BSOD windows 7 x64; 3x this week; help with analysis

[likely]

I've had three bsod this week. I only have one dmp file in minidump and that's attached.

Monday, April 12, visual studio 2010 was released and I installed it. The crashes started after that but of course there is not certain connection at this time. I crashed Monday, Tuesday, and Thursday (today) one time each. The first two bsod visual studio 2010 was loaded; today it was not; only apps I'd stated were firefox 3.6.3 and zimbra desktop (an email client). Today I had just clicked on a tab in firefox when the bsod took place. That might have been true the other times but I'm not sure.

This pc was built by myself a month ago; and it's the first 64 bit os I've spent any real time with.

Anyways I hope someone can provide a clue or two re what might be amiss from the dmp.

 

[zigzag3143]

I've had three bsod this week. I only have one dmp file in minidump and that's attached.

Monday, April 12, visual studio 2010 was released and I installed it. The crashes started after that but of course there is not certain connection at this time. I crashed Monday, Tuesday, and Thursday (today) one time each. The first two bsod visual studio 2010 was loaded; today it was not; only apps I'd stated were firefox 3.6.3 and zimbra desktop (an email client). Today I had just clicked on a tab in firefox when the bsod took place. That might have been true the other times but I'm not sure.

This pc was built by myself a month ago; and it's the first 64 bit os I've spent any real time with.

Anyways I hope someone can provide a clue or two re what might be amiss from the dmp.

This crash was probably caused by your vfilter.sys, which is part of your VPN. I would uninstall it to test.

Ken

Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\K\Desktop\041510-16504-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*F:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7600 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16539.amd64fre.win7_gdr.100226-1909
Machine Name:
Kernel base = 0xfffff800`02a55000 PsLoadedModuleList = 0xfffff800`02c92e50
Debug session time: Thu Apr 15 11:34:31.167 2010 (GMT-4)
System Uptime: 0 days 0:29:52.197
Loading Kernel Symbols
...............................................................
................................................................
..........................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck A, {0, 2, 0, fffff80002ac97b6}

Unable to load image \SystemRoot\system32\DRIVERS\vfilter.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for vfilter.sys
*** ERROR: Module load completed but symbols could not be loaded for vfilter.sys
Probably caused by : vfilter.sys ( vfilter+29a6 )

Followup: MachineOwner
---------

4: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0000000000000000, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, bitfield :
    bit 0 : value 0 = read operation, 1 = write operation
    bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff80002ac97b6, address which referenced memory

Debugging Details:
------------------


READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002cfd0e0
 0000000000000000 

CURRENT_IRQL:  2

FAULTING_IP: 
nt!KeSetEvent+226
fffff800`02ac97b6 488b09          mov     rcx,qword ptr [rcx]

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0xA

PROCESS_NAME:  svchost.exe

TRAP_FRAME:  fffff880096bac70 -- (.trap 0xfffff880096bac70)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffffa800a912578 rbx=0000000000000000 rcx=0000000000000000
rdx=0000000000000001 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002ac97b6 rsp=fffff880096bae00 rbp=0000000000000002
 r8=0000000000000000  r9=0000000000000000 r10=0000000000000000
r11=0000000000000002 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl nz ac po cy
nt!KeSetEvent+0x226:
fffff800`02ac97b6 488b09          mov     rcx,qword ptr [rcx] ds:0002:00000000`00000000=????????????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff80002ac4b69 to fffff80002ac5600

STACK_TEXT:  
fffff880`096bab28 fffff800`02ac4b69 : 00000000`0000000a 00000000`00000000 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff880`096bab30 fffff800`02ac37e0 : 00000000`00000003 fffffa80`0a912570 00000000`00000003 00000000`00000000 : nt!KiBugCheckDispatch+0x69
fffff880`096bac70 fffff800`02ac97b6 : fffff880`096bae70 fffff880`03f5bb0e 00000000`00000054 fffff880`096baef0 : nt!KiPageFault+0x260
fffff880`096bae00 fffff880`03f5b9a6 : fffffa80`00000000 00000000`00000000 00000000`00000000 fffffa80`0a912560 : nt!KeSetEvent+0x226
fffff880`096bae70 fffffa80`00000000 : 00000000`00000000 00000000`00000000 fffffa80`0a912560 00000000`00000000 : vfilter+0x29a6
fffff880`096bae78 00000000`00000000 : 00000000`00000000 fffffa80`0a912560 00000000`00000000 fffff880`03f5b42b : 0xfffffa80`00000000


STACK_COMMAND:  kb

FOLLOWUP_IP: 
vfilter+29a6
fffff880`03f5b9a6 ??              ???

SYMBOL_STACK_INDEX:  4

SYMBOL_NAME:  vfilter+29a6

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: vfilter

IMAGE_NAME:  vfilter.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4b048bff

FAILURE_BUCKET_ID:  X64_0xA_vfilter+29a6

BUCKET_ID:  X64_0xA_vfilter+29a6

Followup: MachineOwner
---------

 

[likely]

I'm curious how you know that vfilter is part of my vpn? I'm sure that you're right, just curious how you know that.

Also, the vpn was not running when the last bsod took place; nor had it been. I forgot to mention that the pc had been rebooted just 15 min before the bsod. Could vfilter.sys be involved when it had not been run during that session? the vpn does not start on boot or anything like that.