Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BSOD DRIVER_IRQL_NOT_LESS_OR_EQUAL netwbw02.sys


  • Please log in to reply
10 replies to this topic

#1 TerryEM

TerryEM

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:56 PM

Posted 14 January 2018 - 06:51 PM

Dell Inspiron 17 laptop which had been running with no problems for several months. 

Windows 10 Pro with all Microsoft maintenance applied. 

 

Problem started with DRIVER_IRQL_NOT_LESS_OR_EQUAL netwbw02.sys BSOD. 

AVG free antivirus was installed at the time.

I Googled the problem and ended up here on BleepingComputer.

 

I ran the verifier app as directed.

Verifier BSOD immediately identified sentinel64.sys as a problem.

 

A possibly related problem is that the Dell WiFi sometimes loses it's connection and sometimes cannot even see the access point name to re-connect without a reboot.

 

I have since uninstalled AVG but that did not seem to change the problem.

I also renamed c:\windows\system32\drivers\sentinel64.sys but it continued to be reported by Verifier until I disabled the Verifier.

 

Requested files are attached.

 

Any suggestions would be greatly appreciated.

 

Speccy output:  http://speccy.piriform.com/results/svKCno584WVabKCjYPkYPcG

Minidump after Verifier BSOD Attached File  011418-9296-01.zip   232.99KB   2 downloads

Sysnative Attached File  SysnativeFileCollectionApp.zip   2.86MB   8 downloads

 



BC AdBot (Login to Remove)

 


#2 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:03:56 PM

Posted 16 January 2018 - 06:47 PM

If verifier blames sentinel64.sys - uninstall the program associated with it.

Here's a link to the information that I have on it:  http://www.carrona.org/drivers/driver.php?id=Sentinel64.sys

Please note that your version of this driver dates from 2008 - so it's likely not compatible w/Windows 10.

 

Your UEFI/BIOS (version 1.4.1) dates from December of 2017.  Please check at the manufacturer's website to see if there are any UEFI/BIOS updates available for your system.  This is just in case there has been a more recent update.
FYI - W8 and W10 communicate more with the UEFI/BIOS than previous versions of Windows, so it's important to ensure that the UEFI/BIOS is kept up to date (and that outdated UEFI/BIOS' may be the cause of some compatibility issues).

Only 5 Windows Update hotfixes installed.  Most build 16299 (1709/Fall Creators Update) systems have more than this.  Please visit Windows Update and get ALL available Windows Updates.
The actual number is not important.  Rather it's important that you checked manually, installed any available updates, and didn't experience any errors when checking or updating.

C: drive only has about 7% free space.  Windows likes 15% free space in order to perform stuff "behind the scenes" without adversely affecting the system's performance.  Please free up 15% on ALL hard drives (you can get away with 10% on larger drives and won't notice a large performance penalty).  Low free space can cause BSOD's - but the actual amount depends on the files being used by the system.

The memory dumps in the WER section of the MSINFO32 report concur that sentinel64.sys is the problem driver.

Please uninstall the SafeNet program.

 

Please update these older drivers.  Links are provided in order to assist you with looking up the source of the drivers.  
If unable to find an update, please uninstall the program that is responsible for that driver.  

DO NOT manually delete/rename the driver as it may make the system unbootable!!!:

lmimirr.sys                                   Tue Apr 10 18:32:45 2007 (461C108D)
RemotelyAnywhere Mirror Miniport Driver or LogMeIn Mirror Miniport Driver https://secure.logmein.com/US/home.aspx
http://www.carrona.org/drivers/driver.php?id=lmimirr.sys
 
Sentinel64.sys                                Mon Jun  2 02:14:55 2008 (48438FDF)
Rainbow Tech/SafeNet USB Security Device http://www.safenet-inc.com/SupportAndDownloads/Default.aspx?id=4294967299 Troubleshooting guide: http://www.integratedsoft.com/support/downloads/Sentinel_Troubleshooting_Guide.pdf
http://www.carrona.org/drivers/driver.php?id=Sentinel64.sys
 
SASKUTIL64.SYS                                Tue Jul 12 17:00:01 2011 (4E1CB5D1)
SUPERAntiSpyware http://www.superantispyware.com/download.html
http://www.carrona.org/drivers/driver.php?id=SASKUTIL64.SYS
 
SASDIFSV64.SYS                                Thu Jul 21 19:03:00 2011 (4E28B024)
SUPERAntiSpyware http://www.superantispyware.com/download.html
http://www.carrona.org/drivers/driver.php?id=SASDIFSV64.SYS
 
PxHlpa64.sys                                  Tue Apr 24 13:26:29 2012 (4F96E245)
Sonic CD/DVD driver (used by many different CD/DVD programs) http://www.carrona.org/pxhelp20.html lists some of the programs that it's used in.
http://www.carrona.org/drivers/driver.php?id=PxHlpa64.sys
 
