none
Kernel Security Failure - Help to analyze dmp files

    Question

  • Hi!

    I'm helping a friend with a Vostro 1320

    4 GB RAM, Core2Duo, 32 bit Windows 8.1 Pro

    It has had contiuos problems with bluescreens over a period of time.

    I include the latest dmp file, but have more if needed.

    There are not many programs/apps installed on the system and no 3rd party anti virus (Only Windows Defender) which seems to have been an issue in other kernel security failure threads.

    The DMP file is uploaded to OneDrive here: Add in next reply as I have to verify my account before I can add links.

    http:(SLASH SLASH)1drv.ms/1nKLQeE

    THANKS!

    Tuesday, August 12, 2014 7:58 AM

Answers

  • Hi,

    This issue can be caused by ASC.exe, and it belongs to Advanced SystemCare. Please remove it to see what's going on.

    In addition, we don't recommend you to use 3rd part registry key tool, since it will make any unexpected error in your system.

    Debugging Details:
    ------------------
    
    
    TRAP_FRAME:  8a25b174 -- (.trap 0xffffffff8a25b174)
    ErrCode = 00000000
    eax=b8f0e1f0 ebx=000001ff ecx=00000003 edx=80226580 esi=80226280 edi=b6ddd6ac
    eip=817ec478 esp=8a25b1e8 ebp=8a25b228 iopl=0         nv up ei ng nz na pe cy
    cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00000287
    nt!ExDeferredFreePool+0x468:
    817ec478 cd29            int     29h
    Resetting default scope
    
    EXCEPTION_RECORD:  8a25b0a0 -- (.exr 0xffffffff8a25b0a0)
    ExceptionAddress: 817ec478 (nt!ExDeferredFreePool+0x00000468)
       ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
      ExceptionFlags: 00000001
    NumberParameters: 1
       Parameter[0]: 00000003
    
