1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

DUMP File - Random reboots error (102)

Discussion in 'Windows XP' started by melwinnie, 2006/03/22.

  1. 2006/03/22
    melwinnie

    melwinnie Inactive Thread Starter

    Joined:
    2006/03/22
    Messages:
    7
    Likes Received:
    0
    Windows XP Home on an AMD Sepheron 2800+ desktop with Gigabyte Motherboard. The PC is less than 7 months old and has been running fine up until the past month when it started randomly rebooting and the Send error report to Microsoft screen appearing. I dont actually see the Blue Screen of Death.

    Over the past week the occurance of randoom reboots and errors has increased to some 5 plus times a day.

    My event Viewer revealed error (102) event id 1003. Using Microsoft's debugging tools on the Minidump file I got the following. Can anyone interpret the output and tell me what may be wrong?

    I have a collection of the 6 dump files for the past two days. Im not sure if I should post them all of not. When I look at the content of each file they details of errors are different.

    I will post each of the six dump files on a seperate reply if that is okay?

    I have researched what I can find and Im not sure if it is caused by Nortons AntiVirus 2005 or faulty memory or a driver fault.

    Nortons has been removed and reinstalled still I have the random reboots and erros. I have also tried the Microsoft Knowledge Base support of ensuring that the deadlock is off in Driver Verifier.

    I hope someone can help me shead some light on this.

    Thank you and hopeing someone can help.

    kind regards
    Melanie
     
    melwinnie,
    #1
  2. 2006/03/22
    melwinnie

    melwinnie Inactive Thread Starter

    Joined:
    2006/03/22
    Messages:
    7
    Likes Received:
    0
    Dump File 1

    Opened log file 'c:\debuglog.txt'
    kd> .sympath SRV*c:\windows\symbols*http://msdl.microsoft.com/download/symbols
    Symbol search path is: SRV*c:\windows\symbols*http://msdl.microsoft.com/download/symbols
    kd> .reload;!analyze -v;r;kv;.logclose;q
    *** WARNING: Unable to verify timestamp for ntoskrnl.exe
    *** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
    Exception 0xc0000005 while accessing file mapping
    Loading Kernel Symbols
    .................................................................................................................................
    Loading User Symbols
    Loading unloaded module list
    ..........
    *******************************************************************************
    * *
    * Bugcheck Analysis *
    * *
    *******************************************************************************

    DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
    A device driver attempting to corrupt the system has been caught. This is
    because the driver was specified in the registry as being suspect (by the
    administrator) and the kernel has enabled substantial checking of this driver.
    If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
    be among the most commonly seen crashes.
    Parameter 1 = 0x1000 .. 0x1020 - deadlock verifier error codes.
    Typically the code is 0x1001 (deadlock detected) and you can
    issue a '!deadlock' KD command to get more information.
    Arguments:
    Arg1: 00000090, A driver switched stacks. The current stack is neither a thread
    stack nor a DPC stack. Typically the driver doing this should be
    on the stack obtained from `kb' command.
    Arg2: ffdff120
    Arg3: 00000000
    Arg4: 00000000

    Debugging Details:
    ------------------

    ***** Kernel symbols are WRONG. Please fix symbols to do analysis.
    MODULE_NAME: nt

    FAULTING_MODULE: 804d7000 nt

    DEBUG_FLR_IMAGE_TIMESTAMP: 42250ff9

    BUGCHECK_STR: 0xc4_90

    CUSTOMER_CRASH_COUNT: 1

    DEFAULT_BUCKET_ID: DRIVER_FAULT

    LAST_CONTROL_TRANSFER: from 80671fdb to 8053331e

    STACK_TEXT:
    WARNING: Stack unwind information not available. Following frames may be wrong.
    fe7ca904 80671fdb 000000c4 00000090 ffdff120 nt+0x5c31e
    fe7ca924 806722d9 fe7ca950 806728cc 00000000 nt+0x19afdb
    fe7ca92c 806728cc 00000000 00000000 00000000 nt+0x19b2d9
    fe7ca950 8054b60d fac46670 000003b0 fac46670 nt+0x19b8cc
    fe7ca994 806788f3 fac46670 00000000 81290008 nt+0x7460d
    fe7ca9cc 80669cd5 01290008 81174990 02755000 nt+0x1a18f3
    fe7caa64 806eea86 fe7cab10 00000000 00000000 nt+0x192cd5
    fe7caa64 00000000 fe7cab10 00000000 00000000 hal!HalpDispatchInterrupt+0xba
    806eea86 00000000 fe00800d 1425ffff 8d806ec4 0x0


    STACK_COMMAND: .bugcheck ; kb

    FOLLOWUP_NAME: MachineOwner

    BUCKET_ID: WRONG_SYMBOLS

    Followup: MachineOwner
    ---------

    eax=ffdff13c ebx=ffdff120 ecx=00000000 edx=fe7ca924 esi=00000000 edi=00000000
    eip=8053331e esp=fe7ca8ec ebp=fe7ca904 iopl=0 nv up ei ng nz na po nc
    cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000286
    nt+0x5c31e:
    8053331e 5d pop ebp
    ChildEBP RetAddr Args to Child
    WARNING: Stack unwind information not available. Following frames may be wrong.
    fe7ca904 80671fdb 000000c4 00000090 ffdff120 nt+0x5c31e
    fe7ca924 806722d9 fe7ca950 806728cc 00000000 nt+0x19afdb
    fe7ca92c 806728cc 00000000 00000000 00000000 nt+0x19b2d9
    fe7ca950 8054b60d fac46670 000003b0 fac46670 nt+0x19b8cc
    fe7ca994 806788f3 fac46670 00000000 81290008 nt+0x7460d
    fe7ca9cc 80669cd5 01290008 81174990 02755000 nt+0x1a18f3
    fe7caa64 806eea86 fe7cab10 00000000 00000000 nt+0x192cd5
    fe7caa64 00000000 fe7cab10 00000000 00000000 hal!HalpDispatchInterrupt+0xba (FPO: [0,2] TrapFrame-EDITED @ fe7caa08)
    806eea86 00000000 fe00800d 1425ffff 8d806ec4 0x0
    Closing open log file c:\debuglog.txt
     
    melwinnie,
    #2


  3. to hide this advert.