DKDFM.sys                                     Mon May  6 20:15:27 2013 (5188479F)
Device Filter Manager Driver - Diskkeeper http://www.condusiv.com/products/update-patch/
http://www.carrona.org/drivers/driver.php?id=DKDFM.sys
 
tap0901.sys                                   Thu Aug 22 08:40:01 2013 (521606A1)
TAP-Win32 Adapter V9 or[br]OpenVPN driver or COMODO http://openvpn.net/index.php/open-source/downloads.html or http://forums.comodo.com/index.php?action=dlattach;topic=17220.0;attach=17692  Requires registration
http://www.carrona.org/drivers/driver.php?id=tap0901.sys
 
CLVirtualDrive.sys                            Mon Nov 11 22:31:36 2013 (5281A118)
CyberLink Virtual Device Driver http://www.cyberlink.com/downloads/support/index_en_US.html
http://www.carrona.org/drivers/driver.php?id=CLVirtualDrive.sys
 
DKTLFSMF.sys                                  Mon Apr 14 12:39:04 2014 (534C0F28)
Telemetry File System Mini-Filter Driver - Diskkeeper http://www.condusiv.com/products/update-patch/
http://www.carrona.org/drivers/driver.php?id=DKTLFSMF.sys
 
CLVirtualBus01.sys                            Wed Nov  5 04:11:18 2014 (5459E9B6)
 CyberLinik
CLVirtualBus01.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
 
GUBootStartup.sys                             Wed Apr 22 22:03:58 2015 (5538530E)
GlarySoft - Glary Utilities Startup Manager Tool driver http://www.glarysoft.com/downloads/
http://www.carrona.org/drivers/driver.php?id=GUBootStartup.sys
 
rt640x64.sys                                  Tue May  5 12:21:03 2015 (5548EDEF)
Realtek NICDRV 8169 PCIe GBE Family Controller driver [br]  http://www.realtek.com.tw/downloads/downloadsView.aspx?Langid=1&PNid=13&PFid=5&Level=5&Conn=4&DownTypeID=3&GetDown=false
http://www.carrona.org/drivers/driver.php?id=rt640x64.sys
 
tcefs.sys                                     Tue Aug 18 17:19:06 2015 (55D3A14A)
 TCE Filesystem Filter Driver". tcefs.sys is digitally signed by CONDUSIV TECHNOLOGIES
tcefs.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
 
magdrvamd64.sys                               Wed Aug 26 07:30:12 2015 (55DDA344)
Samsung SSD Magician software http://www.samsung.com/us/support/owners/product/MZ-5PA128/US
http://www.carrona.org/drivers/driver.php?id=magdrvamd64.sys
 
cnnctfy4.sys                                  Tue Sep  1 17:19:12 2015 (55E61650)
 Connectify
cnnctfy4.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
 
cfywlan2.sys                                  Thu Oct 22 12:07:44 2015 (562909D0)
 Connectify
cfywlan2.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
 
 


