Technology Tips and News
Hi, my computer (Lenovo Ideapad U430 touch) showed me the BSOD twice today, both telling me it was the Kernel Security Check Failure.
Here are my DMP files: https://www.dropbox.com/s/d4gwlgxg6pj75u8/DMPfiles.zip?dl=0
Could I get any help on what is the problem?
Thanks,
V.
Easy. Your Panda security. Remove it
Microsoft (R) Windows Debugger Version 10.0.10166.9 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\zigza\Desktop\072315-40437-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred SRV*E:\Symbols*http://msdl.microsoft.com/download/symbols
Symbol search path is: SRV*E:\Symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
No .natvis files found at C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\Visualizers.
Windows 8.1 Kernel Version 9600 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 9600.17736.amd64fre.winblue_r9.150322-1500
Machine Name:
Kernel base = 0xfffff802`49e7b000 PsLoadedModuleList = 0xfffff802`4a154850
Debug session time: Thu Jul 23 09:13:37.008 2015 (UTC - 4:00)
System Uptime: 0 days 0:04:51.109
Loading Kernel Symbols
...............................................................
................................................................
..........................................................
Loading User Symbols
Loading unloaded module list
........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 139, {3, ffffd0007017f3f0, ffffd0007017f348, 0}
*** WARNING: Unable to verify timestamp for PSINFile.sys
*** ERROR: Module load completed but symbols could not be loaded for PSINFile.sys
Probably caused by : PSINFile.sys ( PSINFile+50fa )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure. The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
Arg2: ffffd0007017f3f0, Address of the trap frame for the exception that caused the bugcheck
Arg3: ffffd0007017f348, Address of the exception record for the exception that caused the bugcheck
Arg4: 0000000000000000, Reserved
Debugging Details:
------------------
SYSTEM_SKU: LENOVO_MT_20270
SYSTEM_VERSION: IdeaPad U430 Touch
BIOS_DATE: 09/06/2013
BASEBOARD_PRODUCT: Cherry 4A Touch
BASEBOARD_VERSION: 31900003STD
BUGCHECK_P1: 3
BUGCHECK_P2: ffffd0007017f3f0
BUGCHECK_P3: ffffd0007017f348
BUGCHECK_P4: 0
TRAP_FRAME: ffffd0007017f3f0 -- (.trap 0xffffd0007017f3f0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffffe001ce176f90 rbx=0000000000000000 rcx=0000000000000003
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80249ffce91 rsp=ffffd0007017f580 rbp=fffff8018f400000
r8=0000000000000000 r9=0000000000000000 r10=fffff8024a1804a0
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz ac pe cy
nt! ?? ::FNODOBFM::`string'+0x20cd1:
fffff802`49ffce91 cd29 int 29h
Resetting default scope
EXCEPTION_RECORD: ffffd0007017f348 -- (.exr 0xffffd0007017f348)
ExceptionAddress: fffff80249ffce91 (nt! ?? ::FNODOBFM::`string'+0x0000000000020cd1)
ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001
NumberParameters: 1
Parameter[0]: 0000000000000003
Subcode: 0x3 FAST_FAIL_CORRUPT_LIST_ENTRY
CPU_COUNT: 4
CPU_MHZ: 6a0
CPU_VENDOR: GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: 45
CPU_STEPPING: 1
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: LIST_ENTRY_CORRUPT
BUGCHECK_STR: 0x139
PROCESS_NAME: System
CURRENT_IRQL: 2
ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
EXCEPTION_PARAMETER1: 0000000000000003
ANALYSIS_VERSION: 10.0.10166.9 amd64fre
LAST_CONTROL_TRANSFER: from fffff80249fd77e9 to fffff80249fcbca0
STACK_TEXT:
ffffd000`7017f0c8 fffff802`49fd77e9 : 00000000`00000139 00000000`00000003 ffffd000`7017f3f0 ffffd000`7017f348 : nt!KeBugCheckEx
ffffd000`7017f0d0 fffff802`49fd7b10 : fffff799`40000000 fffffa80`01446f30 ffffb001`b6201000 fffff802`49ec9f17 : nt!KiBugCheckDispatch+0x69
ffffd000`7017f210 fffff802`49fd6d34 : ffffe001`d502e018 ffffc000`a7f3fb80 ffffe001`c5556018 00000000`00000000 : nt!KiFastFailDispatch+0xd0
ffffd000`7017f3f0 fffff802`49ffce91 : 00000000`00000000 00000000`00000000 fffff801`939df102 00000000`00000008 : nt!KiRaiseSecurityCheckFailure+0xf4
ffffd000`7017f580 fffff801`939cb0fa : ffffe001`ce5c1e50 ffffe001`d511b420 00000000`00000008 ffffe001`d511b420 : nt! ?? ::FNODOBFM::`string'+0x20cd1
ffffd000`7017f5b0 ffffe001`ce5c1e50 : ffffe001`d511b420 00000000`00000008 ffffe001`d511b420 00000000`00000000 : PSINFile+0x50fa
ffffd000`7017f5b8 ffffe001`d511b420 : 00000000`00000008 ffffe001`d511b420 00000000`00000000 fffff801`8f409b21 : 0xffffe001`ce5c1e50
ffffd000`7017f5c0 00000000`00000008 : ffffe001`d511b420 00000000`00000000 fffff801`8f409b21 ffffe001`ce5c1df0 : 0xffffe001`d511b420
ffffd000`7017f5c8 ffffe001`d511b420 : 00000000`00000000 fffff801`8f409b21 ffffe001`ce5c1df0 ffffe001`d511b420 : 0x8
ffffd000`7017f5d0 00000000`00000000 : fffff801`8f409b21 ffffe001`ce5c1df0 ffffe001`d511b420 ffffe001`ce5c1e08 : 0xffffe001`d511b420
STACK_COMMAND: kb
FOLLOWUP_IP:
PSINFile+50fa
fffff801`939cb0fa ?? ???
SYMBOL_STACK_INDEX: 5
SYMBOL_NAME: PSINFile+50fa
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: PSINFile
IMAGE_NAME: PSINFile.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 543c2baa
BUCKET_ID_FUNC_OFFSET: 50fa
FAILURE_BUCKET_ID: 0x139_3_PSINFile!Unknown_Function
BUCKET_ID: 0x139_3_PSINFile!Unknown_Function
PRIMARY_PROBLEM_CLASS: 0x139_3_PSINFile!Unknown_Function
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0x139_3_psinfile!unknown_function
FAILURE_ID_HASH: {db2e8d74-17ec-a8f8-bf42-08a06cb5415c}
Followup: MachineOwner
---------
0: kd> lmvm PSINFile
Browse full module list
start end module name
fffff801`939c6000 fffff801`939e6000 PSINFile T (no symbols)
Loaded symbol image file: PSINFile.sys
Image path: \SystemRoot\system32\DRIVERS\PSINFile.sys
Image name: PSINFile.sys
Browse all global symbols functions data
Timestamp: Mon Oct 13 15:44:42 2014 (543C2BAA)
CheckSum: 00029998
ImageSize: 00020000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
Hello,
Just for your reference, there are discussion on the same question on the Pandas forum:
http://support.pandasecurity.com/forum/viewtopic.php?f=65&t=3274
Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.
This topic is archived. No further replies will be accepted.
Other recent topics
Click here to get your free copy of Network Administrator. Over 25 plugins to make your life easier