Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Win7/64 Pro desktop BSOD for reasons unknown

17 Jan 2020   #11
MrPepka

Windows 8.1 Enterprise x64
 
 

Logs show that the Malwarebytes driver causes some memory leak. I suggest reinstalling the software from this company, and if that doesn't work, contact the manufacturer
Code:
Microsoft (R) Windows Debugger Version 10.0.19528.1000 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\mrpep\AppData\Local\Temp\Temp1_TERRY-Thu_01_16_2020_181127_94.zip\011620-36083-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available


************* Path validation summary **************
Response                         Time (ms)     Location
Deferred                                       srv*
Symbol search path is: srv*
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
7601.24520.amd64fre.win7sp1_ldr_escrow.190828-1732
Machine Name:
Kernel base = 0xfffff800`04e10000 PsLoadedModuleList = 0xfffff800`05049c90
Debug session time: Fri Jan 17 02:41:50.498 2020 (UTC + 1:00)
System Uptime: 0 days 0:16:56.326
Loading Kernel Symbols
...............................................................
................................................................
..........................................
Loading User Symbols
Loading unloaded module list
..........
For analysis of this file, run !analyze -v
nt!DebugPrompt+0x17:
fffff800`04eaa567 cc              int     3
4: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003.  This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG.  This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG.  This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffff80000003, The exception code that was not handled
Arg2: fffff80004eaa568, The address that the exception occurred at
Arg3: fffff880033af5c8, Exception Record Address
Arg4: fffff880033aee30, Context Record Address

Debugging Details:
------------------

fffff80004ff20e8: Unable to get Flags value from nt!KdVersionBlock
GetUlongPtrFromAddress: unable to read from fffff800050ad300

KEY_VALUES_STRING: 1

    Key  : Analysis.CPU.Sec
    Value: 1

    Key  : Analysis.DebugAnalysisProvider.CPP
    Value: Create: 8007007e on DESKTOP-QO9C72C

    Key  : Analysis.DebugData
    Value: CreateObject

    Key  : Analysis.DebugModel
    Value: CreateObject

    Key  : Analysis.Elapsed.Sec
    Value: 1

    Key  : Analysis.Memory.CommitPeak.Mb
    Value: 60

    Key  : Analysis.System
    Value: CreateObject


ADDITIONAL_XML: 1

BUGCHECK_CODE:  7e

BUGCHECK_P1: ffffffff80000003

BUGCHECK_P2: fffff80004eaa568

BUGCHECK_P3: fffff880033af5c8

BUGCHECK_P4: fffff880033aee30

EXCEPTION_RECORD:  fffff880033af5c8 -- (.exr 0xfffff880033af5c8)
ExceptionAddress: fffff80004eaa568 (nt!DebugPrompt+0x0000000000000018)
   ExceptionCode: 80000003 (Break instruction exception)
  ExceptionFlags: 00000000
NumberParameters: 1
   Parameter[0]: 0000000000000002

CONTEXT:  fffff880033aee30 -- (.cxr 0xfffff880033aee30)
rax=0000000000000002 rbx=fffff880010839a0 rcx=fffff880010a6070
rdx=fffff880033a001f rsi=00000000000001e7 rdi=fffff880010a6090
rip=fffff80004eaa567 rsp=fffff880033af808 rbp=fffffa800d6ad190
 r8=fffff880033af880  r9=fffff880010a0002 r10=0000000000000000
r11=fffff880033af858 r12=000000000000012c r13=fffff880033a1870
r14=0000000000000408 r15=0000000000000001
iopl=0         nv up ei pl nz ac pe nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00000212
nt!DebugPrompt+0x17:
fffff800`04eaa567 cc              int     3
Resetting default scope

CUSTOMER_CRASH_COUNT:  1

PROCESS_NAME:  System

ERROR_CODE: (NTSTATUS) 0x80000003 - {WYJ TEK}  Punkt przerwania  Osi gni to punkt przerwania.

