Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: BSOD after updating all security programs

02 Apr 2015   #21
Boozad

W7 Pro x64 SP1 | W10 Pro IP x64 | W8.1 Pro x64 VM | Linux Mint VM
 
 

I'll take a look tonight when I'm home from work.


My System SpecsSystem Spec
.
03 Apr 2015   #22
Boozad

W7 Pro x64 SP1 | W10 Pro IP x64 | W8.1 Pro x64 VM | Linux Mint VM
 
 

The latest dump in the last log (the DV enabled dump) is showing up as 0x109 but is giving nothing away.
Code:
1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

CRITICAL_STRUCTURE_CORRUPTION (109)
This bugcheck is generated when the kernel detects that critical kernel code or
data have been corrupted. There are generally three causes for a corruption:
1) A driver has inadvertently or deliberately modified critical kernel code
 or data. See http://www.microsoft.com/whdc/driver/kernel/64bitPatching.mspx
2) A developer attempted to set a normal kernel breakpoint using a kernel
 debugger that was not attached when the system was booted. Normal breakpoints,
 "bp", can only be set if the debugger is attached at boot time. Hardware
 breakpoints, "ba", can be set at any time.
3) A hardware corruption occurred, e.g. failing RAM holding kernel code or data.
Arguments:
Arg1: a3a039d89713e81f, Reserved
Arg2: 0000000000000000, Reserved
Arg3: ed88463647c6b696, Failure type dependent information
Arg4: 0000000000000101, Type of corrupted region, can be
    0 : A generic data region
    1 : Modification of a function or .pdata
    2 : A processor IDT
    3 : A processor GDT
    4 : Type 1 process list corruption
    5 : Type 2 process list corruption
    6 : Debug routine modification
    7 : Critical MSR modification

Debugging Details:
------------------


CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VERIFIER_ENABLED_VISTA_MINIDUMP

BUGCHECK_STR:  0x109

PROCESS_NAME:  System

CURRENT_IRQL:  0

ANALYSIS_VERSION: 6.3.9600.17029 (debuggers(dbg).140219-1702) amd64fre

STACK_TEXT:  
fffff880`031fd598 00000000`00000000 : 00000000`00000109 a3a039d8`9713e81f 00000000`00000000 ed884636`47c6b696 : nt!KeBugCheckEx


STACK_COMMAND:  kb

SYMBOL_NAME:  ANALYSIS_INCONCLUSIVE

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: Unknown_Module

IMAGE_NAME:  Unknown_Image

DEBUG_FLR_IMAGE_TIMESTAMP:  0

IMAGE_VERSION:  

BUCKET_ID:  BAD_STACK

FAILURE_BUCKET_ID:  BAD_STACK

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:bad_stack

FAILURE_ID_HASH:  {75814664-faf6-4b70-bbc7-dc592132ecdd}

Followup: MachineOwner
I'm starting to wonder whether some faulty hardware is at play here. I'm going to ask for another set of eyes to take look and see if they spot something I'm missing.

In the meantime, can you open an elevated Command Prompt, type in or copy sfc /scannow and hit enter.
My System SpecsSystem Spec
03 Apr 2015   #23
Arc

Microsoft Community Contributor Award Recipient

Microsoft Windows 10 Pro Insider Preview 64-bit
 
 

Disable Driver Verifier now.

Uninstall these following programs, at least as a test.
  • Start Menu\Programs\herdProtect , dont need it when you have the best one, MBAM.
  • Start Menu\Programs\LogMeIn Hamachi
Report us for any further BSOD after uninstalling these two.
My System SpecsSystem Spec
.

03 Apr 2015   #24
Golden
Microsoft MVP

Windows 7 Ult. x64
 
 

10 seconds before the 0x109 BSOD, the wired network connection was disconnected.

