Bugcheck

Any help with this would be appreciated. The only very recent change known is the installation of a new printer. Thanks.



Microsoft (R) Windows Debugger Version 6.5.0003.7
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Documents and Settings\csadmin\Desktop\MEMORY.DMP]
Kernel Complete Dump File: Full address space is available

Symbol search path is: C:\WINNT\Symbols
Executable search path is: c:\winnt\system32
Windows 2000 Kernel Version 2195 (Service Pack 4) UP Free x86 compatible
Product: LanManNt, suite: SmallBusiness TerminalServer SmallBusinessRestricted SingleUserTS
Kernel base = 0x80400000 PsLoadedModuleList = 0x804814c0
Debug session time: Tue Sep 13 16:38:31.292 2005 (GMT-5)
System Uptime: 0 days 11:27:35.015
Loading Kernel Symbols
................................................................................................................
Loading unloaded module list
....
Loading User Symbols
................................................................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1E, {c0000005, 804ad824, 0, b0}

*** WARNING: symbols timestamp is wrong 0x4060ef9b 0x41e648e0 for ntdll.dll
Probably caused by : ntoskrnl.exe ( nt!IopMountVolume+1b8 )

Followup: MachineOwner
---------

kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 804ad824, The address that the exception occurred at
Arg3: 00000000, Parameter 0 of the exception
Arg4: 000000b0, Parameter 1 of the exception

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx ". The memory could not be "%s ".

FAULTING_IP:
nt!IopMountVolume+1b8
804ad824 8b89b0000000 mov ecx,[ecx+0xb0]

EXCEPTION_PARAMETER1: 00000000

EXCEPTION_PARAMETER2: 000000b0

READ_ADDRESS: 000000b0

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x1E

EXCEPTION_RECORD: bd806778 -- (.exr ffffffffbd806778)
ExceptionAddress: 804ad824 (nt!IopMountVolume+0x000001b8)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 000000b0
Attempt to read from address 000000b0

LAST_CONTROL_TRANSFER: from 8042891e to 804ad824

TRAP_FRAME: bd8067cc -- (.trap ffffffffbd8067cc)
ErrCode = 00000000
eax=8902f868 ebx=8904dc64 ecx=00000000 edx=00000000 esi=8902a810 edi=00000000
eip=804ad824 esp=bd806840 ebp=bd80687c iopl=0 nv up ei pl zr na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
nt!IopMountVolume+0x1b8:
804ad824 8b89b0000000 mov ecx,[ecx+0xb0] ds:0023:000000b0=????????
Resetting default scope

STACK_TEXT:
bd80687c 8042891e 00000000 00000001 00000000 nt!IopMountVolume+0x1b8
bd8068a4 804bf2d5 bd806c34 8902a810 bd806a88 nt!IopCheckVpbMounted+0x30
bd806a44 8045086f 8902a810 00000000 bd806afc nt!IopParseDevice+0x41b
bd806abc 804d599e 00000000 89064b00 00000040 nt!ObpLookupObjectName+0x4c3
bd806bcc 8049f9f3 00000000 00000000 00000001 nt!ObOpenObjectByName+0xc6
bd806ca8 8049f598 050ee43c 80100080 050ee3d8 nt!IopCreateFile+0x409
bd806cf0 804a6fe0 050ee43c 80100080 050ee3d8 nt!IoCreateFile+0x38
bd806d30 80464f84 050ee43c 80100080 050ee3d8 nt!NtCreateFile+0x30
bd806d64 00000000 00000000 00000000 00000000 nt!KiSystemService+0xc4


FOLLOWUP_IP:
nt!IopMountVolume+1b8
804ad824 8b89b0000000 mov ecx,[ecx+0xb0]

SYMBOL_STACK_INDEX: 0

FOLLOWUP_NAME: MachineOwner

SYMBOL_NAME: nt!IopMountVolume+1b8

MODULE_NAME: nt

IMAGE_NAME: ntoskrnl.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 42258bd8

STACK_COMMAND: .trap ffffffffbd8067cc ; kb

FAILURE_BUCKET_ID: 0x1E_nt!IopMountVolume+1b8

BUCKET_ID: 0x1E_nt!IopMountVolume+1b8

Followup: MachineOwner
---------

 

http://www.microsoft.com/resources/...Windows/XP/all/reskit/en-us/prmd_stp_oweb.asp

0xC0000005: STATUS_ACCESS_VIOLATION
A memory access violation occurred. Parameter 4 of the Stop error (which is Parameter 1 of the exception) is the address that the driver attempted to access


I would go with it being a highly probable likelyhood that you have a problem with the printer driver. Check for updates / patches.

You can check in device manager. Check each device and see which one under properties/ resources has a memory resource range which includes
804ad824

 

Probably it is faulty ram. Usually hardware error occurs at random pattern. Attach more debug report here hence I can confirm whether it is faulty ram or faulty m/b.

 

Thanks very much for the input. The bugcheck occurred again two days later with the exact same parameters, though I haven't run memory.dmp through windbg yet. Per Device Manager, the memory address falls within the PCI Bus. Since the second crash, I've uninstalled the PCL 6 drivers for the new printer (an HP 1320) and installed the PCL 5e drivers. I did this because the installed PCL 6 drivers were the latest version from HP, but the DLLs had dates of 1980(?). Very strange. All of this seems to have gotten cleaned up when I uninstalled the PCL 6 drivers and installed the PCL 5e drivers. I'll post the windbg output later today. Thanks again for the help.

 

OK, here's the windbg output:


Microsoft (R) Windows Debugger Version 6.5.0003.7
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Documents and Settings\csadmin\Desktop\MEMORY2.DMP]
Kernel Complete Dump File: Full address space is available

Symbol search path is: C:\WINNT\Symbols
Executable search path is: c:\winnt\system32
Windows 2000 Kernel Version 2195 (Service Pack 4) UP Free x86 compatible
Product: LanManNt, suite: SmallBusiness TerminalServer SmallBusinessRestricted SingleUserTS
Kernel base = 0x80400000 PsLoadedModuleList = 0x804814c0
Debug session time: Thu Sep 15 08:35:36.602 2005 (GMT-5)
System Uptime: 1 days 15:51:34.484
Loading Kernel Symbols
................................................................................................................
Loading unloaded module list
......
Loading User Symbols
................................................................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1E, {c0000005, 804ad824, 0, b0}

*** WARNING: symbols timestamp is wrong 0x4060ef9b 0x41e648e0 for ntdll.dll
Probably caused by : ntoskrnl.exe ( nt!IopMountVolume+1b8 )

Followup: MachineOwner
---------

kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 804ad824, The address that the exception occurred at
Arg3: 00000000, Parameter 0 of the exception
Arg4: 000000b0, Parameter 1 of the exception

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx ". The memory could not be "%s ".