EXCEPTION_CODE_STR:  80000003

EXCEPTION_PARAMETER1:  0000000000000002

EXCEPTION_STR:  0x80000003

STACK_TEXT:  
fffff880`033af808 fffff800`04ee7d6b : fffff880`010839a0 fffff800`04e7b658 fffff880`010839a0 00000000`000001e7 : nt!DebugPrompt+0x17
fffff880`033af810 fffff880`010a64bb : fffffa80`0c7b2ce8 00000000`00000000 fffff880`010a6060 00000000`00000007 : nt!DbgPrompt+0x3b
fffff880`033af860 fffff880`010a6ec1 : 00000000`00000029 fffffa80`0d6ad190 fffffa80`0f9de640 00000000`00000000 : fltmgr!FltpvPrintErrors+0x11b
fffff880`033afac0 fffff800`04e535f9 : ffffffff`fff0bdc0 fffff880`010a6d10 fffff800`050207f8 fffffa80`0c7b2b50 : fltmgr!FltpvDoLostObjectCheck+0x1b1
fffff880`033afb70 fffff800`05150578 : 00000000`00000000 fffff880`031b1180 00000000`00000080 00000000`00000001 : nt!ExpWorkerThread+0x111
fffff880`033afc00 fffff800`04ea9cc6 : fffff880`031b1180 fffffa80`0c7b2b50 fffff880`031c0240 00000000`00000000 : nt!PspSystemThreadStartup+0x194
fffff880`033afc40 00000000`00000000 : fffff880`033b0000 fffff880`033aa000 fffff880`033af840 00000000`00000000 : nt!KxStartSystemThread+0x16


SYMBOL_NAME:  nt!DebugPrompt+18

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

IMAGE_VERSION:  6.1.7601.24520

STACK_COMMAND:  .cxr 0xfffff880033aee30 ; kb

FAILURE_BUCKET_ID:  X64_0x7E_VRF_nt!DebugPrompt+18

OS_VERSION:  7.1.7601.24520

BUILDLAB_STR:  win7sp1_ldr_escrow

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 7

FAILURE_ID_HASH:  {0e885d28-8a96-6740-4fce-8c5082a1dfb8}

Followup:     MachineOwner
---------

4: kd> .load pde
=========================================================================================
 PDE v11.3 - Copyright 2017 Andrew Richards
=========================================================================================
4: kd> !dpx
Start memory scan  : 0xfffff880033af808 ($csp)
End memory scan    : 0xfffff880033b0000 (Kernel Stack Base)

