Solved 8.1 BSOD on screensaver

Niprobema

New Member
Messages
10
Laptop asus g550jk.
When screen goes black due to inactivity or when I turn it off manualy (FN+F7) key i receive BSOD with "kernel security check failure". This started happening in last 3 days. In this time i have installed GTA5 and updated skype. Also windows is up to date.
Memory has been checked few months ago, so I suspect faulty driver. What should I do in this case? Can anyone determine source from dump file I posted.

dmp.zip :: Free File Hosting - File Dropper: File Host for Mp3, Videos, Music, Documents.

edit: Nvidia game driver has also been updated recently.
 

My Computer

System One

  • OS
    WIN 8.1
Kernal huh?Well to sort it out Where did you Download GTA5 (Cause if it was torrented it could be a hidden virus) and was your Windows update successful? Also i would check how much memory you have.Also make sure your drivers are all up to date.
 

My Computer

System One

  • OS
    Windows 8.1
Hi Niprobema & welcome to the forums ^_^,

I will post an analysis soon. Are you facing this problem with GTA V only? Asking because I am seeing quite a few threads here which are having the same problems with GTA V.


-Pranav
 

My Computer

System One

  • OS
    Windows 8.1 Industry Pro B-)
    Computer type
    Laptop
    System Manufacturer/Model
    Toshiba
    CPU
    Core I5 2430M @ 2.4GHz
    Memory
    8 GB DDR3 @ 1600MHz Dual Channel ^_^
    Graphics Card(s)
    Intel HD 3000 B-)
    Screen Resolution
    1366x768
    Hard Drives
    Toshiba 500 GB
    Browser
    Google Chrome
    Antivirus
    Windows Defender & Common Sense!
Gta copy was downloaded from genuine server and installed with correct key. I am having absolutely no problem what so ever running gta5. Also computer works fine during work. So why does it bothers me? When I go for example to the bathroom I come back to restarted computer with my work lost.

BDOS can be replicated 90% of time:
-I turn the screen output off(fn+f7)
-Inactivity for a while (like 5-10 min at minimum, i havent counted exactly)
The other 10% when i cant replicate it for sure with any method above is when computer is freshly booted.
-Also it happened one time when I tried to wake computer from sleep. It crashed b4 login screen.


What I have done so far:
-memcheck
-disk operations check
-cpu burn
-rollback game drive

Nothing indicated any problem and issue remains.

One thing that I forgot to mention is that PhysiX and nvidia Geforce experience were updated together with game driver. I will try clean reinstall later.
I will attempt to verify all drivers, which hasn't gone well so far, as it crashes on boot with settings described by microsoft site.
Another theory is faulty psu, since triggers mentioned above are connected with low usage mode or Idle mode I guess. That's just my guess but I have found no proff that "kernel security check failure" could be caused by psu.
 

My Computer

System One

  • OS
    WIN 8.1
I can't download your files becos it ask's me to use one of the offered "Social network account" And I have none of them therefore I can't download it:

View attachment 60936


Please use the "attachment" button while creating new post to upload your zipped file directly to this thread like in the image bellow:
If you can't see what the bellow image does, click on it to enlarge.

View attachment 60937
 

My Computer

System One

  • OS
    Windows 8.1 Enterprise
Hello, for now it looks some of the existing networking application such as firewall could be messing with your computer, however more information is needed about your system.

Please follow bellow link and follow instruction to collect necessary information, then again as before attach your output as explained in previous post.

Blue Screen of Death (BSOD) Posting Instructions
 

My Computer

System One

  • OS
    Windows 8.1 Enterprise
Hi, here is analysis:

All of the dumps are refering to the same problem:
BugCheck 139, {3, ffffd00023a50310, ffffd00023a50268, 0}

A kernel component has corrupted a critical data structure. The corruption
could potentially allow a malicious user to gain control of this machine.




BugCheck 139 being KERNEL_SECURITY_CHECK_FAILURE
And code 3 which is corrupted LIST_ENTRY (for example, a double remove)


What this means is for example a faulty driver ( bad driver) removes an item from the list
but it's not caught immediately since removing an item is nothing wrong,
but at some point later it turns out removed item belonged to some another system
process or whatever tries to access the item which now no longer exist or refferes to invalid
space which is illegal, thus blaming someone who isn't guilty, and in this case it's NETIO.sys in every single case.


How to track this down?
I went to debuggin' help and it sez following:
"Most causes of this bug check tend to be self explanatory and easy to diagnose.
One exception is code 3, LIST_ENTRY corruption. This type of bug check can be difficult to track down"


Oh great!, because the bad guy plays the "hit and run cowboy" game :party:


So I went to continue reading help and there are 5 possible causes:
1. A driver has corrupted a kernel synchronization object ...
2. A driver has corrupted a periodic KTIMER ...
3. A driver has mismanaged an internal LIST_ENTRY-style linked list ...
4. A driver has freed a data structure that contains a LIST_ENTRY ...
5. A driver has used a LIST_ENTRY-style list in a concurrent fashion without proper synchronization ...