FAULTING_IP:
nt!IopMountVolume+1b8
804ad824 8b89b0000000 mov ecx,[ecx+0xb0]

EXCEPTION_PARAMETER1: 00000000

EXCEPTION_PARAMETER2: 000000b0

READ_ADDRESS: 000000b0

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x1E

EXCEPTION_RECORD: bd78a778 -- (.exr ffffffffbd78a778)
ExceptionAddress: 804ad824 (nt!IopMountVolume+0x000001b8)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 000000b0
Attempt to read from address 000000b0

LAST_CONTROL_TRANSFER: from 8042891e to 804ad824

TRAP_FRAME: bd78a7cc -- (.trap ffffffffbd78a7cc)
ErrCode = 00000000
eax=89006ea8 ebx=8904dc64 ecx=00000000 edx=00000000 esi=88ff9bf0 edi=00000000
eip=804ad824 esp=bd78a840 ebp=bd78a87c iopl=0 nv up ei pl zr na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
nt!IopMountVolume+0x1b8:
804ad824 8b89b0000000 mov ecx,[ecx+0xb0] ds:0023:000000b0=????????
Resetting default scope

STACK_TEXT:
bd78a87c 8042891e 00000000 00000001 00000000 nt!IopMountVolume+0x1b8
bd78a8a4 804bf2d5 bd78ac34 88ff9bf0 bd78aa88 nt!IopCheckVpbMounted+0x30
bd78aa44 8045086f 88ff9bf0 00000000 bd78aafc nt!IopParseDevice+0x41b
bd78aabc 804d599e 00000000 89064b00 00000040 nt!ObpLookupObjectName+0x4c3
bd78abcc 8049f9f3 00000000 00000000 00000001 nt!ObOpenObjectByName+0xc6
bd78aca8 8049f598 049fe43c 80100080 049fe3d8 nt!IopCreateFile+0x409
bd78acf0 804a6fe0 049fe43c 80100080 049fe3d8 nt!IoCreateFile+0x38
bd78ad30 80464f84 049fe43c 80100080 049fe3d8 nt!NtCreateFile+0x30
bd78ad64 00000000 00000000 00000000 00000000 nt!KiSystemService+0xc4


FOLLOWUP_IP:
nt!IopMountVolume+1b8
804ad824 8b89b0000000 mov ecx,[ecx+0xb0]

SYMBOL_STACK_INDEX: 0

FOLLOWUP_NAME: MachineOwner

SYMBOL_NAME: nt!IopMountVolume+1b8

MODULE_NAME: nt

IMAGE_NAME: ntoskrnl.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 42258bd8

STACK_COMMAND: .trap ffffffffbd78a7cc ; kb

FAILURE_BUCKET_ID: 0x1E_nt!IopMountVolume+1b8

BUCKET_ID: 0x1E_nt!IopMountVolume+1b8

Followup: MachineOwner
---------

 

Good move. 5e, at least when I was dealing extensively with those drivers, was much more stable and less prone to wierdness than 6 and it sounds like that is still the case.

I still won't allow any PCL6 drivers on our print server. Haven't tried any for a while but 5e is doing great so why mess with success?

 

Thanks, but I have not been able to see any evidence in the two debug outputs that the printer drivers were the cause of the crashes. Having said that, I'm no expert on reading dumps. CPC2004 seems to think there's a hardware problem. I'm hopeful that the second dump will help pinpoint the root cause. Let me know if I need to provide any additional info. Thanks again to everyone who has provided suggestions.

 

Both dumps are exactly the same. You don't attach the module list and I have no idea what software are running at your windows. From your stack trace of the minidump, I believe that it is faulty ram. BTW what antivirus or firewall software are you using?

Do you get BSOD when you use the new printer? If not, your problem is not related to printer device driver.

 

Sorry about that - here's the module list. There's no software firewall, but we are running Symantec Anti-Virus corporate edition v8.00.9374. Though I can't be 100% that no one was trying to use the printer when the system crashed, I do know that users had successfully printed to it (with the original PCL 6 drivers) with no subsequent crash.


