# BitDefender & ntoskrnl.exe



## ruthy (Jun 15, 2006)

Hi

I recently uninstalled Norton Antivirus after many years of satisfied use but slower PC performance and moved to the acclaimed BitDefender Internet Security 10. Since installation I have found that undertaking either a Deep Scan or General System Scan, my PC crashes with a BSOD: -

"Page fault in non paged area" Stop ox00000050

BitDefender works well on my Windows XP Pro os and interacts well with other programs. It updates hourly and really I am pleased with my transfer, but for this problem.

I don't think it's BitDefender's problem either because other scans, namely Kaspersky online scanner and RegistryBooster from: - http://www.liutilities.com/products/campaigns/plib/rb/ 
also crash my PC with the same BSOD. 

Other than scanning with the software, I have no other problems with it. So I have been speaking with their helpful support team now for 3 weeks concerning this problem and after examining certain files, in particular a couple of recent mini.dmp files, created as a direct consequence of this error, they have come up with the diagnosis that BitDefender has a problem with the ntoskrnl.exe file, which they say is corrupt.

They say to take this up with Microsoft!

Anyhow I thought I would come here as you guys sorted me out really well last year.

I could try to reinstall this file from my Windows XP CD or even undertake a repair install.

However before doing either of these things I thought I would post here and hope it is in the correct forum.

Anyhelp guys?

Ruth


----------



## ruthy (Jun 15, 2006)

Please - someone out there help a damsal in distress!

BTW when I switched off my printer just before closing down my PC yesterday, after posting this thread, it crashed again with the same BSOD.

Hope there is someone out there who can help me

Ruth


----------



## Kalim (Nov 24, 2006)

Hi ruthy

Can you zip and attach the 3 most recent minidump.dmp files along with your next post please. :smile:

Use the "Go Advanced" option at the bottom and in the new page scroll down beneath the message box to add using "manage Attachments".


----------



## ruthy (Jun 15, 2006)

Hi Kalim

I am attaching a .zip file of the four most recent .dmp files. Not sure why the recent ones are not in the Windows minidump folder - maybe because I pressed the restart button before allowing the file to fully write and save?

Anyhow the 2 pairs of files are when on 2 separate occasions I tried to deep scan and general system scan with BitDefender. Once on 22nd April - 2 crashes and once on 8th May - again 2 crashes.

These are the files analysed by BitDefender.

I seriously hope you can help me

Thank you for your interest in my problem

Ruth


----------



## Kalim (Nov 24, 2006)

Hi Ruth

The application faulting in those logs is conclusive, and with many users it's a known problem for a while now without any decent solution when using the BitDefender updater, and you'll see this if you do a Google search for *bdrsdrv.sys*.

If you install BitDefender 5, 6, 7, 8, 9 or 10 you'll get the same BSOD. The file belongs to BitDefender.

Your minidumps crashed at bdrsdrv.sys: a Bitdefender driver. :wink: 

Basically it conflicts on your system and causes the STOP error. I recommend you to uninstall BitDefender and install different antivirus/antispyware/browser monitoring/firewall applications, like: 

Avast! (free) or AVG free for AV protection
Comodo, Sunbelt Kerio or Zonealarm (all free) as firewall
Spyware Blaster, Spyware Guard, Spybot Search & Destroy for anti-spyware/malware protection.

Anything other like Adware SE *only* for scanning your system now and then as they can pick up what other's have missed. 

Have a read of this for more information: http://www.techsupportforum.com/f174/pc-safety-and-security-what-do-i-need-115548.html

Any questions or queries, please feel free to ask.


----------



## ruthy (Jun 15, 2006)

Most helpful Kalim - although disappointing and does the error explain the crash the other day when I turned off my printer?

Also I have a NetGear Router which has an inbuilt hardware Firewall - do I really need another?

Regards

Ruth


----------



## Kalim (Nov 24, 2006)

ruthy said:


> Most helpful Kalim - although disappointing and does the error explain the crash the other day when I turned off my printer?


It didn't, sorry. The logs made no mention of a printer, only BitDefender. :sigh: 


> Also I have a NetGear Router which has an inbuilt hardware Firewall - do I really need another?


