Since I could not upload a file I just copied the dumps here.
These are the 2 consistent dumps following the BSOD each time
.
DUMP NUMBER 1 - Refers to WpsHelper a SEP item I believe.
Use !analyze -v to get detailed debugging information.
BugCheck D1, {fffffade9a5daa64, 2, 0, fffffadf7b47bce2}
Unable to load image WpsHelper.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for WpsHelper.sys
*** ERROR: Module load completed but symbols could not be loaded for WpsHelper.sys
Probably caused by : WpsHelper.sys ( WpsHelper+4ce2 )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: fffffade9a5daa64, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
Arg4: fffffadf7b47bce2, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: fffffade9a5daa64
CURRENT_IRQL: 2
FAULTING_IP:
WpsHelper+4ce2
fffffadf`7b47bce2 443b08 cmp r9d,dword ptr [rax]
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0xD1
PROCESS_NAME: iexplore.exe
TRAP_FRAME: fffffadf88d45170 -- (.trap 0xfffffadf88d45170)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffffade9a5daa64 rbx=0000000000000000 rcx=0000000000000104
rdx=fffffadf994d0824 rsi=0000000000000000 rdi=0000000000000000
rip=fffffadf7b47bce2 rsp=fffffadf88d45308 rbp=fffffadf88d45450
r8=fffffadf9c190568 r9=00000000000001d5 r10=0000000000000104
r11=fffffadf88d45450 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz ac pe cy
WpsHelper+0x4ce2:
fffffadf`7b47bce2 443b08 cmp r9d,dword ptr [rax] ds:59c8:fffffade`9a5daa64=????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff8000102e5b4 to fffff8000102e890
STACK_TEXT:
fffffadf`88d44fe8 fffff800`0102e5b4 : 00000000`0000000a fffffade`9a5daa64 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffffadf`88d44ff0 fffff800`0102d547 : 00000001`00000001 00000000`33198285 fffffadf`88d45200 fffffadf`00000001 : nt!KiBugCheckDispatch+0x74
fffffadf`88d45170 fffffadf`7b47bce2 : fffffadf`7b47ea90 fffffadf`9c190568 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x207
fffffadf`88d45308 fffffadf`7b47ea90 : fffffadf`9c190568 00000000`00000000 00000000`00000000 fffffadf`9a552690 : WpsHelper+0x4ce2
fffffadf`88d45310 fffffadf`9c190568 : 00000000`00000000 00000000`00000000 fffffadf`9a552690 fffffadf`88d45450 : WpsHelper+0x7a90
fffffadf`88d45318 00000000`00000000 : 00000000`00000000 fffffadf`9a552690 fffffadf`88d45450 fffffadf`7b47c558 : 0xfffffadf`9c190568
STACK_COMMAND: kb
FOLLOWUP_IP:
WpsHelper+4ce2
fffffadf`7b47bce2 443b08 cmp r9d,dword ptr [rax]
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: WpsHelper+4ce2
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: WpsHelper
IMAGE_NAME: WpsHelper.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 49b5dc09
FAILURE_BUCKET_ID: X64_0xD1_WpsHelper+4ce2
BUCKET_ID: X64_0xD1_WpsHelper+4ce2
Followup: MachineOwner
---------
DUMP NUMBER 2 - No reference to any process.
Use !analyze -v to get detailed debugging information.
BugCheck 109, {a3a03a382a53d4fc, 0, 279301ee4cbcde13, 101}
Probably caused by : Unknown_Image ( ANALYSIS_INCONCLUSIVE )
Followup: MachineOwner
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
CRITICAL_STRUCTURE_CORRUPTION (109)
This bugcheck is generated when the kernel detects that critical kernel code or
data have been corrupted. There are generally three causes for a corruption:
1) A driver has inadvertently or deliberately modified critical kernel code
or data. See
http://www.microsoft.com/whdc/driver/kernel/64bitPatching.mspx
2) A developer attempted to set a normal kernel breakpoint using a kernel
debugger that was not attached when the system was booted. Normal breakpoints,
"bp", can only be set if the debugger is attached at boot time. Hardware
breakpoints, "ba", can be set at any time.
3) A hardware corruption occurred, e.g. failing RAM holding kernel code or data.
Arguments:
Arg1: a3a03a382a53d4fc, Reserved
Arg2: 0000000000000000, Reserved
Arg3: 279301ee4cbcde13, Failure type dependent information
Arg4: 0000000000000101, Type of corrupted region, can be
0 : A generic data region
1 : Modification of a function or .pdata
2 : A processor IDT
3 : A processor GDT
4 : Type 1 process list corruption
5 : Type 2 process list corruption
6 : Debug routine modification
7 : Critical MSR modification
Debugging Details:
------------------
BUGCHECK_STR: 0x109
CUSTOMER_CRASH_COUNT: 2
DEFAULT_BUCKET_ID: DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from 0000000000000000 to fffff8000102e890
STACK_TEXT:
fffffadf`90a7f838 00000000`00000000 : 00000000`00000109 a3a03a38`2a53d4fc 00000000`00000000 279301ee`4cbcde13 : nt!KeBugCheckEx
STACK_COMMAND: kb
SYMBOL_NAME: ANALYSIS_INCONCLUSIVE
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Unknown_Module
IMAGE_NAME: Unknown_Image
DEBUG_FLR_IMAGE_TIMESTAMP: 0
BUCKET_ID: BAD_STACK
Followup: MachineOwner
---------
So all you dump analysis experts do you have any suggestions?
Thanks
Nerf