  4. 2006/03/22
    melwinnie

    melwinnie Inactive Thread Starter

    Joined:
    2006/03/22
    Messages:
    7
    Likes Received:
    0
    Dump File 2

    Opened log file 'c:\debuglog.txt'
    kd> .sympath SRV*c:\windows\symbols*http://msdl.microsoft.com/download/symbols
    Symbol search path is: SRV*c:\windows\symbols*http://msdl.microsoft.com/download/symbols
    kd> .reload;!analyze -v;r;kv;.logclose;q
    *** WARNING: Unable to verify timestamp for ntoskrnl.exe
    *** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
    Exception 0xc0000005 while accessing file mapping
    Loading Kernel Symbols
    ..........................................................................................................................
    Loading User Symbols
    Loading unloaded module list
    .........
    *******************************************************************************
    * *
    * Bugcheck Analysis *
    * *
    *******************************************************************************

    DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
    A device driver attempting to corrupt the system has been caught. This is
    because the driver was specified in the registry as being suspect (by the
    administrator) and the kernel has enabled substantial checking of this driver.
    If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
    be among the most commonly seen crashes.
    Parameter 1 = 0x1000 .. 0x1020 - deadlock verifier error codes.
    Typically the code is 0x1001 (deadlock detected) and you can
    issue a '!deadlock' KD command to get more information.
    Arguments:
    Arg1: 00000090, A driver switched stacks. The current stack is neither a thread
    stack nor a DPC stack. Typically the driver doing this should be
    on the stack obtained from `kb' command.
    Arg2: ffdff120
    Arg3: 00000000
    Arg4: 00000000

    Debugging Details:
    ------------------

    ***** Kernel symbols are WRONG. Please fix symbols to do analysis.
    *** WARNING: Unable to verify timestamp for SAVRT.SYS
    *** ERROR: Module load completed but symbols could not be loaded for SAVRT.SYS


    MODULE_NAME: SAVRT

    FAULTING_MODULE: 804d7000 nt

    DEBUG_FLR_IMAGE_TIMESTAMP: 422cda85

    BUGCHECK_STR: 0xc4_90

    CUSTOMER_CRASH_COUNT: 2

    DEFAULT_BUCKET_ID: DRIVER_FAULT

    LAST_CONTROL_TRANSFER: from 80671fdb to 8053331e

    STACK_TEXT:
    WARNING: Stack unwind information not available. Following frames may be wrong.
    fcfc29e4 80671fdb 000000c4 00000090 ffdff120 nt+0x5c31e
    fcfc2a04 806722d9 fcfc2a30 806728cc 00000000 nt+0x19afdb
    fcfc2a0c 806728cc 00000000 00000000 00000000 nt+0x19b2d9
    fcfc2a30 8054b60d fd8ef900 00000050 ffb97b50 nt+0x19b8cc
    fcfc2a74 8054b0b9 fd8ef900 00000000 fcfc2a90 nt+0x7460d
    fcfc2a84 804f107e fd8ef900 fcfc2ac0 80670ff8 nt+0x740b9
    fcfc2a90 80670ff8 80553d00 fd8ef900 80669cdd nt+0x1a07e
    fcfc2ac0 804f5508 00000000 fd8e54f8 fd8e5508 nt+0x199ff8
    fcfc2ad4 804f552f ffb97b50 fd8e550a fd8e5510 nt+0x1e508
    fcfc2af4 804f5194 ff7d1990 fd8e5530 fd8e5510 nt+0x1e52f
    fcfc2b68 804ebace 0109a880 e2116fa4 c0388458 nt+0x1e194
    fcfc2bb8 804e1718 00000000 e2116fa4 00000000 nt+0x14ace
    fcfc2bd0 f580e0d4 badb0d00 e2199008 fcfc2be4 nt+0xa718
    fcfc2eb4 f580bdaf 00000000 00000000 fcfc2ed8 SAVRT+0x340d4
    00000000 00000000 00000000 00000000 00000000 SAVRT+0x31daf


    STACK_COMMAND: kb

    FOLLOWUP_IP:
    SAVRT+340d4
    f580e0d4 ?? ???

    SYMBOL_STACK_INDEX: d

    FOLLOWUP_NAME: MachineOwner

    SYMBOL_NAME: SAVRT+340d4

    IMAGE_NAME: SAVRT.SYS

    BUCKET_ID: WRONG_SYMBOLS

    Followup: MachineOwner
    ---------

    eax=ffdff13c ebx=ffdff120 ecx=00000000 edx=fcfc2a04 esi=00000000 edi=00000000
    eip=8053331e esp=fcfc29cc ebp=fcfc29e4 iopl=0 nv up ei ng nz na po nc
    cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000286
    nt+0x5c31e:
    8053331e 5d pop ebp
    ChildEBP RetAddr Args to Child
    WARNING: Stack unwind information not available. Following frames may be wrong.
    fcfc29e4 80671fdb 000000c4 00000090 ffdff120 nt+0x5c31e
    fcfc2a04 806722d9 fcfc2a30 806728cc 00000000 nt+0x19afdb
    fcfc2a0c 806728cc 00000000 00000000 00000000 nt+0x19b2d9
    fcfc2a30 8054b60d fd8ef900 00000050 ffb97b50 nt+0x19b8cc
    fcfc2a74 8054b0b9 fd8ef900 00000000 fcfc2a90 nt+0x7460d
    fcfc2a84 804f107e fd8ef900 fcfc2ac0 80670ff8 nt+0x740b9
    fcfc2a90 80670ff8 80553d00 fd8ef900 80669cdd nt+0x1a07e
    fcfc2ac0 804f5508 00000000 fd8e54f8 fd8e5508 nt+0x199ff8
    fcfc2ad4 804f552f ffb97b50 fd8e550a fd8e5510 nt+0x1e508
    fcfc2af4 804f5194 ff7d1990 fd8e5530 fd8e5510 nt+0x1e52f
    fcfc2b68 804ebace 0109a880 e2116fa4 c0388458 nt+0x1e194
    fcfc2bb8 804e1718 00000000 e2116fa4 00000000 nt+0x14ace
    fcfc2bd0 f580e0d4 badb0d00 e2199008 fcfc2be4 nt+0xa718
    fcfc2eb4 f580bdaf 00000000 00000000 fcfc2ed8 SAVRT+0x340d4
    00000000 00000000 00000000 00000000 00000000 SAVRT+0x31daf
    Closing open log file c:\debuglog.txt
     
