I won't be able to help with the sfc errors but I can help with the blue screens.
Code:
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: [COLOR="#FF0000"]0000000000000000[/COLOR], memory referenced
Arg2: [COLOR="#800080"]0000000000000002[/COLOR], IRQL
Arg3: [COLOR="#FF8C00"]0000000000000001[/COLOR], value 0 = read operation, 1 = write operation
Arg4: [COLOR="#008000"]fffff880073b9950[/COLOR], address which referenced memory
So here we have a bugcheck that indicates a driver tried to referenced (in this case write) to invalid or pageable memory at an IRQL which was too high, in this case we were at level 2 DPC/Dispatch level where page faults are an illegal operation.
Lets look at the context record for the registers at the time of the crash.
Code:
5: kd> .trap 0xfffff8800e4ec330
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=[COLOR="#FF0000"]0000000000000000[/COLOR]
rdx=[COLOR="#FF0000"]0000000000000000[/COLOR] rsi=0000000000000000 rdi=0000000000000000
rip=fffff880073b9950 rsp=fffff8800e4ec4c8 rbp=fffff98013c02bd0
r8=0000000000000008 r9=0000000000000001 r10=000000000000083c
r11=0000000000000001 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na pe cy
klim6+0x3950:
fffff880`073b9950 488911 [COLOR="#00FFFF"]mov[/COLOR] [COLOR="#800080"]qword ptr[/COLOR] [[COLOR="#FF0000"]rcx[/COLOR]],[COLOR="#008000"]rdx[/COLOR] ds:[COLOR="#FF0000"]00000000`00000000[/COLOR]=????????????????
So we see a mov operation which copies memory from a location taking place. We see a qword value being copied from the
rdx value to a memory location stored in a pointer within the
rcx register. However, the context hasn't been saved so it could either be a null pointer or the invalid/pageable memory was referenced.
Code:
fffff880`0e4ec1e8 fffff802`a7a6a869 : 00000000`0000000a 00000000`00000000 00000000`00000002 00000000`00000001 : [COLOR="#0000FF"]nt!KeBugCheckEx[/COLOR]
fffff880`0e4ec1f0 fffff802`a7a690e0 : 00000000`00000001 00000000`00000001 00000000`00000000 fffff880`0e4ec330 : [COLOR="#0000FF"]nt!KiBugCheckDispatch+0x69[/COLOR]
fffff880`0e4ec330 fffff880`073b9950 : fffff880`073b81e8 00000000`00000001 fffff980`0e8b0e80 fffff880`073b8164 : [COLOR="#FF0000"]nt!KiPageFault+0x260[/COLOR]
fffff880`0e4ec4c8 fffff880`073b81e8 : 00000000`00000001 fffff980`0e8b0e80 fffff880`073b8164 fffff980`13c2cf20 : [COLOR="#FF0000"]klim6+0x3950[/COLOR]
fffff880`0e4ec4d0 00000000`00000001 : fffff980`0e8b0e80 fffff880`073b8164 fffff980`13c2cf20 fffff980`0e8b0e80 : [COLOR="#FF0000"]klim6+0x21e8[/COLOR]
fffff880`0e4ec4d8 fffff980`0e8b0e80 : fffff880`073b8164 fffff980`13c2cf20 fffff980`0e8b0e80 fffff980`0e960c80 : [COLOR="#808080"]0x1[/COLOR]
fffff880`0e4ec4e0 fffff880`073b8164 : fffff980`13c2cf20 fffff980`0e8b0e80 fffff980`0e960c80 00000000`00000003 : [COLOR="#808080"]0xfffff980`0e8b0e80[/COLOR]
fffff880`0e4ec4e8 fffff980`13c2cf20 : fffff980`0e8b0e80 fffff980`0e960c80 00000000`00000003 fffff880`02473e90 : [COLOR="#FF0000"]klim6+0x2164[/COLOR]
fffff880`0e4ec4f0 fffff980`0e8b0e80 : fffff980`0e960c80 00000000`00000003 fffff880`02473e90 fffff980`13c6ae80 : [COLOR="#808080"]0xfffff980`13c2cf20[/COLOR]