So far nothing useful. so I went on and look at call stack:


Code:
6: kd> k
Child-SP          RetAddr           Call Site
ffffd000`23a4ffe8 fffff802`8cf6a7e9 nt!KeBugCheckEx
ffffd000`23a4fff0 fffff802`8cf6ab10 nt!KiBugCheckDispatch+0x69
ffffd000`23a50130 fffff802`8cf69d34 nt!KiFastFailDispatch+0xd0
ffffd000`23a50310 fffff800`af111acd nt!KiRaiseSecurityCheckFailure+0xf4 [COLOR=#008000]// fail bcoz[/COLOR]
ffffd000`23a504a0 fffff800`aee0e572 [COLOR=#ff0000]ndis[/COLOR]!ndisNsiGetInterfaceInformation+0x21b8d  [COLOR=#008000]// INTERFACE NO LONGER EXIST in the list!![/COLOR]
ffffd000`23a50550 fffff800`affada25 [COLOR=#ff0000]NETIO[/COLOR]!NsiGetParameterEx+0x222
ffffd000`23a506b0 fffff800`affadbe3 [COLOR=#ff0000]nsiproxy[/COLOR]!NsippGetParameter+0x195
ffffd000`23a50840 fffff802`8d23377f nsiproxy!NsippDispatch+0x53
ffffd000`23a50880 fffff802`8d232d22 nt!IopXxxControlFile+0xa4f
ffffd000`23a50a20 fffff802`8cf6a4b3 nt!NtDeviceIoControlFile+0x56
ffffd000`23a50a90 00007ff9`5fb7123a nt!KiSystemServiceCopyEnd+0x13
[COLOR=#ff0000]00000066`0d4df4e8 00000000`00000000 0x00007ff9`5fb7123a  [/COLOR][COLOR=#008000]// This is what we need but ....[/COLOR]

Call stack begins with user process '?' in every dump file examined,
I'm assuming that cos address 00000066`0d4df4e8 00000000`00000000 0x00007ff9`5fb7123a
belongs to user space memory, and then continues on to kernel space up until BugCheck
I'm also guessing it does not bellong to Microsoft cos otherwise I would have symbols for it
and it would display function name called which it doesn't.

I asked my self why the heck does it say "probably caused by NETIO.sys" every single time?

Code:
1: kd> !analyze
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************


Use !analyze -v to get detailed debugging information.


BugCheck 139, {3, ffffd00180fb2310, ffffd00180fb2268, 0}


[COLOR=#ff0000]Probably caused by : NETIO.SYS[/COLOR] ( NETIO!NsiGetParameterEx+222 )


Followup: MachineOwner

Because it get caught, and it does so because NETIO.SYS is the last one that accesses the list, but the bad guy has corrupted ( removed stuff ) out of the list before this kernel driver even tries to retrieve it's lost stuff out from the list, so nt!KiRaiseSecurityCheckFailure+0xf4 and blame the one who was last seen, which usually turns out to be false positive.



Next trying to associate process with these errors yields (again!) the same result for every single dump file:


Code:
6: kd> !process
GetPointerFromAddress: unable to read from fffff8028d171000
PROCESS ffffe0017afdc8c0
    SessionId: none  Cid: 04a0    Peb: 7ff6ce7c8000  ParentCid: 02b8
    DirBase: 1383d6000  ObjectTable: ffffc000fd3ffd80  HandleCount: <Data Not Accessible>
    Image: [COLOR=#ff0000]svchost.exe [/COLOR][COLOR=#008000]// always svchost.exe[/COLOR]
    VadRoot ffffe0017afe3ae0 Vads 252 Clone 0 Private 1731. Modified 46. Locked 30.
    DeviceMap ffffc000fd1005c0
    Token                             ffffc000fce62890
    ReadMemory error: Cannot get nt!KeMaximumIncrement value.
fffff78000000000: Unable to get shared data
    ElapsedTime                       00:00:00.000
    UserTime                          00:00:00.000
    KernelTime                        00:00:00.000
    QuotaPoolUsage[PagedPool]         219976
    QuotaPoolUsage[NonPagedPool]      40208
    Working Set Sizes (now,min,max)  (4533, 50, 345) (18132KB, 200KB, 1380KB)
    PeakWorkingSetSize                4798
    VirtualSize                       2098410 Mb
    PeakVirtualSize                   2098415 Mb
    PageFaultCount                    7119
    MemoryPriority                    BACKGROUND
    BasePriority                      8
    CommitCharge                      2270


        *** Error in reading nt!_ETHREAD @ ffffe0017afbb080





OK, svchost.exe, so far by using some plain logic, it turns out it's probably networking service/driver that does
not belong to Microsoft.
And Since call stack stucks at NETIO.sys and procesess is allways svchost.exe which hosts services.




So in this guess game I went to look at 3rd party networking services running on the system,
and here is a golden list:


1. SCP DS3 Service ( Local System -> can access network )
2. NVIDIA Network Service ( Local System -> can access network )
3. Intel(R) PROSet/Wireless Zero Configuration Service ( Local System )
4. PnkBstrA ( Punk buster - not sure about this one )
5. ATKGFNEX Service ( not sure, local system and driver iz 6 yrs. old )


3 out of 5 are associated with kernel driver so that makes sense :)


According to this and few other observations not mentioned so far here, here is what I would recommend:
1. Remove manufactures bloatware from you PC
2. Try not to use joystick ( SCP DS3 ) next days, temporary play games with keyboard and mouse.
3. Remove punk buster from your PC
4. Download and update network drivers from following website: ( and possibly others too such as ATK)

ASUSTeK Computer Inc. -Support- Drivers and Download G550JK Skip BIOS update.

In addition to above run:
1. sfc /scannow in an elvated command prompt and wait for completion.
2. Update Windows, but disable windows from auto updating your drivers.
3. perform a full scan by using some good antivirus and anti sypware. (ex. Malwerbytes, Kaspersky)
4. Set up data execution prevention in Control Panel\System and Security\System > advanced system settings
> Advanced tab > performance > Data execution prevention > Turn on DEP for all program and services ...



Additional possible steps:
5. Steps on bellow link show how to use driver verifier, however according to msdn.microsoft.com following:
Caution
  • Running Driver Verifier could cause the computer to crash.
  • You should only run Driver Verifier on computers you are using for testing and debugging.
  • You must be in the Administrators group on the computer to use Driver Verifier.
Where can I download Driver Verifier?


When you perform all this we can only hope it will work, if you encounter new BSOD, again share results
by following same procedure and then we'll se what could possibly be done next.