Analysis:
The following is for information purposes only.
The following information contains the relevant information from the blue screen analysis:
**************************Sun Jan 14 16:28:17.831 2018 (UTC - 5:00)**************************
Loading Dump File [C:\Users\john\SysnativeBSODApps\011418-7921-01.dmp]
Windows 10 Kernel Version 16299 MP (4 procs) Free x64
Built by: 16299.15.amd64fre.rs3_release.170928-1534
System Uptime:0 days 0:01:54.584
*** WARNING: Unable to verify timestamp for Sentinel64.sys
*** ERROR: Module load completed but symbols could not be loaded for Sentinel64.sys
Probably caused by :memory_corruption
BugCheck C4, {f6, 88c, ffffe00b1e50a080, fffff8094a571c3e}
BugCheck Info: DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
Arguments:
Arg1: 00000000000000f6, Referencing user handle as KernelMode.
Arg2: 000000000000088c, Handle value being referenced.
Arg3: ffffe00b1e50a080, Address of the current process.
Arg4: fffff8094a571c3e, Address inside the driver that is performing the incorrect reference.
BUGCHECK_STR:  0xc4_f6
PROCESS_NAME:  AvidApplicationManager.exe
FAILURE_BUCKET_ID: MEMORY_CORRUPTION_LARGE
CPUID:        "Intel® Core™ i7-6500U CPU @ 2.50GHz"
MaxSpeed:     2500
CurrentSpeed: 2592
  BIOS Version                  1.4.1
  BIOS Release Date             12/08/2017
  Manufacturer                  Dell Inc.
  Product Name                  Inspiron 5759
  Baseboard Product             05NVNV
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Sun Jan 14 16:25:37.967 2018 (UTC - 5:00)**************************
Loading Dump File [C:\Users\john\SysnativeBSODApps\011418-8984-01.dmp]
Windows 10 Kernel Version 16299 MP (4 procs) Free x64
Built by: 16299.15.amd64fre.rs3_release.170928-1534
System Uptime:0 days 0:01:29.720
*** WARNING: Unable to verify timestamp for Sentinel64.sys
*** ERROR: Module load completed but symbols could not be loaded for Sentinel64.sys
Probably caused by :memory_corruption
BugCheck C4, {f6, 86c, ffffda83d575b080, fffff804faff1c3e}
BugCheck Info: DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
Arguments:
Arg1: 00000000000000f6, Referencing user handle as KernelMode.
Arg2: 000000000000086c, Handle value being referenced.
Arg3: ffffda83d575b080, Address of the current process.
Arg4: fffff804faff1c3e, Address inside the driver that is performing the incorrect reference.
BUGCHECK_STR:  0xc4_f6
PROCESS_NAME:  AvidApplicationManager.exe
FAILURE_BUCKET_ID: MEMORY_CORRUPTION_LARGE
CPUID:        "Intel® Core™ i7-6500U CPU @ 2.50GHz"
MaxSpeed:     2500
CurrentSpeed: 2592
  BIOS Version                  1.4.1
  BIOS Release Date             12/08/2017
  Manufacturer                  Dell Inc.
  Product Name                  Inspiron 5759
  Baseboard Product             05NVNV
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Sun Jan 14 16:22:40.105 2018 (UTC - 5:00)**************************
Loading Dump File [C:\Users\john\SysnativeBSODApps\011418-8265-01.dmp]
Windows 10 Kernel Version 16299 MP (4 procs) Free x64
Built by: 16299.15.amd64fre.rs3_release.170928-1534
System Uptime:0 days 0:02:55.858
*** WARNING: Unable to verify timestamp for Sentinel64.sys
*** ERROR: Module load completed but symbols could not be loaded for Sentinel64.sys
Probably caused by :memory_corruption
BugCheck C4, {f6, 858, ffffa78d0afdf080, fffff804cf0f1c3e}
BugCheck Info: DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
Arguments:
Arg1: 00000000000000f6, Referencing user handle as KernelMode.
Arg2: 0000000000000858, Handle value being referenced.
Arg3: ffffa78d0afdf080, Address of the current process.
Arg4: fffff804cf0f1c3e, Address inside the driver that is performing the incorrect reference.
BUGCHECK_STR:  0xc4_f6
PROCESS_NAME:  AvidApplicationManager.exe
FAILURE_BUCKET_ID: MEMORY_CORRUPTION_LARGE
CPUID:        "Intel® Core™ i7-6500U CPU @ 2.50GHz"
MaxSpeed:     2500
CurrentSpeed: 2592
  BIOS Version                  1.4.1
  BIOS Release Date             12/08/2017
  Manufacturer                  Dell Inc.
  Product Name                  Inspiron 5759
  Baseboard Product             05NVNV
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Sun Jan 14 16:19:00.961 2018 (UTC - 5:00)**************************
Loading Dump File [C:\Users\john\SysnativeBSODApps\011418-8703-01.dmp]
Windows 10 Kernel Version 16299 MP (4 procs) Free x64
Built by: 16299.15.amd64fre.rs3_release.170928-1534
System Uptime:0 days 0:01:28.713
*** WARNING: Unable to verify timestamp for Sentinel64.sys
*** ERROR: Module load completed but symbols could not be loaded for Sentinel64.sys
Probably caused by :memory_corruption
BugCheck C4, {f6, 7f8, ffff9c8b343c9080, fffff8068ceb1c3e}
BugCheck Info: DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
Arguments:
Arg1: 00000000000000f6, Referencing user handle as KernelMode.
Arg2: 00000000000007f8, Handle value being referenced.
Arg3: ffff9c8b343c9080, Address of the current process.
Arg4: fffff8068ceb1c3e, Address inside the driver that is performing the incorrect reference.
BUGCHECK_STR:  0xc4_f6
PROCESS_NAME:  AvidApplicationManager.exe
FAILURE_BUCKET_ID: MEMORY_CORRUPTION_LARGE
CPUID:        "Intel® Core™ i7-6500U CPU @ 2.50GHz"
MaxSpeed:     2500
CurrentSpeed: 2592
  BIOS Version                  1.4.1
  BIOS Release Date             12/08/2017
  Manufacturer                  Dell Inc.
  Product Name                  Inspiron 5759
