Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"PAGE_FAULT_IN_NONPAGED_AREA" blue screen error


  • Please log in to reply
6 replies to this topic

#1 lijxok

lijxok

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 27 December 2015 - 12:47 AM

Hey everyone,

I am using a Lenovo G505s laptop, the specs are:

CPU: AMD A10-5750M 2.5GHz
Memory: 6 GB DDR3(4G+2G)
Storage: 1TB 5400rpm
Graphics Card: AMD Radeon HD 8650G
LAN: 10/100Mbps
WLAN: 802.11b/g/n Wireless LAN
Bluetooth: Bluetooth 4.0

The blue screen error occurs every time after a moment from I open a browser(any brower including firefox, chrome and IE) and open some webpages.

Initially I was using Windows 8, I was thinking that upgrading it to Windows 10 would fix the problem, but it failed to fix it. I also tried some other ways, like: use sfc and dism command; change settings about page size and automatic management of page; check disk; clean registry keys; uninstall recently updated Java; use anti-virus software. But none of these works. The only possible way I know but have not tried is to test the RAM, but I doubted whether it is caused by hardware problem.

One minidump file is: http://www.filedropper.com/122415-36343-01
And the most recent minidump file is: http://www.filedropper.com/122515-34171-01

According to blue screen view, for the first file the problem is caused by ntoskrnl.exe and tcpip.sys; and the the second file it is cause only by ntoskrnl.exe. Since I have no idea how to fix the problem based on the minidump files, can anyone have a look at the files and specify where the problem is?

Any help for solving the problem is greatly appreciated! Thanks in advance!



BC AdBot (Login to Remove)

 


#2 jinxiang

jinxiang

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:03:45 PM

Posted 27 December 2015 - 01:26 AM

Hey everyone,

I am using a Lenovo G505s laptop, the specs are:

CPU: AMD A10-5750M 2.5GHz
Memory: 6 GB DDR3(4G+2G)
Storage: 1TB 5400rpm
Graphics Card: AMD Radeon HD 8650G
LAN: 10/100Mbps
WLAN: 802.11b/g/n Wireless LAN
Bluetooth: Bluetooth 4.0

The blue screen error occurs every time after a moment from I open a browser(any brower including firefox, chrome and IE) and open some webpages.

Initially I was using Windows 8, I was thinking that upgrading it to Windows 10 would fix the problem, but it failed to fix it. I also tried some other ways, like: use sfc and dism command; change settings about page size and automatic management of page; check disk; clean registry keys; uninstall recently updated Java; use anti-virus software. But none of these works. The only possible way I know but have not tried is to test the RAM, but I doubted whether it is caused by hardware problem.

One minidump file is: http://www.filedropper.com/122415-36343-01
And the most recent minidump file is: http://www.filedropper.com/122515-34171-01

According to blue screen view, for the first file the problem is caused by ntoskrnl.exe and tcpip.sys; and the the second file it is cause only by ntoskrnl.exe. Since I have no idea how to fix the problem based on the minidump files, can anyone have a look at the files and specify where the problem is?

Any help for solving the problem is greatly appreciated! Thanks in advance!

Hi I have helped diagnosing your BSOD. 

 

Here is the result.

 

 
Microsoft ® Windows Debugger Version 6.3.9600.17298 AMD64
Copyright © Microsoft Corporation. All rights reserved.
 
 
Loading Dump File [C:\Users\JinXiang\Downloads\122515-34171-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
 
 
************* Symbol Path validation summary **************
Response                         Time (ms)     Location
Deferred                                       SRV*C:\debug*http://msdl.microsoft.com/download/symbols
Symbol search path is: SRV*C:\debug*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 8 Kernel Version 10586 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 10586.17.amd64fre.th2_release.151121-2308
Machine Name:
Kernel base = 0xfffff803`46e92000 PsLoadedModuleList = 0xfffff803`47170c70
Debug session time: Fri Dec 25 13:20:03.625 2015 (UTC + 8:00)
System Uptime: 0 days 0:25:36.496
Loading Kernel Symbols
.
 
Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
Run !sym noisy before .reload to track down problems loading symbols.
 
..............................................................
................................................................
................................................................
......
Loading User Symbols
Loading unloaded module list
...............................................
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************
 
Use !analyze -v to get detailed debugging information.
 
