BSOD referencing FLTMGR.SYS when install/uninstall various programs


  1. Navtex
    Posts : 4
    Win 7 Professional x64
       New #1

    BSOD referencing FLTMGR.SYS when install/uninstall various programs


    This started, maybe coincidentally, after a recent Windows update; tried restoring to a previous date but no change; when I try to run various programs, including BlueScreen View, I get the BSOD. Same when I try to run my Logitech Webcam program or try to install a Registry Cleanup program. Hoping someone can help me identify the culprit and recommend a fix.
    DM Log file attached.

    Okay - just tried to open msinfo32.nfo from within the DM Log zip file. Produced another BSOD.
    Last edited by Navtex; 17 Dec 2016 at 14:01. Reason: Update
      My Computer
    Quote Quote

  3. Navtex
    Posts : 4
    Win 7 Professional x64
    Thread Starter
       New #2

    Update 12/17/2016 10:43pm CST


    UPDATE: Just tried to run Malwarebytes Anti-Malware and...BSOD. Attaching the dump files from the BSOD when opening the .nfo file mentioned earlier and this last one.

    I was starting to panic that although I had 118 views to this post, no one appeared to be taking up the challenge of identifying the culprit by reviewing the zip file. However, I now see that 2 of you have at least reviewed the DM zip file for clues. Thank you both so much for taking the time and making the effort to assist me. It is very, very much appreciated.

    I will add that I run Outlook with no issues, and my Chrome browser with no issues, which is 90% of what I typically keep open 24/7. Programs running in the background don't appear the have an issue, like antivirus MSE, Malware Anti-Ransomware, etc. However, if I actively launch a new process as opposed to opening a process that is already running in the background...BSOD is more than likely the result.
      My Computer
    Quote Quote

  4. ICIT2LOL
    Posts : 21,004
    Desk1 7 Home Prem / Desk2 10 Pro / Main lap Asus ROG 10 Pro 2 laptop Toshiba 7 Pro Asus P2520 7 & 10
       New #3

    Hello mate and welcome now for starters can you get into safe mode ? if so then run these to get us moving eh?
    SFC /SCANNOW Command - System File Checker
    Disk Check < if necessary include the /f and /r in the command line as per Option2
    Run these in safe mode and the sfc often best run for two to three runs – you can leave out the /r switch in ckdsk if you feel it not necessary

    In the meantime I will have a look at the dumps.
      My Computer
    Quote Quote

  6. Navtex
    Posts : 4
    Win 7 Professional x64
    Thread Starter
       New #4

    Good morning, and thank you for your recommendations! I ran both in Safe mode and both came back clean with no violations or errors reported.
      My Computer
    Quote Quote

  7. ICIT2LOL
    Posts : 21,004
    Desk1 7 Home Prem / Desk2 10 Pro / Main lap Asus ROG 10 Pro 2 laptop Toshiba 7 Pro Asus P2520 7 & 10
       New #5

    Ok mate now looking at the dumps I did find this and it seems that there is something going awry with that software you have on board - Malwarebytes Anti Ransomware
    Code:
    DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT

BUGCHECK_STR:  0x3B

PROCESS_NAME:  WinRAR.exe

CURRENT_IRQL:  0

ANALYSIS_SESSION_HOST:  DESKTOP-9I73FSG

ANALYSIS_SESSION_TIME:  12-19-2016 09:27:39.0522

ANALYSIS_VERSION: 10.0.10586.567 amd64fre

LAST_CONTROL_TRANSFER:  from fffff8800113c4bf to fffff88001106516

STACK_TEXT:  
fffff880`0905d980 fffff880`0113c4bf : 00000000`00000001 00000000`00000000 fffff880`0905da88 00000000`0000001e : fltmgr!FltAllocateCallbackData+0x16
fffff880`0905d9c0 fffff880`0705e695 : 00000000`00000000 fffffa80`07cde990 fffff880`0905da38 00000000`00000001 : fltmgr!FltQueryInformationFile+0x1f
fffff880`0905da00 00000000`00000000 : fffffa80`07cde990 fffff880`0905da38 00000000`00000001 fffff880`00000005 : farflt+0x8695


THREAD_SHA1_HASH_MOD_FUNC:  e4950f5a4de4f54411a1d75922efe1ed0ac9ee00

THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  4caa803e6fb67e18e77f5a6ef675624f02e6919f

THREAD_SHA1_HASH_MOD:  5130d138cf47fa18f93bd863d4c1e7985c0f3267

FOLLOWUP_IP: 
farflt+8695
fffff880`0705e695 ??              ???

