• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Solved BSOD can't point to specific cause (Dump inside)


kurgelis

New Member
Posts
2
#1
Hello,
I'm sorry to bother you helpful people, but it seems that my Laptop (Asus X550L, Win 8.1) has been having random BSODs regardless of what I am doing. Hopefully I'll manage to upload the dump correctly :p

Thank you in advance!
 

My Computer

System One

  • OS
    Windows 8.1
    Computer type
    Laptop
    System Manufacturer/Model Number
    Asus X550L
    Antivirus
    Kaspersky

blueelvis

OMG Debugger!
VIP Member
Pro User
India

Posts
2,097
#2
Hi Kurgelis & Welcome to the forums ^_^,

I have analyzed your dump files and below has been provided an analysis of the same for informative purposes :-
Code:
********************************************************************************                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************


KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure.  The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
Arg2: ffffd00023eecc30, Address of the trap frame for the exception that caused the bugcheck
Arg3: ffffd00023eecb88, Address of the exception record for the exception that caused the bugcheck
Arg4: 0000000000000000, Reserved


Debugging Details:
------------------




TRAP_FRAME:  ffffd00023eecc30 -- (.trap 0xffffd00023eecc30)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffffe001a29c55a0 rbx=0000000000000000 rcx=0000000000000003
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff801bf901bc9 rsp=ffffd00023eecdc0 rbp=ffffe0019d2fd100
 r8=ffffd00023eecde0  r9=000000000000148f r10=ffffe0019d6abd00
r11=00000000000048c5 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei ng nz na pe cy
[COLOR=#ff0000][B][U]gwdrv+0x2bc9[/U][/B][/COLOR]:
fffff801`bf901bc9 ??              ???
Resetting default scope


EXCEPTION_RECORD:  ffffd00023eecb88 -- (.exr 0xffffd00023eecb88)
ExceptionAddress: fffff801bf901bc9 (gwdrv+0x0000000000002bc9)
   ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
  ExceptionFlags: 00000001
NumberParameters: 1
   Parameter[0]: 0000000000000003


CUSTOMER_CRASH_COUNT:  1


DEFAULT_BUCKET_ID:  LIST_ENTRY_CORRUPT


BUGCHECK_STR:  0x139


PROCESS_NAME:  System


CURRENT_IRQL:  2


ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.


EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.


EXCEPTION_PARAMETER1:  0000000000000003


ANALYSIS_VERSION: 6.3.9600.17237 (debuggers(dbg).140716-0327) amd64fre


LAST_CONTROL_TRANSFER:  from fffff800fa1d1ae9 to fffff800fa1c5fa0


STACK_TEXT:  
ffffd000`23eec908 fffff800`fa1d1ae9 : 00000000`00000139 00000000`00000003 ffffd000`23eecc30 ffffd000`23eecb88 : nt!KeBugCheckEx
ffffd000`23eec910 fffff800`fa1d1e10 : ffffd000`23eecca3 ffffe001`a1f69738 00000000`00000000 ffffd000`23eecb80 : nt!KiBugCheckDispatch+0x69
ffffd000`23eeca50 fffff800`fa1d1034 : 00000000`00000004 00000000`00015d9c ffffe001`9d574f50 00000000`00000000 : nt!KiFastFailDispatch+0xd0
ffffd000`23eecc30 fffff801`bf901bc9 : ffffe001`9d201c20 ffffd000`00000000 ffffe001`9dc1c960 ffffe001`9cec37a0 : nt!KiRaiseSecurityCheckFailure+0xf4
ffffd000`23eecdc0 ffffe001`9d201c20 : ffffd000`00000000 ffffe001`9dc1c960 ffffe001`9cec37a0 00000000`00000000 : gwdrv+0x2bc9
ffffd000`23eecdc8 ffffd000`00000000 : ffffe001`9dc1c960 ffffe001`9cec37a0 00000000`00000000 ffffe001`9dc1c978 : 0xffffe001`9d201c20
ffffd000`23eecdd0 ffffe001`9dc1c960 : ffffe001`9cec37a0 00000000`00000000 ffffe001`9dc1c978 00000000`00000002 : 0xffffd000`00000000
ffffd000`23eecdd8 ffffe001`9cec37a0 : 00000000`00000000 ffffe001`9dc1c978 00000000`00000002 ffffe001`a2963200 : 0xffffe001`9dc1c960
ffffd000`23eecde0 00000000`00000000 : ffffe001`9dc1c978 00000000`00000002 ffffe001`a2963200 00000000`00000000 : 0xffffe001`9cec37a0




STACK_COMMAND:  kb


FOLLOWUP_IP: 
gwdrv+2bc9
fffff801`bf901bc9 ??              ???