It is best do, as the hardware firewall does not control and allow features to control applications accessing the net from your computer. A software firewall does, such as Comodo (I recommend). And with all that you will have near perfect security measures. :wink:


----------



## ruthy (Jun 15, 2006)

Hi Kalim

Thankyou again for your reply. I know that you say that it is a conflict with bdrsdrv.sys but people are getting this error when updating or closing/opening Windows, are they not. I have yet to read a post where they get a BSOD like mine, when they attempt to scan.

I know you have looked at my .dmp files, so too have BitDefender, so why do they say the conflict is with ntoskrnl.exe ? They said something about an image failing to load - any ideas from my .dmp files, or are they barking up the wrong tree? 

I would be grateful though if you could take another look and also, if you can, perhaps point me to a thread where I can see others are experiencing the same problem as myself.

Thanks again

Ruth


----------



## Kalim (Nov 24, 2006)

ruthy said:


> Hi Kalim
> 
> Thankyou again for your reply. I know that you say that it is a conflict with bdrsdrv.sys but people are getting this error when updating or closing/opening Windows, are they not. I have yet to read a post where they get a BSOD like mine, when they attempt to scan.


OK. What's important is not the fact of what action you took at the instance but what *causes* the BSOD. It doesn't matter what you're actually doing in our assessment as long as it's one particular process/driver identified as a common denominator. It's just a simple conflict problem which can easily occur and we have to live with it until they fix it, usually in an updated version. :wink: 

It's a known problem since early days of BitDefender with many. I also experienced it on one of my systems. If it was soemthing they could reproduce, point their finger on and isolate, then they would have fixed this issue in an update. But they still haven't managed to do that as it's erratic, the cause is not specific and remains unclear to fix, with only pointers to BitDefender as a whole being the problem. Uninstalling is the best known fix. I don't know what else to say, this is a common procedure. :wink: 


> I know you have looked at my .dmp files, so too have BitDefender, so why do they say the conflict is with ntoskrnl.exe ?


They didn't. They said it's the BitDefender driver, quite repeatedly.


> I would be grateful though if you could take another look and also, if you can, perhaps point me to a thread where I can see others are experiencing the same problem as myself.


 I have read carefully what was needed before replying the first time and just reviewed two files again FWIW, and have given my assessment. It takes quite some time to scan and read the files, then assess them and search. Not a matter of a few minutes if you do it properly. There is little chance I'm close to wrong on this, although I'm weaker in my knowledge of XP now than ever before, and problems can vary but the info in the stack files portrays what I'm saying to be accurate. 

If you want to wait and don't mind the problem, it's your choice. You can post more logs of recent stack trace dump files when you get another BSOD, and I can take a look at them quite happily too - as when a BSOD occurs, another info file (DMP) is created with new information.

You can try one more thing: get into "Safe Mode with Networking" by restarting your PC and hitting F8 after the first screen has _just_ changed, and choosing it with your arrow keys then hitting enter. Then try to run a scan or update BitDefender. See if you then get a BSOD. If you do, it's simply a no go for you. If you don't, then you can use that method from now onwards as it's *more* effective and accurate than the procedure of scanning in normal mode.

BitDefender apart from these minor compatibility issues is a very good security package.

I don't know what pointing to others will resolve in your case TBH but if you do a Google search thorough enough, you'll get endless pages, especially on BitDefender forums. Like these for one: 
http://www.techspot.com/vb/all/windows/t-52406-I-get-frequent-BSOD-when-shutting-down.html
http://forum.bitdefender.com/index.php?showtopic=469&pid=2479&st=0&#entry2479
http://forums.spywareinfo.com/index.php?showtopic=98516&pid=542600&st=0&#entry542600

Hope it helps. :smile:

EDIT: *0x00000050: PAGE_FAULT_IN_NONPAGED_AREA* is a known problem relating to a few things. The most common is incompatible antivirus or bad RAM.

In your case the AV was clearly identified. If you want to be 100% certain and narrow it down even more, then here's what to do:

*Download *Memtest86*, *burn* the downloaded ISO image file onto a CD using software such as Nero and then reboot your system with the CD inside.
*When it restarts, on the first black screen (POST) press F8 (some may be F4) and it'll give you a _boot from_ menu.
*Choose "boot from CD-ROM" as the first bootable drive and hit enter.
*Then Memtest should run and display its screen. Give it 3 or so hours and let it run fully. See if *any* and *how many* errors show up.

