locked
blue screen RRS feed

  • Question

  • i just reformat my pc because last time i always experience blue screen. now its new. i still experience blue screen. heres the dmp file. pls help me. im so irritated with this already.

    https://onedrive.live.com/redir?resid=198CDD14B3D2D090%21112

    Monday, July 28, 2014 2:19 PM

Answers

  • BGO

    Never a good idea to have more than one active malware application you have two (isafenet & Avast).  I would remove Isafenet as it is the cause of these crashes.  Dont forget to turn verifier off by typing verifier /reset from an elevated command prompt

    YOU REALLY NEED TO UPDATE TO sp-1

    Microsoft (R) Windows Debugger Version 6.3.9600.17029 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.
    
    
    Loading Dump File [C:\Users\Ken\Desktop\072114-21450-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available
    
    
    ************* Symbol Path validation summary **************
    Response                         Time (ms)     Location
    Deferred                                       srv*C:\Symbols*http://msdl.microsoft.com/download/symbols
    Symbol search path is: srv*C:\Symbols*http://msdl.microsoft.com/download/symbols
    Executable search path is: 
    Windows 7 Kernel Version 7600 MP (2 procs) Free x86 compatible
    Product: WinNt, suite: TerminalServer SingleUserTS
    Built by: 7600.16385.x86fre.win7_rtm.090713-1255
    Machine Name:
    Kernel base = 0x83048000 PsLoadedModuleList = 0x83187570
    Debug session time: Mon Jul 21 08:03:57.146 2014 (UTC - 4:00)
    System Uptime: 0 days 1:47:24.987
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    ..............................
    Loading User Symbols
    Loading unloaded module list
    ........
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    Use !analyze -v to get detailed debugging information.
    
    BugCheck C4, {62, 8f045444, 8f045350, 1}
    
    *** WARNING: Unable to verify timestamp for iSafeNetFilter.sys
    *** ERROR: Module load completed but symbols could not be loaded for iSafeNetFilter.sys
    Probably caused by : iSafeNetFilter.sys
    
    Followup: MachineOwner
    ---------
    
    0: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
    A device driver attempting to corrupt the system has been caught.  This is
    because the driver was specified in the registry as being suspect (by the
    administrator) and the kernel has enabled substantial checking of this driver.
    If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
    be among the most commonly seen crashes.
    Arguments:
    Arg1: 00000062, A driver has forgotten to free its pool allocations prior to unloading.
    Arg2: 8f045444, name of the driver having the issue.
    Arg3: 8f045350, verifier internal structure with driver information.
    Arg4: 00000001, total # of (paged+nonpaged) allocations that weren't freed.
    	Type !verifier 3 drivername.sys for info on the allocations
    	that were leaked that caused the bugcheck.
    
    Debugging Details:
    ------------------
    
    
    BUGCHECK_STR:  0xc4_62
    
    IMAGE_NAME:  iSafeNetFilter.sys
    
    DEBUG_FLR_IMAGE_TIMESTAMP:  535d9e91
    
    MODULE_NAME: iSafeNetFilter
    
    FAULTING_MODULE: 85fbb000 iSafeNetFilter
    
    VERIFIER_DRIVER_ENTRY: dt nt!_MI_VERIFIER_DRIVER_ENTRY ffffffff8f045350
    Symbol nt!_MI_VERIFIER_DRIVER_ENTRY not found.
    
