Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [F:\DMP\050811-31247-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.17514.amd64fre.win7sp1_rtm.101119-1850
Machine Name:
Kernel base = 0xfffff800`02c5f000 PsLoadedModuleList = 0xfffff800`02ea4e90
Debug session time: Sun May 8 07:24:29.725 2011 (UTC - 4:00)
System Uptime: 0 days 0:37:01.943
Loading Kernel Symbols
...............................................................
................................................................
............................
Loading User Symbols
Loading unloaded module list
.........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 4E, {99, 11d61, 2, b7148}
Unable to load image \??\C:\Windows\system32\drivers\aswMonFlt.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for aswMonFlt.sys
*** ERROR: Module load completed but symbols could not be loaded for aswMonFlt.sys
Probably caused by : memory_corruption ( nt!MiBadShareCount+4c )
Followup: MachineOwner
---------
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
PFN_LIST_CORRUPT (4e)
Typically caused by drivers passing bad memory descriptor lists (ie: calling
MmUnlockPages twice with the same list, etc). If a kernel debugger is
available get the stack trace.
Arguments:
Arg1: 0000000000000099, A PTE or PFN is corrupt
Arg2: 0000000000011d61, page frame number
Arg3: 0000000000000002, current page state
Arg4: 00000000000b7148, 0
Debugging Details:
------------------
BUGCHECK_STR: 0x4E_99
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: AvastSvc.exe
CURRENT_IRQL: 2
LAST_CONTROL_TRANSFER: from fffff80002d64f5c to fffff80002cdf640
STACK_TEXT:
fffff880`03ad7098 fffff800`02d64f5c : 00000000`0000004e 00000000`00000099 00000000`00011d61 00000000`00000002 : nt!KeBugCheckEx
fffff880`03ad70a0 fffff800`02c94fe8 : 00000000`0017f000 fffffa80`00361230 00000000`00000000 fffff880`03ad7368 : nt!MiBadShareCount+0x4c
fffff880`03ad70e0 fffff800`02ff0139 : fffff980`4c400000 fffff8a0`039e9490 fffff8a0`00000000 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x2ca47
fffff880`03ad73c0 fffff800`02d02e9b : 00000000`00140000 fffffa80`078a4040 00000000`00000000 00000000`00200000 : nt!CcUnmapVacb+0x5d
fffff880`03ad7400 fffff800`02cf55f9 : fffff980`26a50001 00000000`00200000 fffffa80`04169d00 fffffa80`03b62ba0 : nt!CcUnmapVacbArray+0x1bb
fffff880`03ad7490 fffff800`02fc9312 : 00000000`00000000 00000000`00200000 fffff880`03ad7560 fffff880`03ad75f0 : nt!CcGetVirtualAddress+0x38a
fffff880`03ad7520 fffff880`010d9f08 : fffff880`00000000 00000000`00000005 fffffa80`046e5810 fffffa80`00010001 : nt!CcCopyRead+0x132
fffff880`03ad75e0 fffff880`00c0c098 : fffffa80`06effb20 fffffa80`046e57a8 00000000`00000000 00000000`00000001 : Ntfs!NtfsCopyReadA+0x1a8
fffff880`03ad77c0 fffff880`00c0f8ba : fffff880`03ad78b8 fffffa80`06554003 fffff880`03ad7a00 00000000`00000000 : fltmgr!FltpPerformFastIoCall+0x88
fffff880`03ad7820 fffff880`00c1d1a0 : 00000000`00000004 00000000`00000000 fffffa80`06effb20 00000000`00000000 : fltmgr!FltpPassThroughFastIo+0xda
fffff880`03ad7860 fffff880`010072ae : fffffa80`06c4e8d0 fffff800`00000000 00000014`00000001 fffffa80`0766fcb0 : fltmgr!FltReadFile+0x260
fffff880`03ad7940 fffffa80`06c4e8d0 : fffff800`00000000 00000014`00000001 fffffa80`0766fcb0 fffff880`09a72000 : aswMonFlt+0x72ae
fffff880`03ad7948 fffff800`00000000 : 00000014`00000001 fffffa80`0766fcb0 fffff880`09a72000 00000000`00000004 : 0xfffffa80`06c4e8d0
fffff880`03ad7950 00000014`00000001 : fffffa80`0766fcb0 fffff880`09a72000 00000000`00000004 fffff880`03ad7a08 : 0xfffff800`00000000
fffff880`03ad7958 fffffa80`0766fcb0 : fffff880`09a72000 00000000`00000004 fffff880`03ad7a08 00000000`00000000 : 0x14`00000001
fffff880`03ad7960 fffff880`09a72000 : 00000000`00000004 fffff880`03ad7a08 00000000`00000000 00000000`00000000 : 0xfffffa80`0766fcb0
fffff880`03ad7968 00000000`00000004 : fffff880`03ad7a08 00000000`00000000 00000000`00000000 fffffa80`0005a0c0 : 0xfffff880`09a72000
fffff880`03ad7970 fffff880`03ad7a08 : 00000000`00000000 00000000`00000000 fffffa80`0005a0c0 00000004`00010000 : 0x4
fffff880`03ad7978 00000000`00000000 : 00000000`00000000 fffffa80`0005a0c0 00000004`00010000 fffff800`02d0412f : 0xfffff880`03ad7a08
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!MiBadShareCount+4c
fffff800`02d64f5c cc int 3
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!MiBadShareCount+4c
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
DEBUG_FLR_IMAGE_TIMESTAMP: 4ce7951a
IMAGE_NAME: memory_corruption
FAILURE_BUCKET_ID: X64_0x4E_99_nt!MiBadShareCount+4c
BUCKET_ID: X64_0x4E_99_nt!MiBadShareCount+4c
Followup: MachineOwner
---------
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [F:\DMP\050811-21606-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.17514.amd64fre.win7sp1_rtm.101119-1850
Machine Name:
Kernel base = 0xfffff800`02c1b000 PsLoadedModuleList = 0xfffff800`02e60e90
Debug session time: Sun May 8 06:46:34.035 2011 (UTC - 4:00)
System Uptime: 0 days 0:17:20.643
Loading Kernel Symbols
...............................................................