Rtvscan 00400000 004ac000 Tue Jul 30 10:40:43 2002 (3d46b37b) 00000000 Rtvscan.exe
ENUAMS 10000000 10007000 Thu Sep 20 18:35:43 2001 (3baa7d4f) 00000000 ENUAMS.LRC
amslib 50070000 50078000 Thu Sep 20 18:52:33 2001 (3baa8141) 00015d6a amslib.dll
CBA 501e0000 501e7000 Thu Sep 20 18:52:33 2001 (3baa8141) 0000753f CBA.DLL
MsgSys 50240000 5024a000 Thu Sep 20 18:52:33 2001 (3baa8141) 00012761 MsgSys.dll
NTS 50250000 50264000 Thu Sep 20 18:52:33 2001 (3baa8141) 0001bde1 NTS.dll
PDS 50270000 50282000 Thu Sep 20 18:52:33 2001 (3baa8141) 0001178d PDS.DLL
loc32vc0 51030000 51048000 Tue Jul 30 10:47:18 2002 (3d46b506) 000166a2 loc32vc0.dll
NAVAP32 51300000 5130d000 Tue Jul 30 10:47:20 2002 (3d46b508) 000192f6 NAVAP32.DLL
NAVAPI32 51370000 513a1000 Tue Jul 30 10:47:21 2002 (3d46b509) 000315d9 NAVAPI32.DLL
i2ldvp3 51480000 514cd000 Tue Jul 30 10:47:22 2002 (3d46b50a) 00057b4e i2ldvp3.dll
NAVLU 516a0000 516b1000 Tue Jul 30 10:47:23 2002 (3d46b50b) 0001482c NAVLU.dll
NAVNTUTL 51810000 5181d000 Sun Jul 14 01:46:41 2002 (3d311e51) 00018a63 NAVNTUTL.DLL
sfcfiles 68010000 68100000 Tue Mar 23 20:17:03 2004 (4060ef9f) 000ef07e sfcfiles.dll
PSAPI 690a0000 690ab000 Tue Nov 30 03:34:02 1999 (38439a0a) 0000953b PSAPI.DLL
NAVEX32a 69100000 691ad000 Mon Jul 25 17:29:39 2005 (42e567d3) 000aefb3 NAVEX32a.DLL
NAVENG32 692c0000 692dd000 Mon Jul 25 17:45:58 2005 (42e56ba6) 000298b3 NAVENG32.DLL
MFC42 6c370000 6c46b000 Thu Jun 19 21:44:04 2003 (3ef274f4) 0010441b MFC42.DLL
SHLWAPI 70a70000 70ad6000 Wed May 25 12:14:56 2005 (4294b290) 000671d5 SHLWAPI.dll
COMCTL32 71710000 71794000 Thu Aug 29 09:13:07 2002 (3d6e2bf3) 00088433 COMCTL32.dll
CTL3D32 72e90000 72ea1000 Tue Nov 30 03:31:45 1999 (38439981) 0001227f CTL3D32.dll
msafd 74fd0000 74fee000 Thu Jun 19 21:44:06 2003 (3ef274f6) 00028b31 msafd.dll
MSWSOCK 74ff0000 75002000 Thu Jun 19 21:44:08 2003 (3ef274f8) 0001b5b2 MSWSOCK.dll
wshtcpip 75010000 75017000 Thu Jun 19 21:44:22 2003 (3ef27506) 00006ff1 wshtcpip.dll
WS2HELP 75020000 75028000 Tue Nov 30 03:31:09 1999 (3843995d) 000087d1 WS2HELP.DLL
WS2_32 75030000 75044000 Thu Jun 19 21:44:22 2003 (3ef27506) 0001bd25 WS2_32.DLL
WSOCK32 75050000 75058000 Thu Jun 19 21:44:22 2003 (3ef27506) 0001491a WSOCK32.dll
SAMLIB 75150000 7515f000 Tue Mar 23 20:17:02 2004 (4060ef9e) 0000e52b SAMLIB.dll
NETAPI32 75170000 751bf000 Thu Jun 10 11:58:10 2004 (40c89322) 00056a00 NETAPI32.dll
NETRAP 751c0000 751c6000 Tue Nov 30 03:31:07 1999 (3843995b) 0000d1dd NETRAP.dll
LZ32 759b0000 759b6000 Thu Jun 19 21:43:46 2003 (3ef274e2) 0000d88b LZ32.DLL
MPR 76620000 76630000 Tue Mar 23 20:17:02 2004 (4060ef9e) 0001bb34 MPR.dll
SFC 76980000 7699b000 Thu Jun 19 21:43:44 2003 (3ef274e0) 000245e5 SFC.DLL
MPRAPI 77320000 77337000 Wed Dec 01 01:37:29 1999 (3844d039) 0001857f MPRAPI.DLL
iphlpapi 77340000 77353000 Thu Jun 19 21:43:42 2003 (3ef274de) 000120eb iphlpapi.dll
DHCPCSVC 77360000 77379000 Thu Jun 19 21:43:42 2003 (3ef274de) 00016fa9 DHCPCSVC.DLL
ADSLDPC 77380000 773a3000 Thu Jun 19 21:43:42 2003 (3ef274de) 0002a91d ADSLDPC.DLL
ACTIVEDS 773b0000 773df000 Thu Jun 19 21:43:42 2003 (3ef274de) 0003889d ACTIVEDS.DLL
RASMAN 774c0000 774d1000 Thu Jun 19 21:43:42 2003 (3ef274de) 0001bbc5 RASMAN.DLL
RASAPI32 774e0000 77513000 Thu Jun 19 21:43:42 2003 (3ef274de) 00035582 RASAPI32.DLL
ICMP 77520000 77525000 Wed Dec 01 01:37:29 1999 (3844d039) 0000f612 ICMP.DLL
TAPI32 77530000 77552000 Thu Jun 19 21:43:42 2003 (3ef274de) 0002e182 TAPI32.DLL
WINMM 77570000 775a0000 Wed Dec 01 01:37:28 1999 (3844d038) 0002e779 WINMM.dll
winrnr 777e0000 777e8000 Wed Dec 01 01:37:27 1999 (3844d037) 00007cba winrnr.dll
rasadhlp 777f0000 777f5000 Wed Dec 01 01:37:27 1999 (3844d037) 0000c7e6 rasadhlp.dll
VERSION 77820000 77827000 Thu Jun 19 21:43:41 2003 (3ef274dd) 0000ac19 VERSION.dll
