BSOD from corrupt driver, sucking up lots of RAM

Page 1 of 2 12 LastLast

  1. Posts : 17
    Windows 7 Ultimate x64
       #1

    BSOD from corrupt driver, sucking up lots of RAM


    Hiya, my idle RAM usage is abnormally high (like 4-5GB out of 8) so I did some research and found out about Verifier. I used it, followed some standard instructions on this website, and got a BSOD on startup. I have the dump file now, and it would be great if someone could help out with this. Thanks!
      My Computer


  2. Posts : 3,904
    Windows 7 Ultimate 64-bit
       #2

    Okay i have had a look for you.

    Code:
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    Use !analyze -v to get detailed debugging information.
    
    BugCheck C4, {f6, 94, fffffa800e2f8060, fffff88004f55f50}
    
    *** WARNING: Unable to verify timestamp for dne64x.sys
    *** ERROR: Module load completed but symbols could not be loaded for dne64x.sys
    Probably caused by : dne64x.sys ( dne64x+ff50 )
    
    Followup: MachineOwner
    ---------
    
    6: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
    A device driver attempting to corrupt the system has been caught.  This is
    because the driver was specified in the registry as being suspect (by the
    administrator) and the kernel has enabled substantial checking of this driver.
    If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
    be among the most commonly seen crashes.
    Arguments:
    Arg1: 00000000000000f6, Referencing user handle as KernelMode.
    Arg2: 0000000000000094, Handle value being referenced.
    Arg3: fffffa800e2f8060, Address of the current process.
    Arg4: fffff88004f55f50, Address inside the driver that is performing the incorrect reference.
    
    Debugging Details:
    ------------------
    
    
    BUGCHECK_STR:  0xc4_f6
    
    CUSTOMER_CRASH_COUNT:  1
    
    DEFAULT_BUCKET_ID:  VERIFIER_ENABLED_VISTA_MINIDUMP
    
    PROCESS_NAME:  svchost.exe
    
    CURRENT_IRQL:  0
    
    ANALYSIS_VERSION: 6.3.9600.17029 (debuggers(dbg).140219-1702) x86fre
    
    LAST_CONTROL_TRANSFER:  from fffff800033144ec to fffff80002e87bc0
    
    STACK_TEXT:  
    fffff880`040baca8 fffff800`033144ec : 00000000`000000c4 00000000`000000f6 00000000`00000094 fffffa80`0e2f8060 : nt!KeBugCheckEx
    fffff880`040bacb0 fffff800`03329bf4 : 00000000`00000094 fffffa80`0e2f8060 00000000`00000005 00000000`00000000 : nt!VerifierBugCheckIfAppropriate+0x3c
    fffff880`040bacf0 fffff800`030e1890 : 00000000`000001f0 fffff880`040baee0 fffff880`040bb000 00000000`00000001 : nt!VfCheckUserHandle+0x1b4
    fffff880`040badd0 fffff800`0313c66d : fffff880`040bb100 fffff880`00000002 fffffa80`0857a3b0 fffff800`03106400 : nt! ?? ::NNGAKEGL::`string'+0x2027e
    fffff880`040baea0 fffff800`031064fc : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!CmObReferenceObjectByHandle+0x31
    fffff880`040baf00 fffff800`02e86e53 : 00000000`00000094 fffff800`03142188 fffff980`16e0ce00 fffff880`00000000 : nt!NtDeleteValueKey+0xcc
    fffff880`040bb000 fffff800`02e83410 : fffff800`03237e8c 00000000`00000010 fffff800`03237e50 00000000`00000010 : nt!KiSystemServiceCopyEnd+0x13
    fffff880`040bb198 fffff800`03237e8c : 00000000`00000010 fffff800`03237e50 00000000`00000010 00000000`00010246 : nt!KiServiceLinkage
    fffff880`040bb1a0 fffff880`04f55f50 : fffff980`16e0ce10 00000000`00000002 fffffa80`0d806050 00000000`00000094 : nt!RtlDeleteRegistryValue+0x3c
    fffff880`040bb1e0 fffff980`16e0ce10 : 00000000`00000002 fffffa80`0d806050 00000000`00000094 fffff6fc`00018918 : dne64x+0xff50
    fffff880`040bb1e8 00000000`00000002 : fffffa80`0d806050 00000000`00000094 fffff6fc`00018918 fffff800`02ea4c8f : 0xfffff980`16e0ce10
    fffff880`040bb1f0 fffffa80`0d806050 : 00000000`00000094 fffff6fc`00018918 fffff800`02ea4c8f 00000000`00000094 : 0x2
    fffff880`040bb1f8 00000000`00000094 : fffff6fc`00018918 fffff800`02ea4c8f 00000000`00000094 12a00000`03123860 : 0xfffffa80`0d806050
    fffff880`040bb200 fffff6fc`00018918 : fffff800`02ea4c8f 00000000`00000094 12a00000`03123860 00000000`00000000 : 0x94
    fffff880`040bb208 fffff800`02ea4c8f : 00000000`00000094 12a00000`03123860 00000000`00000000 fffff800`030c2540 : 0xfffff6fc`00018918
    fffff880`040bb210 fffff800`02e941f8 : 00000002`58ba1963 fffff800`0331404b fffffa80`0d751640 00000000`00000000 : nt!MiDispatchFault+0x95f
    fffff880`040bb320 00000000`00000000 : fffff800`03187efc 00000000`00000000 00000000`00000000 fffff980`16e0ce10 : nt!MmAccessFault+0x3d8
    