SYMBOL_STACK_INDEX:  4


SYMBOL_NAME:  gwdrv+2bc9


FOLLOWUP_NAME:  MachineOwner


MODULE_NAME: gwdrv


IMAGE_NAME:  gwdrv.sys


DEBUG_FLR_IMAGE_TIMESTAMP:  53f5af9f


FAILURE_BUCKET_ID:  0x139_3_gwdrv+2bc9


BUCKET_ID:  0x139_3_gwdrv+2bc9


ANALYSIS_SOURCE:  KM


FAILURE_ID_HASH_STRING:  km:0x139_3_gwdrv+2bc9


FAILURE_ID_HASH:  {02eabad7-6b06-703c-84f0-43b530fb44df}


Followup: MachineOwner
---------
According to the Dump file, the "gwdrv.sys" was blamed which is the GlassWire Driver. I would suggest you to uninstall this Program.

Below is a list of the 3rd party drivers present on your system :-
Code:
**************************Wed Sep 10 23:23:24.514 2014 (UTC + 5:30)**************************
ASMMAP64.sys                Thu Jul  2 14:43:26 2009 (4A4C7A36)
atkwmiacpi64.sys            Wed Sep  7 07:14:52 2011 (4E66CC94)
BtAudioBus.sys              Fri Jun 15 08:47:09 2012 (4FDAA935)
BtL2caScoIf.sys             Thu Jul 19 15:17:36 2012 (5007D7B8)
kbfiltr.sys                 Thu Aug  2 08:52:22 2012 (5019F26E)
IntcDAud.sys                Fri Jan 11 19:25:16 2013 (50F019C4)
rtbth.sys                   Wed Mar  6 13:44:39 2013 (5136FAEF)
RtsPer.sys                  Fri Mar  8 14:37:42 2013 (5139AA5E)
IvtUrbBtFlt.sys             Mon Mar 25 08:30:36 2013 (514FBDD4)
DptfDevDram.sys             Tue Apr  9 04:55:01 2013 (516351CD)
DptfDevPch.sys              Tue Apr  9 04:55:04 2013 (516351D0)
DptfDevProc.sys             Tue Apr  9 04:55:10 2013 (516351D6)
DptfManager.sys             Tue Apr  9 04:55:21 2013 (516351E1)
klpd.sys                    Fri Apr 12 17:04:45 2013 (5167F155)
iaStorA.sys                 Tue Apr 23 01:08:05 2013 (5175919D)
dump_iaStorA.sys            Tue Apr 23 01:08:05 2013 (5175919D)
AsusTP.sys                  Thu May  9 14:53:42 2013 (518B6B1E)
RTKVHD64.sys                Tue Jun  4 19:03:09 2013 (51ADEC95)
klim6.sys                   Thu Jul 11 13:23:56 2013 (51DE6494)
netr28x.sys                 Thu Jul 11 14:57:41 2013 (51DE7A8D)
iwdbus.sys                  Thu Jul 25 06:36:12 2013 (51F07A04)
klmouflt.sys                Thu Aug  8 18:39:08 2013 (52039874)
intelppm.sys                Thu Aug 22 14:16:35 2013 (5215CFEB)
TeeDriverx64.sys            Thu Sep  5 23:32:18 2013 (5228C72A)
igdkmd64.sys                Tue Sep 17 05:38:54 2013 (52379D96)
AsHIDSwitch64.sys           Tue Oct  8 07:15:17 2013 (525363AD)
kl1.sys                     Fri Oct 18 14:48:22 2013 (5260FCDE)
kneps.sys                   Thu Oct 31 19:15:52 2013 (52725F10)
Rt630x64.sys                Tue Nov 26 13:02:54 2013 (52944EA6)
klkbdflt.sys                Fri Dec 27 19:05:56 2013 (52BD823C)
klwfp.sys                   Wed Feb  5 19:03:44 2014 (52F23DB8)
[B][U]dtsoftbus01.sys             Fri Feb 21 15:19:36 2014 (53072130)[/U][/B]
klflt.sys                   Sun Mar  2 04:32:12 2014 (531266F4)
klif.sys                    Thu Mar  6 22:08:02 2014 (5318A46A)
nvvad64v.sys                Fri Mar 28 19:02:06 2014 (533579D6)
nvpciflt.sys                Wed Jul  2 23:04:06 2014 (53B4428E)
nvlddmkm.sys                Wed Jul  2 23:12:02 2014 (53B4446A)
NvStreamKms.sys             Fri Jul 25 17:05:56 2014 (53D2411C)
[COLOR=#ff0000][B][U]gwdrv.sys                   Thu Aug 21 14:06:47 2014 (53F5AF9F)[/U][/B][/COLOR]
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Thu May 29 17:51:32.962 2014 (UTC + 5:30)**************************
nvlddmkm.sys                Wed Oct 23 11:51:50 2013 (52676AFE)
nvpciflt.sys                Wed Oct 23 11:52:31 2013 (52676B27)
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Sun Apr 27 21:10:23.968 2014 (UTC + 5:30)**************************
GEARAspiWDM.sys             Fri May  4 01:26:17 2012 (4FA2E2E1)
http://www.carrona.org/drivers/driver.php?id=ASMMAP64.sys
http://www.carrona.org/drivers/driver.php?id=atkwmiacpi64.sys
http://www.carrona.org/drivers/driver.php?id=BtAudioBus.sys
http://www.carrona.org/drivers/driver.php?id=BtL2caScoIf.sys
http://www.carrona.org/drivers/driver.php?id=kbfiltr.sys
http://www.carrona.org/drivers/driver.php?id=IntcDAud.sys
http://www.carrona.org/drivers/driver.php?id=rtbth.sys
http://www.carrona.org/drivers/driver.php?id=RtsPer.sys
http://www.carrona.org/drivers/driver.php?id=IvtUrbBtFlt.sys
http://www.carrona.org/drivers/driver.php?id=DptfDevDram.sys
http://www.carrona.org/drivers/driver.php?id=DptfDevPch.sys
http://www.carrona.org/drivers/driver.php?id=DptfDevProc.sys
http://www.carrona.org/drivers/driver.php?id=DptfManager.sys
http://www.carrona.org/drivers/driver.php?id=klpd.sys
http://www.carrona.org/drivers/driver.php?id=iaStorA.sys
http://www.carrona.org/drivers/driver.php?id=dump_iaStorA.sys
http://www.carrona.org/drivers/driver.php?id=AsusTP.sys
http://www.carrona.org/drivers/driver.php?id=RTKVHD64.sys
http://www.carrona.org/drivers/driver.php?id=klim6.sys
http://www.carrona.org/drivers/driver.php?id=netr28x.sys
http://www.carrona.org/drivers/driver.php?id=iwdbus.sys
http://www.carrona.org/drivers/driver.php?id=klmouflt.sys
http://www.carrona.org/drivers/driver.php?id=intelppm.sys
http://www.carrona.org/drivers/driver.php?id=TeeDriverx64.sys
http://www.carrona.org/drivers/driver.php?id=igdkmd64.sys
http://www.carrona.org/drivers/driver.php?id=AsHIDSwitch64.sys
http://www.carrona.org/drivers/driver.php?id=kl1.sys
http://www.carrona.org/drivers/driver.php?id=kneps.sys
http://www.carrona.org/drivers/driver.php?id=Rt630x64.sys
http://www.carrona.org/drivers/driver.php?id=klkbdflt.sys
http://www.carrona.org/drivers/driver.php?id=klwfp.sys
http://www.carrona.org/drivers/driver.php?id=dtsoftbus01.sys
http://www.carrona.org/drivers/driver.php?id=klflt.sys
http://www.carrona.org/drivers/driver.php?id=klif.sys
http://www.carrona.org/drivers/driver.php?id=nvvad64v.sys
http://www.carrona.org/drivers/driver.php?id=nvpciflt.sys
http://www.carrona.org/drivers/driver.php?id=nvlddmkm.sys
http://www.carrona.org/drivers/driver.php?id=NvStreamKms.sys
gwdrv.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
http://www.carrona.org/drivers/driver.php?id=nvlddmkm.sys
http://www.carrona.org/drivers/driver.php?id=nvpciflt.sys
http://www.carrona.org/drivers/driver.php?id=GEARAspiWDM.sys



