Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ntsokrnl & esisguard.sys causing crashes


  • Please log in to reply
49 replies to this topic

#1 cypheroftyr

cypheroftyr

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:the Citadel
  • Local time:03:29 PM

Posted 01 September 2014 - 08:15 AM

Hello!

 

So I've been having random crashes only while gaming and WhoCrashed pointed to ntoskrnl.exe and esisguard.sys as reasons for the crashing. Esisguard was left over after I used Spyhunter to clear out some adware. (FYI, Spyhunter will scan but not fix unless you buy the full version for those who might recommend it). After some google fu, I found that a recent windows update was causing BSOD and a subsequent patch fixed it.

 

I ran CC Cleaner first, since esisguard.sys was only in the Registry not anywhere else after I uninstalled Spyhunter. Run windows updates, restart...get to the log in screen, put in my password and the computer turns off. Not BSOD, just turns off. Restart in Safe Mode, pick last good configuration, no dice. Try to roll back to pre-windows update config, again get to log in screen, put in password and then it just shuts down.

 

I ran startup repair, after 2+ hours, computer restarts and same thing. I tried booting from the Win 7 disc, same thing, no dice. Restore from back up fails. I finally let an extended memory check run and went to bed. I got up and the log in screen was ready. I put in my password expecting another crash and power down, but it worked with the message that restoring to earlier!version was successful. I reinstalled BlueScreenViewer and it gave me the same thing as a cause for crashing. ntoskrnl.exe

 

On Thu 8/21/2014 11:51:32 AM GMT your computer crashed
crash dump file: C:\Windows\Minidump\082114-80714-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x75BC0)
Bugcheck code: 0x3B (0xC0000005, 0xFFFFF800036431A4, 0xFFFFF880054CDDF0, 0x0)
Error: SYSTEM_SERVICE_EXCEPTION
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that an exception happened while executing a routine that transitions from non-privileged code to privileged code.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.

On Thu 8/21/2014 11:51:32 AM GMT your computer crashed
crash dump file: C:\Windows\memory.dmp
This was probably caused by the following module: esgiguard.sys (esgiguard+0x14EC)
Bugcheck code: 0x3B (0xC0000005, 0xFFFFF800036431A4, 0xFFFFF880054CDDF0, 0x0)
Error: SYSTEM_SERVICE_EXCEPTION
Bug check description: This indicates that an exception happened while executing a routine that transitions from non-privileged code to privileged code.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: esgiguard.sys .
Google query: esgiguard.sys SYSTEM_SERVICE_EXCEPTION

 

Attached is dxdiag and BlueScreenViewer dump files. I couldn't upload the minidump file from my Windows folder.

Attached File  BSV_dumpfile_09012014.txt   2.07KB   1 downloads

Attached File  09012014_DxDiag.txt   40.74KB   0 downloads


Edited by hamluis, 02 September 2014 - 08:49 AM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 56,127 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:03:29 PM

Posted 01 September 2014 - 09:26 AM

Please download MiniToolBox  , save it to your desktop and run it.
 
Checkmark the following checkboxes:
  List last 10 Event Viewer log
  List Installed Programs
  List Users, Partitions and Memory size.
 
Click Go and paste the content into your next post.
 
Also...please Publish a Snapshot using Speccy - http://www.bleepingcomputer.com/forums/topic323892.html/page__p__1797792#entry1797792 , taking care to post the link of the snapshot in your next post.
 
Louis



#3 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,690 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:01:29 PM

Posted 01 September 2014 - 09:40 AM

Please run System File Checker (sfc)
 
The sfc /scannow command scans all protected system files and replaces corrupted and incorrect versions with correct Microsoft versions.
 
Click on the Start orb and then type cmd in the Search programs and files box.
 
In the pane above the search box Programs will appear with cmd below it, right click on cmd and choose Run as administrator.
 
If you are prompted for an administrator password or for a confirmation, enter the password, or click Allow.
 
A page similar to the one below will open.
 
elevatedcommandpromptw7_zpseba8c499.png
 
Type in sfc /scannow and then press Enter to start the scan.  Please notice the space between sfc and the /scannow.
 