Hopefully somebody can help me on how to traverse and dig trough corrupted list in order to identify faulting driver/application, cos I got lost in digging process. :shock:


Here is a verbose output:

Code:
6: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************


KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure.  The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
Arg2: ffffd00023a50310, Address of the trap frame for the exception that caused the bugcheck
Arg3: ffffd00023a50268, Address of the exception record for the exception that caused the bugcheck
Arg4: 0000000000000000, Reserved


Debugging Details:
------------------




TRAP_FRAME:  ffffd00023a50310 -- (.trap 0xffffd00023a50310)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffffe0017875c960 rbx=0000000000000000 rcx=0000000000000003
rdx=ffffe00177d354e0 rsi=0000000000000000 rdi=0000000000000000
rip=fffff800af111acd rsp=ffffd00023a504a0 rbp=0000000000000000
 r8=0000000000000000  r9=0000000000000002 r10=ffffe00177bb6800
r11=ffffe0017be1a970 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei ng nz na pe cy
ndis!ndisNsiGetInterfaceInformation+0x21b8d:
fffff800`af111acd cd29            int     29h
Resetting default scope


EXCEPTION_RECORD:  ffffd00023a50268 -- (.exr 0xffffd00023a50268)
ExceptionAddress: fffff800af111acd (ndis!ndisNsiGetInterfaceInformation+0x0000000000021b8d)
   ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
  ExceptionFlags: 00000001
NumberParameters: 1
   Parameter[0]: 0000000000000003


CUSTOMER_CRASH_COUNT:  1


DEFAULT_BUCKET_ID:  LIST_ENTRY_CORRUPT


BUGCHECK_STR:  0x139


PROCESS_NAME:  svchost.exe


CURRENT_IRQL:  2


ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.


EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.


EXCEPTION_PARAMETER1:  0000000000000003


ANALYSIS_VERSION: 6.3.9600.17298 (debuggers(dbg).141024-1500) amd64fre


LAST_CONTROL_TRANSFER:  from fffff8028cf6a7e9 to fffff8028cf5eca0


STACK_TEXT:  
ffffd000`23a4ffe8 fffff802`8cf6a7e9 : 00000000`00000139 00000000`00000003 ffffd000`23a50310 ffffd000`23a50268 : nt!KeBugCheckEx
ffffd000`23a4fff0 fffff802`8cf6ab10 : 00000000`00000000 00000000`00000001 ffffd000`23a501d8 ffffd000`00000000 : nt!KiBugCheckDispatch+0x69
ffffd000`23a50130 fffff802`8cf69d34 : ffffc000`fce62890 00000002`0000000c 00000000`00000000 ffffc000`fce62d00 : nt!KiFastFailDispatch+0xd0
ffffd000`23a50310 fffff800`af111acd : 00000000`ffffe001 00000000`00000000 ffffd000`23a50610 00000000`00000000 : nt!KiRaiseSecurityCheckFailure+0xf4
ffffd000`23a504a0 fffff800`aee0e572 : ffffd000`23a50610 ffffe001`7be1a902 ffffe001`7be1a900 00000000`00000000 : ndis!ndisNsiGetInterfaceInformation+0x21b8d
ffffd000`23a50550 fffff800`affada25 : 00000000`00000050 00000000`00000050 ffffe001`77d45390 00000000`00000000 : NETIO!NsiGetParameterEx+0x222
ffffd000`23a506b0 fffff800`affadbe3 : 00000000`00000000 ffffe001`7a046fb0 ffffe001`7a046ee0 00000000`00000000 : nsiproxy!NsippGetParameter+0x195
ffffd000`23a50840 fffff802`8d23377f : 00000000`00000000 ffffe001`7a046ee0 ffffe001`7a046ee0 00000000`00000001 : nsiproxy!NsippDispatch+0x53
ffffd000`23a50880 fffff802`8d232d22 : ffffd000`23a50a38 00000000`00000000 00000000`00000000 00000000`00000000 : nt!IopXxxControlFile+0xa4f
ffffd000`23a50a20 fffff802`8cf6a4b3 : ffffe001`7b06b080 00000000`001f0003 00000066`0d4df468 00000000`00000001 : nt!NtDeviceIoControlFile+0x56
ffffd000`23a50a90 00007ff9`5fb7123a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000066`0d4df4e8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ff9`5fb7123a




STACK_COMMAND:  kb


FOLLOWUP_IP: 
NETIO!NsiGetParameterEx+222
fffff800`aee0e572 8bd8            mov     ebx,eax