    
    STACK_COMMAND:  kb
    
    FOLLOWUP_IP: 
    dne64x+ff50
    fffff880`04f55f50 488b4c2430      mov     rcx,qword ptr [rsp+30h]
    
    SYMBOL_STACK_INDEX:  9
    
    SYMBOL_NAME:  dne64x+ff50
    
    FOLLOWUP_NAME:  MachineOwner
    
    MODULE_NAME: dne64x
    
    IMAGE_NAME:  dne64x.sys
    
    DEBUG_FLR_IMAGE_TIMESTAMP:  4918d964
    
    FAILURE_BUCKET_ID:  X64_0xc4_f6_VRF_dne64x+ff50
    
    BUCKET_ID:  X64_0xc4_f6_VRF_dne64x+ff50
    
    ANALYSIS_SOURCE:  KM
    
    FAILURE_ID_HASH_STRING:  km:x64_0xc4_f6_vrf_dne64x+ff50
    
    FAILURE_ID_HASH:  {cb041efa-d873-947e-8c69-106d95a6f769}
    
    Followup: MachineOwner
    ---------
    svchost.exe = We need to make sure this is not a virus, right click on it, in the task manager under processes. Then file location it should be in your Windows\System32 directory.

    Just to be safe run a full virus scan.

    dne64x.sys is a driver that caused the crash, I can't find a lot of information on this driver other then:

    itrix Deterministic Network Enhancer Miniport or Cisco Systems VPN Client
    From: Cisco Systems, Inc
      My Computer


  3. Posts : 17
    Windows 7 Ultimate x64
    Thread Starter
       #3

    Awesome, running a full virus scan now. Should I be trying to figure out how to update/fix that driver? Like is it the for-sure problem?
      My Computer


  4. Posts : 3,904
    Windows 7 Ultimate 64-bit
       #4

    Do you know what that driver is, im struggling to find information on it.
      My Computer


  5. Posts : 17
    Windows 7 Ultimate x64
    Thread Starter
       #5

    This is the only thing I found that looks like that.
      My Computer


  6. Posts : 3,904
    Windows 7 Ultimate 64-bit
       #6

    See if there is an update available dir it.
      My Computer


  7. Posts : 17
    Windows 7 Ultimate x64
    Thread Starter
       #7

    No updates available, would the Enable button do anything? Or should I try uninstalling and reinstalling that driver?
      My Computer


  8. Posts : 3,904
    Windows 7 Ultimate 64-bit
       #8

    Try that, uninstall and reinstall.
      My Computer


  9. Posts : 17
    Windows 7 Ultimate x64
    Thread Starter
       #9

    I uninstalled it but realized I can't find anywhere to reinstall it, so oh well, and the virus scan completed and I removed a few things. Restarted my computer and it was still running at 3GB/8GB right off the bat, so I'm not sure that driver was the problem
      My Computer


  10. Posts : 3,904
    Windows 7 Ultimate 64-bit
       #10

    What background processes do you have open,

    Is anything running super high?
      My Computer


 
Page 1 of 2 12 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 23:47.
Find Us