Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights...Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [F:\a\Minidump\D M P\DMP\031611-40076-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17514.x86fre.win7sp1_rtm.101119-1850
Machine Name:
Kernel base = 0x8301a000 PsLoadedModuleList = 0x83164850
Debug session time: Tue Mar 15 15:32:50.241 2011 (UTC - 4:00)
System Uptime: 0 days 0:10:12.364
Loading Kernel Symbols
...............................................................
................................................................
........................................
Loading User Symbols
Loading unloaded module list
......
Unable to load image \SystemRoot\System32\Drivers\US4Vista.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for US4Vista.sys
*** ERROR: Module load completed but symbols could not be loaded for US4Vista.sys
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000008E, {c0000005, 8dc015ee, a2d87ad0, 0}
*** WARNING: Unable to verify timestamp for klif.sys
*** ERROR: Module load completed but symbols could not be loaded for klif.sys
Probably caused by : US4Vista.sys ( US4Vista+15ee )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 8dc015ee, The address that the exception occurred at
Arg3: a2d87ad0, Trap Frame
Arg4: 00000000
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
US4Vista+15ee
8dc015ee 8b490c mov ecx,dword ptr [ecx+0Ch]
TRAP_FRAME: a2d87ad0 -- (.trap 0xffffffffa2d87ad0)
ErrCode = 00000000
eax=88a4ffb8 ebx=88a4ff00 ecx=00000010 edx=88a4ff00 esi=882bfb98 edi=00000000
eip=8dc015ee esp=a2d87b44 ebp=a2d87b68 iopl=0 nv up ei pl nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010202
US4Vista+0x15ee:
8dc015ee 8b490c mov ecx,dword ptr [ecx+0Ch] ds:0023:0000001c=????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x8E
PROCESS_NAME: PDEngine.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from 8dc0394c to 8dc015ee
STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
a2d87b68 8dc0394c 882bfb98 00000000 a2d87b90 US4Vista+0x15ee
a2d87b78 83051593 882bfae0 88a4ff00 88a4ff00 US4Vista+0x394c
a2d87b90 8324599f 8674c518 88a4ff00 88a4ffb8 nt!IofCallDriver+0x63
a2d87bb0 83248b71 882bfae0 8674c518 00000000 nt!IopSynchronousServiceTail+0x1f8
a2d87c4c 8328f3f4 882bfae0 88a4ff00 00000000 nt!IopXxxControlFile+0x6aa
a2d87c80 9283c1d0 00000210 00000000 00000000 nt!NtDeviceIoControlFile+0x2a
a2d87d04 830581ea 00000210 00000000 00000000 klif+0x2e1d0
a2d87d04 774070b4 00000210 00000000 00000000 nt!KiFastCallEntry+0x12a
00ceeb00 00000000 00000000 00000000 00000000 0x774070b4
STACK_COMMAND: kb
FOLLOWUP_IP:
US4Vista+15ee
8dc015ee 8b490c mov ecx,dword ptr [ecx+0Ch]
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: US4Vista+15ee
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: US4Vista
IMAGE_NAME: US4Vista.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4abbde87
FAILURE_BUCKET_ID: 0x8E_US4Vista+15ee
BUCKET_ID: 0x8E_US4Vista+15ee
Followup: MachineOwner
---------
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [F:\a\Minidump\D M P\DMP\031611-40154-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17514.x86fre.win7sp1_rtm.101119-1850
Machine Name:
Kernel base = 0x83002000 PsLoadedModuleList = 0x8314c850
Debug session time: Tue Mar 15 15:44:16.106 2011 (UTC - 4:00)
System Uptime: 0 days 0:10:14.104
Loading Kernel Symbols
...............................................................
................................................................
........................................
Loading User Symbols
Loading unloaded module list
......
