Could someone check my interpretation of a Win XP BSOD dump file readout please?

Hi

I have had the odd BSOD lately in what had been a very stable Win XP Pro SP3 machine.  The notable change to the system was that I had added a SATA HDD to it - the other 2 drives are IDE. It is an Albatron K8NF4X socket 939 board with nForce4 chipset - latest drivers and bios.

Went through the process of decoding the dmp file from the BSOD and it is pasted below.

Seems to me it is pointing to vdatant.sys as the culprit for the stop error - google says this is a Zonealarm file which I am using. Been using Zonealarm for ages - seems a little strange that it suddenly has started to play up.

The faulting IP address of 804e66c3 8b3486 indicates that it is the kernal (ntkrnlpa.exe) that is falling over, causing the BSOD but is it vdatant.sys that is triggering it?

Hopefully someone can confirm this or shed some further light on what it could be or I should look for.

Thanks in advance for your time.

Cheers
Graeme

Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [c:\Mini052709-02.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: srv*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: c:\windows\i386
Windows XP Kernel Version 2600 (Service Pack 3) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp3_gdr.090206-1234
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x80554040
Debug session time: Wed May 27 22:35:52.937 2009 (GMT+12)
System Uptime: 0 days 0:41:41.546
Loading Kernel Symbols
...............................................................
...................................................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000000A, {89ff800c, 2, 0, 804e66c3}

Unable to load image vsdatant.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for vsdatant.sys
*** ERROR: Module load completed but symbols could not be loaded for vsdatant.sys
Probably caused by : vsdatant.sys ( vsdatant+302b5 )

Followup: MachineOwner
---------

kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 89ff800c, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, bitfield :
      bit 0 : value 0 = read operation, 1 = write operation
      bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: 804e66c3, address which referenced memory

Debugging Details:
------------------


READ_ADDRESS:  89ff800c

CURRENT_IRQL:  2

FAULTING_IP:
nt!CcGetVacbLargeOffset+71
804e66c3 8b3486          mov     esi,dword ptr [esi+eax*4]

CUSTOMER_CRASH_COUNT:  2

DEFAULT_BUCKET_ID:  DRIVER_FAULT

BUGCHECK_STR:  0xA

PROCESS_NAME:  update.exe

LAST_CONTROL_TRANSFER:  from 804e796c to 804e66c3

STACK_TEXT:  
b3c6e4d0 804e796c 89cf1268 0334e000 00000000 nt!CcGetVacbLargeOffset+0x71
b3c6e504 804e30fd 00cf1268 0334e000 00000000 nt!CcGetVirtualAddress+0x70
b3c6e594 8055f81d 89cf13c0 b3c6e5d4 00001000 nt!CcPinFileData+0x7f
b3c6e608 b7e19bc3 89cf13c0 b3c6e648 00001000 nt!CcPreparePinWrite+0x93
b3c6e688 b7e19d21 e149e2d8 e14425f0 00000080 Ntfs!LfsGetLbcb+0x5b
b3c6e69c b7e199a2 e149e2d8 000000b0 e14425f0 Ntfs!LfsPrepareLfcbForLogRecord+0x4a
b3c6e6cc b7e196d6 e149e2d8 e14425f0 00000002 Ntfs!LfsWriteLogRecordIntoLogPage+0x5c
b3c6e7a8 b7e191ff e14425f0 00000002 b3c6e868 Ntfs!LfsWrite+0x2f7
b3c6e92c b7e34c37 8875c530 e14a29e0 8858c6f8 Ntfs!NtfsWriteLog+0x6a2
b3c6e9f8 b7e76576 8875c530 e14a29e0 02b127f8 Ntfs!NtOfsPutData+0x2fa
b3c6ea8c b7e4e265 8875c530 e45b6d90 e45b6cc8 Ntfs!NtfsWriteUsnJournalChanges+0x19c
b3c6eaa0 b7e2cf9e 8875c530 8875c530 e45b6d90 Ntfs!NtfsCheckpointCurrentTransaction+0x1b
b3c6eacc b7e23c33 8875c530 88a22a40 886cf1d8 Ntfs!NtfsSetBasicInfo+0x335
b3c6eb38 b7dfbb3b 8875c530 886cf1d8 886cf1d8 Ntfs!NtfsCommonSetInformation+0x44a
b3c6eba0 804ee129 89d0b020 886cf1d8 886cf38c Ntfs!NtfsFsdSetInformation+0xa3
b3c6ebb0 b7ea9f45 00000000 89c9b3c0 8881e268 nt!IopfCallDriver+0x31
b3c6ebc4 804ee129 89cb5848 886cf1d8 886cf1d8 sr!SrSetInformation+0x179
b3c6ebd4 b7eb1e9b 89bd7d80 886cf1d8 89ba9c18 nt!IopfCallDriver+0x31
b3c6ebf8 b7eb206b b3c6ec18 89bd7d80 00000000 fltMgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x20b
b3c6ec30 804ee129 89bd7d80 886cf1d8 886cf1e8 fltMgr!FltpDispatch+0x11f
b3c6ec40 80570889 00000000 00000004 b4e8e120 nt!IopfCallDriver+0x31
b3c6ecf0 b4e8e2b5 00000718 0006e260 0006e138 nt!NtSetInformationFile+0x585
WARNING: Stack unwind information not available. Following frames may be wrong.
b3c6ed48 8053d648 00000718 0006e260 0006e138 vsdatant+0x302b5
b3c6ed48 7c90e514 00000718 0006e260 0006e138 nt!KiFastCallEntry+0xf8
0006e4b8 00000000 00000000 00000000 00000000 0x7c90e514