    melwinnie,
    #3
  5. 2006/03/22
    melwinnie

    melwinnie Inactive Thread Starter

    Joined:
    2006/03/22
    Messages:
    7
    Likes Received:
    0
    Dump File 3

    Opened log file 'c:\debuglog.txt'
    kd> .sympath SRV*c:\windows\symbols*http://msdl.microsoft.com/download/symbols
    Symbol search path is: SRV*c:\windows\symbols*http://msdl.microsoft.com/download/symbols
    kd> .reload;!analyze -v;r;kv;.logclose;q
    *** WARNING: Unable to verify timestamp for ntoskrnl.exe
    *** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
    Exception 0xc0000005 while accessing file mapping
    Loading Kernel Symbols
    ..........................................................................................................................
    Loading User Symbols
    Loading unloaded module list
    ........
    *******************************************************************************
    * *
    * Bugcheck Analysis *
    * *
    *******************************************************************************

    DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
    A device driver attempting to corrupt the system has been caught. This is
    because the driver was specified in the registry as being suspect (by the
    administrator) and the kernel has enabled substantial checking of this driver.
    If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
    be among the most commonly seen crashes.
    Parameter 1 = 0x1000 .. 0x1020 - deadlock verifier error codes.
    Typically the code is 0x1001 (deadlock detected) and you can
    issue a '!deadlock' KD command to get more information.
    Arguments:
    Arg1: 00000090, A driver switched stacks. The current stack is neither a thread
    stack nor a DPC stack. Typically the driver doing this should be
    on the stack obtained from `kb' command.
    Arg2: ffdff120
    Arg3: 00000000
    Arg4: 00000000

    Debugging Details:
    ------------------

    ***** Kernel symbols are WRONG. Please fix symbols to do analysis.

    Exception 0xc0000005 while accessing file mapping
    Exception 0xc0000005 while accessing file mapping
    *** WARNING: Unable to verify timestamp for SYMEVENT.SYS
    *** ERROR: Module load completed but symbols could not be loaded for SYMEVENT.SYS
    *** WARNING: Unable to verify timestamp for SAVRT.SYS
    *** ERROR: Module load completed but symbols could not be loaded for SAVRT.SYS
    Exception 0xc0000005 while accessing file mapping

    FAULTING_MODULE: 804d7000 nt

    DEBUG_FLR_IMAGE_TIMESTAMP: 43a70c83

    BUGCHECK_STR: 0xc4_90

    CUSTOMER_CRASH_COUNT: 3

    DEFAULT_BUCKET_ID: DRIVER_FAULT

    LAST_CONTROL_TRANSFER: from 80671fdb to 8053331e

    STACK_TEXT:
    WARNING: Stack unwind information not available. Following frames may be wrong.
    fbb27790 80671fdb 000000c4 00000090 ffdff120 nt+0x5c31e
    fbb277b0 806722d9 fbb277dc 806728cc 00000000 nt+0x19afdb
    fbb277b8 806728cc 00000000 00000000 00000000 nt+0x19b2d9
    fbb277dc 8054b60d fc49e388 00000050 81b2fdd0 nt+0x19b8cc
    fbb27820 8054b0b9 fc49e388 00000000 fbb2783c nt+0x7460d
    fbb27830 804f107e fc49e388 fbb2786c 80670ff8 nt+0x740b9
    fbb2783c 80670ff8 80553d00 fc49e388 80669cdd nt+0x1a07e
    fbb2786c f889c169 ffa76cc8 ff94ff10 804e37f7 nt+0x199ff8
    fbb278ac 804f5508 00000000 81a76248 81a76258 SYMEVENT+0xb169
    fbb278c0 804f552f ff94ff10 81a7620a 81a76260 nt+0x1e508
    fbb278e0 804f5194 ffaa6f90 81a76280 81a76260 nt+0x1e52f
    fbb27954 804ebace 06a5f880 e2199b14 c0388664 nt+0x1e194
    fbb279a4 804e1718 00000000 e2199b14 00000000 nt+0x14ace
    fbb279bc f578c5ba badb0d00 000000e6 00000000 nt+0xa718
    fbb279c0 badb0d00 000000e6 00000000 00000000 SAVRT+0x325ba
    fbb279d0 00000000 01b27a1c fbb279f4 804e1718 portcls!CPortClockWavePci::GetCurrentTime+0x22


    STACK_COMMAND: kb

    FOLLOWUP_IP:
    SYMEVENT+b169
    f889c169 ?? ???