................................................................
...........................
Loading User Symbols
Loading unloaded module list
.......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 4E, {2, 2ec01, 137fff, 1}
Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+11718 )
Followup: MachineOwner
---------
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
PFN_LIST_CORRUPT (4e)
Typically caused by drivers passing bad memory descriptor lists (ie: calling
MmUnlockPages twice with the same list, etc). If a kernel debugger is
available get the stack trace.
Arguments:
Arg1: 0000000000000002, A list entry was corrupt
Arg2: 000000000002ec01, entry in list being removed
Arg3: 0000000000137fff, highest physical page number
Arg4: 0000000000000001, reference count of entry being removed
Debugging Details:
------------------
BUGCHECK_STR: 0x4E_2
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: VSSVC.exe
CURRENT_IRQL: 2
LAST_CONTROL_TRANSFER: from fffff80002c2fd38 to fffff80002c9b640
STACK_TEXT:
fffff880`09d792a8 fffff800`02c2fd38 : 00000000`0000004e 00000000`00000002 00000000`0002ec01 00000000`00137fff : nt!KeBugCheckEx
fffff880`09d792b0 fffff800`02cdf1eb : 00000000`00000000 00000000`00000000 00000000`00000000 fffff8a0`03339c10 : nt! ?? ::FNODOBFM::`string'+0x11718
fffff880`09d79340 fffff800`02cddd38 : fffff8a0`03339010 fffff8a0`03339c10 fffffa80`06088590 fffffa80`06088590 : nt!MiFlushSectionInternal+0x6bb
fffff880`09d79570 fffff800`02cdd29c : 00000000`00000000 fffff980`0937f500 00000000`00000000 fffff880`012c21fa : nt!MmFlushSection+0x1f4
fffff880`09d79630 fffff880`012906d4 : fffffa80`06d8e778 00000000`00000000 fffff8a0`00000000 00000000`00000001 : nt!CcFlushCache+0x7bc
fffff880`09d79730 fffff880`012864e3 : 00000000`00000000 fffff8a0`02bdea80 00000000`00000000 00000000`00000001 : Ntfs!NtfsFlushUserStream+0xb4
fffff880`09d797b0 fffff880`0128efad : fffffa80`0491b640 fffffa80`04fd7180 00000000`00120101 00000000`00000000 : Ntfs!NtfsFlushVolume+0x2c7
fffff880`09d798e0 fffff880`0128f6b4 : fffffa80`0491b640 fffffa80`058c9c10 fffffa80`04268910 00000000`00000000 : Ntfs!NtfsCommonFlushBuffers+0x459
fffff880`09d799c0 fffff880`01098bcf : fffffa80`058c9fb0 fffffa80`058c9c10 fffffa80`0491b640 fffff880`09d799e8 : Ntfs!NtfsFsdFlushBuffers+0x104
fffff880`09d79a30 fffff880`010976df : fffffa80`04a6ea20 00000000`00000000 fffffa80`04a6ea00 fffffa80`058c9c10 : fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x24f
fffff880`09d79ac0 fffff800`02fa371b : 00000000`00000002 fffffa80`04268910 00000000`00000000 fffffa80`058c9c10 : fltmgr!FltpDispatch+0xcf
fffff880`09d79b20 fffff800`02f3a871 : fffffa80`058c9c10 fffffa80`04022060 fffffa80`04268910 fffff880`009e9180 : nt!IopSynchronousServiceTail+0xfb
fffff880`09d79b90 fffff800`02c9a8d3 : fffffa80`04022060 00000000`ff932270 fffffa80`04a6ea20 fffffa80`04268910 : nt!NtFlushBuffersFile+0x171
fffff880`09d79c20 00000000`76e517ca : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`031cf288 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x76e517ca
STACK_COMMAND: kb
FOLLOWUP_IP:
nt! ?? ::FNODOBFM::`string'+11718
fffff800`02c2fd38 cc int 3
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt! ?? ::FNODOBFM::`string'+11718
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4ce7951a
FAILURE_BUCKET_ID: X64_0x4E_2_nt!_??_::FNODOBFM::_string_+11718
BUCKET_ID: X64_0x4E_2_nt!_??_::FNODOBFM::_string_+11718
Followup: MachineOwner
---------
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [F:\DMP\050811-23228-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.17514.amd64fre.win7sp1_rtm.101119-1850
Machine Name:
Kernel base = 0xfffff800`02c01000 PsLoadedModuleList = 0xfffff800`02e46e90
Debug session time: Sun May 8 09:10:46.508 2011 (UTC - 4:00)
System Uptime: 0 days 0:00:54.116
Loading Kernel Symbols
...............................................................