STACK_COMMAND:  kb

FOLLOWUP_IP:
vsdatant+302b5
b4e8e2b5 ??              ???

SYMBOL_STACK_INDEX:  16

SYMBOL_NAME:  vsdatant+302b5

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: vsdatant

IMAGE_NAME:  vsdatant.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4874da4c

FAILURE_BUCKET_ID:  0xA_vsdatant+302b5

BUCKET_ID:  0xA_vsdatant+302b5

Followup: MachineOwner
---------

kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 89ff800c, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, bitfield :
      bit 0 : value 0 = read operation, 1 = write operation
      bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: 804e66c3, address which referenced memory

Debugging Details:
------------------


READ_ADDRESS:  89ff800c

CURRENT_IRQL:  2

FAULTING_IP:
nt!CcGetVacbLargeOffset+71
804e66c3 8b3486          mov     esi,dword ptr [esi+eax*4]

CUSTOMER_CRASH_COUNT:  2

DEFAULT_BUCKET_ID:  DRIVER_FAULT

BUGCHECK_STR:  0xA

PROCESS_NAME:  update.exe

LAST_CONTROL_TRANSFER:  from 804e796c to 804e66c3

STACK_TEXT:  
b3c6e4d0 804e796c 89cf1268 0334e000 00000000 nt!CcGetVacbLargeOffset+0x71
b3c6e504 804e30fd 00cf1268 0334e000 00000000 nt!CcGetVirtualAddress+0x70
b3c6e594 8055f81d 89cf13c0 b3c6e5d4 00001000 nt!CcPinFileData+0x7f
b3c6e608 b7e19bc3 89cf13c0 b3c6e648 00001000 nt!CcPreparePinWrite+0x93
b3c6e688 b7e19d21 e149e2d8 e14425f0 00000080 Ntfs!LfsGetLbcb+0x5b
b3c6e69c b7e199a2 e149e2d8 000000b0 e14425f0 Ntfs!LfsPrepareLfcbForLogRecord+0x4a
b3c6e6cc b7e196d6 e149e2d8 e14425f0 00000002 Ntfs!LfsWriteLogRecordIntoLogPage+0x5c
b3c6e7a8 b7e191ff e14425f0 00000002 b3c6e868 Ntfs!LfsWrite+0x2f7
b3c6e92c b7e34c37 8875c530 e14a29e0 8858c6f8 Ntfs!NtfsWriteLog+0x6a2
b3c6e9f8 b7e76576 8875c530 e14a29e0 02b127f8 Ntfs!NtOfsPutData+0x2fa
b3c6ea8c b7e4e265 8875c530 e45b6d90 e45b6cc8 Ntfs!NtfsWriteUsnJournalChanges+0x19c
b3c6eaa0 b7e2cf9e 8875c530 8875c530 e45b6d90 Ntfs!NtfsCheckpointCurrentTransaction+0x1b
b3c6eacc b7e23c33 8875c530 88a22a40 886cf1d8 Ntfs!NtfsSetBasicInfo+0x335
b3c6eb38 b7dfbb3b 8875c530 886cf1d8 886cf1d8 Ntfs!NtfsCommonSetInformation+0x44a
b3c6eba0 804ee129 89d0b020 886cf1d8 886cf38c Ntfs!NtfsFsdSetInformation+0xa3
b3c6ebb0 b7ea9f45 00000000 89c9b3c0 8881e268 nt!IopfCallDriver+0x31
b3c6ebc4 804ee129 89cb5848 886cf1d8 886cf1d8 sr!SrSetInformation+0x179
b3c6ebd4 b7eb1e9b 89bd7d80 886cf1d8 89ba9c18 nt!IopfCallDriver+0x31
b3c6ebf8 b7eb206b b3c6ec18 89bd7d80 00000000 fltMgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x20b
b3c6ec30 804ee129 89bd7d80 886cf1d8 886cf1e8 fltMgr!FltpDispatch+0x11f
b3c6ec40 80570889 00000000 00000004 b4e8e120 nt!IopfCallDriver+0x31
b3c6ecf0 b4e8e2b5 00000718 0006e260 0006e138 nt!NtSetInformationFile+0x585
WARNING: Stack unwind information not available. Following frames may be wrong.
b3c6ed48 8053d648 00000718 0006e260 0006e138 vsdatant+0x302b5
b3c6ed48 7c90e514 00000718 0006e260 0006e138 nt!KiFastCallEntry+0xf8
0006e4b8 00000000 00000000 00000000 00000000 0x7c90e514


STACK_COMMAND:  kb

FOLLOWUP_IP:
vsdatant+302b5
b4e8e2b5 ??              ???

SYMBOL_STACK_INDEX:  16

SYMBOL_NAME:  vsdatant+302b5

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: vsdatant

IMAGE_NAME:  vsdatant.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4874da4c