    CUSTOMER_CRASH_COUNT:  1
    
    DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT
    
    PROCESS_NAME:  services.exe
    
    CURRENT_IRQL:  2
    
    ANALYSIS_VERSION: 6.3.9600.17029 (debuggers(dbg).140219-1702) amd64fre
    
    LAST_CONTROL_TRANSFER:  from 83370efd to 83119574
    
    STACK_TEXT:  
    a7d438c8 83370efd 000000c4 00000062 8f045444 nt!KeBugCheckEx+0x1e
    a7d438e8 833755d5 8f045444 8f045350 85fbb000 nt!VerifierBugCheckIfAppropriate+0x30
    a7d438f8 8305a8ae 8f0453e8 8317f688 8317f688 nt!VfPoolCheckForLeaks+0x33
    a7d43934 831e13d2 8f0453e8 85fbb000 40000000 nt!VfTargetDriversRemove+0x66
    a7d43948 831e1b24 83187540 896fe430 00000000 nt!VfDriverUnloadImage+0x5e
    a7d43978 831e201d 8f0453e8 ffffffff 00000000 nt!MiUnloadSystemImage+0x1c6
    a7d4399c 831ba233 8f0453e8 852bd870 8f035028 nt!MmUnloadSystemImage+0x36
    a7d439b4 8329021f 8f035040 8f035040 8f035028 nt!IopDeleteDriver+0x38
    a7d439cc 8309e36a 00000000 a7d43ce8 8f035040 nt!ObpRemoveObjectRoutine+0x59
    a7d439e0 8309e2da 8f035040 832f7e8d b972433c nt!ObfDereferenceObjectWithTag+0x88
    a7d439e8 832f7e8d b972433c a7d43b54 a7d43bd0 nt!ObfDereferenceObject+0xd
    a7d43b3c 832f7ade 00000000 a7d43b54 8307d79a nt!IopUnloadDriver+0x3a0
    a7d43b48 8307d79a a7d43ce8 a7d43d1c 8307caad nt!NtUnloadDriver+0xf
    a7d43b48 8307caad a7d43ce8 a7d43d1c 8307caad nt!KiFastCallEntry+0x12a
    a7d43bc4 832f7bdd a7d43ce8 b972451c 00c2f2ac nt!ZwUnloadDriver+0x11
    a7d43d1c 832f7ade 00000000 a7d43d34 8307d79a nt!IopUnloadDriver+0xf0
    a7d43d28 8307d79a 00c2f2ac 00c2f2b4 77a464f4 nt!NtUnloadDriver+0xf
    a7d43d28 77a464f4 00c2f2ac 00c2f2b4 77a464f4 nt!KiFastCallEntry+0x12a
    WARNING: Frame IP not in any known module. Following frames may be wrong.
    00c2f2b4 00000000 00000000 00000000 00000000 0x77a464f4
    
    
    STACK_COMMAND:  kb
    
    FOLLOWUP_NAME:  MachineOwner
    
    FAILURE_BUCKET_ID:  0xc4_62_LEAKED_POOL_IMAGE_iSafeNetFilter.sys
    
    BUCKET_ID:  0xc4_62_LEAKED_POOL_IMAGE_iSafeNetFilter.sys
    
    ANALYSIS_SOURCE:  KM
    
    FAILURE_ID_HASH_STRING:  km:0xc4_62_leaked_pool_image_isafenetfilter.sys
    
    FAILURE_ID_HASH:  {99b685f7-70b3-7540-1e57-d60205cfd109}
    
    Followup: MachineOwner
    ---------
    


    Wanikiya and Dyami--Team Zigzag


    • Edited by ZigZag3143x Monday, July 28, 2014 3:16 PM
    • Marked as answer by Karen Hu Tuesday, August 5, 2014 1:52 PM
    Monday, July 28, 2014 3:16 PM
  • BGO

    Sorry.  isafenetfilter.sys is part of YAC Security Protection and developed by Elex do Brasil Participações


    Wanikiya and Dyami--Team Zigzag

    • Marked as answer by Karen Hu Tuesday, August 5, 2014 1:52 PM
    Tuesday, July 29, 2014 1:01 AM

All replies

  • BGO

    Never a good idea to have more than one active malware application you have two (isafenet & Avast).  I would remove Isafenet as it is the cause of these crashes.  Dont forget to turn verifier off by typing verifier /reset from an elevated command prompt

    YOU REALLY NEED TO UPDATE TO sp-1

    Microsoft (R) Windows Debugger Version 6.3.9600.17029 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.
    
