Jump to content
Newbie12

XP x64 Pro BSOD, apparently caused by KIS 2016

Recommended Posts

Mindump is attached so you can check it out yourself. Does it take this long just to upload the dmp file here in the forums?

 

Hi, Just got a BSOD whilst casually surfing the web on my Windows XP x64 Pro box. Please check it out.

 

Well anyways, here's the full report:

 

--------------------------------------------------------------------------------

Welcome to WhoCrashed (HOME EDITION) v 5.51

--------------------------------------------------------------------------------

 

This program checks for drivers which have been crashing your computer. If your computer has displayed a blue (or black) screen of death, suddenly rebooted or shut down then this program will help you find the root cause and possibly a solution.

 

Whenever a computer suddenly reboots without displaying any notice or blue (or black) screen of death, the first thing that is often thought about is a hardware failure. In reality, on Windows most crashes are caused by malfunctioning device drivers and kernel modules. In case of a kernel error, many computers do not show a blue screen unless they are configured for this. Instead these systems suddenly reboot without any notice.

 

This program will analyze your crash dumps with the single click of a button. It will tell you what drivers are likely to be responsible for crashing your computer. It will report a conclusion which offers suggestions on how to proceed in any situation while the analysis report will display internet links which will help you further troubleshoot any detected problems.

 

To obtain technical support visit www.resplendence.com/support

 

Click here to check if you have the latest version or if an update is available.

 

Just click the Analyze button for a comprehensible report ...

 

 

 

--------------------------------------------------------------------------------

Home Edition Notice

--------------------------------------------------------------------------------

 

This version of WhoCrashed is free for use at home only. If you would like to use this software at work or in a commercial environment you should get the professional edition of WhoCrashed which allows you to perform more thorough and detailed analysis. It also offers a range of additional features such as remote analysis on remote directories and remote computers on the network.

 

Click here for more information on the professional edition.

Click here to buy the the professional edition of WhoCrashed.

 

 

--------------------------------------------------------------------------------

System Information (local)

--------------------------------------------------------------------------------

 

Computer name: THE-BEAST

Windows version: Windows XP x64 Service Pack 2, 5.2, build: 3790

Windows dir: C:\WINDOWS

Hardware: ASUSTeK COMPUTER INC., RAMPAGE IV EXTREME

CPU: GenuineIntel Intel® Core i7-3970X CPU @ 3.50GHz Intel586, level: 6

12 logical processors, active mask: 4095

RAM: 68654759936 bytes total

 

 

 

 

--------------------------------------------------------------------------------

Crash Dump Analysis

--------------------------------------------------------------------------------

 

Crash dump directory: C:\WINDOWS\Minidump

 

Crash dumps are enabled on your computer.

 

On Sun 27/03/2016 2:17:03 AM GMT your computer crashed

crash dump file: C:\WINDOWS\Minidump\Mini032716-01.dmp

This was probably caused by the following module: kneps.sys (kneps+0xA87D)

Bugcheck code: 0xFC (0xFFFFF800011B84E0, 0x80000000011B8963, 0xFFFFFAD98A8F65A0, 0x0)

Error: ATTEMPTED_EXECUTE_OF_NOEXECUTE_MEMORY

file path: C:\WINDOWS\system32\drivers\kneps.sys

product: System Interceptors PDK

company: Kaspersky Lab ZAO

description: Network Processor [fre_wnet_x64]

Bug check description: This indicates that an attempt was made to execute non-executable memory.

This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules. There is a possibility this problem was caused by a virus or other malware.

A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: kneps.sys (Network Processor [fre_wnet_x64], Kaspersky Lab ZAO).

Google query: Kaspersky Lab ZAO ATTEMPTED_EXECUTE_OF_NOEXECUTE_MEMORY

 

 

 

On Fri 19/02/2016 10:23:45 AM GMT your computer crashed

crash dump file: C:\WINDOWS\Minidump\Mini021916-01.dmp

This was probably caused by the following module: tcpip.sys (tcpip+0x13A94)

Bugcheck code: 0xFC (0xFFFFF800011B84E0, 0x80000000011B8963, 0xFFFFFAD98A8F65A0, 0x0)

Error: ATTEMPTED_EXECUTE_OF_NOEXECUTE_MEMORY

file path: C:\WINDOWS\system32\drivers\tcpip.sys

product: Microsoft® Windows® Operating System

company: Microsoft Corporation

description: TCP/IP Protocol Driver

Bug check description: This indicates that an attempt was made to execute non-executable memory.