FAILURE_BUCKET_ID:  0xA_vsdatant+302b5

BUCKET_ID:  0xA_vsdatant+302b5

Followup: MachineOwner
---------

kd> lmvm vsdatant
start    end        module name
b4e5e000 b4ebd0e0   vsdatant T (no symbols)          
    Loaded symbol image file: vsdatant.sys
    Image path: vsdatant.sys
    Image name: vsdatant.sys
    Timestamp:        Thu Jul 10 03:33:32 2008 (4874DA4C)
    CheckSum:         00068FDC
    ImageSize:        0005F0E0
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
kd> lm n t
start    end        module name
804d7000 806cf680   nt       ntkrnlpa.exe Fri Feb 06 23:32:51 2009 (498C11D3)
806d0000 806f0300   hal      halaacpi.dll Mon Apr 14 06:31:27 2008 (4802517F)
b3d5f000 b3d9fa80   HTTP     HTTP.sys     Mon Apr 14 06:53:48 2008 (480256BC)
b4024000 b4027800   asyncmac asyncmac.sys Mon Apr 14 06:57:27 2008 (48025797)
b42f0000 b4341880   srv      srv.sys      Thu Dec 11 23:57:07 2008 (4940F203)
b445a000 b4486180   mrxdav   mrxdav.sys   Mon Apr 14 06:32:42 2008 (480251CA)
b468f000 b46b2180   Fastfat  Fastfat.SYS  Mon Apr 14 07:14:28 2008 (48025B94)
b49f7000 b49fa900   ndisuio  ndisuio.sys  Mon Apr 14 06:55:57 2008 (4802573D)
b4d13000 b4d2a900   dump_atapi dump_atapi.sys Mon Apr 14 06:40:29 2008 (4802539D)
b4d53000 b4da0f00   avgldx86 avgldx86.sys Fri Apr 10 22:37:14 2009 (49DF215A)
b4da1000 b4e10280   mrxsmb   mrxsmb.sys   Sat Oct 25 00:21:07 2008 (4901AFA3)
b4e11000 b4e3be80   rdbss    rdbss.sys    Mon Apr 14 07:28:38 2008 (48025EE6)
b4e3c000 b4e5dd00   afd      afd.sys      Thu Aug 14 22:04:35 2008 (48A40333)
b4e5e000 b4ebd0e0   vsdatant vsdatant.sys Thu Jul 10 03:33:32 2008 (4874DA4C)
b4ebe000 b4ee5c00   netbt    netbt.sys    Mon Apr 14 07:20:59 2008 (48025D1B)
b4ee6000 b4f0b500   ipnat    ipnat.sys    Mon Apr 14 06:57:10 2008 (48025786)
b4f0c000 b4f24e00   avgtdix  avgtdix.sys  Tue Apr 07 01:42:27 2009 (49DA06C3)
b4f25000 b4f7d480   tcpip    tcpip.sys    Fri Jun 20 23:51:09 2008 (485B99AD)
b4f7e000 b4f90600   ipsec    ipsec.sys    Mon Apr 14 07:19:42 2008 (48025CCE)
b4fb1000 b4fd4000   klif     klif.sys     Tue May 15 20:40:47 2007 (4649720F)
b7353000 b73b0f00   update   update.sys   Mon Apr 14 06:39:46 2008 (48025372)
b73b1000 b73b3900   Dxapi    Dxapi.sys    Sat Aug 18 08:53:19 2001 (3B7D843F)
b73d9000 b7408e80   rdpdr    rdpdr.sys    Mon Apr 14 06:32:50 2008 (480251D2)
b7425000 b7435e00   psched   psched.sys   Mon Apr 14 06:56:36 2008 (48025764)