Code:
Event[6172]:
  Log Name: System
  Source: e1qexpress
  Date: 2015-04-02T16:23:51.980
  Event ID: 27
  Task: N/A
  Level: Warning
  Opcode: N/A
  Keyword: Classic
  User: N/A
  User Name: N/A
  Computer: DrudgeSkull
  Description: 
Intel(R) 82583V Gigabit Network Connection
 Network link is disconnected.
Code:
Event[6181]:
  Log Name: System
  Source: Microsoft-Windows-WER-SystemErrorReporting
  Date: 2015-04-02T16:24:02.000
  Event ID: 1001
  Task: N/A
  Level: Error
  Opcode: N/A
  Keyword: Classic
  User: N/A
  User Name: N/A
  Computer: DrudgeSkull
  Description: 
The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000109 (0xa3a039d89713e81f, 0x0000000000000000, 0xed88463647c6b696, 0x0000000000000101). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 040215-17097-01.

Thats too coincidental. Did you physcially disconnect it?
My System SpecsSystem Spec
03 Apr 2015   #25
Boozad

W7 Pro x64 SP1 | W10 Pro IP x64 | W8.1 Pro x64 VM | Linux Mint VM
 
 

Thanks Colin and Arc.
My System SpecsSystem Spec
03 Apr 2015   #26
RaidenRaccoon

Windows 7 Home Premium 64-bit
 
 

Quote   Quote: Originally Posted by Golden View Post
10 seconds before the 0x109 BSOD, the wired network connection was disconnected.

Code:
Event[6172]:
  Log Name: System
  Source: e1qexpress
  Date: 2015-04-02T16:23:51.980
  Event ID: 27
  Task: N/A
  Level: Warning
  Opcode: N/A
  Keyword: Classic
  User: N/A
  User Name: N/A
  Computer: DrudgeSkull
  Description: 
Intel(R) 82583V Gigabit Network Connection
 Network link is disconnected.
Code:
Event[6181]:
  Log Name: System
  Source: Microsoft-Windows-WER-SystemErrorReporting
  Date: 2015-04-02T16:24:02.000
  Event ID: 1001
  Task: N/A
  Level: Error
  Opcode: N/A
  Keyword: Classic
  User: N/A
  User Name: N/A
  Computer: DrudgeSkull
  Description: 
The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000109 (0xa3a039d89713e81f, 0x0000000000000000, 0xed88463647c6b696, 0x0000000000000101). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 040215-17097-01.
Thats too coincidental. Did you physcially disconnect it?
You know, I've been noticing that in event viewer... A lot of errors regarding the connection going down.

However I do not physically disconnect it, but I will hook up a 2nd ethernet cable to the 2nd LAN port on the motherboard instead and see if that remedies it. If not, I'll try using both cables and both ports at the same time, see what that results in.

@Arc - highly doubt Hamachi and herdProtect are the causes. They're both installed on all my PC's and laptops (at least 5 total, 6 including this server PC) along side TeamViewer and Malwarebytes Premium. Plus this PC in question has FAR less installed than the others- so unlikely it's a conflict unless it's with the drivers- this is the only PC that has both a TYAN motherboard and a server grade motherboard.

@Boozad - Running the scan now in an elevated CMD. Will update with it's results.

In addition, I've added the dmp file from the last crash (PAGE_FAULT BSOD)

UPDATE: I assume the scan is complete, so I've uploaded a screenshot of the CMD window
My System SpecsSystem Spec
03 Apr 2015   #27
Boozad

W7 Pro x64 SP1 | W10 Pro IP x64 | W8.1 Pro x64 VM | Linux Mint VM
 
 

Did you get disable Hamachi while Driver Verifier was disabled? If memory serves me correctly you disabled Hamachi and then enabled DV. I'm asking because Hamachi shows up here five seconds before your bugcheck.
Code:
  Event[6892]:
    Log Name: System
    Source: Service Control Manager
    Date: 2015-04-03T15:52:08.342
    Event ID: 7036
    Task: N/A
    Level: Information
    Opcode: N/A
    Keyword: Classic
    User: N/A
    User Name: N/A
    Computer: DrudgeSkull
    Description: 
  The LMIGuardianSvc service entered the running state.
  
  Event[6893]:
    Log Name: System
    Source: Service Control Manager
    Date: 2015-04-03T15:52:08.732
    Event ID: 7036
    Task: N/A
    Level: Information
    Opcode: N/A
    Keyword: Classic
    User: N/A
    User Name: N/A
    Computer: DrudgeSkull
    Description: 
  The MBAMScheduler service entered the running state.
  