fffff880`0e4ec4f8 fffff980`0e960c80 : 00000000`00000003 fffff880`02473e90 fffff980`13c6ae80 fffff880`0e4ec5c9 : [COLOR="#808080"]0xfffff980`0e8b0e80[/COLOR]
fffff880`0e4ec500 00000000`00000003 : fffff880`02473e90 fffff980`13c6ae80 fffff880`0e4ec5c9 fffff980`0e960c80 : [COLOR="#808080"]0xfffff980`0e960c80[/COLOR]
fffff880`0e4ec508 fffff880`02473e90 : fffff980`13c6ae80 fffff880`0e4ec5c9 fffff980`0e960c80 fffff980`13c02bd0 : [COLOR="#808080"]0x3[/COLOR]
fffff880`0e4ec510 fffff880`024745fb : fffffa80`0f7c81a0 00000000`00000000 00000000`00000002 fffff880`02720e01 : [COLOR="#FF8C00"]ndis!ndisInvokeNextSendHandler+0x110[/COLOR]
fffff880`0e4ec620 fffff880`0275237f : 00000000`00000002 00000000`00000000 00000000`00000000 fffff880`00000000 : [COLOR="#FF8C00"]ndis!NdisSendNetBufferLists+0x12b[/COLOR]
fffff880`0e4ec700 fffff880`0270d75d : fffff880`02848b90 00000000`00000000 00000000`00000000 ffffd227`00000800 : [COLOR="#FFA500"]tcpip!IppFragmentPackets+0x49f[/COLOR]
fffff880`0e4ec860 fffff880`0270eb7e : fffff880`02848b90 00000000`00000000 fffff980`3b1c0000 00000000`00000014 : [COLOR="#FFA500"]tcpip!IppDispatchSendPacketHelper+0x9d[/COLOR]
fffff880`0e4ec980 fffff880`0271bd1a : 00000000`00000000 fffffa80`11d02240 fffff880`0e4ecf10 fffffa80`0d8a7a58 : [COLOR="#FFA500"]tcpip!IppPacketizeDatagrams+0x2ce[/COLOR]
fffff880`0e4ecaa0 fffff880`02727f6a : 00000000`00011807 fffff880`02848b90 fffffa80`11ef1660 fffff880`0e4ecf10 : [COLOR="#FFA500"]tcpip!IppSendDatagramsCommon+0x6ca[/COLOR]
fffff880`0e4ecc60 fffff880`0271e76c : 00000000`00000002 fffff880`0e4ecd00 fffffa80`12bada40 00000000`00000050 : [COLOR="#FFA500"]tcpip!IpNlpFastSendDatagram+0x2eb[/COLOR]
fffff880`0e4ecd30 fffff880`02728b01 : fffffa80`0d9ae768 00000000`0032a27c fffffa80`11e58160 fffffa80`11f82a10 : [COLOR="#FFA500"]tcpip!TcpTcbSend+0x52c[/COLOR]
fffff880`0e4ed0a0 fffff880`02728a11 : 00000000`00000001 00000001`1f853e6f 00000000`00000000 00000000`00000000 : [COLOR="#FFA500"]tcpip!TcpEnqueueTcbSendOlmNotifySendComplete+0xa1[/COLOR]
fffff880`0e4ed0d0 fffff880`02728dd4 : 00000000`00000008 00000000`00000005 00000000`00000005 fffff880`09ebcb78 : [COLOR="#FFA500"]tcpip!TcpEnqueueTcbSend+0x741[/COLOR]
fffff880`0e4ed1a0 fffff802`a7ac0ae6 : 00000000`00000000 fffff802`00001f80 fffff880`0e4ee000 fffff880`0e4e8000 : [COLOR="#FFA500"]tcpip!TcpTlConnectionSendCalloutRoutine+0x24[/COLOR]
fffff880`0e4ed1d0 fffff802`a7ac3545 : fffff880`02728db0 fffff880`0e4ed340 00000000`00000002 00000000`00000000 : [COLOR="#800080"]nt!KeExpandKernelStackAndCalloutInternal+0xe6[/COLOR]
fffff880`0e4ed2d0 fffff880`02729338 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : [COLOR="#800080"]nt!KeExpandKernelStackAndCalloutEx+0x25[/COLOR]
fffff880`0e4ed310 fffff880`072e2e3f : fffffa80`13ab0d20 fffffa80`0f745e40 00000000`00000000 fffffa80`146e91f0 : [COLOR="#FFA500"]tcpip!TcpTlConnectionSend+0x78[/COLOR]
fffff880`0e4ed380 fffff802`a804ed66 : fffffa80`146e91f0 00000000`00000002 00000000`00000000 fffff880`037b7180 : [COLOR="#00FFFF"]afd!WskProIRPSend+0xbf[/COLOR]
fffff880`0e4ed3f0 fffff880`0da08221 : fffff880`07300100 fffff880`0e4ed4b0 fffffa80`146e91f0 fffffa80`14a6cbe0 : [COLOR="#800080"]nt!IovCallDriver+0x3e6[/COLOR]