b7436000 b744c580   ndiswan  ndiswan.sys  Mon Apr 14 07:20:41 2008 (48025D09)
b744d000 b7460900   parport  parport.sys  Mon Apr 14 06:40:09 2008 (48025389)
b7461000 b7474f00   VIDEOPRT VIDEOPRT.SYS Mon Apr 14 06:44:39 2008 (48025497)
b7475000 b7c23b20   nv4_mini nv4_mini.sys Fri May 01 18:30:33 2009 (49FA9709)
b7c24000 b7d0d480   NVNRM    NVNRM.SYS    Sat Aug 02 06:35:57 2008 (4893578D)
b7d0e000 b7d30700   ks       ks.sys       Mon Apr 14 07:16:34 2008 (48025C12)
b7d31000 b7d54200   USBPORT  USBPORT.SYS  Mon Apr 14 06:45:34 2008 (480254CE)
b7d59000 b7d5bf80   mouhid   mouhid.sys   Sat Aug 18 08:47:57 2001 (3B7D82FD)
b7d61000 b7d63880   hidusb   hidusb.sys   Mon Apr 14 06:45:27 2008 (480254C7)
b7d9d000 b7db6b80   Mup      Mup.sys      Mon Apr 14 07:17:05 2008 (48025C31)
b7db7000 b7dcb000   srescan  srescan.sys  Wed Dec 05 11:30:06 2007 (4755D4EE)
b7dcb000 b7df7980   NDIS     NDIS.sys     Mon Apr 14 07:20:35 2008 (48025D03)
b7df8000 b7e84600   Ntfs     Ntfs.sys     Mon Apr 14 07:15:49 2008 (48025BE5)
b7e85000 b7e9b880   KSecDD   KSecDD.sys   Mon Apr 14 06:31:40 2008 (4802518C)
b7e9c000 b7eadf00   sr       sr.sys       Mon Apr 14 06:36:50 2008 (480252C2)
b7eae000 b7ecdb00   fltMgr   fltMgr.sys   Mon Apr 14 06:32:58 2008 (480251DA)
b7ece000 b7ee5880   SCSIPORT SCSIPORT.SYS Mon Apr 14 06:40:29 2008 (4802539D)
b7ee6000 b7f0b000   nvgts    nvgts.sys    Tue Aug 19 13:53:21 2008 (48AA2791)
b7f0b000 b7f22900   atapi    atapi.sys    Mon Apr 14 06:40:29 2008 (4802539D)
b7f23000 b7f48700   dmio     dmio.sys     Mon Apr 14 06:44:45 2008 (4802549D)
b7f49000 b7f67880   ftdisk   ftdisk.sys   Sat Aug 18 08:52:41 2001 (3B7D8419)
b7f68000 b7f78a80   pci      pci.sys      Mon Apr 14 06:36:43 2008 (480252BB)
b7f79000 b7fa6d80   ACPI     ACPI.sys     Mon Apr 14 06:36:33 2008 (480252B1)
b80a8000 b80b1180   isapnp   isapnp.sys   Mon Apr 14 06:36:40 2008 (480252B8)
b80b8000 b80c2580   MountMgr MountMgr.sys Mon Apr 14 06:39:45 2008 (48025371)
b80c8000 b80d4c80   VolSnap  VolSnap.sys  Mon Apr 14 06:41:00 2008 (480253BC)
b80d8000 b80e0e00   disk     disk.sys     Mon Apr 14 06:40:46 2008 (480253AE)
b80e8000 b80f4180   CLASSPNP CLASSPNP.SYS Mon Apr 14 07:16:21 2008 (48025C05)
b8168000 b8175000   AmdPPM   AmdPPM.sys   Tue Apr 17 09:46:33 2007 (4623EEB9)
b8178000 b8182480   imapi    imapi.sys    Mon Apr 14 06:40:57 2008 (480253B9)