Unable to load image \SystemRoot\System32\Drivers\US4Vista.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for US4Vista.sys
*** ERROR: Module load completed but symbols could not be loaded for US4Vista.sys
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000008E, {c0000005, 8ddc35ee, a382bad0, 0}
*** WARNING: Unable to verify timestamp for klif.sys
*** ERROR: Module load completed but symbols could not be loaded for klif.sys
Probably caused by : US4Vista.sys ( US4Vista+15ee )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 8ddc35ee, The address that the exception occurred at
Arg3: a382bad0, Trap Frame
Arg4: 00000000
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
US4Vista+15ee
8ddc35ee 8b490c mov ecx,dword ptr [ecx+0Ch]
TRAP_FRAME: a382bad0 -- (.trap 0xffffffffa382bad0)
ErrCode = 00000000
eax=883cdaf8 ebx=883cda40 ecx=00000010 edx=883cda40 esi=8848cb58 edi=00000000
eip=8ddc35ee esp=a382bb44 ebp=a382bb68 iopl=0 nv up ei pl nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010202
US4Vista+0x15ee:
8ddc35ee 8b490c mov ecx,dword ptr [ecx+0Ch] ds:0023:0000001c=????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x8E
PROCESS_NAME: PDEngine.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from 8ddc594c to 8ddc35ee
STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
a382bb68 8ddc594c 8848cb58 00000000 a382bb90 US4Vista+0x15ee
a382bb78 83039593 8848caa0 883cda40 883cda40 US4Vista+0x394c
a382bb90 8322d99f 86c67610 883cda40 883cdaf8 nt!IofCallDriver+0x63
a382bbb0 83230b71 8848caa0 86c67610 00000000 nt!IopSynchronousServiceTail+0x1f8
a382bc4c 832773f4 8848caa0 883cda40 00000000 nt!IopXxxControlFile+0x6aa
a382bc80 8d79e1d0 00000220 00000000 00000000 nt!NtDeviceIoControlFile+0x2a
a382bd04 830401ea 00000220 00000000 00000000 klif+0x2e1d0
a382bd04 777270b4 00000220 00000000 00000000 nt!KiFastCallEntry+0x12a
0083eb00 00000000 00000000 00000000 00000000 0x777270b4
STACK_COMMAND: kb
FOLLOWUP_IP:
US4Vista+15ee
8ddc35ee 8b490c mov ecx,dword ptr [ecx+0Ch]
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: US4Vista+15ee
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: US4Vista
IMAGE_NAME: US4Vista.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4abbde87
FAILURE_BUCKET_ID: 0x8E_US4Vista+15ee
BUCKET_ID: 0x8E_US4Vista+15ee
Followup: MachineOwner
---------start end module name
95fb4000 95feb000 aa9zh2ki aa9zh2ki.SYS Fri Aug 07 09:29:49 2009 (4A7C2C4D)
84360000 843a8000 ACPI ACPI.sys Sat Nov 20 03:37:52 2010 (4CE788E0)
94c1d000 94c77000 afd afd.sys Sat Nov 20 03:40:00 2010 (4CE78960)