SYMBOL_STACK_INDEX:  2

SYMBOL_NAME:  farflt+8695

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: farflt

IMAGE_NAME:  farflt.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  58515c47

STACK_COMMAND:  .cxr 0xfffff8800905cfa0 ; kb

FAILURE_BUCKET_ID:  X64_0x3B_farflt+8695

BUCKET_ID:  X64_0x3B_farflt+8695

PRIMARY_PROBLEM_CLASS:  X64_0x3B_farflt+8695

TARGET_TIME:  2016-12-17T19:29:15.000Z

OSBUILD:  7601

OSSERVICEPACK:  1000

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

SUITE_MASK:  272

PRODUCT_TYPE:  1

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 7

OSEDITION:  Windows 7 WinNt (Service Pack 1) TerminalServer SingleUserTS

OS_LOCALE:  

USER_LCID:  0

OSBUILD_TIMESTAMP:  2016-10-12 01:57:55

BUILDDATESTAMP_STR:  161011-0600

BUILDLAB_STR:  win7sp1_ldr

BUILDOSVER_STR:  6.1.7601.23572.amd64fre.win7sp1_ldr.161011-0600

ANALYSIS_SESSION_ELAPSED_TIME: 2ed

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:x64_0x3b_farflt+8695

FAILURE_ID_HASH:  {869b20c3-a39e-3685-e79b-918ea7ffd7e4}

Followup:     MachineOwner
    Now I cannot find a solution for it right now in the dump file analysis site although this might shed soem light on the issue
    What is farflt.sys from Malwarebytes? (id:38837092) so I would suggest at least disabling the software or uninstalling it - I take it you have bought this software or was it free? as you can see it may conflict with the security stuff you have installed
      My Computer
    Quote Quote

  8. Navtex
    Posts : 4
    Win 7 Professional x64
    Thread Starter
       New #6

    My Aussie friend, it appears that you have nailed it! Removed the anti-ransomware program, rebooted, and launched several of the processes that before had resulted in a BSOD. Nothing happened. Without your help I would have never suspected the anti-ransomware program because, although it was a free Beta download, (which admittedly they do not recommend for production deployment), I've had it installed since last March with absolutely no issues....until this last week.

    My hat is off to you!! I can't thank you enough!!
      My Computer
    Quote Quote

  10. ICIT2LOL
    Posts : 21,004
    Desk1 7 Home Prem / Desk2 10 Pro / Main lap Asus ROG 10 Pro 2 laptop Toshiba 7 Pro Asus P2520 7 & 10
       New #7

    That's good mate sometimes it turns out to be something you would never have even guessed about.

    For an example I had all the USB ports go down on my main desktop a while ago and the cause was the Samsung Magician software (for SSD's) being the culprit and one of the other members saw my thread and bingo uninstalled the Samsung stuff and back came the USB ports

    Plus some security stuff is often the cause of issues like yours - always good to check out those things when problems arise. I use the disable function to start with and if that doesn't work then I uninstall it. But it isn't very often I have problems with my security but keep it in mind for the future:)

    If you are worried about ransomware anyway a good security suite is probably the best answer for that.
      My Computer
    Quote Quote

 

  Related Discussions
Hi all. I had a BSOD today, but it's not the first. I'm uploading the files, tried inspecting with winDBg but I have only two dmp files (cleared all few weeks ago): The one from 09/08 says it's win32k.sys and the one from today says it's fltmgr.sys. Tried using BlueScreenView, but no real...
The BSODs do not seem to happen at any specific time. The computer is an HP with a Pegatron 2A86 Mobo. I plan on running MemTest86 and will have images uploaded tonight. For now, here are my WhoCrashed logs and (attached) is the SF files. Thank you in advance for any help. My...
I have a hp pavillion dv6 laptop that is a few years old. I am running Windows 7 home premium 64bit. When ever i click on a program, nothing happens. i am unable to install or uninstall anything. I do have avast antivirus installed, but i am unable to uninstall it or any program. i also cannot...
I have a laptop with Windows 7 Home Premium 64-bit and it can not install or uninstall programs in any normal way. When you try to do so, it comes up with this error "The System Administrator has set policies to prevent this installation." Now, I have googled it and most posts refer me to use the...
Hi, Last week my husband installed Azureus aka Vuze onto our Sony VIAO laptop. He said several hours later, while he was watching a video, the computer suddenly shut down. Since then, we have found that we can't open any non-Windows inherit programs. Windows did an update, but it didn't help. ...
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 21:35.
Find Us