BugCheck 50, {ffffe00162dde000, 0, fffff80346fc6118, 0}
 
*** WARNING: Unable to verify timestamp for sysmon.sys
*** ERROR: Module load completed but symbols could not be loaded for sysmon.sys
 
Could not read faulting driver name
Probably caused by : sysmon.sys ( sysmon+14f9 )
 
Followup: MachineOwner
---------
 
3: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************
 
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced.  This cannot be protected by try-except,
it must be protected by a Probe.  Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: ffffe00162dde000, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff80346fc6118, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000000, (reserved)
 
Debugging Details:
------------------
 
 
Could not read faulting driver name
 
DUMP_FILE_ATTRIBUTES: 0x8
  Kernel Generated Triage Dump
 
READ_ADDRESS: unable to get nt!MmSpecialPoolStart
unable to get nt!MmSpecialPoolEnd
unable to get nt!MmPagedPoolEnd
unable to get nt!MmNonPagedPoolStart
unable to get nt!MmSizeOfNonPagedPoolInBytes
 ffffe00162dde000 
 
FAULTING_IP: 
nt!strncpy+38
fffff803`46fc6118 488b02          mov     rax,qword ptr [rdx]
 
MM_INTERNAL_CODE:  0
 
CUSTOMER_CRASH_COUNT:  1
 
DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
 
BUGCHECK_STR:  AV
 
PROCESS_NAME:  chrome.exe
 
CURRENT_IRQL:  2
 
ANALYSIS_VERSION: 6.3.9600.17298 (debuggers(dbg).141024-1500) amd64fre
 
TRAP_FRAME:  ffffd00021b98a90 -- (.trap 0xffffd00021b98a90)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=32363733383a6469 rbx=0000000000000000 rcx=fffffffffd7dcbb4
rdx=ffffe00162dde000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80346fc6118 rsp=ffffd00021b98c28 rbp=ffffe001605b9000
 r8=0000000000000000  r9=8101010101010100 r10=7cfcfefef0fcf8fe
r11=ffffe001605b9bb4 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei ng nz ac po nc
nt!strncpy+0x38:
fffff803`46fc6118 488b02          mov     rax,qword ptr [rdx] ds:ffffe001`62dde000=????????????????
Resetting default scope
 
LAST_CONTROL_TRANSFER:  from fffff80346ff4182 to fffff80346fd4760
 
STACK_TEXT:  
ffffd000`21b98828 fffff803`46ff4182 : 00000000`00000050 ffffe001`62dde000 00000000`00000000 ffffd000`21b98a90 : nt!KeBugCheckEx
ffffd000`21b98830 fffff803`46ecb17c : 00000000`00000000 ffffe001`628a998c ffffd000`21b98a90 00000000`00000001 : nt! ?? ::FNODOBFM::`string'+0x11082
ffffd000`21b98920 fffff803`46fdd9bc : ffffd000`21b98b60 ffffe001`5bf601c0 ffffe001`6180c570 fffff800`37124060 : nt!MmAccessFault+0x62c
ffffd000`21b98a90 fffff803`46fc6118 : fffff800`375a14f9 ffffd000`21b991f0 ffffd000`21b991c0 00000000`00000000 : nt!KiPageFault+0x13c
ffffd000`21b98c28 fffff800`375a14f9 : ffffd000`21b991f0 ffffd000`21b991c0 00000000`00000000 fffff800`375b52c0 : nt!strncpy+0x38
ffffd000`21b98c30 ffffd000`21b991f0 : ffffd000`21b991c0 00000000`00000000 fffff800`375b52c0 00000000`00000010 : sysmon+0x14f9
ffffd000`21b98c38 ffffd000`21b991c0 : 00000000`00000000 fffff800`375b52c0 00000000`00000010 fffff800`375a3b88 : 0xffffd000`21b991f0
ffffd000`21b98c40 00000000`00000000 : fffff800`375b52c0 00000000`00000010 fffff800`375a3b88 ffffd000`21b991f0 : 0xffffd000`21b991c0
 
 
STACK_COMMAND:  kb
 
FOLLOWUP_IP: 
sysmon+14f9
fffff800`375a14f9 ??              ???
 
