Multiple BSOD please help me!

[emilcvasiliu]

Random BSOD
My system crash on fltmgr.sys at many times with BSOD and checked everything
Please take a look at the dump files and help me debug this issue!

 

[zigzag3143]

Random BSOD
My system crash on fltmgr.sys at many times with BSOD and checked everything
Please take a look at the dump files and help me debug this issue!

The most recent of these were Related to AsDsm.sys ATK Data Security Manager Driver.

I would remove or update at worst.

Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\K\Desktop\Windows_NT6_BSOD_jcgriff2\051211-40123-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*C:\Symbols*http://msdl.microsoft.com/download/symbols;srv*e:\symbols
*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17592.x86fre.win7sp1_gdr.110408-1631
Machine Name:
Kernel base = 0x82a09000 PsLoadedModuleList = 0x82b524d0
Debug session time: Thu May 12 16:00:58.771 2011 (GMT-4)
System Uptime: 0 days 2:56:25.363
Loading Kernel Symbols
...............................................................
................................................................
.....................................
Loading User Symbols
Loading unloaded module list
........
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000008E, {c0000005, 8af3b885, 98d41954, 0}

Unable to load image \SystemRoot\system32\DRIVERS\MpFilter.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for MpFilter.sys
*** ERROR: Module load completed but symbols could not be loaded for MpFilter.sys
*** WARNING: Unable to verify timestamp for AsDsm.sys
*** ERROR: Module load completed but symbols could not be loaded for AsDsm.sys
Probably caused by : AsDsm.sys ( AsDsm+5c15 )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003.  This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG.  This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG.  This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 8af3b885, The address that the exception occurred at
Arg3: 98d41954, Trap Frame
Arg4: 00000000

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

FAULTING_IP: 
fltmgr!TreeFindNodeOrParent+11
8af3b885 8b4110          mov     eax,dword ptr [ecx+10h]

TRAP_FRAME:  98d41954 -- (.trap 0xffffffff98d41954)
ErrCode = 00000000
eax=00750066 ebx=00000000 ecx=00750066 edx=00000000 esi=b0c1ba68 edi=b0c1ba94
eip=8af3b885 esp=98d419c8 ebp=98d419c8 iopl=0         nv up ei pl nz na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010206
fltmgr!TreeFindNodeOrParent+0x11:
8af3b885 8b4110          mov     eax,dword ptr [ecx+10h] ds:0023:00750076=????????
Resetting default scope

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0x8E

PROCESS_NAME:  svchost.exe

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from 8af3b8ed to 8af3b885

STACK_TEXT:  
98d419c8 8af3b8ed b0c1ba94 85e58988 00000000 fltmgr!TreeFindNodeOrParent+0x11
98d419e0 8af34340 b0c1ba94 85e58988 00000000 fltmgr!TreeLookup+0x17
98d41a20 8af3440a b0c1ba68 85e58988 00000000 fltmgr!GetContextFromStreamList+0x50
98d41a3c 90f41caa 85e58988 b0c1ba68 98d41ad0 fltmgr!FltGetStreamContext+0x34
WARNING: Stack unwind information not available. Following frames may be wrong.
98d41af0 8af33aeb 85247068 98d41b10 98d41b3c MpFilter+0x5caa
98d41b5c 8af369f0 98d41bb0 87973de0 87973fdc fltmgr!FltpPerformPreCallbacks+0x34d
98d41b74 8af36f01 98d41bb0 00000000 86a2fc60 fltmgr!FltpPassThroughInternal+0x40
98d41b98 8af373ba 12d41bb0 86a2fc60 00000000 fltmgr!FltpPassThrough+0x203
98d41bc8 82a40593 86a2fc60 87973de0 87973de0 fltmgr!FltpDispatch+0xb4
98d41be0 8af7bc15 87973de0 8698cce0 98d41c08 nt!IofCallDriver+0x63
98d41bf0 82a40593 8698cce0 87973de0 888bb610 AsDsm+0x5c15
98d41c08 82c3ba04 85188480 888bb5f8 00000001 nt!IofCallDriver+0x63
98d41c48 82c2ceed 8a773b38 888bb610 00000001 nt!IopCloseFile+0x2f3
98d41c94 82c4e2f2 8a773b38 982a9218 8c9eca60 nt!ObpDecrementHandleCount+0x139
98d41cdc 82c4e032 982a9218 ae6bd148 8a773b38 nt!ObpCloseHandleTableEntry+0x203
98d41d0c 82c4e3cc 8a773b38 8c9eca01 0128f4ac nt!ObpCloseHandle+0x7f
98d41d28 82a471ea 000008a4 0128f4b0 774f70b4 nt!NtClose+0x4e
98d41d28 774f70b4 000008a4 0128f4b0 774f70b4 nt!KiFastCallEntry+0x12a
0128f4b0 00000000 00000000 00000000 00000000 0x774f70b4


STACK_COMMAND:  kb

FOLLOWUP_IP: 
AsDsm+5c15
8af7bc15 ??              ???

SYMBOL_STACK_INDEX:  a

SYMBOL_NAME:  AsDsm+5c15

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: AsDsm

IMAGE_NAME:  AsDsm.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  49950f8b

FAILURE_BUCKET_ID:  0x8E_AsDsm+5c15

BUCKET_ID:  0x8E_AsDsm+5c15

Followup: MachineOwner
---------

1: kd> lmvm AsDsm
start    end        module name
8af76000 8af80000   AsDsm    T (no symbols)           
    Loaded symbol image file: AsDsm.sys
    Image path: \SystemRoot\System32\Drivers\AsDsm.sys
    Image name: AsDsm.sys
    Timestamp:        Fri Feb 13 01:13:31 2009 (49950F8B)
    CheckSum:         0000A585
    ImageSize:        0000A000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4