BSOD Windows 8.1 : Driver Verifier gives me again ntoskrnl.exe

Hi,

I have multiple BSODs on my computer.
They are never coming at startup. Only after some few hours of use.
It was always a ntoskrnl.exe error. So I've used Driver Verifier.

At first, it seems to be related to my graphic card. When I removed it, the BSOD were not appearing.
I changed my card with a new one and use Windows' Driver Verifier. The Nvidia driver was the culprit : nvlddmkm.sys.
I have written to Asus. They tell me to use the driver on their website.

It seems to work but then another BSOD. This time with Driver Verifier activated, it looks like the ethernet port has a problem : e22w8x64.sys.
This time, it's related to a Qualcomm software that causes BSOD on MSI mothercard : http://service.msicomputer.com/msi_user/TechFAQdetail.aspx?formid=3054
I took care of this problem by just installing the .inf driver, not the software.

Thought it was ok now ?
No ! Now still have BSOD, but Driver verifier gives me (again!) : 
"This was probably caused by the following module: ntoskrnl.exe (nt+0x14DCA0) 
Bugcheck code: 0x109 (0xA3A01F589C52455C, 0xB3B72BDEEED24637, 0xFFFFF8002A060000, 0x3)
Error: CRITICAL_STRUCTURE_CORRUPTION
file path: C:\Windows\system32\ntoskrnl.exe"


Any ideas ?

Thanks,
Georges


Computer :
- Alimentation : LDLC QS-550+ Quality Select 80PLUS Gold 
- Carte mère : MSI Z87-G45 GAMING 
- Processeur : Intel Core i5-4670K (3.4 GHz) 
- Ventirad CPU : Cooler Master Hyper 412S 
- Mémoire : G.Skill Ares Blue Series 8 Go (2 x 4 Go) DDR3 2400 MHz CL11  + Kingston 4Go DDR3 1600
- Carte graphique : ASUS GTX770-DC2OC-2GD5 - GeForce GTX 770 2 Go 
- Carte réseau : Intel Centrino Advanced N6205 for Desktop 
|

* Please try a lower page number.

* Please enter only numbers.

* Please try a lower page number.

* Please enter only numbers.

Hi,

Please upload the dump files elsewhere - Skydrive, Mediafire, etc.

Regards,

Patrick
Debugger/Reverse Engineer.

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

http://sdrv.ms/1bNAC7s here ;)
Driver verifier activated 

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Much appreciated, thank you.

The attached DMP file is of the CRITICAL_STRUCTURE_CORRUPTION (109) bug check.

This indicates that the kernel has detected critical kernel code or data corruption.

There are generally two causes for this bug check:
  1. A driver has inadvertently, or deliberately, modified critical kernel code or data. Microsoft Windows Server 2003 with Service Pack 1 (SP1) and later versions of Windows for x64-based computers do not allow the kernel to be patched except through authorized Microsoft-originated hot patches. For more information, see Patching Policy for x64-based Systems.
  2. A hardware corruption occurred. For example, the kernel code or data could have been stored in memory that failed.

-- BUCKET_ID:  BAD_STACK


0: kd> !verifier
fffff80122cd6d00: Unable to get verifier list.


As with most *109 bug checks, we have no information whatsoever, therefore some detective work will be necessary.

-------------------


1. Remove and replace BitDefender with Windows 8's built-in Windows Defender for temporary troubleshooting purposes:

BitDefender removal - http://www.bitdefender.com/support/how-to-uninstall-bitdefender-333.html

Windows Defender (how to turn on after removal) - http://www.eightforums.com/tutorials/21962-windows-defender-turn-off-windows-8-a.html


2. SSPORT.sys is listed and loaded which is the Samsung printer driver. If we run an lmvm on it for some info:


0: kd> lmvm SSPORT
start             end                 module name
fffff800`04363000 fffff800`0436b000   SSPORT     (deferred)            
    Image path: SSPORT.sys
    Image name: SSPORT.sys
    Timestamp:        Thu Aug 11 19:07:32 2005


^^ The device drivers are dated from 2005, this is absolutely way too old for Windows 8. Check for a driver update, and if not, remove the printer software and disconnect the printer.


Regards,


Patrick

Debugger/Reverse Engineer.

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

BitDefender removed & Windows Defender installed : done!
Uninstall printer driver and install recent one from Samsung's website : done!

I'll wait and see if I have another BSOD.



I also ran last night MemTest+86. 5 Pass ; 0 Errors. It seems ok on this side.

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Great, keep me updated.

Regards,

Patrick
Debugger/Reverse Engineer.

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

I almost thought my problems were over.
Lol no. Here a new BSOD. 
http://sdrv.ms/LTn3cp

Thanks for helping me,
Georges

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Same bug check, barely any salvageable information.

