# [SOLVED] bluecreen and dump physical memory often, pls help



## bluegarfield (Nov 26, 2007)

I am using a dell laptop with Intel core duo T2060, 2GB RAM and windows vista SP1 after updated.
I have experienced bluescreen problem for quite many times and I still cant find the correct way to fix it. It happened the first time when i plugged in my friend's iPod and scanned for viruses. KIS7 detected 7 worm.win32.autorun.* viruses and as i clicked delete, my system crashed and the bluescreen appeared as attached 
anyone help me solve the problem pls


----------



## jcgriff2 (Sep 30, 2007)

*Re: bluecreen and dump physical memory often, pls help*



Hi bluegarfield. . .

Welcome back to the Tech Support Forum.

Nice picture. 

Assuming that KIS did its job, the BSOD bugcheck 0x0000000a indicates that a kernel-mode driver accessed an area of paged memory that it should not have or tried accessing a completely invalid memory address. The error that generates this bug check usually occurs after the installation of a faulty device driver.

There should be mini memory dump files located in the folder c:\windows\minidump - please get them ALL.

Also, please send me an msinfo32 NFO file - 
• msinfo32 NFO file - START | type msinfo32 into the Start Search box | right-click on msinfo32.exe | select Run as Administrator | respond to User Access Control prompt | System Information will then come up | save the report in *System Information File (NFO)* format by selecting File, then Save As.

*Some areas for you to check on:*
• The Device Manager - 
START | type dev man into the Start Search box | right-click on Device Manager that appears up top | select Run as Administrator | look for any red/yellow flags - pay specific attention to the USB area.

• Problem Reports and Solutions:
START | type wercon.exe into the Start Search box | right-click on wercon.exe that appears up top | select Run as Administrator | view "See Problems to Check'.

Zip the memory dumps and the msinfo32 NFO file up and attach to your next post. I'll take a look at the dumps to see if a probable cause can be found - the worm notwithstanding.

Regards. . .

jcgriff2


----------



## bluegarfield (Nov 26, 2007)

*Re: bluecreen and dump physical memory often, pls help*

http://ifile.it/vaxrd2c

here are all the file you need. Dev man got no problem

Looking forward to hearing from you.
thx


----------



## bluegarfield (Nov 26, 2007)

*Re: bluecreen and dump physical memory often, pls help*

sry, I forgot the password for unrar.

Pass is "dumping"


----------



## jcgriff2 (Sep 30, 2007)

*Re: bluecreen and dump physical memory often, pls help*

Sorry, but that download site caused IE7 in my system to freeze up completely when attempting to sign up for a free account - losing all of my tabs. I will not attempt ot access it again.

Please attach the file using "manage attachments" in the reply area of your next post - attach it to the post via TSF. Thanks.

jcgriff2


----------



## bluegarfield (Nov 26, 2007)

*Re: bluecreen and dump physical memory often, pls help*

ok, i reup the file. pass "dumping"

thx for helping me


----------



## jcgriff2 (Sep 30, 2007)

*Re: bluecreen and dump physical memory often, pls help*



Hi. . .

06-21-08a - Bug Check 0x0000000a, (0x00000000, 0x0000001b, 0x00000000, 0x832f1cba) - probable cause ntkrpamp.exe.

06-28-08a - Bug Check 0x0000000a (0x00000000, 0x0000001b, 0x00000000, 0x83303cba) - probable cause ntkrpamp.exe.

06-28-08b - Bug Check 0x0000000a (0x00000000, 0x0000001b, 0x00000000, 0x832cdcba) - probable cause ntkrpamp.exe.

06-28-08c - Bug Check 0x0000000a (0x00000000, 0x0000001b, 0x00000000, 0x832d2cba) - probable cause ntkrpamp.exe.

06-30-08a - Bug Check 0x0000000a (0x00000000, 0x0000001b, 0x00000000, 0x832e9cba) - probable cause ntkrpamp.exe.

07-02-08a - Bug Check 0x0000000a (0x00000000, 0x0000001b, 0x00000000, 0x832f3cba) - probable cause ntkrpamp.exe.

07-04-08a - Bug Check 0x0000000a (0x00000000, 0x0000001b, 0x00000000, 0x832f6cba) - probable cause ntkrpamp.exe.

The 0xa bugcheck refers to paged memory or simply an invalid memory address being accessed - in this case by a driver - and I do not believe for a second it is the driver named above. My guess it that it is a driver being called withing the NT module ntkrpamp. But the offending driver is not revealing itself. Note the last parameter of each bug check - this is the area of memory that the unnamed driver attempted access to.

There is not much more that I have to offer for you at this time, outside of a few items:

• Your Windows updates per msinfo32 are disabled, yet you are running Vista SP1. Any particular reason for Windows Updates to be disabled?

• Your free space on drive c: is less than 10%. I suggest that you clean the system out - using CCleaner, found HERE. Download and install. Right-click on the desktop icon, select run as administrator, select cleaner, analyze, then clean. Keep in mind that this will delete many items - check the list and uncheck any items that you do not wish to delete.

Please let me know of the space that you recover.

Also, run the Vista System File Checker/Repair utility - 
START | type cmd.exe into the Start Search box | right-click on cmd.exe that appears up top | select Run as Administrator | A Command Prompt (DOS) screen should appear | Type sfc /scannow and press enter. This may take 10 minutes or it may run for hours.

Also, I suggest after CCleaner and sfc, that you defrag your hard drive using Auslogics disk defrag, found HERE. Windows Updates and Program installations need a lot of room during installation/updating to "breather". While 10gb should suffice, I believe that system performance will improve.

Good Luck to you.

Regards. . .

jcgriff2


----------



## bluegarfield (Nov 26, 2007)

*Re: bluecreen and dump physical memory often, pls help*

i purposely turn off the windows automatic update as i only update my laptop when i want. about SP1, i downloaded the installation pack from microsoft website and install manually.

I have cleared up my HDD and now got 26GB free. there are no other problems that i can find.

So what should i do with ntkrpamp.exe. ?Bluescreen also happen less but i'm not sure whether it will happen again.


----------



## jcgriff2 (Sep 30, 2007)

*Re: bluecreen and dump physical memory often, pls help*



Hi. . .

The Windows NT Kernel & System module ntkrpamp is essential for Vista to run. The dbug output listed this program as the probable cause because the driver/object/device that actually failed was called upon or referenced in some manner by ntkrpamp.exe and therefore was within its expansive memory address range. I am >99% positive that it is not at fault

You mentioned less frequent BSODs? Are there additional mini dumps available? If so, zip them and attach to your next post as they may reveal new information.

Also, I would like to get some additional system information from you via Belarc Adviser report saved in *mht* format (IE7/8 - click on page, Save as , save as mht - web archive/single file) or if using Firefox, saved in *html* format as a web page. You can download Belarc HERE. Install it, then right-click on the desktop icon and run as admin. When it requests to go out to the Internet to update, click NO. The output will appear in a web browser (IE/Firefox - whichever is your default). Then please zip it - but it must be sent to me via email as it contains sensitive product key code information and should not be made public. Please see my PM for my email address. Thanks.


Regards. . .

jcgriff2


----------



## Cypherclown (Jul 8, 2008)

*Re: bluecreen and dump physical memory often, pls help*

increase your virtual memory/pagefile go into system properties go to performance and up your memory this may help


----------



## jcgriff2 (Sep 30, 2007)

*Re: bluecreen and dump physical memory often, pls help*

Hi. . .

From msinfo32, it appears that the page file may be system managed, which would be fine. Here are the numbers-

```
[COLOR=Blue]Installed Physical Memory (RAM)	2.00 GB
Total Physical Memory	2.00 GB
Available Physical Memory	960 MB
Total Virtual Memory	4.23 GB
Available Virtual Memory	2.88 GB
Page File Space	2.29 GB
Page File	C:\pagefile.sys[/COLOR]
```

Regards. . .

jcgriff2

.


----------



## bluegarfield (Nov 26, 2007)

*Re: bluecreen and dump physical memory often, pls help*

sry for not reply that long. i hav been busy for a while.

I want to send you the 2 latest dump file to check, 1 of 2 is different from the rest.And the latest one happen abt 2mins after i plugged in my Mem stick pro duo.
Could you pls look at it and give me the solution, the bsod is really irritating to me
http://rapidshare.com/files/132041284/New_Folder.rar.html
pass "dumping"
thx


----------



## jcgriff2 (Sep 30, 2007)

*Re: bluecreen and dump physical memory often, pls help*



Hi.. .

The July 19, 2008, dbug output:

The bugcheck (STOP error) = 0x00000024 (0x001904aa, 0x995feb70, 0x995fe86c, 0x8949d0b7) listing the probable cause as the Microsoft File System Driver *ntfs.sys*. I found the process running was iexplore.exe - Internet Explorer.

0x00000024 = 0x24 = NTFS_FILE_SYSTEM error. This indicates a problem occurred in ntfs.sys, the driver file that allows the system to read and write to NTFS drives.

From an *elevated* command prompt, run "chkdsk /r" (no quotes) - message will say .... cannot run chkdsk....." - just re-boot.

Please run the following, feel free to PM with the password to the rar file, if necessary. Run Deckard's System Scanner (DSS), found HERE. About 1/2 down the page you will see the link - click on it and download it - save it to your desktop.

Then do the following:

START | type cmd.exe into the start search box | right-click on cmd.exe | select run as admin | the type exactly as it appears below (hit enter after each line):


```
[COLOR=red]
c:

cd %userprofile\desktop

dss /config[/COLOR]
```
*-check every box 
-allow it to install HiJackThis*


Let it run... a minute or two should do it.

