1 Reply Latest reply on Aug 24, 2011 6:51 PM by Hayton

    Bugcheck mfetdik.sys - Fully Patched VirusScan Enterprise 8.7.0i

      Hello,

       

      I'd like to report a bugcheck induced by mfetdik.sys while I was switching wireless networks.

       

      - VirusScan Enterprise + AntiSpyware Enterprise 8.7.0i (Patches installed: 5)

      - Windows 7 Enterprise

       

      *******************************************************************************

      *                                                                            *

      *                       BugcheckAnalysis                                   *

      *                                                                            *

      *******************************************************************************

       

      SYSTEM_THREAD_EXCEPTION_NOT_HANDLED(7e)

      This is a very commonbugcheck.  Usually the exception address pinpoints

      the driver/function thatcaused the problem.  Always note this address

      as well as the link date ofthe driver/image that contains this address.

      Arguments:

      Arg1: ffffffffc0000005, Theexception code that was not handled

      Arg2: fffff800031adf8c, Theaddress that the exception occurred at

      Arg3: fffff88003569338,Exception Record Address

      Arg4: fffff88003568ba0,Context Record Address

       

      Debugging Details:

      ------------------

       

       

      EXCEPTION_CODE: (NTSTATUS)0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. Thememory could not be %s.

       

      FAULTING_IP:

      nt!ExDeferredFreePool+100

      fffff800`031adf8c4c8b02         mov     r8,qword ptr [rdx]

       

      EXCEPTION_RECORD: fffff88003569338 -- (.exr 0xfffff88003569338)

      ExceptionAddress:fffff800031adf8c (nt!ExDeferredFreePool+0x0000000000000100)

         ExceptionCode:c0000005 (Access violation)

        ExceptionFlags:00000000

      NumberParameters: 2

         Parameter[0]:0000000000000000

         Parameter[1]:ffffffffffffffff

      Attempt to read from addressffffffffffffffff

       

      CONTEXT: fffff88003568ba0 -- (.cxr 0xfffff88003568ba0)

      rax=fffffa800a28ca70rbx=0000000000000000 rcx=fffff80003209a10

      rdx=760e0002096fc6f4 rsi=0000000000000000rdi=fffffa800a28ca70

      rip=fffff800031adf8crsp=fffff88003569570 rbp=0000000000000000

      r8=760e0002096fc6f4 r9=0000000000000000 r10=fffff80003209888

      r11=0000000000000000r12=fffff80003209880 r13=0000000000000000

      r14=000000000000000b r15=0000000000000001

      iopl=0        nv up ei pl zr na po nc

      cs=0010  ss=0000 ds=002b  es=002b  fs=0053 gs=002b            efl=00010246

      nt!ExDeferredFreePool+0x100:

      fffff800`031adf8c4c8b02         mov     r8,qword ptr [rdx]ds:002b:760e0002`096fc6f4=????????????????

      Resetting default scope

       

      DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

       

      PROCESS_NAME:  System

       

      CURRENT_IRQL:  2

       

      ERROR_CODE: (NTSTATUS)0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. Thememory could not be %s.

       

      EXCEPTION_PARAMETER1: 0000000000000000

       

      EXCEPTION_PARAMETER2: ffffffffffffffff

       

      READ_ADDRESS: ffffffffffffffff

       

      FOLLOWUP_IP:

      nt!ExDeferredFreePool+100

      fffff800`031adf8c4c8b02         mov     r8,qword ptr [rdx]

       

      BUGCHECK_STR:  0x7E

       

      LAST_CONTROL_TRANSFER:  fromfffff800031af4c1 to fffff800031adf8c

       

      STACK_TEXT: 

      fffff880`03569570fffff800`031af4c1 : 00000000`00000556 fffffa80`07c0ee00 00000000`00000000fffffa80`08d81cd0 : nt!ExDeferredFreePool+0x100

      fffff880`03569600fffff880`015bdbc8 : 00000000`00000000 fffff880`015bf14c fffffa80`6245464d00000000`00000000 : nt!ExFreePoolWithTag+0x411

      fffff880`035696b0fffff880`015be498 : 00000000`00000380 00000000`00000001 00000000`00000380fffffa80`0486c0d0 : mfetdik+0x4bc8

      fffff880`035696e0fffff880`015be7bb : fffffa80`0544b6e0 fffffa80`0544b6e0 fffffa80`0544b6e0fffffa80`03b54040 : mfetdik+0x5498