    SYMBOL_STACK_INDEX: 8

    FOLLOWUP_NAME: MachineOwner

    SYMBOL_NAME: SYMEVENT+b169

    MODULE_NAME: SYMEVENT

    IMAGE_NAME: SYMEVENT.SYS

    BUCKET_ID: WRONG_SYMBOLS

    Followup: MachineOwner
    ---------

    eax=ffdff13c ebx=ffdff120 ecx=00000000 edx=fbb277b0 esi=00000000 edi=00000000
    eip=8053331e esp=fbb27778 ebp=fbb27790 iopl=0 nv up ei ng nz na po nc
    cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000286
    nt+0x5c31e:
    8053331e 5d pop ebp
    ChildEBP RetAddr Args to Child
    WARNING: Stack unwind information not available. Following frames may be wrong.
    fbb27790 80671fdb 000000c4 00000090 ffdff120 nt+0x5c31e
    fbb277b0 806722d9 fbb277dc 806728cc 00000000 nt+0x19afdb
    fbb277b8 806728cc 00000000 00000000 00000000 nt+0x19b2d9
    fbb277dc 8054b60d fc49e388 00000050 81b2fdd0 nt+0x19b8cc
    fbb27820 8054b0b9 fc49e388 00000000 fbb2783c nt+0x7460d
    fbb27830 804f107e fc49e388 fbb2786c 80670ff8 nt+0x740b9
    fbb2783c 80670ff8 80553d00 fc49e388 80669cdd nt+0x1a07e
    fbb2786c f889c169 ffa76cc8 ff94ff10 804e37f7 nt+0x199ff8
    fbb278ac 804f5508 00000000 81a76248 81a76258 SYMEVENT+0xb169
    fbb278c0 804f552f ff94ff10 81a7620a 81a76260 nt+0x1e508
    fbb278e0 804f5194 ffaa6f90 81a76280 81a76260 nt+0x1e52f
    fbb27954 804ebace 06a5f880 e2199b14 c0388664 nt+0x1e194
    fbb279a4 804e1718 00000000 e2199b14 00000000 nt+0x14ace
    fbb279bc f578c5ba badb0d00 000000e6 00000000 nt+0xa718
    fbb279c0 badb0d00 000000e6 00000000 00000000 SAVRT+0x325ba
    fbb279d0 00000000 01b27a1c fbb279f4 804e1718 portcls!CPortClockWavePci::GetCurrentTime+0x22 (FPO: [Non-Fpo])
    Closing open log file c:\debuglog.txt
     
    melwinnie,
    #4
  6. 2006/03/22
    melwinnie

    melwinnie Inactive Thread Starter

    Joined:
    2006/03/22
    Messages:
    7
    Likes Received:
    0
    Dump File 4

    Opened log file 'c:\debuglog.txt'
    kd> .sympath SRV*c:\windows\symbols*http://msdl.microsoft.com/download/symbols
    Symbol search path is: SRV*c:\windows\symbols*http://msdl.microsoft.com/download/symbols
    kd> .reload;!analyze -v;r;kv;.logclose;q
    *** WARNING: Unable to verify timestamp for ntoskrnl.exe
    *** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
    Exception 0xc0000005 while accessing file mapping
    Loading Kernel Symbols
    ..........................................................................................................................
    Loading User Symbols
    Loading unloaded module list
    ........
    *******************************************************************************
    * *
    * Bugcheck Analysis *
    * *
    *******************************************************************************

    DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
    A device driver attempting to corrupt the system has been caught. This is
    because the driver was specified in the registry as being suspect (by the
    administrator) and the kernel has enabled substantial checking of this driver.
    If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
    be among the most commonly seen crashes.
    Parameter 1 = 0x1000 .. 0x1020 - deadlock verifier error codes.
    Typically the code is 0x1001 (deadlock detected) and you can
    issue a '!deadlock' KD command to get more information.
    Arguments:
    Arg1: 00000090, A driver switched stacks. The current stack is neither a thread
    stack nor a DPC stack. Typically the driver doing this should be
    on the stack obtained from `kb' command.
    Arg2: ffdff120
    Arg3: 00000000
    Arg4: 00000000

    Debugging Details:
    ------------------

    ***** Kernel symbols are WRONG. Please fix symbols to do analysis.

    Exception 0xc0000005 while accessing file mapping

    *** WARNING: Unable to verify timestamp for SAVRT.SYS
    *** ERROR: Module load completed but symbols could not be loaded for SAVRT.SYS
    Exception 0xc0000005 while accessing file mapping

    MODULE_NAME: SAVRT

    FAULTING_MODULE: 804d7000 nt

    DEBUG_FLR_IMAGE_TIMESTAMP: 422cda85

    BUGCHECK_STR: 0xc4_90

    CUSTOMER_CRASH_COUNT: 1

    DEFAULT_BUCKET_ID: DRIVER_FAULT

    LAST_CONTROL_TRANSFER: from 80671fdb to 8053331e

    STACK_TEXT:
    WARNING: Stack unwind information not available. Following frames may be wrong.
    fdba0848 80671fdb 000000c4 00000090 ffdff120 nt+0x5c31e
    fdba0868 806722d9 fdba0894 806728cc 00000000 nt+0x19afdb
    fdba0870 806728cc 00000000 00000000 00000000 nt+0x19b2d9
    fdba0894 8054b60d ffb75a70 00000098 ffb75a90 nt+0x19b8cc
    fdba08d8 80504531 ffb75a70 00000000 818d70a0 nt+0x7460d
    fdba08f0 804f533a ffb75a90 806ee298 c0384664 nt+0x2d531
    fdba0954 804ebace 00000000 e1199590 c0384664 nt+0x1e33a
    fdba09a4 804e1718 00000000 e1199590 00000000 nt+0x14ace
    fdba09bc f57d65ba badb0d00 000009c8 00000000 nt+0xa718
    fdba09c0 badb0d00 000009c8 00000000 00000000 SAVRT+0x325ba
    fdba09d0 00000000 012e75a8 fdba09f4 804e1718 portcls!CPortClockWavePci::GetCurrentTime+0x22


    STACK_COMMAND: kb

    FOLLOWUP_IP:
    SAVRT+325ba
    f57d65ba ?? ???