               rcx : 0xfffff880010a6070 :  !da ""Break, ignore, zap or remove ? ""
               rsp : 0xfffff880033af808 : 0xfffff80004ee7d6b : nt!DbgPrompt+0x3b
               rdi : 0xfffff880010a6090 :  !da ""Breaking in... (press g<enter> to return to assert menu).""
               r11 : 0xfffff880033af858 : 0xfffff880010a64bb : fltmgr!FltpvPrintErrors+0x11b
0xfffff880033af808 : 0xfffff80004ee7d6b : nt!DbgPrompt+0x3b
0xfffff880033af810 : 0xfffff880010839a0 : fltmgr!FltvMessageTable+0x290
0xfffff880033af818 : 0xfffff80004e7b658 : nt!DbgPrintEx+0x30
0xfffff880033af820 : 0xfffff880010839a0 : fltmgr!FltvMessageTable+0x290
0xfffff880033af848 : 0xfffff880010a6070 :  !da ""Break, ignore, zap or remove ? ""
0xfffff880033af858 : 0xfffff880010a64bb : fltmgr!FltpvPrintErrors+0x11b
0xfffff880033af888 : 0xfffff80004e10000 : "nt!_imp_CiInitialize <PERF> (nt+0x0)"
0xfffff880033af890 : 0x56205245544c4946 :  !da ""FILTER VERIFIER ERROR:   A filter (Filter = FFFFFA800D6AD190 (MBAMProtection)) l...""
0xfffff880033af898 : 0x2052454946495245 :  !da ""ERIFIER ERROR:   A filter (Filter = FFFFFA800D6AD190 (MBAMProtection)) leaked re...""
0xfffff880033af8a0 : 0x20203a524f525245 :  !da ""ERROR:   A filter (Filter = FFFFFA800D6AD190 (MBAMProtection)) leaked references...""
0xfffff880033af8a8 : 0x65746c6966204120 :  !da "" A filter (Filter = FFFFFA800D6AD190 (MBAMProtection)) leaked references to the ...""
0xfffff880033af8b0 : 0x65746c6946282072 :  !da ""r (Filter = FFFFFA800D6AD190 (MBAMProtection)) leaked references to the followin...""
0xfffff880033af8b8 : 0x46464646203d2072 :  !da ""r = FFFFFA800D6AD190 (MBAMProtection)) leaked references to the following resour...""
0xfffff880033af8c0 : 0x4136443030384146 :  !da ""FA800D6AD190 (MBAMProtection)) leaked references to the following resources:..00...""
0xfffff880033af8c8 : 0x424d282030393144 :  !da ""D190 (MBAMProtection)) leaked references to the following resources:..00000000 F...""
0xfffff880033af8d0 : 0x6365746f72504d41 :  !da ""AMProtection)) leaked references to the following resources:..00000000 Filter Co...""
0xfffff880033af8d8 : 0x6c2029296e6f6974 :  !da ""tion)) leaked references to the following resources:..00000000 Filter Context St...""
0xfffff880033af8e0 : 0x65722064656b6165 :  !da ""eaked references to the following resources:..00000000 Filter Context Structures...""
0xfffff880033af8e8 : 0x7365636e65726566 :  !da ""ferences to the following resources:..00000000 Filter Context Structures..000000...""
0xfffff880033af8f0 : 0x20656874206f7420 :  !da "" to the following resources:..00000000 Filter Context Structures..00000000 FLT_C...""
0xfffff880033af8f8 : 0x6e69776f6c6c6f66 :  !da ""following resources:..00000000 Filter Context Structures..00000000 FLT_CALLBACK_...""
0xfffff880033af900 : 0x72756f7365722067 :  !da ""g resources:..00000000 Filter Context Structures..00000000 FLT_CALLBACK_DATA str...""
0xfffff880033af908 : 0x3030090a3a736563 :  !da ""ces:..00000000 Filter Context Structures..00000000 FLT_CALLBACK_DATA structures....""
0xfffff880033af910 : 0x4620303030303030 :  !da ""000000 Filter Context Structures..00000000 FLT_CALLBACK_DATA structures..0000000...""
