BSOD while scanning with Panda Cloud Cleaner - Windows 7 x64
- Thread starter malis2007
- Start date
Jared
Sysnative Staff, BSOD Kernel Dump Expert
- Feb 3, 2014
- 1,591
Please follow these instructions.
https://www.sysnative.com/forums/bs...ctions-windows-8-1-8-7-and-windows-vista.html
https://www.sysnative.com/forums/bs...ctions-windows-8-1-8-7-and-windows-vista.html
· OS - Windows 8.1, 8, 7, Vista ? 7
· x86 (32-bit) or x64 ? x64
· What was original installed OS on system? Windows 7 Premium
· Is the OS an OEM version (came pre-installed on system) or full retail version (YOU purchased it from retailer)? dunno it came with the laptop.
· Age of system (hardware) how would i know that? i bought it 3 years ago
· Age of OS installation - have you re-installed the OS? nope
· CPU Intel Core i7-740QM. 1.73GHz
· Video Card Nvidia GeForece GT 425M
· MotherBoard what is that?
· Power Supply - brand & wattage (if laptop, skip this one)
· System Manufacturer Asus
· Exact model number (if laptop, check label on bottom)
N53J Series
· Laptop or Desktop? Laptop
· x86 (32-bit) or x64 ? x64
· What was original installed OS on system? Windows 7 Premium
· Is the OS an OEM version (came pre-installed on system) or full retail version (YOU purchased it from retailer)? dunno it came with the laptop.
· Age of system (hardware) how would i know that? i bought it 3 years ago
· Age of OS installation - have you re-installed the OS? nope
· CPU Intel Core i7-740QM. 1.73GHz
· Video Card Nvidia GeForece GT 425M
· MotherBoard what is that?
· Power Supply - brand & wattage (if laptop, skip this one)
· System Manufacturer Asus
· Exact model number (if laptop, check label on bottom)
N53J Series
· Laptop or Desktop? Laptop
Jared
Sysnative Staff, BSOD Kernel Dump Expert
- Feb 3, 2014
- 1,591
So we have our 0x24 bugcheck.
So lets run the command on the 3rd parameter.
So we have our read instruction performing an illegal.
The instruction was a cmp which is to compare the contents of the r11 register to the address which a pointer is pointing to which is stored in rax. The address is null meaning something has used a null pointer.
So lets look at the callstack.
We have AsDsm calling read I/O operations and removing certain allocations, then it tries to free a pool of memory which is null as we saw with the null pointer and hence our bugcheck.
AsDsm is the ASUS Data Security Manager driver, this is bloatware which should be removed.
It's outdated by over 5 years which is why I'm not surprised your system is crashing.
In your other dump file the situation is very similar.
So we tried to copy data from an address calculated by adding the value in rcx + 58 to the rcx register, so why is this a failing operation?
Here's our answer, accessing the rcx register is not allowed, if it is accessed then the system will generate an access violation.
It's the same solution as above as it's using bad instruction pointers.
Code:
[B]NTFS_FILE_SYSTEM (24)
If you see NtfsExceptionFilter on the stack then the 2nd and 3rd
parameters are the exception record and context record. Do a .cxr
on the 3rd parameter and then kb to obtain a more informative stack
trace.[/B]
Arguments:
Arg1: 00000000001904fb
Arg2: fffff88009e0d078
Arg3: [COLOR="#008000"]fffff88009e0c8d0[/COLOR]
Arg4: fffff80003e12aa9So lets run the command on the 3rd parameter.