Do the same again using *Windows Memory Diagnostic Tool*

If it gives errors, take out all but one RAM stick and run the test again in 2 different slots to check if its a slot that maybe faulty. Test each RAM stick separately inside then.

If no errors are given then it's quite clearly only BitDefender.


----------



## ruthy (Jun 15, 2006)

Kalim said:


> I know you have looked at my .dmp files, so too have BitDefender, so why do they say the conflict is with ntoskrnl.exe ?
> 
> They didn't. They said it's the BitDefender driver, quite repeatedly.


Hi again Kalim and many many thanks for your comprehensive answer. I understand everything except the above.

When I was talking to BitDefenr's Support Team, they said it was the ntoskrnl.exe file that was causing the conflict, they never mentiuoned drivers or the bdrsdrv.sys file at all. As the ntoskrnl.exe is a Windows file they said I had to take the matter up with Microsoft, end of story! I have asked that they leave my case open for the time being, but they will not issue a refund as they maintain it's nothing to do with them. Clearly you feel otherwise. But I'm confused as to why THEY say its the ntoskrnl.exe that's at fault and you say the bdrsdrv.sys file that is causing the crashes.

I will undertake the things you have mentioned - I recently (last year) changed my memory due to this same BSOD, so I will run memtest to see if my RAM has deteriorated. If so I will be back for more help

Hope to hear some more

Ruth


----------



## Kalim (Nov 24, 2006)

ruthy said:


> Hi again Kalim and many many thanks for your comprehensive answer. I understand everything except the above.
> 
> When I was talking to BitDefenr's Support Team, they said it was the ntoskrnl.exe file that was causing the conflict, they never mentiuoned drivers or the bdrsdrv.sys file at all. As the ntoskrnl.exe is a Windows file they said I had to take the matter up with Microsoft, end of story! I have asked that they leave my case open for the time being, but they will not issue a refund as they maintain it's nothing to do with them. Clearly you feel otherwise. But I'm confused as to why THEY say its the ntoskrnl.exe that's at fault and you say the bdrsdrv.sys file that is causing the crashes.


Ah, I see. Well you're stuck in the middle now unfortunately. *Both* MS and BD will blame each other. That's how firms work. The fact is, the BitDefender Team *know* it's a problem, as you saw why they understood, but they don't know or can't fix it so they blame MS Windows. MS Windows will blame them as 1000s of programs run perfect on it causing no BSOD, using the same system file; ntoskrnl. The point is, the program does not run with certain Window installs like yours - incompatible.

Yes, the BitDefender driver conflicts with a MS Windows core system file. You can't have it both ways I'm afraid, either one will run (unless you try what I suggested above and check). And no, the logs make no mention of MS files as culprit whatsoever, *but* the BitDfender driver as culprit quite clearly.

I don't know what else to say, simply. If it's MS's problem you can take it up with them. If it's BD's problem, you can take it up with them. Usually firms will play the blame game when they don't want to do anything or sometimes, when they are right. I don't work for any of them, I'm not a programmer for Windows or BitDfender so I don't know which program is at fault in it's coding, but I offered what Windows told me in it's error report, which is why the BSOD is repeatedly caused: BitDefender driver. :sigh:

It's a shame they won't give you a simple refund since it's beyond your knowledge and control that the OS you use is simply incompatible with the program, and vice versa. Try what I suggested above, i.e. Safe Mode with Networking, and then see how it goes.

Hope it helps Ruth. :smile:


----------



## ruthy (Jun 15, 2006)

Hi Kalim and thanks again - please stick with me!

First: -

OK I understand everything you have told me but perhaps I have not explained to you BitDefender's Support Team's response to me, fully.

I submitted the very same .dmp files that you have examined. They told me that it was the ntoskrnl.exe that was causing the conflict.

You say its the bdrsdrv.sys file.

Which is it to be?

If it's the former, then that is a Window's file and BitDefender say take it up with MS

If it's the latter, then that quite clearly lies at the doorstep of BitDefender.

The .dmp files can only show one culprit - I cannot interpret these .dmp files so I must rely on others to do this. Who has it right - you or Bitdefender? If it's you, then I shall pursue a refund. If it's BitDefender, then I will think things through before deciding what to do.

Second: -

Appologies for the time lag between our responses but I am unable to answer you until the early hours of the day - hope that is ok. I have tried everything you have suggested: -

a. I tried to run BitDefender in Safe Mode, but it refuses to open

b. I have eliminated faulty Ram - ran MemTest - 6 Passes - Zero errors

So clearly the crashes are down to BitDefender and some conflict. 

I believe you are correct in the first instance and need you to just advise me how you arrived at your conclusion that it is the bdrsdrv.sys that is the problem, before I return to BitDefender's Support Team to request a refund.

Hope to hear from you again

Ruth


----------



## Kalim (Nov 24, 2006)

Ruth, I understood fully the first time what you and BD were saying. I also understood what Windows error logs were saying. That's why I said it's a firm, why won't they stick up for their own products regardless of whose right or wrong?

OK. Here is the log output analysis that shows you *what* is causing the error. Tell them to show you where all the ntoskrnl.exe are mentioned by the minidump as the fault causer.
All the 4 minidump files are attached below after Windows debugging tools analysis as text files, and give the same repeated report. They don't do that unless it's true. Here are the pertinent bits:

```
[B]Files\Softwin\BitDefender10\bdrsdrv.sys, Win32 error 2[/B]
*** WARNING: Unable to verify timestamp for bdrsdrv.sys
*** ERROR: Module load completed but symbols could not be loaded for bdrsdrv.sys
[B]Probably caused by : bdrsdrv.sys ( bdrsdrv+9d7 )[/B]

....

Debugging Details:
------------------

Could not read faulting driver name

READ_ADDRESS:  ff9dfff8 

FAULTING_IP: 
nt!ExFreePoolWithTag+23a
80550211 668b4efa        mov     cx,word ptr [esi-6]

MM_INTERNAL_CODE:  0

CUSTOMER_CRASH_COUNT:  2

DEFAULT_BUCKET_ID: [B] DRIVER_FAULT[/B]

BUGCHECK_STR: [B] 0x50[/B]

...

STACK_COMMAND:  kb

FOLLOWUP_IP: 
bdrsdrv+9d7
92e289d7 ??              ???

SYMBOL_STACK_INDEX:  10

FOLLOWUP_NAME:  MachineOwner

[B]MODULE_NAME: bdrsdrv[/B]

[B]IMAGE_NAME:  bdrsdrv.sys[/B]

DEBUG_FLR_IMAGE_TIMESTAMP:  44a28ea0

SYMBOL_NAME: [B] bdrsdrv+9d7[/B]

FAILURE_BUCKET_ID:  [B]0x50_bdrsdrv+9d7[/B]

BUCKET_ID: [B] 0x50_bdrsdrv+9d7[/B]
```
Straight from Microsoft: http://support.microsoft.com/kb/183169


> *Possible Resolutions to STOP 0x0A, 0x01E, and 0x50 Errors*
> 
> You receive a STOP 0x50 Blue Screen
> 
> ...


*Bug Check 0x50: PAGE_FAULT_IN_NONPAGED_AREA*: http://www.osronline.com/ddkx/ddtools/bccodes_4qsn.htm


> If the *driver responsible for the error can be identified, its name is printed on the blue screen and stored in memory* at the location (PUNICODE_STRING) KiBugCheckDriver.
> 
> *Cause*
> 
> ...


Your logs are very clear in pointing to the error. Like I said before, they are going to run you around in circles trying to dodge responsibility and will leave you here for a long time if you rely on them. Like I've already mentioned, it's *nothing new*. MS knows about it and so does BD from the early days of BitDefender 5 (more than 5 years ago) when many customers had the same problem. BD will do *nothing* about it but blame MS! *Neither* will MS, they will blame BD. You are left in the middle as the program is *incompatible* on MS Windows for you. :sigh: 

The point is I'm a volunteer who is trying to help you, whose done this for +10 years, since '98 online, before Windows XP came along. I also used to be a MSDN developer and MS Beta registered tester as our firm is allied with the Corp. I have seen these sort of problems for many years, with thousands unresolved because both sides are stubborn. So I am personally advising you that your only way *for now* is to change the program, or the worse route, change the OS. There is no way for us known to fix it out there but this. And Like I said, I am *not* a Windows or BitDefender programmer to take it down to the nitty gritty (that's there job) and say who is at fault. What I do here is to advise you how you can get your system back up and running without error as it should be and what is at fault as the logs show; nothing further I can say. :sayyes:

They are firms who are sticking up for their product and themselves. I am a volunteer helping as I love candid charity, even though I get little time beyond my daily tasks. Which one has more reason to dodge the truth or mislead you?