  Event[6894]:
    Log Name: System
    Source: Service Control Manager
    Date: 2015-04-03T15:52:08.951
    Event ID: 7036
    Task: N/A
    Level: Information
    Opcode: N/A
    Keyword: Classic
    User: N/A
    User Name: N/A
    Computer: DrudgeSkull
    Description: 
  The Network Location Awareness service entered the running state.
  
  Event[6895]:
    Log Name: System
    Source: Service Control Manager
    Date: 2015-04-03T15:52:09.138
    Event ID: 7036
    Task: N/A
    Level: Information
    Opcode: N/A
    Keyword: Classic
    User: N/A
    User Name: N/A
    Computer: DrudgeSkull
    Description: 
  The MBAMService service entered the running state.
  
  Event[6896]:
    Log Name: System
    Source: Service Control Manager
    Date: 2015-04-03T15:52:09.154
    Event ID: 7036
    Task: N/A
    Level: Information
    Opcode: N/A
    Keyword: Classic
    User: N/A
    User Name: N/A
    Computer: DrudgeSkull
    Description: 
  The Superfetch service entered the running state.
  
  Event[6897]:
    Log Name: System
    Source: Microsoft-Windows-WER-SystemErrorReporting
    Date: 2015-04-03T15:52:13.000
    Event ID: 1001
    Task: N/A
    Level: Error
    Opcode: N/A
    Keyword: Classic
    User: N/A
    User Name: N/A
    Computer: DrudgeSkull
    Description: 
  The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000050 (0xfffff88002dd5efc, 0x0000000000000008, 0xfffff88002dd5efc, 0x0000000000000001). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 040315-25350-01.
It could be coincidence but both Arc and myself have picked up on this. Can you test the system with Hamachi disabled now that DV has also been disabled.

Also I'm slightly concerned about this.
Code:
CREAD_ADDRESS: GetPointerFromAddress: unable to read from fffff80002eb8100
GetUlongFromAddress: unable to read from fffff80002eb81c0
 fffff88002dd5efc Nonpaged pool

FAULTING_IP: 
+350d3e0
fffff880`02dd5efc ??              ???

MM_INTERNAL_CODE:  1

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT

BUGCHECK_STR:  0x50

PROCESS_NAME:  lsass.exe
Can you open Task Manager and check in Processes to see if lsass.exe is running. If so we may need to use Process Explorer to see if running from Sys32.
My System SpecsSystem Spec
03 Apr 2015   #28
RaidenRaccoon

Windows 7 Home Premium 64-bit
 
 

Quote   Quote: Originally Posted by Boozad View Post
Did you get disable Hamachi while Driver Verifier was disabled? If memory serves me correctly you disabled Hamachi and then enabled DV. I'm asking because Hamachi shows up here five seconds before your bugcheck.
Code:
  Event[6892]:
    Log Name: System
    Source: Service Control Manager
    Date: 2015-04-03T15:52:08.342
    Event ID: 7036
    Task: N/A
    Level: Information
    Opcode: N/A
    Keyword: Classic
    User: N/A
    User Name: N/A
    Computer: DrudgeSkull
    Description: 
  The LMIGuardianSvc service entered the running state.
  
  Event[6893]:
    Log Name: System
    Source: Service Control Manager
    Date: 2015-04-03T15:52:08.732
    Event ID: 7036
    Task: N/A
    Level: Information
    Opcode: N/A
    Keyword: Classic
    User: N/A
    User Name: N/A
    Computer: DrudgeSkull
    Description: 
  The MBAMScheduler service entered the running state.
  
  Event[6894]:
    Log Name: System
    Source: Service Control Manager
    Date: 2015-04-03T15:52:08.951
    Event ID: 7036
    Task: N/A
    Level: Information
    Opcode: N/A
    Keyword: Classic
    User: N/A
    User Name: N/A
    Computer: DrudgeSkull
    Description: 
  The Network Location Awareness service entered the running state.
  
  Event[6895]:
    Log Name: System
    Source: Service Control Manager
    Date: 2015-04-03T15:52:09.138
    Event ID: 7036
    Task: N/A
    Level: Information
    Opcode: N/A
    Keyword: Classic
    User: N/A
    User Name: N/A
    Computer: DrudgeSkull
    Description: 
  The MBAMService service entered the running state.
  