0xfffff880033af918 : 0x6f43207265746c69 :  !da ""ilter Context Structures..00000000 FLT_CALLBACK_DATA structures..00000000 FLT_DE...""
0xfffff880033af920 : 0x745320747865746e :  !da ""ntext Structures..00000000 FLT_CALLBACK_DATA structures..00000000 FLT_DEFERRED_I...""
0xfffff880033af928 : 0x7365727574637572 :  !da ""ructures..00000000 FLT_CALLBACK_DATA structures..00000000 FLT_DEFERRED_IO_WORKIT...""
0xfffff880033af930 : 0x303030303030090a :  !da ""..00000000 FLT_CALLBACK_DATA structures..00000000 FLT_DEFERRED_IO_WORKITEM struc...""
0xfffff880033af938 : 0x435f544c46203030 :  !da ""00 FLT_CALLBACK_DATA structures..00000000 FLT_DEFERRED_IO_WORKITEM structures..0...""
0xfffff880033af940 : 0x5f4b4341424c4c41 :  !da ""ALLBACK_DATA structures..00000000 FLT_DEFERRED_IO_WORKITEM structures..00000243 ...""
0xfffff880033af948 : 0x7274732041544144 :  !da ""DATA structures..00000000 FLT_DEFERRED_IO_WORKITEM structures..00000243 FLT_GENE...""
0xfffff880033af950 : 0x0a73657275746375 :  !da ""uctures..00000000 FLT_DEFERRED_IO_WORKITEM structures..00000243 FLT_GENERIC_WORK...""
0xfffff880033af958 : 0x3030303030303009 :  !da "".00000000 FLT_DEFERRED_IO_WORKITEM structures..00000243 FLT_GENERIC_WORKITEM str...""
0xfffff880033af960 : 0x45445f544c462030 :  !da ""0 FLT_DEFERRED_IO_WORKITEM structures..00000243 FLT_GENERIC_WORKITEM structures....""
0xfffff880033af968 : 0x495f444552524546 :  !da ""FERRED_IO_WORKITEM structures..00000243 FLT_GENERIC_WORKITEM structures..0000000...""
0xfffff880033af970 : 0x54494b524f575f4f :  !da ""O_WORKITEM structures..00000243 FLT_GENERIC_WORKITEM structures..00000000 FLT_FI...""
0xfffff880033af978 : 0x6375727473204d45 :  !da ""EM structures..00000243 FLT_GENERIC_WORKITEM structures..00000000 FLT_FILE_NAME_...""
0xfffff880033af980 : 0x30090a7365727574 :  !da ""tures..00000243 FLT_GENERIC_WORKITEM structures..00000000 FLT_FILE_NAME_INFORMAT...""
0xfffff880033af988 : 0x2033343230303030 :  !da ""0000243 FLT_GENERIC_WORKITEM structures..00000000 FLT_FILE_NAME_INFORMATION stru...""
0xfffff880033af990 : 0x454e45475f544c46 :  !da ""FLT_GENERIC_WORKITEM structures..00000000 FLT_FILE_NAME_INFORMATION structures.....""
0xfffff880033af998 : 0x4b524f575f434952 :  !da ""RIC_WORKITEM structures..00000000 FLT_FILE_NAME_INFORMATION structures..00000000...""
0xfffff880033af9a0 : 0x727473204d455449 :  !da ""ITEM structures..00000000 FLT_FILE_NAME_INFORMATION structures..00000000 FILE_OB...""
0xfffff880033af9a8 : 0x0a73657275746375 :  !da ""uctures..00000000 FLT_FILE_NAME_INFORMATION structures..00000000 FILE_OBJECT str...""
0xfffff880033af9b0 : 0x3030303030303009 :  !da "".00000000 FLT_FILE_NAME_INFORMATION structures..00000000 FILE_OBJECT structures....""
0xfffff880033af9b8 : 0x49465f544c462030 :  !da ""0 FLT_FILE_NAME_INFORMATION structures..00000000 FILE_OBJECT structures..0000000...""
0xfffff880033af9c0 : 0x5f454d414e5f454c :  !da ""LE_NAME_INFORMATION structures..00000000 FILE_OBJECT structures..00000000 FLT_OB...""