I can see the printer driver is still there, and it's imperative that its software is removed from the system and the printer disconnected, it's simply a device driver that is far too old for Windows 8.1 to work with. If you've done both, but the driver stayed, navigate to C:\Windows\System32\Drivers and rename SSPORT.sys to SSPORT.old and restart.

If you still crash after the above, we'll need to do two things to hopefully get information:

1. Change from Small Memory Dump to Kernel-Dump > http://msdn.microsoft.com/en-us/library/windows/hardware/ff540128%28v=vs.85%29.aspx

2. Enable Driver Verifier:

Driver Verifier:

What is Driver Verifier?

Driver Verifier is included in Windows 8, 7, Windows Server 2008 R2, Windows Vista, Windows Server 2008, Windows 2000, Windows XP, and Windows Server 2003 to promote stability and reliability; you can use this tool to troubleshoot driver issues. Windows kernel-mode components can cause system corruption or system failures as a result of an improperly written driver, such as an earlier version of a Windows Driver Model (WDM) driver.

Essentially, if there's a 3rd party driver believed to be at issue, enabling Driver Verifier will help flush out the rogue driver if it detects a violation.

Before enabling Driver Verifier, it is recommended to create a System Restore Point:

Vista - START | type rstrui - create a restore point
Windows 7 - START | type create | select "Create a Restore Point"
Windows 8 - http://www.eightforums.com/tutorials/4690-restore-point-create-windows-8-a.html

How to enable Driver Verifier:

Start > type "verifier" without the quotes > Select the following options -

1. Select - "Create custom settings (for code developers)"
2. Select - "Select individual settings from a full list"
3. Check the following boxes -
- Special Pool
- Pool Tracking
- Force IRQL Checking
- Deadlock Detection
- Security Checks (Windows 7 & 8)
- DDI compliance checking (Windows 8)
- Miscellaneous Checks
4. Select  - "Select driver names from a list"
5. Click on the "Provider" tab. This will sort all of the drivers by the provider.
6. Check EVERY box that is [B]NOT[/B] provided by Microsoft / Microsoft Corporation.
7. Click on Finish.
8. Restart.

Important information regarding Driver Verifier:

- If Driver Verifier finds a violation, the system will BSOD.

- After enabling Driver Verifier and restarting the system, depending on the culprit, if for example the driver is on start-up, you may not be able to get back into normal Windows because Driver Verifier will flag it, and as stated above, that will cause / force a BSOD.

If this happens, do not panic, do the following:

- Boot into Safe Mode by repeatedly tapping the F8 key during boot-up.

- Once in Safe Mode - Start > Search > type "cmd" without the quotes.

- To turn off Driver Verifier, type in cmd "verifier /reset" without the quotes.
・    Restart and boot into normal Windows.

If your OS became corrupt or you cannot boot into Windows after disabling verifier via Safe Mode:

- Boot into Safe Mode by repeatedly tapping the F8 key during boot-up.

- Once in Safe Mode - Start > type "system restore" without the quotes.

- Choose the restore point you created earlier.

How long should I keep Driver Verifier enabled for?

It varies, many experts and analysts have different recommendations. Personally, I recommend keeping it enabled for at least 24 hours. If you don't BSOD by then, disable Driver Verifier.

My system BSOD'd, where can I find the crash dumps?

They will be located in %systemroot%\Minidump

Any other questions can most likely be answered by this article:
http://support.microsoft.com/kb/244617

the next time the system crashes, this will hopefully generate a detailed MEMORY.DMP within the C:\Windows directory. It's far larger than minidumps, so it may take a bit to upload depending on your upload speed.

Regards,

Patrick
Debugger/Reverse Engineer.

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Just got a second BSOD. Here's the dmp file : http://sdrv.ms/1lzJpwW

- SSPORT.sys : I have already deleted the .sys file ! 
I have also removed the entry from the register (HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ SSPORT).
So I don't understand how it can still be there.
I just verified again... No SSPORT.sys in the driver folder but I did a search in the C:/ partition : http://sdrv.ms/MaopQM
Should I delete all this ssport.sys files ? 

Oh, and the printer is on the network, not connected to my PC, and it's almost always on standby or offline.


- Should I change as you said to kernel dump and activate Driver Verifier ? Or wait to see if I have another BSOD ?

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

As I said, rename, not delete. Deleting will simply make it be recreated. Create a restore point before doing so also - http://www.eightforums.com/tutorials/4690-restore-point-create-windows-8-a.html

Regards,

Patrick
Debugger/Reverse Engineer.

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Okk done.

Now I wait. If I have another BSOD, I'll enable Driver Verifier with kernel dump.

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

* Please try a lower page number.

* Please enter only numbers.

* Please try a lower page number.

* Please enter only numbers.

 
 

Question Info


Last updated February 21, 2018 Views 1,602 Applies to: