Intermittent BSOD

Discussion in 'Windows 7 Blue Screen of Death (BSOD)' started by zhiwoo, Jul 6, 2013.

  1. zhiwoo

    zhiwoo New Member

    Joined:
    Jul 6, 2013
    Messages:
    4
    Likes Received:
    0
    Hello forum members. I've been having intermittent BSOD problems with my PC. It sometimes happens after some use and sometimes on startup. Been having trouble isolating the specific incident/action that is causing it. I've tried to extract as much info as possible using the suggested tools and have placed them in the attached rar file. Your insights as to what is causing the problem would be much appreciated, if there is any further information required please let me know.

    Thank You very much for your time.

    zhiwoo

    View attachment zhiwoo BSOD.rar
     
  2. Captain Jack

    Captain Jack Extraordinary Member

    Joined:
    Mar 6, 2010
    Messages:
    1,952
    Likes Received:
    139
    Hello there!

    Seems like the crashed is caused by klif.sys i.e. Klif Mini-Filter by Kaspersky Internet Security. I would recommend to uninstall Kaspersky Internet Security 2013 completely use to cleanup tool to clean the left over files.

    Code:
    IRQL_NOT_LESS_OR_EQUAL (a)
    An attempt was made to access a pageable (or completely invalid) address at an
    interrupt request level (IRQL) that is too high.  This is usually
    caused by drivers using improper addresses.
    If a kernel debugger is available get the stack backtrace.
    Arguments:
    Arg1: 0000000000000040, memory referenced
    Arg2: 0000000000000002, IRQL
    Arg3: 0000000000000001, bitfield :
    	bit 0 : value 0 = read operation, 1 = write operation
    	bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
    Arg4: fffff80002eec468, address which referenced memory
    
    
    Debugging Details:
    ------------------
    
    
    
    
    WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff8000310d100
    GetUlongFromAddress: unable to read from fffff8000310d1c0
     0000000000000040 Nonpaged pool
    
    
    CURRENT_IRQL:  2
    
    
    FAULTING_IP: 
    nt!KiTryUnwaitThread+28
    fffff800`02eec468 f0480fba6b4000  lock bts qword ptr [rbx+40h],0
    
    
    CUSTOMER_CRASH_COUNT:  1
    
    
    DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT
    
    
    BUGCHECK_STR:  0xA
    
    
    PROCESS_NAME:  csrss.exe
    
    
    TRAP_FRAME:  fffff880029f8780 -- (.trap 0xfffff880029f8780)
    NOTE: The trap frame does not contain all registers.
    Some register values may be zeroed or incorrect.
    rax=fffffa800ad83a38 rbx=0000000000000000 rcx=fffff880009e9180
    rdx=fffffa800ad8b0a0 rsi=0000000000000000 rdi=0000000000000000
    rip=fffff80002eec468 rsp=fffff880029f8910 rbp=0000000000000000
     r8=0000000000000100  r9=0000000000000000 r10=fffffffffffffffd
    r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
    r14=0000000000000000 r15=0000000000000000
    iopl=0         nv up ei pl zr na po nc
    nt!KiTryUnwaitThread+0x28:
    fffff800`02eec468 f0480fba6b4000  lock bts qword ptr [rbx+40h],0 ds:00000000`00000040=????????????????
    Resetting default scope
    
    
    LAST_CONTROL_TRANSFER:  from fffff80002edd569 to fffff80002eddfc0
    
    
    STACK_TEXT:  
    fffff880`029f8638 fffff800`02edd569 : 00000000`0000000a 00000000`00000040 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
    fffff880`029f8640 fffff800`02edc1e0 : 00000000`00000000 00000000`0000000f 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
    fffff880`029f8780 fffff800`02eec468 : 00000000`00000000 fffffa80`092d5bb8 00000000`00000202 fffff800`02ee361a : nt!KiPageFault+0x260
    fffff880`029f8910 fffff800`02ee4403 : fffffa80`0ad83a38 00000000`00000000 fffffa80`0ad83a30 fffffa80`0ad8b518 : nt!KiTryUnwaitThread+0x28
    fffff880`029f8970 fffff800`02ee2646 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSignalSynchronizationObject+0x203
    fffff880`029f89c0 fffff960`0013d25c : 00000000`00000000 fffff960`00000002 00000000`00000000 fffffa80`0ad7ec58 : nt!KeSetEvent+0x106
    fffff880`029f8a30 fffff960`00134c43 : fffff900`c07219f0 00000000`00000001 00000000`00000004 fffff800`02ee6e33 : win32k!SetWakeBit+0xf8
    fffff880`029f8a60 fffff960`0013565b : 00000000`00000000 fffff960`00356f10 00000000`00000004 00000000`00000001 : win32k!TimersProc+0x157
    fffff880`029f8ab0 fffff960`000c5148 : 00000000`0000007b 00000000`0000000f fffff880`00000001 ffffffff`80000368 : win32k!RawInputThread+0x9ab
    fffff880`029f8b80 fffff960`00145e9a : 00000000`00000002 fffff880`029ddf40 fffffa80`093e3060 fffffa80`092d5b30 : win32k!xxxCreateSystemThreads+0x58
    fffff880`029f8bb0 fffff880`035090b2 : 00000000`00000000 fffff800`02ed58ba fffffa80`093e3060 00000000`00000000 : win32k!NtUserCallNoParam+0x36
    fffff880`029f8be0 00000000`00000000 : fffff800`02ed58ba fffffa80`093e3060 00000000`00000000 00000000`00000020 : klif+0x1b0b2
    
    
    
    
    STACK_COMMAND:  kb
    
    
    FOLLOWUP_IP: 
    klif+1b0b2
    fffff880`035090b2 ??              ???
    
    
    SYMBOL_STACK_INDEX:  b
    
    
    SYMBOL_NAME:  klif+1b0b2
    
    
    FOLLOWUP_NAME:  MachineOwner
    
    
    MODULE_NAME: klif
    
    
    IMAGE_NAME:  klif.sys
    
    
    DEBUG_FLR_IMAGE_TIMESTAMP:  5093b16a
    
    
    FAILURE_BUCKET_ID:  X64_0xA_klif+1b0b2
    
    
    BUCKET_ID:  X64_0xA_klif+1b0b2
    
    
    Followup: MachineOwner
    ---------
    
    
    1: kd> lmvm klif
    start             end                 module name
    fffff880`034ee000 fffff880`03591000   klif     T (no symbols)           
        Loaded symbol image file: klif.sys
        Image path: \SystemRoot\system32\DRIVERS\klif.sys
        Image name: klif.sys
        Timestamp:        Fri Nov 02 17:11:30 2012 (5093B16A)
        CheckSum:         000A3BEC
        ImageSize:        000A3000
        Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
    
     
  3. zhiwoo

    zhiwoo New Member

    Joined:
    Jul 6, 2013
    Messages:
    4
    Likes Received:
    0
    HI Shyam,
    Thank you very much for diagnosing that for me. I have uninstalled & reinstalled the latest version of Kaspersky Internet Security and thus far no more BSOD incidents! Will keep monitoring and see. Once again thanks so much for your help!
     

Share This Page

Loading...