95feb000 95ffd000 AgileVpn AgileVpn.sys Mon Jul 13 19:55:00 2009 (4A5BC954)
8d6fe000 8d707000 amdxata amdxata.sys Fri Mar 19 12:19:01 2010 (4BA3A3F5)
8d6d2000 8d6db000 atapi atapi.sys Mon Jul 13 19:11:15 2009 (4A5BBF13)
8d6db000 8d6fe000 ataport ataport.SYS Sat Nov 20 03:38:00 2010 (4CE788E8)
9548d000 954a9000 AtihdW73 AtihdW73.sys Wed Nov 17 07:00:47 2010 (4CE3C3EF)
95816000 95f9c000 atikmdag atikmdag.sys Wed Jan 26 17:42:31 2011 (4D40A357)
94b4e000 94b8d000 atikmpag atikmpag.sys Wed Jan 26 17:13:11 2011 (4D409C77)
9cb70000 9cbbd000 ATMFD ATMFD.DLL Fri Jan 07 00:43:36 2011 (4D26A808)
8da18000 8da1f000 Beep Beep.SYS Mon Jul 13 19:45:00 2009 (4A5BC6FC)
94b0d000 94b1b000 blbdrive blbdrive.sys Mon Jul 13 19:23:04 2009 (4A5BC1D8)
836ce000 836d6000 BOOTVID BOOTVID.dll Mon Jul 13 21:04:34 2009 (4A5BD9A2)
9a793000 9a7ac000 bowser bowser.sys Mon Jul 13 19:14:21 2009 (4A5BBFCD)
9cb50000 9cb6e000 cdd cdd.dll unavailable (00000000)
8d751000 8d770000 cdrom cdrom.sys Sat Nov 20 03:38:09 2010 (4CE788F1)
94ce0000 94dd6000 cfosspeed6 cfosspeed6.sys Thu Dec 02 09:41:59 2010 (4CF7B037)
83718000 837c3000 CI CI.dll Sat Nov 20 07:05:17 2010 (4CE7B97D)
8dbba000 8dbdf000 CLASSPNP CLASSPNP.SYS Mon Jul 13 19:11:20 2009 (4A5BBF18)
836d6000 83718000 CLFS CLFS.SYS Mon Jul 13 19:11:10 2009 (4A5BBF0E)
8d97d000 8d9da000 cng cng.sys Mon Jul 13 19:32:55 2009 (4A5BC427)
953f2000 953ff000 CompositeBus CompositeBus.sys Sat Nov 20 04:50:21 2010 (4CE799DD)
9a683000 9a690000 crashdmp crashdmp.sys Mon Jul 13 19:45:50 2009 (4A5BC72E)
94a91000 94af5000 csc csc.sys Sat Nov 20 03:44:32 2010 (4CE78A70)
9a6f5000 9a71a000 DefragFS DefragFS.SYS Tue Dec 15 05:18:05 2009 (4B27625D)
94af5000 94b0d000 dfsc dfsc.sys Sat Nov 20 03:42:32 2010 (4CE789F8)
94a85000 94a91000 discache discache.sys Mon Jul 13 19:24:04 2009 (4A5BC214)
8ddea000 8ddfb000 disk disk.sys Mon Jul 13 19:11:28 2009 (4A5BBF20)
954d8000 954f1000 drmk drmk.sys Mon Jul 13 20:36:05 2009 (4A5BD2F5)
9a69b000 9a6a4000 dump_atapi dump_atapi.sys Mon Jul 13 19:11:15 2009 (4A5BBF13)
9a690000 9a69b000 dump_dumpata dump_dumpata.sys Mon Jul 13 19:11:16 2009 (4A5BBF14)
9a6a4000 9a6b5000 dump_dumpfve dump_dumpfve.sys Mon Jul 13 19:12:47 2009 (4A5BBF6F)
9a679000 9a683000 Dxapi Dxapi.sys Mon Jul 13 19:25:25 2009 (4A5BC265)
95202000 952b9000 dxgkrnl dxgkrnl.sys Sat Nov 20 04:08:14 2010 (4CE78FFE)
952b9000 952f2000 dxgmms1 dxgmms1.sys Wed Feb 02 22:45:05 2011 (4D4A24C1)
953d7000 953e2000 fdc fdc.sys Mon Jul 13 19:45:45 2009 (4A5BC729)
8d707000 8d718000 fileinfo fileinfo.sys Mon Jul 13 19:21:51 2009 (4A5BC18F)
