Bersaglio
Silver Member | Редактировать | Профиль | Сообщение | Цитировать | Сообщить модератору
Господа, помогите пожалуйста кто может! Стоит Symantec Antivirus Corporate Edition v10.1.7.7000 Client (Unmanaged), вчера вылетел в синий экран при завершении работы системы на компьютере...  Версия symevent.sys - 12.2.1.1
Вот анализ минидампа:
Цитата: Microsoft (R) Windows Debugger Version 6.6.0007.5
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [D:\TEMP\Dump\Mini121607-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: srv*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: srv*c:\symbols*http://msdl.microsoft.com/download/symbols
Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_gdr.070227-2254
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805624a0
Debug session time: Sun Dec 16 03:22:09.265 2007 (GMT+3)
System Uptime: 0 days 4:41:42.012
Loading Kernel Symbols
.......................................................................................................................................
Loading User Symbols
Loading unloaded module list
........................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 44, {8a0bf008, d63, 0, 0}
*** WARNING: Unable to verify timestamp for SYMEVENT.SYS
*** ERROR: Module load completed but symbols could not be loaded for SYMEVENT.SYS
Unable to load image epson.sys, Win32 error 2
*** WARNING: Unable to verify timestamp for epson.sys
*** ERROR: Module load completed but symbols could not be loaded for epson.sys
Probably caused by : SYMEVENT.SYS ( SYMEVENT+7652 )
Followup: MachineOwner
---------
0: kd> kd: Reading initial command '!analyze -v; q'
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
MULTIPLE_IRP_COMPLETE_REQUESTS (44)
A driver has requested that an IRP be completed (IoCompleteRequest()), but
the packet has already been completed. This is a tough bug to find because
the easiest case, a driver actually attempted to complete its own packet
twice, is generally not what happened. Rather, two separate drivers each
believe that they own the packet, and each attempts to complete it. The
first actually works, and the second fails. Tracking down which drivers
in the system actually did this is difficult, generally because the trails
of the first driver have been covered by the second. However, the driver
stack for the current request can be found by examining the DeviceObject
fields in each of the stack locations.
Arguments:
Arg1: 8a0bf008, Address of the IRP
Arg2: 00000d63
Arg3: 00000000
Arg4: 00000000
Debugging Details:
------------------
IRP_ADDRESS: 8a0bf008
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0x44
PROCESS_NAME: winlogon.exe
LAST_CONTROL_TRANSFER: from 80520643 to 8053738a
STACK_TEXT:
b6443690 80520643 00000044 8a0bf008 00000d63 nt!KeBugCheckEx+0x1b
b64436c8 805951fa e1bf8120 e1bf8140 00000000 nt!IopfCompleteRequest+0x2ce
b64436f8 80595243 8a0bf008 e1bf8120 00000000 nt!FsRtlNotifyCompleteIrp+0x124
b6443720 80593bd8 e1bf8120 0000010b e14d7c58 nt!FsRtlNotifyCompleteIrpList+0x3c
b6443768 baec996d 8a2fa420 8a2b4400 e14d7eb8 nt!FsRtlNotifyCleanup+0x63
b6443978 baeafb4d b6443994 899d8008 8a2b17e0 Ntfs!NtfsCommonCleanup+0x92e
b6443af0 804e13d9 8a2b4020 899d8008 899d8008 Ntfs!NtfsFsdCleanup+0xcf
b6443b00 baf4409e 899d8008 8a376f38 8a2b10d8 nt!IopfCallDriver+0x31
b6443b2c 804e13d9 8a2b17e0 899d8008 8a2e4030 fltMgr!FltpDispatch+0x152
b6443b3c baf32bbf 899d81e0 b6443bac b6443b74 nt!IopfCallDriver+0x31
b6443b4c 804e13d9 8a2b1020 899d8008 804e9430 sr!SrCleanup+0xb3
b6443b5c b733d652 899d81e0 899d8204 b6443bac nt!IopfCallDriver+0x31
WARNING: Stack unwind information not available. Following frames may be wrong.
b6443b74 b7344d80 8a2b1020 00000000 b6443bac SYMEVENT+0x7652
b6443b90 b733d7b9 b6443bac 804e9430 b733d880 SYMEVENT+0xed80
b6443bd0 804e13d9 89fe4f10 899d8008 899d8008 SYMEVENT+0x77b9
b6443be0 baf43e9b 8a133ee8 899d8008 89fb60b0 nt!IopfCallDriver+0x31
b6443c04 baf4406b b6443c24 8a133ee8 00000000 fltMgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x20b
b6443c3c 804e13d9 8a133ee8 899d8008 899d8008 fltMgr!FltpDispatch+0x11f
b6443c4c 8057c5db 8a0c2010 8a394900 00000001 nt!IopfCallDriver+0x31
b6443c7c 8056e943 89e0fda0 8a133ee8 00160001 nt!IopCloseFile+0x26b
b6443cac 8056ea96 89e0fda0 010c2010 8a394900 nt!ObpDecrementHandleCount+0x11b
b6443cd4 8056e9bc e1bb9e58 8a0c2028 00000244 nt!ObpCloseHandleTableEntry+0x14d
b6443d1c 8056ea06 00000244 00000001 00000000 nt!ObpCloseHandle+0x87
b6443d30 f74a6ca2 00000244 ffffffff 00fdfe98 nt!NtClose+0x1d
b6443d58 804dd99f 00000244 00fdffb4 7c90eb94 epson+0xdca2
b6443d58 7c90eb94 00000244 00fdffb4 7c90eb94 nt!KiFastCallEntry+0xfc
00fdffb4 00000000 00000000 00000000 00000000 0x7c90eb94
STACK_COMMAND: kb
FOLLOWUP_IP:
SYMEVENT+7652
b733d652 ?? ???
SYMBOL_STACK_INDEX: c
SYMBOL_NAME: SYMEVENT+7652
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: SYMEVENT
IMAGE_NAME: SYMEVENT.SYS
DEBUG_FLR_IMAGE_TIMESTAMP: 4551513d
FAILURE_BUCKET_ID: 0x44_SYMEVENT+7652
BUCKET_ID: 0x44_SYMEVENT+7652
Followup: MachineOwner
---------
quit: |
Я сам впервые получил BSOD, а вот компьютер одной из моих знакомых за последние пол-года 4 раза летал в BSOD, и все четыре раза - из-за Symevent.sys
Помогите! Как лечить? |
