Overclock.net › Forums › Software, Programming and Coding › Operating Systems › Windows › Can anyone help me read these minidump files?
New Posts  All Forums:Forum Nav:

Can anyone help me read these minidump files? - Page 6

post #51 of 98
How could I have missed this doh.gif

In multiple crash dumps of yours, it mentions the process crashing is ekrn.exe. Normally, this would mean absolutely nothing as in most cases a process crashing is at the fault of another 3rd party driver, or that's just the process that happened to crash with the system crash. However, ekrn.exe is ESET's NOD32 anti virus, and it may VERY well be NOD32 causing the crash. This would make the MOST sense as you mention you crash very soon after startup, and NOD32 is an anti virus that I can only assume is set to startup.

So, with this being said, let's use the official NOD32 uninstaller to safely and correctly remove the anti virus. Don't worry, you can install this later again if this doesn't end up being the culprit (I find this being very unlikely that it won't be considering this is looking very promising and is connecting with all of the bugchecks and culprits we've seen so far).

Dump for reference:
Code:
Loading Dump File [C:\Users\Cardbox\Downloads\050712-18392-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17790.amd64fre.win7sp1_gdr.120305-1505
Machine Name:
Kernel base = 0xfffff800`02e5a000 PsLoadedModuleList = 0xfffff800`0309e650
Debug session time: Mon May  7 18:59:48.728 2012 (UTC - 4:00)
System Uptime: 0 days 0:01:50.523
Loading Kernel Symbols
...............................................................
................................................................
.................................................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck C4, {e3, fffffa8008c10531, 6d0ef50, 0}

Probably caused by : ntkrnlmp.exe ( nt!VerifierBugCheckIfAppropriate+3c )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
A device driver attempting to corrupt the system has been caught.  This is
because the driver was specified in the registry as being suspect (by the
administrator) and the kernel has enabled substantial checking of this driver.
If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
be among the most commonly seen crashes.
Arguments:
Arg1: 00000000000000e3, Kernel Zw API called with user-mode address as parameter.
Arg2: fffffa8008c10531, Address inside the driver making the incorrect API call.
Arg3: 0000000006d0ef50, User-mode address used as API parameter.
Arg4: 0000000000000000

Debugging Details:
------------------


BUGCHECK_STR:  0xc4_e3

FAULTING_IP: 
+6637643263363463
fffffa80`08c10531 85c0            test    eax,eax

FOLLOWUP_IP: 
nt!VerifierBugCheckIfAppropriate+3c
fffff800`0335f3dc cc              int     3

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VERIFIER_ENABLED_VISTA_MINIDUMP

PROCESS_NAME:  [B]ekrn.exe[/B]

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from fffff8000335f3dc to fffff80002ed6c80

STACK_TEXT:  
fffff880`08501458 fffff800`0335f3dc : 00000000`000000c4 00000000`000000e3 fffffa80`08c10531 00000000`06d0ef50 : nt!KeBugCheckEx
fffff880`08501460 fffff800`0335fec5 : fffffa80`071e7980 fffff800`0336e09a fffff880`084fc000 fffff880`08502000 : nt!VerifierBugCheckIfAppropriate+0x3c
fffff880`085014a0 fffff800`0336139e : 00000000`00000000 00000000`00000028 fffffa80`08c103b9 fffff800`0000051e : nt!ViZwCheckAddress+0x35
fffff880`085014e0 fffff800`03361426 : fffff880`08501628 fffff880`08501628 00000000`00000000 00000000`00000000 : nt!ViZwCheckUnicodeString+0x2e
fffff880`08501520 fffff800`03364d99 : fffffa80`08c10531 00000000`00000000 00000000`70616745 00000000`00000000 : nt!ViZwCheckObjectAttributes+0x26
fffff880`08501550 fffffa80`08c10531 : 00000000`06d0ef50 00000000`00000000 00000000`06d0ef80 00000000`06d0efdc : nt!VfZwOpenFile+0x49
fffff880`08501590 00000000`06d0ef50 : 00000000`00000000 00000000`06d0ef80 00000000`06d0efdc 00000000`00000007 : 0xfffffa80`08c10531
fffff880`08501598 00000000`00000000 : 00000000`06d0ef80 00000000`06d0efdc 00000000`00000007 00000000`00000021 : 0x6d0ef50