95472000 9547c000 flpydisk flpydisk.sys Mon Jul 13 19:45:45 2009 (4A5BC729)
843a8000 843dc000 fltmgr fltmgr.sys Mon Jul 13 19:11:13 2009 (4A5BBF11)
8d9e8000 8d9f1000 Fs_Rec Fs_Rec.sys Mon Jul 13 19:11:14 2009 (4A5BBF12)
8db88000 8dbba000 fvevol fvevol.sys Sat Nov 20 03:40:22 2010 (4CE78976)
8dd88000 8ddb9000 fwpkclnt fwpkclnt.sys Sat Nov 20 03:39:08 2010 (4CE7892C)
953ec000 953f1280 GEARAspiWDM GEARAspiWDM.sys Mon May 18 08:16:53 2009 (4A1151B5)
83414000 8344b000 hal halmacpi.dll Sat Nov 20 03:37:38 2010 (4CE788D2)
952f2000 95311000 HDAudBus HDAudBus.sys Sat Nov 20 04:59:28 2010 (4CE79C00)
96371000 96384000 HIDCLASS HIDCLASS.SYS Sat Nov 20 04:59:37 2010 (4CE79C09)
96384000 9638a480 HIDPARSE HIDPARSE.SYS Mon Jul 13 19:50:59 2009 (4A5BC863)
96366000 96371000 hidusb hidusb.sys Sat Nov 20 04:59:38 2010 (4CE79C0A)
954f1000 95576000 HTTP HTTP.sys Sat Nov 20 03:40:17 2010 (4CE78971)
8dde2000 8ddea000 hwpolicy hwpolicy.sys Sat Nov 20 03:37:35 2010 (4CE788CF)
8d664000 8d66b000 intelide intelide.sys Mon Jul 13 19:11:19 2009 (4A5BBF17)
94b3c000 94b4e000 intelppm intelppm.sys Mon Jul 13 19:11:03 2009 (4A5BBF07)
94a17000 94a24000 kbdclass kbdclass.sys Mon Jul 13 19:11:15 2009 (4A5BBF13)
9639f000 963ab000 kbdhid kbdhid.sys Sat Nov 20 04:50:10 2010 (4CE799D2)
80b9e000 80ba6000 kdcom kdcom.dll Mon Jul 13 21:08:58 2009 (4A5BDAAA)
8d01f000 8d541000 kl1 kl1.sys Wed Jun 09 09:24:39 2010 (4C0F9617)
8d00c000 8d012000 kl2 kl2.sys Wed Jun 09 09:24:35 2010 (4C0F9613)
8d770000 8d7f3000 klif klif.sys Fri Aug 06 13:16:02 2010 (4C5C4352)
96396000 9639f000 klmouflt klmouflt.sys Mon Nov 02 11:26:08 2009 (4AEF0820)
83600000 83634000 ks ks.sys Sat Nov 20 04:50:17 2010 (4CE799D9)
8d96a000 8d97d000 ksecdd ksecdd.sys Sat Nov 20 03:38:54 2010 (4CE7891E)
8db24000 8db49000 ksecpkg ksecpkg.sys Mon Jul 13 19:34:00 2009 (4A5BC468)
9a71a000 9a72a000 lltdio lltdio.sys Mon Jul 13 19:53:18 2009 (4A5BC8EE)
9a6c0000 9a6db000 luafv luafv.sys Mon Jul 13 19:15:44 2009 (4A5BC020)
a33ed000 a33f1a80 LVPr2Mon LVPr2Mon.sys Fri May 07 21:36:25 2010 (4BE4C019)
9a635000 9a678a00 lvrs lvrs.sys Tue Nov 09 21:38:10 2010 (4CDA0592)
9a203000 9a620c80 lvuvc lvuvc.sys Tue Nov 09 21:38:23 2010 (4CDA059F)
83638000 836bd000 mcupdate_GenuineIntel mcupdate_GenuineIntel.dll Sat Nov 20 07:00:54 2010 (4CE7B876)
9a6b5000 9a6c0000 monitor monitor.sys Mon Jul 13 19:25:58 2009 (4A5BC286)
8d012000 8d01f000 mouclass mouclass.sys Mon Jul 13 19:11:15 2009 (4A5BBF13)
9638b000 96396000 mouhid mouhid.sys Mon Jul 13 19:45:08 2009 (4A5BC704)
8d680000 8d696000 mountmgr mountmgr.sys Sat Nov 20 03:38:09 2010 (4CE788F1)