Code:
2: kd> [COLOR="#008000"].cxr 0xfffff88009e0c8d0;r[/COLOR]
[COLOR="#FF0000"]rax=0000000000000000[/COLOR] rbx=0000000000000003 rcx=fffffa800547e5f0
rdx=fffff8a00baf54e0 rsi=0000000000000000 rdi=fffff8a016c44450
rip=fffff80003e12aa9 rsp=fffff88009e0d2b0 rbp=0000000000000000
r8=fffff8a01d05d4f0 r9=fffff8a00baf54a0 r10=0000000000000001
[COLOR="#800080"]r11=fffff8a00baf54b0[/COLOR] r12=fffffa800547e3c0 r13=0000000000000000
r14=0000000000000006 r15=0000000000000001
iopl=0 nv up ei pl zr na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010246
nt!ExDeferredFreePool+0x1ed:
fffff800`03e12aa9 4c3918 [COLOR="#800080"]cmp qword ptr[/COLOR] [[COLOR="#FF0000"]rax[/COLOR]],[COLOR="#008000"]r11[/COLOR] ds:002b:[COLOR="#FF0000"]00000000`00000000[/COLOR]=????????????????So we have our read instruction performing an illegal.
The instruction was a cmp which is to compare the contents of the r11 register to the address which a pointer is pointing to which is stored in rax. The address is null meaning something has used a null pointer.
So lets look at the callstack.
Code:
fffff880`09e0d2b0 fffff800`03e114f1 : fffff8a0`004e0000 fffff8a0`2529f4d0 fffff8a0`1dbd7348 fffff8a0`1dbd7348 : [COLOR="#FF0000"]nt!ExDeferredFreePool+0x1ed[/COLOR]
fffff880`09e0d340 fffff880`0150aea4 : fffff8a0`16bf8b40 00000000`00000000 00000000`6c66744e 00000000`000007fd : [COLOR="#FF0000"]nt!ExFreePoolWithTag+0x411[/COLOR]
fffff880`09e0d3f0 fffff880`01419279 : fffff8a0`16bf8b40 fffff880`09e0d8b0 fffff880`09e0d501 fffff880`014a0d1e : [COLOR="#800080"]Ntfs! ?? ::NNGAKEGL::`string'+0xbd24[/COLOR]
fffff880`09e0d420 fffff880`0149eb60 : fffffa80`0c4b5010 fffffa80`06722180 fffff8a0`16bf8b40 fffff8a0`2529f4e0 : [COLOR="#800080"]Ntfs!NtfsTeardownFromLcb+0x129[/COLOR]
fffff880`09e0d4b0 fffff880`0148d3b7 : fffffa80`0c4b5010 fffff8a0`16bf8b40 fffffa80`0c4b5010 fffff8a0`16bf8b00 : [COLOR="#800080"]Ntfs!NtfsTeardownStructures+0x200[/COLOR]
fffff880`09e0d530 fffff880`014307c8 : fffffa80`0c4b5010 fffffa80`06722180 fffffa80`05eb7d01 fffff880`09e0d700 : [COLOR="#800080"]Ntfs!NtfsFlushVolume+0x527[/COLOR]
fffff880`09e0d660 fffff880`0141db9f : fffffa80`0c4b5010 fffff880`01379000 fffffa80`065bca60 fffffa80`0c4ed301 : [COLOR="#800080"]Ntfs!NtfsVolumeDasdIo+0x1b8[/COLOR]
fffff880`09e0d710 fffff880`0141f398 : fffffa80`0c4b5010 fffffa80`0c655bd0 fffff880`09e0d801 fffffa80`05eb7c00 : [COLOR="#800080"]Ntfs!NtfsCommonRead+0x5bf[/COLOR]
fffff880`09e0d880 fffff880`01326bcf : fffffa80`0c655fb8 fffffa80`0c655bd0 fffffa80`05eb7cb0 00000000`00000001 : [COLOR="#800080"]Ntfs!NtfsFsdRead+0x1b8[/COLOR]
fffff880`09e0d930 fffff880`013256df : fffffa80`065b78e0 00000000`00000001 fffffa80`065b7800 fffffa80`0c655bd0 : [COLOR="#800080"]fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x24f[/COLOR]
fffff880`09e0d9c0 fffff880`0138535a : 00000000`00000000 00000000`16f74060 00000000`00000001 fffffa80`065b58b0 : [COLOR="#800080"]fltmgr!FltpDispatch+0xcf[/COLOR]
fffff880`09e0da20 00000000`00000000 : 00000000`16f74060 00000000`00000001 fffffa80`065b58b0 fffffa80`0c4ed380 : [COLOR="#FF0000"]AsDsm+0x135a[/COLOR]We have AsDsm calling read I/O operations and removing certain allocations, then it tries to free a pool of memory which is null as we saw with the null pointer and hence our bugcheck.