    CUSTOMER_CRASH_COUNT:  1
    
    DEFAULT_BUCKET_ID:  LIST_ENTRY_CORRUPT
    
    BUGCHECK_STR:  0x139
    
    PROCESS_NAME:  ASC.exe
    
    CURRENT_IRQL:  1
    
    ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
    
    EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
    
    EXCEPTION_PARAMETER1:  00000003
    
    ANALYSIS_VERSION: 6.3.9600.16384 (debuggers(dbg).130821-1623) amd64fre
    
    LAST_CONTROL_TRANSFER:  from 8172474a to 81713260
    
    STACK_TEXT:  
    8a25b080 8172474a 00000139 00000003 8a25b174 nt!KiBugCheck2
    8a25b080 817ec478 00000139 00000003 8a25b174 nt!KiRaiseSecurityCheckFailure+0xf6
    8a25b228 817edb30 0000016c 00000000 8a25b2c8 nt!ExDeferredFreePool+0x468
    8a25b2a4 806dfed2 a6766740 00000000 806dfc6a nt!ExFreePoolWithTag+0x710
    8a25b36c 806cbf5f aecb98c0 00000001 aecc0898 Ntfs!NtfsQueryNameInfo+0x3d4
    8a25b400 807097a9 83aa5eda 00000000 9fcab7b8 Ntfs!NtfsCommonQueryInformation+0x298
    8a25b46c 807098b8 00000001 88dc1018 8a25b5fc Ntfs!NtfsFsdDispatchSwitch+0xe2
    8a25b5ec 81671a2f 88dc1018 9fcab7b8 8a25b670 Ntfs!NtfsFsdDispatchWait+0x47
    8a25b608 81f97eef aecc0898 9d9e6f10 00000030 nt!IofCallDriver+0x3f
    8a25b648 81f97dc4 aecc0898 0000039a 00000030 fltmgr!FltpQueryInformationFile+0xe2
    8a25b680 81f9827b 9d9e6f10 81f98617 00000230 fltmgr!FltpGetFileName+0x1d1
    8a25b688 81f98617 00000230 9d9e6f10 00000000 fltmgr!FltpGetOpenedFileName+0x13
    8a25b6a0 81f9846e 00000230 9d9e6f10 00000230 fltmgr!FltpCallOpenedFileNameHandler+0x20
    8a25b6c0 81f985c5 9d9e6f10 00000000 8a259000 fltmgr!FltpGetNormalizedFileNameWorker+0x1d
    8a25b6d8 81f979fe 82074d28 9d9e6f10 a1432af8 fltmgr!FltpGetNormalizedFileName+0x2d
    8a25b6f8 81f7f90d 894d5084 9d9e6f10 82074d28 fltmgr!FltpCreateFileNameInformation+0x2d6
    8a25b734 81f80755 8a25b798 b8f5c7b8 8a25b7dc fltmgr!FltpGetFileNameInformation+0x335
    8a25b754 81fc667b 00000001 00000401 8a25b788 fltmgr!FltGetFileNameInformation+0x1b4
    8a25b7b4 81fc567b b8f5c7b8 894d5008 894d5084 fileinfo!FIStreamGetInfo+0x7c
    8a25b7e8 81f7bcbb 894d5084 8a25b840 57e38866 fileinfo!FIPostCreateCallback+0x1a8
    8a25b858 81f7e145 a14eebe0 a14eed94 894d5008 fltmgr!FltpPerformPostCallbacks+0x259
    8a25b878 81f7cec7 894d5008 00000000 89046308 fltmgr!FltpPassThroughCompletionWorker+0x66
    8a25b8bc 81f962d0 00000000 00000000 89046308 fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x2f2
    8a25b910 81671a2f 89046308 a14eebe0 a14a00c5 fltmgr!FltpCreate+0x2cb
    8a25b92c 81882b5b 39087117 81882640 8a25016c nt!IofCallDriver+0x3f
    8a25ba40 818889fe 82a6b890 80244ea0 a14a4d20 nt!IopParseDevice+0x51b
    8a25baec 8188472e 01000040 80244ea0 00000001 nt!ObpLookupObjectName+0x27e
    8a25bb60 81880d93 0f2add44 80244ea0 00000001 nt!ObOpenObjectByName+0xfe
    8a25bd04 81724377 0f2add44 0f2add64 0f2add98 nt!NtQueryAttributesFile+0x11b
    8a25bd04 77e62da4 0f2add44 0f2add64 0f2add98 nt!KiSystemServicePostCall
    WARNING: Frame IP not in any known module. Following frames may be wrong.
    0f2add98 00000000 00000000 00000000 00000000 0x77e62da4
    
    
    STACK_COMMAND:  kb
    
    FOLLOWUP_IP: 
    nt!ExDeferredFreePool+468
    817ec478 cd29            int     29h
    
    SYMBOL_STACK_INDEX:  2
    
    SYMBOL_NAME:  nt!ExDeferredFreePool+468
    
    FOLLOWUP_NAME:  Pool_corruption
    
    IMAGE_NAME:  Pool_Corruption
    
    DEBUG_FLR_IMAGE_TIMESTAMP:  0
    
    IMAGE_VERSION:  6.3.9600.17085
    
    MODULE_NAME: Pool_Corruption
    
    BUCKET_ID_FUNC_OFFSET:  468
    
    FAILURE_BUCKET_ID:  0x139_3_nt!ExDeferredFreePool
    
    BUCKET_ID:  0x139_3_nt!ExDeferredFreePool
    
    ANALYSIS_SOURCE:  KM
    
    FAILURE_ID_HASH_STRING:  km:0x139_3_nt!exdeferredfreepool
    
    FAILURE_ID_HASH:  {14bfade4-e1ed-98c0-40bb-116f20a8dfc3}
    
    Followup: Pool_corruption
    


    Kate Li
    TechNet Community Support

    • Marked as answer by Henke_s Wednesday, August 13, 2014 12:13 PM
    Wednesday, August 13, 2014 8:18 AM
    Moderator

All replies

  • Link

    http://1drv.ms/1nKLQeE

    Tuesday, August 12, 2014 8:07 AM
  • Hi,

    This issue can be caused by ASC.exe, and it belongs to Advanced SystemCare. Please remove it to see what's going on.