    SYMBOL_STACK_INDEX: 9

    FOLLOWUP_NAME: MachineOwner

    SYMBOL_NAME: SAVRT+325ba

    IMAGE_NAME: SAVRT.SYS

    BUCKET_ID: WRONG_SYMBOLS

    Followup: MachineOwner
    ---------

    eax=ffdff13c ebx=ffdff120 ecx=00000000 edx=fdba0868 esi=00000000 edi=00000000
    eip=8053331e esp=fdba0830 ebp=fdba0848 iopl=0 nv up ei ng nz na po nc
    cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000286
    nt+0x5c31e:
    8053331e 5d pop ebp
    ChildEBP RetAddr Args to Child
    WARNING: Stack unwind information not available. Following frames may be wrong.
    fdba0848 80671fdb 000000c4 00000090 ffdff120 nt+0x5c31e
    fdba0868 806722d9 fdba0894 806728cc 00000000 nt+0x19afdb
    fdba0870 806728cc 00000000 00000000 00000000 nt+0x19b2d9
    fdba0894 8054b60d ffb75a70 00000098 ffb75a90 nt+0x19b8cc
    fdba08d8 80504531 ffb75a70 00000000 818d70a0 nt+0x7460d
    fdba08f0 804f533a ffb75a90 806ee298 c0384664 nt+0x2d531
    fdba0954 804ebace 00000000 e1199590 c0384664 nt+0x1e33a
    fdba09a4 804e1718 00000000 e1199590 00000000 nt+0x14ace
    fdba09bc f57d65ba badb0d00 000009c8 00000000 nt+0xa718
    fdba09c0 badb0d00 000009c8 00000000 00000000 SAVRT+0x325ba
    fdba09d0 00000000 012e75a8 fdba09f4 804e1718 portcls!CPortClockWavePci::GetCurrentTime+0x22 (FPO: [Non-Fpo])
    Closing open log file c:\debuglog.txt
     
    melwinnie,
    #5
  7. 2006/03/22
    melwinnie

    melwinnie Inactive Thread Starter

    Joined:
    2006/03/22
    Messages:
    7
    Likes Received:
    0
    Dump File 5

    Opened log file 'c:\debuglog.txt'
    kd> .sympath SRV*c:\windows\symbols*http://msdl.microsoft.com/download/symbols
    Symbol search path is: SRV*c:\windows\symbols*http://msdl.microsoft.com/download/symbols
    kd> .reload;!analyze -v;r;kv;.logclose;q
    *** WARNING: Unable to verify timestamp for ntoskrnl.exe
    *** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
    Exception 0xc0000005 while accessing file mapping
    Loading Kernel Symbols
    ...........................................................................................................................
    Loading User Symbols
    Loading unloaded module list
    ..........
    *******************************************************************************
    * *
    * Bugcheck Analysis *
    * *
    *******************************************************************************

    DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
    A device driver attempting to corrupt the system has been caught. This is
    because the driver was specified in the registry as being suspect (by the
    administrator) and the kernel has enabled substantial checking of this driver.
    If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
    be among the most commonly seen crashes.
    Parameter 1 = 0x1000 .. 0x1020 - deadlock verifier error codes.
    Typically the code is 0x1001 (deadlock detected) and you can
    issue a '!deadlock' KD command to get more information.
    Arguments:
    Arg1: 00000090, A driver switched stacks. The current stack is neither a thread
    stack nor a DPC stack. Typically the driver doing this should be
    on the stack obtained from `kb' command.
    Arg2: ffdff120
    Arg3: 00000000
    Arg4: 00000000

    Debugging Details:
    ------------------

    ***** Kernel symbols are WRONG. Please fix symbols to do analysis.
    *** WARNING: Unable to verify timestamp for SYMEVENT.SYS
    *** ERROR: Module load completed but symbols could not be loaded for SYMEVENT.SYS
    *** WARNING: Unable to verify timestamp for SAVRT.SYS
    *** ERROR: Module load completed but symbols could not be loaded for SAVRT.SYS
    Exception 0xc0000005 while accessing file mapping

    MODULE_NAME: VolSnap

    FAULTING_MODULE: 804d7000 nt

    DEBUG_FLR_IMAGE_TIMESTAMP: 41107b6e

    BUGCHECK_STR: 0xc4_90

    CUSTOMER_CRASH_COUNT: 2

    DEFAULT_BUCKET_ID: DRIVER_FAULT

    LAST_CONTROL_TRANSFER: from 80671fdb to 8053331e

    STACK_TEXT:
    WARNING: Stack unwind information not available. Following frames may be wrong.
    fd388388 80671fdb 000000c4 00000090 ffdff120 nt+0x5c31e
    fd388464 f9ecc51a 81b22d80 81b22d80 fd3884a8 nt+0x19afdb
    fd3883b0 806728cc 00000000 00000000 00000000 VolSnap!VolSnapRead+0x26
    fd388464 f9ecc51a 81b22d80 81b22d80 fd3884a8 nt+0x19b8cc
    fd388418 8054b0b9 fdc10c70 00000000 fd388434 VolSnap!VolSnapRead+0x26
    fd388464 f9ecc51a 81b22d80 81b22d80 fd3884a8 nt+0x740b9
    fd388434 80670ff8 80553d00 fdc10c70 80669cdd VolSnap!VolSnapRead+0x26
    fd388464 f9ecc51a 81b22d80 81b22d80 fd3884a8 nt+0x199ff8
    fd388474 804e37f7 81b22d80 82a5ee28 806ee2e8 VolSnap!VolSnapRead+0x26
    fd3884a8 bae6e520 ffa8fda0 81b2be68 fd388660 nt+0xc7f7
    fd388570 bae6e725 fd388660 82a5ee28 81b2be68 Ntfs!NtfsPagingFileIo+0x1b2
    fd38864c bae6bfbf fd388660 82a5ee28 00000001 Ntfs!NtfsCommonRead+0x2bd
    fd3887fc 804e37f7 81b2f408 82a5ee28 806ee2e8 Ntfs!NtfsFsdRead+0x22d
    fd388830 baf0d459 fd38886c 804e37f7 81b2fdd0 nt+0xc7f7
    fd388838 804e37f7 81b2fdd0 82a5ee28 806ee2e8 sr!SrPassThrough+0x31
    fd38886c f88ca169 ffa6ae40 ffa68748 804e37f7 nt+0xc7f7
    fd3888ac 804f5508 00000000 ffb93758 ffb93768 SYMEVENT+0xb169
    fd3888c0 804f552f ffa68748 ffb9370a ffb93770 nt+0x1e508
    fd3888e0 804f5194 ffb44640 ffb93790 ffb93770 nt+0x1e52f
    fd388954 804ebace 0a917880 e21e086e c0388780 nt+0x1e194
    fd3889a4 804e1718 00000000 e21e086e 00000000 nt+0x14ace
    fd3889bc f57b85ba badb0d00 00000a69 00000000 nt+0xa718
    fd3889c0 badb0d00 00000a69 00000000 00000000 SAVRT+0x325ba
    fd3889d0 00000000 fd388a1c e1425b60 00000200 portcls!CPortClockWavePci::GetCurrentTime+0x22