  Baseboard Product             05NVNV
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Sun Jan 14 16:13:31.999 2018 (UTC - 5:00)**************************
Loading Dump File [C:\Users\john\SysnativeBSODApps\011418-8109-01.dmp]
Windows 10 Kernel Version 16299 MP (4 procs) Free x64
Built by: 16299.15.amd64fre.rs3_release.170928-1534
System Uptime:0 days 0:02:34.758
*** WARNING: Unable to verify timestamp for Sentinel64.sys
*** ERROR: Module load completed but symbols could not be loaded for Sentinel64.sys
Probably caused by :memory_corruption
BugCheck C4, {f6, 830, ffffdd02d3144080, fffff801922e1c3e}
BugCheck Info: DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
Arguments:
Arg1: 00000000000000f6, Referencing user handle as KernelMode.
Arg2: 0000000000000830, Handle value being referenced.
Arg3: ffffdd02d3144080, Address of the current process.
Arg4: fffff801922e1c3e, Address inside the driver that is performing the incorrect reference.
BUGCHECK_STR:  0xc4_f6
PROCESS_NAME:  AvidApplicationManager.exe
FAILURE_BUCKET_ID: MEMORY_CORRUPTION_ONE_BIT_LARGE
CPUID:        "Intel® Core™ i7-6500U CPU @ 2.50GHz"
MaxSpeed:     2500
CurrentSpeed: 2592
  BIOS Version                  1.4.1
  BIOS Release Date             12/08/2017
  Manufacturer                  Dell Inc.
  Product Name                  Inspiron 5759
  Baseboard Product             05NVNV
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Sun Jan 14 16:10:13.971 2018 (UTC - 5:00)**************************
Loading Dump File [C:\Users\john\SysnativeBSODApps\011418-9031-01.dmp]
Windows 10 Kernel Version 16299 MP (4 procs) Free x64
Built by: 16299.15.amd64fre.rs3_release.170928-1534
System Uptime:0 days 0:01:42.723
*** WARNING: Unable to verify timestamp for Sentinel64.sys
*** ERROR: Module load completed but symbols could not be loaded for Sentinel64.sys
Probably caused by :memory_corruption
BugCheck C4, {f6, 83c, ffff8508489ea080, fffff801ee7c1c3e}
BugCheck Info: DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
Arguments:
Arg1: 00000000000000f6, Referencing user handle as KernelMode.
Arg2: 000000000000083c, Handle value being referenced.
Arg3: ffff8508489ea080, Address of the current process.
Arg4: fffff801ee7c1c3e, Address inside the driver that is performing the incorrect reference.
BUGCHECK_STR:  0xc4_f6
PROCESS_NAME:  AvidApplicationManager.exe
FAILURE_BUCKET_ID: MEMORY_CORRUPTION_LARGE
CPUID:        "Intel® Core™ i7-6500U CPU @ 2.50GHz"
MaxSpeed:     2500
CurrentSpeed: 2592
  BIOS Version                  1.4.1
  BIOS Release Date             12/08/2017
  Manufacturer                  Dell Inc.
  Product Name                  Inspiron 5759
  Baseboard Product             05NVNV
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Sun Jan 14 16:01:31.995 2018 (UTC - 5:00)**************************
Loading Dump File [C:\Users\john\SysnativeBSODApps\011418-3890-01.dmp]
Windows 10 Kernel Version 16299 MP (4 procs) Free x64
Built by: 16299.15.amd64fre.rs3_release.170928-1534
System Uptime:0 days 0:06:19.750
*** WARNING: Unable to verify timestamp for Sentinel64.sys
*** ERROR: Module load completed but symbols could not be loaded for Sentinel64.sys
Probably caused by :memory_corruption
BugCheck C4, {f6, 92c, ffffd08e98bac080, fffff8019f3a1c3e}
BugCheck Info: DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
Arguments:
Arg1: 00000000000000f6, Referencing user handle as KernelMode.
Arg2: 000000000000092c, Handle value being referenced.
Arg3: ffffd08e98bac080, Address of the current process.
Arg4: fffff8019f3a1c3e, Address inside the driver that is performing the incorrect reference.
BUGCHECK_STR:  0xc4_f6
PROCESS_NAME:  AvidApplicationManager.exe
FAILURE_BUCKET_ID: MEMORY_CORRUPTION_LARGE
CPUID:        "Intel® Core™ i7-6500U CPU @ 2.50GHz"
MaxSpeed:     2500
CurrentSpeed: 2592
  BIOS Version                  1.4.1
  BIOS Release Date             12/08/2017
  Manufacturer                  Dell Inc.
  Product Name                  Inspiron 5759
  Baseboard Product             05NVNV
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Sun Jan 14 15:51:41.667 2018 (UTC - 5:00)**************************
Loading Dump File [C:\Users\john\SysnativeBSODApps\011418-9296-01.dmp]
Windows 10 Kernel Version 16299 MP (4 procs) Free x64
Built by: 16299.15.amd64fre.rs3_release.170928-1534
System Uptime:0 days 0:02:11.421
*** WARNING: Unable to verify timestamp for Sentinel64.sys
*** ERROR: Module load completed but symbols could not be loaded for Sentinel64.sys
Probably caused by :memory_corruption
BugCheck C4, {f6, 818, ffff960dde2ce080, fffff80dad5d1c3e}
BugCheck Info: DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
Arguments:
Arg1: 00000000000000f6, Referencing user handle as KernelMode.
Arg2: 0000000000000818, Handle value being referenced.
Arg3: ffff960dde2ce080, Address of the current process.
Arg4: fffff80dad5d1c3e, Address inside the driver that is performing the incorrect reference.
BUGCHECK_STR:  0xc4_f6
PROCESS_NAME:  AvidApplicationManager.exe
FAILURE_BUCKET_ID: MEMORY_CORRUPTION_LARGE
CPUID:        "Intel® Core™ i7-6500U CPU @ 2.50GHz"
MaxSpeed:     2500
CurrentSpeed: 2592
  BIOS Version                  1.4.1
  BIOS Release Date             12/08/2017
  Manufacturer                  Dell Inc.
  Product Name                  Inspiron 5759
  Baseboard Product             05NVNV
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``