One notepad will appear - main.txt, another - extra.txt will be minimized. Save them both, zip them up and attach to your next post.


```
Microsoft (R) Windows Debugger Version 6.9.0003.113 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [D:\#Dumps\bluegarfield - Vista - 07-05-08\Mini071208-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows Server 2008 Kernel Version 6001 (Service Pack 1) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 6001.18063.x86fre.vistasp1_gdr.080425-1930
Kernel base = 0x83214000 PsLoadedModuleList = 0x8332bc70
Debug session time: Sat Jul 12 08:51:27.334 2008 (GMT-4)
System Uptime: 0 days 19:49:33.353
Loading Kernel Symbols
..........................................................................................................................................................................
Loading User Symbols
Loading unloaded module list
.......
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 24, {1904aa, 995feb70, 995fe86c, 8949d0b7}

Probably caused by : Ntfs.sys ( Ntfs!NtfsCommonCreate+58 )

Followup: MachineOwner
---------

0: kd> !analyze -v;r;kv;lmtn
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

NTFS_FILE_SYSTEM (24)
    If you see NtfsExceptionFilter on the stack then the 2nd and 3rd
    parameters are the exception record and context record. Do a .cxr
    on the 3rd parameter and then kb to obtain a more informative stack
    trace.
Arguments:
Arg1: 001904aa
Arg2: 995feb70
Arg3: 995fe86c
Arg4: 8949d0b7

Debugging Details:
------------------


EXCEPTION_RECORD:  995feb70 -- (.exr 0xffffffff995feb70)
ExceptionAddress: 8949d0b7 (Ntfs!NtfsCommonCreate+0x00000058)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 00000000
   Parameter[1]: 00000004
Attempt to read from address 00000004

CONTEXT:  995fe86c -- (.cxr 0xffffffff995fe86c)
eax=86951668 ebx=99466750 ecx=00000000 edx=99466668 esi=00000000 edi=995fed38
eip=8949d0b7 esp=995fec38 ebp=995fecec iopl=0         nv up ei pl zr na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010246
Ntfs!NtfsCommonCreate+0x58:
8949d0b7 8b4904          mov     ecx,dword ptr [ecx+4] ds:0023:00000004=????????
Resetting default scope

CUSTOMER_CRASH_COUNT:  1

PROCESS_NAME:  iexplore.exe

CURRENT_IRQL:  0

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

READ_ADDRESS: GetPointerFromAddress: unable to read from 8334b868
Unable to read MiSystemVaType memory at 8332b420
 00000004 

BUGCHECK_STR:  0x24

DEFAULT_BUCKET_ID:  NULL_CLASS_PTR_DEREFERENCE

LAST_CONTROL_TRANSFER:  from 894232aa to 8949d0b7

STACK_TEXT:  
995fecec 894232aa 86169ee8 869514d8 99466750 Ntfs!NtfsCommonCreate+0x58
995fed2c 832cd318 994666e8 00001c70 ffffffff Ntfs!NtfsCommonCreateCallout+0x20
995fed2c 832cd411 994666e8 00001c70 ffffffff nt!KiSwapKernelStackAndExit+0x118
99466678 00000000 00000000 00000000 00000000 nt!KiSwitchKernelStackAndCallout+0x31


FOLLOWUP_IP: 
Ntfs!NtfsCommonCreate+58
8949d0b7 8b4904          mov     ecx,dword ptr [ecx+4]

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  Ntfs!NtfsCommonCreate+58

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: Ntfs

IMAGE_NAME:  Ntfs.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  47918a96

STACK_COMMAND:  .cxr 0xffffffff995fe86c ; kb

FAILURE_BUCKET_ID:  0x24_Ntfs!NtfsCommonCreate+58

BUCKET_ID:  0x24_Ntfs!NtfsCommonCreate+58

Followup: MachineOwner
---------

eax=8330c920 ebx=995feb70 ecx=833141f8 edx=00000182 esi=8330c93c edi=995fe2b8
eip=832e1163 esp=995fe628 ebp=995fe644 iopl=0         nv up ei pl nz na po nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00000202
nt!KeBugCheckEx+0x1e:
832e1163 8be5            mov     esp,ebp
ChildEBP RetAddr  Args to Child              
995fe644 89428316 00000024 001904aa 995feb70 nt!KeBugCheckEx+0x1e
995fe66c 894232c6 86169ee8 995fe6a0 8941cf54 Ntfs!NtfsExceptionFilter+0xad (FPO: [Non-Fpo])
995fe678 8941cf54 00000000 995fed2c 894421a0 Ntfs!NtfsCommonCreateCallout+0x37 (FPO: [SEH])
995fe68c 894270ba 00000000 00000000 00000000 Ntfs!_EH4_CallFilterFunc+0x12 (FPO: [Uses EBP] [0,0,4])
995fe6b4 832c9ba2 fffffffe 995fed1c 995fe86c Ntfs!_except_handler4+0x8e (FPO: [Non-Fpo])
995fe6d8 832c9b74 995feb70 995fed1c 995fe86c nt!ExecuteHandler2+0x26
995fe790 8324a567 995feb70 995fe86c ae10d6d5 nt!ExecuteHandler+0x24
995feb54 8326c63a 995feb70 00000000 995febc4 nt!KiDispatchException+0x170
995febbc 8326c5ee 995fecec 8949d0b7 badb0d00 nt!CommonDispatchException+0x4a (FPO: [0,20,0])
995febc4 8949d0b7 badb0d00 99466668 86169e00 nt!KiExceptionExit+0x186
995fecec 894232aa 86169ee8 869514d8 99466750 Ntfs!NtfsCommonCreate+0x58 (FPO: [Non-Fpo])
995fed2c 832cd318 994666e8 00001c70 ffffffff Ntfs!NtfsCommonCreateCallout+0x20 (FPO: [Non-Fpo])
995fed2c 832cd411 994666e8 00001c70 ffffffff nt!KiSwapKernelStackAndExit+0x118 (FPO: [0,0] TrapFrame @ 995fed44)
99466678 00000000 00000000 00000000 00000000 nt!KiSwitchKernelStackAndCallout+0x31
start    end        module name
80605000 8060d000   kdcom    kdcom.dll    Sat Jan 19 02:31:53 2008 (4791A769)
8060d000 8066d000   mcupdate_GenuineIntel mcupdate_GenuineIntel.dll Sat Jan 19 02:29:43 2008 (4791A6E7)
8066d000 8067e000   PSHED    PSHED.dll    Sat Jan 19 02:31:21 2008 (4791A749)
8067e000 80686000   BOOTVID  BOOTVID.dll  Sat Jan 19 02:27:15 2008 (4791A653)
80686000 806c7000   CLFS     CLFS.SYS     Sat Jan 19 00:28:01 2008 (47918A61)
806c7000 807a7000   CI       CI.dll       Fri Feb 22 00:00:56 2008 (47BE5708)
807a7000 807ce000   pci      pci.sys      Sat Jan 19 00:32:57 2008 (47918B89)
807ce000 807dd000   partmgr  partmgr.sys  Sat Jan 19 00:49:54 2008 (47918F82)
807dd000 807ec000   volmgr   volmgr.sys   Sat Jan 19 00:49:51 2008 (47918F7F)
83214000 835cd000   nt       ntkrpamp.exe Sat Apr 26 01:28:17 2008 (4812BD71)
835cd000 83600000   hal      halmacpi.dll Sat Jan 19 00:27:20 2008 (47918A38)
84000000 8400a000   BATTC    BATTC.SYS    Sat Jan 19 00:32:45 2008 (47918B7D)
8400e000 8408a000   Wdf01000 Wdf01000.sys Sat Jan 19 00:52:21 2008 (47919015)
8408a000 84097000   WDFLDR   WDFLDR.SYS   Sat Jan 19 00:52:19 2008 (47919013)
84097000 8417f000   sptd     sptd.sys     Tue Apr 03 08:12:11 2007 (4612449B)
8417f000 84188000   WMILIB   WMILIB.SYS   Sat Jan 19 00:53:08 2008 (47919044)
84188000 841ae000   SCSIPORT SCSIPORT.SYS Sat Jan 19 00:49:44 2008 (47918F78)
841ae000 841f4000   acpi     acpi.sys     Sat Jan 19 00:32:48 2008 (47918B80)
841f4000 841fc000   msisadrv msisadrv.sys Sat Jan 19 00:32:51 2008 (47918B83)
841fc000 841fe900   compbatt compbatt.sys Sat Jan 19 00:32:47 2008 (47918B7F)
84203000 8424d000   volmgrx  volmgrx.sys  Sat Jan 19 00:50:00 2008 (47918F88)
8424d000 84254000   intelide intelide.sys Sat Jan 19 00:49:42 2008 (47918F76)
84254000 84262000   PCIIDEX  PCIIDEX.SYS  Sat Jan 19 00:49:40 2008 (47918F74)
84262000 84269000   pciide   pciide.sys   Fri Nov 17 01:21:26 2006 (455D54E6)
84269000 84279000   mountmgr mountmgr.sys Sat Jan 19 00:49:13 2008 (47918F59)
84279000 84281000   atapi    atapi.sys    Sat Jan 19 00:49:40 2008 (47918F74)
84281000 8429f000   ataport  ataport.SYS  Sat Jan 19 00:49:40 2008 (47918F74)
8429f000 842d1000   fltmgr   fltmgr.sys   Sat Jan 19 00:28:10 2008 (47918A6A)
842d1000 842e1000   fileinfo fileinfo.sys Sat Jan 19 00:34:27 2008 (47918BE3)
842e1000 84352000   ksecdd   ksecdd.sys   Sat Jan 19 00:41:20 2008 (47918D80)
84352000 8436a000   cdrom    cdrom.sys    Sat Jan 19 00:49:50 2008 (47918F7E)
8436a000 843d0000   a4cwn6iq a4cwn6iq.SYS Wed Apr 11 13:59:50 2007 (461D2216)
843d0000 843fe000   msiscsi  msiscsi.sys  Sat Jan 19 00:50:44 2008 (47918FB4)
89000000 8910b000   ndis     ndis.sys     Sat Jan 19 00:55:51 2008 (479190E7)
8910b000 89136000   msrpc    msrpc.sys    unavailable (00000000)
89136000 89170000   NETIO    NETIO.SYS    Sat Jan 19 00:56:19 2008 (47919103)
89170000 891c1000   rixdptsk rixdptsk.sys Tue Nov 14 20:35:19 2006 (455A6ED7)
891c1000 891eb100   SynTP    SynTP.sys    Mon Nov 06 20:34:46 2006 (454FE2B6)
891ec000 891f4300   InCDPass InCDPass.sys Tue Feb 26 10:26:13 2008 (47C42F95)
891f5000 891fd880   InCDRm   InCDRm.sys   Tue Feb 26 10:23:29 2008 (47C42EF1)
89202000 892e9000   tcpip    tcpip.sys    Sat Apr 26 02:00:17 2008 (4812C4F1)
892e9000 89304000   fwpkclnt fwpkclnt.sys Sat Jan 19 00:55:44 2008 (479190E0)
89304000 89313000   intelppm intelppm.sys Sat Jan 19 00:27:20 2008 (47918A38)
89313000 8931c000   wmiacpi  wmiacpi.sys  Sat Jan 19 00:32:47 2008 (47918B7F)
8931c000 8935a000   USBPORT  USBPORT.SYS  Sat Jan 19 00:53:23 2008 (47919053)
8935a000 89369000   usbehci  usbehci.sys  Sat Jan 19 00:53:21 2008 (47919051)
89369000 8937a000   bcm4sbxp bcm4sbxp.sys Wed Jun 14 17:02:02 2006 (4490794A)
8937a000 89389200   ohci1394 ohci1394.sys Sat Jan 19 00:53:33 2008 (4791905D)
8938a000 89397080   1394BUS  1394BUS.SYS  Sat Jan 19 00:53:27 2008 (47919057)
89398000 893b2000   sdbus    sdbus.sys    Sat Jan 19 00:32:56 2008 (47918B88)
893b2000 893c0000   rimmptsk rimmptsk.sys Wed Nov 15 03:16:23 2006 (455ACCD7)
893c0000 893d4000   rimsptsk rimsptsk.sys Tue Nov 14 22:42:45 2006 (455A8CB5)
893d4000 893e7000   i8042prt i8042prt.sys Sat Jan 19 00:49:17 2008 (47918F5D)
893e7000 893f2000   mouclass mouclass.sys Sat Jan 19 00:49:14 2008 (47918F5A)
893f2000 893fd000   kbdclass kbdclass.sys Sat Jan 19 00:49:14 2008 (47918F5A)
89400000 89409000   tunmp    tunmp.sys    Sat Jan 19 00:55:40 2008 (479190DC)
89409000 8940c780   CmBatt   CmBatt.sys   Sat Jan 19 00:32:47 2008 (47918B7F)
8940e000 8951d000   Ntfs     Ntfs.sys     Sat Jan 19 00:28:54 2008 (47918A96)
8951d000 89556000   volsnap  volsnap.sys  Sat Jan 19 00:50:10 2008 (47918F92)
89556000 8955e000   spldr    spldr.sys    Thu Jun 21 20:29:17 2007 (467B17DD)
8955e000 8956d000   mup      mup.sys      Sat Jan 19 00:28:20 2008 (47918A74)
8956d000 89594000   ecache   ecache.sys   Sat Jan 19 00:50:47 2008 (47918FB7)
89594000 895a5000   disk     disk.sys     Sat Jan 19 00:49:47 2008 (47918F7B)
895a5000 895c6000   CLASSPNP CLASSPNP.SYS Sat Jan 19 00:49:36 2008 (47918F70)
895c6000 895cf000   crcdisk  crcdisk.sys  Thu Nov 02 04:52:27 2006 (4549B1CB)
895cf000 895d9000   Dxapi    Dxapi.sys    Sat Jan 19 00:36:12 2008 (47918C4C)
895d9000 895e8000   monitor  monitor.sys  Sat Jan 19 00:52:19 2008 (47919013)
895ef000 895fa000   tunnel   tunnel.sys   Sat Jan 19 00:55:50 2008 (479190E6)
895fa000 895fc500   GEARAspiWDM GEARAspiWDM.sys Tue Jan 29 12:00:57 2008 (479F5BC9)
8dc04000 8dc45000   storport storport.sys Sat Jan 19 00:49:49 2008 (47918F7D)
8dc45000 8dc50000   TDI      TDI.SYS      Sat Jan 19 00:57:10 2008 (47919136)
8dc50000 8dc67000   rasl2tp  rasl2tp.sys  Sat Jan 19 00:56:33 2008 (47919111)
8dc67000 8dc72000   ndistapi ndistapi.sys Sat Jan 19 00:56:24 2008 (47919108)
8dc72000 8dc95000   ndiswan  ndiswan.sys  Sat Jan 19 00:56:32 2008 (47919110)
8dc95000 8dca4000   raspppoe raspppoe.sys Sat Jan 19 00:56:33 2008 (47919111)
8dca4000 8dcb8000   raspptp  raspptp.sys  Sat Jan 19 00:56:34 2008 (47919112)
8dcb8000 8dccd000   rassstp  rassstp.sys  Sat Jan 19 00:56:43 2008 (4791911B)
8dccd000 8dd56000   rdpdr    rdpdr.sys    Sat Jan 19 01:02:27 2008 (47919273)
8dd56000 8dd66000   termdd   termdd.sys   Sat Jan 19 01:01:06 2008 (47919222)
8dd66000 8dd67380   swenum   swenum.sys   Sat Jan 19 00:49:20 2008 (47918F60)
8dd68000 8dd92000   ks       ks.sys       Sat Jan 19 00:49:21 2008 (47918F61)
8dd92000 8dd9c000   mssmbios mssmbios.sys Sat Jan 19 00:32:55 2008 (47918B87)