9a7ac000 9a7be000 mpsdrv mpsdrv.sys Mon Jul 13 19:52:52 2009 (4A5BC8D4)
9a7be000 9a7e1000 mrxsmb mrxsmb.sys Sat Nov 20 03:42:40 2010 (4CE78A00)
963ab000 963e6000 mrxsmb10 mrxsmb10.sys Sat Nov 20 03:44:15 2010 (4CE78A5F)
9a7e1000 9a7fc000 mrxsmb20 mrxsmb20.sys Sat Nov 20 03:42:47 2010 (4CE78A07)
8d600000 8d60b000 Msfs Msfs.SYS Mon Jul 13 19:11:26 2009 (4A5BBF1E)
843dc000 843e4000 msisadrv msisadrv.sys Mon Jul 13 19:11:09 2009 (4A5BBF0D)
8d93f000 8d96a000 msrpc msrpc.sys Mon Jul 13 19:11:59 2009 (4A5BBF3F)
94a7b000 94a85000 mssmbios mssmbios.sys Mon Jul 13 19:19:25 2009 (4A5BC0FD)
8dc2d000 8dc3d000 mup mup.sys Mon Jul 13 19:14:14 2009 (4A5BBFC6)
8da2f000 8dae6000 ndis ndis.sys Sat Nov 20 03:39:19 2010 (4CE78937)
95800000 9580b000 ndistapi ndistapi.sys Mon Jul 13 19:54:24 2009 (4A5BC930)
9a770000 9a780000 ndisuio ndisuio.sys Sat Nov 20 05:06:36 2010 (4CE79DAC)
94ba5000 94bc7000 ndiswan ndiswan.sys Sat Nov 20 05:07:48 2010 (4CE79DF4)
9547c000 9548d000 NDProxy NDProxy.SYS Sat Nov 20 05:07:39 2010 (4CE79DEB)
94dd6000 94de4000 netbios netbios.sys Mon Jul 13 19:53:54 2009 (4A5BC912)
94c77000 94ca9000 netbt netbt.sys Sat Nov 20 03:39:22 2010 (4CE7893A)
8dae6000 8db24000 NETIO NETIO.SYS Sat Nov 20 03:40:03 2010 (4CE78963)
8d60b000 8d619000 Npfs Npfs.SYS Mon Jul 13 19:11:31 2009 (4A5BBF23)
94a71000 94a7b000 nsiproxy nsiproxy.sys Mon Jul 13 19:12:08 2009 (4A5BBF48)
83002000 83414000 nt ntkrpamp.exe Sat Nov 20 03:42:49 2010 (4CE78A09)
8d810000 8d93f000 Ntfs Ntfs.sys Sat Nov 20 03:39:08 2010 (4CE7892C)
8da11000 8da18000 Null Null.SYS Mon Jul 13 19:11:12 2009 (4A5BBF10)
9a72a000 9a770000 nwifi nwifi.sys Mon Jul 13 19:51:59 2009 (4A5BC89F)
94cb9000 94cd8000 pacer pacer.sys Mon Jul 13 19:53:58 2009 (4A5BC916)
95f9c000 95fb4000 parport parport.sys Mon Jul 13 19:45:34 2009 (4A5BC71E)
8422a000 8423b000 partmgr partmgr.sys Sat Nov 20 03:38:14 2010 (4CE788F6)
963e6000 963ed000 parvdm parvdm.sys Mon Jul 13 19:45:29 2009 (4A5BC719)
84200000 8422a000 pci pci.sys Sat Nov 20 03:37:57 2010 (4CE788E5)
8d679000 8d680000 pciide pciide.sys Mon Jul 13 19:11:19 2009 (4A5BBF17)
8d66b000 8d679000 PCIIDEX PCIIDEX.SYS Mon Jul 13 19:11:15 2009 (4A5BBF13)
8d718000 8d751000 PCTCore PCTCore.sys Sun Mar 28 18:47:11 2010 (4BAFDC6F)
8d9da000 8d9e8000 pcw pcw.sys Mon Jul 13 19:11:10 2009 (4A5BBF0E)
a3214000 a32ab000 peauth peauth.sys Mon Jul 13 20:35:44 2009 (4A5BD2E0)
954a9000 954d8000 portcls portcls.sys Mon Jul 13 19:51:00 2009 (4A5BC864)
836bd000 836ce000 PSHED PSHED.dll Mon Jul 13 21:09:36 2009 (4A5BDAD0)