3rd Party Drivers:
The following is for information purposes only.
My recommendations were given above. The drivers that follow belong to software or devices that were not developed by Microsoft.  You can find links to the driver information and where to update the drivers in the section after the code box:

**************************Sun Jan 14 16:28:17.831 2018 (UTC - 5:00)**************************
lmimirr.sys                                   Tue Apr 10 18:32:45 2007 (461C108D)
Sentinel64.sys                                Mon Jun  2 02:14:55 2008 (48438FDF)
SASKUTIL64.SYS                                Tue Jul 12 17:00:01 2011 (4E1CB5D1)
SASDIFSV64.SYS                                Thu Jul 21 19:03:00 2011 (4E28B024)
intelppm.sys                                  Thu Sep 22 06:43:11 2011 (4E7B113F)
PxHlpa64.sys                                  Tue Apr 24 13:26:29 2012 (4F96E245)
DKDFM.sys                                     Mon May  6 20:15:27 2013 (5188479F)
tap0901.sys                                   Thu Aug 22 08:40:01 2013 (521606A1)
CLVirtualDrive.sys                            Mon Nov 11 22:31:36 2013 (5281A118)
DKTLFSMF.sys                                  Mon Apr 14 12:39:04 2014 (534C0F28)
CLVirtualBus01.sys                            Wed Nov  5 04:11:18 2014 (5459E9B6)
GUBootStartup.sys                             Wed Apr 22 22:03:58 2015 (5538530E)
rt640x64.sys                                  Tue May  5 12:21:03 2015 (5548EDEF)
tcefs.sys                                     Tue Aug 18 17:19:06 2015 (55D3A14A)
magdrvamd64.sys                               Wed Aug 26 07:30:12 2015 (55DDA344)
cnnctfy4.sys                                  Tue Sep  1 17:19:12 2015 (55E61650)
cfywlan2.sys                                  Thu Oct 22 12:07:44 2015 (562909D0)
fltsrv.sys                                    Thu Jan 14 13:43:21 2016 (5697EC49)
virtual_file.sys                              Fri Jan 22 06:53:42 2016 (56A21846)
DKRtWrt.sys                                   Thu Jan 28 17:53:43 2016 (56AA9BF7)
snapman.sys                                   Tue Mar 15 05:33:00 2016 (56E7D6CC)
tib_mounter.sys                               Thu Apr  7 09:47:00 2016 (570664D4)
iaStorA.sys                                   Thu Apr 21 06:48:40 2016 (5718B008)
tib.sys                                       Mon Apr 25 12:15:19 2016 (571E4297)
file_tracker.sys                              Mon May 16 13:39:51 2016 (573A05E7)
RtsUer.sys                                    Tue May 17 03:57:44 2016 (573ACEF8)
atikmpag.sys                                  Thu Jun 16 21:17:22 2016 (57634FA2)
atikmdag.sys                                  Thu Jun 16 21:40:40 2016 (57635518)
tcesd.sys                                     Wed Jul  6 18:37:22 2016 (577D8822)
RTKVHD64.sys                                  Fri Aug 12 06:01:39 2016 (57AD9E83)
ibtusb.sys                                    Fri Sep  2 15:34:32 2016 (57C9D448)
DellRbtn.sys                                  Wed Oct 26 05:38:43 2016 (581079A3)
SamsungRapidDiskFltr.sys                      Fri Nov 18 08:31:30 2016 (582F02B2)
SamsungRapidFSFltr.sys                        Fri Nov 18 08:31:33 2016 (582F02B5)
LMIRfsDriver.sys                              Mon Jan  9 11:14:48 2017 (5873B6F8)
LMIInfo.sys                                   Tue Jan 10 11:30:08 2017 (58750C10)
DDDriver64Dcsa.sys                            Wed Jan 11 10:28:26 2017 (58764F1A)
DellProf.sys                                  Mon Apr  3 14:48:04 2017 (58E298E4)
Netwbw02.sys                                  Wed Apr  5 13:04:27 2017 (58E5239B)
iaLPSS2i_I2C.sys                              Wed Jun 14 00:00:59 2017 (5940B4FB)
iaLPSS2i_GPIO2.sys                            Wed Jun 14 00:01:22 2017 (5940B512)
IntcDAud.sys                                  Mon Jul 17 09:23:18 2017 (596CBA46)
igdkmd64.sys                                  Mon Aug 14 02:13:46 2017 (59913F9A)
TeeDriverW8x64.sys                            Tue Oct  3 02:21:38 2017 (59D32C72)
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Sun Jan 14 16:01:31.995 2018 (UTC - 5:00)**************************
avgbuniva.sys                                 Mon Dec  4 10:04:10 2017 (5A2563EA)
avgbidsdrivera.sys                            Mon Dec  4 10:04:12 2017 (5A2563EC)
avgbidsha.sys                                 Mon Dec  4 10:04:12 2017 (5A2563EC)
avgbdiska.sys                                 Mon Dec  4 10:04:12 2017 (5A2563EC)
avgbloga.sys                                  Mon Dec  4 10:04:14 2017 (5A2563EE)
avgRvrt.sys                                   Tue Dec 19 13:09:14 2017 (5A3955CA)
avgArPot.sys                                  Tue Dec 19 13:09:16 2017 (5A3955CC)
avgSnx.sys                                    Tue Dec 19 13:09:41 2017 (5A3955E5)
avgRdr2.sys                                   Tue Dec 19 13:09:50 2017 (5A3955EE)
avgVmm.sys                                    Tue Dec 19 13:21:43 2017 (5A3958B7)
avgStm.sys                                    Tue Dec 19 13:30:47 2017 (5A395AD7)
avgMonFlt.sys                                 Tue Jan  9 15:21:28 2018 (5A552448)
avgSP.sys                                     Tue Jan  9 15:21:48 2018 (5A55245C)