This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules. There is a possibility this problem was caused by a virus or other malware.

The crash took place in a standard Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system that cannot be identified at this time.

Google query: Microsoft Corporation ATTEMPTED_EXECUTE_OF_NOEXECUTE_MEMORY

 

 

 

 

 

--------------------------------------------------------------------------------

Conclusion

--------------------------------------------------------------------------------

 

2 crash dumps have been found and analyzed. 2 third party drivers have been identified to be causing system crashes on your computer. It is strongly suggested that you check for updates for these drivers on their company websites. Click on the links below to search with Google for updates for these drivers:

 

tcpip.sys (TCP/IP Protocol Driver, Microsoft Corporation)

kneps.sys (Network Processor [fre_wnet_x64], Kaspersky Lab ZAO)

 

If no updates for these drivers are available, try searching with Google on the names of these drivers in combination with the errors that have been reported for these drivers. Include the brand and model name of your computer as well in the query. This often yields interesting results from discussions on the web by users who have been experiencing similar problems.

 

 

Read the topic general suggestions for troubleshooting system crashes for more information.

 

Note that it's not always possible to state with certainty whether a reported driver is responsible for crashing your system or that the root cause is in another module. Nonetheless it's suggested you look for updates for the products that these drivers belong to and regularly visit Windows update or enable automatic updates for Windows. In case a piece of malfunctioning hardware is causing trouble, a search with Google on the bug check errors together with the model name and brand of your computer may help you investigate this further.

Edited by Newbie12

Share this post


Link to post
Mindump is attached so you can check it out yourself. Does it take this long just to upload the dmp file here in the forums?

 

Hi, Just got a BSOD whilst casually surfing the web on my Windows XP x64 Pro box. Please check it out.

 

Well anyways, here's the full report:

Can't even edit the original post.... :/ oh Well, I've managed to upload the dump file, it's in a zip file as I can't upload the dump file directly... Please check the attachment out.

Mini032716_01.zip

Share this post


Link to post

Gday from the indian ocean coast ... W.A

 

The experts in here will ask you for a GSI report please read this page and supply a GSI report as mentioned there.

 

https://forum.kaspersky.com/index.php?showtopic=915

 

This is used by experts to see what is happening under the hood with regards to kaspersky and the computer.

 

Well worth doing what the page states.

 

cheers

 

 

 

 

Share this post


Link to post

I dont think XP is supported anymore and there is likely going to be unpatched security issues with it.

Share this post


Link to post

Hello,

 

CdaC15BA.sys, e1c51x64.sys, I am not sure where are these two files on your disk, maybe in drivers folder. You should try to find and delete them after backup.

 

the minidump show KL driver lead to BSOD, But some strange stack record in your uploaded dump file. Minidump provide too little available information, it is recommended that you provide a complete memory dump file to KL for analysis via https://my.kaspersky.com/.

 

Regards

Share this post


Link to post
Gday from the indian ocean coast ... W.A

 

The experts in here will ask you for a GSI report please read this page and supply a GSI report as mentioned there.

 

https://forum.kaspersky.com/index.php?showtopic=915

 

This is used by experts to see what is happening under the hood with regards to kaspersky and the computer.

 

Well worth doing what the page states.

 

cheers

 

Yo, oh you're way up there in the North, I'm in Perth. :P

 

Alright, I'll do that when I get back onto my tower....

 

I dont think XP is supported anymore and there is likely going to be unpatched security issues with it.

It is, KIS 2016 supports both XP 32-bit and 64-bit, unless they recently removed that and did some *under the hood* changes rendering it broken under XP systems.....

 

Hello,

 

CdaC15BA.sys, e1c51x64.sys, I am not sure where are these two files on your disk, maybe in drivers folder. You should try to find and delete them after backup.

 

the minidump show KL driver lead to BSOD, But some strange stack record in your uploaded dump file. Minidump provide too little available information, it is recommended that you provide a complete memory dump file to KL for analysis via https://my.kaspersky.com/.

 

Regards

So you're saying it wasn't KIS that caused the crash but rather those two drivers?

According to this: http://systemexplorer.net/file-database/fi...64-sys/24439914, e1c51x64.sys appears to be my NIC driver....so I'm guessing if I delete that....I won't have access to the network because the driver is deleted? Unless it loads up MS's own generic one which I'm not even sure if it works on this particular motherboard? But chipset is Intel, so I'm guessing they'll pull an Intel one and try to install that...?

