Microsoft (R) Windows Debugger Version 10.0.10586.567 AMD64 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [D:\MEMORY_UninstallTool.DMP] Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available. ************* Symbol Path validation summary ************** Response Time (ms) Location Deferred symsrv*symsrv.dll*C:\SymbolsChache*http://msdl.microsoft.com/download/symbols Symbol search path is: symsrv*symsrv.dll*C:\SymbolsChache*http://msdl.microsoft.com/download/symbols Executable search path is: Windows 10 Kernel Version 10586 MP (4 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Built by: 10586.17.amd64fre.th2_release.151121-2308 Machine Name: Kernel base = 0xfffff802`3767b000 PsLoadedModuleList = 0xfffff802`37959c70 Debug session time: Mon Dec 21 12:20:23.878 2015 (UTC + 1:00) System Uptime: 0 days 0:05:48.634 Loading Kernel Symbols ............................................................... ................................................................ ................................................................ .................... Loading User Symbols PEB is paged out (Peb.Ldr = 00000000`00291018). Type ".hh dbgerr001" for details Loading unloaded module list ................ ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck C4, {f6, 3f8, ffffe001289d6080, fffff8018e531610} *** ERROR: Module load completed but symbols could not be loaded for CisUtMonitor.sys Probably caused by : CisUtMonitor.sys ( CisUtMonitor+1610 ) Followup: MachineOwner --------- 1: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* DRIVER_VERIFIER_DETECTED_VIOLATION (c4) A device driver attempting to corrupt the system has been caught. This is because the driver was specified in the registry as being suspect (by the administrator) and the kernel has enabled substantial checking of this driver. If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will be among the most commonly seen crashes. Arguments: Arg1: 00000000000000f6, Referencing user handle as KernelMode. Arg2: 00000000000003f8, Handle value being referenced. Arg3: ffffe001289d6080, Address of the current process. Arg4: fffff8018e531610, Address inside the driver that is performing the incorrect reference. Debugging Details: ------------------ DUMP_CLASS: 1 DUMP_QUALIFIER: 401 BUILD_VERSION_STRING: 10586.17.amd64fre.th2_release.151121-2308 SYSTEM_MANUFACTURER: Dell Inc. SYSTEM_PRODUCT_NAME: Latitude E6520 SYSTEM_VERSION: 01 BIOS_VENDOR: Dell Inc. BIOS_VERSION: A19 BIOS_DATE: 11/14/2013 BASEBOARD_MANUFACTURER: Dell Inc. BASEBOARD_PRODUCT: 0J4TFW BASEBOARD_VERSION: A00 DUMP_TYPE: 1 BUGCHECK_P1: f6 BUGCHECK_P2: 3f8 BUGCHECK_P3: ffffe001289d6080 BUGCHECK_P4: fffff8018e531610 BUGCHECK_STR: 0xc4_f6 IMAGE_NAME: CisUtMonitor.sys DEBUG_FLR_IMAGE_TIMESTAMP: 4ead31ae MODULE_NAME: CisUtMonitor FAULTING_MODULE: fffff8018e530000 CisUtMonitor CPU_COUNT: 4 CPU_MHZ: a86 CPU_VENDOR: GenuineIntel CPU_FAMILY: 6 CPU_MODEL: 2a CPU_STEPPING: 7 CPU_MICROCODE: 6,2a,7,0 (F,M,S,R) SIG: 29'00000000 (cache) 29'00000000 (init) DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT PROCESS_NAME: UninstallTool. CURRENT_IRQL: 0 ANALYSIS_SESSION_HOST: LP11012 ANALYSIS_SESSION_TIME: 12-21-2015 16:28:16.0889 ANALYSIS_VERSION: 10.0.10586.567 amd64fre LAST_CONTROL_TRANSFER: from fffff80237d3a298 to fffff802377bd760 STACK_TEXT: ffffd000`234ff408 