By commission
Dec 16, 2007
  1. I’m running a PC with XP SP2 with the latest updates and it keeps blue screening then restarting intermittently

    I have included the minidump file

    From the knowledge base article I have been reading it could be a driver fault? If so how do I work out which one?

    What do you guys think?


    Microsoft (R) Windows Debugger Version 6.8.0004.0 X86
    Copyright (c) Microsoft Corporation. All rights reserved.

    Loading Dump File [C:\Documents and Settings\Desktop\MiniDumps\Minidump\Mini121407-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available

    Symbol search path is: C:\WINDOWS\symbols
    Executable search path is:
    Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
    Product: WinNt, suite: TerminalServer SingleUserTS
    Built by: 2600.xpsp_sp2_gdr.070227-2254
    Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055a620
    Debug session time: Fri Dec 14 14:51:04.978 2007 (GMT+11)
    System Uptime: 0 days 5:53:11.892
    Loading Kernel Symbols
    Loading User Symbols
    Loading unloaded module list
    Unable to load image VETEFILE.SYS, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for VETEFILE.SYS
    *** ERROR: Module load completed but symbols could not be loaded for VETEFILE.SYS
    * *
    * Bugcheck Analysis *
    * *

    Use !analyze -v to get detailed debugging information.

    BugCheck 10000050, {e1e870ed, 0, ae761dad, 1}

    Could not read faulting driver name
    *** WARNING: Unable to verify timestamp for VETMONNT.SYS
    *** ERROR: Module load completed but symbols could not be loaded for VETMONNT.SYS
    *** WARNING: Unable to verify timestamp for VET-FILT.SYS
    *** ERROR: Module load completed but symbols could not be loaded for VET-FILT.SYS

    Probably caused by : VETEFILE.SYS ( VETEFILE+1fdad )

    Followup: MachineOwner

    kd> !analyze -v
    * *
    * Bugcheck Analysis *
    * *

    Invalid system memory was referenced. This cannot be protected by try-except,
    it must be protected by a Probe. Typically the address is just plain bad or it
    is pointing at freed memory.
    Arg1: e1e870ed, memory referenced.
    Arg2: 00000000, value 0 = read operation, 1 = write operation.
    Arg3: ae761dad, If non-zero, the instruction address which referenced the bad memory
    Arg4: 00000001, (reserved)

    Debugging Details:

    Could not read faulting driver name

    READ_ADDRESS: e1e870ed

    ae761dad 8b07 mov eax,dword ptr [edi]




    BUGCHECK_STR: 0x50


    LAST_CONTROL_TRANSFER: from ae75ac92 to ae761dad

    WARNING: Stack unwind information not available. Following frames may be wrong.
    ad278970 ae75ac92 e152033d 00000000 ad278a84 VETEFILE+0x1fdad
    ad2789e8 ae75ac92 e30f0001 000000fc ad278a84 VETEFILE+0x18c92
    ad278a60 ae75742b 00000000 00000001 ad278a84 VETEFILE+0x18c92
    ad278a88 ae757373 e1bd9000 e16e6008 ae75429f VETEFILE+0x1542b
    ad278aec ae753fc2 00000010 89f82798 e16e6008 VETEFILE+0x15373
    ad278b14 ae75219e ad278b74 89f82798 e16e6008 VETEFILE+0x11fc2
    ad278b4c ae742d78 00000000 89f82798 e16e6008 VETEFILE+0x1019e
    ad278ba4 ae742a77 89f82798 00000000 00028000 VETEFILE+0xd78
    ad278be4 ae74272b 89f82798 e222c410 00000000 VETEFILE+0xa77
    ad278c1c ae7426b8 89f82798 ad278ce0 00000000 VETEFILE+0x72b
    ad278c50 ae7425ca 89f82798 ad278ce0 00000000 VETEFILE+0x6b8
    ad278d00 f78198bf 89e304c8 f781bf30 f781be78 VETEFILE+0x5ca
    ad278d24 f7818a72 89e304c8 f781bf30 f781be78 VETMONNT+0x28bf
    ad278d74 f7818b98 89e304c8 f781bf30 f781be78 VETMONNT+0x1a72
    ad278dd0 f7818c8b 89e1368c 0000003f 00000000 VETMONNT+0x1b98
    ad278de4 f7817904 8a6f0dd0 89e134d8 ad278e18 VETMONNT+0x1c8b
    ad278e34 f7809846 8a6f0dd0 89e134d8 89e134e8 VETMONNT+0x904
    ad278e90 804e37f7 8a3ae650 89e134d8 89e134d8 VET_FILT+0x2846
    ad278ea0 8056f54a 8a6fe8e8 89d64d64 ad279048 nt!IopfCallDriver+0x31
    ad278f80 8056336c 8a6fe900 00000000 89d64cc0 nt!IopParseDevice+0xa12
    ad279008 8056749a 00000000 ad279048 00000040 nt!ObpLookupObjectName+0x56a
    ad27905c 8056fa23 00000000 00000000 00000001 nt!ObOpenObjectByName+0xeb
    ad2790d8 8056faf2 0012bc4c 00100020 0012bc04 nt!IopCreateFile+0x407
    ad279134 8056fbba 0012bc4c 00100020 0012bc04 nt!IoCreateFile+0x8e
    ad279174 804de7ec 0012bc4c 00100020 0012bc04 nt!NtOpenFile+0x27
    ad279174 7c90eb94 0012bc4c 00100020 0012bc04 nt!KiFastCallEntry+0xf8
    0012be98 00000000 00000000 00000000 00000000 0x7c90eb94


    ae761dad 8b07 mov eax,dword ptr [edi]



    FOLLOWUP_NAME: MachineOwner





    BUCKET_ID: 0x50_VETEFILE+1fdad

    Followup: MachineOwner

    kd> lmvm VETEFILE
    start end module name
    ae742000 ae805b80 VETEFILE T (no symbols)
    Loaded symbol image file: VETEFILE.SYS
    Image path: VETEFILE.SYS
    Image name: VETEFILE.SYS
    Timestamp: Fri Jul 06 16:29:40 2007 (468DE154)
    CheckSum: 000E306C
    ImageSize: 000C3B80
    Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
  2. Po`Girl

    Po`Girl TS Rookie Posts: 595

    That dump points squarely at EZ anti virus.

    Attach a few more dumps just to confirm.

    Try fully uninstalling/reinstalling EZ

    Disable email scanning,and scheduled scanning.

    Try AVG anti virus instead.
  3. Route44

    Route44 TechSpot Ambassador Posts: 11,984   +72

    Po'Girl beat me to it! VETEFILE.SYS is a RealTime Anti-Virus Protection Driver belongs to the software VET File Scan Engine by Computer Associates International, Inc (
  4. commission

    commission TS Rookie Topic Starter Posts: 26

    Ok I will try that

    Thanks for your help guys
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...