RTUTILS 77830000 7783e000 Wed Dec 01 01:37:27 1999 (3844d037) 000141c2 RTUTILS.DLL
SETUPAPI 77880000 7790e000 Thu Jun 19 21:43:41 2003 (3ef274dd) 0009170d SETUPAPI.DLL
WLDAP32 77950000 7797a000 Thu Jun 19 21:43:41 2003 (3ef274dd) 00029096 WLDAP32.DLL
DNSAPI 77980000 779a4000 Tue Mar 23 20:17:00 2004 (4060ef9c) 00026232 DNSAPI.DLL
OLEAUT32 779b0000 77a4b000 Thu Jun 19 21:43:41 2003 (3ef274dd) 000a2046 OLEAUT32.DLL
ole32 77a50000 77b3f000 Mon Jan 17 22:47:38 2005 (41ec94ea) 000f93f5 ole32.dll
NTDSAPI 77bf0000 77c01000 Thu Jun 19 21:43:41 2003 (3ef274dd) 00014d53 NTDSAPI.dll
RPCRT4 77d30000 77da1000 Thu Mar 11 15:29:21 2004 (4050da31) 0007a502 RPCRT4.DLL
USER32 77e10000 77e6f000 Sat Mar 12 01:54:53 2005 (4232a04d) 00067a8b USER32.DLL
GDI32 77f40000 77f7b000 Thu Jun 17 18:05:28 2004 (40d223b8) 0003916f GDI32.dll
ntdll 77f80000 77ffd000 Tue Mar 23 20:16:59 2004 (4060ef9b) 00084fc3 PDB C:\WINNT\Symbols\dll\ntdll.pdb
MSVCRT 78000000 78045000 Tue Mar 11 12:55:17 2003 (3e6e3115) 000542ab MSVCRT.DLL
rnr20 782c0000 782cc000 Thu Jun 19 21:43:41 2003 (3ef274dd) 0001130a rnr20.dll
SHELL32 782f0000 78535000 Fri Mar 04 00:57:01 2005 (422806bd) 0024d6f2 SHELL32.dll
USERENV 7c0f0000 7c151000 Tue Aug 05 17:14:10 2003 (3f302c32) 0006bf23 USERENV.dll
ADVAPI32 7c2d0000 7c332000 Tue Mar 23 20:17:00 2004 (4060ef9c) 00065c7c ADVAPI32.DLL
Secur32 7c340000 7c34f000 Thu Jun 19 21:43:41 2003 (3ef274dd) 00017835 Secur32.dll
KERNEL32 7c570000 7c623000 Thu Jun 17 18:05:28 2004 (40d223b8) 000b635c KERNEL32.DLL
hal 80062000 80076100 Thu Mar 20 20:04:40 2003 (3e7a7338) 0001d83a halaacpi.dll
nt 80400000 8059cb80 Wed Mar 02 03:48:08 2005 (42258bd8) 001ac2ae PDB C:\WINNT\Symbols\exe\ntoskrnl.pdb
win32k a0000000 a018ee40 Fri Feb 18 18:28:34 2005 (42168832) 00199781 win32k.sys
atidrab a018f000 a01aff00 Tue Nov 30 03:31:17 1999 (38439965) 0002c899 atidrab.dll
NAVENG bca35000 bca46980 Mon Jul 25 17:14:25 2005 (42e56441) 0002200d NAVENG.sys
NAVEX15 bca47000 bcae8260 Mon Jul 25 17:31:29 2005 (42e56841) 000abf22 NAVEX15.sys
<Unloaded> bd589000 bd59b000 Wed Dec 31 18:00:00 1969 (00000000) 00000000 None NAVENG.sys
<Unloaded> bd59b000 bd63d000 Wed Dec 31 18:00:00 1969 (00000000) 00000000 None NAVEX15.sys
NAVAP bd6dd000 bd71a000 Wed Jun 19 19:57:11 2002 (3d112867) 00037806 NAVAP.sys
RDPWD bd742000 bd757f20 Fri Jun 17 01:41:40 2005 (42b270a4) 000241ae RDPWD.SYS
SYMEVENT bd758000 bd76ac20 Wed Aug 06 20:32:39 2003 (3f31ac37) 0001e027 SYMEVENT.SYS
ipsec bdabc000 bdacba20 Tue Apr 29 18:04:59 2003 (3eaf051b) 00013ac5 ipsec.sys
Fastfat be1c5000 be1e73c0 Wed Jan 15 13:48:39 2003 (3e25bb17) 0002c763 Fastfat.SYS
termdd be688000 be690a60 Fri Mar 21 15:43:08 2003 (3e7b876c) 0000991e termdd.sys
Cdfs be734000 be742fe0 Tue Apr 15 22:58:53 2003 (3e9cd4fd) 000164f2 Cdfs.SYS
NAVAPEL be7b0000 be7c1000 Wed Jun 19 19:57:14 2002 (3d11286a) 0000e7c4 NAVAPEL.SYS
spud be945000 be947f20 Fri Nov 19 17:36:27 1999 (3835defb) 000036a0 spud.sys
ipfltdrv beb49000 beb51560 Sat Oct 30 17:35:58 1999 (381b72ce) 00015f29 ipfltdrv.sys
Aspi32 becc1000 becc4ba0 Wed Mar 04 08:53:26 1998 (34fd6ae6) 000068a3 Aspi32.SYS
srv bedb9000 bedf3440 Tue May 03 03:10:42 2005 (42773202) 00041170 srv.sys
Fips beeec000 beef4240 Tue May 09 10:28:29 2000 (39182e9d) 0001050b Fips.SYS
afd bef5c000 bef794a0 Wed Apr 30 03:45:29 2003 (3eaf8d29) 000202d1 afd.sys
exifs befb4000 befe74a0 Tue Jul 15 14:51:06 2003 (3f145b2a) 000383d6 exifs.sys
ndisuio bf02c000 bf02edc0 Wed Jan 15 13:55:21 2003 (3e25bca9) 00002f3b ndisuio.sys
mrxsmb bf982000 bf9e6ca0 Thu Jan 20 01:25:21 2005 (41ef5ce1) 000724a9 mrxsmb.sys
rdbss bf9f9000 bfa22900 Thu Dec 02 21:37:11 2004 (41afdf67) 00035f2b rdbss.sys
sysmgmt bfa23000 bfa391e0 Mon Aug 14 14:27:42 2000 (3998482e) 0001fae6 sysmgmt.sys
netbt bfa3a000 bfa61e00 Wed Jul 16 14:44:26 2003 (3f15ab1a) 00035c6b netbt.sys
tcpip bfa62000 bfab01a0 Thu May 12 05:24:58 2005 (42832efa) 00057b5d tcpip.sys
update bfb23000 bfb4d3a0 Tue Apr 15 23:22:01 2003 (3e9cda69) 0002dba5 update.sys
ks bfb4e000 bfb6dd00 Wed Dec 04 11:09:38 2002 (3dee36d2) 00022f68 ks.sys
dump_diskdump bfb6e000 bfb716c0 Tue Feb 25 13:18:04 2003 (3e5bc16c) 0000a0a3 dump_diskdump.sys
rdpdr bfba8000 bfbcb060 Fri Mar 21 15:43:14 2003 (3e7b8772) 00024c7a rdpdr.sys
TDTCP bfbe4000 bfbe88c0 Fri Mar 21 15:43:08 2003 (3e7b876c) 0000c6bb TDTCP.SYS
ndiswan bfcbc000 bfcd2ba0 Tue Apr 29 18:05:01 2003 (3eaf051d) 00017941 ndiswan.sys
USBPORT bfcd3000 bfcf4b20 Mon Mar 10 09:47:39 2003 (3e6cb39b) 000264c6 USBPORT.SYS
<Unloaded> bfcf5000 bfcf8000 Wed Dec 31 18:00:00 1969 (00000000) 00000000 None scsichng.sys
vga bfd01000 bfd04580 Sat Sep 25 13:37:40 1999 (37ed1674) 0001047d vga.sys
<Unloaded> bfd09000 bfd0c000 Wed Dec 31 18:00:00 1969 (00000000) 00000000 None Sfloppy.SYS
cpqasm bfd1d000 bfd601e0 Mon Aug 14 14:28:54 2000 (39984876) 0004acf5 cpqasm.sys
atimpab bfd61000 bfd726c0 Wed Nov 10 17:34:06 1999 (382a00ee) 0001af66 atimpab.sys
n100nt5 bfd73000 bfd88600 Mon Oct 25 12:06:43 1999 (38148e23) 00024509 n100nt5.sys
dump_cpqcissm bfded000 bfdf0d20 Wed Nov 12 15:22:15 2003 (3fb2a487) 00014538 dump_cpqcissm.sys
TDI bfe05000 bfe08e60 Wed Jan 15 13:56:26 2003 (3e25bcea) 0000e55e TDI.SYS
ndistapi bfe15000 bfe172e0 Wed Jan 15 13:54:15 2003 (3e25bc67) 00009eb1 ndistapi.sys
Mup bfe39000 bfe4e640 Wed Jan 15 13:54:01 2003 (3e25bc59) 00022337 Mup.sys
NDIS bfe4f000 bfe78aa0 Tue Apr 29 18:05:01 2003 (3eaf051d) 00036f8f NDIS.sys
Ntfs bfe79000 bfef6800 Wed Jun 04 17:11:33 2003 (3ede6e95) 000852ec Ntfs.sys
revfs bfef7000 bff36400 Mon Aug 23 15:44:02 2004 (412a5712) 0004dbd8 revfs.sys
KSecDD bff37000 bff487c0 Sat Sep 20 19:32:19 2003 (3f6cf193) 00016be3 KSecDD.sys
Dfs bff49000 bff5b1c0 Tue Feb 11 20:19:06 2003 (3e49af1a) 000132d9 Dfs.sys
drvmcdb bff5c000 bff6fa20 Sat Aug 24 03:00:07 2002 (3d673d07) 0001973a drvmcdb.sys
atapi bff70000 bff85180 Tue Apr 01 12:08:25 2003 (3e89d599) 0001df44 atapi.sys
SCSIPORT bff86000 bff980c0 Fri May 16 20:11:02 2003 (3ec58c26) 00018825 SCSIPORT.SYS
dmio bff99000 bffba9c0 Wed Jan 15 13:47:04 2003 (3e25bab8) 00027e97 dmio.sys
ftdisk bffbb000 bffd7220 Mon Mar 31 16:21:58 2003 (3e88bf86) 0001f7e3 ftdisk.sys
ACPI bffd8000 bffffc20 Wed Jan 15 13:44:22 2003 (3e25ba16) 00029306 ACPI.sys
pci f6400000 f640e6a0 Wed Jan 15 13:44:07 2003 (3e25ba07) 000143a0 pci.sys
isapnp f6410000 f641b680 Wed Jan 15 13:43:47 2003 (3e25b9f3) 00016ffa isapnp.sys
cpq32fs2 f6420000 f642fae0 Wed Aug 16 15:38:43 2000 (399afbd3) 000163d1 cpq32fs2.sys
aic78xx f6430000 f643dd00 Wed Oct 06 19:06:14 1999 (37fbe3f6) 0000e05d aic78xx.sys
adpu160m f6440000 f644faa0 Wed Jan 15 13:42:27 2003 (3e25b9a3) 0001a656 adpu160m.sys
CLASSPNP f6450000 f6458700 Wed Jan 15 13:42:51 2003 (3e25b9bb) 0000e6f3 CLASSPNP.SYS
VIDEOPRT f6480000 f648c4c0 Wed Jan 15 13:47:20 2003 (3e25bac8) 0000cc26 VIDEOPRT.SYS
i8042prt f6540000 f654b680 Tue Apr 15 23:00:59 2003 (3e9cd57b) 00015fe7 i8042prt.sys
serial f6550000 f655f400 Tue Apr 15 23:19:39 2003 (3e9cd9db) 00014256 serial.sys
rasl2tp f6560000 f656ca80 Tue Apr 29 18:05:06 2003 (3eaf0522) 00018f32 rasl2tp.sys
raspptp f6570000 f657bc40 Wed May 14 18:47:00 2003 (3ec2d574) 0000d074 raspptp.sys
psched f6580000 f658eb40 Wed Jan 15 13:54:28 2003 (3e25bc74) 00015a63 psched.sys
msgpc f6590000 f6598680 Wed Jan 15 13:54:25 2003 (3e25bc71) 000129d7 msgpc.sys
parallel f65a0000 f65aea20 Wed Jan 15 13:47:14 2003 (3e25bac2) 00016afd parallel.sys
usbhub f65b0000 f65b9be0 Tue Mar 18 17:30:41 2003 (3e77ac21) 000174fa usbhub.sys
usbhub20 f65c0000 f65cc160 Wed Jan 15 13:45:59 2003 (3e25ba77) 0001ad87 usbhub20.sys
NDProxy f65f0000 f65f9ce0 Thu Sep 30 18:25:35 1999 (37f3f16f) 000121c3 NDProxy.SYS
Npfs f6600000 f6608fa0 Sat Oct 09 18:58:07 1999 (37ffd68f) 00017e60 Npfs.SYS
netbios f6610000 f66181a0 Tue Oct 12 14:34:19 1999 (38038d3b) 0000b5c1 netbios.sys
<Unloaded> f6620000 f6629000 Wed Dec 31 18:00:00 1969 (00000000) 00000000 None redbook.sys
PCIIDEX f6680000 f6685520 Tue Feb 25 12:31:08 2003 (3e5bb66c) 0000de43 PCIIDEX.SYS
MountMgr f6688000 f668f4c0 Tue Feb 10 13:47:53 2004 (40293569) 00014085 MountMgr.sys
symc8xx f6690000 f6696320 Fri Mar 30 11:01:54 2001 (3ac4bc02) 0000b5f5 symc8xx.sys
sym_hi f6698000 f669d180 Sat Sep 25 14:11:49 1999 (37ed1e75) 00009af8 sym_hi.sys
disk f66a0000 f66a7720 Wed Jan 15 13:43:05 2003 (3e25b9c9) 0000c312 disk.sys
kbdclass f66a8000 f66adec0 Thu Feb 20 10:37:30 2003 (3e55044a) 00012871 kbdclass.sys
parport f66b8000 f66be100 Wed Jan 15 13:47:13 2003 (3e25bac1) 00012781 parport.sys
fdc f66d0000 f66d7000 Unavailable ffffffff fdc.sys
cdrom f66e0000 f66e6c40 Wed Jan 15 13:43:04 2003 (3e25b9c8) 00014678 cdrom.sys
wanarp f66e8000 f66efd00 Fri Aug 16 07:25:01 2002 (3d5cef1d) 00016ee6 wanarp.sys
EFS f6708000 f670ea20 Wed Jan 15 13:46:55 2003 (3e25baaf) 00012fd0 EFS.SYS
ptilink f6718000 f671c400 Wed Jan 15 13:47:15 2003 (3e25bac3) 000098f4 ptilink.sys
raspti f6728000 f672c0e0 Fri Oct 08 15:45:10 1999 (37fe57d6) 0000fed0 raspti.sys
openhci f6758000 f675dfc0 Fri Feb 28 18:28:59 2003 (3e5ffecb) 0000fcfc openhci.sys
flpydisk f6760000 f6764a60 Wed Jan 15 13:42:52 2003 (3e25b9bc) 00011a88 flpydisk.sys
USBD f6770000 f6774fc0 Wed Jan 22 11:05:33 2003 (3e2ecf5d) 0000d0d3 USBD.SYS
<Unloaded> f6778000 f677d000 Wed Dec 31 18:00:00 1969 (00000000) 00000000 None Cdaudio.SYS
usbehci f6780000 f6784c00 Mon May 05 15:50:04 2003 (3eb6ce7c) 00005843 usbehci.sys
mouclass f6790000 f6795400 Thu Feb 20 10:37:45 2003 (3e550459) 00008454 mouclass.sys
Msfs f6798000 f679d240 Tue Oct 26 18:21:32 1999 (3816377c) 0000e5fa Msfs.SYS
BOOTVID f6810000 f6812a20 Wed Nov 03 19:24:33 1999 (3820e051) 0000d8a2 BOOTVID.dll
PartMgr f6814000 f6816d00 Wed Jan 15 13:43:07 2003 (3e25b9cb) 000057c1 PartMgr.sys
cpqarray f6818000 f681a9e0 Wed Jan 15 13:42:35 2003 (3e25b9ab) 00009529 cpqarray.sys
symc810 f681c000 f681ffe0 Sat Sep 25 14:11:49 1999 (37ed1e75) 00013797 symc810.sys
cpqarry2 f6820000 f6823360 Fri Oct 01 18:47:57 1999 (37f5482d) 0000fd68 cpqarry2.sys
cpqcissm f6824000 f6827d20 Wed Nov 12 15:22:15 2003 (3fb2a487) 00014538 cpqcissm.sys
imdrvfsf f6828000 f682b9e0 Tue Jul 13 12:26:02 2004 (40f41b2a) 000060f1 imdrvfsf.sys
serenum f68b8000 f68bb640 Wed Jan 15 13:47:01 2003 (3e25bab5) 00007ec0 serenum.sys
TAPE f68c0000 f68c29a0 Wed Jan 15 13:43:11 2003 (3e25b9cf) 0001256a TAPE.SYS
Diskperf f6900000 f6901d20 Wed Feb 12 15:34:38 2003 (3e4abdee) 000030d5 Diskperf.sys
dmload f6902000 f6904000 Unavailable ffffffff dmload.sys
hplto f6914000 f6915400 Wed Jan 08 15:33:59 2003 (3e1c9947) 0001050b hplto.sys
Fs_Rec f6926000 f6927ca0 Wed Jan 15 13:53:30 2003 (3e25bc3a) 000034b4 Fs_Rec.SYS
rasacd f692e000 f692fe40 Sat Sep 25 13:41:23 1999 (37ed1753) 0000f369 rasacd.sys
ParVdm f693e000 f6940000 Unavailable ffffffff ParVdm.SYS
WMILIB f69c8000 f69c8f80 Sat Sep 25 13:36:47 1999 (37ed163f) 00008bfd WMILIB.SYS
pciide f69c9000 f69c9b00 Wed Jan 15 13:43:03 2003 (3e25b9c7) 00006354 pciide.sys
audstub f69ef000 f69efa40 Sat Sep 25 13:35:33 1999 (37ed15f5) 00008ef7 audstub.sys
swenum f69fd000 f69fe000 Wed Dec 04 11:10:07 2002 (3dee36ef) 0000b910 swenum.sys
Null f6a12000 f6a13000 Unavailable ffffffff Null.SYS
Beep f6a14000 f6a14ee0 Wed Oct 20 17:18:59 1999 (380e3fd3) 0000c54f Beep.SYS
mnmdd f6a17000 f6a17f80 Sat Sep 25 13:37:40 1999 (37ed1674) 0000f6c2 mnmdd.SYS

