After installing Windows6.0-KB938194-x64, and Windows6.0-KB938979-x64 Kaspersky, jetico firewall, and kerio firewall crash system.
After installing both the updates from the Microsoft site (first from
connect then from Microsoft.com), I started to receive BSODS things that I
had installed were Kaspersky and Jetico Firewall both the versions that are
compatibile with x64 vista, mind you that before the updates everything was
running solid, and very stable no issues what so ever. After doing the
updates I came across these crashes, so I was stumpped I could'nt think of
what was making it BSOD so I deciced to investigate further I installed the
x64 debugging toolkit and started to look at the memory dumps and the
minidumps and come to find out it was klif.sys which is from Kaspersky and
bc_ngn.sys which is from Jetico. Seems Microsoft is either eliminating the
competition or there just eliminating poorly written drivers. Now funny
thing is that I run NOD32 as of now no issues what so ever and NOD32 is an
older antivirus toolkit than the earlier tools I had installed. If anyone
else is experiencing issues like this please repost ASAP so these issues are
stated back to Microsoft. I do want to say that working on Vista is a
pleasure out of all the releases of Windows I think that Vista is at its
prime and is suiting its name. I will post the dumps and my system specs.
OS Name Microsoft® Windows VistaT Ultimate
Version 6.0.6000 Build 6000
Other OS Description Not Available
OS Manufacturer Microsoft Corporation
System Name HBX-PC
System Manufacturer Gateway
System Model GT5058
System Type x64-based PC
Processor AMD Athlon(tm) 64 X2 Dual Core Processor 3800+, 2000 Mhz, 2
Core(s), 2 Logical Processor(s)
BIOS Version/Date Phoenix Technologies, LTD 6.00 PG, 2/10/2006
SMBIOS Version 2.2
Windows Directory C:\Windows
System Directory C:\Windows\system32
Boot Device \Device\HarddiskVolume2
Locale United States
Hardware Abstraction Layer Version = "6.0.6000.16386"
User Name HBX-PC\HBX
Time Zone Eastern Daylight Time
Total Physical Memory 2,045.94 MB
Available Physical Memory 575.52 MB
Total Virtual Memory 4.22 GB
Available Virtual Memory 2.04 GB
Page File Space 2.29 GB
Page File C:\pagefile.sys
Microsoft (R) Windows Debugger Version 6.7.0005.1
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File
[C:\Users\HBX\AppData\Local\Temp\WER921C.tmp\Mini08 0507-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: *** Invalid ***
************************************************** **************************
* Symbol loading may be unreliable without a symbol search path. *
* Use .symfix to have the debugger choose a symbol path. *
* After setting your symbol path, use .reload to refresh symbol locations. *
************************************************** **************************
Executable search path is:
************************************************** *******************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
************************************************** *******************
Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for
ntoskrnl.exe
Windows Vista Kernel Version 6000 MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0xfffff800`02800000 PsLoadedModuleList = 0xfffff800`0299af50
Debug session time: Sun Aug 5 21:05:20.893 2007 (GMT-4)
System Uptime: 0 days 0:08:00.409
************************************************** *******************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
************************************************** *******************
Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for
ntoskrnl.exe
Loading Kernel Symbols
.................................................. .................................................. .................................................. ......
Loading User Symbols
Loading unloaded module list
........
************************************************** *****************************
*
*
* Bugcheck Analysis
*
*
*
************************************************** *****************************
Use !analyze -v to get detailed debugging information.
BugCheck C4, {81, fffffa80037d0dd0, a, 0}
Unable to load image \SystemRoot\System32\Drivers\bc_ngn.sys, Win32 error
0n2
*** WARNING: Unable to verify timestamp for bc_ngn.sys
*** ERROR: Module load completed but symbols could not be loaded for
bc_ngn.sys
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
************************************************** ***********************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
************************************************** ***********************
Probably caused by : bc_ngn.sys ( bc_ngn+2a4d )
DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
A device driver attempting to corrupt the system has been caught. This is
because the driver was specified in the registry as being suspect (by the
administrator) and the kernel has enabled substantial checking of this
driver.
If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA
will
be among the most commonly seen crashes.
Parameter 1 = 0x1000 .. 0x1020 - deadlock verifier error codes.
Typically the code is 0x1001 (deadlock detected) and you can
issue a '!deadlock' KD command to get more information.
Arguments:
Arg1: 0000000000000081, MmMapLockedPages called without MDL_MAPPING_CAN_FAIL
Arg2: fffffa80037d0dd0, MDL address.
Arg3: 000000000000000a, MDL flags.
Arg4: 0000000000000000, 0.
Debugging Details:
------------------
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
************************************************** ***********************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
************************************************** ***********************
MODULE_NAME: bc_ngn
FAULTING_MODULE: fffff80002800000 nt
DEBUG_FLR_IMAGE_TIMESTAMP: 46568106
BUGCHECK_STR: 0xc4_81
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WRONG_SYMBOLS
LAST_CONTROL_TRANSFER: from fffff80002c0937d to fffff8000284dbd0
Microsoft (R) Windows Debugger Version 6.7.0005.1
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File
[C:\Users\HBX\AppData\Local\Temp\WER4F97.tmp\Mini08 0607-03.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: *** Invalid ***
************************************************** **************************
* Symbol loading may be unreliable without a symbol search path. *
* Use .symfix to have the debugger choose a symbol path. *
* After setting your symbol path, use .reload to refresh symbol locations. *
************************************************** **************************
Executable search path is:
************************************************** *******************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
************************************************** *******************
Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for
ntoskrnl.exe
Windows Vista Kernel Version 6000 MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0xfffff800`02800000 PsLoadedModuleList = 0xfffff800`0299af50
Debug session time: Mon Aug 6 17:18:29.628 2007 (GMT-4)
System Uptime: 0 days 0:06:47.145
************************************************** *******************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
************************************************** *******************
Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for
ntoskrnl.exe
Loading Kernel Symbols
.................................................. .................................................. .................................................