SYMBOL_STACK_INDEX:  5


SYMBOL_NAME:  NETIO!NsiGetParameterEx+222


FOLLOWUP_NAME:  MachineOwner


MODULE_NAME: NETIO


IMAGE_NAME:  NETIO.SYS


DEBUG_FLR_IMAGE_TIMESTAMP:  546029c5


IMAGE_VERSION:  6.3.9600.17485


BUCKET_ID_FUNC_OFFSET:  222


FAILURE_BUCKET_ID:  0x139_3_NETIO!NsiGetParameterEx


BUCKET_ID:  0x139_3_NETIO!NsiGetParameterEx


ANALYSIS_SOURCE:  KM


FAILURE_ID_HASH_STRING:  km:0x139_3_netio!nsigetparameterex


FAILURE_ID_HASH:  {863902cf-27d7-671f-3d7f-44a47e15711d}


Followup: MachineOwner
---------


6: kd> .exr 0xffffd00023a50268
ExceptionAddress: fffff800af111acd (ndis!ndisNsiGetInterfaceInformation+0x0000000000021b8d)
   ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
  ExceptionFlags: 00000001
NumberParameters: 1
   Parameter[0]: 0000000000000003
6: kd> lmnt
start             end                 module name
fffff800`ae41c000 fffff800`ae499000   mcupdate_GenuineIntel mcupdate_GenuineIntel.dll Fri Jul 04 14:59:36 2014 (53B6A538)
fffff800`ae499000 fffff800`ae4a7000   werkernel werkernel.sys Thu Aug 22 13:40:24 2013 (5215F8A8)
fffff800`ae4a7000 fffff800`ae509000   CLFS     CLFS.SYS     Wed Mar 04 01:51:05 2015 (54F656F9)
fffff800`ae509000 fffff800`ae52b000   tm       tm.sys       Thu Aug 22 13:39:33 2013 (5215F875)
fffff800`ae52b000 fffff800`ae540000   PSHED    PSHED.dll    Sat Sep 14 15:57:19 2013 (52346B3F)
fffff800`ae540000 fffff800`ae54a000   BOOTVID  BOOTVID.dll  Thu Aug 22 13:40:26 2013 (5215F8AA)
fffff800`ae54a000 fffff800`ae5d2000   CI       CI.dll       Sat Dec 06 04:23:28 2014 (548276B0)
fffff800`ae61c000 fffff800`ae679000   msrpc    msrpc.sys    Thu Aug 22 13:39:22 2013 (5215F86A)
fffff800`ae679000 fffff800`ae748000   Wdf01000 Wdf01000.sys Thu Aug 22 13:38:56 2013 (5215F850)
fffff800`ae748000 fffff800`ae759000   WDFLDR   WDFLDR.SYS   Thu Aug 22 13:39:03 2013 (5215F857)
fffff800`ae759000 fffff800`ae771000   acpiex   acpiex.sys   Thu Aug 22 13:37:47 2013 (5215F80B)
fffff800`ae771000 fffff800`ae77c000   WppRecorder WppRecorder.sys Thu Aug 22 13:39:40 2013 (5215F87C)
fffff800`ae77c000 fffff800`ae7e5000   spaceport spaceport.sys Wed Oct 29 03:47:03 2014 (54505527)
fffff800`ae800000 fffff800`ae81c000   pdc      pdc.sys      Wed Oct 15 06:34:24 2014 (543DF950)
fffff800`ae81c000 fffff800`ae834000   partmgr  partmgr.sys  Wed Oct 08 09:34:42 2014 (5434E912)
fffff800`ae834000 fffff800`ae849000   volmgr   volmgr.sys   Thu Aug 22 13:39:53 2013 (5215F889)
fffff800`ae86f000 fffff800`ae8f7000   ACPI     ACPI.sys     Tue Oct 07 05:29:50 2014 (54335E2E)
fffff800`ae8f7000 fffff800`ae901000   WMILIB   WMILIB.SYS   Thu Aug 22 13:40:23 2013 (5215F8A7)
fffff800`ae901000 fffff800`ae98d000   cng      cng.sys      Wed Jan 14 03:29:05 2015 (54B5D471)
fffff800`ae99b000 fffff800`ae9a5000   msisadrv msisadrv.sys Thu Aug 22 13:39:03 2013 (5215F857)
fffff800`ae9a5000 fffff800`ae9ed000   pci      pci.sys      Thu Jul 24 13:45:24 2014 (53D0F1D4)
fffff800`ae9ed000 fffff800`ae9fa000   vdrvroot vdrvroot.sys Thu Aug 22 13:38:49 2013 (5215F849)
fffff800`aea00000 fffff800`aea5c000   fltmgr   fltmgr.sys   Tue Aug 26 04:25:16 2014 (53FBF00C)
fffff800`aea5c000 fffff800`aea72000   fileinfo fileinfo.sys Sat Feb 22 13:13:10 2014 (53089456)
fffff800`aea7f000 fffff800`aeade000   volmgrx  volmgrx.sys  Thu Aug 22 13:40:23 2013 (5215F8A7)
fffff800`aeade000 fffff800`aeaf9000   mountmgr mountmgr.sys Tue Oct 07 03:18:16 2014 (54333F58)
fffff800`aeaf9000 fffff800`aeb16000   storahci storahci.sys Thu Aug 22 13:40:39 2013 (5215F8B7)
fffff800`aeb16000 fffff800`aeb74000   storport storport.sys Thu Sep 25 04:47:07 2014 (5423822B)
fffff800`aeb74000 fffff800`aeb94000   EhStorTcgDrv EhStorTcgDrv.sys Thu Aug 22 13:37:30 2013 (5215F7FA)
fffff800`aeb94000 fffff800`aebae000   EhStorClass EhStorClass.sys Thu Aug 22 13:38:15 2013 (5215F827)
fffff800`aebae000 fffff800`aebd9000   Wof      Wof.sys      Thu Mar 13 09:27:29 2014 (53216BF1)
fffff800`aec00000 fffff800`aec0e000   BasicRender BasicRender.sys Sat Feb 22 13:14:02 2014 (5308948A)
fffff800`aec5e000 fffff800`aeca1000   WdFilter WdFilter.sys Fri Jan 30 11:20:58 2015 (54CB5B0A)
fffff800`aeca1000 fffff800`aed36000   fvevol   fvevol.sys   Tue Apr 08 00:25:31 2014 (534325DB)
fffff800`aed36000 fffff800`aed8c000   CLASSPNP CLASSPNP.SYS Wed Oct 08 07:22:07 2014 (5434C9FF)
fffff800`aedbf000 fffff800`aeded000   cdrom    cdrom.sys    Thu Aug 22 10:46:35 2013 (5215CFEB)
fffff800`aeded000 fffff800`aedf5000   Beep     Beep.SYS     Thu Aug 22 13:40:24 2013 (5215F8A8)