http://www.carrona.org/drivers/driver.php?id=lmimirr.sys
http://www.carrona.org/drivers/driver.php?id=Sentinel64.sys
http://www.carrona.org/drivers/driver.php?id=SASKUTIL64.SYS
http://www.carrona.org/drivers/driver.php?id=SASDIFSV64.SYS
http://www.carrona.org/drivers/driver.php?id=intelppm.sys
http://www.carrona.org/drivers/driver.php?id=PxHlpa64.sys
http://www.carrona.org/drivers/driver.php?id=DKDFM.sys
http://www.carrona.org/drivers/driver.php?id=tap0901.sys
http://www.carrona.org/drivers/driver.php?id=CLVirtualDrive.sys
http://www.carrona.org/drivers/driver.php?id=DKTLFSMF.sys
CLVirtualBus01.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
http://www.carrona.org/drivers/driver.php?id=GUBootStartup.sys
http://www.carrona.org/drivers/driver.php?id=rt640x64.sys
tcefs.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
http://www.carrona.org/drivers/driver.php?id=magdrvamd64.sys
cnnctfy4.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
cfywlan2.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
http://www.carrona.org/drivers/driver.php?id=fltsrv.sys
virtual_file.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
http://www.carrona.org/drivers/driver.php?id=DKRtWrt.sys
http://www.carrona.org/drivers/driver.php?id=snapman.sys
http://www.carrona.org/drivers/driver.php?id=tib_mounter.sys
http://www.carrona.org/drivers/driver.php?id=iaStorA.sys
http://www.carrona.org/drivers/driver.php?id=tib.sys
http://www.carrona.org/drivers/driver.php?id=file_tracker.sys
http://www.carrona.org/drivers/driver.php?id=RtsUer.sys
http://www.carrona.org/drivers/driver.php?id=atikmpag.sys
http://www.carrona.org/drivers/driver.php?id=atikmdag.sys
tcesd.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
http://www.carrona.org/drivers/driver.php?id=RTKVHD64.sys
http://www.carrona.org/drivers/driver.php?id=ibtusb.sys
http://www.carrona.org/drivers/driver.php?id=DellRbtn.sys
http://www.carrona.org/drivers/driver.php?id=SamsungRapidDiskFltr.sys
http://www.carrona.org/drivers/driver.php?id=SamsungRapidFSFltr.sys
http://www.carrona.org/drivers/driver.php?id=LMIRfsDriver.sys
LMIInfo.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
http://www.carrona.org/drivers/driver.php?id=DDDriver64Dcsa.sys
http://www.carrona.org/drivers/driver.php?id=DellProf.sys
http://www.carrona.org/drivers/driver.php?id=Netwbw02.sys
http://www.carrona.org/drivers/driver.php?id=iaLPSS2i_I2C.sys
iaLPSS2i_GPIO2.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
http://www.carrona.org/drivers/driver.php?id=IntcDAud.sys
http://www.carrona.org/drivers/driver.php?id=igdkmd64.sys
http://www.carrona.org/drivers/driver.php?id=TeeDriverW8x64.sys
avgbuniva.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
avgbidsdrivera.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
avgbidsha.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
avgbdiska.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
avgbloga.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
avgRvrt.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
avgArPot.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
avgSnx.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
avgRdr2.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
avgVmm.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
avgStm.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
avgMonFlt.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
avgSP.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.

 
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#3 TerryEM

TerryEM
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:56 PM

Posted 16 January 2018 - 10:20 PM

Thanks so much for your timely analysis of my BSOD.

 

I have uninstalled the SafeNet item that was listed in Programs and Features.

Oddly, the sentinel64.sys file was not removed from the windows\system32\drivers folder.

 

I will work through your remaining suggestions as time allows.

