Microsoft (R) Windows Debugger Version 6.11.0001.404 AMD64 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [C:\Windows\Minidump\012810-46800-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: C:\Symbols Executable search path is: Windows 7 Kernel Version 7600 MP (8 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Built by: 7600.16385.amd64fre.win7_rtm.090713-1255 Machine Name: Kernel base = 0xfffff800`02a57000 PsLoadedModuleList = 0xfffff800`02c94e50 Debug session time: Thu Jan 28 11:47:20.000 2010 (GMT-5) System Uptime: 1 days 8:30:22.248 Loading Kernel Symbols ............................................................... ................................................................ ............................... Loading User Symbols Loading unloaded module list ....... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck A, {0, 2, 0, fffff80002acd0b6} Unable to load image \SystemRoot\system32\DRIVERS\vfilter.sys, Win32 error 0n2 *** WARNING: Unable to verify timestamp for vfilter.sys *** ERROR: Module load completed but symbols could not be loaded for vfilter.sys Probably caused by : vfilter.sys ( vfilter+29a6 ) Followup: MachineOwner --------- 4: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* IRQL_NOT_LESS_OR_EQUAL (a) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If a kernel debugger is available get the stack backtrace. Arguments: Arg1: 0000000000000000, memory referenced Arg2: 0000000000000002, IRQL Arg3: 0000000000000000, bitfield : bit 0 : value 0 = read operation, 1 = write operation bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status) Arg4: fffff80002acd0b6, address which referenced memory Debugging Details: ------------------ READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002cff0e0 0000000000000000 CURRENT_IRQL: 2 FAULTING_IP: nt!KeSetEvent+226 fffff800`02acd0b6 488b09 mov rcx,qword ptr [rcx] CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT BUGCHECK_STR: 0xA PROCESS_NAME: svchost.exe TRAP_FRAME: fffff88009344fb0 -- (.trap 0xfffff88009344fb0) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=fffffa8008bc7578 rbx=0000000000000000 rcx=0000000000000000 rdx=0000000000000001 rsi=0000000000000000 rdi=0000000000000000 rip=fffff80002acd0b6 rsp=fffff88009345140 rbp=0000000000000002 r8=0000000000000000 r9=0000000000000000 r10=0000000000000000 r11=0000000000000002 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei pl nz ac po cy nt!KeSetEvent+0x226: fffff800`02acd0b6 488b09 mov rcx,qword ptr [rcx] ds:0002:00000000`00000000=???????????????? Resetting default scope LAST_CONTROL_TRANSFER: from fffff80002ac8469 to fffff80002ac8f00 STACK_TEXT: fffff880`09344e68 fffff800`02ac8469 : 00000000`0000000a 00000000`00000000 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx fffff880`09344e70 fffff800`02ac70e0 : 00000000`00000002 fffffa80`08bc7570 00000000`000007a9 00000000`00000000 : nt!KiBugCheckDispatch+0x69 fffff880`09344fb0 fffff800`02acd0b6 : fffff880`093451b0 fffff880`02de2b0e 00000000`0000004e fffff880`09345230 : nt!KiPageFault+0x260 fffff880`09345140 fffff880`02de29a6 : fffffa80`00000000 00000000`00000000 00000000`00000000 fffffa80`08bc7560 : nt!KeSetEvent+0x226 fffff880`093451b0 fffffa80`00000000 : 00000000`00000000 00000000`00000000 fffffa80`08bc7560 00000000`00000000 : vfilter+0x29a6 fffff880`093451b8 00000000`00000000 : 00000000`00000000 fffffa80`08bc7560 00000000`00000000 fffff880`02de242b : 0xfffffa80`00000000 STACK_COMMAND: kb FOLLOWUP_IP: vfilter+29a6 fffff880`02de29a6 ?? ??? SYMBOL_STACK_INDEX: 4 SYMBOL_NAME: vfilter+29a6 FOLLOWUP_NAME: MachineOwner MODULE_NAME: vfilter IMAGE_NAME: vfilter.sys DEBUG_FLR_IMAGE_TIMESTAMP: 4b048bff FAILURE_BUCKET_ID: X64_0xA_vfilter+29a6 BUCKET_ID: X64_0xA_vfilter+29a6 Followup: MachineOwner ---------