SYMBOL_STACK_INDEX:  5
 
SYMBOL_NAME:  sysmon+14f9
 
FOLLOWUP_NAME:  MachineOwner
 
MODULE_NAME: sysmon
 
IMAGE_NAME:  sysmon.sys
 
DEBUG_FLR_IMAGE_TIMESTAMP:  56497ce9
 
FAILURE_BUCKET_ID:  AV_sysmon+14f9
 
BUCKET_ID:  AV_sysmon+14f9
 
ANALYSIS_SOURCE:  KM
 
FAILURE_ID_HASH_STRING:  km:av_sysmon+14f9
 
FAILURE_ID_HASH:  {b847edca-54db-47d3-8ca4-2852086fdfdd}
 
Followup: MachineOwner
---------
 
You might want to try and update your hardwares to the latest updated patch and see does it solve the problem. 


#3 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,089 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:03:45 AM

Posted 27 December 2015 - 09:53 AM

sysmon.sys is most likely related to Rising System Monitor Driver and may be a part of a Boot Bus Extender

Beyond that, we'll need some more info before we can advise further:

 

Please provide this information so we can provide a complete analysis (from the Pinned Topic at the top of the forum):  http://www.bleepingcomputer.com/forums/t/576314/blue-screen-of-death-bsod-posting-instructions-windows-10-81-8-7-vista/

Should you have problems with the perfmon report, please disregard it (I don't use it very much anyway).

Should the app lock up for more than 15 minutes while searching for Network information (it does this in my copy of W10), go ahead and kill the app. 
Then navigate to the Documents folder and zip up the 18 reports in the SysnativeFileCollectionApp folder - then upload that with your next post.

If that doesn't work, then you can try this new app (from a friend of mine):  http://omgdebugging.com/bsod-inspector/
When done a Notepad document will open with the name of the file and it's location.
By default it'll be a .zip file located on your Desktop
Simply upload the .zip file with your next post and we'll move on from there.
***********************************************************************************************************

 


My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#4 lijxok

lijxok
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 27 December 2015 - 08:02 PM

Hi usasma,

 

Thanks for your reply.

 

I think sysmon is related to the Rising software, which is my anti-virus software.

 

I did according to that post, and the zip file is attached. Since I cannot upload the perfmon result separately, I put it into the zip file.

 

Thanks.

 

JX 

 

sysmon.sys is most likely related to Rising System Monitor Driver and may be a part of a Boot Bus Extender

Beyond that, we'll need some more info before we can advise further:

 

Please provide this information so we can provide a complete analysis (from the Pinned Topic at the top of the forum):  http://www.bleepingcomputer.com/forums/t/576314/blue-screen-of-death-bsod-posting-instructions-windows-10-81-8-7-vista/

Should you have problems with the perfmon report, please disregard it (I don't use it very much anyway).

Should the app lock up for more than 15 minutes while searching for Network information (it does this in my copy of W10), go ahead and kill the app. 
Then navigate to the Documents folder and zip up the 18 reports in the SysnativeFileCollectionApp folder - then upload that with your next post.

If that doesn't work, then you can try this new app (from a friend of mine):  http://omgdebugging.com/bsod-inspector/
When done a Notepad document will open with the name of the file and it's location.
By default it'll be a .zip file located on your Desktop
Simply upload the .zip file with your next post and we'll move on from there.
***********************************************************************************************************

 

 

Attached Files



#5 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,089 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:03:45 AM

Posted 29 December 2015 - 02:51 PM

Your UEFI/BIOS (version 83CN16WW(V1.05)) dates from 2013.  Please check at the manufacturer's website to see if there are any UEFI/BIOS updates available for your system.  If you are able to install the update through Windows (without booting from an external drive), then go ahead and update it.  WARNING - if the computer might shut down during this procedure, please don't do it, as this may physically damage the computer and prevent it from booting.

Only 3 Windows Update hotfixes installed.  Most build 10586 (TH2/1511) systems have more than this.  Please visit Windows Update and get ALL available Windows Updates.

Lot's of problems with the sysmon.sys driver in the WER section of the MSINFO32 report.  Also, all of the memory dumps blame it also.

Please uninstall the Rising software to see if that helps.  Enable Windows Defender and the Windows firewall while you're testing it out.

 

Daemon Tools (and Alcohol % software) are known to cause BSOD's on some Windows systems (mostly due to the sptd.sys driver, although I have seen both dtsoftbus01.sys and dtscsibus.sys blamed on several occasions).