 

Terry



#4 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:03:56 PM

Posted 17 January 2018 - 07:12 AM

The driver may/may not be removed.  As long as it's no longer loading into memory, there shouldn't be a problem.

It's difficult to program to remove a driver that's in use (as I understand it - I'm not a programmer) - so it may be easier to just stop it from loading and leave it there.

The key here is to see if the error comes back.

If it does (and sentinel64.sys is blamed), I'll give instructions on how to safely remove it.

 

Good luck!


My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#5 TerryEM

TerryEM
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:56 PM

Posted 17 January 2018 - 04:03 PM

One question:  Is your list of "older drivers" based simply on the date imbedded in the driver module? 

Being old is not necessarily a problem, but could indicate good original coding which has stood the test of time. 

 

For example, I just checked with LogMeIn about their lmimirr.sys driver which is dated from 2007.

LMI says that module is current and no revisions have been released in the last 10 years.

 

Perhaps the Carrona drivers database could include data about the most recent known release and if that is the same then the driver would not be called out.

 

Also, I forced a Windows Update and it picked up 4 recent updates.  So that process seems to be working OK on my laptop.

 

Thanks,

Terry



#6 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:03:56 PM

Posted 18 January 2018 - 06:36 PM

It'll take a lot of explaining to see why we use this rather than other methods.

 

The first is experience.  Experience is needed to filter the drivers and see what may/may not be a problem.
For example, the MBfilt64.sys from Realtek is older, yet it's known to be a good driver despite the date.  The only way that I know this is from having run hundreds/thousands of memory dumps - and have seen that the driver isn't causing the crashes (based on feedback from users).  There's also numerous problems with a driver that starts with MpKsl - and it may date anywhere from 1989 to 2015.  It turns out, after much research, that this is a dynamically generated driver from Windows Defender - and the date appears to be either a glitch or a faulty construct.  I've been able to verify this on several systems that are having BSOD's - but find that this isn't the problem (after disabling Windows Defender).   Finally, I'm aware that the LMI module is the latest version - yet I still don't have sufficient data to convince me that it's a good driver.  As such, I still recommend uninstalling it "just in case".  This decision is also based on the ease of which one can get another copy of LogMeIn to reinstall if they so desire (after having tested the system without it).

 

I am the owner of the carrona DRT database.  The intent of the DRT (Driver Reference Table) is simply to help people find out where to get the latest drivers from - not to fix drivers.

If you're able to look up the drivers (at the manufacturer's website), then you can find the latest version at the website of the manufacturer.

BUT, what if the drivers have been modified by other manufacturer's/developers?  Most of the major OEM's modify drivers for their own uses.

 

We started the DRT back around 2009 and have had many people involved in the development.  While some of the older helpers still have access to the DRT, there's only 3 people that are currently involved in maintaining the DRT.  And of those 3, I am the most active - and I don't have a bunch of free time.  I've had to cut back on my other analysis task (such as comparing all of the Windows drivers from XP to W10.  I stopped doing this after W10 first came out - but the table still resides at http://www.carrona.org/dvrcomp.html if you're interested.

Right now I'm limited to adding drivers:

- that are submitted by users (via the Suggest A Driver page)

- that are any drivers found frequently in memory dumps

- that are Windows drivers found in memory dumps (I do ALL that I find):

 

I also do the BSOD Index:  http://www.carrona.org/bsodindx.html

Shortly after the Creators Update came out - we found a problem with the Windows debugger that affected my system.
As such, I had to revert to the previous version of the debugger.

 

But to find the new versions of the Windows drivers, the new error lists, and the new BSOD's, I have to install the latest version of the Windows Software and Driver kits (which would break my debugger again).

So I tried to install the Fall Creators Update in a VM.  And, much to my dismay, I couldn't make it work on my system

After much work I was finally able to get the VM to work and install the Fall Creators Update.
At this point I decided to limit myself to updating the BSOD's and the other error code listings.  The Windows drivers were growing faster than I could keep up with - and not all of them were installed on my system.  In view of this, I gave up updating the other pages with Windows drivers - leaving the DRT to hold those that we find in memory dumps.

 

Right now I'm trying to find the time to update the error tables that are linked to on this page:  http://www.carrona.org/bsod.html

and to add all the information for the 14 new BSOD's to the http://www.carrona.org/bsodindx.html page.

 

Well, I could keep typing about this stuff for hours more - but I hope that I got the gist of it across.

Good luck to you!


My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#7 TerryEM

TerryEM
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:56 PM

Posted 18 January 2018 - 07:29 PM

Thank you so much for all you do and for the detailed explanation of your analysis techniques.

I'm sure that your experience in solving BSOD problems is worth more than any automation could ever be.

 

I certainly agree that the number of drivers is staggering and only getting worse.

It is rather amazing that Windows works as well as it does considering the amost infinite number of hardware and software combinations that can occur.

 

Thanks again,

Terry



#8 TerryEM

TerryEM
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:56 PM

Posted 24 January 2018 - 11:24 AM

Even though the SafeNet software uninstalled without problems, I continue to have issues which call out the sentinel64 driver.