fffff880`0e4ed440 fffff880`0da451b6 : fffffa80`13abb920 fffffa80`0e1ff1b0 00000000`c000020c fffff880`0e4ee000 : [COLOR="#FFA500"]mrxsmb!SmbWskSend+0x211[/COLOR]
fffff880`0e4ed5d0 fffff880`09ed9e04 : fffff880`0e4ed780 fffffa80`12c129f0 00000000`00000001 00000000`00000400 : [COLOR="#FFA500"]mrxsmb!RxCeSend+0xd6[/COLOR]
fffff880`0e4ed720 fffff880`09ed49e9 : fffffa80`13aea020 fffff880`09eb3158 fffffa80`149e3cd0 fffff880`11837ac0 : [COLOR="#FFA500"]mrxsmb10!VctTranceive+0xbc[/COLOR]
fffff880`0e4ed780 fffff880`09ed84f7 : 00000000`00000000 fffff8a0`90000000 fffff880`11837ac0 fffffa80`149e3cd0 : [COLOR="#FFA500"]mrxsmb10!SmbCeTranceive+0x2a9[/COLOR]
fffff880`0e4ed810 fffff880`09ed40b8 : fffffa80`149e3cd0 00000000`00000000 00000000`00000008 00000000`00000044 : [COLOR="#FFA500"]mrxsmb10!SmbTransactExchangeStart+0x94f[/COLOR]
fffff880`0e4ed8f0 fffff880`09ed882e : fffffa80`13aea020 fffffa80`13a69da0 fffffa80`13b39020 fffffa80`149e3cd0 : [COLOR="#FFA500"]mrxsmb10!SmbCeInitiateExchange+0x4ac[/COLOR]
fffff880`0e4ed960 fffff880`09ed8fad : fffffa80`149e3cd0 00000000`00000000 fffff880`09eb3658 fffff802`00000002 : [COLOR="#FFA500"]mrxsmb10!SmbCeSubmitTransactionRequest+0x1a2[/COLOR]
fffff880`0e4ed9c0 fffff880`09e9b2fe : fffff880`0e4edc00 fffff880`09eb3658 fffff880`0e4edcc8 fffff880`09eddeaf : [COLOR="#FFA500"]mrxsmb10!SmbCeTransact+0x101[/COLOR]
fffff880`0e4eda90 fffff880`09ebcb78 : 00000000`00000000 fffff880`0e4edc20 fffffa80`13e43520 fffffa80`13e43708 : [COLOR="#FFA500"]mrxsmb10!SmbCeTransact+0xc6[/COLOR]
fffff880`0e4edb20 fffff880`09ebc261 : fffff880`00000000 fffffa80`11e20005 fffffa80`12b7a010 00000000`000003ed : [COLOR="#FFA500"]mrxsmb10!MRxSmbQueryFileInformation+0x8c4[/COLOR]
fffff880`0e4edcc0 fffff880`09eca509 : 00000000`00000000 fffff880`0e4edda9 fffffa80`1477f010 fffffa80`1477f010 : [COLOR="#FFA500"]mrxsmb10!MRxSmbQueryFileInformationFromPseudoOpen+0x111[/COLOR]
fffff880`0e4edcf0 fffff880`09ed40b8 : fffffa80`1477f010 00000000`00000000 00000000`697fbafb fffff8a0`0fbc5310 : [COLOR="#FFA500"]mrxsmb10!SmbPseExchangeStart_Create+0x4a9[/COLOR]
fffff880`0e4ede10 fffff880`09ecbb28 : fffffa80`13aea020 fffffa80`13a69da0 fffffa80`13b39020 fffffa80`1477f010 : [COLOR="#FFA500"]mrxsmb10!SmbCeInitiateExchange+0x4ac[/COLOR]
fffff880`0e4ede80 fffff880`0da0caab : fffffa80`00000000 fffffa80`00000000 fffff8a0`060d5c50 fffff8a0`060d5b00 : [COLOR="#FFA500"]mrxsmb10!MRxSmbCreate+0x894[/COLOR]
fffff880`0e4edf50 fffff802`a7a65c27 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`14bde950 : [COLOR="#FFA500"]mrxsmb!SmbpShellCreateWithNewStack+0x1b[/COLOR]
fffff880`0e4edf80 fffff802`a7a65bed : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : [COLOR="#800080"]nt!KxSwitchKernelStackCallout+0x27[/COLOR]
fffff880`0e475950 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : [COLOR="#800080"]nt!KiSwitchKernelStackContinue[/COLOR]
So here we see a lot of networking routines taking place, expanding kernel stacks to fit all the information until we come across
klim performing a lot of user mode functions, it then calls into a page fault directly which causes the bugcheck as it's at IRQL 2.