 

And according to this: http://www.file.net/process/cdac15ba.sys.html, CdaC15BA.sys appears to be some sort of CD copy protection mechanism....I'm guessing left over DRM from a game I installed or just DRM from a game that's still installed.

 

But regardless, I will delete both after backing them up elsewhere, and see what happens.

 

A complete memory dump, are you serious!? I doubt you would want to wait until I upload 64GB(or possibly more as page file must equal RAM amount or more for a complete memory dump) with a 72KB/s max upload speed and that's only when I'm the only one using the internet in the household....though I suppose I could attempt to compress it a much as I can into a 7z format and then upload that......though not sure how much compressed it would be compared the original file size... Actually, I don't even think I have that much space left on my SSD.........but I'll check....

Edited by Newbie12

Share this post


Link to post

Ok, here's the link someone requested: http://www.getsysteminfo.com/read.php?file...395a96008caa9fa - didn't mention I had to run the program as admin and not as current user.....as I couldn't see the getsysteminfo.zip it was supposed to create until I ran it with an admin account.

 

Yeah, had another BSOD sometime today again, here's the minidump in attachment, please check it out to see if it's the same cause or a different one. WhoCrashed says the same but you might say different with your experienced BSOD dump analyzing skills! :b_lol1:

 

Oh yeah, had a few of these application errors that I tried sending through....check attachment for screenshot... Heh.

 

um, oh yes. The drivers you wanted me to delete, can only be deleted by admin of course.... I have deleted them as I am typing this post. Let's seee what happens....after a reset....

 

Oh yes, I do have room, it's only the other partition that doesn't have more than 64GB free space. If you want, I can still go ahead and do a complete memory dump whenever the next BSOD occurs....I'll just have to change it from small to complete kernel dump and obviously raise the page file to match that of my ram size or bigger...but up to you, your call. I'll only change if you say so.

Mini032716_02.7z

post-541807-1459080598_thumb.png

Edited by Newbie12

Share this post


Link to post

As a troubleshooting step, please uninstall Malwarebytes and Superantispyware.

 

Download the latest 82579V LAN driver from here https://downloadcenter.intel.com/download/1...e?product=47549

Uninstall your current 11.13.51.0 LAN version and install the 12.6.45.0 from the XP x64 package.

 

Uninstall your current KIS version keeping only license info.

Upgrade to the latest KIS here: https://forum.kaspersky.com/index.php?showtopic=344430

 

Share this post


Link to post

And after a rest, I could not access the internet because the NIC driver was not found of course.

 

As a troubleshooting step, please uninstall Malwarebytes and Superantispyware.
Done.

 

Download the latest 82579V LAN driver from here https://downloadcenter.intel.com/download/1...e?product=47549

Uninstall your current 11.13.51.0 LAN version and install the 12.6.45.0 from the XP x64 package.

Done.

 

Uninstall your current KIS version keeping only license info.

Upgrade to the latest KIS here: https://forum.kaspersky.com/index.php?showtopic=344430

And done.....hmmm, looks like it crashes as soon as it tries to open........

 

And in the attachment seems to be the culprit...

 

Here's the rest of the description log:

Application: avpui.exe

Framework Version: v4.0.30319

Description: The application requested process termination through System.Environment.FailFast(string message).

Message: Terminate on fatal exception on start application

Stack:

at System.Environment.FailFast(System.String, System.Exception)

at KasperskyLab.UI.Common.ExceptionPolicy.ProcessExceptionOnStartApplication(System

.Exception, System.String)

at KasperskyLab.Kis.UI.App.<OnStartup>b__d(System.Exception)

at KasperskyLab.UI.Common.Vb.ExceptionsProcessor.ExecuteActionWithExceptionFilter(S

ystem.Action, System.Func`2<System.Exception,Boolean>)

at Microsoft.Practices.Unity.UnityContainer.DoBuildUp(System.Type, System.Object, System.String, System.Collections.Generic.IEnumerable`1<Microsoft.Practices.Unity.ResolverOverride>)

at Microsoft.Practices.Unity.UnityContainer.DoBuildUp(System.Type, System.String, System.Collections.Generic.IEnumerable`1<Microsoft.Practices.Unity.ResolverOverride>)

at Microsoft.Practices.Unity.UnityContainer.Resolve(System.Type, System.String, Microsoft.Practices.Unity.ResolverOverride[])

