Bsod

Status
Not open for further replies.

commission

Posts: 26   +0
I’m running a PC with XP SP2 with the latest updates and it keeps blue screening then restarting intermittently

I have included the minidump file

From the knowledge base article I have been reading it could be a driver fault? If so how do I work out which one?

What do you guys think?

Cheers



Microsoft (R) Windows Debugger Version 6.8.0004.0 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Documents and Settings\Desktop\MiniDumps\Minidump\Mini121407-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: C:\WINDOWS\symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_gdr.070227-2254
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055a620
Debug session time: Fri Dec 14 14:51:04.978 2007 (GMT+11)
System Uptime: 0 days 5:53:11.892
Loading Kernel Symbols
......................................................................................................................
Loading User Symbols
Loading unloaded module list
....................
Unable to load image VETEFILE.SYS, Win32 error 0n2
*** WARNING: Unable to verify timestamp for VETEFILE.SYS
*** ERROR: Module load completed but symbols could not be loaded for VETEFILE.SYS
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 10000050, {e1e870ed, 0, ae761dad, 1}


Could not read faulting driver name
*** WARNING: Unable to verify timestamp for VETMONNT.SYS
*** ERROR: Module load completed but symbols could not be loaded for VETMONNT.SYS
*** WARNING: Unable to verify timestamp for VET-FILT.SYS
*** ERROR: Module load completed but symbols could not be loaded for VET-FILT.SYS


Probably caused by : VETEFILE.SYS ( VETEFILE+1fdad )

Followup: MachineOwner
---------

kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: e1e870ed, memory referenced.
Arg2: 00000000, value 0 = read operation, 1 = write operation.
Arg3: ae761dad, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 00000001, (reserved)

Debugging Details:
------------------


Could not read faulting driver name



READ_ADDRESS: e1e870ed

FAULTING_IP:
VETEFILE+1fdad
ae761dad 8b07 mov eax,dword ptr [edi]

MM_INTERNAL_CODE: 1

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x50

PROCESS_NAME: WINWORD.EXE

LAST_CONTROL_TRANSFER: from ae75ac92 to ae761dad

STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
ad278970 ae75ac92 e152033d 00000000 ad278a84 VETEFILE+0x1fdad
ad2789e8 ae75ac92 e30f0001 000000fc ad278a84 VETEFILE+0x18c92
ad278a60 ae75742b 00000000 00000001 ad278a84 VETEFILE+0x18c92
ad278a88 ae757373 e1bd9000 e16e6008 ae75429f VETEFILE+0x1542b
ad278aec ae753fc2 00000010 89f82798 e16e6008 VETEFILE+0x15373
ad278b14 ae75219e ad278b74 89f82798 e16e6008 VETEFILE+0x11fc2
ad278b4c ae742d78 00000000 89f82798 e16e6008 VETEFILE+0x1019e
ad278ba4 ae742a77 89f82798 00000000 00028000 VETEFILE+0xd78
ad278be4 ae74272b 89f82798 e222c410 00000000 VETEFILE+0xa77
ad278c1c ae7426b8 89f82798 ad278ce0 00000000 VETEFILE+0x72b
ad278c50 ae7425ca 89f82798 ad278ce0 00000000 VETEFILE+0x6b8
ad278d00 f78198bf 89e304c8 f781bf30 f781be78 VETEFILE+0x5ca
ad278d24 f7818a72 89e304c8 f781bf30 f781be78 VETMONNT+0x28bf
ad278d74 f7818b98 89e304c8 f781bf30 f781be78 VETMONNT+0x1a72
ad278dd0 f7818c8b 89e1368c 0000003f 00000000 VETMONNT+0x1b98
ad278de4 f7817904 8a6f0dd0 89e134d8 ad278e18 VETMONNT+0x1c8b
ad278e34 f7809846 8a6f0dd0 89e134d8 89e134e8 VETMONNT+0x904
ad278e90 804e37f7 8a3ae650 89e134d8 89e134d8 VET_FILT+0x2846
ad278ea0 8056f54a 8a6fe8e8 89d64d64 ad279048 nt!IopfCallDriver+0x31
ad278f80 8056336c 8a6fe900 00000000 89d64cc0 nt!IopParseDevice+0xa12
ad279008 8056749a 00000000 ad279048 00000040 nt!ObpLookupObjectName+0x56a
ad27905c 8056fa23 00000000 00000000 00000001 nt!ObOpenObjectByName+0xeb
ad2790d8 8056faf2 0012bc4c 00100020 0012bc04 nt!IopCreateFile+0x407
ad279134 8056fbba 0012bc4c 00100020 0012bc04 nt!IoCreateFile+0x8e
ad279174 804de7ec 0012bc4c 00100020 0012bc04 nt!NtOpenFile+0x27
ad279174 7c90eb94 0012bc4c 00100020 0012bc04 nt!KiFastCallEntry+0xf8
0012be98 00000000 00000000 00000000 00000000 0x7c90eb94


STACK_COMMAND: kb

FOLLOWUP_IP:
VETEFILE+1fdad
ae761dad 8b07 mov eax,dword ptr [edi]

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: VETEFILE+1fdad

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: VETEFILE

IMAGE_NAME: VETEFILE.SYS

DEBUG_FLR_IMAGE_TIMESTAMP: 468de154

FAILURE_BUCKET_ID: 0x50_VETEFILE+1fdad

BUCKET_ID: 0x50_VETEFILE+1fdad

Followup: MachineOwner
---------

kd> lmvm VETEFILE
start end module name
ae742000 ae805b80 VETEFILE T (no symbols)
Loaded symbol image file: VETEFILE.SYS
Image path: VETEFILE.SYS
Image name: VETEFILE.SYS
Timestamp: Fri Jul 06 16:29:40 2007 (468DE154)
CheckSum: 000E306C
ImageSize: 000C3B80
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
 
That dump points squarely at EZ anti virus.

Attach a few more dumps just to confirm.

Try fully uninstalling/reinstalling EZ

Disable email scanning,and scheduled scanning.

Try AVG anti virus instead.
 
Po'Girl beat me to it! VETEFILE.SYS is a RealTime Anti-Virus Protection Driver belongs to the software VET File Scan Engine by Computer Associates International, Inc (www.ca.com.
 
Status
Not open for further replies.
Back