Upexpected BSOD results in Crash Dump files

#1
Hey guys,

I recently recieved got BSOD. This as happened before but it seems to happen like every week now.

I have a crash dump file that appear in c:\windows\minidump folder.

I am uploading it here, for those who may wish to reveiw it. However, I cannot specify what the cuase of this problem may have been.

View attachment 082112-12792-01.dmp

View attachment 081312-12838-01.dmp

View attachment 080112-12963-01.dmp

Can anyone help me take a look and let me know what I can do to fix these BSOD?


Thank you,
 


Trouble

Noob Whisperer
#2
I suppose we can begin by taking the three dump files that you've attached at face value and address the problem with
vfilter.sys 11/18/2009 VPN filter driver from Shrew Soft Inc : Download : VPN Client For Windows
My suggestion would be to remove the software and confirm that the driver is no longer present on your system and see if that results in a more stable system.
DUMP:
Code:
BugCheck A, {0, 2, 0, fffff80002ca1915}
[U][B]Unable to load image \SystemRoot\system32\DRIVERS\[COLOR=#ff0000]vfilter.sys[/COLOR][/B][/U], Win32 error 0n2
*** WARNING: Unable to verify timestamp for [COLOR=#ff0000][U][B]vfilter.sys[/B][/U][/COLOR]
*** ERROR: Module load completed but symbols could not be loaded for [COLOR=#ff0000][U][B]vfilter.sys[/B][/U][/COLOR]
[U][B]Probably caused by[/B][/U] : [COLOR=#ff0000][U][B]vfilter.sys[/B][/U][/COLOR] ( [COLOR=#ff0000][U][B]vfilter[/B][/U][/COLOR]+29a6 )
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0000000000000000, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, bitfield :
    bit 0 : value 0 = read operation, 1 = write operation
    bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff80002ca1915, address which referenced memory
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002ecc100
 0000000000000000 
CURRENT_IRQL:  2
FAULTING_IP: 
nt!KeSetEvent+1e3
fffff800`02ca1915 488b00          mov     rax,qword ptr [rax]
CUSTOMER_CRASH_COUNT:  1
DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
BUGCHECK_STR:  0xA
PROCESS_NAME:  svchost.exe
TRAP_FRAME:  fffff8800c358fc0 -- (.trap 0xfffff8800c358fc0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=fffffa8006d13888
rdx=0000000000000001 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002ca1915 rsp=fffff8800c359150 rbp=0000000000000002
 r8=0000000000000000  r9=0000000000000000 r10=0000000000000000
r11=0000000000000002 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl nz ac po cy
nt!KeSetEvent+0x1e3:
fffff800`02ca1915 488b00          mov     rax,qword ptr [rax] ds:0002:00000000`00000000=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER:  from fffff80002c9c769 to fffff80002c9d1c0
STACK_TEXT:  
fffff880`0c358e78 fffff800`02c9c769 : 00000000`0000000a 00000000`00000000 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff880`0c358e80 fffff800`02c9b3e0 : fffffa80`0750f160 fffff880`0428bd13 ffff0000`0daa18b7 fffffa80`06d13880 : nt!KiBugCheckDispatch+0x69
fffff880`0c358fc0 fffff800`02ca1915 : fffff880`0c3591c0 fffff880`01886b0e 00000000`00000051 fffff880`0c359240 : nt!KiPageFault+0x260
fffff880`0c359150 fffff880`018869a6 : fffffa80`00000000 00000000`00000000 00000000`00000000 fffffa80`06d13870 : nt!KeSetEvent+0x1e3
fffff880`0c3591c0 fffffa80`00000000 : 00000000`00000000 00000000`00000000 fffffa80`06d13870 00000000`00000000 : [COLOR=#ff0000][U][B]vfilter[/B][/U][/COLOR]+0x29a6
fffff880`0c3591c8 00000000`00000000 : 00000000`00000000 fffffa80`06d13870 00000000`00000000 fffff880`0188642b : 0xfffffa80`00000000
STACK_COMMAND:  kb
FOLLOWUP_IP: 
[COLOR=#ff0000][U][B]vfilter[/B][/U][/COLOR]+29a6
fffff880`018869a6 ??              ???
SYMBOL_STACK_INDEX:  4
SYMBOL_NAME:    [COLOR=#ff0000][B]vfilter[/B][/COLOR]  +29a6
FOLLOWUP_NAME:  MachineOwner
  MODULE_NAME: [COLOR=#ff0000][U][B]vfilter[/B][/U][/COLOR]
IMAGE_NAME:  [COLOR=#ff0000][U][B]vfilter.sys[/B][/U][/COLOR]
DEBUG_FLR_IMAGE_TIMESTAMP:  4b048bff
FAILURE_BUCKET_ID:  X64_0xA_[COLOR=#ff0000][B]vfilter[/B][/COLOR]+29a6
BUCKET_ID:  X64_0xA_[COLOR=#ff0000][B]vfilter[/B][/COLOR]+29a6
If so perhaps try upgrading to the latest stable build (2.1.7) which should update that particular driver to 9/2/2010 which may help.
If Blue Screens persist then;
First make sure your machine is configured properly to facilitate the collection of .dmp files.
Go to Start and type in sysdm.cpl and press Enter
Click on the Advanced tab
Click on the Startup and Recovery Settings button
Ensure that Automatically restart is unchecked
Under the Write Debugging Information header select Small memory dump (256 kB) in the dropdown box
Ensure that the Small Dump Directory is listed as %systemroot%\Minidump << where your .dmp files can be
found later.
Click OK twice to exit the dialogs, then reboot for the changes to take effect.
Then:
Please read the first post in this sticky thread here How to ask for help with a BSOD problem
Do your best to accumulate the data required.
Run the SF Diagnostic tool (download and right click the executable and choose run as administrator)
Download and run CPUz. Use the Windows snipping tool to gather images from all tabs including all slots populated with memory under the SPD tab.
Likewise RAMMon. Export the html report, put everything into a desktop folder that you've created for this purpose, zip it up and attach it to your next post (right click it and choose send to, compressed (zipped) folder.

Additionally, if you haven’t already, please take some time and fill out your system specs in your forum profile area http://windows7forums.com/windows-7...you-filling-your-system-specs.html#post235529 .
 


#3
Sorry I'm late but THANK YOU.

This was real helpful and worked.


Thanks again,
 


This website is not affiliated, owned, or endorsed by Microsoft Corporation. It is a member of the Microsoft Partner Program.