Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: BSOD - DRIVER_VERIFIER_DETECTED_VIOLATION - ntoskrnl.exe


01 Apr 2013   #1

Windows 7 Home Premium 64bit
 
 
BSOD - DRIVER_VERIFIER_DETECTED_VIOLATION - ntoskrnl.exe

Over the pass few days I have been having a BSOD, so I downloaded BlueScreenView and saw that it was caused by the driver ntoskrnl.exe with the address ntoskrnl.exe+75c40. So far this error has caused 12 BSoD since the start of the year.
However I am not sure what application is causing this BSoD, so if you could help me solve this it would be much appreciated.

I have included a dump file
My Samsung Laptop Specs are:
Intel Core i5-2450M @ 2.50GHz 2.50GHZ
Integrated Intel Graphics 3000
Nvidia GeForce 520MX GPU
Mc Afee Anti-Virus
6GB Ram

My System SpecsSystem Spec
.

01 Apr 2013   #2

Microsoft Community Contributor Award Recipient

Windows 7 Professional 64bit
 
 



Your dump files appear corrupt and a lot of info is missing:

Please reconfigure windows to collect the correct info.
You want small memory dumps - "MiniDumps"

http://www.sevenforums.com/tutorials/174459-dump-files-configure-windows-create-bsod.html

And here are the instructions for posting:

http://www.sevenforums.com/crashes-d...tructions.html

Tip   Tip
Ensure you click the "GRAB ALL" button and then wait for each window to appear in turn and then click OK



Note   Note
You may have to wait for another BSOD before you can upload the new logs.


Cheers

Dave
My System SpecsSystem Spec
01 Apr 2013   #3

Windows 7 Home Premium 64bit
 
 

Quote   Quote: Originally Posted by Northernsoul55 View Post


Your dump files appear corrupt and a lot of info is missing:

Please reconfigure windows to collect the correct info.
You want small memory dumps - "MiniDumps"

http://www.sevenforums.com/tutorials/174459-dump-files-configure-windows-create-bsod.html

And here are the instructions for posting:

http://www.sevenforums.com/crashes-d...tructions.html

Tip   Tip
Ensure you click the "GRAB ALL" button and then wait for each window to appear in turn and then click OK



Note   Note
You may have to wait for another BSOD before you can upload the new logs.


Cheers

Dave
Thanks for the response, I have followed the steps and used the SF Diagnostic Tool, and this is the latest dump file (01/04/2013).
My System SpecsSystem Spec
.


01 Apr 2013   #4

Windows 7 Home Premium 64bit
 
 

Here is a entire folder that was created by the SF Tool Attachment 262168
My System SpecsSystem Spec
01 Apr 2013   #5

Microsoft Community Contributor Award Recipient

Windows 7 Professional 64bit
 
 

Hi,

From your crash dumps:

Quote:
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck C4, {91, 2, fffffa8006195ad0, 0}
Probably caused by : Unknown_Image ( ANALYSIS_INCONCLUSIVE )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
A device driver attempting to corrupt the system has been caught. This is
because the driver was specified in the registry as being suspect (by the
administrator) and the kernel has enabled substantial checking of this driver.
If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
be among the most commonly seen crashes.
Arguments:
Arg1: 0000000000000091, A driver switched stacks using a method that is not supported by
the operating system. The only supported way to extend a kernel
mode stack is by using KeExpandKernelStackAndCallout.
Arg2: 0000000000000002
Arg3: fffffa8006195ad0
Arg4: 0000000000000000
Please uninstall Daemon tools as it is well known for BSOD.
Start > click on Computer > Uninstall or change a program > choose Daemon tools. Reboot.
Once uninstalled please go here and remove the SPTD driver itself with this tool:
http://www.duplexsecure.com/en/downloads
warning   Warning
If the uninstall button is grayed out when you run the program you dont need to do anything and can close the window, if it is not click it and allow it to run. DO NOT click the install button as it will install a driver known to cause BSODs onto your system.