    STACK_COMMAND: kb

    FOLLOWUP_IP:
    VolSnap!VolSnapRead+26
    f9ecc51a e9dc000000 jmp VolSnap!VolSnapRead+0x107 (f9ecc5fb)

    SYMBOL_STACK_INDEX: 8

    FOLLOWUP_NAME: MachineOwner

    SYMBOL_NAME: VolSnap!VolSnapRead+26

    IMAGE_NAME: VolSnap.sys

    BUCKET_ID: WRONG_SYMBOLS

    Followup: MachineOwner
    ---------

    eax=ffdff13c ebx=ffdff120 ecx=00000000 edx=fd3883a8 esi=00000000 edi=00000000
    eip=8053331e esp=fd388370 ebp=fd388388 iopl=0 nv up ei ng nz na po nc
    cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000286
    nt+0x5c31e:
    8053331e 5d pop ebp
    ChildEBP RetAddr Args to Child
    WARNING: Stack unwind information not available. Following frames may be wrong.
    fd388388 80671fdb 000000c4 00000090 ffdff120 nt+0x5c31e
    Exception 0xc0000005 while accessing file mapping
    Exception 0xc0000005 while accessing file mapping
    Exception 0xc0000005 while accessing file mapping
    Exception 0xc0000005 while accessing file mapping
    Exception 0xc0000005 while accessing file mapping
    Exception 0xc0000005 while accessing file mapping
    Exception 0xc0000005 while accessing file mapping
    fd388464 f9ecc51a 81b22d80 81b22d80 fd3884a8 nt+0x19afdb
    Exception 0xc0000005 while accessing file mapping
    Exception 0xc0000005 while accessing file mapping
    Exception 0xc0000005 while accessing file mapping
    Exception 0xc0000005 while accessing file mapping
    Exception 0xc0000005 while accessing file mapping
    Exception 0xc0000005 while accessing file mapping
    Exception 0xc0000005 while accessing file mapping
    fd3883b0 806728cc 00000000 00000000 00000000 VolSnap!VolSnapRead+0x26 (FPO: [Non-Fpo])
    Exception 0xc0000005 while accessing file mapping
    Exception 0xc0000005 while accessing file mapping
    Exception 0xc0000005 while accessing file mapping
    Exception 0xc0000005 while accessing file mapping
    Exception 0xc0000005 while accessing file mapping
    Exception 0xc0000005 while accessing file mapping
    Exception 0xc0000005 while accessing file mapping
    fd388464 f9ecc51a 81b22d80 81b22d80 fd3884a8 nt+0x19b8cc
    Exception 0xc0000005 while accessing file mapping
    Exception 0xc0000005 while accessing file mapping
    Exception 0xc0000005 while accessing file mapping
    Exception 0xc0000005 while accessing file mapping
    Exception 0xc0000005 while accessing file mapping
    Exception 0xc0000005 while accessing file mapping
    Exception 0xc0000005 while accessing file mapping
    fd388418 8054b0b9 fdc10c70 00000000 fd388434 VolSnap!VolSnapRead+0x26 (FPO: [Non-Fpo])
    fd388464 f9ecc51a 81b22d80 81b22d80 fd3884a8 nt+0x740b9
    fd388434 80670ff8 80553d00 fdc10c70 80669cdd VolSnap!VolSnapRead+0x26 (FPO: [Non-Fpo])
    fd388464 f9ecc51a 81b22d80 81b22d80 fd3884a8 nt+0x199ff8
    fd388474 804e37f7 81b22d80 82a5ee28 806ee2e8 VolSnap!VolSnapRead+0x26 (FPO: [Non-Fpo])
    fd3884a8 bae6e520 ffa8fda0 81b2be68 fd388660 nt+0xc7f7
    fd388570 bae6e725 fd388660 82a5ee28 81b2be68 Ntfs!NtfsPagingFileIo+0x1b2 (FPO: [Non-Fpo])
    fd38864c bae6bfbf fd388660 82a5ee28 00000001 Ntfs!NtfsCommonRead+0x2bd (FPO: [Non-Fpo])
    fd3887fc 804e37f7 81b2f408 82a5ee28 806ee2e8 Ntfs!NtfsFsdRead+0x22d (FPO: [Non-Fpo])
    fd388830 baf0d459 fd38886c 804e37f7 81b2fdd0 nt+0xc7f7
    fd388838 804e37f7 81b2fdd0 82a5ee28 806ee2e8 sr!SrPassThrough+0x31 (FPO: [Non-Fpo])
    fd38886c f88ca169 ffa6ae40 ffa68748 804e37f7 nt+0xc7f7
    fd3888ac 804f5508 00000000 ffb93758 ffb93768 SYMEVENT+0xb169
    fd3888c0 804f552f ffa68748 ffb9370a ffb93770 nt+0x1e508
    fd3888e0 804f5194 ffb44640 ffb93790 ffb93770 nt+0x1e52f
    fd388954 804ebace 0a917880 e21e086e c0388780 nt+0x1e194
    Closing open log file c:\debuglog.txt
     
    melwinnie,
    #6
  8. 2006/03/22
    melwinnie

    melwinnie Inactive Thread Starter

    Joined:
    2006/03/22
    Messages:
    7
    Likes Received:
    0
    Dump File 6