      fffff880`03569710fffff880`015bc0aa : fffffa80`0544b6e0 fffffa80`0972f310 fffffa80`0972f310fffffa80`03b54040 : mfetdik+0x57bb

      fffff880`03569740fffff880`015bd98e : fffff880`035697c0 fffff880`015c1456 fffffa80`0972f310fffffa80`0972f310 : mfetdik+0x30aa

      fffff880`03569770fffff880`015c13c8 : fffffa80`0972f310 fffffa80`03b54040 fffffa80`09cb46e000000000`00000000 : mfetdik+0x498e

      fffff880`035697a0fffff800`0338e5ce : fffffa80`09cb4710 00000000`00000001 fffffa80`0972f31000000000`00000000 : mfetdik!DEVICEDISPATCH::DispatchPassThrough+0x98

      fffff880`03569800fffff800`0307f8b4 : 00000000`00000000 fffffa80`03b54040 fffffa80`03b6a9f000000000`00000000 : nt!IopDeleteFile+0x11e

      fffff880`03569890fffff800`0338e354 : fffffa80`03b54040 00000000`00000000 fffffa80`03b6e68000000000`00000000 : nt!ObfDereferenceObject+0xd4

      fffff880`035698f0fffff800`0338e254 : 00000000`00006ac0 fffffa80`03b54040 fffff8a0`000016f000000000`00006ac0 : nt!ObpCloseHandleTableEntry+0xc4

      fffff880`03569980fffff800`03079993 : fffffa80`03b6e680 fffff880`03569a50 00000000`00000000fffff800`030809a2 : nt!ObpCloseHandle+0x94

      fffff880`035699d0fffff800`03075f30 : fffff880`02ea642a 00000000`0000afd1 fffffa80`0c8ebb80fffff880`02e9ac90 : nt!KiSystemServiceCopyEnd+0x13

      fffff880`03569b68fffff880`02ea642a : 00000000`0000afd1 fffffa80`0c8ebb80 fffff880`02e9ac90fffff800`00000009 : nt!KiServiceLinkage

      fffff880`03569b70fffff880`02eb0e41 : fffffa80`0c8ebc40 fffff880`02eab7f0 fffff880`02e9ac90fffff880`02eb0e20 : afd! ?? ::NNGAKEGL::`string'+0x1100

      fffff880`03569c20fffff880`02e76ff7 : fffffa80`0c8ebc40 fffffa80`0c8ebc40 fffff880`02eab7f0fffffa80`03b6e680 : afd!AfdFreeEndpointTditl+0x21

      fffff880`03569c50fffff800`03374943 : fffffa80`0485fc10 fffffa80`048856f0 fffff800`0321f5f8fffffa80`03b6e680 : afd!AfdDoWork+0x67

      fffff880`03569c80fffff800`03087961 : fffff800`0321f500 fffff800`03374920 fffffa80`03b6e68000000000`00000000 : nt!IopProcessWorkItem+0x23

      fffff880`03569cb0fffff800`0331d7c6 : 8b1075c0`84e8b60f fffffa80`03b6e680 00000000`00000080fffffa80`03b54040 : nt!ExpWorkerThread+0x111

      fffff880`03569d40fffff800`03058c26 : fffff880`03367180 fffffa80`03b6e680 fffff880`033720c079e52b44`28c78348 : nt!PspSystemThreadStartup+0x5a

      fffff880`03569d8000000000`00000000 : fffff880`0356a000 fffff880`03564000 fffff880`035699f000000000`00000000 : nt!KxStartSystemThread+0x16

       

       

      SYMBOL_STACK_INDEX:  0

       

      SYMBOL_NAME: nt!ExDeferredFreePool+100

       

      FOLLOWUP_NAME: Pool_corruption

       

      IMAGE_NAME: Pool_Corruption

       

      DEBUG_FLR_IMAGE_TIMESTAMP: 0

       

      MODULE_NAME: Pool_Corruption

       

      STACK_COMMAND:  .cxr0xfffff88003568ba0 ; kb

       

      FAILURE_BUCKET_ID: X64_0x7E_nt!ExDeferredFreePool+100

       

      BUCKET_ID: X64_0x7E_nt!ExDeferredFreePool+100

       

      Followup: Pool_corruption

      ---------