Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: BSOD - wdf01000.sys - PLEASE HELP!

24 Jul 2019   #11
zovoti

Windows 7 Ultimate Service Pack 1 64 bit
 
 
yet another different BSOD

I have no idea what's going on!
I have a new (3rd) BSOD in a row!
Should I format my PC and that's it?

Attached is the new BSOD + pc report
Thank you again!!!




Attached Thumbnails
BSOD - wdf01000.sys - PLEASE HELP!-whatsapp-image-2019-07-23-23.24.51.jpeg  
Attached Files
File Type: zip HOMEPC-PC-Wed_07_24_2019_165046_03.zip (1.68 MB, 1 views)
My System SpecsSystem Spec
.
24 Jul 2019   #12
MrPepka

Windows 8.1 Enterprise x64
 
 

Update:
Intel USB 3.0 driver (check in Intel Driver & Support Assistant https://downloadmirror.intel.com/284...-Installer.exe)
My System SpecsSystem Spec
26 Jul 2019   #13
zovoti

Windows 7 Ultimate Service Pack 1 64 bit
 
 

OK. did everything! Worked for a while, no everytime I suspend my AVG antivirus, I get a new BSOD!
Can you please check the attached details about this please and tell me what's wrong and what I need to do with this?

Thank you so much for your support...


Attached Thumbnails
BSOD - wdf01000.sys - PLEASE HELP!-whatsapp-image-2019-07-26-16.01.48.jpeg  
Attached Files
File Type: zip HOMEPC-PC-Fri_07_26_2019_144604_15.zip (1.70 MB, 3 views)
My System SpecsSystem Spec
.

26 Jul 2019   #14
MrPepka

Windows 8.1 Enterprise x64
 
 

The DRIVER_VERIFIER_DETECTED_VIOLATION bug check has a value of 0x000000C4. This is the general bug check code for fatal errors found by Driver Verifier.
1st parameter = 0x62 - The driver is unloading without first freeing its pool allocations. A bug check with this parameter occurs only when the Pool Tracking option of Driver Verifier is active.
Code:
Microsoft (R) Windows Debugger Version 10.0.18362.1 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [F:\072619-220928-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available


************* Path validation summary **************
Response                         Time (ms)     Location
Deferred                                       SRV*
Symbol search path is: SRV*
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.24441.amd64fre.win7sp1_ldr.190418-1735
Machine Name:
Kernel base = 0xfffff800`0341d000 PsLoadedModuleList = 0xfffff800`03656c90
Debug session time: Fri Jul 26 13:36:49.645 2019 (UTC + 2:00)
System Uptime: 0 days 3:16:03.769
Loading Kernel Symbols
...............................................................
................................................................
....................................................
Loading User Symbols
Loading unloaded module list
.............
For analysis of this file, run !analyze -v
3: kd> !analyze
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck C4, {62, fffffa8011bcebe8, fffffa8011bce8c0, e0}

*** WARNING: Unable to verify timestamp for avgStm.sys
GetUlongPtrFromAddress: unable to read from fffff800036ba300
Probably caused by : avgStm.sys

Followup:     MachineOwner
---------

3: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
A device driver attempting to corrupt the system has been caught.  This is
because the driver was specified in the registry as being suspect (by the
administrator) and the kernel has enabled substantial checking of this driver.
If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
be among the most commonly seen crashes.
Arguments:
Arg1: 0000000000000062, A driver has forgotten to free its pool allocations prior to unloading.
Arg2: fffffa8011bcebe8, name of the driver having the issue.
Arg3: fffffa8011bce8c0, verifier internal structure with driver information.
Arg4: 00000000000000e0, total # of (paged+nonpaged) allocations that weren't freed.
	Type !verifier 3 drivername.sys for info on the allocations
	that were leaked that caused the bugcheck.

Debugging Details:
------------------


KEY_VALUES_STRING: 1


PROCESSES_ANALYSIS: 1

SERVICE_ANALYSIS: 1

STACKHASH_ANALYSIS: 1

TIMELINE_ANALYSIS: 1


DUMP_CLASS: 1

DUMP_QUALIFIER: 400

BUILD_VERSION_STRING:  7601.24441.amd64fre.win7sp1_ldr.190418-1735

DUMP_TYPE:  2

BUGCHECK_P1: 62

BUGCHECK_P2: fffffa8011bcebe8

BUGCHECK_P3: fffffa8011bce8c0

BUGCHECK_P4: e0

BUGCHECK_STR:  0xc4_62

IMAGE_NAME:  avgStm.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  5d0b0634

MODULE_NAME: avgStm

FAULTING_MODULE: fffff8800913e000 avgStm

VERIFIER_DRIVER_ENTRY: dt nt!_MI_VERIFIER_DRIVER_ENTRY fffffa8011bce8c0
Symbol nt!_MI_VERIFIER_DRIVER_ENTRY not found.