fffff800`aee00000 fffff800`aee78000   NETIO    NETIO.SYS    Mon Nov 10 03:58:13 2014 (546029C5)
fffff800`aee78000 fffff800`aeea9000   ksecpkg  ksecpkg.sys  Mon Jan 12 04:01:17 2015 (54B338FD)
fffff800`aeea9000 fffff800`aeeb2000   Null     Null.SYS     Thu Aug 22 13:40:24 2013 (5215F8A8)
fffff800`aeeb2000 fffff800`af0ac000   Ntfs     Ntfs.sys     Sat Oct 11 02:35:55 2014 (54387B6B)
fffff800`af0ac000 fffff800`af0c8000   ksecdd   ksecdd.sys   Wed Oct 29 03:47:36 2014 (54505548)
fffff800`af0c8000 fffff800`af0d8000   pcw      pcw.sys      Thu Aug 22 10:46:34 2013 (5215CFEA)
fffff800`af0d8000 fffff800`af0e3000   Fs_Rec   Fs_Rec.sys   Thu Aug 22 10:46:33 2013 (5215CFE9)
fffff800`af0e3000 fffff800`af1fa000   ndis     ndis.sys     Tue Feb 03 01:03:15 2015 (54D01043)
fffff800`af200000 fffff800`af246000   rdyboost rdyboost.sys Sat Feb 22 13:13:40 2014 (53089474)
fffff800`af246000 fffff800`af25d000   mup      mup.sys      Thu Aug 22 13:40:28 2013 (5215F8AC)
fffff800`af25d000 fffff800`af26c000   intelpep intelpep.sys Wed Oct 15 08:29:44 2014 (543E1458)
fffff800`af26c000 fffff800`af281000   crashdmp crashdmp.sys Thu Aug 22 13:40:03 2013 (5215F893)
fffff800`af292000 fffff800`af4fe000   tcpip    tcpip.sys    Mon Nov 10 03:59:03 2014 (546029F7)
fffff800`af4fe000 fffff800`af56a000   fwpkclnt fwpkclnt.sys Mon Nov 10 03:57:40 2014 (546029A4)
fffff800`af56a000 fffff800`af58f000   wfplwfs  wfplwfs.sys  Mon Nov 10 03:57:28 2014 (54602998)
fffff800`af58f000 fffff800`af5de000   volsnap  volsnap.sys  Thu Jun 19 00:41:28 2014 (53A21598)
fffff800`af5de000 fffff800`af5fa000   disk     disk.sys     Thu Aug 22 13:39:47 2013 (5215F883)
fffff800`af814000 fffff800`af994000   dxgkrnl  dxgkrnl.sys  Wed Oct 29 03:46:45 2014 (54505515)
fffff800`af994000 fffff800`af9a6000   watchdog watchdog.sys Sat Feb 22 13:14:39 2014 (530894AF)
fffff800`afa00000 fffff800`afa18000   vwififlt vwififlt.sys Wed Apr 30 08:43:46 2014 (53609BA2)
fffff800`afa1e000 fffff800`afa81000   dxgmms1  dxgmms1.sys  Wed Oct 29 03:46:30 2014 (54505506)
fffff800`afa81000 fffff800`afa93000   BasicDisplay BasicDisplay.sys Thu Aug 22 13:39:31 2013 (5215F873)
fffff800`afa93000 fffff800`afaa7000   Npfs     Npfs.SYS     Thu Aug 22 13:40:25 2013 (5215F8A9)
fffff800`afaa7000 fffff800`afab3000   Msfs     Msfs.SYS     Thu Aug 22 13:40:24 2013 (5215F8A8)
fffff800`afab3000 fffff800`afad3000   tdx      tdx.sys      Thu Aug 22 13:36:34 2013 (5215F7C2)
fffff800`afad3000 fffff800`afae1000   TDI      TDI.SYS      Thu Aug 22 13:39:01 2013 (5215F855)
fffff800`afae1000 fffff800`afb2d000   netbt    netbt.sys    Thu Aug 22 13:37:01 2013 (5215F7DD)
fffff800`afb2d000 fffff800`afbbf000   afd      afd.sys      Fri May 30 05:03:01 2014 (5387F4E5)
fffff800`afbbf000 fffff800`afbe9000   pacer    pacer.sys    Wed Oct 29 03:45:30 2014 (545054CA)
fffff800`afbe9000 fffff800`afbfa000   netbios  netbios.sys  Wed Oct 29 03:47:23 2014 (5450553B)
fffff800`afc00000 fffff800`afc6a000   usbhub   usbhub.sys   Thu Jul 24 13:45:29 2014 (53D0F1D9)
fffff800`afc8b000 fffff800`afcfb000   rdbss    rdbss.sys    Tue Dec 17 08:21:22 2013 (52AFFB72)
fffff800`afcfb000 fffff800`afd89000   csc      csc.sys      Wed Oct 29 03:46:49 2014 (54505519)
fffff800`afd89000 fffff800`afdaf000   VBoxUSBMon VBoxUSBMon.sys Mon Mar 02 15:18:55 2015 (54F4714F)
fffff800`afdaf000 fffff800`afde3000   rdpdr    rdpdr.sys    Thu Aug 22 13:36:46 2013 (5215F7CE)
fffff800`afe00000 fffff800`afe26000   dfsc     dfsc.sys     Thu Mar 06 10:22:50 2014 (53183E6A)
fffff800`afe37000 fffff800`afe40000   atkwmiacpi64 atkwmiacpi64.sys Tue Jul 02 10:35:32 2013 (51D290D4)
fffff800`afe40000 fffff800`afe57000   ahcache  ahcache.sys  Fri Dec 12 01:51:20 2014 (548A3C08)
fffff800`afe57000 fffff800`afe7f000   VBoxNetAdp VBoxNetAdp.sys Mon Mar 02 15:18:55 2015 (54F4714F)
fffff800`afe7f000 fffff800`afe8e000   CompositeBus CompositeBus.sys Thu Aug 22 13:38:48 2013 (5215F848)
fffff800`afe8e000 fffff800`afe99000   kdnic    kdnic.sys    Thu Aug 22 13:38:26 2013 (5215F832)
fffff800`afe99000 fffff800`afec4000   VBoxNetFlt VBoxNetFlt.sys Mon Mar 02 15:18:54 2015 (54F4714E)
fffff800`afec7000 fffff800`affac000   VBoxDrv  VBoxDrv.sys  Mon Mar 02 15:20:04 2015 (54F47194)
fffff800`affac000 fffff800`affba000   nsiproxy nsiproxy.sys Wed Oct 29 03:46:03 2014 (545054EB)
fffff800`affba000 fffff800`affc6000   npsvctrig npsvctrig.sys Thu Aug 22 13:38:22 2013 (5215F82E)