You said earlier that you could provide a method to manually uninstall sentinel64.

See https://www.bleepingcomputer.com/forums/t/668077/bsod-driver-irql-not-less-or-equal-netwbw02sys/#entry4425164

I would appreciate that help at this time.

 

Thanks,

Terry



#9 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:03:56 PM

Posted 24 January 2018 - 01:36 PM

Here it is:

 

I don't see any instances of the Sentinel64.sys driver in the MSINFO32 report's drivers section

The SafeNet program was installed in c:\program files (x86)\common files\safenet sentinel

Check there, check the C:\Windows\System32\drivers directory, and then search the entire hard drive for "Sentinel64.sys" (without the quotes) - making sure that you have enabled the View...Hidden files option in explorer.exe.  There may be more than one copy on the system - so searching the entire hard drive is important to do!

This may take a long time, so be patient - we have to find it in order to disable it.

Good luck!

1)   Create a Restore Point using System Restore
2)   Create a Repair disc (Recovery Drive in Win8.1/10):
Win 7 - Go to Start...All Programs...Maintenance...Create a System Repair Disc
Win 8 - Press "WIN" and "R" to open the Run dialog...type "RECDISC" (without the quotes) and press ENTER
Win 8.1 - Go to the Start Screen and type in "recoverydrive" (one word, without the quotes).  That will start the recovery drive process.  You will need a USB drive of at least 512 mB - and all data will be erased off of it.  If copying the recovery partition the drive size will be much, much larger (16 - 32 gB drive required).
Win 10 - Go to Start (press the "Win" key) and type in "recoverydrive" (one word, without the quotes).  That will start the recovery drive process.  You will need a USB drive of at least 512 mB - and all data will be erased off of it.  If copying the recovery partition the drive size will be much, much larger (16 - 32 gB drive required).
3)   Test the System Repair disc/Recovery Drive to make sure that you can get to the System Restore entry when you boot from the disk/drive (you may also want to try actually using System Restore to make sure that it works)
4)   Download this free program (http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx) and use it to disable any instances of Sentinel64.sys that are starting (or any other SafeNet entries) (DO NOT DELETE - only disable by removing the checkmark in the left hand column)
5)   Check in Device Manager (to include showing hidden devices from the View menu item) and ensure that any instances of Sentinel64.sys (or any other SafeNet entries) are "Uninstalled" (DO NOT DISABLE THESE).
6)   Check in the Services applet (services.msc) to be sure any instances of Sentinel64.sys or any other SafeNet entries are disabled.
7)   EXPERIMENTAL STEP (only try if you're certain of your abilities - I have not tried this step myself).  Search the registry (use regedit.exe) to locate any entries that have the driver name (Sentinel64.sys) or the program name (SafeNet).  Delete these keys (it's advisable to back them up first - but you've also backed up the entire registry when creating a System Restore point in step 1.  Alternatively, you can set the values in these keys to DISABLED (but the "how" of this is beyond the scope of this guide).
8)   Go to C:\Windows\System32\drivers and rename the Sentinel64.sys driver to Sentinel64.BAD (search the hard drive for it if it's not in C:\Windows\System32\drivers).
Also search the system to see if there are any other instances of the Sentinel64.sys driver in other locations - and rename them to Sentinel64.BAD also.
9)   Test to be sure that the device is working OK and that any BSOD's/errors have stopped.


In the event that the system doesn't boot:

1)   Boot from the System Repair disc/Recovery Drive and use the Command Prompt option to rename Sentinel64.BAD to Sentinel64.sys (the code below is only an example if the driver is, in fact, located in C:\Windows\System32\drivers.  If not, then you must navigate to the proper directory on your own!)
ren C:\Windows\System32\drivers\Sentinel64.BAD C:\Windows\System32\drivers\Sentinel64.sys
2)   Boot from the System Repair disc/Recovery Drive and use the System Restore option to restore the system to a point before the changes were made.

Good luck!

Edited by usasma, 24 January 2018 - 01:52 PM.

My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#10 TerryEM

TerryEM
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:56 PM

Posted 25 January 2018 - 12:28 AM

Thanks for the information.

 

I checked and the Common Files\Safenet Sentinel directory was not present.  (Removed by the SafeNet Uninstall process.)

I scanned the C: drive with hidden files and only one copy of the sentinel64.sys module was found (in the drivers directory as expected.)

 

I ran the Autoruns64 program and it found the sentinel64.sys module was being started by HKLM\System\CurrentControlSet\Services

I unchecked that Autoruns line item to disable starting the driver.

 

Maybe that will be the end of this episode.



#11 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:03:56 PM

Posted 25 January 2018 - 07:07 AM

If you've found everything and if that's the only way that that driver starts - then you've probably fixed it.

Good luck!

 

Interestingly, the Sysnative reports don't show the driver in the C:\Windows\System32\drivers directory (although that's where the memory dump said it was)


My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users