Quite a few Drivers found to be causing issues:
Quote:
fffff880`025771a8 fffff880`05c95cd8Unable to load image nvlddmkm.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for nvlddmkm.sys
*** ERROR: Module load completed but symbols could not be loaded for nvlddmkm.sys
nvlddmkm+0x197cd8
Relates to: Nvidia Video Drivers
Please update your driver to latest version, choose Option 2:
http://www.nvidia.com/Download/index.aspx?lang=en-us
nVidia Video drivers
Quote:
fffff880`02576b88 fffff880`067864cfUnable to load image igdkmd64.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for igdkmd64.sys
*** ERROR: Module load completed but symbols could not be loaded for igdkmd64.sys
igdkmd64 igdkmd64.sys Mon Mar 19 23:31:54 2012
Relates to: Intel Graphics driver.
Please update here:
http://downloadcenter.intel.com/Default.aspx
Quote:
fffff880`02576a90 fffff880`011cb000Unable to load image amdxata.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for amdxata.sys
*** ERROR: Module load completed but symbols could not be loaded for amdxata.sys
amdxata
Relates to: AMD storage controller driver - usually from the Windows 7 DVD
Run SFC to check the integrity of all Windows 7 system files:

Click on the Start > Type in search cmd
Right click cmd at top and Run as Administrator
Type SFC /scannow at the prompt
(Note: there is a space between SFC and /scannow)

http://www.sevenforums.com/tutorials/1538-sfc-scannow-command-system-file-checker.html
Ensure you have all the latest Window updates.

Quote:
fffff880`02575fd0 fffff880`0164c000Unable to load image nvpciflt.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for nvpciflt.sys
*** ERROR: Module load completed but symbols could not be loaded for nvpciflt.sys
nvpciflt
Relates to: nVidia 3D Vision Display driver
This should be sorted when you update the previous nvidia drivers.
Quote:
fffff880`02575ec0 fffff880`019bf000Unable to load image RapportKE64.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for RapportKE64.sys
*** ERROR: Module load completed but symbols could not be loaded for RapportKE64.sys
RapportKE64
Refers to: Trusteer Rapport
Please either update program or uninstall:

http://www.trusteer.com/download-trusteer-rapport

Quote:
fffff880`02575ca0 fffff880`0188b000Unable to load image spldr.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for spldr.sys
*** ERROR: Module load completed but symbols could not be loaded for spldr.sys
Refers to: Loader for security processor
(SFC and windows updates may sort this driver out)
Quote:
fffff880`02575a80 fffff880`01789000Unable to load image mfewfpk.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for mfewfpk.sys
*** ERROR: Module load completed but symbols could not be loaded for mfewfpk.sys
mfewfpk
Relates to: McAfee
I would suggest to uninstall McAfee:
Driver date: Tue Jan 15 18:21:30 2013

As an alternative please install
Microsoft Security Essentials.
Recommended from a strict BSOD perspective, compatibility & stability
compared to other antiviruses/internet security software.

Microsoft Security Essentials - Microsoft Windows

Once downloaded and install please run a full system scan.

Update the BIOS from your Samsung Easy Support Center website:
Quote:
[BIOS Information (Type 0) - Length 24 - Handle 0000h]
Vendor Phoenix Technologies Ltd.
BIOS Version 09QA
BIOS Starting Address Segment e000
BIOS Release Date 11/02/2012
BIOS ROM Size 280000
[BaseBoard Information (Type 2) - Length 15 - Handle 0002h]
Manufacturer SAMSUNG ELECTRONICS CO., LTD.
Product 300E4A/300E5A/300E7A/3430EA/3530EA
Version FAB1
If you have Driver Verifer enabled, please disable it.

Post back any results / observations.

cheers

Dave
My System SpecsSystem Spec
01 Apr 2013   #6

Windows 7 Home Premium 64bit
 
 

Quote   Quote: Originally Posted by Northernsoul55 View Post
Hi,

From your crash dumps:

Quote:
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck C4, {91, 2, fffffa8006195ad0, 0}
Probably caused by : Unknown_Image ( ANALYSIS_INCONCLUSIVE )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
A device driver attempting to corrupt the system has been caught. This is
because the driver was specified in the registry as being suspect (by the
administrator) and the kernel has enabled substantial checking of this driver.
If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
be among the most commonly seen crashes.
Arguments:
Arg1: 0000000000000091, A driver switched stacks using a method that is not supported by
the operating system. The only supported way to extend a kernel
mode stack is by using KeExpandKernelStackAndCallout.
Arg2: 0000000000000002
Arg3: fffffa8006195ad0
Arg4: 0000000000000000
Please uninstall Daemon tools as it is well known for BSOD.
Start > click on Computer > Uninstall or change a program > choose Daemon tools. Reboot.
Once uninstalled please go here and remove the SPTD driver itself with this tool:
http://www.duplexsecure.com/en/downloads
warning   Warning
If the uninstall button is grayed out when you run the program you dont need to do anything and can close the window, if it is not click it and allow it to run. DO NOT click the install button as it will install a driver known to cause BSODs onto your system.