We have found the problem on your Windows install and found a perfect alternative solution. Whose at fault in programming their products, is not my position to say in all honesty, but whose at fault on your system and causing the error is the BitDefender driver on your system. :smile:

In closing, I believe you should put this forward to MS and BD (as you have done). They *may* have an unreleased "hotfix" for it, but I doubt it they'll budge from their official position of over 5 years. :sayno:


----------



## PanamaGal (Jun 3, 2006)

Ruthy, have you tried doing a repair on your Windows XP, or a fresh install? We have sold many copies of BitDefender without a problem. I do not dispute Kalim's assessment as we can see the log output above. However, it may very well be something within Windows that is corrupt and causing the driver to fail the system. If you have tried this with the same result, then you are best to follow Kalim's advice and change your AV solution.


----------



## ruthy (Jun 15, 2006)

PanamaGal said:


> Ruthy, have you tried doing a repair on your Windows XP, or a fresh install? We have sold many copies of BitDefender without a problem. I do not dispute Kalim's assessment as we can see the log output above. However, it may very well be something within Windows that is corrupt and causing the driver to fail the system. If you have tried this with the same result, then you are best to follow Kalim's advice and change your AV solution.


I'm curious - Do you work for BitDefender or just a Mentor within this Forum or both?

No I haven't repaired Windows, nor am I going to. Quite clearly this problem lies at the doorstep of BitDefender and BitDefender cannot "defend" (no pun intended!) Kalim's assessment and put the blame back on to Windows.

I still cannot contact BitDefender via Live Assistance - this facility has been down now for 2 weeks solid nor can I get through on the telephone (their quoted line number is unobtainable) - I daresay they are unable to answer the numerous queries they are getting concerning their software? My thinking is that an email is unlikely to draw any success in terms of a refund - this is required asap now before I can move on to another poroduct.

In all my days I've not seen anything like this before!

Ruth


----------



## speedster123 (Oct 18, 2006)

LOL. no, she doesnt work for bit defender.
Tell me Ruth, how did you uninstall the great Norton hog.


----------



## Kalim (Nov 24, 2006)

Hi Ruth

Incompatibility problems are unforseen and well known now although not too common. Most users will not have problems and if you're like me, then you're an unlucky one that will. :sigh:

If you check Microsoft's last link explaining the recent 0x50 STOP BSODs it's dated February 2007 - that's where they mention memory fault, or driver fault from a 3rd party software or a incompatible anti-virus that's name gets mentioned in the BSOD. TBH with you, that tells me pretty clearly that they've received many complaints like this with the same BSOD for AVs and don't want to do anything about it from their side. That's their official line as mentioned in there: "contact your AV provider". :sad:


There is one other extra step if you will and are willing. Something on your system called "Watchdog Event Log" tells you in lay words what caused the BSOD in TXT format:

Here's how you access it:

1. Use Windows Explorer to access the *C:\Windows\LogFiles\Watchdog* folder or if not there check *C:\WINDOWS\system32\LogFiles\Watchdog* folder.
2. Locate and right-click the most recently dated *.WDL* file.
3. Select the Open command from the context menu.
4. In the Windows dialog box, choose the "Select The Program From A List" option and click "OK".
5. When you see the "Open With" dialog box, select "Notepad" and click "OK".

Then read the file and see what it mentions. :smile:


----------



## PanamaGal (Jun 3, 2006)

No, I do not work for BitDefender. I was simply relating that we have a lot of satisfied customers using BitDefender, and I have not seen or heard of this complaint with any of them. I was offering up a suggestion, as things aren't always what they seem. Have you tried using the Windows install CD to overwrite your current ntoskrnl.exe file?


----------



## ruthy (Jun 15, 2006)

Kalim - no I have no .wdl files in that folder(s)

PanamaGirl - no I have not and will not attempt to repair/replace that file, in case it screws something else up.

BD are processing a refund for me - just how long this will take, remains to be seen.

I need now to seek an alternative solution - thoughts ?

Ruth


----------