8dd9c000 8dda9000   umbus    umbus.sys    Sat Jan 19 00:53:40 2008 (47919064)
8dda9000 8dddd000   usbhub   usbhub.sys   Sat Jan 19 00:53:40 2008 (47919064)
8dddd000 8ddee000   NDProxy  NDProxy.SYS  Sat Jan 19 00:56:28 2008 (4791910C)
8ddee000 8ddfb000   crashdmp crashdmp.sys Sat Jan 19 00:49:43 2008 (47918F77)
8e000000 8e00b000   usbuhci  usbuhci.sys  Sat Jan 19 00:53:20 2008 (47919050)
8e00b000 8e6b8000   atikmdag atikmdag.sys Wed Mar 14 22:04:24 2007 (45F8A9A8)
8e6b8000 8e757000   dxgkrnl  dxgkrnl.sys  Sat Jan 19 00:36:36 2008 (47918C64)
8e757000 8e764000   watchdog watchdog.sys Sat Jan 19 00:35:29 2008 (47918C21)
8e764000 8e776000   HDAudBus HDAudBus.sys Tue Nov 27 18:18:41 2007 (474CA5D1)
8e776000 8e7fc000   bcmwl6   bcmwl6.sys   Mon Nov 13 11:48:20 2006 (4558A1D4)
8e7fc000 8e7fd700   USBD     USBD.SYS     Sat Jan 19 00:53:17 2008 (4791904D)
8ea00000 8ea08000   dump_atapi dump_atapi.sys Sat Jan 19 00:49:40 2008 (47918F74)
8ea08000 8eaab000   stwrt    stwrt.sys    Wed Nov 22 14:37:58 2006 (4564A716)
8eaab000 8ead8000   portcls  portcls.sys  Sat Jan 19 00:53:17 2008 (4791904D)
8ead8000 8eafd000   drmk     drmk.sys     Sat Jan 19 01:53:02 2008 (47919E4E)
8eafd000 8eb3a000   HSXHWAZL HSXHWAZL.sys Wed Oct 18 14:08:11 2006 (45366D8B)
8eb3a000 8eb41000   Null     Null.SYS     unavailable (00000000)
8eb41000 8eb48000   Beep     Beep.SYS     Sat Jan 19 00:49:10 2008 (47918F56)
8eb51000 8eb57380   HIDPARSE HIDPARSE.SYS Sat Jan 19 00:53:16 2008 (4791904C)
8eb58000 8eb64000   vga      vga.sys      Sat Jan 19 00:52:06 2008 (47919006)
8eb64000 8eb85000   VIDEOPRT VIDEOPRT.SYS Sat Jan 19 00:52:10 2008 (4791900A)
8eb85000 8eb8d000   RDPCDD   RDPCDD.sys   Sat Jan 19 01:01:08 2008 (47919224)
8eb8d000 8eb95000   rdpencdd rdpencdd.sys Sat Jan 19 01:01:09 2008 (47919225)
8eb95000 8ebb3080   InCDFs   InCDFs.sys   Tue Feb 26 10:25:25 2008 (47C42F65)
8ebb4000 8ebbf000   Msfs     Msfs.SYS     unavailable (00000000)
8ebbf000 8ebcd000   Npfs     Npfs.SYS     Sat Jan 19 00:28:09 2008 (47918A69)
8ebcd000 8ebd6000   rasacd   rasacd.sys   Sat Jan 19 00:56:31 2008 (4791910F)
8ebd6000 8ebf9000   Mpfp     Mpfp.sys     Mon Oct 30 13:01:02 2006 (45462FCE)
8ec06000 8ed09000   HSX_DPV  HSX_DPV.sys  Wed Oct 18 14:09:22 2006 (45366DD2)
8ed09000 8edbd000   HSX_CNXT HSX_CNXT.sys Wed Oct 18 14:08:01 2006 (45366D81)
8edbd000 8edca000   modem    modem.sys    Sat Jan 19 00:57:16 2008 (4791913C)
8edca000 8edf2000   klif     klif.sys     Thu Dec 13 05:08:58 2007 (476104BA)
8edf2000 8edfb000   Fs_Rec   Fs_Rec.SYS   unavailable (00000000)
8edfb000 8edfdf00   InCDRec  InCDRec.sys  Tue Feb 26 10:22:20 2008 (47C42EAC)
8f000000 8f00b000   dump_dumpata dump_dumpata.sys Sat Jan 19 00:49:40 2008 (47918F74)
8f00b000 8f021000   tdx      tdx.sys      Sat Jan 19 00:55:58 2008 (479190EE)
8f021000 8f033000   ipfltdrv ipfltdrv.sys Sat Jan 19 00:56:23 2008 (47919107)
8f033000 8f04f000   kl1      kl1.sys      Wed Oct 31 06:40:25 2007 (47285B99)
8f04f000 8f058000   hidusb   hidusb.sys   Sat Jan 19 00:53:17 2008 (4791904D)
8f058000 8f068000   HIDCLASS HIDCLASS.SYS Sat Jan 19 00:53:16 2008 (4791904C)
8f068000 8f070000   mouhid   mouhid.sys   Sat Jan 19 00:49:16 2008 (47918F5C)
8f070000 8f084000   smb      smb.sys      Sat Jan 19 00:55:27 2008 (479190CF)
8f084000 8f0cc000   afd      afd.sys      Sat Jan 19 00:57:00 2008 (4791912C)
8f0cc000 8f0fe000   netbt    netbt.sys    Sat Jan 19 00:55:33 2008 (479190D5)
8f0fe000 8f114000   pacer    pacer.sys    Fri Apr 04 21:21:42 2008 (47F6D426)
8f114000 8f11b000   klim6    klim6.sys    Tue Oct 16 04:05:12 2007 (471470B8)
8f11b000 8f129000   netbios  netbios.sys  Sat Jan 19 00:55:45 2008 (479190E1)
8f129000 8f13c000   wanarp   wanarp.sys   Sat Jan 19 00:56:31 2008 (4791910F)
8f13c000 8f143760   SCDEmu   SCDEmu.SYS   Mon Aug 06 20:15:06 2007 (46B7B98A)
8f144000 8f180000   rdbss    rdbss.sys    Sat Jan 19 00:28:34 2008 (47918A82)
8f180000 8f18a000   nsiproxy nsiproxy.sys Sat Jan 19 00:55:50 2008 (479190E6)
8f18a000 8f1e4000   csc      csc.sys      Sat Jan 19 00:28:54 2008 (47918A96)
8f1e4000 8f1fb000   dfsc     dfsc.sys     Sat Jan 19 00:28:20 2008 (47918A74)
96e20000 97021000   win32k   win32k.sys   Thu Feb 28 23:21:37 2008 (47C78851)
97040000 97049000   TSDDD    TSDDD.dll    unavailable (00000000)
97050000 9709c000   ATMFD    ATMFD.DLL    Sat Jan 19 00:36:13 2008 (47918C4D)
970b0000 970be000   cdd      cdd.dll      Sat Jan 19 02:27:09 2008 (4791A64D)
98004000 9801f000   luafv    luafv.sys    Sat Jan 19 00:30:35 2008 (47918AFB)
98027000 980d6000   spsys    spsys.sys    Thu Jun 21 20:33:02 2007 (467B18BE)
980d6000 980e6000   lltdio   lltdio.sys   Sat Jan 19 00:55:03 2008 (479190B7)
980e6000 98110000   nwifi    nwifi.sys    Sat Jan 19 00:53:58 2008 (47919076)
98110000 9811a000   ndisuio  ndisuio.sys  Sat Jan 19 00:55:40 2008 (479190DC)
9811a000 9812d000   rspndr   rspndr.sys   Sat Jan 19 00:55:03 2008 (479190B7)
9812d000 98198000   HTTP     HTTP.sys     Sat Jan 19 00:55:21 2008 (479190C9)
98198000 981b5000   srvnet   srvnet.sys   Sat Jan 19 00:29:11 2008 (47918AA7)
981b5000 981ce000   bowser   bowser.sys   Sat Jan 19 00:28:26 2008 (47918A7A)
981ce000 981e3000   mpsdrv   mpsdrv.sys   Sat Jan 19 00:54:45 2008 (479190A5)
9a20a000 9a22a000   mrxdav   mrxdav.sys   Sat Jan 19 00:28:44 2008 (47918A8C)
9a22a000 9a249000   mrxsmb   mrxsmb.sys   Sat Jan 19 00:28:33 2008 (47918A81)
9a249000 9a282000   mrxsmb10 mrxsmb10.sys Sat Jan 19 00:28:40 2008 (47918A88)
9a282000 9a29a000   mrxsmb20 mrxsmb20.sys Sat Jan 19 00:28:35 2008 (47918A83)
9a29a000 9a2c1000   srv2     srv2.sys     Sat Jan 19 00:29:14 2008 (47918AAA)
9a2c1000 9a30d000   srv      srv.sys      Sat Jan 19 00:29:25 2008 (47918AB5)
9a30d000 9a313000   artmoney artmoney.sys Sat Sep 08 17:56:37 2007 (46E31A95)
9a313000 9a314d00   dsunidrv dsunidrv.sys Thu May 25 13:04:54 2006 (4475E3B6)
9a315000 9a33d000   fastfat  fastfat.SYS  Sat Jan 19 00:28:00 2008 (47918A60)
9a33d000 9a340180   mdmxsdk  mdmxsdk.sys  Mon Jun 19 17:26:59 2006 (449716A3)
9c80e000 9c8ec000   peauth   peauth.sys   Mon Oct 23 04:55:32 2006 (453C8384)
9c8ec000 9c8f6000   secdrv   secdrv.SYS   Wed Sep 13 09:18:32 2006 (45080528)
9c8f6000 9c902000   tcpipreg tcpipreg.sys Sat Jan 19 00:56:07 2008 (479190F7)
9c902000 9c90a000   xaudio   xaudio.sys   Fri Aug 04 20:39:09 2006 (44D3E8AD)
9c90a000 9c931680   mfehidk  mfehidk.sys  Wed Oct 25 12:23:33 2006 (453F8F85)
9c949000 9c95f000   cdfs     cdfs.sys     Sat Jan 19 00:28:02 2008 (47918A62)
9c95f000 9c968000   ws2ifsl  ws2ifsl.sys  Sat Jan 19 00:56:49 2008 (47919121)
9c968000 9c96ea00   mfebopk  mfebopk.sys  Wed Oct 25 12:27:58 2006 (453F908E)
9c96f000 9c97ec00   mfeavfk  mfeavfk.sys  Wed Oct 04 16:56:02 2006 (45241FE2)
9c97f000 9c991000   USBSTOR  USBSTOR.SYS  Sat Jan 19 00:53:22 2008 (47919052)
9c991000 9c9a5580   WUDFRd   WUDFRd.sys   Sat Jan 19 00:53:04 2008 (47919040)
9c9a6000 9c9b8000   WUDFPf   WUDFPf.sys   Sat Jan 19 00:52:49 2008 (47919031)

Unloaded modules:
9c939000 9c949000   mfeavfk.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
9c932000 9c939000   mfebopk.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
9801f000 98027000   drmkaud.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
895cf000 895dc000   crashdmp.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
895dc000 895e7000   dump_ataport
    Timestamp: unavailable (00000000)
    Checksum:  00000000
895e7000 895ef000   dump_atapi.s
    Timestamp: unavailable (00000000)
    Checksum:  00000000
8eb48000 8eb51000   kbdhid.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
0: kd> lmvm Ntfs
start    end        module name
8940e000 8951d000   Ntfs       (pdb symbols)          c:\symbols\ntfs.pdb\930EE4647C27429A84EDF147B1500AA62\ntfs.pdb
    Loaded symbol image file: Ntfs.sys
    Mapped memory image file: c:\symbols\Ntfs.sys\47918A9610f000\Ntfs.sys
    Image path: \SystemRoot\System32\Drivers\Ntfs.sys
    Image name: Ntfs.sys
    Timestamp:        Sat Jan 19 00:28:54 2008 (47918A96)
    CheckSum:         00110120
    ImageSize:        0010F000
    File version:     6.0.6001.18000
    Product version:  6.0.6001.18000
    File flags:       0 (Mask 3F)
    File OS:          40004 NT Win32
    File type:        3.7 Driver
    File date:        00000000.00000000
    Translations:     0409.04b0
    CompanyName:      Microsoft Corporation
    ProductName:      Microsoft® Windows® Operating System
    InternalName:     ntfs.sys
    OriginalFilename: ntfs.sys
    ProductVersion:   6.0.6001.18000
    FileVersion:      6.0.6001.18000 (longhorn_rtm.080118-1840)
    FileDescription:  NT File System Driver
    LegalCopyright:   © Microsoft Corporation. All rights reserved.
0: kd> .cxr 0xffffffff995fe86c
eax=86951668 ebx=99466750 ecx=00000000 edx=99466668 esi=00000000 edi=995fed38
eip=8949d0b7 esp=995fec38 ebp=995fecec iopl=0         nv up ei pl zr na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010246
Ntfs!NtfsCommonCreate+0x58:
8949d0b7 8b4904          mov     ecx,dword ptr [ecx+4] ds:0023:00000004=????????
0: kd> lmvm Ntfs
start    end        module name
8940e000 8951d000   Ntfs       (pdb symbols)          c:\symbols\ntfs.pdb\930EE4647C27429A84EDF147B1500AA62\ntfs.pdb
    Loaded symbol image file: Ntfs.sys
    Mapped memory image file: c:\symbols\Ntfs.sys\47918A9610f000\Ntfs.sys
    Image path: \SystemRoot\System32\Drivers\Ntfs.sys
    Image name: Ntfs.sys
    Timestamp:        Sat Jan 19 00:28:54 2008 (47918A96)
    CheckSum:         00110120
    ImageSize:        0010F000
    File version:     6.0.6001.18000
    Product version:  6.0.6001.18000
    File flags:       0 (Mask 3F)
    File OS:          40004 NT Win32
    File type:        3.7 Driver
    File date:        00000000.00000000
    Translations:     0409.04b0
    CompanyName:      Microsoft Corporation
    ProductName:      Microsoft® Windows® Operating System
    InternalName:     ntfs.sys
    OriginalFilename: ntfs.sys
    ProductVersion:   6.0.6001.18000
    FileVersion:      6.0.6001.18000 (longhorn_rtm.080118-1840)
    FileDescription:  NT File System Driver
    LegalCopyright:   © Microsoft Corporation. All rights reserved.
0: kd> !process
GetPointerFromAddress: unable to read from 8334b86c
PROCESS 86149800  SessionId: none  Cid: 0b04    Peb: 7ffd8000  ParentCid: 1318
    DirBase: 7da197c0  ObjectTable: a0ee5fc8  HandleCount: <Data Not Accessible>
    Image: iexplore.exe
    VadRoot 8652e4c8 Vads 557 Clone 0 Private 13154. Modified 3302. Locked 0.
    DeviceMap 99849158
    Token                             8d8588b0
    ReadMemory error: Cannot get nt!KeMaximumIncrement value.
ffdf0000: Unable to get shared data
    ElapsedTime                       00:00:00.000
    UserTime                          00:00:00.000
    KernelTime                        00:00:00.000
    QuotaPoolUsage[PagedPool]         315528
    QuotaPoolUsage[NonPagedPool]      37760
    Working Set Sizes (now,min,max)  (21218, 50, 345) (84872KB, 200KB, 1380KB)
    PeakWorkingSetSize                21240
    VirtualSize                       313 Mb
    PeakVirtualSize                   329 Mb
    PageFaultCount                    52789
    MemoryPriority                    BACKGROUND
    BasePriority                      8
    CommitCharge                      19661
    Job                               860f6de0

        *** Error in reading nt!_ETHREAD @ 87c67030
```