CPU_COUNT: 4

CPU_MHZ: cf0

CPU_VENDOR:  GenuineIntel

CPU_FAMILY: 6

CPU_MODEL: 5e

CPU_STEPPING: 3

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VERIFIER_ENABLED_VISTA_MINIDUMP

PROCESS_NAME:  services.exe

CURRENT_IRQL:  2

ANALYSIS_SESSION_HOST:  MICHAL

ANALYSIS_SESSION_TIME:  07-26-2019 15:54:11.0267

ANALYSIS_VERSION: 10.0.18362.1 amd64fre

LAST_CONTROL_TRANSFER:  from fffff800039174fc to fffff800034b0aa0

STACK_TEXT:  
fffff880`17a33308 fffff800`039174fc : 00000000`000000c4 00000000`00000062 fffffa80`11bcebe8 fffffa80`11bce8c0 : nt!KeBugCheckEx
fffff880`17a33310 fffff800`0392668a : 00000000`00000001 00000000`00000000 fffff880`0913e000 00000000`00000001 : nt!VerifierBugCheckIfAppropriate+0x3c
fffff880`17a33350 fffff800`0356cf40 : 00000000`00000000 00000000`00000000 fffff880`009aa180 00000000`00000000 : nt!VfPoolCheckForLeaks+0x4a
fffff880`17a33390 fffff800`0380a2de : fffffa80`11bceb30 00000000`00000000 00000000`00000000 00000000`00000018 : nt!VfTargetDriversRemove+0x160
fffff880`17a33430 fffff800`0382f54b : 00000000`00000000 00000000`000e0082 00000000`00000000 00000000`00000001 : nt!VfDriverUnloadImage+0x2e
fffff880`17a33460 fffff800`0382f9ed : 00000000`00000000 fffffa80`11bceb30 00000000`00000000 00000000`00010200 : nt!MiUnloadSystemImage+0x28b
fffff880`17a334d0 fffff800`039011e1 : 00000000`00000000 fffff880`17a337f0 fffffa80`0d823de0 00000000`00000018 : nt!MmUnloadSystemImage+0x4d
fffff880`17a33510 fffff800`0345c274 : 00000000`00000000 fffff880`17a337f0 fffffa80`0d823de0 fffffa80`11bce788 : nt!IopDeleteDriver+0x41
fffff880`17a33540 fffff800`0383b4ac : fffff880`17a337f0 00000000`00000000 00000000`c0000001 fffff880`00000000 : nt!ObfDereferenceObject+0xd4
fffff880`17a335a0 fffff800`034bead3 : fffffa80`18d63b50 00000000`00000000 fffff800`036bda01 00000000`00000000 : nt!IopUnloadDriver+0x45c
fffff880`17a33770 fffff800`034b42b0 : fffff800`0383b1a5 00000000`027eeb00 00000000`00000001 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
fffff880`17a33908 fffff800`0383b1a5 : 00000000`027eeb00 00000000`00000001 00000000`00000000 00000000`00cada10 : nt!KiServiceLinkage
fffff880`17a33910 fffff800`034bead3 : fffffa80`18d63b50 fffff880`17a33b60 00000000`00000000 00000000`00000000 : nt!IopUnloadDriver+0x155
fffff880`17a33ae0 00000000`773bb0fa : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`027eead8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x773bb0fa


THREAD_SHA1_HASH_MOD_FUNC:  591646535b6c407bc45fa532f044222b581d75cc

THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  ab4cd03d1732ae1098429d754ab04e1e5c6d7565

THREAD_SHA1_HASH_MOD:  7f608ac2fbce9034a3386b1d51652e4911d30234

FOLLOWUP_NAME:  MachineOwner

STACK_COMMAND:  .thread ; .cxr ; kb

FAILURE_BUCKET_ID:  X64_0xc4_62_VRF_LEAKED_POOL_IMAGE_avgStm.sys

BUCKET_ID:  X64_0xc4_62_VRF_LEAKED_POOL_IMAGE_avgStm.sys

PRIMARY_PROBLEM_CLASS:  X64_0xc4_62_VRF_LEAKED_POOL_IMAGE_avgStm.sys

TARGET_TIME:  2019-07-26T11:36:49.000Z

OSBUILD:  7601

OSSERVICEPACK:  1000

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

SUITE_MASK:  272

PRODUCT_TYPE:  1

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 7

OSEDITION:  Windows 7 WinNt (Service Pack 1) TerminalServer SingleUserTS

OS_LOCALE:  