Please un-install the program, then use the following free tool to ensure that the troublesome sptd.sys driver is removed from your system (pick the 32 or 64 bit system depending on your system's configuration):  New link (15 Aug 2012):  http://www.duplexsecure.com/downloads (pick the appropriate version for your system and select "Un-install" when you run it).
Alternate link:  http://www.disc-tools.com/download/sptd
Manual procedure here:  http://daemonpro-help.com/en/problems_and_solutions/registry_and_sptd_problems.html
NOTE:  The uninstaller may not find the SPTD.sys driver.  Don't worry about it, just let us know in your post.

System may be infected.

This driver is in the memory dump:  http://www.carrona.org/drivers/search.php?id=gw64

 

Analysis:
The following is for informational purposes only.
**************************Sun Dec 27 17:46:20.702 2015 (UTC - 5:00)**************************
Loading Dump File [C:\Users\John\SysnativeBSODApps\122715-37125-01.dmp]
Windows 10 Kernel Version 10586 MP (4 procs) Free x64
Built by: 10586.17.amd64fre.th2_release.151121-2308
System Uptime: 0 days 0:17:34.514
*** WARNING: Unable to verify timestamp for sysmon.sys
*** ERROR: Module load completed but symbols could not be loaded for sysmon.sys
Probably caused by : sysmon.sys ( sysmon+14f9 )
BugCheck 50, {ffffe0004051a000, 0, fffff8010af51118, 0}
BugCheck Info: PAGE_FAULT_IN_NONPAGED_AREA (50)
Arguments:
Arg1: ffffe0004051a000, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff8010af51118, If non-zero, the instruction address which referenced the bad memory
    address.
Arg4: 0000000000000000, (reserved)
BUGCHECK_STR:  AV
DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
PROCESS_NAME:  chrome.exe
FAILURE_BUCKET_ID:  AV_R_INVALID_sysmon!Unknown_Function
  BIOS Version                  83CN16WW(V1.05)
  BIOS Release Date             09/18/2013
  Manufacturer                  LENOVO
  Product Name                  20255
  Baseboard Product             Lenovo G505s
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Fri Dec 25 00:20:03.625 2015 (UTC - 5:00)**************************
Loading Dump File [C:\Users\John\SysnativeBSODApps\122515-34171-01.dmp]
Windows 10 Kernel Version 10586 MP (4 procs) Free x64
Built by: 10586.17.amd64fre.th2_release.151121-2308
System Uptime: 0 days 0:25:36.496
*** WARNING: Unable to verify timestamp for sysmon.sys
*** ERROR: Module load completed but symbols could not be loaded for sysmon.sys
Probably caused by : sysmon.sys ( sysmon+14f9 )
BugCheck 50, {ffffe00162dde000, 0, fffff80346fc6118, 0}
BugCheck Info: PAGE_FAULT_IN_NONPAGED_AREA (50)
Arguments:
Arg1: ffffe00162dde000, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff80346fc6118, If non-zero, the instruction address which referenced the bad memory
    address.
Arg4: 0000000000000000, (reserved)
BUGCHECK_STR:  AV
DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
PROCESS_NAME:  chrome.exe
FAILURE_BUCKET_ID:  AV_R_INVALID_sysmon!Unknown_Function
  BIOS Version                  83CN16WW(V1.05)
  BIOS Release Date             09/18/2013
  Manufacturer                  LENOVO
  Product Name                  20255
  Baseboard Product             Lenovo G505s
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Thu Dec 24 00:20:02.333 2015 (UTC - 5:00)**************************
Loading Dump File [C:\Users\John\SysnativeBSODApps\122415-36343-01.dmp]
Windows 10 Kernel Version 10586 MP (4 procs) Free x64
Built by: 10586.0.amd64fre.th2_release.151029-1700
System Uptime: 0 days 0:16:16.069
*** WARNING: Unable to verify timestamp for sysmon.sys
*** ERROR: Module load completed but symbols could not be loaded for sysmon.sys
Probably caused by : sysmon.sys ( sysmon+14f9 )
BugCheck 50, {ffffe0019305b000, 0, fffff80248b3c938, 0}
BugCheck Info: PAGE_FAULT_IN_NONPAGED_AREA (50)
Arguments:
Arg1: ffffe0019305b000, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff80248b3c938, If non-zero, the instruction address which referenced the bad memory
    address.
Arg4: 0000000000000000, (reserved)