    Opened log file 'c:\debuglog.txt'
    kd> .sympath SRV*c:\windows\symbols*http://msdl.microsoft.com/download/symbols
    Symbol search path is: SRV*c:\windows\symbols*http://msdl.microsoft.com/download/symbols
    kd> .reload;!analyze -v;r;kv;.logclose;q
    *** WARNING: Unable to verify timestamp for ntoskrnl.exe
    *** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
    Exception 0xc0000005 while accessing file mapping
    Loading Kernel Symbols
    ..........................................................................................................................
    Loading User Symbols
    Loading unloaded module list
    ..........
    *******************************************************************************
    * *
    * Bugcheck Analysis *
    * *
    *******************************************************************************

    DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
    A device driver attempting to corrupt the system has been caught. This is
    because the driver was specified in the registry as being suspect (by the
    administrator) and the kernel has enabled substantial checking of this driver.
    If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
    be among the most commonly seen crashes.
    Parameter 1 = 0x1000 .. 0x1020 - deadlock verifier error codes.
    Typically the code is 0x1001 (deadlock detected) and you can
    issue a '!deadlock' KD command to get more information.
    Arguments:
    Arg1: 00000090, A driver switched stacks. The current stack is neither a thread
    stack nor a DPC stack. Typically the driver doing this should be
    on the stack obtained from `kb' command.
    Arg2: ffdff120
    Arg3: 00000000
    Arg4: 00000000

    Debugging Details:
    ------------------

    ***** Kernel symbols are WRONG. Please fix symbols to do analysis.
    *** WARNING: Unable to verify timestamp for SYMEVENT.SYS
    *** ERROR: Module load completed but symbols could not be loaded for SYMEVENT.SYS
    *** WARNING: Unable to verify timestamp for NAVENG.Sys
    *** ERROR: Module load completed but symbols could not be loaded for NAVENG.Sys
    *** WARNING: Unable to verify timestamp for NavEx15.Sys
    *** ERROR: Module load completed but symbols could not be loaded for NavEx15.Sys
    *** WARNING: Unable to verify timestamp for SAVRT.SYS
    *** ERROR: Module load completed but symbols could not be loaded for SAVRT.SYS

    MODULE_NAME: VolSnap

    FAULTING_MODULE: 804d7000 nt

    DEBUG_FLR_IMAGE_TIMESTAMP: 41107b6e

    BUGCHECK_STR: 0xc4_90

    CUSTOMER_CRASH_COUNT: 3

    DEFAULT_BUCKET_ID: DRIVER_FAULT

    LAST_CONTROL_TRANSFER: from 80671fdb to 8053331e

    STACK_TEXT:
    WARNING: Stack unwind information not available. Following frames may be wrong.
    fc9d4628 80671fdb 000000c4 00000090 ffdff120 nt+0x5c31e
    fc9d4704 f9ecc51a 81b22d80 81b22d80 fc9d4748 nt+0x19afdb
    fc9d4650 806728cc 00000000 00000000 00000000 VolSnap!VolSnapRead+0x26
    fc9d4704 f9ecc51a 81b22d80 81b22d80 fc9d4748 nt+0x19b8cc
    fc9d46b8 8054b0b9 fd51b258 00000000 fc9d46d4 VolSnap!VolSnapRead+0x26
    fc9d4704 f9ecc51a 81b22d80 81b22d80 fc9d4748 nt+0x740b9
    fc9d46d4 80670ff8 80553d00 fd51b258 80669cdd VolSnap!VolSnapRead+0x26
    fc9d4704 f9ecc51a 81b22d80 81b22d80 fc9d4748 nt+0x199ff8
    fc9d4714 804e37f7 81b22d80 81c44e28 806ee2e8 VolSnap!VolSnapRead+0x26
    fc9d4748 bae6e520 ffa89718 81a94500 fc9d4900 nt+0xc7f7
    fc9d4810 bae6e725 fc9d4900 81c44e28 81a94500 Ntfs!NtfsPagingFileIo+0x1b2
    fc9d48ec bae6bfbf fc9d4900 81c44e28 00000001 Ntfs!NtfsCommonRead+0x2bd
    fc9d4a9c 804e37f7 81b2f408 81c44e28 806ee2e8 Ntfs!NtfsFsdRead+0x22d
    fc9d4ad0 baf0d459 fc9d4b0c 804e37f7 81b2fdd0 nt+0xc7f7
    fc9d4ad8 804e37f7 81b2fdd0 81c44e28 806ee2e8 sr!SrPassThrough+0x31
    fc9d4b0c f88ca169 ff9603d0 81972d70 804e37f7 nt+0xc7f7
    fc9d4b4c 804f5508 00000000 ffb59c78 ffb59c88 SYMEVENT+0xb169
    fc9d4b60 804f552f 81972d70 ffb59c0a ffb59c90 nt+0x1e508
    fc9d4b80 804f5194 ffa6b7c8 ffb59cb0 ffb59c90 nt+0x1e52f
    fc9d4bf4 804ebace 06b3b8c0 f4fd89b1 c03d3f60 nt+0x1e194
    fc9d4c44 804e1718 00000000 f4fd89b1 00000000 nt+0x14ace
    fc9d4c5c f4fd89b1 badb0d00 fab0a16f f4fd04e0 nt+0xa718
    fc9d4cec f4fcfcf1 faafe008 e121a408 00000002 NAVENG+0x99b1
    fc9d4d24 f501e2b3 f58a96d8 8267cf80 e121a408 NAVENG+0xcf1
    fc9d4dac f501e5a7 00000008 8267cf80 00000000 NavEx15+0x3d2b3
    fc9d4e98 f501ecd9 f58a96d8 8267cf80 e121a408 NavEx15+0x3d5a7
    fc9d4ecc f5879e6d f58a96d8 8267cf80 e121a408 NavEx15+0x3dcd9
    00000000 00000000 00000000 00000000 00000000 SAVRT+0x21e6d