fffff800`affc6000 fffff800`affd2000   mssmbios mssmbios.sys Thu Aug 22 13:39:41 2013 (5215F87D)
fffff800`affd2000 fffff800`affdc000   HWiNFO64A HWiNFO64A.SYS Thu Oct 02 20:24:39 2014 (542D9867)
fffff800`affdc000 fffff800`affed000   umbus    umbus.sys    Thu Aug 22 13:38:59 2013 (5215F853)
fffff800`b0000000 fffff800`b006f000   USBPORT  USBPORT.SYS  Sat May 31 08:30:25 2014 (53897701)
fffff800`b006f000 fffff800`b00bd000   ks       ks.sys       Fri Jul 04 14:58:59 2014 (53B6A513)
fffff800`b00bd000 fffff800`b00c9000   USBD     USBD.SYS     Sat May 31 08:31:17 2014 (53897735)
fffff800`b00e5000 fffff800`b0b1d000   nvlddmkm nvlddmkm.sys Wed Apr 08 22:32:37 2015 (55259065)
fffff800`b0b1d000 fffff800`b0b72000   USBXHCI  USBXHCI.SYS  Tue Oct 07 07:00:56 2014 (54337388)
fffff800`b0b72000 fffff800`b0ba4000   ucx01000 ucx01000.sys Tue Oct 07 07:00:55 2014 (54337387)
fffff800`b0ba4000 fffff800`b0be1000   WUDFRd   WUDFRd.sys   Wed Oct 29 03:46:13 2014 (545054F5)
fffff800`b0be1000 fffff800`b0bef000   ScpVBus  ScpVBus.sys  Sun May 05 23:31:26 2013 (5186CFAE)
fffff800`b0bef000 fffff800`b0bfa000   rdpbus   rdpbus.sys   Thu Aug 22 13:38:52 2013 (5215F84C)
fffff800`b0c00000 fffff800`b0fb8000   igdkmd64 igdkmd64.sys Wed Apr 23 22:26:24 2014 (535821F0)
fffff800`b0fb8000 fffff800`b0fd1000   HDAudBus HDAudBus.sys Thu Jul 24 13:45:39 2014 (53D0F1E3)
fffff800`b0fd1000 fffff800`b0fd3880   AiCharger AiCharger.sys Fri Sep 23 04:04:40 2011 (4E7BE938)
fffff800`b0fd4000 fffff800`b0fec000   usbehci  usbehci.sys  Sat May 31 08:29:54 2014 (538976E2)
fffff800`b0fec000 fffff800`b0ffd480   WmXlCore WmXlCore.sys Tue Apr 27 22:09:26 2010 (4BD74476)
fffff800`b1000000 fffff800`b101e000   intelppm intelppm.sys Thu Aug 22 10:46:35 2013 (5215CFEB)
fffff800`b101e000 fffff800`b1026000   AsHIDSwitch64 AsHIDSwitch64.sys Tue Oct 08 03:45:17 2013 (525363AD)
fffff800`b1026000 fffff800`b1045000   HIDCLASS HIDCLASS.SYS Thu Mar 06 10:24:40 2014 (53183ED8)
fffff800`b1045000 fffff800`b104cf00   HIDPARSE HIDPARSE.SYS Thu Aug 22 13:40:26 2013 (5215F8AA)
fffff800`b104d000 fffff800`b105a000   nvvad64v nvvad64v.sys Thu Nov 20 16:33:54 2014 (546E09E2)
fffff800`b105a000 fffff800`b10a1000   portcls  portcls.sys  Wed Oct 29 03:46:35 2014 (5450550B)
fffff800`b10a1000 fffff800`b10bd000   drmk     drmk.sys     Wed Oct 29 03:47:38 2014 (5450554A)
fffff800`b10bd000 fffff800`b10c2300   ksthunk  ksthunk.sys  Thu Aug 22 13:39:31 2013 (5215F873)
fffff800`b10c3000 fffff800`b10c7d00   WmBEnum  WmBEnum.sys  Tue Apr 27 22:10:19 2010 (4BD744AB)
fffff800`b10cc000 fffff800`b144b000   NETwbw02 NETwbw02.sys Tue Jul 22 12:29:40 2014 (53CE3D14)
fffff800`b144b000 fffff800`b1458000   vwifibus vwifibus.sys Thu Aug 22 13:39:00 2013 (5215F854)
fffff800`b1458000 fffff800`b1527000   Rt630x64 Rt630x64.sys Tue Nov 26 08:32:54 2013 (52944EA6)
fffff800`b1527000 fffff800`b1546000   i8042prt i8042prt.sys Tue Nov 04 07:54:54 2014 (5458783E)
fffff800`b1546000 fffff800`b159e000   AsusTP   AsusTP.sys   Tue Jan 07 02:47:17 2014 (52CB5CA5)
fffff800`b159e000 fffff800`b15ae000   mouclass mouclass.sys Tue Nov 04 07:54:47 2014 (54587837)
fffff800`b15ae000 fffff800`b15c0000   kbdclass kbdclass.sys Tue Nov 04 07:54:54 2014 (5458783E)
fffff800`b15c0000 fffff800`b15ca000   kbldfltr kbldfltr.sys Thu Aug 22 13:38:37 2013 (5215F83D)
fffff800`b15ca000 fffff800`b15d0380   CmBatt   CmBatt.sys   Thu Aug 22 13:39:43 2013 (5215F87F)
fffff800`b15d1000 fffff800`b15dd000   BATTC    BATTC.SYS    Thu Aug 22 13:40:04 2013 (5215F894)
fffff800`b15dd000 fffff800`b15e7000   wmiacpi  wmiacpi.sys  Thu Aug 22 13:40:04 2013 (5215F894)
fffff800`b15e7000 fffff800`b15f2000   NdisVirtualBus NdisVirtualBus.sys Thu Aug 22 13:36:25 2013 (5215F7B9)
fffff800`b15f2000 fffff800`b15f3600   swenum   swenum.sys   Wed Oct 29 03:47:41 2014 (5450554D)
fffff800`b15f4000 fffff800`b1600000   iwdbus   iwdbus.sys   Thu Mar 13 22:59:14 2014 (53222A32)
fffff800`b1600000 fffff800`b16a9000   peauth   peauth.sys   Sat Feb 22 13:09:37 2014 (53089381)
fffff800`b16ae000 fffff800`b1721000   IntcDAud IntcDAud.sys Fri Feb 21 14:50:26 2014 (530759A2)
fffff800`b1721000 fffff800`b1799000   UsbHub3  UsbHub3.sys  Wed Oct 08 09:32:50 2014 (5434E8A2)
fffff800`b1799000 fffff800`b17b6000   Ndu      Ndu.sys      Wed Oct 29 03:45:16 2014 (545054BC)
fffff800`b17b6000 fffff800`b17f9000   srvnet   srvnet.sys   Fri Jun 27 08:22:21 2014 (53AD0D9D)
fffff800`b1806000 fffff800`b1c2a900   RTKVHD64 RTKVHD64.sys Wed Dec 10 08:53:17 2014 (5487FBED)