STACK_COMMAND:  kb

SYMBOL_STACK_INDEX:  1

SYMBOL_NAME:  nt!VerifierBugCheckIfAppropriate+3c

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  4f558b55

FAILURE_BUCKET_ID:  X64_0xc4_e3_VRF_nt!VerifierBugCheckIfAppropriate+3c

BUCKET_ID:  X64_0xc4_e3_VRF_nt!VerifierBugCheckIfAppropriate+3c

Followup: MachineOwner
---------

post #52 of 98
Thread Starter 
This is correct. I use ESET Smart Security 5 to be precise.

So, must I uninstall it? Either way I'll do a clean re-install but, I guess it'd be worth it to continue with the debugging.
fr0sty
(20 items)
 
SnowFlake
(5 items)
 
 
CPURAMHard DriveHard Drive
Intel Core i7 3520M  Corsair Vengeance DDR3 2x 8GB Samsung EVO SSD Hitachi Apple Hard Drive 5400RPM 
OS
macOS Sierra 
  hide details  
Reply
fr0sty
(20 items)
 
SnowFlake
(5 items)
 
 
CPURAMHard DriveHard Drive
Intel Core i7 3520M  Corsair Vengeance DDR3 2x 8GB Samsung EVO SSD Hitachi Apple Hard Drive 5400RPM 
OS
macOS Sierra 
  hide details  
Reply
post #53 of 98
Correct, uninstall this, but make sure you use the official tool I linked! The tools the AV devs provide always work better than traditional programs & features method. It's the best way to rule out the AV as the issue, or the best way to conclude that is the issue.
post #54 of 98
Thread Starter 
Ok. After I uninstall, what do I do? Also, were all of the dump files containing information about an ekrn crash? I guess I'll have to use MSE then /eww

It has been uninstalled. Although my system feels a little bit slow and it takes forever to log in.

Ok, this is weird: something is taking 100% of the CPU doe no real reason and task manager says it's "System", which is taking around 45% of the CPU power. Still, overall CPU usage is laying at 100%
Edited by Icekilla - 5/8/12 at 2:32pm
fr0sty
(20 items)
 
SnowFlake
(5 items)
 
 
CPURAMHard DriveHard Drive
Intel Core i7 3520M  Corsair Vengeance DDR3 2x 8GB Samsung EVO SSD Hitachi Apple Hard Drive 5400RPM 
OS
macOS Sierra 
  hide details  
Reply
fr0sty
(20 items)
 
SnowFlake
(5 items)
 
 
CPURAMHard DriveHard Drive
Intel Core i7 3520M  Corsair Vengeance DDR3 2x 8GB Samsung EVO SSD Hitachi Apple Hard Drive 5400RPM 
OS
macOS Sierra 
  hide details  
Reply
post #55 of 98
System and System Idle Process should be the ONLY two listed under processes, just like I typed them. If you have SYSTEM rather than System, and it's taking up a high amount of CPU usage, it may be a form malware. The 'System Idle Process' is SUPPOSED to be at 99% most of the time; it represents how much of the CPU is NOT doing work. If it's actually System that's at 100% load, that shouldn't be, and is likely malware, a USB device, or a form of hardware interrupts.

Regardless, at this point, if the load issue is still continuing, you have a few choices:

1. Right off the bat this may be USB device related, or software a USB device is using. In a few dumps "AppleMobileDev" was mentioned as a process name that crashed. Whatever device you have hooked up, or whatever software this is, is likely using a very large amount of CPU memory. It's a known issue, and see here for example. With this being said, remove the device using this process, or remove the software and then check your System usage.

2. If #1 doesn't provide any assistance after doing what I recommended, you can run a malware scan with a program like Malwarebytes to ensure there's no malware effecting the system, you can even temporarily install MSE and run that too.

3. If #2 doesn't provide any assistance after doing what I recommended, download and install Process Explorer to check for hardware interrupts being the issue.