0xfffff880033af9c8 : 0x54414d524f464e49 :  !da ""INFORMATION structures..00000000 FILE_OBJECT structures..00000000 FLT_OBJECT str...""
0xfffff880033af9d0 : 0x75727473204e4f49 :  !da ""ION structures..00000000 FILE_OBJECT structures..00000000 FLT_OBJECT structures....""
0xfffff880033af9d8 : 0x090a736572757463 :  !da ""ctures..00000000 FILE_OBJECT structures..00000000 FLT_OBJECT structures.Type "!f...""
0xfffff880033af9e0 : 0x3030303030303030 :  !da ""00000000 FILE_OBJECT structures..00000000 FLT_OBJECT structures.Type "!fltkd.fil...""
0xfffff880033af9e8 : 0x424f5f454c494620 :  !da "" FILE_OBJECT structures..00000000 FLT_OBJECT structures.Type "!fltkd.filter FFFF...""
0xfffff880033af9f0 : 0x727473205443454a :  !da ""JECT structures..00000000 FLT_OBJECT structures.Type "!fltkd.filter FFFFFA800D6A...""
0xfffff880033af9f8 : 0x0a73657275746375 :  !da ""uctures..00000000 FLT_OBJECT structures.Type "!fltkd.filter FFFFFA800D6AD190 8 1...""
0xfffff880033afa00 : 0x3030303030303009 :  !da "".00000000 FLT_OBJECT structures.Type "!fltkd.filter FFFFFA800D6AD190 8 1" in the...""
0xfffff880033afa08 : 0x424f5f544c462030 :  !da ""0 FLT_OBJECT structures.Type "!fltkd.filter FFFFFA800D6AD190 8 1" in the debugge...""
0xfffff880033afa10 : 0x727473205443454a :  !da ""JECT structures.Type "!fltkd.filter FFFFFA800D6AD190 8 1" in the debugger for a ...""
0xfffff880033afa18 : 0x0a73657275746375 :  !da ""uctures.Type "!fltkd.filter FFFFFA800D6AD190 8 1" in the debugger for a list of ...""
0xfffff880033afa20 : 0x6621222065707954 :  !da ""Type "!fltkd.filter FFFFFA800D6AD190 8 1" in the debugger for a list of leaked r...""
0xfffff880033afa28 : 0x6c69662e646b746c :  !da ""ltkd.filter FFFFFA800D6AD190 8 1" in the debugger for a list of leaked reference...""
0xfffff880033afa30 : 0x4646464620726574 :  !da ""ter FFFFFA800D6AD190 8 1" in the debugger for a list of leaked references.""
0xfffff880033afa38 : 0x4136443030384146 :  !da ""FA800D6AD190 8 1" in the debugger for a list of leaked references.""
0xfffff880033afa40 : 0x3120382030393144 :  !da ""D190 8 1" in the debugger for a list of leaked references.""
0xfffff880033afa48 : 0x656874206e692022 :  !da """ in the debugger for a list of leaked references.""
0xfffff880033afa50 : 0x6567677562656420 :  !da "" debugger for a list of leaked references.""
0xfffff880033afa58 : 0x206120726f662072 :  !da ""r for a list of leaked references.""
0xfffff880033afa60 : 0x20666f207473696c :  !da ""list of leaked references.""
0xfffff880033afa68 : 0x722064656b61656c :  !da ""leaked references.""
0xfffff880033afa70 : 0x65636e6572656665 :  !da "eferences."
0xfffff880033afab8 : 0xfffff880010a6ec1 : fltmgr!FltpvDoLostObjectCheck+0x1b1
0xfffff880033afb38 : 0xfffff880010a6d10 : fltmgr!FltpvDoLostObjectCheck
0xfffff880033afb68 : 0xfffff80004e535f9 : nt!ExpWorkerThread+0x111
0xfffff880033afb78 : 0xfffff880010a6d10 : fltmgr!FltpvDoLostObjectCheck
0xfffff880033afb80 : 0xfffff800050207f8 : nt!ExWorkerQueue+0x58
0xfffff880033afbd0 : 0xfffff80004e534e8 : nt!ExpWorkerThread
0xfffff880033afbf8 : 0xfffff80005150578 : nt!PspSystemThreadStartup+0x194
0xfffff880033afc38 : 0xfffff80004ea9cc6 : nt!KxStartSystemThread+0x16