    
    Loading Dump File [C:\Users\Ken\Desktop\072114-21450-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available
    
    
    ************* Symbol Path validation summary **************
    Response                         Time (ms)     Location
    Deferred                                       srv*C:\Symbols*http://msdl.microsoft.com/download/symbols
    Symbol search path is: srv*C:\Symbols*http://msdl.microsoft.com/download/symbols
    Executable search path is: 
    Windows 7 Kernel Version 7600 MP (2 procs) Free x86 compatible
    Product: WinNt, suite: TerminalServer SingleUserTS
    Built by: 7600.16385.x86fre.win7_rtm.090713-1255
    Machine Name:
    Kernel base = 0x83048000 PsLoadedModuleList = 0x83187570
    Debug session time: Mon Jul 21 08:03:57.146 2014 (UTC - 4:00)
    System Uptime: 0 days 1:47:24.987
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    ..............................
    Loading User Symbols
    Loading unloaded module list
    ........
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    Use !analyze -v to get detailed debugging information.
    
    BugCheck C4, {62, 8f045444, 8f045350, 1}
    
    *** WARNING: Unable to verify timestamp for iSafeNetFilter.sys
    *** ERROR: Module load completed but symbols could not be loaded for iSafeNetFilter.sys
    Probably caused by : iSafeNetFilter.sys
    
    Followup: MachineOwner
    ---------
    
    0: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
    A device driver attempting to corrupt the system has been caught.  This is
    because the driver was specified in the registry as being suspect (by the
    administrator) and the kernel has enabled substantial checking of this driver.
    If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
    be among the most commonly seen crashes.
    Arguments:
    Arg1: 00000062, A driver has forgotten to free its pool allocations prior to unloading.
    Arg2: 8f045444, name of the driver having the issue.
    Arg3: 8f045350, verifier internal structure with driver information.
    Arg4: 00000001, total # of (paged+nonpaged) allocations that weren't freed.
    	Type !verifier 3 drivername.sys for info on the allocations
    	that were leaked that caused the bugcheck.
    
    Debugging Details:
    ------------------
    
    
    BUGCHECK_STR:  0xc4_62
    
    IMAGE_NAME:  iSafeNetFilter.sys
    
    DEBUG_FLR_IMAGE_TIMESTAMP:  535d9e91
    
    MODULE_NAME: iSafeNetFilter
    
    FAULTING_MODULE: 85fbb000 iSafeNetFilter
    
    VERIFIER_DRIVER_ENTRY: dt nt!_MI_VERIFIER_DRIVER_ENTRY ffffffff8f045350
    Symbol nt!_MI_VERIFIER_DRIVER_ENTRY not found.
    