    In addition, we don't recommend you to use 3rd part registry key tool, since it will make any unexpected error in your system.

    Debugging Details:
    ------------------
    
    
    TRAP_FRAME:  8a25b174 -- (.trap 0xffffffff8a25b174)
    ErrCode = 00000000
    eax=b8f0e1f0 ebx=000001ff ecx=00000003 edx=80226580 esi=80226280 edi=b6ddd6ac
    eip=817ec478 esp=8a25b1e8 ebp=8a25b228 iopl=0         nv up ei ng nz na pe cy
    cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00000287
    nt!ExDeferredFreePool+0x468:
    817ec478 cd29            int     29h
    Resetting default scope
    
    EXCEPTION_RECORD:  8a25b0a0 -- (.exr 0xffffffff8a25b0a0)
    ExceptionAddress: 817ec478 (nt!ExDeferredFreePool+0x00000468)
       ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
      ExceptionFlags: 00000001
    NumberParameters: 1
       Parameter[0]: 00000003
    
    CUSTOMER_CRASH_COUNT:  1
    
    DEFAULT_BUCKET_ID:  LIST_ENTRY_CORRUPT
    
    BUGCHECK_STR:  0x139
    
    PROCESS_NAME:  ASC.exe
    
    CURRENT_IRQL:  1
    
    ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
    
    EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
    
    EXCEPTION_PARAMETER1:  00000003
    
    ANALYSIS_VERSION: 6.3.9600.16384 (debuggers(dbg).130821-1623) amd64fre
    
    LAST_CONTROL_TRANSFER:  from 8172474a to 81713260
    
    STACK_TEXT:  
    8a25b080 8172474a 00000139 00000003 8a25b174 nt!KiBugCheck2
    8a25b080 817ec478 00000139 00000003 8a25b174 nt!KiRaiseSecurityCheckFailure+0xf6
    8a25b228 817edb30 0000016c 00000000 8a25b2c8 nt!ExDeferredFreePool+0x468
    8a25b2a4 806dfed2 a6766740 00000000 806dfc6a nt!ExFreePoolWithTag+0x710
    8a25b36c 806cbf5f aecb98c0 00000001 aecc0898 Ntfs!NtfsQueryNameInfo+0x3d4
    8a25b400 807097a9 83aa5eda 00000000 9fcab7b8 Ntfs!NtfsCommonQueryInformation+0x298
    8a25b46c 807098b8 00000001 88dc1018 8a25b5fc Ntfs!NtfsFsdDispatchSwitch+0xe2
    8a25b5ec 81671a2f 88dc1018 9fcab7b8 8a25b670 Ntfs!NtfsFsdDispatchWait+0x47
    8a25b608 81f97eef aecc0898 9d9e6f10 00000030 nt!IofCallDriver+0x3f
    8a25b648 81f97dc4 aecc0898 0000039a 00000030 fltmgr!FltpQueryInformationFile+0xe2
    8a25b680 81f9827b 9d9e6f10 81f98617 00000230 fltmgr!FltpGetFileName+0x1d1
    8a25b688 81f98617 00000230 9d9e6f10 00000000 fltmgr!FltpGetOpenedFileName+0x13
    8a25b6a0 81f9846e 00000230 9d9e6f10 00000230 fltmgr!FltpCallOpenedFileNameHandler+0x20
    8a25b6c0 81f985c5 9d9e6f10 00000000 8a259000 fltmgr!FltpGetNormalizedFileNameWorker+0x1d
    8a25b6d8 81f979fe 82074d28 9d9e6f10 a1432af8 fltmgr!FltpGetNormalizedFileName+0x2d