If the scan finds no integrity  problems in the first portion of the scan it should stop, to be sure that the scan has stopped wait five minutes, then type in exit and press Enter to stop the scan.
 
When the scan is finished please post the log of this scan.
 
To find sfc /scannow log, type cmd in the Search programs and files box. 
 
cmd will appear above the search box under Apps., right click on it and choose Run as administrator, this will open the Elevated Command Prompt.  This will look simlare to the image above.
 
Copy and paste the following in the Search programs and files box, then press Enter.  
 
findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >%userprofile%\Desktop\sfcdetails.txt
 
This will place a new icon on the desktop titled sfcdetails.  Click on this to open the log, copy it and paste it in your topic. 

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#4 cypheroftyr

cypheroftyr
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:the Citadel
  • Local time:03:29 PM

Posted 01 September 2014 - 09:41 AM

Please download MiniToolBox  , save it to your desktop and run it.
 
Checkmark the following checkboxes:
  List last 10 Event Viewer log
  List Installed Programs
  List Users, Partitions and Memory size.
 
Click Go and paste the content into your next post.
 
Also...please Publish a Snapshot using Speccy - http://www.bleepingcomputer.com/forums/topic323892.html/page__p__1797792#entry1797792 , taking care to post the link of the snapshot in your next post.
 
Louis

Here you go Luis:

 

Speccy: http://speccy.piriform.com/results/LCv84fk4Hqu1sgOPSoI5Y5n, MiniToolBox is still running, I'll edit with once its done.



#5 cypheroftyr

cypheroftyr
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:the Citadel
  • Local time:03:29 PM

Posted 01 September 2014 - 10:05 AM

 

Please run System File Checker (sfc)
 
The sfc /scannow command scans all protected system files and replaces corrupted and incorrect versions with correct Microsoft versions.
 
Click on the Start orb and then type cmd in the Search programs and files box.
 
In the pane above the search box Programs will appear with cmd below it, right click on cmd and choose Run as administrator.
 
If you are prompted for an administrator password or for a confirmation, enter the password, or click Allow.
 
A page similar to the one below will open.
 
elevatedcommandpromptw7_zpseba8c499.png
 
Type in sfc /scannow and then press Enter to start the scan.  Please notice the space between sfc and the /scannow.
 
If the scan finds no integrity  problems in the first portion of the scan it should stop, to be sure that the scan has stopped wait five minutes, then type in exit and press Enter to stop the scan.
 
When the scan is finished please post the log of this scan.
 
To find sfc /scannow log, type cmd in the Search programs and files box. 
 
cmd will appear above the search box under Apps., right click on it and choose Run as administrator, this will open the Elevated Command Prompt.  This will look simlare to the image above.
 
Copy and paste the following in the Search programs and files box, then press Enter.  
 
findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >%userprofile%\Desktop\sfcdetails.txt
 
This will place a new icon on the desktop titled sfcdetails.  Click on this to open the log, copy it and paste it in your topic. 

 

I don't know if it was sfc /scannow, but the computer just totally powered off in the middle of scanning it. I'll have to re-run, but I'm wondering what the problem is. The CPU was also running way too hot from what I saw in Speccy



#6 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,690 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:01:29 PM

Posted 01 September 2014 - 10:23 AM

Your computer is running very hot, 70C for the CPU is too hot, this could be shutting down your computer.  You need to open the case and use a canned duster to blow out the fan and heat sink on the CPU and the rest of the case.

 

I would suggest that you run chkdsk /r.

 

Chkdsk /r checks for bad sectors on the hdd and recovers any readable information.
 
Click on the Start orb and type in cmd in the Search programs and files box.  When cmd is seen in Programs above the Search box right click on it, then click on Run as administrator.
 
You will see a screen similar to the one below.
 
Screenshot2.jpg
 
Type in chkdsk c:/r then press Enter.  Please notice the space between the chkdsk and the /r.
 