Regards. . .

jcgriff2


----------



## bluegarfield (Nov 26, 2007)

*Re: bluecreen and dump physical memory often, pls help*

http://www.techsupportforum.com/attachment.php?attachmentid=31999&stc=1&d=1217639765

I have done evrythg in sequence, but cannot use dss in your ways, i just right-click on the dss icon => run as admin. 

There are still bsod occurs, could you pls debug n help me to fix this completely. thx

p/s password of the rar, i have pm to you.


----------



## jcgriff2 (Sep 30, 2007)

*Re: bluecreen and dump physical memory often, pls help*

Hi. . .

Do you have a drive h:?


----------



## jcgriff2 (Sep 30, 2007)

*Re: bluecreen and dump physical memory often, pls help*

Hi. . .

Here are the results from the 3 latest mini kernel dumps (note that the last parameter of each is very close to the same on your original BSOD screen 0x832f1cba):


```
Debug session time: Sun Aug  3 10:17:44.013 2008 (GMT-4)
System Uptime: 1 days 13:30:43.618
BugCheck [B][color=red]0x0000000a (0x00000000, 0x0000001b, 0x00000000, 0x832f7cba)[/color][/B]
Probably caused by : [COLOR=blue]ntkrpamp.exe [/COLOR]( nt!KiUnwaitThread+14 )
PROCESS_NAME:  avp.exe
--------------------------------------------------------------------------------
Debug session time: Wed Aug  6 04:33:18.654 2008 (GMT-4)
System Uptime: 0 days 23:47:42.792
BugCheck [color=red]0x0000000a (0x00000000, 0x0000001b, 0x00000000, 0x832b5cba)[/color]
Probably caused by : [COLOR=blue]ntkrpamp.exe[/COLOR] ( nt!KiUnwaitThread+14 )
PROCESS_NAME:  spoolsv.exe
--------------------------------------------------------------------------------
Debug session time: Wed Aug  6 08:59:37.277 2008 (GMT-4)
System Uptime: 0 days 4:19:25.274
BugCheck [color=red]0x0000000a (0x00000000, 0x0000001b, 0x00000000, 0x83305cba)[/color]
Probably caused by : [COLOR=blue]ntkrpamp.exe[/COLOR] ( nt!KiUnwaitThread+14 )
PROCESS_NAME:  svchost.exe
--------------------------------------------------------------------------------
```
The first BSOD lists avp.exe as the process running at the time of the crash - it belongs to Kaspersky Internet Security Suite. I also recognized some McAfee drivers in the dump files - but they were from mid/late 2007. This scenario is exactly one of the reasons that I was persistent regarding the running of DSS and HiJackThis - and here is what I found:

```
Windows Internal Firewall is disabled.

FW: McAfee Personal Firewall v (McAfee) [COLOR=RED]Disabled[/COLOR]
FW: Kaspersky Internet Security v7.0.1.325 (Kaspersky Lab)
AV: Kaspersky Internet Security v7.0.1.325 (Kaspersky Lab) [COLOR=RED]Outdated[/COLOR]
AV: McAfee VirusScan v (McAfee) [COLOR=RED]Outdated[/COLOR]
AS: McAfee VirusScan v (McAfee) [COLOR=RED]Outdated[/COLOR]
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation) [COLOR=RED]Disabled[/COLOR]
AS: Kaspersky Internet Security v7.0.1.325 (Kaspersky Lab)
```
You have an outdated Kaspersky product failing while calling home mixing in with a disabled yet very present McAfee installation. This is not a good combination. I suggest that you remove both products with their respective removal tools - Kaspersky Removal Tool and McAfee Removal Tool. Be sure to re-boot after each is completed. 

Then I recommend that you re-enable and reset the Windows Firewall to its default settings. Click on START, then type firewallsettings.exe into the start search box | click on FirewallSettings.exe above. Turn the Windows Firewall ON. Then click on the Advanced tab | click on Restore Defaults | Apply | OK. Re-boot again.

I would also check on Windows Defender as it is currently disabled. Turn it on if you would like. Re-install the anti-virus of your choice, but I would not advise the use of a 3rd party firewall - at least until your system has stabilized. 

Also - did you run the chkdsk and sfc programs after the 0x24 BSOD? 

Test your system and let me know how things go.

Regards. . .

jcgriff2

.


----------



## bluegarfield (Nov 26, 2007)

*Re: bluecreen and dump physical memory often, pls help*

I have remove McAfee from my system as suggested. However, KIS is not really outdated as I didn't update it for just about three weeks i think, but problem has been resolved. 

chkdsk and sfc show no sign of error

Recently, i also notice that my HDD free space keep decreasing gradually. I cleaned up i had about 30GB free, but two days later it was 28GB and till now, around 1 week, I have 20GB left. I manage all my files quite well and I'm sure that i just used about 1GB for new stuff like movies or photo, but I wonder what takes up the other 9GB. Is it because I put my laptop to "sleep" instead of shut down for so long(usually about 1-2 week before I completely shut down once so as to save time when i want to use my laptop).Or is it because of all the dump files created?

I think that you may find something about it within the info i send you

By the way, what anti virus software should i use (Bitdefender/McAfee/Kaspersky.....)

see you
BG


----------



## bdesmondMVP (May 19, 2008)

*Re: bluecreen and dump physical memory often, pls help*

Yeah so antivirus programs are notorious for these sorts of problems. My personal recommendation is NOD32 ESET, but, that's just me. 

All that said, this looking at dump after dump for the symptom here is likely to get you absolutely nowhere - especially seeing as we can reliably crash in the same place everytime.

Driver verifier however is your friend.


```
Fire up driver verifier by going start>run>verifier.exe

1. Create Custom Settings
2. Select individual settings from list
3. Check Force IRQL Checking
4. Select drivers from a list
5. Click the provider heading to sort
6. Check everything that doesn't have Microsoft as the provider
7. Finish & reboot

Next time the box crashes, upload the dumps (zip c:\windows\minidumps). Driver verifier adds a bunch of checks to help us identify the culprit.
```


----------



## bluegarfield (Nov 26, 2007)

*Re: bluecreen and dump physical memory often, pls help*

@bdesmondMVP: I have done as what you said and after reboot, I didnt see anything change. Could you pls explain more about how driver verifier works ?


----------



## Pashy (Aug 13, 2008)

*Re: bluecreen and dump physical memory often, pls help*

Hi, new to the forums, but I also had problems with Vista dumping and BSoD like this. Turns out it was one little program that I had installed. I had an older version of a dialup program for my computer, and each time it booted, it would make Vista scream in pain. After I upgraded to the Vista version, the BSoD and dumping stopped.

So maybe you're running something not compatible with Vista?

Just my guess from my experiences.


----------



## jcgriff2 (Sep 30, 2007)

*Re: bluecreen and dump physical memory often, pls help*

Hi. . .

