Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: BSOD from corrupt driver, sucking up lots of RAM


04 Jul 2014   #1

Windows 7 Ultimate x64
 
 
BSOD from corrupt driver, sucking up lots of RAM

Hiya, my idle RAM usage is abnormally high (like 4-5GB out of 8) so I did some research and found out about Verifier. I used it, followed some standard instructions on this website, and got a BSOD on startup. I have the dump file now, and it would be great if someone could help out with this. Thanks!




Attached Files
File Type: zip debug-YOUNG-HP-Fri_07_04_2014__90758_65.zip (1.87 MB, 1 views)
My System SpecsSystem Spec
.

04 Jul 2014   #2

Windows 7 Ultimate 64-bit
 
 

Okay i have had a look for you.

Code:
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck C4, {f6, 94, fffffa800e2f8060, fffff88004f55f50}

*** WARNING: Unable to verify timestamp for dne64x.sys
*** ERROR: Module load completed but symbols could not be loaded for dne64x.sys
Probably caused by : dne64x.sys ( dne64x+ff50 )

Followup: MachineOwner
---------

6: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
A device driver attempting to corrupt the system has been caught.  This is
because the driver was specified in the registry as being suspect (by the
administrator) and the kernel has enabled substantial checking of this driver.
If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
be among the most commonly seen crashes.
Arguments:
Arg1: 00000000000000f6, Referencing user handle as KernelMode.
Arg2: 0000000000000094, Handle value being referenced.
Arg3: fffffa800e2f8060, Address of the current process.
Arg4: fffff88004f55f50, Address inside the driver that is performing the incorrect reference.

Debugging Details:
------------------


BUGCHECK_STR:  0xc4_f6

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VERIFIER_ENABLED_VISTA_MINIDUMP

PROCESS_NAME:  svchost.exe

CURRENT_IRQL:  0

ANALYSIS_VERSION: 6.3.9600.17029 (debuggers(dbg).140219-1702) x86fre

LAST_CONTROL_TRANSFER:  from fffff800033144ec to fffff80002e87bc0

STACK_TEXT:  
fffff880`040baca8 fffff800`033144ec : 00000000`000000c4 00000000`000000f6 00000000`00000094 fffffa80`0e2f8060 : nt!KeBugCheckEx
fffff880`040bacb0 fffff800`03329bf4 : 00000000`00000094 fffffa80`0e2f8060 00000000`00000005 00000000`00000000 : nt!VerifierBugCheckIfAppropriate+0x3c
fffff880`040bacf0 fffff800`030e1890 : 00000000`000001f0 fffff880`040baee0 fffff880`040bb000 00000000`00000001 : nt!VfCheckUserHandle+0x1b4
fffff880`040badd0 fffff800`0313c66d : fffff880`040bb100 fffff880`00000002 fffffa80`0857a3b0 fffff800`03106400 : nt! ?? ::NNGAKEGL::`string'+0x2027e
fffff880`040baea0 fffff800`031064fc : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!CmObReferenceObjectByHandle+0x31
fffff880`040baf00 fffff800`02e86e53 : 00000000`00000094 fffff800`03142188 fffff980`16e0ce00 fffff880`00000000 : nt!NtDeleteValueKey+0xcc
fffff880`040bb000 fffff800`02e83410 : fffff800`03237e8c 00000000`00000010 fffff800`03237e50 00000000`00000010 : nt!KiSystemServiceCopyEnd+0x13
fffff880`040bb198 fffff800`03237e8c : 00000000`00000010 fffff800`03237e50 00000000`00000010 00000000`00010246 : nt!KiServiceLinkage
fffff880`040bb1a0 fffff880`04f55f50 : fffff980`16e0ce10 00000000`00000002 fffffa80`0d806050 00000000`00000094 : nt!RtlDeleteRegistryValue+0x3c
fffff880`040bb1e0 fffff980`16e0ce10 : 00000000`00000002 fffffa80`0d806050 00000000`00000094 fffff6fc`00018918 : dne64x+0xff50
fffff880`040bb1e8 00000000`00000002 : fffffa80`0d806050 00000000`00000094 fffff6fc`00018918 fffff800`02ea4c8f : 0xfffff980`16e0ce10
fffff880`040bb1f0 fffffa80`0d806050 : 00000000`00000094 fffff6fc`00018918 fffff800`02ea4c8f 00000000`00000094 : 0x2
fffff880`040bb1f8 00000000`00000094 : fffff6fc`00018918 fffff800`02ea4c8f 00000000`00000094 12a00000`03123860 : 0xfffffa80`0d806050
fffff880`040bb200 fffff6fc`00018918 : fffff800`02ea4c8f 00000000`00000094 12a00000`03123860 00000000`00000000 : 0x94
fffff880`040bb208 fffff800`02ea4c8f : 00000000`00000094 12a00000`03123860 00000000`00000000 fffff800`030c2540 : 0xfffff6fc`00018918
fffff880`040bb210 fffff800`02e941f8 : 00000002`58ba1963 fffff800`0331404b fffffa80`0d751640 00000000`00000000 : nt!MiDispatchFault+0x95f
fffff880`040bb320 00000000`00000000 : fffff800`03187efc 00000000`00000000 00000000`00000000 fffff980`16e0ce10 : nt!MmAccessFault+0x3d8