  Event[6896]:
    Log Name: System
    Source: Service Control Manager
    Date: 2015-04-03T15:52:09.154
    Event ID: 7036
    Task: N/A
    Level: Information
    Opcode: N/A
    Keyword: Classic
    User: N/A
    User Name: N/A
    Computer: DrudgeSkull
    Description: 
  The Superfetch service entered the running state.
  
  Event[6897]:
    Log Name: System
    Source: Microsoft-Windows-WER-SystemErrorReporting
    Date: 2015-04-03T15:52:13.000
    Event ID: 1001
    Task: N/A
    Level: Error
    Opcode: N/A
    Keyword: Classic
    User: N/A
    User Name: N/A
    Computer: DrudgeSkull
    Description: 
  The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000050 (0xfffff88002dd5efc, 0x0000000000000008, 0xfffff88002dd5efc, 0x0000000000000001). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 040315-25350-01.
It could be coincidence but both Arc and myself have picked up on this. Can you test the system with Hamachi disabled now that DV has also been disabled.

Also I'm slightly concerned about this.
Code:
CREAD_ADDRESS: GetPointerFromAddress: unable to read from fffff80002eb8100
GetUlongFromAddress: unable to read from fffff80002eb81c0
 fffff88002dd5efc Nonpaged pool

FAULTING_IP: 
+350d3e0
fffff880`02dd5efc ??              ???

MM_INTERNAL_CODE:  1

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT

BUGCHECK_STR:  0x50

PROCESS_NAME:  lsass.exe
Can you open Task Manager and check in Processes to see if lsass.exe is running. If so we may need to use Process Explorer to see if running from Sys32.
I had Hamachi (and it's services) disabled a while before the Verifier was ran. It crashed both before and during the test. I only recently re-enabled it. If needed I can uninstall it completely, though it would render the purpose of this PC mute- I do not want to delve into port forwarding for the game servers.

And lsass.exe is indeed running. I think I have Process Explorer on a usb drive, but It might be out of date... So far it's using 0 CPU and 3.404K Memory
My System SpecsSystem Spec
03 Apr 2015   #29
Boozad

W7 Pro x64 SP1 | W10 Pro IP x64 | W8.1 Pro x64 VM | Linux Mint VM
 
 

Just disable Hamachi, it really is just for testing purposes.

Download Process Explorer from the link below and install. If you need any help negotiating it just let me know.

download
My System SpecsSystem Spec
03 Apr 2015   #30
RaidenRaccoon

Windows 7 Home Premium 64-bit
 
 

Alright, disabled Hamachi and it's services and have Process Explorer installed and running. Not seeing anything that looks out of the ordinary, at least not immediately.
My System SpecsSystem Spec
Reply

 BSOD after updating all security programs




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Security measures to take when installing or updating?
I've heard from several people that it is possible to get hacked within minutes of installing Windows, while retrieving updates (this actually happened to someone I know... he was actually "lucky" that the hacker posted a terminal window informing him with a message that read "gotcha"). The...
Installation & Setup
Microsoft Security Essential not UPDATING
Microsoft security essential can not update.I have attached an image of my problem with this thread
Windows Updates & Activation
updating programs with an active antivirus installed
this has been bothering me for a while, microsoft and many other companies offer every once in a while updates to their programs, adobe office, explorers etc... if i have an active antivirus program, how important is it to always update, for instance if the update is a security update. case in...
Software
problem updating all security software.
I seem to have a problem with all of my security software in so far as none of the applications used will update succesfully. Malware bytes, Add aware, Spyware doctor and Windows Defender will not update at all. Spyware doctor just freezes once I have pressed the update button on the small pop up...
System Security
Updating drivers with programs
Who has never experienced a problem with your computer and had to format it, and by the time you start Windows saw that did not have any drivers installed, and worse, that did not have the installation CD's, I was one who has passed so many times, but nothing simpler than looking at the site of the...
Drivers
Updating Various programs.
Had a cruddy run in with a fake antispyware program getting installed. Was able to remove it via Mbam. I did also find a registry entry via Hijack that was no good so I got rid of that too. Although now certain programs(WoW, iTunesstore) are not able to connect via their programs. I am able to go...
Network & Sharing


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 21:26.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App