4: kd> !PDE.da fffff880033af890
FILTER VERIFIER ERROR:   A filter (Filter = FFFFFA800D6AD190 (MBAMProtection)) leaked references to the following resources:
	00000000 Filter Context Structures
	00000000 FLT_CALLBACK_DATA structures
	00000000 FLT_DEFERRED_IO_WORKITEM structures
	00000243 FLT_GENERIC_WORKITEM structures
	00000000 FLT_FILE_NAME_INFORMATION structures
	00000000 FILE_OBJECT structures
	00000000 FLT_OBJECT structures
Type "!fltkd.filter FFFFFA800D6AD190 8 1" in the debugger for a list of leaked references

4: kd> !fltkd.filter FFFFFA800D6AD190 8 1

Could not read field "Base.Flags" of FltMgr!_FLT_FILTER from address: fffffa800d6ad190
4: kd> !fltkd.filter FFFFFA800D6AD190

Could not read field "Base.Flags" of FltMgr!_FLT_FILTER from address: fffffa800d6ad190



My System SpecsSystem Spec
.
17 Jan 2020   #12
wysocki

Windows 7 Professional SP1 64bit
 
 

Hmm, I'm puzzled how you made that determination from the attached code. But I decided to just uninstall Malwarebytes temporarily to check it out. It's only been a couple of hours, but I DID run the Tamosoft client (which caused immediate BSOD when connected) and could not get the BSOD! I will see how things go for a while then try reinstalling Malwarebytes and will report back on the results. THANKS!
My System SpecsSystem Spec
4 Weeks Ago   #13
wysocki

Windows 7 Professional SP1 64bit
 
 

I've been testing Malwarebytes and it appears that it WAS THE PROBLEM! I de-installed then re-installed it and I've come to the conclusion that it is the real-time WEB protection feature that causes the crashes. With that one feature turned off I've had no BSOD even when running the Tamosoft Throughput Test. I'll contact Malwarebytes about this and will report their findings here.
My System SpecsSystem Spec
.

4 Weeks Ago   #14
wysocki

Windows 7 Professional SP1 64bit
 
 

Malwarebytes has released a Beta version that appears to have fixed this issue with real-time Web Protection! I installed it as follows:


Open Malwarebytes and click Settings > General Tab
Scroll down to Beta Updates > Toggle on
It will ask you to confirm enabling Beta, click on "Enable Beta Application Updates"
Then scroll back to the top of Settings > General
Click 'Check for updates'
My System SpecsSystem Spec
Reply

 Win7/64 Pro desktop BSOD for reasons unknown




Thread Tools




Similar help and support threads
Thread Forum
Desktop Window Manager crashing on startup for unknown reasons.
I just formatted my PC and installed a fresh copy of Windows 7 Ultimate yesterday (Previously had Win10, but I prefer the stability of Windows 7). However, a window pops up whenever i start up the PC saying "Desktop Window Manager stopped working and was closed. A problem caused the application to...
General Discussion
Desktop BSOD for unknown reasons
Today I had for the first time 3 blue screens for the very first time on my desktop. The first two were about an hour apart and the third time was shorter. However as I write this I have had the pc open for more than an hour again without crash. Hopefully with your help, which is greatly...
BSOD Help and Support
BSOD from unknown reasons, bug check 0x0000007a
I'm not a techie but I know how to use common stuff like BlueScreenView. Any ideas? http://i.imgur.com/egK1r48.png
BSOD Help and Support
BSOD for unknown reasons, IRQL_NOT_LESS_OR_EQUAL
Hi, ive been having BSOD crashes since this Monday. Ive tried to fix them by cleaning up some space, defragment disks and used various programs to find and fix problems, but nothing helped. So I came here to ask for help. The crash occurs at least once a day. I used BlueScreen to view the...
BSOD Help and Support
BSOD for unknown reasons
I've been getting BSOD's for a couple days now and I'm baffled. I would greatly appreciate any help. Windows 7 home premium X64 retail Hardware is about two years old. One of the steps I took was to reinstall windows just a few days ago. I have run memtest86 and came back clean. I have...
BSOD Help and Support


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 06:55.
Twitter Facebook