Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random BSOD - ntoskrnl.exe


  • Please log in to reply
3 replies to this topic

#1 supastar

supastar

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:13 PM

Posted 31 October 2013 - 05:10 PM

I am getting a BSOD randomly whether in Safe Mode or not.  I have tried reloading Windows several times, but I don't have an original Windows 7 disk.  I have run memory diags and all came back fine.

 

Here is my configuration:

http://speccy.piriform.com/results/grnXpNWwcH7NNjpj4At3X7P

 

Here is the dump file: Attached File  103113-40513-01.zip   23.97KB   2 downloadsAttached File  103113-40513-01.zip   23.97KB   2 downloads

 

Microsoft ® Windows Debugger Version 6.12.0002.633 AMD64
Copyright © Microsoft Corporation. All rights reserved.

Loading Dump File [C:\Users\Kristy\Desktop\minidump\103113-40513-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\WINDOWS\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.18247.amd64fre.win7sp1_gdr.130828-1532
Machine Name:
Kernel base = 0xfffff800`02c5c000 PsLoadedModuleList = 0xfffff800`02e9f6d0
Debug session time: Thu Oct 31 13:07:03.188 2013 (UTC - 7:00)
System Uptime: 0 days 0:14:32.109
Loading Kernel Symbols
...............................................................
................................................................
................................................................
..
Loading User Symbols
Loading unloaded module list
.......
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 109, {a3a039d897d145b9, b3b7465eea4f8363, fffff80000b96bb0, 6}

*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Probably caused by : ntoskrnl.exe ( nt_fffff80000b95000+1bb0 )

Followup: MachineOwner
---------

3: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

CRITICAL_STRUCTURE_CORRUPTION (109)
This bugcheck is generated when the kernel detects that critical kernel code or
data have been corrupted. There are generally three causes for a corruption:
1) A driver has inadvertently or deliberately modified critical kernel code
 or data. See http://www.microsoft.com/whdc/driver/kernel/64bitPatching.mspx
2) A developer attempted to set a normal kernel breakpoint using a kernel
 debugger that was not attached when the system was booted. Normal breakpoints,
 "bp", can only be set if the debugger is attached at boot time. Hardware
 breakpoints, "ba", can be set at any time.
3) A hardware corruption occurred, e.g. failing RAM holding kernel code or data.
Arguments:
Arg1: a3a039d897d145b9, Reserved
Arg2: b3b7465eea4f8363, Reserved
Arg3: fffff80000b96bb0, Failure type dependent information
Arg4: 0000000000000006, Type of corrupted region, can be
 0 : A generic data region
 1 : Modification of a function or .pdata
 2 : A processor IDT
 3 : A processor GDT
 4 : Type 1 process list corruption
 5 : Type 2 process list corruption
 6 : Debug routine modification
 7 : Critical MSR modification

Debugging Details:
------------------

BUGCHECK_STR:  0x109

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

PROCESS_NAME:  System

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from 0000000000000000 to fffff80002cd1bc0

SYMBOL_ON_RAW_STACK:  1

STACK_ADDR_RAW_STACK_SYMBOL: fffff88003daf4c0

STACK_COMMAND:  dds FFFFF88003DAF4C0-0x20 ; kb

STACK_TEXT: 
fffff880`03daf4a0  00000109
fffff880`03daf4a4  00000000
fffff880`03daf4a8  97d145b9
fffff880`03daf4ac  a3a039d8
fffff880`03daf4b0  ea4f8363
fffff880`03daf4b4  b3b7465e
fffff880`03daf4b8  00b96bb0
fffff880`03daf4bc  fffff800
fffff880`03daf4c0  00000006
fffff880`03daf4c4  00000000
fffff880`03daf4c8  00000000
fffff880`03daf4cc  00000000
fffff880`03daf4d0  00000000
fffff880`03daf4d4  00000000
fffff880`03daf4d8  00000000
fffff880`03daf4dc  00000000
fffff880`03daf4e0  00000000
fffff880`03daf4e4  00000000
fffff880`03daf4e8  00000000
fffff880`03daf4ec  00000000
fffff880`03daf4f0  00000000
fffff880`03daf4f4  00000000
fffff880`03daf4f8  00000000
fffff880`03daf4fc  00000000
fffff880`03daf500  00000000
fffff880`03daf504  00000000
fffff880`03daf508  00000000
fffff880`03daf50c  00000000
fffff880`03daf510  00000000
fffff880`03daf514  00000000
fffff880`03daf518  00000000
fffff880`03daf51c  00000000

FOLLOWUP_IP:
nt_fffff80000b95000+1bb0
fffff800`00b96bb0 48895c2408      mov     qword ptr [rsp+8],rbx

SYMBOL_NAME:  nt_fffff80000b95000+1bb0

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt_fffff80000b95000

IMAGE_NAME:  ntoskrnl.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  5149a99c

FAILURE_BUCKET_ID:  X64_0x109_nt_fffff80000b95000+1bb0

BUCKET_ID:  X64_0x109_nt_fffff80000b95000+1bb0

Followup: MachineOwner
---------

 

 

Any thoughts?  Thanks for all of your help!!!



BC AdBot (Login to Remove)

 


#2 Anshad Edavana

Anshad Edavana

  • Members
  • 2,805 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:43 AM

Posted 01 November 2013 - 12:10 AM

Hi

 

Bugcheck 109 means kernel code some how became corrupted and the kernel patch protection called the bugcheck function to prevent compromising security. There is usually caused by either one of the below reasons.

 

  • A hardware corruption occurred, e.g. failing RAM holding kernel code or data.
  •  A driver has inadvertently or deliberately modified critical kernel code
     or data. Most probably malware infection.

​Please try the below steps.

 

:step1: Run Memtest86+.

 

Since the BSOD also happened in safe mode, we should begin with a hardware verification. Most reliable tool to perform a memory test is Memetest86+. What you need to do is run at least eight passes with this tool. Read the below guide for detailed instructions.

 

http://www.sevenforums.com/tutorials/105647-ram-test-memtest86.html

 

Make sure to complete at least eight passes. Otherwise it may not catch errors.

 

:step2: Scan for malwares.

 

 If the memory test came clean,run a malware scan using the below tools preferably from "safe mode with networking".

 

Malwarebytes free (run a full scan) : http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

 

ESET online scanner : http://forums.majorgeeks.com/showthread.php?t=149856

 

If there are infections in your machine, you can request help from a trained malware removal expert to properly remove them.

 

http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/



#3 supastar

supastar
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:13 PM

Posted 07 November 2013 - 01:28 AM

Well, what I have done is reload the system with a clean copy of Windows (no bloatware) and loaded one driver at a time.  I skipped the PCI driver, and I have not had a blue screen since!! Seems to be all fixed now.



#4 Anshad Edavana

Anshad Edavana

  • Members
  • 2,805 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:43 AM

Posted 07 November 2013 - 01:37 AM

Thanks for providing the update. A clean install will get rid of any malware as well as driver issues for sure. Hope you won't face the nasty blue screens again  :thumbup2: .






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users