:37 2008 (480254D1)
b83a0000 b83a4300 usbohci usbohci.sys Mon Apr 14 06:45:34 2008 (480254CE)
b83a8000 b83af600 usbehci usbehci.sys Mon Apr 14 06:45:34 2008 (480254CE)
b83b0000 b83b1000 fdc fdc.sys unavailable (00000000)
b83b8000 b83bca80 TDI TDI.SYS Mon Apr 14 07:00:04 2008 (48025834)
b83c0000 b83c4580 ptilink ptilink.sys Sat Aug 18 08:49:53 2001 (3B7D8371)
b83c8000 b83cc080 raspti raspti.sys Sat Aug 18 08:55:32 2001 (3B7D84C4)
b83d0000 b83d6000 kbdclass kbdclass.sys Mon Apr 14 06:39:46 2008 (48025372)
b83d8000 b83dda00 mouclass mouclass.sys Mon Apr 14 06:39:47 2008 (48025373)
b83e0000 b83e5000 flpydisk flpydisk.sys Mon Apr 14 06:40:24 2008 (48025398)
b83f0000 b83f6180 HIDPARSE HIDPARSE.SYS Mon Apr 14 06:45:22 2008 (480254C2)
b83f8000 b83fd200 vga vga.sys Mon Apr 14 06:44:40 2008 (48025498)
b8400000 b8404a80 Msfs Msfs.SYS Mon Apr 14 06:32:38 2008 (480251C6)
b8408000 b840f880 Npfs Npfs.SYS Mon Apr 14 06:32:38 2008 (480251C6)
b8410000 b8417d80 usbccgp usbccgp.sys Mon Apr 14 06:45:38 2008 (480254D2)
b8418000 b841d280 avgmfx86 avgmfx86.sys Tue Feb 24 22:31:56 2009 (49A3BE8C)
b8428000 b842c500 watchdog watchdog.sys Mon Apr 14 06:44:59 2008 (480254AB)
b84b8000 b84bb000 BOOTVID BOOTVID.dll Sat Aug 18 08:49:09 2001 (3B7D8345)
b8538000 b853b900 kbdhid kbdhid.sys Mon Apr 14 06:39:47 2008 (48025373)
b854c000 b854fd80 serenum serenum.sys Mon Apr 14 06:40:12 2008 (4802538C)
b8550000 b8552780 ndistapi ndistapi.sys Mon Apr 14 06:57:27 2008 (48025797)
b8570000 b8573c80 mssmbios mssmbios.sys Mon Apr 14 06:36:45 2008 (480252BD)
b85a4000 b85a6280 rasacd rasacd.sys Sat Aug 18 08:55:39 2001 (3B7D84CB)
b85a8000 b85a9b80 kdcom kdcom.dll Sat Aug 18 08:49:10 2001 (3B7D8346)
b85aa000 b85ab100 WMILIB WMILIB.SYS Sat Aug 18 09:07:23 2001 (3B7D878B)
b85ac000 b85ad700 dmload dmload.sys Sat Aug 18 08:58:15 2001 (3B7D8567)
b85b6000 b85b7100 swenum swenum.sys Mon Apr 14 06:39:52 2008 (48025378)
b85b8000 b85b9280 USBD USBD.SYS Sat Aug 18 09:02:58 2001 (3B7D8682)
b85ba000 b85bba80 ParVdm ParVdm.SYS Sat Aug 18 08:49:49 2001 (3B7D836D)
b85bc000 b85bdf00 Fs_Rec Fs_Rec.SYS Sat Aug 18 08:49:37 2001 (3B7D8361)
b85be000 b85bf080 Beep Beep.SYS Sat Aug 18 08:47:33 2001 (3B7D82E5)
b85c0000 b85c1080 mnmdd mnmdd.SYS Sat Aug 18 08:57:28 2001 (3B7D8538)
b85c2000 b85c3080 RDPCDD RDPCDD.sys Sat Aug 18 08:46:56 2001 (3B7D82C0)
b85c4000 b85c5100 dump_WMILIB dump_WMILIB.SYS Sat Aug 18 09:07:23 2001 (3B7D878B)
b8670000 b8670d00 pciide pciide.sys Sat Aug 18 08:51:49 2001 (3B7D83E5)
b872d000 b872dd00 dxgthk dxgthk.sys Sat Aug 18 08:53:12 2001 (3B7D8438)
b8777000 b8777b80 Null Null.SYS Sat Aug 18 08:47:39 2001 (3B7D82EB)
b87f6000 b87f6c00 audstub audstub.sys Sat Aug 18 08:59:40 2001 (3B7D85BC)
bd000000 bd011600 dxg dxg.sys Mon Apr 14 06:38:27 2008 (48025323)
bd012000 bd5b1880 nv4_disp nv4_disp.dll Fri May 01 18:22:30 2009 (49FA9526)
bf800000 bf9c2e00 win32k win32k.sys Tue Feb 10 00:13:13 2009 (49900FC9)
bffa0000 bffe5c00 ATMFD ATMFD.DLL Mon Apr 14 12:09:55 2008 (4802A0D3)
Unloaded modules:
b8430000 b8437000 USBSTOR.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
b82a8000 b82b1000 processr.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
b85a0000 b85a4000 kbdhid.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
b83e8000 b83ed000 Cdaudio.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
b859c000 b859f000 Sfloppy.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
83 instances sounds like quite a lot. Try running a spyware scan. http://malwarebytes.org/
ASKER
Hi
Since uninstalling Zonealarm have had no problems. The update.exe instances on my machine are just a part of the MS patch updates in each KB folder - no malware or spyware probs.
Will keep monitoring for a couple more days then awards the points.
Thanks
Graeme
Since uninstalling Zonealarm have had no problems. The update.exe instances on my machine are just a part of the MS patch updates in each KB folder - no malware or spyware probs.
Will keep monitoring for a couple more days then awards the points.
Thanks
Graeme
ASKER
Had no issues since removing Zonealarm - it was already the latest version - that was causing the problem maybe. Changed to Online Armour - all OK so far.
Thanks for your ideas
Graeme
Thanks for your ideas
Graeme
ASKER
Thanks for your replies.
There are 83 instances of update.exe on my PC. Virtually all of them are associated with Windows KB updates. I have Windows updates set to notify but don't install so is weird that one of those processes was "alive" in the system.
Have uninstalled Zonealarm. Will see how it goes for a couple of days then report back.
Cheers
Graeme