New
#31
Seems to work fine now - finally! :)
The last crash I had this morning - before removing ZoneAlarm - was again clearly caused by ZoneAlarm:
Code:******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck C4, {91, 2, fffff80002e56c40, 0} Unable to load image \SystemRoot\system32\DRIVERS\vsdatant.sys, Win32 error 0n2 *** WARNING: Unable to verify timestamp for vsdatant.sys *** ERROR: Module load completed but symbols could not be loaded for vsdatant.sys Probably caused by : vsdatant.sys ( vsdatant+1864d ) Followup: MachineOwner --------- 0: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* DRIVER_VERIFIER_DETECTED_VIOLATION (c4) A device driver attempting to corrupt the system has been caught. This is because the driver was specified in the registry as being suspect (by the administrator) and the kernel has enabled substantial checking of this driver. If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will be among the most commonly seen crashes. Arguments: Arg1: 0000000000000091, A driver switched stacks using a method that is not supported by the operating system. The only supported way to extend a kernel mode stack is by using KeExpandKernelStackAndCallout. Arg2: 0000000000000002 Arg3: fffff80002e56c40 Arg4: 0000000000000000 Debugging Details: ------------------ BUGCHECK_STR: 0xc4_91 CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT PROCESS_NAME: System CURRENT_IRQL: 2 LAST_CONTROL_TRANSFER: from fffff80002d3650d to fffff80002ccff00 STACK_TEXT: fffff800`00b9be58 fffff800`02d3650d : 00000000`000000c4 00000000`00000091 00000000`00000002 fffff800`02e56c40 : nt!KeBugCheckEx fffff800`00b9be60 fffff880`016750e2 : fffff880`016755e0 fffff800`00b9bf70 fffff800`00b9c102 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x1e38d fffff800`00b9bf40 fffff880`015600eb : fffffa80`09baa800 00000000`00000000 fffffa80`07de31a0 fffffa80`07de31a0 : tcpip!FlReceiveNetBufferListChain+0xb2 fffff800`00b9bfb0 fffff880`01529fc6 : e000000c`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ndis!ndisMIndicateNetBufferListsToOpen+0xdb fffff800`00b9c020 fffff880`014aca24 : fffffa80`07de31a0 00000000`00000002 00000000`00000001 00000000`00000000 : ndis!ndisMDispatchReceiveNetBufferLists+0x1d6 fffff800`00b9c4a0 fffff880`014ac9e9 : fffffa80`09ba8010 00000000`00000001 00000000`00000001 fffff880`02bc93f2 : ndis!ndisMTopReceiveNetBufferLists+0x24 fffff800`00b9c4e0 fffff880`014ac980 : fffff880`02be05c0 00000000`00000000 ffff0080`02723019 00000000`00000000 : ndis!ndisFilterIndicateReceiveNetBufferLists+0x29 fffff800`00b9c520 fffff880`02c7664d : fffffa80`09ba3010 00000000`00000000 00000000`00000001 fffffa80`06b20e30 : ndis!NdisFIndicateReceiveNetBufferLists+0x50 fffff800`00b9c560 fffffa80`09ba3010 : 00000000`00000000 00000000`00000001 fffffa80`06b20e30 00000000`00000000 : vsdatant+0x1864d fffff800`00b9c568 00000000`00000000 : 00000000`00000001 fffffa80`06b20e30 00000000`00000000 fffff880`060a7048 : 0xfffffa80`09ba3010 STACK_COMMAND: kb FOLLOWUP_IP: vsdatant+1864d fffff880`02c7664d ?? ??? SYMBOL_STACK_INDEX: 8 SYMBOL_NAME: vsdatant+1864d FOLLOWUP_NAME: MachineOwner MODULE_NAME: vsdatant IMAGE_NAME: vsdatant.sys DEBUG_FLR_IMAGE_TIMESTAMP: 4ad981d5 FAILURE_BUCKET_ID: X64_0xc4_91_vsdatant+1864d BUCKET_ID: X64_0xc4_91_vsdatant+1864d Followup: MachineOwner --------- 0: kd> lmvm vsdatant start end module name fffff880`02c5e000 fffff880`02cee000 vsdatant T (no symbols) Loaded symbol image file: vsdatant.sys Image path: \SystemRoot\system32\DRIVERS\vsdatant.sys Image name: vsdatant.sys Timestamp: Sat Oct 17 01:35:33 2009 (4AD981D5) CheckSum: 0006D11C ImageSize: 00090000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4