b8188000 b8197600   cdrom    cdrom.sys    Mon Apr 14 06:40:45 2008 (480253AD)
b8198000 b81a6100   redbook  redbook.sys  Mon Apr 14 06:40:27 2008 (4802539B)
b81a8000 b81b2000   nvnetbus nvnetbus.sys Sat Aug 02 06:36:24 2008 (489357A8)
b81b8000 b81c7c00   serial   serial.sys   Mon Apr 14 07:15:44 2008 (48025BE0)
b81c8000 b81d4880   rasl2tp  rasl2tp.sys  Mon Apr 14 07:19:43 2008 (48025CCF)
b81d8000 b81e2200   raspppoe raspppoe.sys Mon Apr 14 06:57:31 2008 (4802579B)
b81e8000 b81f3d00   raspptp  raspptp.sys  Mon Apr 14 07:19:47 2008 (48025CD3)
b81f8000 b8200900   msgpc    msgpc.sys    Mon Apr 14 06:56:32 2008 (48025760)
b8208000 b8211f00   termdd   termdd.sys   Mon Apr 14 06:38:36 2008 (4802532C)
b8218000 b8226880   usbhub   usbhub.sys   Mon Apr 14 06:45:36 2008 (480254D0)
b8228000 b8231e80   NDProxy  NDProxy.SYS  Mon Apr 14 06:57:28 2008 (48025798)
b8238000 b8245600   NVENETFD NVENETFD.sys Sat Aug 02 06:36:19 2008 (489357A3)
b8288000 b8290700   wanarp   wanarp.sys   Mon Apr 14 06:57:20 2008 (48025790)
b8298000 b82a0780   netbios  netbios.sys  Mon Apr 14 06:56:01 2008 (48025741)
b82b8000 b82c2e00   Fips     Fips.SYS     Mon Apr 14 06:33:27 2008 (480251F7)
b82c8000 b82d1000   HIDCLASS HIDCLASS.SYS Mon Apr 14 06:45:25 2008 (480254C5)
b82e8000 b82f7900   Cdfs     Cdfs.SYS     Mon Apr 14 07:14:21 2008 (48025B8D)
b8328000 b832e180   PCIIDEX  PCIIDEX.SYS  Mon Apr 14 06:40:29 2008 (4802539D)
b8330000 b8334d00   PartMgr  PartMgr.sys  Mon Apr 14 06:40:48 2008 (480253B0)
b8370000 b8376700   USBSTOR  USBSTOR.SYS  Mon Apr 14 06:45:37 2008 (480254D1)
b83a0000 b83a4300   usbohci  usbohci.sys  Mon Apr 14 06:45:34 2008 (480254CE)
b83a8000 b83af600   usbehci  usbehci.sys  Mon Apr 14 06:45:34 2008 (480254CE)
b83b0000 b83b1000   fdc      fdc.sys      unavailable (00000000)
b83b8000 b83bca80   TDI      TDI.SYS      Mon Apr 14 07:00:04 2008 (48025834)
b83c0000 b83c4580   ptilink  ptilink.sys  Sat Aug 18 08:49:53 2001 (3B7D8371)
b83c8000 b83cc080   raspti   raspti.sys   Sat Aug 18 08:55:32 2001 (3B7D84C4)
b83d0000 b83d6000   kbdclass kbdclass.sys Mon Apr 14 06:39:46 2008 (48025372)
b83d8000 b83dda00   mouclass mouclass.sys Mon Apr 14 06:39:47 2008 (48025373)
b83e0000 b83e5000   flpydisk flpydisk.sys Mon Apr 14 06:40:24 2008 (48025398)
b83f0000 b83f6180   HIDPARSE HIDPARSE.SYS Mon Apr 14 06:45:22 2008 (480254C2)
b83f8000 b83fd200   vga      vga.sys      Mon Apr 14 06:44:40 2008 (48025498)