USER_LCID:  0

OSBUILD_TIMESTAMP:  2019-04-19 04:08:54

BUILDDATESTAMP_STR:  190418-1735

BUILDLAB_STR:  win7sp1_ldr

BUILDOSVER_STR:  6.1.7601.24441.amd64fre.win7sp1_ldr.190418-1735

ANALYSIS_SESSION_ELAPSED_TIME:  756

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:x64_0xc4_62_vrf_leaked_pool_image_avgstm.sys

FAILURE_ID_HASH:  {c341edbd-a105-4ab9-c966-527e399cd25f}

Followup:     MachineOwner
---------

3: kd> .load pde
=========================================================================================
 PDE v11.3 - Copyright 2017 Andrew Richards
=========================================================================================
3: kd> !dpx
Start memory scan  : 0xfffff88017a33308 ($csp)
End memory scan    : 0xfffff88017a34000 (Kernel Stack Base)

               rsp : 0xfffff88017a33308 : 0xfffff800039174fc : nt!VerifierBugCheckIfAppropriate+0x3c
*** WARNING: Unable to verify timestamp for avgStm.sys
               rsi : 0xfffffa800e624050 : 0xfffff8800913e000 : avgStm
                r8 : 0xfffffa8011bcebe8 :  !du "avgStm.sys"
0xfffff88017a33308 : 0xfffff800039174fc : nt!VerifierBugCheckIfAppropriate+0x3c
0xfffff88017a33320 : 0xfffffa8011bcebe8 :  !du "avgStm.sys"
0xfffff88017a33338 : 0xfffff80003569e35 : nt!VfAvlLookupTreeNode+0xf5
0xfffff88017a33348 : 0xfffff8000392668a : nt!VfPoolCheckForLeaks+0x4a
0xfffff88017a33360 : 0xfffff8800913e000 : avgStm
0xfffff88017a33388 : 0xfffff8000356cf40 : nt!VfTargetDriversRemove+0x160
0xfffff88017a333d8 : 0xfffff800037f6c0e : nt!VfThunkCheckDriverUnloading+0x2e
0xfffff88017a33400 : 0xfffff8800913e000 : avgStm
0xfffff88017a33428 : 0xfffff8000380a2de : nt!VfDriverUnloadImage+0x2e
0xfffff88017a33458 : 0xfffff8000382f54b : nt!MiUnloadSystemImage+0x28b
0xfffff88017a334c8 : 0xfffff8000382f9ed : nt!MmUnloadSystemImage+0x4d
0xfffff88017a33508 : 0xfffff800039011e1 : nt!IopDeleteDriver+0x41
0xfffff88017a33538 : 0xfffff8000345c274 : nt!ObfDereferenceObject+0xd4
0xfffff88017a33598 : 0xfffff8000383b4ac : nt!IopUnloadDriver+0x45c
0xfffff88017a335e8 : 0xfffff8000372003a : nt!CmEnumerateValueKey+0x49a
0xfffff88017a335f0 : 0xfffff800036bd540 : nt!MmSystemPtesWs
0xfffff88017a33640 : 0xfffff88017a335e8 : 0xfffff8000372003a : nt!CmEnumerateValueKey+0x49a
0xfffff88017a336b8 : 0xfffff800034bcca5 : nt!KiPageFault+0x465
0xfffff88017a336c8 : 0xfffff80003722e94 : nt!PsReferenceImpersonationToken
0xfffff88017a33700 : 0xfffff8000385a200 : nt!IopLoadUnloadDriver
0xfffff88017a33768 : 0xfffff800034bead3 : nt!KiSystemServiceCopyEnd+0x13
0xfffff88017a33780 : 0xfffff800036bda01 : nt!MmFreePageListHead+0x1
0xfffff88017a33798 : 0xfffff800034a8f01 : nt!MiMakeTransitionPte+0x1d
0xfffff88017a337b0 : 0xfffff80003640880 : nt!MiSpecialPool
0xfffff88017a337c8 : 0xfffff8000359d426 : nt!MmAllocateSpecialPool+0x7b6
0xfffff88017a337f8 : 0xfffff80003729b8f : nt!SePrivilegedServiceAuditAlarm+0x47
0xfffff88017a33828 : 0xfffff80003640888 : nt!MiSpecialPool+0x8
0xfffff88017a338d8 : 0xfffff800034b42b0 : nt!KiServiceLinkage
0xfffff88017a338f0 : 0xfffff88017a33908 : 0xfffff8000383b1a5 : nt!IopUnloadDriver+0x155
0xfffff88017a33908 : 0xfffff8000383b1a5 : nt!IopUnloadDriver+0x155
0xfffff88017a33938 : 0xfffff800034bcca5 : nt!KiPageFault+0x465
0xfffff88017a33948 : 0xfffff8000383b610 : nt!NtUnloadDriver
0xfffff88017a33a10 : 0xfffff8000383b610 : nt!NtUnloadDriver
0xfffff88017a33a58 : 0xfffff80003719326 : nt!ExMapHandleToPointer+0x26
0xfffff88017a33a88 : 0xfffff800037164f4 : nt!ObpCloseHandle+0x94
0xfffff88017a33aa8 : 0xfffff8000383b610 : nt!NtUnloadDriver
0xfffff88017a33ad8 : 0xfffff800034bead3 : nt!KiSystemServiceCopyEnd+0x13
0xfffff88017a33ae0 : 0xfffffa8018d63b50 :  Trap @ fffff88017a33ae0