Quite a few Drivers found to be causing issues:
Quote:
fffff880`025771a8 fffff880`05c95cd8Unable to load image nvlddmkm.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for nvlddmkm.sys
*** ERROR: Module load completed but symbols could not be loaded for nvlddmkm.sys
nvlddmkm+0x197cd8
Relates to: Nvidia Video Drivers
Please update your driver to latest version, choose Option 2:
http://www.nvidia.com/Download/index.aspx?lang=en-us
nVidia Video drivers

Relates to: Intel Graphics driver.
Please update here:
Intel Download Center

Relates to: AMD storage controller driver - usually from the Windows 7 DVD
Run SFC to check the integrity of all Windows 7 system files:

Click on the Start > Type in search cmd
Right click cmd at top and Run as Administrator
Type SFC /scannow at the prompt
(Note: there is a space between SFC and /scannow)

http://www.sevenforums.com/tutorials/1538-sfc-scannow-command-system-file-checker.html
Ensure you have all the latest Window updates.


Relates to: nVidia 3D Vision Display driver
This should be sorted when you update the previous nvidia drivers.

Refers to: Trusteer Rapport
Please either update program or uninstall:

http://www.trusteer.com/download-trusteer-rapport


Refers to: Loader for security processor
(SFC and windows updates may sort this driver out)
Quote:
fffff880`02575a80 fffff880`01789000Unable to load image mfewfpk.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for mfewfpk.sys
*** ERROR: Module load completed but symbols could not be loaded for mfewfpk.sys
mfewfpk
Relates to: McAfee
I would suggest to uninstall McAfee:
Driver date: Tue Jan 15 18:21:30 2013

As an alternative please install
Microsoft Security Essentials.
Recommended from a strict BSOD perspective, compatibility & stability
compared to other antiviruses/internet security software.

Microsoft Security Essentials - Microsoft Windows

Once downloaded and install please run a full system scan.

Update the BIOS from your Samsung Easy Support Center website:
Quote:
[BIOS Information (Type 0) - Length 24 - Handle 0000h]
Vendor Phoenix Technologies Ltd.
BIOS Version 09QA
BIOS Starting Address Segment e000
BIOS Release Date 11/02/2012
BIOS ROM Size 280000
[BaseBoard Information (Type 2) - Length 15 - Handle 0002h]
Manufacturer SAMSUNG ELECTRONICS CO., LTD.
Product 300E4A/300E5A/300E7A/3430EA/3530EA
Version FAB1
If you have Driver Verifer enabled, please disable it.

Post back any results / observations.

cheers

Dave
I have done everything you have suggested, and it solved the problem for a while. However a few hours later I encountered the BSoD opon start up, I would enter in my password and a few seconds laters I would be hit by a BSoD, this happened 6 times in a row. I then booted the PC into safe mode and uninstalled the Nvidia drivers, once I had done that I was able to boot the PC without a BSoD.

So I am wondering what I can do about that? Since I had the latest nvidia drivers installed and yet it still happened. Would another dump file help?
My System SpecsSystem Spec
01 Apr 2013   #7

Microsoft Community Contributor Award Recipient

Windows 7 Professional 64bit
 
 

Okay...good work.
Please follow these instructions to install the Stable nvidia 306.23 driver.

Download and install:
Driver Fusion.
Reboot the computer in
Advanced Boot Options, safe mode. Search Driver Fusion in your start menu,
and remove all components of your nVidia display driver.
If it says the the free version of Driver Fusion cannot remove all the elements, stop there and follow
Drivers - Clean Left over Files after Uninstalling
Boot normally now. Go to:
Drivers - Download NVIDIA Drivers, Drivers > Beta and Legacy; search there with your cards particulars for:
GeForce 306.23 Driver, dated 13.9.2012 and install it.

If after you have install the driver you still experience a BSOD then post a new log.

Cheers

Dave
My System SpecsSystem Spec
03 Apr 2013   #8

Windows 7 Home Premium 64bit
 
 

Quote   Quote: Originally Posted by Northernsoul55 View Post
Okay...good work.
Please follow these instructions to install the Stable nvidia 306.23 driver.

Download and install:
Driver Fusion.
Reboot the computer in
Advanced Boot Options, safe mode. Search Driver Fusion in your start menu,
and remove all components of your nVidia display driver.
If it says the the free version of Driver Fusion cannot remove all the elements, stop there and follow
Drivers - Clean Left over Files after Uninstalling
Boot normally now. Go to:
Drivers - Download NVIDIA Drivers, Drivers > Beta and Legacy; search there with your cards particulars for:
GeForce 306.23 Driver, dated 13.9.2012 and install it.