klim is Kaspersky which can cause a lot of issues like most anti virus programs, seen as you're on Windows 8 you don't need an anti virus program as the Windows Defender is like the Microsoft Security Essentials of Windows 7 and before, so I suggest you remove Kaspersky.
Your other dump files are very similar to each other, you latest one which I've just talked about was different.
Code:
KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure. The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 000000000000000[COLOR="#800080"]3[/COLOR], A LIST_ENTRY has been corrupted (i.e. double remove).
Arg2: [COLOR="#008000"]fffff88006c9d9e0[/COLOR], Address of the trap frame for the exception that caused the bugcheck
Arg3: [COLOR="#008000"]fffff88006c9d938[/COLOR], Address of the exception record for the exception that caused the bugcheck
Arg4: 0000000000000000, Reserved
This bugcheck indicates a doubly linked list has been corrupted on a stack.
Code:
0: kd> [COLOR="#008000"].exr 0xfffff88006c9d938[/COLOR]
ExceptionAddress: fffff880025eb455 (gwdrv+0x0000000000002455)
ExceptionCode: [COLOR="#FF0000"]c0000409 (Security check failure or stack buffer overrun)[/COLOR]
ExceptionFlags: 00000001
NumberParameters: 1
Parameter[0]: 0000000000000003
This exception code shows that a security check failed or a stack buffer was overrun, in this case it seems a security check failed as a linked list was corrupt.
Code:
0: kd> [COLOR="#008000"]dt nt!_LIST_ENTRY fffffa800c710940[/COLOR]
[ 0x00000000`00b20003 - 0xfffffa80`0c710948 ]
+0x000 [COLOR="#FF0000"]Flink : 0x00000000`00b20003[/COLOR] _LIST_ENTRY
+0x008 Blink : 0xfffffa80`0c710948 _LIST_ENTRY [ 0xfffffa80`0c710948 - 0xfffffa80`0c710948 ]
It seems the list entry was corrupt in front which is difficult to track as to why it happened as it could have happened way before it was found and the culprit was long gone, most of the time Driver Verifier will find the culprit but it seems we already found it.
I think if we had a Kernel mmeory dump I'd be able to find what exactly was contained within this linked list.
Code:
0: kd> [COLOR="#008000"]!pool fffffa80`0c710948[/COLOR]
GetPointerFromAddress: unable to read from fffff80063d58168
[COLOR="#FF0000"]WARNING: Part of the page that you requested is missing from
the dump. Pool dumping not possible for this address.[/COLOR]
Code:
fffff880`06c9d6b8 fffff800`63a59869 : 00000000`00000139 00000000`00000003 fffff880`06c9d9e0 fffff880`06c9d938 : [COLOR="#0000FF"]nt!KeBugCheckEx[/COLOR]
fffff880`06c9d6c0 fffff800`63a59b90 : fffff800`63cf8180 fffff880`038a5180 00000000`00000202 fffff800`6415bbb9 : [COLOR="#0000FF"]nt!KiBugCheckDispatch+0x69[/COLOR]
fffff880`06c9d800 fffff800`63a58df4 : fffffa80`11fa6190 fffffa80`11fa6190 00000000`00000000 00000000`00000000 : [COLOR="#800080"]nt!KiFastFailDispatch+0xd0[/COLOR]
fffff880`06c9d9e0 fffff880`025eb455 : 00000000`00000000 00000000`00000001 fffffa80`115b1a20 fffffa80`115b1a10 : [COLOR="#FF0000"]nt!KiRaiseSecurityCheckFailure+0xf4[/COLOR]
fffff880`06c9db70 00000000`00000000 : 00000000`00000001 fffffa80`115b1a20 fffffa80`115b1a10 fffffa80`11564100 : [COLOR="#FF0000"]gwdrv+0x2455[/COLOR]
gwdrv called a sercurity check which failed and therefore initiated the bugcheck.
gwdrv is the GlassWire security network analysing tool, I recommend you remove this completely as it is unnecessary.
Once we stop the blue screens I'll get someone to help with the sfc errors.