3: kd> lmvm avgStm
Browse full module list
start             end                 module name
fffff880`0913e000 fffff880`09175000   avgStm   T (no symbols)           
    Loaded symbol image file: avgStm.sys
    Image path: \SystemRoot\system32\drivers\avgStm.sys
    Image name: avgStm.sys
    Browse all global symbols  functions  data
    Timestamp:        Wed Jun 19 21:06:12 2019 (5D0B0634)
    CheckSum:         0003C441
    ImageSize:        00037000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
    Information from resource tables:
Disable Driver Verifier, and if blue screens continue, then uninstall and reinstall the AVG anti-virus
My System SpecsSystem Spec
28 Jul 2019   #15
zovoti

Windows 7 Ultimate Service Pack 1 64 bit
 
 

Thank you so much!!! You are incredible!
My System SpecsSystem Spec
21 Oct 2019   #16
zovoti

Windows 7 Ultimate Service Pack 1 64 bit
 
 

After several months of no problems what so ever due to your amazing help,
my computer decided to crash once again with a brand new BSOD... :-(

Can you help me once more please?
Thank you so much...


Attached Files
File Type: zip HOMEPC-PC-Mon_10_21_2019_104319_05.zip (1.94 MB, 3 views)
My System SpecsSystem Spec
21 Oct 2019   #17
MrPepka

Windows 8.1 Enterprise x64
 
 

I don't see new crash dumps. Make sure that you don't have problems with your disk and logging crash dumps is enabled and correctly set.
My System SpecsSystem Spec
.
Reply

 BSOD - wdf01000.sys - PLEASE HELP!




Thread Tools




Similar help and support threads
Thread Forum
wdf01000.sys bsod windows 7 help!
Experiencing BSOD when pressing 'Ctrl+alt+delete' to access the passwordscreen. Personally cant find out much details from windbg. Can someone help please. Thanks!
BSOD Help and Support
BSOD Playing GTA IV Better DS3/Wdf01000.sys
Hey guys first post here :) Everytime i play GTA IV i get this BSOD But i dont think its GTA but then again my other games run fine 1 time NFS world BSOD, the DMP file bellow says something about the Better DS3 Microsoft (R) Windows Debugger Version 6.12.0002.633 Copyright (c) Microsoft...
BSOD Help and Support
BSOD WDF01000.sys
I have attached a zip of my minidump folder. Getting random BSOD's. Appears to happen when PC is sitting idle for the most part. Started shortly after Win 7 Pro 64-bit install. This is from an HP 6560b laptop. It seemed that windbg only shows wdf01000.sys as the problem, but I'm not sure if my...
BSOD Help and Support
BSOD Wdf01000.sys
Hello, just got a bluescreen and i couldnt get back into windows untill i removed one of my RAM`s. I tryed the startup repair system restore before doing that but i was getting bluescreen everytime before or after windows was loading. Tho i only see only one event, the others might have been lost...
BSOD Help and Support
BSOD, Driver Wdf01000.sys
Trying to help my father-in-law who is getting a BSOD on his very new laptop. We've barely used the thing, so I'm not getting it. Attached is the SF dump file info. I am intermediate level computer knowledge, so bear with me. It starts in safe mode. Thanks for any help.
BSOD Help and Support


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 13:25.
Twitter Facebook