at Microsoft.Practices.Unity.UnityContainerExtensions.Resolve[[system.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](Microsoft.Practices.Unity.IUnityContainer, System.String, Microsoft.Practices.Unity.ResolverOverride[])

at KasperskyLab.Kis.UI.Bootstrapper.CreateShell()

at Microsoft.Practices.Prism.UnityExtensions.UnityBootstrapper.Run(Boolean)

at Microsoft.Practices.Prism.Bootstrapper.Run()

at KasperskyLab.Kis.UI.App.<OnStartup>b__1()

at KasperskyLab.UI.Common.Vb.ExceptionsProcessor.ExecuteActionWithExceptionFilter(S

ystem.Action, System.Func`2<System.Exception,Boolean>)

at KasperskyLab.Kis.UI.App.OnStartup(System.Windows.StartupEventArgs)

at System.Windows.Application.<.ctor>b__1(System.Object)

at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)

at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)

at System.Windows.Threading.Dispatcher.WrappedInvoke(System.Delegate, System.Object, Int32, System.Delegate)

at System.Windows.Threading.DispatcherOperation.InvokeImpl()

at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Obje

ct)

at System.Threading.ExecutionContext.runTryCode(System.Object)

at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(

TryCode, CleanupCode, System.Object)

at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)

at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)

at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)

at System.Windows.Threading.DispatcherOperation.Invoke()

at System.Windows.Threading.Dispatcher.ProcessQueue()

at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)

at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)

at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)

at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)

at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)

at System.Windows.Threading.Dispatcher.WrappedInvoke(System.Delegate, System.Object, Int32, System.Delegate)

at System.Windows.Threading.Dispatcher.InvokeImpl(System.Windows.Threading.Dispatch

erPriority, System.TimeSpan, System.Delegate, System.Object, Int32)

at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)

at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)

at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.Dispa

tcherFrame)

at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.Dispatche

rFrame)

at System.Windows.Threading.Dispatcher.Run()

at System.Windows.Application.RunDispatcher(System.Object)

at System.Windows.Application.RunInternal(System.Windows.Window)

at System.Windows.Application.Run(System.Windows.Window)

at System.Windows.Application.Run()

at KasperskyLab.Kis.UI.EntryPoint.StartImpl(KasperskyLab.Kis.UI.Services.GuiStartMo

de, System.Action`1<Microsoft.Practices.Unity.IUnityContainer>, System.Collections.Generic.IEnumerable`1<System.Type>, System.Func`1<System.IDisposable>)

at KasperskyLab.Kis.UI.EntryPoint+<>c__DisplayClass12.<Start>b__f()

at KasperskyLab.UI.Common.Vb.ExceptionsProcessor.ExecuteActionWithExceptionFilter(S

ystem.Action, System.Func`2<System.Exception,Boolean>)

at KasperskyLab.Kis.UI.EntryPoint.Start(KasperskyLab.Kis.UI.Services.GuiStartMode, System.Action`1<Microsoft.Practices.Unity.IUnityContainer>, System.Collections.Generic.IEnumerable`1<System.Type>, System.Func`1<System.IDisposable>)

at KasperskyLab.Kis.UI.EntryPoint+<>c__DisplayClassd.<PreloadImpl>b__c()

at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)

at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)

at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)

at System.Threading.ThreadHelper.ThreadStart()

 

 

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

 

...um, have they remove XP support in this build...? Rendering it completely broken for XP users.....? Or is it just me? :huh:

post-541807-1459092402_thumb.png

Edited by Newbie12

Share this post


Link to post

Try uninstalling and reinstalling the latest version of NET framework for Windows XP and see if it fixes the latest issue.

Share this post


Link to post
Try uninstalling and reinstalling the latest version of NET framework for Windows XP and see if it fixes the latest issue.

The latest version of .NET framework that still works under XP systems is v4.0, 4.5 and higher have removed XP support requiring a minimum of VISTA or 7(and won't even install if it detects XP and yes I've actually tried to install 4.5 and later editions), I believe. However here, filehippo neglects to edit that even though I've emailed them to change and had sent screenshots as proof when I had to install KIS 2015(which also required a minimum of v4.0) at the time....

Edited by Newbie12

Share this post


Link to post

Oh I see, there's like only a few or so minutes left before the edit button is disabled and you can't edit you post even if you had it on edit mode after the expiry time...

-----------------------------------------

 

And it works! Wooo, uninstalled using Revo and then downloaded and installed that .Net 4 framework from Filehippo.

