Bersaglio
Silver Member | Редактировать | Профиль | Сообщение | Цитировать | Сообщить модератору Господа, помогите пожалуйста кто может! Стоит Symantec Antivirus Corporate Edition v10.1.7.7000 Client (Unmanaged), вчера вылетел в синий экран при завершении работы системы на компьютере... Версия symevent.sys - 12.2.1.1 Вот анализ минидампа: Цитата: Microsoft (R) Windows Debugger Version 6.6.0007.5 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [D:\TEMP\Dump\Mini121607-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: srv*c:\symbols*http://msdl.microsoft.com/download/symbols Executable search path is: srv*c:\symbols*http://msdl.microsoft.com/download/symbols Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible Product: WinNt, suite: TerminalServer SingleUserTS Built by: 2600.xpsp_sp2_gdr.070227-2254 Kernel base = 0x804d7000 PsLoadedModuleList = 0x805624a0 Debug session time: Sun Dec 16 03:22:09.265 2007 (GMT+3) System Uptime: 0 days 4:41:42.012 Loading Kernel Symbols ....................................................................................................................................... Loading User Symbols Loading unloaded module list ........................ ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 44, {8a0bf008, d63, 0, 0} *** WARNING: Unable to verify timestamp for SYMEVENT.SYS *** ERROR: Module load completed but symbols could not be loaded for SYMEVENT.SYS Unable to load image epson.sys, Win32 error 2 *** WARNING: Unable to verify timestamp for epson.sys *** ERROR: Module load completed but symbols could not be loaded for epson.sys Probably caused by : SYMEVENT.SYS ( SYMEVENT+7652 ) Followup: MachineOwner --------- 0: kd> kd: Reading initial command '!analyze -v; q' ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* MULTIPLE_IRP_COMPLETE_REQUESTS (44) A driver has requested that an IRP be completed (IoCompleteRequest()), but the packet has already been completed. This is a tough bug to find because the easiest case, a driver actually attempted to complete its own packet twice, is generally not what happened. Rather, two separate drivers each believe that they own the packet, and each attempts to complete it. The first actually works, and the second fails. Tracking down which drivers in the system actually did this is difficult, generally because the trails of the first driver have been covered by the second. However, the driver stack for the current request can be found by examining the DeviceObject fields in each of the stack locations. Arguments: Arg1: 8a0bf008, Address of the IRP Arg2: 00000d63 Arg3: 00000000 Arg4: 00000000 Debugging Details: ------------------ IRP_ADDRESS: 8a0bf008 CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: DRIVER_FAULT BUGCHECK_STR: 0x44 PROCESS_NAME: winlogon.exe LAST_CONTROL_TRANSFER: from 80520643 to 8053738a STACK_TEXT: b6443690 80520643 00000044 8a0bf008 00000d63 nt!KeBugCheckEx+0x1b b64436c8 805951fa e1bf8120 e1bf8140 00000000 nt!IopfCompleteRequest+0x2ce b64436f8 80595243 8a0bf008 e1bf8120 00000000 nt!FsRtlNotifyCompleteIrp+0x124 b6443720 80593bd8 e1bf8120 0000010b e14d7c58 nt!FsRtlNotifyCompleteIrpList+0x3c b6443768 baec996d 8a2fa420 8a2b4400 e14d7eb8 nt!FsRtlNotifyCleanup+0x63 b6443978 baeafb4d b6443994 899d8008 8a2b17e0 Ntfs!NtfsCommonCleanup+0x92e b6443af0 804e13d9 8a2b4020 899d8008 899d8008 Ntfs!NtfsFsdCleanup+0xcf b6443b00 baf4409e 899d8008 8a376f38 8a2b10d8 nt!IopfCallDriver+0x31 b6443b2c 804e13d9 8a2b17e0 899d8008 8a2e4030 fltMgr!FltpDispatch+0x152 b6443b3c baf32bbf 899d81e0 b6443bac b6443b74 nt!IopfCallDriver+0x31 b6443b4c 804e13d9 8a2b1020 899d8008 804e9430 sr!SrCleanup+0xb3 b6443b5c b733d652 899d81e0 899d8204 b6443bac nt!IopfCallDriver+0x31 WARNING: Stack unwind information not available. Following frames may be wrong. b6443b74 b7344d80 8a2b1020 00000000 b6443bac SYMEVENT+0x7652 b6443b90 b733d7b9 b6443bac 804e9430 b733d880 SYMEVENT+0xed80 b6443bd0 804e13d9 89fe4f10 899d8008 899d8008 SYMEVENT+0x77b9 b6443be0 baf43e9b 8a133ee8 899d8008 89fb60b0 nt!IopfCallDriver+0x31 b6443c04 baf4406b b6443c24 8a133ee8 00000000 fltMgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x20b b6443c3c 804e13d9 8a133ee8 899d8008 899d8008 fltMgr!FltpDispatch+0x11f b6443c4c 8057c5db 8a0c2010 8a394900 00000001 nt!IopfCallDriver+0x31 b6443c7c 8056e943 89e0fda0 8a133ee8 00160001 nt!IopCloseFile+0x26b b6443cac 8056ea96 89e0fda0 010c2010 8a394900 nt!ObpDecrementHandleCount+0x11b b6443cd4 8056e9bc e1bb9e58 8a0c2028 00000244 nt!ObpCloseHandleTableEntry+0x14d b6443d1c 8056ea06 00000244 00000001 00000000 nt!ObpCloseHandle+0x87 b6443d30 f74a6ca2 00000244 ffffffff 00fdfe98 nt!NtClose+0x1d b6443d58 804dd99f 00000244 00fdffb4 7c90eb94 epson+0xdca2 b6443d58 7c90eb94 00000244 00fdffb4 7c90eb94 nt!KiFastCallEntry+0xfc 00fdffb4 00000000 00000000 00000000 00000000 0x7c90eb94 STACK_COMMAND: kb FOLLOWUP_IP: SYMEVENT+7652 b733d652 ?? ??? SYMBOL_STACK_INDEX: c SYMBOL_NAME: SYMEVENT+7652 FOLLOWUP_NAME: MachineOwner MODULE_NAME: SYMEVENT IMAGE_NAME: SYMEVENT.SYS DEBUG_FLR_IMAGE_TIMESTAMP: 4551513d FAILURE_BUCKET_ID: 0x44_SYMEVENT+7652 BUCKET_ID: 0x44_SYMEVENT+7652 Followup: MachineOwner --------- quit: | Я сам впервые получил BSOD, а вот компьютер одной из моих знакомых за последние пол-года 4 раза летал в BSOD, и все четыре раза - из-за Symevent.sys Помогите! Как лечить? |