AsDsm is the ASUS Data Security Manager driver, this is bloatware which should be removed.
Code:
2: kd> [COLOR="#008000"]lmvm AsDsm[/COLOR]
start end module name
fffff880`01384000 fffff880`01391000 AsDsm T (no symbols)
Loaded symbol image file: AsDsm.sys
Image path: \SystemRoot\System32\Drivers\AsDsm.sys
Image name: AsDsm.sys
Timestamp: [COLOR="#FF0000"]Fri Feb 13 06:14:26 2009[/COLOR] (49950FC2)
CheckSum: 0001216E
ImageSize: 0000D000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4It's outdated by over 5 years which is why I'm not surprised your system is crashing.
In your other dump file the situation is very similar.
Code:
0: kd> .cxr 0xfffff8800483eb00;r
rax=000000000000ff7b rbx=fffff8a017667a90 [COLOR="#FF0000"]rcx=01ca0432200be982[/COLOR]
rdx=fffff8a017667a01 rsi=0000000000000000 rdi=0000000000000001
rip=fffff88001618c25 rsp=fffff8800483f4e0 rbp=fffffa80067785a0
r8=0000000000000000 r9=0000000000000001 r10=fffff8800483f5c0
r11=0000000000000000 r12=0000000000000000 r13=00000000c00000d8
r14=0000000000000702 r15=0000000000000705
iopl=0 nv up ei pl nz ac po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010216
Ntfs!NtfsAcquireExclusiveFcb+0x65:
fffff880`01618c25 488b4958 [COLOR="#800080"]mov [/COLOR] [COLOR="#FF0000"]rcx[/COLOR],[COLOR="#800080"]qword ptr[/COLOR] [[COLOR="#FF0000"]rcx+58h[/COLOR]] ds:002b:[COLOR="#FF0000"]01ca0432`200be9da[/COLOR]=????????????????So we tried to copy data from an address calculated by adding the value in rcx + 58 to the rcx register, so why is this a failing operation?
Code:
0: kd> [COLOR="#008000"]!pte 01ca0432200be982[/COLOR]
VA 01ca0432200be982
PXE at FFFFF6FB7DBED040 PPE at FFFFF6FB7DA08640 PDE at FFFFF6FB410C8800 PTE at FFFFF682191005F0
Unable to get PXE FFFFF6FB7DBED040
[COLOR="#FF0000"]WARNING: noncanonical VA, accesses will fault ![/COLOR]Here's our answer, accessing the rcx register is not allowed, if it is accessed then the system will generate an access violation.
It's the same solution as above as it's using bad instruction pointers.
Jared
Sysnative Staff, BSOD Kernel Dump Expert
- Feb 3, 2014
- 1,591
Thanks for the help Patrick, yes all ASUS bloatware should be removed. This includes any / all of these programs you don't use.
Code:
[B][COLOR="#FF0000"]Start Menu\Programs\ASUS
Start Menu\Programs\ASUS\ASUS AP Bank
Start Menu\Programs\ASUS Utility
Start Menu\Programs\ASUS Utility\ASUS Data Security Manager
Start Menu\Programs\ASUS Utility\ASUS Live Update
Start Menu\Programs\ASUS Utility\ASUS Splendid Utility
Start Menu\Programs\ASUS Utility\Net4Switch
Start Menu\Programs\ASUS Utility\SmartLogon
Start Menu\Programs\ASUS Video Magic
Start Menu\Programs\ASUS Video Magic\MediaShow Espresso
Start Menu\Programs\ASUS Video Magic\PowerDirector
Start Menu\Programs\ASUS Video Magic\PowerDVD 9[/COLOR][/B]
Indeed it is! :thumbsup2:
i didn't get BSOD!!