 

Ok, so what's next boss?

Edited by Newbie12

Share this post


Link to post

If you've already done all I've listed in my post (update LAN, update KIS, temporarily uninstall MBAM and SAS) then all that remains is to see whether the BSOD still occurs. Use your PC as you would usually and if the problem still occurs, please contact official support and send them an updated GSI log of your system and a Kernel memory dump if a complete one is too big.

Edited by 3x0gR13N

Share this post


Link to post
If you've already done all I've listed in my post (update LAN, update KIS, temporarily uninstall MBAM and SAS) then all that remains is to see whether the BSOD still occurs. Use your PC as you would usually and if the problem still occurs, please contact official support and send them an updated GSI log of your system and a Kernel memory dump if a complete one is too big.

Oh ok, sure.

 

When contacting support, please do not forget to generate and attach a complete (full) crash dump: http://support.kaspersky.com/general/dumps/6200#block1

Oh well the other guy said it's fine to just do a "Small memory dump (128KB)" rather than a Kernel memory dump...and since I have 64GB of RAM, that'll be the file size I'll need to get over to official support somehow....with my slow 72KB/s upload speed at its best.....

 

So Kernel memory dump or Small memory dump(as there are only two options that is given to me, see attachment)?

 

Also, I noticed that the taskbar icon for KIS 2016 no longer shows, even if I load KIS 2016 manually(so it would seem either the GUI is not loaded or the actual program isn't even loaded into memory thus I was going without protection this entire time!)....is that suppose to happen?

 

Anyways, so far so good...no BSODs yet. I also noticed much snappier login time to get into admin account(or at least this one time today that I just logged in into the admin account)...(either KIS 2016 not loading properly or the other two anti-malware programs were the cause...or something else....)as before it would just load to the desktop(so you would see the empty desktop background with no desktop icons or taskbar) but the actual GUI wouldn't display until after a few or so minutes of wait....however this doesn't seem to affect the standard account I usually login into.......know any ideas why? ...oh, might be to do with pre-caching/prefetch (which is disabled) and all that, but since I'm running this on an SSD, that shouldn't be the cause....could it?

post-541807-1459258221_thumb.png

Edited by Newbie12

Share this post


Link to post

Ok, I've now changed dump to Kernel memory dump from Small memory dumb (128KB) and moved the dump file onto another HDD so if it does turn out to be 64GB or bigger, at least it won't clog up the SSD. I've also moved the pagefile and increased it to 98211MB (Min 16, max 98211) to the same HDD the dump will be in if I ever get a BSOD in future. I've also turned off windows firewall because I already got KIS 2016 covering that aspect, I don't need to two layers of firewall.... :P

 

Anyways, so far no problems, so I guess either uninstalling those two programs and or updating the the MR1 release fixed it.........so should I go and re-install back those two programs...? Or should I keep waiting...?

Edited by Newbie12

Share this post


Link to post
Download the latest 82579V LAN driver from here https://downloadcenter.intel.com/download/1...e?product=47549

Uninstall your current 11.13.51.0 LAN version and install the 12.6.45.0 from the XP x64 package.

Hmmm, I think the latest driver for LAN is kinda flaky(I've already tried re-installing them thinking I got a corrupt install or something and still didn't fix it), the Ethernet connects and then disconnects itself and then re-connects itself every time I plug in a USB storage device, no matter which ports I go on, the same results and more so on the front panel USB 3.0 ones where if I plug in my flash drive, or external HDD to backup some stuff or just move stuff around, the Ethernet adapter disconnects itself completely for the remaining period that the computer stays on and cannot be re-connected, even if I pull out the cable and plug it back it. Here, I will show you what I mean, and one I just did today(and of course just imagine it on repeat sometimes for as long as well as long as I am using the computer and its turned on....heh and as short as those two files that just happen now and then...randomly...). It also seems to do it when I'm transferring files over from computer to USB and vice versa. And I might actually suspect this could be a cause for my USB drives disconnecting and then (maybe if they want to), reconnect themselves during a file/folder transfer and it is pretty annoying especially when you're moving several gigabytes of data and then suddenly it gets cut off and then you need to redo it again....

 

It actually started once I installed the updated drivers and thought nothing of it as you know thinking it's probably a one off, then gradually it became a thing and then thought, ok maybe it will just eventually go away.....and now.......

 

I've also tried the ones that came from the manufacturer's website and they appear to be the exact same version.....so.....what do?

Edited by Newbie12

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.