Please remove the GlassWire Software. Please remove Daemon Tools till the time we are troubleshooting as well.

Let me know how it goes ^_^.
 

My Computer

System One

  • OS
    Windows 8.1 Industry Pro B-)
    Computer type
    Laptop
    System Manufacturer/Model Number
    Toshiba
    CPU
    Core I5 2430M @ 2.4GHz
    Memory
    8 GB DDR3 @ 1600MHz Dual Channel ^_^
    Graphics Card(s)
    Intel HD 3000 B-)
    Screen Resolution
    1366x768
    Hard Drives
    Toshiba 500 GB
    Browser
    Google Chrome
    Antivirus
    Windows Defender & Common Sense!

kurgelis

New Member
Posts
2
#3
Thank you very much, kind blueelvis! It has been a few days and I haven't experienced a crash! It seems that it really was glasswire, shame, it was an interesting program.

Thanks again!:thumb:
 

My Computer

System One

  • OS
    Windows 8.1
    Computer type
    Laptop
    System Manufacturer/Model Number
    Asus X550L
    Antivirus
    Kaspersky

blueelvis

OMG Debugger!
VIP Member
Pro User
India

Posts
2,097
#4
Thank you very much, kind blueelvis! It has been a few days and I haven't experienced a crash! It seems that it really was glasswire, shame, it was an interesting program.

Thanks again!:thumb:
Hi Kurgelis ^_^,

I am glad to hear that the issue has been resolved ^_^.


Regards,
Pranav
 

My Computer

System One

  • OS
    Windows 8.1 Industry Pro B-)
    Computer type
    Laptop
    System Manufacturer/Model Number
    Toshiba
    CPU
    Core I5 2430M @ 2.4GHz
    Memory
    8 GB DDR3 @ 1600MHz Dual Channel ^_^
    Graphics Card(s)
    Intel HD 3000 B-)
    Screen Resolution
    1366x768
    Hard Drives
    Toshiba 500 GB
    Browser
    Google Chrome
    Antivirus
    Windows Defender & Common Sense!