The latest crash dump has a familiar bugcheck - 0x0000000a (0x00000000, 0x0000001b, 0x00000000, 0x832c1cba):

```
[b]
BugCheck A, {0, 1b, 0, 832c1cba}
Debug session time: Wed Aug 13 01:47:51.669 2008 (GMT-4)
System Uptime: 3 days 0:43:45.275
Probably caused by : ntkrpamp.exe ( nt!KiUnwaitThread+14 )
PROCESS_NAME:  spoolsv.exe

[/b]
```

Found in one of the DSS logs that gives us a few Event Viewer records:

```
[B]
[size=3][COLOR=Blue]5[/COLOR][/size] of these errors in 14 seconds:
Event Record #/Type30281 / [COLOR=red]Error[/COLOR]

[COLOR=blue]
Event Submitted/Written: 08/06/2008 09:03:09 PM
Event Submitted/Written: 08/06/2008 09:03:07 PM
Event Submitted/Written: 08/06/2008 09:03:07 PM
Event Submitted/Written: 08/06/2008 09:02:55 PM
Event Submitted/Written: 08/06/2008 09:02:55 PM[/COLOR]

Event ID/Source: [COLOR=red]3013 / Windows Search Service[/COLOR]
Event Description:
The entry <C:\USERS\*********\DESKTOP\LINKS\ATTACHMENTS_2008_07_03\*\*.XLS> in the hash map cannot be updated.
Context: [COLOR=darkgreen] Application, SystemIndex Catalog[/COLOR]
Details: [COLOR=blue]A device attached to the system is not functioning.   (0x8007001f)[/COLOR]

[/B]
```

Check your Event Viewer - Administrator log under Custom Views and see if this error is still present. The reading that I have done on this error suggests that it is a clash between Windows Indexer and Kaspersky v7. Kaspersky does have v8 out now.

As for the HDD space on your system - download and install TreeSize. After installation, go to your desktop and right-click on the TreeSize icon and select run as administrator. It will give you space figures by folder.

Regards. . .

