New
#21
I'll take a look tonight when I'm home from work.
The latest dump in the last log (the DV enabled dump) is showing up as 0x109 but is giving nothing away.I'm starting to wonder whether some faulty hardware is at play here. I'm going to ask for another set of eyes to take look and see if they spot something I'm missing.Code:1: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* CRITICAL_STRUCTURE_CORRUPTION (109) This bugcheck is generated when the kernel detects that critical kernel code or data have been corrupted. There are generally three causes for a corruption: 1) A driver has inadvertently or deliberately modified critical kernel code or data. See http://www.microsoft.com/whdc/driver/kernel/64bitPatching.mspx 2) A developer attempted to set a normal kernel breakpoint using a kernel debugger that was not attached when the system was booted. Normal breakpoints, "bp", can only be set if the debugger is attached at boot time. Hardware breakpoints, "ba", can be set at any time. 3) A hardware corruption occurred, e.g. failing RAM holding kernel code or data. Arguments: Arg1: a3a039d89713e81f, Reserved Arg2: 0000000000000000, Reserved Arg3: ed88463647c6b696, Failure type dependent information Arg4: 0000000000000101, Type of corrupted region, can be 0 : A generic data region 1 : Modification of a function or .pdata 2 : A processor IDT 3 : A processor GDT 4 : Type 1 process list corruption 5 : Type 2 process list corruption 6 : Debug routine modification 7 : Critical MSR modification Debugging Details: ------------------ CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VERIFIER_ENABLED_VISTA_MINIDUMP BUGCHECK_STR: 0x109 PROCESS_NAME: System CURRENT_IRQL: 0 ANALYSIS_VERSION: 6.3.9600.17029 (debuggers(dbg).140219-1702) amd64fre STACK_TEXT: fffff880`031fd598 00000000`00000000 : 00000000`00000109 a3a039d8`9713e81f 00000000`00000000 ed884636`47c6b696 : nt!KeBugCheckEx STACK_COMMAND: kb SYMBOL_NAME: ANALYSIS_INCONCLUSIVE FOLLOWUP_NAME: MachineOwner MODULE_NAME: Unknown_Module IMAGE_NAME: Unknown_Image DEBUG_FLR_IMAGE_TIMESTAMP: 0 IMAGE_VERSION: BUCKET_ID: BAD_STACK FAILURE_BUCKET_ID: BAD_STACK ANALYSIS_SOURCE: KM FAILURE_ID_HASH_STRING: km:bad_stack FAILURE_ID_HASH: {75814664-faf6-4b70-bbc7-dc592132ecdd} Followup: MachineOwner
In the meantime, can you open an elevated Command Prompt, type in or copy sfc /scannow and hit enter.
Disable Driver Verifier now.
Uninstall these following programs, at least as a test.
- Start Menu\Programs\herdProtect , dont need it when you have the best one, MBAM.
- Start Menu\Programs\LogMeIn Hamachi
Report us for any further BSOD after uninstalling these two.
10 seconds before the 0x109 BSOD, the wired network connection was disconnected.
Code:Event[6172]: Log Name: System Source: e1qexpress Date: 2015-04-02T16:23:51.980 Event ID: 27 Task: N/A Level: Warning Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DrudgeSkull Description: Intel(R) 82583V Gigabit Network Connection Network link is disconnected.Code:Event[6181]: Log Name: System Source: Microsoft-Windows-WER-SystemErrorReporting Date: 2015-04-02T16:24:02.000 Event ID: 1001 Task: N/A Level: Error Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DrudgeSkull Description: The computer has rebooted from a bugcheck. The bugcheck was: 0x00000109 (0xa3a039d89713e81f, 0x0000000000000000, 0xed88463647c6b696, 0x0000000000000101). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 040215-17097-01.
Thats too coincidental. Did you physcially disconnect it?
You know, I've been noticing that in event viewer... A lot of errors regarding the connection going down.
However I do not physically disconnect it, but I will hook up a 2nd ethernet cable to the 2nd LAN port on the motherboard instead and see if that remedies it. If not, I'll try using both cables and both ports at the same time, see what that results in.
@Arc - highly doubt Hamachi and herdProtect are the causes. They're both installed on all my PC's and laptops (at least 5 total, 6 including this server PC) along side TeamViewer and Malwarebytes Premium. Plus this PC in question has FAR less installed than the others- so unlikely it's a conflict unless it's with the drivers- this is the only PC that has both a TYAN motherboard and a server grade motherboard.
@Boozad - Running the scan now in an elevated CMD. Will update with it's results.
In addition, I've added the dmp file from the last crash (PAGE_FAULT BSOD)
UPDATE: I assume the scan is complete, so I've uploaded a screenshot of the CMD window
Did you get disable Hamachi while Driver Verifier was disabled? If memory serves me correctly you disabled Hamachi and then enabled DV. I'm asking because Hamachi shows up here five seconds before your bugcheck.It could be coincidence but both Arc and myself have picked up on this. Can you test the system with Hamachi disabled now that DV has also been disabled.Code:Event[6892]: Log Name: System Source: Service Control Manager Date: 2015-04-03T15:52:08.342 Event ID: 7036 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DrudgeSkull Description: The LMIGuardianSvc service entered the running state. Event[6893]: Log Name: System Source: Service Control Manager Date: 2015-04-03T15:52:08.732 Event ID: 7036 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DrudgeSkull Description: The MBAMScheduler service entered the running state. Event[6894]: Log Name: System Source: Service Control Manager Date: 2015-04-03T15:52:08.951 Event ID: 7036 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DrudgeSkull Description: The Network Location Awareness service entered the running state. Event[6895]: Log Name: System Source: Service Control Manager Date: 2015-04-03T15:52:09.138 Event ID: 7036 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DrudgeSkull Description: The MBAMService service entered the running state. Event[6896]: Log Name: System Source: Service Control Manager Date: 2015-04-03T15:52:09.154 Event ID: 7036 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DrudgeSkull Description: The Superfetch service entered the running state. Event[6897]: Log Name: System Source: Microsoft-Windows-WER-SystemErrorReporting Date: 2015-04-03T15:52:13.000 Event ID: 1001 Task: N/A Level: Error Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DrudgeSkull Description: The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff88002dd5efc, 0x0000000000000008, 0xfffff88002dd5efc, 0x0000000000000001). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 040315-25350-01.
Also I'm slightly concerned about this.Can you open Task Manager and check in Processes to see if lsass.exe is running. If so we may need to use Process Explorer to see if running from Sys32.Code:CREAD_ADDRESS: GetPointerFromAddress: unable to read from fffff80002eb8100 GetUlongFromAddress: unable to read from fffff80002eb81c0 fffff88002dd5efc Nonpaged pool FAULTING_IP: +350d3e0 fffff880`02dd5efc ?? ??? MM_INTERNAL_CODE: 1 CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT BUGCHECK_STR: 0x50 PROCESS_NAME: lsass.exe
I had Hamachi (and it's services) disabled a while before the Verifier was ran. It crashed both before and during the test. I only recently re-enabled it. If needed I can uninstall it completely, though it would render the purpose of this PC mute- I do not want to delve into port forwarding for the game servers.
And lsass.exe is indeed running. I think I have Process Explorer on a usb drive, but It might be out of date... So far it's using 0 CPU and 3.404K Memory
Alright, disabled Hamachi and it's services and have Process Explorer installed and running. Not seeing anything that looks out of the ordinary, at least not immediately.