Sorry to bump this again but I finally caught a BSOD while not running my VPN software.
Any chance someone could take a look at this dmp?
I was remoted locally in VirtualBox running Windows 2008. I'm not sure what could have caused the BSOD this time.
Hate to tell you but it is still your vpn client. the file the caused this is vfilter.sys and it it loaded at start up, rvrn if you dont run the vpn client
Code:
Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\K\Desktop\022210-20935-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*d:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16385.amd64fre.win7_rtm.090713-1255
Machine Name:
Kernel base = 0xfffff800`02c53000 PsLoadedModuleList = 0xfffff800`02e90e50
Debug session time: Tue Feb 23 00:48:04.321 2010 (GMT-5)
System Uptime: 0 days 4:49:01.429
Loading Kernel Symbols
...............................................................
................................................................
..........................
Loading User Symbols
Loading unloaded module list
.......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck A, {0, 2, 0, fffff80002cc90b6}
Unable to load image \SystemRoot\system32\DRIVERS\vfilter.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for vfilter.sys
*** ERROR: Module load completed but symbols could not be loaded for vfilter.sys
Probably caused by : vfilter.sys ( vfilter+29a6 )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0000000000000000, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff80002cc90b6, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002efb0e0
0000000000000000
CURRENT_IRQL: 2
FAULTING_IP:
nt!KeSetEvent+226
fffff800`02cc90b6 488b09 mov rcx,qword ptr [rcx]
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: svchost.exe
TRAP_FRAME: fffff88007958fb0 -- (.trap 0xfffff88007958fb0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffffa8009bbe478 rbx=0000000000000000 rcx=0000000000000000
rdx=0000000000000001 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002cc90b6 rsp=fffff88007959140 rbp=0000000000000002
r8=0000000000000000 r9=0000000000000000 r10=0000000000000000
r11=0000000000000002 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz ac po cy
nt!KeSetEvent+0x226:
fffff800`02cc90b6 488b09 mov rcx,qword ptr [rcx] ds:0002:00000000`00000000=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002cc4469 to fffff80002cc4f00
STACK_TEXT:
fffff880`07958e68 fffff800`02cc4469 : 00000000`0000000a 00000000`00000000 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff880`07958e70 fffff800`02cc30e0 : 00000000`00000002 fffffa80`09bbe470 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
fffff880`07958fb0 fffff800`02cc90b6 : fffff880`079591b0 fffff880`02d93b0e 00000000`00000051 fffff880`07959230 : nt!KiPageFault+0x260
fffff880`07959140 fffff880`02d939a6 : fffffa80`00000000 00000000`00000000 00000000`00000000 fffffa80`09bbe460 : nt!KeSetEvent+0x226
fffff880`079591b0 fffffa80`00000000 : 00000000`00000000 00000000`00000000 fffffa80`09bbe460 00000000`00000000 : vfilter+0x29a6
fffff880`079591b8 00000000`00000000 : 00000000`00000000 fffffa80`09bbe460 00000000`00000000 fffff880`02d9342b : 0xfffffa80`00000000
STACK_COMMAND: kb
FOLLOWUP_IP:
vfilter+29a6
fffff880`02d939a6 ?? ???
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: vfilter+29a6
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: vfilter
IMAGE_NAME:
Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\K\Desktop\022210-20935-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*d:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16385.amd64fre.win7_rtm.090713-1255
Machine Name:
Kernel base = 0xfffff800`02c53000 PsLoadedModuleList = 0xfffff800`02e90e50
Debug session time: Tue Feb 23 00:48:04.321 2010 (GMT-5)
System Uptime: 0 days 4:49:01.429
Loading Kernel Symbols
...............................................................
................................................................
..........................
Loading User Symbols
Loading unloaded module list
.......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck A, {0, 2, 0, fffff80002cc90b6}
Unable to load image \SystemRoot\system32\DRIVERS\vfilter.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for vfilter.sys
*** ERROR: Module load completed but symbols could not be loaded for vfilter.sys
Probably caused by : vfilter.sys ( vfilter+29a6 )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0000000000000000, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff80002cc90b6, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002efb0e0
0000000000000000
CURRENT_IRQL: 2
FAULTING_IP:
nt!KeSetEvent+226
fffff800`02cc90b6 488b09 mov rcx,qword ptr [rcx]
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: svchost.exe
TRAP_FRAME: fffff88007958fb0 -- (.trap 0xfffff88007958fb0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffffa8009bbe478 rbx=0000000000000000 rcx=0000000000000000
rdx=0000000000000001 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002cc90b6 rsp=fffff88007959140 rbp=0000000000000002
r8=0000000000000000 r9=0000000000000000 r10=0000000000000000
r11=0000000000000002 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz ac po cy
nt!KeSetEvent+0x226:
fffff800`02cc90b6 488b09 mov rcx,qword ptr [rcx] ds:0002:00000000`00000000=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002cc4469 to fffff80002cc4f00
STACK_TEXT:
fffff880`07958e68 fffff800`02cc4469 : 00000000`0000000a 00000000`00000000 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff880`07958e70 fffff800`02cc30e0 : 00000000`00000002 fffffa80`09bbe470 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
fffff880`07958fb0 fffff800`02cc90b6 : fffff880`079591b0 fffff880`02d93b0e 00000000`00000051 fffff880`07959230 : nt!KiPageFault+0x260
fffff880`07959140 fffff880`02d939a6 : fffffa80`00000000 00000000`00000000 00000000`00000000 fffffa80`09bbe460 : nt!KeSetEvent+0x226
fffff880`079591b0 fffffa80`00000000 : 00000000`00000000 00000000`00000000 fffffa80`09bbe460 00000000`00000000 : vfilter+0x29a6
fffff880`079591b8 00000000`00000000 : 00000000`00000000 fffffa80`09bbe460 00000000`00000000 fffff880`02d9342b : 0xfffffa80`00000000
STACK_COMMAND: kb
FOLLOWUP_IP:
vfilter+29a6
fffff880`02d939a6 ?? ???
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: vfilter+29a6
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: vfilter
IMAGE_NAME: vfilter.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4b048bff
FAILURE_BUCKET_ID: X64_0xA_vfilter+29a6
BUCKET_ID: X64_0xA_vfilter+29a6
Followup: MachineOwner
---------
DEBUG_FLR_IMAGE_TIMESTAMP: 4b048bff
FAILURE_BUCKET_ID: X64_0xA_vfilter+29a6
BUCKET_ID: X64_0xA_vfilter+29a6
Followup: MachineOwner
---------