jcgriff2

.


```
[b]
Opened log file 'F:\HP_08-11-08\D\#Dumps\bluegarfield-Vista-07-05-08\$99-dbug.txt'

Microsoft (R) Windows Debugger Version 6.9.0003.113 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [F:\HP_08-12-08\D\#Dumps\bluegarfield-Vista-07-05-08\Mini081308-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows Server 2008 Kernel Version 6001 (Service Pack 1) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 6001.18063.x86fre.vistasp1_gdr.080425-1930
Kernel base = 0x8320e000 PsLoadedModuleList = 0x83325c70
Debug session time: Wed Aug 13 01:47:51.669 2008 (GMT-4)
System Uptime: 3 days 0:43:45.275
Loading Kernel Symbols
..................................................................................................................................................................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck A, {0, 1b, 0, 832c1cba}

Probably caused by : ntkrpamp.exe ( nt!KiUnwaitThread+14 )

Followup: MachineOwner
---------

0: kd> !analyze -v;r;kv;lmtn;.logclose;q
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 00000000, memory referenced
Arg2: 0000001b, IRQL
Arg3: 00000000, bitfield :
	bit 0 : value 0 = read operation, 1 = write operation
	bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: 832c1cba, address which referenced memory

Debugging Details:
------------------


READ_ADDRESS: GetPointerFromAddress: unable to read from 83345868
Unable to read MiSystemVaType memory at 83325420
 00000000 

CURRENT_IRQL:  1b

FAULTING_IP: 
nt!KiUnwaitThread+14
832c1cba 8b08            mov     ecx,dword ptr [eax]

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0xA

PROCESS_NAME:  spoolsv.exe

TRAP_FRAME:  8296ec94 -- (.trap 0xffffffff8296ec94)
.trap 0xffffffff8296ec94
ErrCode = 00000000
eax=00000000 ebx=83408f00 ecx=85e11b60 edx=85e11b60 esi=87cc6030 edi=00000418
eip=832c1cba esp=8296ed08 ebp=8296ed1c iopl=0         nv up ei pl nz ac po cy
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010213
nt!KiUnwaitThread+0x14:
832c1cba 8b08            mov     ecx,dword ptr [eax]  ds:0023:00000000=????????
.trap
Resetting default scope

LAST_CONTROL_TRANSFER:  from 832c1cba to 83268d84

STACK_TEXT:  
8296ec94 832c1cba badb0d00 85e11b60 8296ecb7 nt!KiTrap0E+0x2ac
8296ed1c 8323bce0 00000002 0000006c 039afc24 nt!KiUnwaitThread+0x14
8296ed40 83408f93 87cc6030 85be8a01 87cc6030 nt!KeAlertThread+0x5e
8296ed58 83265a7a 0000006c 039afc30 77399a94 nt!NtAlertThread+0x3e
8296ed58 77399a94 0000006c 039afc30 77399a94 nt!KiFastCallEntry+0x12a
WARNING: Frame IP not in any known module. Following frames may be wrong.
039afc30 00000000 00000000 00000000 00000000 0x77399a94


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt!KiUnwaitThread+14
832c1cba 8b08            mov     ecx,dword ptr [eax]

SYMBOL_STACK_INDEX:  1

SYMBOL_NAME:  nt!KiUnwaitThread+14

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrpamp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  4812bd71

FAILURE_BUCKET_ID:  0xA_nt!KiUnwaitThread+14

BUCKET_ID:  0xA_nt!KiUnwaitThread+14

Followup: MachineOwner
---------

eax=83306920 ebx=0000001b ecx=8330e1f8 edx=0000016f esi=8330693c edi=8296e908
eip=83268d84 esp=8296ec7c ebp=8296ec94 iopl=0         nv up ei pl nz ac po nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00000212
nt!KiTrap0E+0x2ac:
83268d84 833d64cc338300  cmp     dword ptr [nt!KiFreezeFlag (8333cc64)],0 ds:0023:8333cc64=????????
ChildEBP RetAddr  Args to Child              
8296ec94 832c1cba badb0d00 85e11b60 8296ecb7 nt!KiTrap0E+0x2ac (FPO: [0,0] TrapFrame @ 8296ec94)
8296ed1c 8323bce0 00000002 0000006c 039afc24 nt!KiUnwaitThread+0x14
8296ed40 83408f93 87cc6030 85be8a01 87cc6030 nt!KeAlertThread+0x5e
8296ed58 83265a7a 0000006c 039afc30 77399a94 nt!NtAlertThread+0x3e
8296ed58 77399a94 0000006c 039afc30 77399a94 nt!KiFastCallEntry+0x12a (FPO: [0,3] TrapFrame @ 8296ed64)
WARNING: Frame IP not in any known module. Following frames may be wrong.
039afc30 00000000 00000000 00000000 00000000 0x77399a94
start    end        module name
8060d000 80615000   kdcom    kdcom.dll    Sat Jan 19 02:31:53 2008 (4791A769)
80615000 80675000   mcupdate_GenuineIntel mcupdate_GenuineIntel.dll Sat Jan 19 02:29:43 2008 (4791A6E7)
80675000 80686000   PSHED    PSHED.dll    Sat Jan 19 02:31:21 2008 (4791A749)
80686000 8068e000   BOOTVID  BOOTVID.dll  Sat Jan 19 02:27:15 2008 (4791A653)
8068e000 806cf000   CLFS     CLFS.SYS     Sat Jan 19 00:28:01 2008 (47918A61)
806cf000 807af000   CI       CI.dll       Fri Feb 22 00:00:56 2008 (47BE5708)
807af000 807d6000   pci      pci.sys      Sat Jan 19 00:32:57 2008 (47918B89)
807d6000 807e5000   partmgr  partmgr.sys  Sat Jan 19 00:49:54 2008 (47918F82)
807e5000 807ef000   BATTC    BATTC.SYS    Sat Jan 19 00:32:45 2008 (47918B7D)
807ef000 807fe000   volmgr   volmgr.sys   Sat Jan 19 00:49:51 2008 (47918F7F)
8320e000 835c7000   nt       ntkrpamp.exe Sat Apr 26 01:28:17 2008 (4812BD71)
835c7000 835fa000   hal      halmacpi.dll Sat Jan 19 00:27:20 2008 (47918A38)
84006000 84082000   Wdf01000 Wdf01000.sys Sat Jan 19 00:52:21 2008 (47919015)
84082000 8408f000   WDFLDR   WDFLDR.SYS   Sat Jan 19 00:52:19 2008 (47919013)
8408f000 84177000   sptd     sptd.sys     Tue Apr 03 08:12:11 2007 (4612449B)
84177000 84180000   WMILIB   WMILIB.SYS   Sat Jan 19 00:53:08 2008 (47919044)
84180000 841a6000   SCSIPORT SCSIPORT.SYS Sat Jan 19 00:49:44 2008 (47918F78)
841a6000 841ec000   acpi     acpi.sys     Sat Jan 19 00:32:48 2008 (47918B80)
841ec000 841f4000   msisadrv msisadrv.sys Sat Jan 19 00:32:51 2008 (47918B83)
841f4000 841f6900   compbatt compbatt.sys Sat Jan 19 00:32:47 2008 (47918B7F)
841f7000 84200000   hidusb   hidusb.sys   Sat Jan 19 00:53:17 2008 (4791904D)
84207000 84251000   volmgrx  volmgrx.sys  Sat Jan 19 00:50:00 2008 (47918F88)
84251000 84258000   intelide intelide.sys Sat Jan 19 00:49:42 2008 (47918F76)
84258000 84266000   PCIIDEX  PCIIDEX.SYS  Sat Jan 19 00:49:40 2008 (47918F74)
84266000 8426d000   pciide   pciide.sys   Fri Nov 17 01:21:26 2006 (455D54E6)
8426d000 8427d000   mountmgr mountmgr.sys Sat Jan 19 00:49:13 2008 (47918F59)
8427d000 84285000   atapi    atapi.sys    Sat Jan 19 00:49:40 2008 (47918F74)
84285000 842a3000   ataport  ataport.SYS  Sat Jan 19 00:49:40 2008 (47918F74)
842a3000 842d5000   fltmgr   fltmgr.sys   Sat Jan 19 00:28:10 2008 (47918A6A)
842d5000 842e5000   fileinfo fileinfo.sys Sat Jan 19 00:34:27 2008 (47918BE3)
842e5000 84356000   ksecdd   ksecdd.sys   Sat Jan 19 00:41:20 2008 (47918D80)
84356000 8436e000   cdrom    cdrom.sys    Sat Jan 19 00:49:50 2008 (47918F7E)
8436e000 84376880   InCDRm   InCDRm.sys   Tue Feb 26 10:23:29 2008 (47C42EF1)
84377000 843dd000   a637lohk a637lohk.SYS Wed Apr 11 13:59:50 2007 (461D2216)
843dd000 843f9000   kl1      kl1.sys      Wed Oct 31 06:40:25 2007 (47285B99)
89008000 89113000   ndis     ndis.sys     Sat Jan 19 00:55:51 2008 (479190E7)
89113000 8913e000   msrpc    msrpc.sys    unavailable (00000000)
8913e000 89178000   NETIO    NETIO.SYS    Sat Jan 19 00:56:19 2008 (47919103)
89178000 891c9000   rixdptsk rixdptsk.sys Tue Nov 14 20:35:19 2006 (455A6ED7)
891c9000 891f3100   SynTP    SynTP.sys    Mon Nov 06 20:34:46 2006 (454FE2B6)
891f4000 891fc300   InCDPass InCDPass.sys Tue Feb 26 10:26:13 2008 (47C42F95)
89207000 892ee000   tcpip    tcpip.sys    Sat Apr 26 02:00:17 2008 (4812C4F1)
892ee000 89309000   fwpkclnt fwpkclnt.sys Sat Jan 19 00:55:44 2008 (479190E0)
89309000 89318000   intelppm intelppm.sys Sat Jan 19 00:27:20 2008 (47918A38)
89318000 8931b780   CmBatt   CmBatt.sys   Sat Jan 19 00:32:47 2008 (47918B7F)
8931c000 8935a000   USBPORT  USBPORT.SYS  Sat Jan 19 00:53:23 2008 (47919053)
8935a000 89369000   usbehci  usbehci.sys  Sat Jan 19 00:53:21 2008 (47919051)
89369000 8937a000   bcm4sbxp bcm4sbxp.sys Wed Jun 14 17:02:02 2006 (4490794A)
8937a000 89389200   ohci1394 ohci1394.sys Sat Jan 19 00:53:33 2008 (4791905D)
8938a000 89397080   1394BUS  1394BUS.SYS  Sat Jan 19 00:53:27 2008 (47919057)
89398000 893b2000   sdbus    sdbus.sys    Sat Jan 19 00:32:56 2008 (47918B88)
893b2000 893c0000   rimmptsk rimmptsk.sys Wed Nov 15 03:16:23 2006 (455ACCD7)
893c0000 893d4000   rimsptsk rimsptsk.sys Tue Nov 14 22:42:45 2006 (455A8CB5)
893d4000 893e7000   i8042prt i8042prt.sys Sat Jan 19 00:49:17 2008 (47918F5D)
893e7000 893f2000   mouclass mouclass.sys Sat Jan 19 00:49:14 2008 (47918F5A)
893f2000 893fd000   kbdclass kbdclass.sys Sat Jan 19 00:49:14 2008 (47918F5A)
893fd000 893ff500   GEARAspiWDM GEARAspiWDM.sys Tue Jan 29 12:00:57 2008 (479F5BC9)
89402000 89511000   Ntfs     Ntfs.sys     Sat Jan 19 00:28:54 2008 (47918A96)