b8400000 b8404a80   Msfs     Msfs.SYS     Mon Apr 14 06:32:38 2008 (480251C6)
b8408000 b840f880   Npfs     Npfs.SYS     Mon Apr 14 06:32:38 2008 (480251C6)
b8410000 b8417d80   usbccgp  usbccgp.sys  Mon Apr 14 06:45:38 2008 (480254D2)
b8418000 b841d280   avgmfx86 avgmfx86.sys Tue Feb 24 22:31:56 2009 (49A3BE8C)
b8428000 b842c500   watchdog watchdog.sys Mon Apr 14 06:44:59 2008 (480254AB)
b84b8000 b84bb000   BOOTVID  BOOTVID.dll  Sat Aug 18 08:49:09 2001 (3B7D8345)
b8538000 b853b900   kbdhid   kbdhid.sys   Mon Apr 14 06:39:47 2008 (48025373)
b854c000 b854fd80   serenum  serenum.sys  Mon Apr 14 06:40:12 2008 (4802538C)
b8550000 b8552780   ndistapi ndistapi.sys Mon Apr 14 06:57:27 2008 (48025797)
b8570000 b8573c80   mssmbios mssmbios.sys Mon Apr 14 06:36:45 2008 (480252BD)
b85a4000 b85a6280   rasacd   rasacd.sys   Sat Aug 18 08:55:39 2001 (3B7D84CB)
b85a8000 b85a9b80   kdcom    kdcom.dll    Sat Aug 18 08:49:10 2001 (3B7D8346)
b85aa000 b85ab100   WMILIB   WMILIB.SYS   Sat Aug 18 09:07:23 2001 (3B7D878B)
b85ac000 b85ad700   dmload   dmload.sys   Sat Aug 18 08:58:15 2001 (3B7D8567)
b85b6000 b85b7100   swenum   swenum.sys   Mon Apr 14 06:39:52 2008 (48025378)
b85b8000 b85b9280   USBD     USBD.SYS     Sat Aug 18 09:02:58 2001 (3B7D8682)
b85ba000 b85bba80   ParVdm   ParVdm.SYS   Sat Aug 18 08:49:49 2001 (3B7D836D)
b85bc000 b85bdf00   Fs_Rec   Fs_Rec.SYS   Sat Aug 18 08:49:37 2001 (3B7D8361)
b85be000 b85bf080   Beep     Beep.SYS     Sat Aug 18 08:47:33 2001 (3B7D82E5)
b85c0000 b85c1080   mnmdd    mnmdd.SYS    Sat Aug 18 08:57:28 2001 (3B7D8538)
b85c2000 b85c3080   RDPCDD   RDPCDD.sys   Sat Aug 18 08:46:56 2001 (3B7D82C0)
b85c4000 b85c5100   dump_WMILIB dump_WMILIB.SYS Sat Aug 18 09:07:23 2001 (3B7D878B)
b8670000 b8670d00   pciide   pciide.sys   Sat Aug 18 08:51:49 2001 (3B7D83E5)
b872d000 b872dd00   dxgthk   dxgthk.sys   Sat Aug 18 08:53:12 2001 (3B7D8438)
b8777000 b8777b80   Null     Null.SYS     Sat Aug 18 08:47:39 2001 (3B7D82EB)
b87f6000 b87f6c00   audstub  audstub.sys  Sat Aug 18 08:59:40 2001 (3B7D85BC)
bd000000 bd011600   dxg      dxg.sys      Mon Apr 14 06:38:27 2008 (48025323)
bd012000 bd5b1880   nv4_disp nv4_disp.dll Fri May 01 18:22:30 2009 (49FA9526)
bf800000 bf9c2e00   win32k   win32k.sys   Tue Feb 10 00:13:13 2009 (49900FC9)
bffa0000 bffe5c00   ATMFD    ATMFD.DLL    Mon Apr 14 12:09:55 2008 (4802A0D3)