If after you have install the driver you still experience a BSOD then post a new log.

Cheers

Dave
Thanks for that assistance, I followed your steps and it helped however, a day later when I start a steam game, I got another BSoD relating to the wmiacpi.sys driver. I have atttached the SF Tools log folder again. Attachment 262465
It seems that most of the BSoD happen when I try to start up a steam game.
My System SpecsSystem Spec
03 Apr 2013   #9

Microsoft Community Contributor Award Recipient

Windows 7 Professional 64bit
 
 

From your latest crash dump:

Quote:
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 116, {fffffa8005ac6110, fffff880049b4630, ffffffffc000009a, 4}
Unable to load image nvlddmkm.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for nvlddmkm.sys
*** ERROR: Module load completed but symbols could not be loaded for nvlddmkm.sys
Probably caused by : nvlddmkm.sys ( nvlddmkm+ade630 )
Followup: MachineOwner
---------
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
VIDEO_TDR_FAILURE (116)
Attempt to reset the display driver and recover from timeout failed.
Arguments:
Arg1: fffffa8005ac6110, Optional pointer to internal TDR recovery context (TDR_RECOVERY_CONTEXT).
Arg2: fffff880049b4630, The pointer into responsible device driver module (e.g. owner tag).
Arg3: ffffffffc000009a, Optional error code (NTSTATUS) of the last failed operation.
Arg4: 0000000000000004, Optional internal context dependent data.
Your dump files show a stop ox116 which is a Display or Graphics related BSOD.
Is the computer hot? Download and run:
http://www.piriform.com/speccy
Post back a screenshot of your temps after 2 hours use.

Inspect your computer and if needed clean fans / air vents, to ensure good air flow.
Test you graphics card:
http://www.sevenforums.com/tutorials/160729-nvidia-amd-video-card-test-occt.html

Also please follow this guide:
http://www.sevenforums.com/crash-lockup-debug-how/63320-stop-0x116-video_tdr_error-troubleshooting.html
Also ensure you have all the latest Windows updates installed.

Post back any results/observations

Cheers

Dave
My System SpecsSystem Spec
06 Apr 2013   #10

Windows 7 Home Premium 64bit
 
 

Quote   Quote: Originally Posted by Northernsoul55 View Post
From your latest crash dump:

Quote:
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 116, {fffffa8005ac6110, fffff880049b4630, ffffffffc000009a, 4}
Unable to load image nvlddmkm.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for nvlddmkm.sys
*** ERROR: Module load completed but symbols could not be loaded for nvlddmkm.sys
Probably caused by : nvlddmkm.sys ( nvlddmkm+ade630 )
Followup: MachineOwner
---------
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
VIDEO_TDR_FAILURE (116)
Attempt to reset the display driver and recover from timeout failed.
Arguments:
Arg1: fffffa8005ac6110, Optional pointer to internal TDR recovery context (TDR_RECOVERY_CONTEXT).
Arg2: fffff880049b4630, The pointer into responsible device driver module (e.g. owner tag).
Arg3: ffffffffc000009a, Optional error code (NTSTATUS) of the last failed operation.
Arg4: 0000000000000004, Optional internal context dependent data.
Your dump files show a stop ox116 which is a Display or Graphics related BSOD.
Is the computer hot? Download and run:
http://www.piriform.com/speccy
Post back a screenshot of your temps after 2 hours use.

Inspect your computer and if needed clean fans / air vents, to ensure good air flow.
Test you graphics card:
http://www.sevenforums.com/tutorials/160729-nvidia-amd-video-card-test-occt.html

Also please follow this guide:
http://www.sevenforums.com/crash-lockup-debug-how/63320-stop-0x116-video_tdr_error-troubleshooting.html
Also ensure you have all the latest Windows updates installed.

Post back any results/observations

Cheers

Dave
Well I am using a laptop here, so I cant really open it up to clear dust if there was any. But I have followed your steps. Here is a screenshot that you wanted:
Attachment 262974

I also made sure that I had the latest driver installed, and day passed and no BSoD happened, but then today when I started Company of Heroes via Steam, I got another BSoD as soon as I double clicked the application icon to run it. Here is the SF Tool file: Attachment 262975

However after that BSoD shut down my laptop, I rebooted it and started the game again to see if the BSoD would occur again but it did not, so I am not sure why it happens when I sometimes open up games?
My System SpecsSystem Spec
Reply

 BSOD - DRIVER_VERIFIER_DETECTED_VIOLATION - ntoskrnl.exe




Thread Tools




Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 05:11 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33