 

issue windbg subcmd !process to display the running process name

 

Here it is...

kd> !process
PROCESS 88880ae0 SessionId: 0 Cid: 06fc Peb: 7ffdf000 ParentCid: 0134
DirBase: 41390000 ObjectTable: 88895268 TableSize: 370.
Image: Rtvscan.exe
VadRoot 8868cae8 Clone 0 Private 3051. Modified 20480. Locked 3.
DeviceMap 89064d48
Token e30e0650
ElapsedTime 15:49:35.0461
UserTime 0:01:28.0703
KernelTime 0:05:08.0109
QuotaPoolUsage[PagedPool] 37820
QuotaPoolUsage[NonPagedPool] 13248
Working Set Sizes (now,min,max) (4101, 50, 345) (16404KB, 200KB, 1380KB)
PeakWorkingSetSize 4215
VirtualSize 92 Mb
PeakVirtualSize 95 Mb
PageFaultCount 848154
MemoryPriority BACKGROUND
BasePriority 8
CommitCharge 3408

THREAD 88880780 Cid 6fc.6f8 Teb: 7ffde000 Win32Thread: a2129128 WAIT: (Executive) UserMode Non-Alertable
888804e4 NotificationEvent

THREAD 88875460 Cid 6fc.708 Teb: 7ffdd000 Win32Thread: a212b508 WAIT: (UserRequest) UserMode Non-Alertable
88873ec0 NotificationEvent

THREAD 888589c0 Cid 6fc.7bc Teb: 7ffdb000 Win32Thread: 00000000 WAIT: (UserRequest) UserMode Non-Alertable
88859360 SynchronizationEvent
88859320 SynchronizationEvent
888588c0 SynchronizationEvent
88855b20 SynchronizationEvent

THREAD 888555e0 Cid 6fc.7a0 Teb: 7ffda000 Win32Thread: 00000000 WAIT: (UserRequest) UserMode Alertable
888558e0 NotificationEvent
888556c8 NotificationTimer

THREAD 88854020 Cid 6fc.7d4 Teb: 7ffd9000 Win32Thread: 00000000 WAIT: (UserRequest) UserMode Non-Alertable
88855590 Semaphore Limit 0x10
88854108 NotificationTimer

THREAD 88792a60 Cid 6fc.9e0 Teb: 7ffd7000 Win32Thread: 00000000 WAIT: (DelayExecution) UserMode Non-Alertable
88792b48 NotificationTimer

THREAD 8878ca80 Cid 6fc.9d4 Teb: 7ffd6000 Win32Thread: 00000000 WAIT: (DelayExecution) UserMode Non-Alertable
8878cb68 NotificationTimer

THREAD 8878dda0 Cid 6fc.a0c Teb: 7ffd5000 Win32Thread: 00000000 WAIT: (DelayExecution) UserMode Non-Alertable
8878de88 NotificationTimer

THREAD 8877eda0 Cid 6fc.a1c Teb: 7ffd4000 Win32Thread: 00000000 WAIT: (DelayExecution) UserMode Non-Alertable
8877ee88 NotificationTimer

THREAD 887829a0 Cid 6fc.a28 Teb: 7ffaf000 Win32Thread: 00000000 WAIT: (DelayExecution) UserMode Non-Alertable
88782a88 NotificationTimer

THREAD 88779d60 Cid 6fc.a2c Teb: 7ffad000 Win32Thread: 00000000 WAIT: (UserRequest) UserMode Non-Alertable
8877f5b0 NotificationEvent
88779e48 NotificationTimer

THREAD 88778da0 Cid 6fc.a30 Teb: 7ffac000 Win32Thread: a213d768 WAIT: (WrUserRequest) UserMode Non-Alertable
8877f780 SynchronizationEvent

THREAD 88778b20 Cid 6fc.a34 Teb: 7ffab000 Win32Thread: a213e008 WAIT: (WrUserRequest) UserMode Non-Alertable
88887660 SynchronizationEvent

THREAD 88777da0 Cid 6fc.a38 Teb: 7ffaa000 Win32Thread: a213eda8 WAIT: (WrUserRequest) UserMode Non-Alertable
888875e0 SynchronizationEvent

THREAD 88777b20 Cid 6fc.a3c Teb: 7ffa9000 Win32Thread: 00000000 WAIT: (UserRequest) UserMode Non-Alertable
889c5ba0 NotificationEvent
8879a470 NotificationEvent
8879a690 NotificationEvent

THREAD 887778a0 Cid 6fc.a40 Teb: 7ffa8000 Win32Thread: 00000000 WAIT: (UserRequest) UserMode Non-Alertable
88873ec0 NotificationEvent
88791320 SynchronizationEvent
887912e0 SynchronizationEvent
88795800 SynchronizationEvent
887957c0 SynchronizationEvent
88795780 SynchronizationEvent
88795740 SynchronizationEvent
8879cfe0 SynchronizationEvent
8879cfa0 SynchronizationEvent
8879cf60 SynchronizationEvent
8879cf20 SynchronizationEvent

THREAD 88777620 Cid 6fc.a44 Teb: 7ffa7000 Win32Thread: 00000000 WAIT: (UserRequest) UserMode Non-Alertable
887960e0 SynchronizationEvent
887960a0 NotificationEvent

THREAD 88791020 Cid 6fc.a48 Teb: 7ffa6000 Win32Thread: 00000000 WAIT: (DelayExecution) UserMode Non-Alertable
88791108 NotificationTimer

THREAD 88791da0 Cid 6fc.a4c Teb: 7ffa5000 Win32Thread: 00000000 WAIT: (DelayExecution) UserMode Non-Alertable
88791e88 NotificationTimer

THREAD 88791b20 Cid 6fc.a50 Teb: 7ffa4000 Win32Thread: 00000000 WAIT: (Executive) UserMode Alertable
88849488 SynchronizationEvent

THREAD 887918a0 Cid 6fc.a54 Teb: 7ffa3000 Win32Thread: 00000000 WAIT: (Executive) UserMode Alertable
88776c48 SynchronizationEvent

THREAD 88776da0 Cid 6fc.9e8 Teb: 7ffa2000 Win32Thread: 00000000 WAIT: (UserRequest) UserMode Non-Alertable
88783520 Semaphore Limit 0x1
88776e88 NotificationTimer

THREAD 88791620 Cid 6fc.a5c Teb: 7ffa1000 Win32Thread: 00000000 WAIT: (UserRequest) UserMode Non-Alertable
88783520 Semaphore Limit 0x1
88791708 NotificationTimer

THREAD 8879e020 Cid 6fc.a60 Teb: 7ffa0000 Win32Thread: 00000000 WAIT: (UserRequest) UserMode Non-Alertable
88783520 Semaphore Limit 0x1
8879e108 NotificationTimer