94b8d000 94ba5000 rasl2tp rasl2tp.sys Mon Jul 13 19:54:33 2009 (4A5BC939)
94bc7000 94bdf000 raspppoe raspppoe.sys Mon Jul 13 19:54:53 2009 (4A5BC94D)
94bdf000 94bf6000 raspptp raspptp.sys Mon Jul 13 19:54:47 2009 (4A5BC947)
94a00000 94a17000 rassstp rassstp.sys Mon Jul 13 19:54:57 2009 (4A5BC951)
94a30000 94a71000 rdbss rdbss.sys Sat Nov 20 03:42:44 2010 (4CE78A04)
9580b000 95815000 rdpbus rdpbus.sys Mon Jul 13 20:02:40 2009 (4A5BCB20)
8d800000 8d808000 RDPCDD RDPCDD.sys Sat Nov 20 05:22:19 2010 (4CE7A15B)
8d808000 8d810000 rdpencdd rdpencdd.sys Mon Jul 13 20:01:39 2009 (4A5BCAE3)
8d7f3000 8d7fb000 rdprefmp rdprefmp.sys Mon Jul 13 20:01:41 2009 (4A5BCAE5)
8dc00000 8dc2d000 rdyboost rdyboost.sys Sat Nov 20 04:00:07 2010 (4CE78E17)
9a780000 9a793000 rspndr rspndr.sys Mon Jul 13 19:53:20 2009 (4A5BC8F0)
95376000 953c8000 Rt86win7 Rt86win7.sys Thu Jan 13 06:56:25 2011 (4D2EE869)
9600e000 9634c940 RTKVHDA RTKVHDA.sys Thu Feb 24 05:17:00 2011 (4D66301C)
953c8000 953d7000 Rtnicxp Rtnicxp.sys Thu Jul 23 10:02:57 2009 (4A686D91)
94c13000 94c19000 SASDIFSV SASDIFSV.SYS Wed Feb 17 13:19:19 2010 (4B7C3327)
837d4000 837f6000 SASKUTIL SASKUTIL.SYS Mon May 10 13:15:22 2010 (4BE83F2A)
8433a000 84360000 SCSIPORT SCSIPORT.SYS Sat Nov 20 04:50:55 2010 (4CE799FF)
a32ab000 a32b5000 secdrv secdrv.SYS Wed Sep 13 09:18:32 2006 (45080528)
953e2000 953ec000 serenum serenum.sys Mon Jul 13 19:45:27 2009 (4A5BC717)
94de4000 94dfe000 serial serial.sys Mon Jul 13 19:45:33 2009 (4A5BC71D)
8ddda000 8dde2000 spldr spldr.sys Mon May 11 12:13:47 2009 (4A084EBB)
8423e000 84331000 sptd sptd.sys Sun Oct 11 16:54:02 2009 (4AD245EA)
a339c000 a33ed000 srv srv.sys Sat Nov 20 03:45:29 2010 (4CE78AA9)
a334d000 a339c000 srv2 srv2.sys Sat Nov 20 03:44:35 2010 (4CE78A73)
a331f000 a3340000 srvnet srvnet.sys Sat Nov 20 03:44:27 2010 (4CE78A6B)
95200000 95201380 swenum swenum.sys Mon Jul 13 19:45:08 2009 (4A5BC704)
8dc3e000 8dd88000 tcpip tcpip.sys Sat Nov 20 03:41:36 2010 (4CE789C0)
a3340000 a334d000 tcpipreg tcpipreg.sys Sat Nov 20 05:07:13 2010 (4CE79DD1)
8d000000 8d00c000 TDI TDI.SYS Sat Nov 20 03:39:18 2010 (4CE78936)
8d5e1000 8d5f8000 tdx tdx.sys Sat Nov 20 03:39:17 2010 (4CE78935)
837c3000 837d4000 termdd termdd.sys Sat Nov 20 05:21:10 2010 (4CE7A116)
9cb20000 9cb29000 TSDDD TSDDD.dll Mon Jul 13 20:01:40 2009 (4A5BCAE4)
94b1b000 94b3c000 tunnel tunnel.sys Sat Nov 20 05:06:40 2010 (4CE79DB0)
95420000 9542e000 umbus umbus.sys Sat Nov 20 05:00:23 2010 (4CE79C37)
8ddc2000 8ddda000 US4Vista US4Vista.sys Thu Sep 24 17:03:03 2009 (4ABBDE87)
9a621000 9a634b80 usbaudio usbaudio.sys Sat Nov 20 04:59:43 2010 (4CE79C0F)