89511000 8954a000   volsnap  volsnap.sys  Sat Jan 19 00:50:10 2008 (47918F92)
8954a000 89552000   spldr    spldr.sys    Thu Jun 21 20:29:17 2007 (467B17DD)
89552000 89561000   mup      mup.sys      Sat Jan 19 00:28:20 2008 (47918A74)
89561000 89588000   ecache   ecache.sys   Sat Jan 19 00:50:47 2008 (47918FB7)
89588000 89599000   disk     disk.sys     Sat Jan 19 00:49:47 2008 (47918F7B)
89599000 895ba000   CLASSPNP CLASSPNP.SYS Sat Jan 19 00:49:36 2008 (47918F70)
895ba000 895c3000   crcdisk  crcdisk.sys  Thu Nov 02 04:52:27 2006 (4549B1CB)
895c3000 895de000   luafv    luafv.sys    Sat Jan 19 00:30:35 2008 (47918AFB)
895e3000 895ee000   tunnel   tunnel.sys   Sat Jan 19 00:55:50 2008 (479190E6)
895ee000 895f7000   tunmp    tunmp.sys    Sat Jan 19 00:55:40 2008 (479190DC)
895f7000 89600000   wmiacpi  wmiacpi.sys  Sat Jan 19 00:32:47 2008 (47918B7F)
8dc07000 8dc35000   msiscsi  msiscsi.sys  Sat Jan 19 00:50:44 2008 (47918FB4)
8dc35000 8dc76000   storport storport.sys Sat Jan 19 00:49:49 2008 (47918F7D)
8dc76000 8dc81000   TDI      TDI.SYS      Sat Jan 19 00:57:10 2008 (47919136)
8dc81000 8dc98000   rasl2tp  rasl2tp.sys  Sat Jan 19 00:56:33 2008 (47919111)
8dc98000 8dca3000   ndistapi ndistapi.sys Sat Jan 19 00:56:24 2008 (47919108)
8dca3000 8dcc6000   ndiswan  ndiswan.sys  Sat Jan 19 00:56:32 2008 (47919110)
8dcc6000 8dcd5000   raspppoe raspppoe.sys Sat Jan 19 00:56:33 2008 (47919111)
8dcd5000 8dce9000   raspptp  raspptp.sys  Sat Jan 19 00:56:34 2008 (47919112)
8dce9000 8dcfe000   rassstp  rassstp.sys  Sat Jan 19 00:56:43 2008 (4791911B)
8dcfe000 8dd87000   rdpdr    rdpdr.sys    Sat Jan 19 01:02:27 2008 (47919273)
8dd87000 8dd97000   termdd   termdd.sys   Sat Jan 19 01:01:06 2008 (47919222)
8dd97000 8dd98380   swenum   swenum.sys   Sat Jan 19 00:49:20 2008 (47918F60)
8dd99000 8ddc3000   ks       ks.sys       Sat Jan 19 00:49:21 2008 (47918F61)
8ddc3000 8ddcd000   mssmbios mssmbios.sys Sat Jan 19 00:32:55 2008 (47918B87)
8ddcd000 8ddda000   umbus    umbus.sys    Sat Jan 19 00:53:40 2008 (47919064)
8ddda000 8dde8000   Npfs     Npfs.SYS     Sat Jan 19 00:28:09 2008 (47918A69)
8dde8000 8ddfe000   tdx      tdx.sys      Sat Jan 19 00:55:58 2008 (479190EE)
8e000000 8e00b000   usbuhci  usbuhci.sys  Sat Jan 19 00:53:20 2008 (47919050)
8e00c000 8e6b9000   atikmdag atikmdag.sys Wed Mar 14 22:04:24 2007 (45F8A9A8)
8e6b9000 8e758000   dxgkrnl  dxgkrnl.sys  Sat Jan 19 00:36:36 2008 (47918C64)
8e758000 8e765000   watchdog watchdog.sys Sat Jan 19 00:35:29 2008 (47918C21)
8e765000 8e777000   HDAudBus HDAudBus.sys Tue Nov 27 18:18:41 2007 (474CA5D1)
8e777000 8e7fd000   bcmwl6   bcmwl6.sys   Mon Nov 13 11:48:20 2006 (4558A1D4)
8e7fd000 8e7fe700   USBD     USBD.SYS     Sat Jan 19 00:53:17 2008 (4791904D)
8e800000 8e80b000   Msfs     Msfs.SYS     unavailable (00000000)
8e80d000 8e841000   usbhub   usbhub.sys   Sat Jan 19 00:53:40 2008 (47919064)
8e841000 8e852000   NDProxy  NDProxy.SYS  Sat Jan 19 00:56:28 2008 (4791910C)
8e852000 8e8f5000   stwrt    stwrt.sys    Wed Nov 22 14:37:58 2006 (4564A716)
8e8f5000 8e922000   portcls  portcls.sys  Sat Jan 19 00:53:17 2008 (4791904D)
8e922000 8e947000   drmk     drmk.sys     Sat Jan 19 01:53:02 2008 (47919E4E)
8e947000 8e984000   HSXHWAZL HSXHWAZL.sys Wed Oct 18 14:08:11 2006 (45366D8B)
8e984000 8e98b000   Null     Null.SYS     unavailable (00000000)
8e98b000 8e992000   Beep     Beep.SYS     Sat Jan 19 00:49:10 2008 (47918F56)
8e992000 8e99b000   rasacd   rasacd.sys   Sat Jan 19 00:56:31 2008 (4791910F)
8e99b000 8e9a1380   HIDPARSE HIDPARSE.SYS Sat Jan 19 00:53:16 2008 (4791904C)
8e9a2000 8e9ae000   vga      vga.sys      Sat Jan 19 00:52:06 2008 (47919006)
8e9ae000 8e9cf000   VIDEOPRT VIDEOPRT.SYS Sat Jan 19 00:52:10 2008 (4791900A)
8e9cf000 8e9d7000   RDPCDD   RDPCDD.sys   Sat Jan 19 01:01:08 2008 (47919224)
8e9d7000 8e9df000   rdpencdd rdpencdd.sys Sat Jan 19 01:01:09 2008 (47919225)
8e9df000 8e9fd080   InCDFs   InCDFs.sys   Tue Feb 26 10:25:25 2008 (47C42F65)
8ec06000 8ed09000   HSX_DPV  HSX_DPV.sys  Wed Oct 18 14:09:22 2006 (45366DD2)
8ed09000 8edbd000   HSX_CNXT HSX_CNXT.sys Wed Oct 18 14:08:01 2006 (45366D81)
8edbd000 8edca000   modem    modem.sys    Sat Jan 19 00:57:16 2008 (4791913C)
8edca000 8edf2000   klif     klif.sys     Thu Dec 13 05:08:58 2007 (476104BA)
8edf2000 8edfb000   Fs_Rec   Fs_Rec.SYS   unavailable (00000000)
8edfb000 8edfdf00   InCDRec  InCDRec.sys  Tue Feb 26 10:22:20 2008 (47C42EAC)
8f20b000 8f21b000   HIDCLASS HIDCLASS.SYS Sat Jan 19 00:53:16 2008 (4791904C)
8f21b000 8f223000   mouhid   mouhid.sys   Sat Jan 19 00:49:16 2008 (47918F5C)
8f223000 8f237000   smb      smb.sys      Sat Jan 19 00:55:27 2008 (479190CF)
8f237000 8f27f000   afd      afd.sys      Sat Jan 19 00:57:00 2008 (4791912C)
8f27f000 8f2b1000   netbt    netbt.sys    Sat Jan 19 00:55:33 2008 (479190D5)
8f2b1000 8f2ba000   ws2ifsl  ws2ifsl.sys  Sat Jan 19 00:56:49 2008 (47919121)
8f2ba000 8f2d0000   pacer    pacer.sys    Fri Apr 04 21:21:42 2008 (47F6D426)
8f2d0000 8f2d7000   klim6    klim6.sys    Tue Oct 16 04:05:12 2007 (471470B8)
8f2d7000 8f2e5000   netbios  netbios.sys  Sat Jan 19 00:55:45 2008 (479190E1)
8f2e5000 8f2f8000   wanarp   wanarp.sys   Sat Jan 19 00:56:31 2008 (4791910F)
8f2f8000 8f2ff760   SCDEmu   SCDEmu.SYS   Mon Aug 06 20:15:06 2007 (46B7B98A)
8f300000 8f33c000   rdbss    rdbss.sys    Sat Jan 19 00:28:34 2008 (47918A82)
8f33c000 8f346000   nsiproxy nsiproxy.sys Sat Jan 19 00:55:50 2008 (479190E6)
8f346000 8f3a0000   csc      csc.sys      Sat Jan 19 00:28:54 2008 (47918A96)
8f3a0000 8f3b7000   dfsc     dfsc.sys     Sat Jan 19 00:28:20 2008 (47918A74)
8f3b7000 8f3c4000   crashdmp crashdmp.sys Sat Jan 19 00:49:43 2008 (47918F77)
8f3c4000 8f3cf000   dump_dumpata dump_dumpata.sys Sat Jan 19 00:49:40 2008 (47918F74)
8f3cf000 8f3d7000   dump_atapi dump_atapi.sys Sat Jan 19 00:49:40 2008 (47918F74)
8f3d7000 8f3e1000   Dxapi    Dxapi.sys    Sat Jan 19 00:36:12 2008 (47918C4C)
8f3e1000 8f3f0000   monitor  monitor.sys  Sat Jan 19 00:52:19 2008 (47919013)
96c40000 96e41000   win32k   win32k.sys   Thu Feb 28 23:21:37 2008 (47C78851)
96e60000 96e69000   TSDDD    TSDDD.dll    Sat Jan 19 01:01:09 2008 (47919225)
96e70000 96ebc000   ATMFD    ATMFD.DLL    Sat Jan 19 00:36:13 2008 (47918C4D)
96ed0000 96ede000   cdd      cdd.dll      unavailable (00000000)
99005000 990b4000   spsys    spsys.sys    Thu Jun 21 20:33:02 2007 (467B18BE)
990b4000 990c4000   lltdio   lltdio.sys   Sat Jan 19 00:55:03 2008 (479190B7)
990c4000 990ee000   nwifi    nwifi.sys    Sat Jan 19 00:53:58 2008 (47919076)
990ee000 990f8000   ndisuio  ndisuio.sys  Sat Jan 19 00:55:40 2008 (479190DC)
990f8000 9910b000   rspndr   rspndr.sys   Sat Jan 19 00:55:03 2008 (479190B7)
9910b000 99176000   HTTP     HTTP.sys     Sat Jan 19 00:55:21 2008 (479190C9)
99176000 99193000   srvnet   srvnet.sys   Sat Jan 19 00:29:11 2008 (47918AA7)
99193000 991ac000   bowser   bowser.sys   Sat Jan 19 00:28:26 2008 (47918A7A)
991ac000 991c1000   mpsdrv   mpsdrv.sys   Sat Jan 19 00:54:45 2008 (479190A5)
991c1000 991e1000   mrxdav   mrxdav.sys   Sat Jan 19 00:28:44 2008 (47918A8C)
991e1000 99200000   mrxsmb   mrxsmb.sys   Sat Jan 19 00:28:33 2008 (47918A81)
9a80d000 9a846000   mrxsmb10 mrxsmb10.sys Sat Jan 19 00:28:40 2008 (47918A88)
9a846000 9a85e000   mrxsmb20 mrxsmb20.sys Sat Jan 19 00:28:35 2008 (47918A83)
9a85e000 9a885000   srv2     srv2.sys     Sat Jan 19 00:29:14 2008 (47918AAA)
9a885000 9a8d1000   srv      srv.sys      Sat Jan 19 00:29:25 2008 (47918AB5)
9a8d1000 9a8d7000   artmoney artmoney.sys Sat Sep 08 17:56:37 2007 (46E31A95)
9a8d7000 9a8d8d00   dsunidrv dsunidrv.sys Thu May 25 13:04:54 2006 (4475E3B6)
9a8d9000 9a8dc180   mdmxsdk  mdmxsdk.sys  Mon Jun 19 17:26:59 2006 (449716A3)
9a8dd000 9a9bb000   peauth   peauth.sys   Mon Oct 23 04:55:32 2006 (453C8384)
9a9bb000 9a9c5000   secdrv   secdrv.SYS   Wed Sep 13 09:18:32 2006 (45080528)
9a9c5000 9a9d1000   tcpipreg tcpipreg.sys Sat Jan 19 00:56:07 2008 (479190F7)
9a9d1000 9a9d9000   xaudio   xaudio.sys   Fri Aug 04 20:39:09 2006 (44D3E8AD)
9be04000 9be2c000   fastfat  fastfat.SYS  Sat Jan 19 00:28:00 2008 (47918A60)
9be2c000 9be42000   cdfs     cdfs.sys     Sat Jan 19 00:28:02 2008 (47918A62)

Unloaded modules:
8f3f0000 8f3f8000   drmkaud.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
895c3000 895d0000   crashdmp.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
895d0000 895db000   dump_ataport
    Timestamp: unavailable (00000000)
    Checksum:  00000000
895db000 895e3000   dump_atapi.s
    Timestamp: unavailable (00000000)
    Checksum:  00000000
8e992000 8e99b000   kbdhid.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000

.

[/b]
```