fffff800`b1c2b000 fffff800`b1c52000   usbccgp  usbccgp.sys  Thu Jul 24 13:44:51 2014 (53D0F1B3)
fffff800`b1c52000 fffff800`b1c85f00   usbvideo usbvideo.sys Sat Jun 21 09:33:39 2014 (53A53553)
fffff800`b1c86000 fffff800`b1cd9000   RtsUVStor RtsUVStor.sys Tue Jul 09 08:33:53 2013 (51DBAED1)
fffff800`b1cd9000 fffff800`b1cf2000   BTHUSB   BTHUSB.sys   Wed Oct 29 03:46:16 2014 (545054F8)
fffff800`b1cf2000 fffff800`b1dec000   HTTP     HTTP.sys     Tue Feb 24 01:40:28 2015 (54EBC87C)
fffff800`b1e00000 fffff800`b1e6d000   mrxsmb   mrxsmb.sys   Wed Oct 08 09:32:08 2014 (5434E878)
fffff800`b1e6d000 fffff800`b1ea5000   mrxsmb20 mrxsmb20.sys Sat Sep 27 06:59:28 2014 (54264430)
fffff800`b1ea5000 fffff800`b1eb5000   condrv   condrv.sys   Thu Aug 22 13:40:17 2013 (5215F8A1)
fffff800`b1eb5000 fffff800`b1ece000   IntelHaxm IntelHaxm.sys Tue Nov 18 08:02:14 2014 (546AEEF6)
fffff800`b1ece000 fffff800`b1ee0000   tcpipreg tcpipreg.sys Thu Mar 06 10:19:59 2014 (53183DBF)
fffff800`b1ee2000 fffff800`b200d000   bthport  bthport.sys  Wed Oct 29 03:45:37 2014 (545054D1)
fffff800`b200d000 fffff800`b2019000   dump_diskdump dump_diskdump.sys Thu Aug 22 13:40:18 2013 (5215F8A2)
fffff800`b2019000 fffff800`b2036000   dump_storahci dump_storahci.sys Thu Aug 22 13:40:39 2013 (5215F8B7)
fffff800`b2036000 fffff800`b204c000   dump_dumpfve dump_dumpfve.sys Sat Feb 22 13:14:48 2014 (530894B8)
fffff800`b204c000 fffff800`b205a000   hidusb   hidusb.sys   Thu Mar 06 10:24:14 2014 (53183EBE)
fffff800`b205a000 fffff800`b2067000   mouhid   mouhid.sys   Tue Nov 04 07:54:47 2014 (54587837)
fffff800`b2067000 fffff800`b2075000   kbdhid   kbdhid.sys   Tue Nov 04 07:54:47 2014 (54587837)
fffff800`b2075000 fffff800`b2083000   monitor  monitor.sys  Thu Aug 22 13:36:37 2013 (5215F7C5)
fffff800`b2083000 fffff800`b20a7000   luafv    luafv.sys    Sat Feb 22 13:14:25 2014 (530894A1)
fffff800`b20a7000 fffff800`b20bb000   lltdio   lltdio.sys   Thu Aug 22 13:36:18 2013 (5215F7B2)
fffff800`b20bb000 fffff800`b212f000   nwifi    nwifi.sys    Wed Oct 29 03:45:41 2014 (545054D5)
fffff800`b212f000 fffff800`b2143000   ndisuio  ndisuio.sys  Thu Aug 22 13:37:34 2013 (5215F7FE)
fffff800`b2143000 fffff800`b215b000   rspndr   rspndr.sys   Thu Aug 22 13:36:34 2013 (5215F7C2)
fffff800`b215b000 fffff800`b2163000   ASMMAP64 ASMMAP64.sys Thu Jul 02 11:13:26 2009 (4A4C7A36)
fffff800`b2163000 fffff800`b2183000   bowser   bowser.sys   Thu Aug 22 13:38:38 2013 (5215F83E)
fffff800`b2183000 fffff800`b219a000   mpsdrv   mpsdrv.sys   Wed Oct 29 03:45:31 2014 (545054CB)
fffff800`b219a000 fffff800`b21e5000   mrxsmb10 mrxsmb10.sys Thu Mar 06 10:19:36 2014 (53183DA8)
fffff800`b21e5000 fffff800`b21f1000   npf      npf.sys      Fri Mar 01 02:31:24 2013 (513004EC)
fffff800`b21f1000 fffff800`b21fc000   secdrv   secdrv.SYS   Wed Sep 13 15:18:38 2006 (4508052E)
fffff800`b2400000 fffff800`b2416000   mslldp   mslldp.sys   Wed Oct 29 03:45:39 2014 (545054D3)
fffff800`b2416000 fffff800`b2437000   WudfPf   WudfPf.sys   Wed Oct 29 03:46:27 2014 (54505503)
fffff800`b2437000 fffff800`b2442000   rdpvideominiport rdpvideominiport.sys Wed Oct 29 03:47:25 2014 (5450553D)
fffff800`b2442000 fffff800`b244d000   WSDScan  WSDScan.sys  Wed Oct 29 03:47:48 2014 (54505554)
fffff800`b244d000 fffff800`b2458000   WSDPrint WSDPrint.sys Thu Aug 22 13:39:58 2013 (5215F88E)
fffff800`b2458000 fffff800`b2462000   NvStreamKms NvStreamKms.sys Tue Mar 17 07:19:52 2015 (5507C788)
fffff800`b2463000 fffff800`b2510000   srv2     srv2.sys     Wed Oct 08 09:33:30 2014 (5434E8CA)
fffff800`b2510000 fffff800`b259e000   srv      srv.sys      Thu Jul 24 13:43:27 2014 (53D0F15F)
fffff800`b259e000 fffff800`b25cb000   tunnel   tunnel.sys   Thu Aug 22 13:35:45 2013 (5215F791)
fffff800`b25cb000 fffff800`b25da000   vwifimp  vwifimp.sys  Wed Apr 30 08:41:59 2014 (53609B37)
fffff800`b25da000 fffff800`b25f9000   WdNisDrv WdNisDrv.sys Fri Jan 30 11:21:48 2015 (54CB5B3C)
fffff802`8c152000 fffff802`8c15b000   kd       kd.dll       Thu Aug 22 13:40:43 2013 (5215F8BB)
fffff802`8ce0e000 fffff802`8d5a2000   nt       ntkrnlmp.exe Sun Mar 22 23:26:46 2015 (550F41A6)
fffff802`8d5a2000 fffff802`8d612000   hal      hal.dll      Mon Jun 02 00:49:12 2014 (538BADE8)
fffff960`0001d000 fffff960`00433000   win32k   win32k.sys   Thu Feb 26 00:26:26 2015 (54EE5A22)
fffff960`00727000 fffff960`00730000   TSDDD    TSDDD.dll    unavailable (00000000)
fffff960`0088b000 fffff960`008c5000   cdd      cdd.dll      unavailable (00000000)