Loading User Symbols
Loading unloaded module list
.......
************************************************** *****************************
*
*
* Bugcheck Analysis
*
*
*
************************************************** *****************************
Use !analyze -v to get detailed debugging information.
BugCheck C4, {3d, 0, 0, fffff98020a35c14}
Unable to load image \SystemRoot\system32\DRIVERS\klif.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for klif.sys
*** ERROR: Module load completed but symbols could not be loaded for
klif.sys
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
************************************************** ***********************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
************************************************** ***********************
Probably caused by : klif.sys ( klif+23c14 )
DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
A device driver attempting to corrupt the system has been caught. This is
because the driver was specified in the registry as being suspect (by the
administrator) and the kernel has enabled substantial checking of this
driver.
If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA
will
be among the most commonly seen crashes.
Parameter 1 = 0x1000 .. 0x1020 - deadlock verifier error codes.
Typically the code is 0x1001 (deadlock detected) and you can
issue a '!deadlock' KD command to get more information.
Arguments:
Arg1: 000000000000003d, ERESOURCE address is unaligned.
Arg2: 0000000000000000, 0
Arg3: 0000000000000000, 0
Arg4: fffff98020a35c14, bad resource address passed in.
Debugging Details:
------------------
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
************************************************** ***********************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
************************************************** ***********************
MODULE_NAME: klif
FAULTING_MODULE: fffff80002800000 nt
DEBUG_FLR_IMAGE_TIMESTAMP: 4649721f
BUGCHECK_STR: 0xc4_3d
CUSTOMER_CRASH_COUNT: 3
DEFAULT_BUCKET_ID: WRONG_SYMBOLS
LAST_CONTROL_TRANSFER: from fffff80002c0937d to fffff8000284dbd0
----------------------------------------------------------------------------------------------------------------
Kerio firewall Crashdump : (happened after installation - Reboot-)
Microsoft (R) Windows Debugger Version 6.7.0005.1
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File
[C:\Users\HBX\AppData\Local\Temp\WER120.tmp\Mini080 807-02.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: *** Invalid ***
************************************************** **************************
* Symbol loading may be unreliable without a symbol search path. *
* Use .symfix to have the debugger choose a symbol path. *
* After setting your symbol path, use .reload to refresh symbol locations. *
************************************************** **************************
Executable search path is:
************************************************** *******************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
************************************************** *******************
Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for
ntoskrnl.exe
Windows Vista Kernel Version 6000 MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0xfffff800`02800000 PsLoadedModuleList = 0xfffff800`0299af50
Debug session time: Wed Aug 8 22:30:50.096 2007 (GMT-4)
System Uptime: 0 days 2:24:44.160
************************************************** *******************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
************************************************** *******************
Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for
ntoskrnl.exe
Loading Kernel Symbols
.................................................. .................................................. .................................................. ....
Loading User Symbols
Loading unloaded module list
........
************************************************** *****************************
*
*
* Bugcheck Analysis
*
*
*
************************************************** *****************************
Use !analyze -v to get detailed debugging information.
BugCheck C4, {3b, 2, fffff9800d954fc8, 0}
Unable to load image \SystemRoot\System32\drivers\tcpip.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for tcpip.sys
*** ERROR: Module load completed but symbols could not be loaded for
tcpip.sys
Unable to load image \SystemRoot\system32\drivers\NETIO.SYS, Win32 error 0n2
*** WARNING: Unable to verify timestamp for NETIO.SYS
*** ERROR: Module load completed but symbols could not be loaded for
NETIO.SYS
Unable to load image \SystemRoot\system32\DRIVERS\kvpndrv.sys, Win32 error
0n2
*** WARNING: Unable to verify timestamp for kvpndrv.sys
*** ERROR: Module load completed but symbols could not be loaded for
kvpndrv.sys
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
************************************************** ***********************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
************************************************** ***********************
Probably caused by : NETIO.SYS ( NETIO+bdd5 )
DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
A device driver attempting to corrupt the system has been caught. This is
because the driver was specified in the registry as being suspect (by the
administrator) and the kernel has enabled substantial checking of this
driver.
If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA
will
be among the most commonly seen crashes.
Parameter 1 = 0x1000 .. 0x1020 - deadlock verifier error codes.
Typically the code is 0x1001 (deadlock detected) and you can
issue a '!deadlock' KD command to get more information.
Arguments:
Arg1: 000000000000003b, KeWaitXxx routine is being called at DISPATCH_LEVEL
or higher.
Arg2: 0000000000000002, current irql,
Arg3: fffff9800d954fc8, object to wait on,
Arg4: 0000000000000000, time out parameter.
Debugging Details:
------------------
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
************************************************** ***********************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
************************************************** ***********************
MODULE_NAME: NETIO
FAULTING_MODULE: fffff80002800000 nt
DEBUG_FLR_IMAGE_TIMESTAMP: 4549beb1
BUGCHECK_STR: 0xc4_3b
CURRENT_IRQL: 2
CUSTOMER_CRASH_COUNT: 2
DEFAULT_BUCKET_ID: WRONG_SYMBOLS
LAST_CONTROL_TRANSFER: from fffff80002c0937d to fffff8000284dbd0
After installing Windows6.0-KB938194-x64, and Windows6.0-KB938979-x64 Kaspersky, jetico firewall, and kerio firewall crash system. 
Linear Mode
