Blue Screen of Death caused by ntkrpamp.exe

I have been getting the blue screen and memory dump. I ran the debugger and it showed that the probable cause was ntkrpamp.exe. When I found that on my machine it looks like it might be a sp2 file. The only two things that I
have installed recently are a trial of Microsoft expressions web and harry potter and the order of the phoenix game. Of course, regular updates have been automatically installed. I will include what I got when I debugged. I would really appreciate any help Here is what I got when I ran the debugger: Microsoft (R) Windows Debugger Version 6.7.0005.1 Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\websymbols\Mini071207-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is:
SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_gdr.070227-2254
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055c700
Debug session time: Thu Aug 25 16:33:46.687 2008 (GMT-5)
System Uptime: 0 days 9:43:32.405
Loading Kernel Symbols
.................................................................................................... ....................................................................................................
Loading User Symbols
Loading unloaded module list
.................
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000000A, {0, 1c, 1, 804faee4}

Probably caused by : ntkrpamp.exe ( nt!KeWaitForSingleObject+186 )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 00000000, memory referenced
Arg2: 0000001c, IRQL
Arg3: 00000001, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: 804faee4, address which referenced memory

Debugging Details:
------------------


WRITE_ADDRESS: 00000000

CURRENT_IRQL: 1c

FAULTING_IP:
nt!KeWaitForSingleObject+186
804faee4 8939 mov dword ptr [ecx],edi

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0xA

PROCESS_NAME: System

LAST_CONTROL_TRANSFER: from 806e496b to 804faee4

STACK_TEXT:
f793dcd4 806e496b 00000000 00000000 00000000 nt!KeWaitForSingleObject+0x186
f793dcf4 804ed874 8578ef58 855f1e84 8578ef50 hal!ExAcquireFastMutex+0x2b
f793dd08 f72cf808 e5bfaeb8 855f1c28 e5bfaeb8
nt!FsRtlRemovePerStreamContext+0x1e
f793dd34 f72d0d56 855f1c28 86b3c1a8 8526a818
fltmgr!FltpDeleteAllStreamListCtrls+0x62
f793dd50 f72c35f7 855f1cac 00000008 86b3c1a8 fltmgr!FltpFreeVolume+0xa4
f793dd68 f72c734e 8526a818 00000008 8056375c
fltmgr!FltpCleanupDeviceObject+0x61
f793dd7c 805379bd 86b3c1a8 00000000 871c1b30
fltmgr!FltpFastIoDetachDeviceWorker+0x14
f793ddac 805ce84c 86b3c1a8 00000000 00000000 nt!ExpWorkerThread+0xef
f793dddc 8054532e 805378ce 00000001 00000000 nt!PspSystemThreadStartup+0x34
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!KeWaitForSingleObject+186
804faee4 8939 mov dword ptr [ecx],edi

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: nt!KeWaitForSingleObject+186

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntkrpamp.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 45e53f9d

.

Have you tried a system restore?

Check this for the no. of errors

0x24 (Twice) - Probable Cause "Ntfs.sys" - Normally problems associated with the HDD and also Anti-Virus software since you have already done the first steps i would have suggested for this error, next try disabling your Anti-Virus Software and Firewall, use the Windows Firewall as a temporary measure.
Note: The MiniDumps Indicate some sort of error accessing data at a certain address the same on both.

0x1E - Probable Cause "win32k.sys" - Normally caused by Invalid Memory or access violations - probably caused by hardware, since you have tested the RAM check your CPU (L2 Cache) by running Prime95. This will detect a error in minutes if any.

0xA - Probable Cause "win32k.sys" - Most common causes can be bad device drivers but also can be caused by Incompatible Hardware and Software.

0x50 - Probable Cause "ntkrpamp.exe" - Normally caused by Defective Memory (L2 Cache, RAM, Video RAM) or Incompatible Software including Anti-Virus software.

0x1A - Probable Cause "ntkrpamp.exe" - Very similar error to 0x50 - The Minidump indicates a process called "SBCSSvc.exe" which is associated with something called CounterSpy i think from a Google search.

Which i guess is your Anti-Spyware i would suggest removing this because other process names include sidebar.exe and logon.scr which me guessing would mean some software at start-up or drivers are causing the system to crash so try to remove all software i suggested and also try cleaning your third party drivers out and reinstalling them fresh (Latest ones if possible). You will find all your device drivers at your manufacturers website

Use this to clean your Drivers out - http://downloads.guru3d.com/download...2171476965c5ed

Simply tick the box "multiple cleaning filters" and go down the list adding all your third party drivers manufacturers.

I have the same problem .. but I think it's not the same reason .. I always get the same Bugcheck Analysis .. Any Suggetsions? .. here's the debug results:
========================================================

Note: That always happens when refreshing IE while working on some .net application using MS VS.NET .. I'm using Kaspersky KIS and Zone Alarm at the same time.

Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini090109-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_rtm.040803-2158
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055c700
Debug session time: Tue Sep 1 20:49:16.203 2009 (GMT+2)
System Uptime: 1 days 5:38:00.937
Loading Kernel Symbols
...............................................................
.........................................................
Loading User Symbols
Loading unloaded module list
................................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 100000BE, {7c90eb98, ec1d025, bacdbc10, a}

Probably caused by : ntkrpamp.exe ( nt!CcFlushCache+bf )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

ATTEMPTED_WRITE_TO_READONLY_MEMORY (be)
An attempt was made to write to readonly memory. The guilty driver is on the
stack trace (and is typically the current instruction pointer).
When possible, the guilty driver's name (Unicode string) is printed on
the bugcheck screen and saved in KiBugCheckDriver.
Arguments:
Arg1: 7c90eb98, Virtual address for the attempted write.
Arg2: 0ec1d025, PTE contents.
Arg3: bacdbc10, (reserved)
Arg4: 0000000a, (reserved)

Debugging Details:
------------------


CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0xBE

PROCESS_NAME: System

LAST_CONTROL_TRANSFER: from 804e482b to 804e41ed

STACK_TEXT:
bacdbcf0 804e482b b5e3ad64 00000000 00000001 nt!CcFlushCache+0xbf
bacdbd34 804e7041 89e81038 80563720 89e3e998 nt!CcWriteBehind+0x119
bacdbd7c 80537757 89e81038 00000000 89e3e998 nt!CcWorkerThread+0x12f
bacdbdac 805ce794 89e81038 00000000 00000000 nt!ExpWorkerThread+0xef
bacdbddc 805450ce 80537668 00000000 00000000 nt!PspSystemThreadStartup+0x34
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!CcFlushCache+bf
804e41ed ff4604 inc dword ptr [esi+4]

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: nt!CcFlushCache+bf

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntkrpamp.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 41107b0d

FAILURE_BUCKET_ID: 0xBE_nt!CcFlushCache+bf

BUCKET_ID: 0xBE_nt!CcFlushCache+bf

Followup: MachineOwner
---------



Thank you In Advance