THREAD 88781da0 Cid 6fc.a64 Teb: 7ff9f000 Win32Thread: 00000000 WAIT: (UserRequest) UserMode Non-Alertable
887775e0 SynchronizationEvent
887a1ca4 NotificationEvent
88781e88 NotificationTimer

THREAD 886a0980 Cid 6fc.af0 Teb: 7ff9e000 Win32Thread: 00000000 WAIT: (DelayExecution) UserMode Non-Alertable
886a0a68 NotificationTimer

THREAD 8867ba80 Cid 6fc.cf8 Teb: 7ffdc000 Win32Thread: a21b49e8 WAIT: (UserRequest) UserMode Non-Alertable
8867bd60 Semaphore Limit 0x64
8867f860 SynchronizationEvent

THREAD 8867b7c0 Cid 6fc.cfc Teb: 7ff9c000 Win32Thread: a21b4788 WAIT: (UserRequest) UserMode Non-Alertable
8867bdb0 Semaphore Limit 0x1
8867f820 SynchronizationEvent

THREAD 88661020 Cid 6fc.d00 Teb: 7ff9b000 Win32Thread: a2279ea8 WAIT: (UserRequest) UserMode Non-Alertable
8867b140 Semaphore Limit 0x1
88661108 NotificationTimer

THREAD 8865bc60 Cid 6fc.d10 Teb: 7ffae000 Win32Thread: 00000000 WAIT: (Executive) UserMode Alertable
88638168 SynchronizationEvent

THREAD 8844f120 Cid 6fc.1258 Teb: 7ff9a000 Win32Thread: 00000000 WAIT: (Executive) KernelMode Non-Alertable
bd714b8c Semaphore Limit 0x7fffffff

THREAD 8841a980 Cid 6fc.1290 Teb: 7ff99000 Win32Thread: 00000000 WAIT: (UserRequest) UserMode Alertable
88503860 SynchronizationEvent
88503820 SynchronizationEvent

THREAD 88410da0 Cid 6fc.1294 Teb: 7ff98000 Win32Thread: 00000000 WAIT: (DelayExecution) UserMode Non-Alertable
88410e88 NotificationTimer

THREAD 88410b20 Cid 6fc.1298 Teb: 7ff97000 Win32Thread: 00000000 WAIT: (Executive) UserMode Alertable
88792ce8 SynchronizationEvent

THREAD 884108a0 Cid 6fc.129c Teb: 7ff96000 Win32Thread: a213b248 WAIT: (UserRequest) UserMode Non-Alertable
88792860 NotificationEvent

THREAD 8840a020 Cid 6fc.12a0 Teb: 7ff95000 Win32Thread: 00000000 RUNNING

THREAD 8840ada0 Cid 6fc.12a4 Teb: 7ff94000 Win32Thread: 00000000 WAIT: (UserRequest) UserMode Non-Alertable
88792860 NotificationEvent

THREAD 8840ab20 Cid 6fc.12a8 Teb: 7ff93000 Win32Thread: 00000000 WAIT: (UserRequest) UserMode Non-Alertable
88792860 NotificationEvent

THREAD 8840a8a0 Cid 6fc.12ac Teb: 7ff92000 Win32Thread: 00000000 WAIT: (UserRequest) UserMode Non-Alertable
88792860 NotificationEvent

THREAD 8840a5e0 Cid 6fc.12b0 Teb: 7ff91000 Win32Thread: 00000000 WAIT: (UserRequest) UserMode Non-Alertable
88792860 NotificationEvent

THREAD 8840a320 Cid 6fc.12b4 Teb: 7ff90000 Win32Thread: 00000000 WAIT: (UserRequest) UserMode Non-Alertable
88792860 NotificationEvent

THREAD 88409020 Cid 6fc.12b8 Teb: 7ff8f000 Win32Thread: 00000000 WAIT: (UserRequest) UserMode Non-Alertable
88792860 NotificationEvent

THREAD 88409d60 Cid 6fc.12bc Teb: 7ff8e000 Win32Thread: 00000000 WAIT: (UserRequest) UserMode Non-Alertable
88792860 NotificationEvent

THREAD 88409aa0 Cid 6fc.12c0 Teb: 7ff8d000 Win32Thread: 00000000 WAIT: (UserRequest) UserMode Non-Alertable
88792860 NotificationEvent

 

Suggestion
1) Rtvscan.exe is Norton Real Time Scan. Try chkdsk /r.
2) The following module is three years behind, you had better upgrade the following modules.
Rtvscan 00400000 004ac000 Tue Jul 30 10:40:43 2002 (3d46b37b) 00000000 Rtvscan.exe
NAVAP32 51300000 5130d000 Tue Jul 30 10:47:20 2002 (3d46b508) 000192f6 NAVAP32.DLL
NAVAPI32 51370000 513a1000 Tue Jul 30 10:47:21 2002 (3d46b509) 000315d9 NAVAPI32.DLL
i2ldvp3 51480000 514cd000 Tue Jul 30 10:47:22 2002 (3d46b50a) 00057b4e i2ldvp3.dll
NAVLU 516a0000 516b1000 Tue Jul 30 10:47:23 2002 (3d46b50b) 0001482c NAVLU.dll
NAVNTUTL 51810000 5181d000 Sun Jul 14 01:46:41 2002 (3d311e51) 00018a63 NAVNTUTL.DLL

 

Thanks again for your time and help. What does !process tell you - the process that was active when the crash occurred? What's the connection with Real-Time Scan and running chkdsk? Is the thought process that RTS ran into a problem reading the disk and threw an exception? In other words, a disk problem was the potential root cause rather than RTS? Or am I completely off base here?

 

!process display the current process when the BSOD occurs.
kd> !process
PROCESS 88880ae0 SessionId: 0 Cid: 06fc Peb: 7ffdf000 ParentCid: 0134
DirBase: 41390000 ObjectTable: 88895268 TableSize: 370.
Image: Rtvscan.exe <---- name of active image

You have two BSOD and the symptom is exactly the same. I believe BSOD occurs when rtvscan.exe is running. If the hard disk has some broken chain, your windows will crash. Run chkdsk /r may fix your problem.

 

Got it. Thanks again.

 

Do you have any update of the problem?