You will receieve the message "CHKDSK cannot be run because it is in use by another process.  Would you like to schedule this volume to be checked the next time the system restarts?  <Y/N>".
 
Type in Y and press Enter.
 
Restart your computer to start the scan.
 
This will take a while to run, please be patient and allow it to complete the scan.
 
When the scan is finished please download and run ListChkdskResult.
 
This will open Notepad with the results of the chkdsk scan.  Please copy and then paste this log in your topic.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#7 cypheroftyr

cypheroftyr
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:the Citadel
  • Local time:03:29 PM

Posted 01 September 2014 - 10:28 AM

I know 70c is far too hot. Once the scannow is done, I'll follow up with a chkdsk. Not sure why its running so hot, I didn't have that much going. If it crashes out again while scannow is running I'll see if that's the issue. Thanks for the help.


Edited by hamluis, 01 September 2014 - 01:01 PM.
Removed unnecessary quotebox - Hamluis.


#8 cypheroftyr

cypheroftyr
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:the Citadel
  • Local time:03:29 PM

Posted 01 September 2014 - 10:37 AM

I followed your instructions and no such file appeared on the desktop.


Edited by hamluis, 01 September 2014 - 01:02 PM.


#9 cypheroftyr

cypheroftyr
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:the Citadel
  • Local time:03:29 PM

Posted 01 September 2014 - 10:43 AM

Here's MiniToolbar:

 

 

MiniToolBox by Farbar  Version: 21-07-2014
Ran by Tanya D (administrator) on 01-09-2014 at 09:28:23
Running from "C:\Users\Tanya D\Desktop"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (09/01/2014 08:51:15 AM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: SHELL32.dll, version: 6.1.7601.18517, time stamp: 0x53aa2e07
Exception code: 0xc0000005
Fault offset: 0x0000000000050506
Faulting process id: 0x14dc
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
 
Error: (09/01/2014 02:30:20 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.
 
Error: (09/01/2014 01:33:28 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Edited by hamluis, 01 September 2014 - 01:03 PM.
Removed unnecessary quotebox - Hamluis.


#10 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,690 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:01:29 PM

Posted 01 September 2014 - 10:44 AM

To reiterate...  You need to open the case and clean the dust out.  If this isn't causing the overheating issue I would suggest removing the CPU heat sink and clean both surface of the heat sink and the CPU and then reapplying a good quality thermal compound.

 

I would make this a priority, do it before you do anything else.  You can damage your CPU if it is shutting down the computer because of the overheating.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#11 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,690 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:01:29 PM

Posted 01 September 2014 - 10:46 AM

The MiniToolBox isn't complete.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#12 cypheroftyr

cypheroftyr
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:the Citadel
  • Local time:03:29 PM

Posted 01 September 2014 - 10:58 AM

The MiniToolBox isn't complete.

Ah damn, it was in the middle of running when the computer shut down. I'll try it again after I've cleaned out the comp and run chkdsk.



#13 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,690 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:01:29 PM

Posted 01 September 2014 - 11:08 AM

Thank you for heeding my advice regarding the overheating issue. :thumbup2:


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#14 cypheroftyr

cypheroftyr
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:the Citadel
  • Local time:03:29 PM

Posted 01 September 2014 - 11:17 AM

Mod Edit:  Please use one of the REPLY buttons to post, do NOT use the QUOTE button, thanks - Hamluis.

 

No problem! Thank you for being so on the spot with help. This has been driving me crazy for the last 12 hours or so. I'm surprised the CPU is overheating though, it's a brand new case with plenty of airflow. I've got a laptop to work on while chkdsk takes its sweet, sweet time.

 

 

Worse comes to worst, I've got a HDD enclosure and a spare 1TB HDD at work that I can use to reinstall windows. Or save everything to an external and reformat C.Not how I'd planned to spend a day off that's for sure!


Edited by hamluis, 01 September 2014 - 01:05 PM.


#15 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,690 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:01:29 PM

Posted 01 September 2014 - 11:36 AM

The overheating issue only pertains to the CPU, the motherboard and the graphics card temperatures are well within tolerances.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users