Unloaded modules:
b8430000 b8437000   USBSTOR.SYS
    Timestamp: unavailable (00000000)
    Checksum:  00000000
b82a8000 b82b1000   processr.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
b85a0000 b85a4000   kbdhid.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
b83e8000 b83ed000   Cdaudio.SYS
    Timestamp: unavailable (00000000)
    Checksum:  00000000
b859c000 b859f000   Sfloppy.SYS
    Timestamp: unavailable (00000000)
    Checksum:  00000000
LVL 2
superg65Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

QlemoBatchelor, Developer and EE Topic AdvisorCommented:
Update.exe tries to access this. Could be an issue with Windows Update hence. However, it's strange that update.exe should access ZoneAlarm in an expected way leading to a crash. But it IS a driver error without doubt, so the first action should indeed be to replace ZoneAlarm or stop it.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
sfarazmandCommented:
Was there an update to XP or ZoneAlarm Recently?
 
Try updating ZoneAlarm to the newest version.
0
superg65Author Commented:
Hi

Thanks for your replies.

There are 83 instances of update.exe on my PC. Virtually all of them are associated with Windows KB updates. I have Windows updates set to notify but don't install so is weird that one of those processes was "alive" in the system.

Have uninstalled Zonealarm. Will see how it goes for a couple of days then report back.

Cheers
Graeme
0
Cloud Class® Course: CompTIA Cloud+

The CompTIA Cloud+ Basic training course will teach you about cloud concepts and models, data storage, networking, and network infrastructure.

sfarazmandCommented:
83 instances sounds like quite a lot. Try running a spyware scan.  http://malwarebytes.org/
0
superg65Author Commented:
Hi

Since uninstalling Zonealarm have had no problems. The update.exe instances on my machine are just a part of the MS patch updates in each KB folder - no malware or spyware probs.

Will keep monitoring for a couple more days then awards  the points.

Thanks
Graeme
0
superg65Author Commented:
Had no issues since removing Zonealarm - it was already the latest version -  that was causing the problem maybe. Changed to Online Armour - all OK so far.
Thanks for your ideas
Graeme
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows XP

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.