fffff802`37d3a298 : 00000000`000000c4 00000000`000000f6 00000000`000003f8 ffffe001`289d6080 : nt!KeBugCheckEx ffffd000`234ff410 fffff802`37d3f914 : ffffe001`289d6080 00000000`00000000 ffffe001`00000000 00000000`00000000 : nt!VerifierBugCheckIfAppropriate+0x3c ffffd000`234ff450 fffff802`37be8ef9 : ffffe001`2a93f990 ffffe001`26f25e00 00000000`00000004 00000000`00000000 : nt!VfCheckUserHandle+0x1a0 ffffd000`234ff540 fffff802`37a6bb75 : 00000000`00000000 fffff801`00000002 ffffe001`26f25e00 fffff802`37d41000 : nt! ?? ::NNGAKEGL::`string'+0x17749 ffffd000`234ff5e0 fffff802`37d4ab79 : 00000000`000003f8 00000000`00000004 ffffe001`26f25e00 00000000`00000004 : nt!ObReferenceObjectByHandle+0x25 ffffd000`234ff630 fffff801`8e531610 : ffffcf80`c9a587f0 00000000`00000004 ffffcf80`c9a587f0 ffffcf80`c9a587f0 : nt!VerifierObReferenceObjectByHandle+0x35 ffffd000`234ff670 fffff801`8e53194b : ffffcf80`c9a587f0 00000000`00000004 ffffcf80`c9a4aea0 ffffcf80`c9a4aea0 : CisUtMonitor+0x1610 ffffd000`234ff6c0 fffff801`8e53156e : fffff801`8e531518 ffffd000`234ff760 ffffe001`28b3f050 00000000`00000000 : CisUtMonitor+0x194b ffffd000`234ff700 fffff801`8bedcd70 : 00000000`00000001 ffffe001`2c3f7010 ffffe001`28b3f050 fffff802`37a63575 : CisUtMonitor+0x156e ffffd000`234ff730 fffff802`37d2eebe : ffffcf80`c9a4aea0 ffffe001`28b3f050 00000000`00000000 fffff802`37a62d16 : VerifierExt!xdv_IRP_MJ_DEVICE_CONTROL_wrapper+0xe0 ffffd000`234ff790 fffff802`376cacf2 : ffffcf80`c9a4aea0 ffffd000`234ffb80 ffffe001`286cff20 ffffe001`2c3f7010 : nt!IovCallDriver+0x252 ffffd000`234ff7d0 fffff802`37a63575 : ffffcf80`c9a4aea0 ffffd000`234ffb80 ffffe001`286cff20 00000000`000001c8 : nt!IofCallDriver+0x72 ffffd000`234ff810 fffff802`37a62d16 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!IopXxxControlFile+0x855 ffffd000`234ffa20 fffff802`377c7fa3 : ffffc000`746c6644 ffffd000`234ffb08 00000000`00000000 fffff802`37a47c78 : nt!NtDeviceIoControlFile+0x56 ffffd000`234ffa90 00007ffd`c5814ec4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 00000000`05daeeb8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffd`c5814ec4 STACK_COMMAND: kb THREAD_SHA1_HASH_MOD_FUNC: 0cc117e69475bdf090c4148ec04e35cfb325ead5 THREAD_SHA1_HASH_MOD_FUNC_OFFSET: fd02a26769ea36296df81ddcb482205ce35590a5 THREAD_SHA1_HASH_MOD: 7322e75423b8887b6ff0ea820429793a3627e452 FOLLOWUP_IP: CisUtMonitor+1610 fffff801`8e531610 8bd8 mov ebx,eax FAULT_INSTR_CODE: c085d88b SYMBOL_STACK_INDEX: 6 SYMBOL_NAME: CisUtMonitor+1610 FOLLOWUP_NAME: MachineOwner BUCKET_ID_FUNC_OFFSET: 1610 FAILURE_BUCKET_ID: 0xc4_f6_VRF_CisUtMonitor!Unknown_Function BUCKET_ID: 0xc4_f6_VRF_CisUtMonitor!Unknown_Function PRIMARY_PROBLEM_CLASS: 0xc4_f6_VRF_CisUtMonitor!Unknown_Function TARGET_TIME: 2015-12-21T11:20:23.000Z OSBUILD: 10586 OSSERVICEPACK: 0 SERVICEPACK_NUMBER: 0 OS_REVISION: 0 SUITE_MASK: 272 PRODUCT_TYPE: 1 OSPLATFORM_TYPE: x64 OSNAME: Windows 10 OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS OS_LOCALE: USER_LCID: 0 OSBUILD_TIMESTAMP: 2015-11-22 10:24:24 BUILDDATESTAMP_STR: 151121-2308 BUILDLAB_STR: th2_release BUILDOSVER_STR: 10.0.10586.17.amd64fre.th2_release.151121-2308 ANALYSIS_SESSION_ELAPSED_TIME: eba ANALYSIS_SOURCE: KM FAILURE_ID_HASH_STRING: km:0xc4_f6_vrf_cisutmonitor!unknown_function FAILURE_ID_HASH: {8ea6ea97-fe60-f449-88f1-bc990a1999df} Followup: MachineOwner ---------