BUGCHECK_STR:  AV
DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
PROCESS_NAME:  chrome.exe
FAILURE_BUCKET_ID:  AV_R_INVALID_sysmon!Unknown_Function
  BIOS Version                  83CN16WW(V1.05)
  BIOS Release Date             09/18/2013
  Manufacturer                  LENOVO
  Product Name                  20255
  Baseboard Product             Lenovo G505s
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Wed Dec 23 23:56:53.996 2015 (UTC - 5:00)**************************
Loading Dump File [C:\Users\John\SysnativeBSODApps\122415-28953-01.dmp]
Windows 10 Kernel Version 10586 MP (4 procs) Free x64
Built by: 10586.0.amd64fre.th2_release.151029-1700
System Uptime: 0 days 1:01:38.784
*** WARNING: Unable to verify timestamp for sysmon.sys
*** ERROR: Module load completed but symbols could not be loaded for sysmon.sys
Probably caused by : sysmon.sys ( sysmon+14f9 )
BugCheck 50, {ffffe000852cf000, 0, fffff800e3f51938, 0}
BugCheck Info: PAGE_FAULT_IN_NONPAGED_AREA (50)
Arguments:
Arg1: ffffe000852cf000, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff800e3f51938, If non-zero, the instruction address which referenced the bad memory
    address.
Arg4: 0000000000000000, (reserved)
BUGCHECK_STR:  AV
DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
PROCESS_NAME:  chrome.exe
FAILURE_BUCKET_ID:  AV_R_INVALID_sysmon!Unknown_Function
  BIOS Version                  83CN16WW(V1.05)
  BIOS Release Date             09/18/2013
  Manufacturer                  LENOVO
  Product Name                  20255
  Baseboard Product             Lenovo G505s
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Wed Dec 23 21:34:40.907 2015 (UTC - 5:00)**************************
Loading Dump File [C:\Users\John\SysnativeBSODApps\122315-57812-01.dmp]
Windows 10 Kernel Version 10586 MP (4 procs) Free x64
Built by: 10586.0.amd64fre.th2_release.151029-1700
System Uptime: 0 days 1:29:50.641
*** WARNING: Unable to verify timestamp for sysmon.sys
*** ERROR: Module load completed but symbols could not be loaded for sysmon.sys
Probably caused by : sysmon.sys ( sysmon+14f9 )
BugCheck 50, {ffffe001070be000, 0, fffff803ff1ba938, 0}
BugCheck Info: PAGE_FAULT_IN_NONPAGED_AREA (50)
Arguments:
Arg1: ffffe001070be000, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff803ff1ba938, If non-zero, the instruction address which referenced the bad memory
    address.
Arg4: 0000000000000000, (reserved)
BUGCHECK_STR:  AV
DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
PROCESS_NAME:  SogouExplorer.
FAILURE_BUCKET_ID:  AV_R_INVALID_sysmon!Unknown_Function
  BIOS Version                  83CN16WW(V1.05)
  BIOS Release Date             09/18/2013
  Manufacturer                  LENOVO
  Product Name                  20255
  Baseboard Product             Lenovo G505s
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Wed Dec 23 19:53:41.517 2015 (UTC - 5:00)**************************
Loading Dump File [C:\Users\John\SysnativeBSODApps\122315-43515-01.dmp]
Windows 10 Kernel Version 10586 MP (4 procs) Free x64
Built by: 10586.0.amd64fre.th2_release.151029-1700
System Uptime: 0 days 0:21:58.372
*** WARNING: Unable to verify timestamp for sysmon.sys
*** ERROR: Module load completed but symbols could not be loaded for sysmon.sys
Probably caused by : sysmon.sys ( sysmon+14f9 )
BugCheck 50, {ffffe001330e2000, 0, fffff8007b345938, 0}
BugCheck Info: PAGE_FAULT_IN_NONPAGED_AREA (50)
Arguments:
Arg1: ffffe001330e2000, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff8007b345938, If non-zero, the instruction address which referenced the bad memory
    address.
Arg4: 0000000000000000, (reserved)
BUGCHECK_STR:  AV
DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
PROCESS_NAME:  SogouExplorer.
FAILURE_BUCKET_ID:  AV_R_INVALID_sysmon!Unknown_Function
  BIOS Version                  83CN16WW(V1.05)
  BIOS Release Date             09/18/2013
  Manufacturer                  LENOVO
  Product Name                  20255
  Baseboard Product             Lenovo G505s
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``