STACK_COMMAND:  kb

FOLLOWUP_IP: 
dne64x+ff50
fffff880`04f55f50 488b4c2430      mov     rcx,qword ptr [rsp+30h]

SYMBOL_STACK_INDEX:  9

SYMBOL_NAME:  dne64x+ff50

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: dne64x

IMAGE_NAME:  dne64x.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4918d964

FAILURE_BUCKET_ID:  X64_0xc4_f6_VRF_dne64x+ff50

BUCKET_ID:  X64_0xc4_f6_VRF_dne64x+ff50

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:x64_0xc4_f6_vrf_dne64x+ff50

FAILURE_ID_HASH:  {cb041efa-d873-947e-8c69-106d95a6f769}

Followup: MachineOwner
---------
svchost.exe = We need to make sure this is not a virus, right click on it, in the task manager under processes. Then file location it should be in your Windows\System32 directory.

Just to be safe run a full virus scan.

dne64x.sys is a driver that caused the crash, I can't find a lot of information on this driver other then:

Quote:
itrix Deterministic Network Enhancer Miniport or Cisco Systems VPN Client
From: Cisco Systems, Inc
My System SpecsSystem Spec
04 Jul 2014   #3

Windows 7 Ultimate x64
 
 

Awesome, running a full virus scan now. Should I be trying to figure out how to update/fix that driver? Like is it the for-sure problem?
My System SpecsSystem Spec
.


04 Jul 2014   #4

Windows 7 Ultimate 64-bit
 
 

Do you know what that driver is, im struggling to find information on it.
My System SpecsSystem Spec
04 Jul 2014   #5

Windows 7 Ultimate x64
 
 

This is the only thing I found that looks like that.
My System SpecsSystem Spec
04 Jul 2014   #6

Windows 7 Ultimate 64-bit
 
 

See if there is an update available dir it.
My System SpecsSystem Spec
04 Jul 2014   #7

Windows 7 Ultimate x64
 
 

No updates available, would the Enable button do anything? Or should I try uninstalling and reinstalling that driver?
My System SpecsSystem Spec
04 Jul 2014   #8

Windows 7 Ultimate 64-bit
 
 

Try that, uninstall and reinstall.
My System SpecsSystem Spec
04 Jul 2014   #9

Windows 7 Ultimate x64
 
 

I uninstalled it but realized I can't find anywhere to reinstall it, so oh well, and the virus scan completed and I removed a few things. Restarted my computer and it was still running at 3GB/8GB right off the bat, so I'm not sure that driver was the problem
My System SpecsSystem Spec
04 Jul 2014   #10

Windows 7 Ultimate 64-bit
 
 

What background processes do you have open,

Is anything running super high?
My System SpecsSystem Spec
Reply

 BSOD from corrupt driver, sucking up lots of RAM




Thread Tools



Similar help and support threads for2: BSOD from corrupt driver, sucking up lots of RAM
Thread Forum
BSOD - Driver attempting to corrupt the system + IRQL BSOD Help and Support
BSOD A device driver attempting to corrupt the system has been caught. BSOD Help and Support
bsod also device driver trying to corrupt system BSOD Help and Support
Driver attempting to corrupt system BSOD? Drivers
Lots of BSOD & Hungup - Lots of Event17 WHEA-Logger BSOD Help and Support

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 04:41 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33