9634d000 96364000 usbccgp usbccgp.sys Sat Nov 20 05:00:08 2010 (4CE79C28)
96364000 96365700 USBD USBD.SYS Mon Jul 13 19:51:05 2009 (4A5BC869)
95367000 95376000 usbehci usbehci.sys Sat Nov 20 04:59:43 2010 (4CE79C0F)
9542e000 95472000 usbhub usbhub.sys Sat Nov 20 05:00:34 2010 (4CE79C42)
9531c000 95367000 USBPORT USBPORT.SYS Sat Nov 20 04:59:49 2010 (4CE79C15)
95311000 9531c000 usbuhci usbuhci.sys Mon Jul 13 19:51:10 2009 (4A5BC86E)
843e4000 843ef000 vdrvroot vdrvroot.sys Mon Jul 13 19:46:19 2009 (4A5BC74B)
8da1f000 8da2b000 vga vga.sys Mon Jul 13 19:25:50 2009 (4A5BC27E)
8d5c0000 8d5e1000 VIDEOPRT VIDEOPRT.SYS Mon Jul 13 19:25:49 2009 (4A5BC27D)
8d696000 8d6bf180 vmbus vmbus.sys Sat Nov 20 04:14:58 2010 (4CE79192)
8ddb9000 8ddc1380 vmstorfl vmstorfl.sys Sat Nov 20 04:14:37 2010 (4CE7917D)
843ef000 843ff000 volmgr volmgr.sys Sat Nov 20 03:38:06 2010 (4CE788EE)
8d619000 8d664000 volmgrx volmgrx.sys Mon Jul 13 19:11:41 2009 (4A5BBF2D)
8db49000 8db88000 volsnap volsnap.sys Sat Nov 20 03:38:13 2010 (4CE788F5)
94c00000 94c13000 wanarp wanarp.sys Sat Nov 20 05:07:45 2010 (4CE79DF1)
8d9f1000 8d9fe000 watchdog watchdog.sys Mon Jul 13 19:24:10 2009 (4A5BC21A)
8d541000 8d5b2000 Wdf01000 Wdf01000.sys Mon Jul 13 19:11:36 2009 (4A5BBF28)
8d5b2000 8d5c0000 WDFLDR WDFLDR.SYS Mon Jul 13 19:11:25 2009 (4A5BBF1D)
94cb2000 94cb9000 wfplwf wfplwf.sys Mon Jul 13 19:53:51 2009 (4A5BC90F)
9c8c0000 9cb0d000 win32k win32k.sys Tue Jan 04 22:50:40 2011 (4D23EA90)
8d6c0000 8d6d2000 winhv winhv.sys Sat Nov 20 03:38:15 2010 (4CE788F7)
84331000 8433a000 WMILIB WMILIB.SYS Mon Jul 13 19:11:22 2009 (4A5BBF1A)
94ca9000 94cb2000 ws2ifsl ws2ifsl.sys Mon Jul 13 19:55:01 2009 (4A5BC955)
9a6db000 9a6f5000 WudfPf WudfPf.sys Sat Nov 20 04:58:55 2010 (4CE79BDF)
Unloaded modules:
a32b5000 a331f000 spsys.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 0006A000
8dbdf000 8dbec000 crashdmp.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 0000D000
8dbec000 8dbf7000 dump_ataport
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 0000B000
8dbf7000 8dc00000 dump_atapi.s
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00009000
8da00000 8da11000 dump_dumpfve
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00011000
94cd8000 94ce0000 klim6.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00008000NTFS_FILE_SYSTEM (24)
If you see NtfsExceptionFilter on the stack then the 2nd and 3rd
parameters are the exception record and context record. Do a .cxr
on the 3rd parameter and then kb to obtain a more informative stack
trace.