Once you've done that, open Process Explorer and look for "Hardware Interrupts", if it's using 40-50% of CPU usage, it's likely related to hardware interrupts, which then you'd follow:
Quote:
Device Manager -> IDE ATA/ATAPI controllers -> Primay IDE Channel / Secondary IDE Channel -> Properties -> Advanced Settings -> Current Transfer mode.

If "Current Transfer Mode " is "PIO" delete this entry and restart the computer. Let Windows automatically automatically install it upon restart.

3. Last but not least, as you mentioned earlier, you can choose this time to reformat (if you do, don't install NOD32 right away to make sure you get no BSODs without it).
post #56 of 98
Thread Starter 
The problem is that no matter what I do, the system goes slow. I really wanna find the cause of it.

I'll install Process Explorer and run MalwareBytes, see what I can find ok? Honestly, I really want to know what the issue is, but sometimes I think it could be hardware related considering the GPU issue I had when running OCCT.

BTW How do I see hardware interrupts in Process Explorer?
Edited by Icekilla - 5/8/12 at 3:37pm
fr0sty
(20 items)
 
SnowFlake
(5 items)
 
 
CPURAMHard DriveHard Drive
Intel Core i7 3520M  Corsair Vengeance DDR3 2x 8GB Samsung EVO SSD Hitachi Apple Hard Drive 5400RPM 
OS
macOS Sierra 
  hide details  
Reply
fr0sty
(20 items)
 
SnowFlake
(5 items)
 
 
CPURAMHard DriveHard Drive
Intel Core i7 3520M  Corsair Vengeance DDR3 2x 8GB Samsung EVO SSD Hitachi Apple Hard Drive 5400RPM 
OS
macOS Sierra 
  hide details  
Reply
post #57 of 98
Quote:
Originally Posted by Icekilla View Post

I'll install Process Explorer and run MalwareBytes, see what I can find ok?

Have you taken a look at step 1 / what AppleMobileDev is? Get that out of the way first.
post #58 of 98
Thread Starter 
I had an iPhone 4, but it was stolen. I have iTunes installed (alongside other crap Apple installs). Should I uninstall it?

AppleMobileDev is a series of drivers, I guess, for devices like iPods and iPhones, AFAIK. Either way, I'm already uninstalling all that.
Edited by Icekilla - 5/8/12 at 3:43pm
fr0sty
(20 items)
 
SnowFlake
(5 items)
 
 
CPURAMHard DriveHard Drive
Intel Core i7 3520M  Corsair Vengeance DDR3 2x 8GB Samsung EVO SSD Hitachi Apple Hard Drive 5400RPM 
OS
macOS Sierra 
  hide details  
Reply
fr0sty
(20 items)
 
SnowFlake
(5 items)
 
 
CPURAMHard DriveHard Drive
Intel Core i7 3520M  Corsair Vengeance DDR3 2x 8GB Samsung EVO SSD Hitachi Apple Hard Drive 5400RPM 
OS
macOS Sierra 
  hide details  
Reply
post #59 of 98
Quote:
Originally Posted by Icekilla View Post

I had an iPhone 4, but had it stolen. I have iTunes installed (alongside other crap Apple installs). Should I uninstall it?

Whatever is using Apple Mobile Device service, uninstall that. Not sure if iTunes uses that, so it may be another Apple program. As I linked earlier, it has been linked to very high amounts of CPU usage. So I'd take care of that first.
post #60 of 98
Thread Starter 
I uninstalled all of Crapple's software but didn't really help. System is still slow.

Process explorer time?
fr0sty
(20 items)
 
SnowFlake
(5 items)
 
 
CPURAMHard DriveHard Drive
Intel Core i7 3520M  Corsair Vengeance DDR3 2x 8GB Samsung EVO SSD Hitachi Apple Hard Drive 5400RPM 
OS
macOS Sierra 
  hide details  
Reply
fr0sty
(20 items)
 
SnowFlake
(5 items)
 
 
CPURAMHard DriveHard Drive
Intel Core i7 3520M  Corsair Vengeance DDR3 2x 8GB Samsung EVO SSD Hitachi Apple Hard Drive 5400RPM 
OS
macOS Sierra 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Windows
Overclock.net › Forums › Software, Programming and Coding › Operating Systems › Windows › Can anyone help me read these minidump files?