BSOD in my lenovo g560 - Windows 7 x64

satishkmr

New member
Joined
Feb 26, 2015
Posts
4
. OS - Windows 7 ultimate
· x86 (32-bit)
· Age of system (hardware) : 4 years

· CPU : intel core i3

· System Manufacturer : lenovo
· Exact model number (if laptop, check label on bottom) : g560

its a laptop.
 

Attachments

Code:
0: kd> .bugcheck
Bugcheck code 000000C5
Arguments 00000004 00000002 00000000 8355d7ff

Code:
0: kd> kv
ChildEBP RetAddr  Args to Child              
acf2385c 8355d7ff badb0d00 00000000 8f6734a1 nt!KiTrap0E+0x2cf (FPO: [0,0] TrapFrame @ acf2385c)
acf23908 8355c8aa 835728c0 00000000 00000001 nt!ExDeferredFreePool+0x19f
acf23974 8475b562 863ead70 3045464d acf23990 nt!ExFreePoolWithTag+0x8a4
acf23984 84761e60 863ead70 acf239ac 847551fa mfehidk+0x4d562
acf23990 847551fa 863ead70 86533170 86db4808 mfehidk+0x53e60
acf239ac 846cbaeb 00533170 acf239cc acf239f8 mfehidk+0x471fa
acf23a18 846ce9f0 acf23a5c 86f13c00 00000000 fltmgr!FltpPerformPreCallbacks+0x34d (FPO: [Non-Fpo])
acf23a30 846e21fe acf23a5c 846e5f3c 00000000 fltmgr!FltpPassThroughInternal+0x40 (FPO: [Non-Fpo])
acf23a44 846e28b7 acf23a5c 86f13c00 b12284a8 fltmgr!FltpCreateInternal+0x24 (FPO: [Non-Fpo])
acf23a88 8347877c 86b5b448 86b5c838 b1228504 fltmgr!FltpCreate+0x2c9 (FPO: [Non-Fpo])
acf23aa0 8367dd2c 8dc04b9d acf23c48 00000000 nt!IofCallDriver+0x63
acf23b78 8365e70b 86993030 85bd3420 b1294d20 nt!IopParseDevice+0xee6
acf23bf4 83684959 00000000 acf23c48 00000040 nt!ObpLookupObjectName+0x4fa
acf23c50 8367cc9b 0164f4f0 85bd3420 88f5b001 nt!ObOpenObjectByName+0x165
acf23ccc 836b7dd6 0019df84 80100000 0164f4f0 nt!IopCreateFile+0x673
acf23d14 8347f6da 0019df84 80100000 0164f4f0 nt!NtOpenFile+0x2a
acf23d14 77706194 0019df84 80100000 0164f4f0 nt!KiFastCallEntry+0x12a (FPO: [0,3] TrapFrame @ acf23d34)
0164f534 00000000 00000000 00000000 00000000 0x77706194

Code:
0: kd> .trap acf2385c
ErrCode = 00000000
eax=b0aef984 ebx=00000000 ecx=000001ff edx=00000000 esi=b0aef98c edi=835728c0
eip=8355d7ff esp=acf238d0 ebp=acf23908 iopl=0         nv up ei ng nz na po nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010282
nt!ExDeferredFreePool+0x19f:
8355d7ff 397304          cmp     dword ptr [ebx+4],esi ds:0023:00000004=????????

Looking at the trapframe regarding the unhandled exception, it was comparing esi to ebx+4.

McAfee's HID driver is likely corrupting pool, as it's in the stack prior to the call to the function to deallocate a block of pool memory.

Code:
0: kd> lmvm mfehidk
start    end        module name
8470e000 8477cfc0   mfehidk  T (no symbols)           
    Loaded symbol image file: mfehidk.sys
    Image path: \SystemRoot\system32\drivers\mfehidk.sys
    Image name: mfehidk.sys
    Timestamp:        Mon Feb 13 18:35:52 2012

Why is the driver so old? Probably tons of fixed bugs.

Update or remove McAfee.

McAfee removal - How to uninstall or re-install supported McAfee products using the Consumer Products Removal tool

MSE - Microsoft Security Essentials - Microsoft Windows

Code:
0: kd> vertarget
Windows 7 Kernel Version 7600 MP (4 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.17273.x86fre.win7_gdr.130318-1532
Machine Name:
Kernel base = 0x8343d000 PsLoadedModuleList = 0x83585810
Debug session time: Thu Feb 26 10:36:07.517 2015 (UTC - 5:00)
System Uptime: 0 days 0:06:33.751

You also have no SP1 - Learn how to install Windows 7 Service Pack 1 (SP1)
 
thanks for the reply...
i did remove Mcafee...
the problem was solved till today when suddenly i experienced two BSOD...
i am attaching the datails.
 