Arguments:
Arg1: 001904fb
Arg2: 8d8dc6fc
Arg3: 8d8dc2e0
Arg4: 8bc01e32
Debugging Details:
------------------
*** WARNING: Unable to verify timestamp for [U][B]US4Vista.sys
[/B][/U]*** ERROR: Module load completed but symbols could not be loaded for US4Vista.sys
*** WARNING: Unable to verify timestamp for eamon.sys
*** ERROR: Module load completed but symbols could not be loaded for eamon.sys
EXCEPTION_RECORD: 8d8dc6fc -- (.exr 0xffffffff8d8dc6fc)
ExceptionAddress: 8bc01e32 (US[U][B]4Vista+0[/B][/U]x00001e32)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 6a708621
Attempt to read from address 6a708621
CONTEXT: 8d8dc2e0 -- (.cxr 0xffffffff8d8dc2e0)
eax=6a708621 ebx=8824eec8 ecx=8621c398 edx=8824ef00 esi=8824eec8 edi=83166005
eip=8bc01e32 esp=8d8dc7c4 ebp=8d8dc81c iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
US4Vista+0x1e32:
8bc01e32 8b00 mov eax,dword ptr [eax] ds:0023:6a708621=????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: explorer.exe
CURRENT_IRQL: 0
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_PARAMETER1: 00000000
EXCEPTION_PARAMETER2: 6a708621
READ_ADDRESS: GetPointerFromAddress: unable to read from 831af718
Unable to read MiSystemVaType memory at 8318f160
6a708621
FOLLOWUP_IP:
[U][B]US4Vista[/B][/U]+1e32
8bc01e32 8b00 mov eax,dword ptr [eax]
FAULTING_IP:
[U][B]US4Vista[/B][/U]+1e32
8bc01e32 8b00 mov eax,dword ptr [eax]
BUGCHECK_STR: 0x24
LAST_CONTROL_TRANSFER: from 8bc0243a to 8bc01e32
STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
8d8dc81c 8bc0243a 8824ef00 0000003c 00000800 US[U][B]4Vista+0[/B][/U]x1e32
8d8dc85c 830afb33 885475c0 8621c398 00000000 [U][B]US4Vista[/B][/U]+0x243a
8d8dc8a0 8b827a7b 00000000 9cc780f8 8ab62638 nt!IopfCompleteRequest+0x128
8d8dc8b8 8b8a8c0c 8ab62638 8621c398 00000000 Ntfs!NtfsExtendedCompleteRequestInternal+0x107
8d8dcab4 8b8c6783 8ab62638 8621c398 882fe0d8 Ntfs!NtfsQueryDirectory+0xfb4
8d8dcae8 8b8c64fa 8ab62638 9cc78298 0608506a Ntfs!NtfsCommonDirectoryControl+0x21d
8d8dcb50 830834bc 882fe020 8621c398 8621c398 Ntfs!NtfsFsdDirectoryControl+0xf7
8d8dcb68 8b40620c 882f5ed8 8621c398 00000000 nt!IofCallDriver+0x63
8d8dcb8c 8b4063cb 8d8dcbac 882f5ed8 00000000 fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x2aa
8d8dcbc4 830834bc 882f5ed8 8621c398 8621c5f8 fltmgr!FltpDispatch+0xc5
8d8dcbdc 8bc02697 00000000 885475c0 8a7a7aa8 nt!IofCallDriver+0x63
8d8dcbf8 8bc0378a 85aa47c8 88547678 8d8dcc20 [U][B]US4Vista[/B][/U]+0x2697
8d8dcc08 830834bc 885475c0 8621c398 8621c398 US[U][B]4Vista+0[/B][/U]x378a
8d8dcc20 8b40620c 8a5baed8 8621c398 00000000 nt!IofCallDriver+0x63
8d8dcc44 8b4063cb 8d8dcc64 8a5baed8 00000000 fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x2aa
8d8dcc7c 830834bc 8a5baed8 8621c398 8621c5dc fltmgr!FltpDispatch+0xc5
8d8dcc94 984e2253 8a164b40 8a5e72e8 00000000 nt!IofCallDriver+0x63
8d8dcca8 830834bc 8a5e72e8 8621c398 8621c398 eamon+0x5253
8d8dccc0 83284f6e 00000df0 02a3d5b8 832c16bf nt!IofCallDriver+0x63
8d8dcce0 832c171a 8a5e72e8 8a164b40 00000001 nt!IopSynchronousServiceTail+0x1f8
8d8dcd00 8308a44a 00000df0 00000000 00000000 nt!NtQueryDirectoryFile+0x5b
8d8dcd00 77c464f4 00000df0 00000000 00000000 nt!KiFastCallEntry+0x12a
02a3d7e4 00000000 00000000 00000000 00000000 0x77c464f4
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: [U][B]US4Vista[/B][/U]+1e32
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: US4Vista
IMAGE_NAME: [U][B]US4Vista.sys[/B][/U]
DEBUG_FLR_IMAGE_TIMESTAMP: 49f1fd7f
STACK_COMMAND: .cxr 0xffffffff8d8dc2e0 ; kb
FAILURE_BUCKET_ID: 0x24_US4Vista+1e32
BUCKET_ID: 0x24_[U][B]US4Vista[/B][/U]+1e32
Followup: MachineOwner