3rd Party Drivers:
The following is for information purposes only.
Any drivers in RED should be updated or removed from your system. And should have been discussed in the body of my post.
**************************Sun Dec 27 17:46:20.702 2015 (UTC - 5:00)**************************
LhdX64.sys                                       Mon Jan 11 10:06:58 2010 (4B4B3E92)
ElcMouLFlt.sys                                   Mon Oct  4 19:30:57 2010 (4CAA63B1)
ElcMouUFlt.sys                                   Tue Nov 30 00:42:46 2010 (4CF48ED6)
rsktdi.sys                                       Thu Apr 21 21:05:21 2011 (4DB0D451)
rsndisp.sys                                      Thu Feb 23 02:55:36 2012 (4F45F0F8)
AODDriver2.sys                                   Thu Apr  5 05:23:37 2012 (4F7D6499)
GEARAspiWDM.sys                                  Thu May  3 15:56:17 2012 (4FA2E2E1)
AcpiVpc.sys                                      Mon May 14 21:18:53 2012 (4FB1AEFD)
usbfilter.sys                                    Tue Aug 28 21:27:12 2012 (503D6FF0)
hvm.sys                                          Sun Sep 16 21:30:29 2012 (50567D35)
amd_sata.sys                                     Fri Nov 30 04:00:42 2012 (50B875BA)
amd_xata.sys                                     Fri Nov 30 04:00:46 2012 (50B875BE)
t_mouse.sys                                      Mon Dec  3 01:19:30 2012 (50BC4472)
btath_bus.sys                                    Mon Jan 21 04:18:42 2013 (50FD07F2)
vstor2-mntapi20-shared.sys                       Fri Feb 22 06:27:11 2013 (5127560F)
L1C63x64.sys                                     Sun Mar 31 23:15:17 2013 (5158FBC5)
appexDrv.sys                                     Wed Apr 10 15:55:54 2013 (5165C3CA)
AtihdW86.sys                                     Tue Apr 23 06:56:48 2013 (517668F0)
vmci.sys                                         Fri May 17 21:19:18 2013 (5196D716)
VMNET.SYS                                        Thu Jul 18 15:42:50 2013 (51E8453A)
vmnetadapter.sys                                 Thu Jul 18 15:43:00 2013 (51E84544)
vmnetbridge.sys                                  Thu Jul 18 15:43:47 2013 (51E84573)
vsock.sys                                        Wed Jul 31 22:46:10 2013 (51F9CBF2)
hcmon.sys                                        Wed Oct  9 11:03:51 2013 (52557057)
vmnetuserif.sys                                  Fri Oct 18 14:19:38 2013 (52617BBA)
VMkbd.sys                                        Fri Oct 18 14:50:26 2013 (526182F2)
vmx86.sys                                        Fri Oct 18 15:34:39 2013 (52618D4F)
{5eeb83d0-96ea-4249-942c-beead6847053}Gw64.sys   Wed Aug  6 19:52:18 2014 (53E2BFB2)
VBoxUSBMon.sys                                   Sun Aug 24 14:48:51 2014 (53FA3393)
VBoxNetAdp.sys                                   Sun Aug 24 14:48:51 2014 (53FA3393)
VBoxDrv.sys                                      Sun Aug 24 14:51:17 2014 (53FA3425)
athw8x.sys                                       Sun Apr 26 22:56:12 2015 (553DA54C)
rtsuvc.sys                                       Fri May 29 05:18:01 2015 (55682EC9)
CHDRT64.sys                                      Thu Jul  9 05:36:25 2015 (559E4099)
atikmpag.sys                                     Tue Jul 21 21:11:28 2015 (55AEEDC0)
atikmdag.sys                                     Tue Jul 21 21:35:10 2015 (55AEF34E)
bd0002.sys                                       Thu Jul 30 22:53:08 2015 (55BAE314)
bd0001.sys                                       Thu Jul 30 22:53:29 2015 (55BAE329)
rsutils.sys                                      Wed Aug  5 23:28:51 2015 (55C2D473)
ETD.sys                                          Thu Sep 24 09:05:48 2015 (5603F52C)
sysmon.sys                                       Mon Nov 16 01:51:21 2015 (56497CE9)
QQProtectX64.sys                                 Mon Nov 16 21:45:23 2015 (564A94C3)