you guys are genius! :)
i would have never thought that an ASUS program would cause such problem :/
btw, did you notice anything else suspicious? or bad? (just asking)
because my laptop takes long to get to desktop :/
like 3 or 4 mins
i didn't get BSOD!!
you guys are genius! :)
i would have never thought that an ASUS program would cause such problem :/
btw, did you notice anything else suspicious? or bad? (just asking)
because my laptop takes long to get to desktop :/
like 3 or 4 mins
New "BSOD_Windows7_Vista_v2.64_jcgriff2_.exe" log is attached.
View attachment new log.zip
but i received the following error while running:
View attachment new log.zip
but i received the following error while running:
That's perfect, thanks.
Startup:
1. You have ESET, McAfee, Malwarebytes, and Spybot all on startup (and installed in general). Pick 1 antivirus (either ESET or McAfee - I'd kick McAfee to the curb), and then remove Spybot. It's really unnecessary, and Malwarebytes will do the job.
2. Uncheck whatever that is regarding FileHippo.
3. Uncheck Internet Downloader.
4. Uncheck Snagit.
You need none of these to execute on startup, as they can just be launched later when you actually need them.
5. As opposed to manually unchecking all of the Asus garbage such as ATKMedia (utility that opens Windows Media Center when the multimedia hotkeys are pressed), uninstall the entire ATK package you have in Control Panel.
Services:
1. Uncheck nVidia Streaming Service.
-- The rest of the stuff there regarding McAfee, Spybot, etc, will disappear when you uninstall them as I recommended above.
Slow startup can also be linked to your Windows having a lot of temp, cache, etc. I'd recommend running CCleaner (DO NOT USE THE REGISTRY CLEANER) - https://www.piriform.com/ccleaner/download/standard
Regards,
Patrick
Startup:
1. You have ESET, McAfee, Malwarebytes, and Spybot all on startup (and installed in general). Pick 1 antivirus (either ESET or McAfee - I'd kick McAfee to the curb), and then remove Spybot. It's really unnecessary, and Malwarebytes will do the job.
2. Uncheck whatever that is regarding FileHippo.
3. Uncheck Internet Downloader.
4. Uncheck Snagit.
You need none of these to execute on startup, as they can just be launched later when you actually need them.
5. As opposed to manually unchecking all of the Asus garbage such as ATKMedia (utility that opens Windows Media Center when the multimedia hotkeys are pressed), uninstall the entire ATK package you have in Control Panel.
Services:
1. Uncheck nVidia Streaming Service.
-- The rest of the stuff there regarding McAfee, Spybot, etc, will disappear when you uninstall them as I recommended above.
Slow startup can also be linked to your Windows having a lot of temp, cache, etc. I'd recommend running CCleaner (DO NOT USE THE REGISTRY CLEANER) - https://www.piriform.com/ccleaner/download/standard
Regards,
Patrick
Hi Patrick ^_^,
In this one, I would suggest against uninstalling the ATK Utility. This is because, I asked a guy to update the utility so he asked the ASUS Support and they suggested him not to remove the ATK Utility but to upgrade it. The reason given by them was that it was necessary for the proper functioning of the (FN key, backlit keyboards and some important other things).
Sadly, I do not remember the post where the guy posted this.
In this one, I would suggest against uninstalling the ATK Utility. This is because, I asked a guy to update the utility so he asked the ASUS Support and they suggested him not to remove the ATK Utility but to upgrade it. The reason given by them was that it was necessary for the proper functioning of the (FN key, backlit keyboards and some important other things).
Sadly, I do not remember the post where the guy posted this.
The first article on Google regarding the Utility :- What Is ATK Hotkey Utility? | eHow
I will try to find more info if it comes with the ASACPI or not as I do not own an ASUS device. Let me check if any friend has it
Has Sysnative Forums helped you? Please consider donating to help us support the site!