......................
Loading User Symbols
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck A, {0, 2, 0, fffff80002c97194}
Unable to load image \SystemRoot\System32\Drivers\aswSP.SYS, Win32 error 0n2
*** WARNING: Unable to verify timestamp for aswSP.SYS
*** ERROR: Module load completed but symbols could not be loaded for aswSP.SYS
Probably caused by : aswSP.SYS ( aswSP+15383 )
Followup: MachineOwner
---------
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0000000000000000, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff80002c97194, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002eb20e8
0000000000000000
CURRENT_IRQL: 2
FAULTING_IP:
nt!IopCompleteRequest+c64
fffff800`02c97194 488b09 mov rcx,qword ptr [rcx]
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VERIFIER_ENABLED_VISTA_MINIDUMP
BUGCHECK_STR: 0xA
PROCESS_NAME: System
IRP_ADDRESS: ffffffffffffff88
TRAP_FRAME: fffff880031ae8d0 -- (.trap 0xfffff880031ae8d0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=fffff8a0002414f0
rdx=fffff88003f9e198 rsi=0000000000000000 rdi=0000000000000000
rip=fffff800030b6fff rsp=fffff880031aea60 rbp=fffff8a0002414f0
r8=fffff88003f9edb0 r9=0000000000000000 r10=0000000000000100
r11=fffff880031aea90 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
nt!CmSetCallbackObjectContext+0x6f:
fffff800`030b6fff 740c je nt!CmSetCallbackObjectContext+0x7d (fffff800`030b700d) [br=1]
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002c80be9 to fffff80002c81640
STACK_TEXT:
fffff880`031ae318 fffff800`02c80be9 : 00000000`0000000a 00000000`00000000 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff880`031ae320 fffff800`02c7f860 : 00000000`00000004 fffffa80`03afb200 fffff880`031ae1a0 fffff980`04a74ee0 : nt!KiBugCheckDispatch+0x69
fffff880`031ae460 fffff800`02c97194 : 00200000`030b7121 00000000`00000000 00000000`00000000 00001f80`00cb00f6 : nt!KiPageFault+0x260
fffff880`031ae5f0 fffff800`02c74cf7 : 00000000`00000000 fffff880`031ae910 fffff880`031ae600 fffff800`00000000 : nt!IopCompleteRequest+0xc64
fffff880`031ae6c0 fffff800`02c2e7d5 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDeliverApc+0x1c7
fffff880`031ae740 fffff800`02c9005c : fffff800`02e05ec0 fffff800`02e05ec0 fffffa80`03b8f1a0 00000000`00000001 : nt!KiCheckForKernelApcDelivery+0x25
fffff880`031ae770 fffff800`02c7f76e : 00000000`00000008 fffff800`030b7000 00000000`00000000 00000000`00000000 : nt!MmAccessFault+0x1a3c
fffff880`031ae8d0 fffff800`030b6fff : fffff880`031aea50 00000000`0000001d 00000000`00000010 fffff800`030b6f90 : nt!KiPageFault+0x16e
fffff880`031aea60 fffff880`03f72383 : 00000000`00000000 00000000`0000001d fffff880`031aec50 00000000`00000000 : nt!CmSetCallbackObjectContext+0x6f
fffff880`031aeab0 00000000`00000000 : 00000000`0000001d fffff880`031aec50 00000000`00000000 fffff8a0`00000000 : aswSP+0x15383
STACK_COMMAND: kb
FOLLOWUP_IP:
aswSP+15383
fffff880`03f72383 ?? ???
SYMBOL_STACK_INDEX: 9
SYMBOL_NAME: aswSP+15383
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: aswSP
IMAGE_NAME: aswSP.SYS
DEBUG_FLR_IMAGE_TIMESTAMP: 4dac7244
FAILURE_BUCKET_ID: X64_0xA_VRF_aswSP+15383
BUCKET_ID: X64_0xA_VRF_aswSP+15383
Followup: MachineOwner
---------