    8a25b6f8 81f7f90d 894d5084 9d9e6f10 82074d28 fltmgr!FltpCreateFileNameInformation+0x2d6
    8a25b734 81f80755 8a25b798 b8f5c7b8 8a25b7dc fltmgr!FltpGetFileNameInformation+0x335
    8a25b754 81fc667b 00000001 00000401 8a25b788 fltmgr!FltGetFileNameInformation+0x1b4
    8a25b7b4 81fc567b b8f5c7b8 894d5008 894d5084 fileinfo!FIStreamGetInfo+0x7c
    8a25b7e8 81f7bcbb 894d5084 8a25b840 57e38866 fileinfo!FIPostCreateCallback+0x1a8
    8a25b858 81f7e145 a14eebe0 a14eed94 894d5008 fltmgr!FltpPerformPostCallbacks+0x259
    8a25b878 81f7cec7 894d5008 00000000 89046308 fltmgr!FltpPassThroughCompletionWorker+0x66
    8a25b8bc 81f962d0 00000000 00000000 89046308 fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x2f2
    8a25b910 81671a2f 89046308 a14eebe0 a14a00c5 fltmgr!FltpCreate+0x2cb
    8a25b92c 81882b5b 39087117 81882640 8a25016c nt!IofCallDriver+0x3f
    8a25ba40 818889fe 82a6b890 80244ea0 a14a4d20 nt!IopParseDevice+0x51b
    8a25baec 8188472e 01000040 80244ea0 00000001 nt!ObpLookupObjectName+0x27e
    8a25bb60 81880d93 0f2add44 80244ea0 00000001 nt!ObOpenObjectByName+0xfe
    8a25bd04 81724377 0f2add44 0f2add64 0f2add98 nt!NtQueryAttributesFile+0x11b
    8a25bd04 77e62da4 0f2add44 0f2add64 0f2add98 nt!KiSystemServicePostCall
    WARNING: Frame IP not in any known module. Following frames may be wrong.
    0f2add98 00000000 00000000 00000000 00000000 0x77e62da4
    
    
    STACK_COMMAND:  kb
    
    FOLLOWUP_IP: 
    nt!ExDeferredFreePool+468
    817ec478 cd29            int     29h
    
    SYMBOL_STACK_INDEX:  2
    
    SYMBOL_NAME:  nt!ExDeferredFreePool+468
    
    FOLLOWUP_NAME:  Pool_corruption
    
    IMAGE_NAME:  Pool_Corruption
    
    DEBUG_FLR_IMAGE_TIMESTAMP:  0
    
    IMAGE_VERSION:  6.3.9600.17085
    
    MODULE_NAME: Pool_Corruption
    
    BUCKET_ID_FUNC_OFFSET:  468
    
    FAILURE_BUCKET_ID:  0x139_3_nt!ExDeferredFreePool
    
    BUCKET_ID:  0x139_3_nt!ExDeferredFreePool
    
    ANALYSIS_SOURCE:  KM
    
    FAILURE_ID_HASH_STRING:  km:0x139_3_nt!exdeferredfreepool
    
    FAILURE_ID_HASH:  {14bfade4-e1ed-98c0-40bb-116f20a8dfc3}
    
    Followup: Pool_corruption
    


    Kate Li
    TechNet Community Support

    • Marked as answer by Henke_s Wednesday, August 13, 2014 12:13 PM
    Wednesday, August 13, 2014 8:18 AM
    Moderator
  • Thanks for your reply Kate!

    I've used ASC for years on dozens of computers and for the most part it has helped to main the systems more stable and cleaner than those computers without.

    I will of course follow your suggestion and uninstall it on this computer to see if the problems goes away.

    Thanks!

    /Henke

    Wednesday, August 13, 2014 12:18 PM