Attachments

You were using Kaspersky + McAfee at the same time? No wonder you were getting crashes.

In any case, like I said, remove & replace Kaspersky with MSE and see if the crashes stop. It's riddled with bugs in its kernel-mode drivers, and without verifier I can't tell you what's going wrong in an 0xC5 bug check.
 
just one clarification....
the laptop was preinstalled with Mcafee....but after a year i brought kaspersky and am using it till date....
 
Understood, McAfee is generally bundled with many OEMs.

Kaspersky removal - Service articles

If you crash after removing Kaspersky, enable verifier:

Driver Verifier:

What is Driver Verifier?

Driver Verifier monitors Windows kernel-mode drivers, graphics drivers, and even 3rd party drivers to detect illegal function calls or actions that might corrupt the system. Driver Verifier can subject the Windows drivers to a variety of stresses and tests to find improper behavior.

Essentially, if there's a 3rd party driver believed to be causing the issues at hand, enabling Driver Verifier will help us see which specific driver is causing the problem.

Before enabling Driver Verifier, it is recommended to create a System Restore Point:

Vista - START | type rstrui - create a restore point
Windows 7 - START | type create | select "Create a Restore Point"
Windows 8/8.1 - Restore Point - Create in Windows 8

How to enable Driver Verifier:

Start > type "verifier" without the quotes > Select the following options -

1. Select - "Create custom settings (for code developers)"
2. Select - "Select individual settings from a full list"
3. Check the following boxes -
- Special Pool
- Pool Tracking
- Force IRQL Checking
- Deadlock Detection
- Security Checks (only on Windows 7 & 8/8.1)
- DDI compliance checking (only on Windows 8/8.1)
- Miscellaneous Checks
4. Select - "Select driver names from a list"
5. Click on the "Provider" tab. This will sort all of the drivers by the provider.
6. Check EVERY box that is NOT provided by Microsoft / Microsoft Corporation.
7. Click on Finish.
8. Restart.

Important information regarding Driver Verifier:

- Perhaps the most important which I will now clarify as this has been misunderstood often, enabling Driver Verifier by itself is not! a solution, but instead a diagnostic utility. It will tell us if a driver is causing your issues, but again it will not outright solve your issues.

- If Driver Verifier finds a violation, the system will BSOD. To expand on this a bit more for the interested, specifically what Driver Verifier actually does is it looks for any driver making illegal function calls, causing memory leaks, etc. When and/if this happens, system corruption occurs if allowed to continue. When Driver Verifier is enabled per my instructions above, it is monitoring all 3rd party drivers (as we have it set that way) and when it catches a driver attempting to do this, it will quickly flag that driver as being a troublemaker, and bring down the system safely before any corruption can occur.

- After enabling Driver Verifier and restarting the system, depending on the culprit, if for example the driver is on start-up, you may not be able to get back into normal Windows because Driver Verifier will detect it in violation almost straight away, and as stated above, that will cause / force a BSOD.

If this happens, do not panic, do the following:

- Boot into Safe Mode by repeatedly tapping the F8 key during boot-up.

- Once in Safe Mode - Start > Search > type "cmd" without the quotes.

- To turn off Driver Verifier, type in cmd "verifier /reset" without the quotes.

- Restart and boot into normal Windows.

If your OS became corrupt or you cannot boot into Windows after disabling verifier via Safe Mode:

- Boot into Safe Mode by repeatedly tapping the F8 key during boot-up.

- Once in Safe Mode - Start > type "system restore" without the quotes.

- Choose the restore point you created earlier.

-- Note that Safe Mode for Windows 8/8.1 is a bit different, and you may need to try different methods: 5 Ways to Boot into Safe Mode in Windows 8 & Windows 8.1

How long should I keep Driver Verifier enabled for?

I recommend keeping it enabled for at least 24 hours. If you don't BSOD by then, disable Driver Verifier. I will usually say whether or not I'd like for you to keep it enabled any longer.

My system BSOD'd with Driver Verifier enabled, where can I find the crash dumps?

- If you have the system set to generate Small Memory Dumps, they will be located in %systemroot%\Minidump.

- If you have the system set to generate Kernel Memory Dumps, it will be located in %systemroot% and labeled MEMORY.DMP.

Any other questions can most likely be answered by this article:

Using Driver Verifier to identify issues with Windows drivers for advanced users
 

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top