----------



## bluegarfield (Nov 26, 2007)

*Re: bluecreen and dump physical memory often, pls help*

@jcgriff2 


> Check your Event Viewer - Administrator log under Custom Views and see if this error is still present. The reading that I have done on this error suggests that it is a clash between Windows Indexer and Kaspersky v7. Kaspersky does have v8 out now.


this means if i install the newer version of KIS or replace it by something else, it would solve the bsod problem?
By the way, I still dont know what does driver verifier do. could you pls explain it further?

...


----------



## jcgriff2 (Sep 30, 2007)

*Re: bluecreen and dump physical memory often, pls help*

Hi. . .

At this time, I am in the midst of testing the driver verifier to compare dumps pre-verifier and post verifier using dumps from forced BSODs on my own systems to see for myself what the difference is. It is supposed to provide additional information contained within the dump files as was mentioned by *bdesmondMVP* to help further pinpoint the cause of a BSOD if in fact a driver is involved.

As far as Kaspersky and the BSODs themselves - sorry, but there is no guarantee that this will end the system crashes. This is simply something that I noticed based on the dates of the modules for KIS. Anti-virus/firewalls are notorious for causing or at least contributing to BSODs.

Regards. . .

jcgriff2

.


----------



## bluegarfield (Nov 26, 2007)

*Re: bluecreen and dump physical memory often, pls help*

Hi,

It's has been a long time since I wanted to test the compatibility of the newer ver. of KIS with Vista, and it seems like the problem has been solved. I'm not very sure but so far, there hasn't been any BSOD happened yet. Who knows what may happen. The only thing I found out recently is that my computer has been slowed down significantly, that's all.

By the way, Windows Search Indexer (WSI) has been closely related to the previous BSOD. So, what does WSI really do and can I disable it in Windows services??

See you,


----------



## jcgriff2 (Sep 30, 2007)

*Re: bluecreen and dump physical memory often, pls help*

Hello. . .

In the BSODs, WSI was simply a process running at the time of the system crash - like IE7 or the print spooler. It does not necessarily mean that it was in any way responsible, although a named process could be. In this case my belief is that the KIS driver which referenced a location in memory it should not have simply crossed paths with WSI.

WSI is the program SearchIndexer.exe that allows you to perform searches for files and folders within your system. To see what is indexed and how many files are in the index, click on START then type *index* into the start search box and you should see Index Options appear at the top. Click on that and have a look.

Regards. . .

jcgriff2

.


----------



## bluegarfield (Nov 26, 2007)

*Re: bluecreen and dump physical memory often, pls help*

Thank you, jcgriff2. I think the problem has been solved thoroughly, or it appears to be so . If there's any further problem, I think I'd better pm you. 

(Mod pls close topic if needed)


----------



## jcgriff2 (Sep 30, 2007)

*Re: bluecreen and dump physical memory often, pls help*

Great to hear this is solved for you.... 

Thanks for provididing all of the information that I asked for - a huge help to me!

Good Luck.

Regards. . .

jcgriff2

.


----------