    CUSTOMER_CRASH_COUNT:  1
    
    DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT
    
    PROCESS_NAME:  services.exe
    
    CURRENT_IRQL:  2
    
    ANALYSIS_VERSION: 6.3.9600.17029 (debuggers(dbg).140219-1702) amd64fre
    
    LAST_CONTROL_TRANSFER:  from 83370efd to 83119574
    
    STACK_TEXT:  
    a7d438c8 83370efd 000000c4 00000062 8f045444 nt!KeBugCheckEx+0x1e
    a7d438e8 833755d5 8f045444 8f045350 85fbb000 nt!VerifierBugCheckIfAppropriate+0x30
    a7d438f8 8305a8ae 8f0453e8 8317f688 8317f688 nt!VfPoolCheckForLeaks+0x33
    a7d43934 831e13d2 8f0453e8 85fbb000 40000000 nt!VfTargetDriversRemove+0x66
    a7d43948 831e1b24 83187540 896fe430 00000000 nt!VfDriverUnloadImage+0x5e
    a7d43978 831e201d 8f0453e8 ffffffff 00000000 nt!MiUnloadSystemImage+0x1c6
    a7d4399c 831ba233 8f0453e8 852bd870 8f035028 nt!MmUnloadSystemImage+0x36
    a7d439b4 8329021f 8f035040 8f035040 8f035028 nt!IopDeleteDriver+0x38
    a7d439cc 8309e36a 00000000 a7d43ce8 8f035040 nt!ObpRemoveObjectRoutine+0x59
    a7d439e0 8309e2da 8f035040 832f7e8d b972433c nt!ObfDereferenceObjectWithTag+0x88
    a7d439e8 832f7e8d b972433c a7d43b54 a7d43bd0 nt!ObfDereferenceObject+0xd
    a7d43b3c 832f7ade 00000000 a7d43b54 8307d79a nt!IopUnloadDriver+0x3a0
    a7d43b48 8307d79a a7d43ce8 a7d43d1c 8307caad nt!NtUnloadDriver+0xf
    a7d43b48 8307caad a7d43ce8 a7d43d1c 8307caad nt!KiFastCallEntry+0x12a
    a7d43bc4 832f7bdd a7d43ce8 b972451c 00c2f2ac nt!ZwUnloadDriver+0x11
    a7d43d1c 832f7ade 00000000 a7d43d34 8307d79a nt!IopUnloadDriver+0xf0
    a7d43d28 8307d79a 00c2f2ac 00c2f2b4 77a464f4 nt!NtUnloadDriver+0xf
    a7d43d28 77a464f4 00c2f2ac 00c2f2b4 77a464f4 nt!KiFastCallEntry+0x12a
    WARNING: Frame IP not in any known module. Following frames may be wrong.
    00c2f2b4 00000000 00000000 00000000 00000000 0x77a464f4
    
    
    STACK_COMMAND:  kb
    
    FOLLOWUP_NAME:  MachineOwner
    
    FAILURE_BUCKET_ID:  0xc4_62_LEAKED_POOL_IMAGE_iSafeNetFilter.sys
    
    BUCKET_ID:  0xc4_62_LEAKED_POOL_IMAGE_iSafeNetFilter.sys
    
    ANALYSIS_SOURCE:  KM
    
    FAILURE_ID_HASH_STRING:  km:0xc4_62_leaked_pool_image_isafenetfilter.sys
    
    FAILURE_ID_HASH:  {99b685f7-70b3-7540-1e57-d60205cfd109}
    
    Followup: MachineOwner
    ---------
    


    Wanikiya and Dyami--Team Zigzag


    • Edited by ZigZag3143x Monday, July 28, 2014 3:16 PM
    • Marked as answer by Karen Hu Tuesday, August 5, 2014 1:52 PM
    Monday, July 28, 2014 3:16 PM
  • tnx for reply sir. can i ask what is isafenet? what specefic program or application is it? cause i dont remember installin program like that.
    Monday, July 28, 2014 11:46 PM
  • BGO

    Sorry.  isafenetfilter.sys is part of YAC Security Protection and developed by Elex do Brasil Participações


    Wanikiya and Dyami--Team Zigzag

    • Marked as answer by Karen Hu Tuesday, August 5, 2014 1:52 PM
    Tuesday, July 29, 2014 1:01 AM
  • sir can you check this new dmp file again? im wondering why i still experience blue screen.

    https://onedrive.live.com/redir?resid=198CDD14B3D2D090%21113

    Saturday, August 9, 2014 1:03 AM
  • These crashes were related to memory corruption (probably caused by a driver). 

    Please run these tests to verify your memory and find which driver is causing the problem.  

    If you are overclocking (pushing the components beyond their design) you should revert to default at least until the crashing is solved. If you don't know what it is you probably are not overclocking.

    Since it is more likely to be a driver please run verifier first.
    1-Driver verifier (for complete directions see our wiki here)

    If verifier does not find the issue we can move on to this.
    2-Memtest. (You can read more about running memtest here)

    If you cannot boot after enabling verifier reboot into safe mode
    In Vista & win & (F8)

    Co-Authored by  JMH3143
    .

    Wanikiya and Dyami--Team Zigzag

    Saturday, August 9, 2014 12:15 PM