Unloaded modules:
fffff800`af281000 fffff800`af28d000   dump_storpor
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0000C000
fffff800`aed8c000 fffff800`aeda9000   dump_storahc
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0001D000
fffff800`aeda9000 fffff800`aedbf000   dump_dumpfve
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00016000
fffff800`b0ba4000 fffff800`b0be1000   WUDFRd.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0003D000
fffff800`afe26000 fffff800`afe37000   dam.sys 
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00011000
fffff800`ae98d000 fffff800`ae99b000   WdBoot.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0000E000
fffff800`af26c000 fffff800`af278000   hwpolicy.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0000C000
 
Last edited:

My Computer

System One

  • OS
    Windows 8.1 Enterprise
Looks like bad driver code, the same parameters passed and the same function misbehaving is a good sign.
Almost certainly your network driver that's at fault, but without a better dump file it's impossible to say because minidumps aren't helpful.
It keeps overrunning a stack buffer that corrupts the return address, potentially allowing a malicious attack, hence this bugcheck.

Driver Verifier is your best bet if you want a solid answer.
Your network drivers are out of date.
 

My Computer

System One

  • OS
    Windows 7
Hi.

Updating Intel(R) PROSet/Wireless did not help. Also messing with drivers did not show any positive behaviour.
Luckly I did system restore point a month ago.
After restoring the problem
disappeared. I managed to get the system to same point with all updates and drivers except for nvidia update for geferoce experience, game driver and physixdriver. I will attempt that tommorow. Im afraid this issue will re-appear after while. When that happens I will give driver verifier another go
 

My Computer

System One

  • OS
    WIN 8.1
Hi, it could help if you perform as many steps provided as possible,
and provide feedback/output of performed/skipped steps.
 

My Computer

System One

  • OS
    Windows 8.1 Enterprise
Alright...

-I didn't remove any bloatware, as it its crucial for laptops fatures and can mess up stuff. Belive it or not when asus provides 100 useless drivers it is easy to get them conflicted. Took me a while to get everything set up the first time..
-SCP DS3 was not removed
-Oddly pnkbustr came was installed along with windows or one basic programs. It is located SysWOW64 and can't be removed with add/remove. -Let me know if you know more about this. It kind of bothers me
-I updated ATK diver and Intel(R) PROSet/Wireless, but it didn't resolve issue.
-sfc /scannow showed no issues
-windows were already updated to date and drivers should not be updating.
-I will do malware scan after this.
-I did not attemt to turn on DEP for all programs. How would this help?
-Verifying drivers caused bsod on boot, so i imagined it would take a while to get any results from this..
 

My Computer

System One

  • OS
    WIN 8.1
Malwarebyte detected nothing, besides few PUPs.
After updating geforce experience, driver, and physix everything still appears to be working
 

My Computer

System One

  • OS
    WIN 8.1
Back
Top