Standard shield is on normal.
MS Error reporting claims "Although we have not determined the specific cause of this problem, we know the problem was caused by antivirus software."
CD AutoPlay Notification is disabled anyway, but I went into TweakUI to check it was still off, and while I was at it I unregistered *all* the third-party autoplay handlers, just in case. No luck.
I did have Norton AV installed, but got rid of it two months ago. And I ran the SymClean utility, just to make absolutely sure that it really was gone, before I installed Avast.
The only other security software that was actually running was Windows Defender and Zone Alarm.
Stop code was 8E. I know nothing about windbg, but here's as much information as I could tease out of the crash dump:
Loading Dump File [C:\WINDOWS\Minidump\Mini101807-03.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: srv*c:\cache*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_gdr.070227-2254
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805533a0
Debug session time: Thu Oct 18 19:30:15.691 2007 (GMT+1)
System Uptime: 0 days 1:17:01.541
Loading Kernel Symbols
...
Loading unloaded module list
............
Loading User Symbols
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000008E, {c0000005, 806d0753, b4b300a8, 0}
*** WARNING: Unable to verify timestamp for aswMon2.SYS
*** ERROR: Module load completed but symbols could not be loaded for aswMon2.SYS
Unable to load image vsdatant.sys, Win32 error 2
*** WARNING: Unable to verify timestamp for vsdatant.sys
*** ERROR: Module load completed but symbols could not be loaded for vsdatant.sys
Probably caused by : fltmgr.sys ( fltmgr!FltpGetStreamListCtrl+5a )
Followup: MachineOwner
---------
kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 806d0753, The address that the exception occurred at
Arg3: b4b300a8, Trap Frame
Arg4: 00000000
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".
FAULTING_IP:
hal!ExAcquireFastMutex+f
806d0753 ff09 dec dword ptr [ecx]
TRAP_FRAME: b4b300a8 -- (.trap ffffffffb4b300a8)
ErrCode = 00000002
eax=00000000 ebx=882abc20 ecx=00000001 edx=80010031 esi=882aec38 edi=8914f468
eip=806d0753 esp=b4b3011c ebp=b4b3012c iopl=0 nv up ei pl nz ac pe cy
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010213
hal!ExAcquireFastMutex+0xf:
806d0753 ff09 dec dword ptr [ecx] ds:0023:00000001=?
?
Resetting default scope
CUSTOMER_CRASH_COUNT: 3
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0x8E
LAST_CONTROL_TRANSFER: from 804ec6a4 to 806d0753
STACK_TEXT:
b4b30118 804ec6a4 8914f468 00000000 882abc20 hal!ExAcquireFastMutex+0xf
b4b3012c b9eacbf8 882aec38 882abc20 00000000 nt!FsRtlLookupPerStreamContextInternal+0x14
b4b30190 b9ebaba7 882abc20 8914f468 00000001 fltmgr!FltpGetStreamListCtrl+0x5a
b4b301cc b9ea9eef 8911af00 00000000 882d7b48 fltmgr!FltpCacheCreateNames+0x2d
b4b301f4 b9eb6448 b4b30214 00000000 00000000 fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x25f
b4b30230 804edfe3 8830d020 882d7b48 00000000 fltmgr!FltpCreate+0x26a
b4b30240 b5bcda1e 882d7b58 8abb68b0 8914f468 nt!IopfCallDriver+0x31
WARNING: Stack unwind information not available. Following frames may be wrong.
b4b30264 b5bc783c 892652c8 002d7b48 804edfe3 aswMon2+0x6a1e
b4b30360 805b390a 8ad45030 00000000 891534a8 aswMon2+0x83c
b4b303e8 805afdeb 00000000 b4b30428 00000040 nt!ObpLookupObjectName+0x56a
b4b3043c 8056a3b1 00000000 00000000 00000401 nt!ObOpenObjectByName+0xeb
b4b304b8 8056ad28 0013f170 80100080 0013f110 nt!IopCreateFile+0x407
b4b30514 8056d3fa 0013f170 80100080 0013f110 nt!IoCreateFile+0x8e
b4b30554 b6593996 0013f170 80100080 0013f110 nt!NtCreateFile+0x30
b4b305e0 8053ca28 0013f170 80100080 0013f110 vsdatant+0x2f996
b4b305e0 7c90eb94 0013f170 80100080 0013f110 nt!KiFastCallEntry+0xf8
0013f168 00000000 00000000 00000000 00000000 0x7c90eb94
FOLLOWUP_IP:
fltmgr!FltpGetStreamListCtrl+5a
b9eacbf8 eb02 jmp fltmgr!FltpGetStreamListCtrl+0x5e (b9eacbfc)
SYMBOL_STACK_INDEX: 2
FOLLOWUP_NAME: MachineOwner
SYMBOL_NAME: fltmgr!FltpGetStreamListCtrl+5a
MODULE_NAME: fltmgr
IMAGE_NAME: fltmgr.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 44e97991
STACK_COMMAND: .trap ffffffffb4b300a8 ; kb
FAILURE_BUCKET_ID: 0x8E_fltmgr!FltpGetStreamListCtrl+5a
BUCKET_ID: 0x8E_fltmgr!FltpGetStreamListCtrl+5a
Followup: MachineOwner
---------