    STACK_COMMAND: kb

    FOLLOWUP_IP:
    VolSnap!VolSnapRead+26
    f9ecc51a e9dc000000 jmp VolSnap!VolSnapRead+0x107 (f9ecc5fb)

    SYMBOL_STACK_INDEX: 8

    FOLLOWUP_NAME: MachineOwner

    SYMBOL_NAME: VolSnap!VolSnapRead+26

    IMAGE_NAME: VolSnap.sys

    BUCKET_ID: WRONG_SYMBOLS

    Followup: MachineOwner
    ---------

    eax=ffdff13c ebx=ffdff120 ecx=00000000 edx=fc9d4648 esi=00000000 edi=00000000
    eip=8053331e esp=fc9d4610 ebp=fc9d4628 iopl=0 nv up ei ng nz na po nc
    cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000286
    nt+0x5c31e:
    8053331e 5d pop ebp
    ChildEBP RetAddr Args to Child
    WARNING: Stack unwind information not available. Following frames may be wrong.
    fc9d4628 80671fdb 000000c4 00000090 ffdff120 nt+0x5c31e
    Exception 0xc0000005 while accessing file mapping
    Exception 0xc0000005 while accessing file mapping
    Exception 0xc0000005 while accessing file mapping
    Exception 0xc0000005 while accessing file mapping
    Exception 0xc0000005 while accessing file mapping
    Exception 0xc0000005 while accessing file mapping
    Exception 0xc0000005 while accessing file mapping
    fc9d4704 f9ecc51a 81b22d80 81b22d80 fc9d4748 nt+0x19afdb
    Exception 0xc0000005 while accessing file mapping
    Exception 0xc0000005 while accessing file mapping
    Exception 0xc0000005 while accessing file mapping
    Exception 0xc0000005 while accessing file mapping
    Exception 0xc0000005 while accessing file mapping
    Exception 0xc0000005 while accessing file mapping
    Exception 0xc0000005 while accessing file mapping
    fc9d4650 806728cc 00000000 00000000 00000000 VolSnap!VolSnapRead+0x26 (FPO: [Non-Fpo])
    Exception 0xc0000005 while accessing file mapping
    Exception 0xc0000005 while accessing file mapping
    Exception 0xc0000005 while accessing file mapping
    Exception 0xc0000005 while accessing file mapping
    Exception 0xc0000005 while accessing file mapping
    Exception 0xc0000005 while accessing file mapping
    Exception 0xc0000005 while accessing file mapping
    fc9d4704 f9ecc51a 81b22d80 81b22d80 fc9d4748 nt+0x19b8cc
    Exception 0xc0000005 while accessing file mapping
    Exception 0xc0000005 while accessing file mapping
    Exception 0xc0000005 while accessing file mapping
    Exception 0xc0000005 while accessing file mapping
    Exception 0xc0000005 while accessing file mapping
    Exception 0xc0000005 while accessing file mapping
    Exception 0xc0000005 while accessing file mapping
    fc9d46b8 8054b0b9 fd51b258 00000000 fc9d46d4 VolSnap!VolSnapRead+0x26 (FPO: [Non-Fpo])
    fc9d4704 f9ecc51a 81b22d80 81b22d80 fc9d4748 nt+0x740b9
    fc9d46d4 80670ff8 80553d00 fd51b258 80669cdd VolSnap!VolSnapRead+0x26 (FPO: [Non-Fpo])
    fc9d4704 f9ecc51a 81b22d80 81b22d80 fc9d4748 nt+0x199ff8
    fc9d4714 804e37f7 81b22d80 81c44e28 806ee2e8 VolSnap!VolSnapRead+0x26 (FPO: [Non-Fpo])
    fc9d4748 bae6e520 ffa89718 81a94500 fc9d4900 nt+0xc7f7
    fc9d4810 bae6e725 fc9d4900 81c44e28 81a94500 Ntfs!NtfsPagingFileIo+0x1b2 (FPO: [Non-Fpo])
    fc9d48ec bae6bfbf fc9d4900 81c44e28 00000001 Ntfs!NtfsCommonRead+0x2bd (FPO: [Non-Fpo])
    fc9d4a9c 804e37f7 81b2f408 81c44e28 806ee2e8 Ntfs!NtfsFsdRead+0x22d (FPO: [Non-Fpo])
    fc9d4ad0 baf0d459 fc9d4b0c 804e37f7 81b2fdd0 nt+0xc7f7
    fc9d4ad8 804e37f7 81b2fdd0 81c44e28 806ee2e8 sr!SrPassThrough+0x31 (FPO: [Non-Fpo])
    fc9d4b0c f88ca169 ff9603d0 81972d70 804e37f7 nt+0xc7f7
    fc9d4b4c 804f5508 00000000 ffb59c78 ffb59c88 SYMEVENT+0xb169
    fc9d4b60 804f552f 81972d70 ffb59c0a ffb59c90 nt+0x1e508
    fc9d4b80 804f5194 ffa6b7c8 ffb59cb0 ffb59c90 nt+0x1e52f
    fc9d4bf4 804ebace 06b3b8c0 f4fd89b1 c03d3f60 nt+0x1e194
    Closing open log file c:\debuglog.txt
     
    melwinnie,
    #7
  9. 2006/03/23
    cpc2004

    cpc2004 Inactive

    Joined:
    2005/07/08
    Messages:
    366
    Likes Received:
    0
    Fix ntoskrnl symbolic map

    Hi,

    Probably the culprit is Norton AV and you have to attach output of load module list (ie lmnt) here. You also have to fix windows kernel symbolic map.

    Procedure
    c:\program files\debugging tools>kd -z C:\windows\minidump\minixxxxx-xx.dmp
    kd> .logopen c:\debuglog.txt
    kd> .sympath srv*c:\symbols*http://msdl.microsoft.com/download/symbols
    kd> .reload;!analyze -v;r;kv;lmnt;.logclose;q

    Attach the debug log here.
     
    cpc2004,
    #8

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...