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Fri Dec 25 00:20:03.625 2015 (UTC - 5:00)**************************
npf.sys                                          Tue Oct 20 14:00:19 2009 (4ADDFAB3)
dtsoftbus01.sys                                  Fri Jan 13 08:45:46 2012 (4F10358A)
BDMNetMon.sys                                    Fri Aug 29 02:45:10 2014 (54002176)
BDDefense.sys                                    Mon Apr 13 21:34:51 2015 (552C6EBB)
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Wed Dec 23 19:53:41.517 2015 (UTC - 5:00)**************************
CHDRT64.sys                                      Tue Feb 26 00:08:22 2013 (512C4346)
ETD.sys                                          Wed Feb 27 01:43:34 2013 (512DAB16)
rtsuvc.sys                                       Wed Apr 10 06:43:21 2013 (51654249)
http://www.carrona.org/drivers/driver.php?id=LhdX64.sys
ElcMouLFlt.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
ElcMouUFlt.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
rsktdi.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
rsndisp.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
http://www.carrona.org/drivers/driver.php?id=AODDriver2.sys
http://www.carrona.org/drivers/driver.php?id=GEARAspiWDM.sys
http://www.carrona.org/drivers/driver.php?id=AcpiVpc.sys
http://www.carrona.org/drivers/driver.php?id=usbfilter.sys
hvm.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
http://www.carrona.org/drivers/driver.php?id=amd_sata.sys
http://www.carrona.org/drivers/driver.php?id=amd_xata.sys
http://www.carrona.org/drivers/driver.php?id=t_mouse.sys
http://www.carrona.org/drivers/driver.php?id=btath_bus.sys
http://www.carrona.org/drivers/driver.php?id=vstor2-mntapi20-shared.sys
http://www.carrona.org/drivers/driver.php?id=L1C63x64.sys
http://www.carrona.org/drivers/driver.php?id=appexDrv.sys
http://www.carrona.org/drivers/driver.php?id=AtihdW86.sys
http://www.carrona.org/drivers/driver.php?id=vmci.sys
http://www.carrona.org/drivers/driver.php?id=VMNET.SYS
http://www.carrona.org/drivers/driver.php?id=vmnetadapter.sys
http://www.carrona.org/drivers/driver.php?id=vmnetbridge.sys
http://www.carrona.org/drivers/driver.php?id=vsock.sys
http://www.carrona.org/drivers/driver.php?id=hcmon.sys
http://www.carrona.org/drivers/driver.php?id=vmnetuserif.sys
http://www.carrona.org/drivers/driver.php?id=VMkbd.sys
http://www.carrona.org/drivers/driver.php?id=vmx86.sys
{5eeb83d0-96ea-4249-942c-beead6847053}Gw64.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
http://www.carrona.org/drivers/driver.php?id=VBoxUSBMon.sys
http://www.carrona.org/drivers/driver.php?id=VBoxNetAdp.sys
http://www.carrona.org/drivers/driver.php?id=VBoxDrv.sys
http://www.carrona.org/drivers/driver.php?id=athw8x.sys
http://www.carrona.org/drivers/driver.php?id=rtsuvc.sys
http://www.carrona.org/drivers/driver.php?id=CHDRT64.sys
http://www.carrona.org/drivers/driver.php?id=atikmpag.sys
http://www.carrona.org/drivers/driver.php?id=atikmdag.sys
bd0002.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
bd0001.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
rsutils.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
http://www.carrona.org/drivers/driver.php?id=ETD.sys
sysmon.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
QQProtectX64.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
http://www.carrona.org/drivers/driver.php?id=npf.sys
http://www.carrona.org/drivers/driver.php?id=dtsoftbus01.sys
BDMNetMon.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
BDDefense.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
http://www.carrona.org/drivers/driver.php?id=CHDRT64.sys
http://www.carrona.org/drivers/driver.php?id=ETD.sys
http://www.carrona.org/drivers/driver.php?id=rtsuvc.sys
 


My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#6 lijxok

lijxok
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 31 December 2015 - 04:19 PM

Your UEFI/BIOS (version 83CN16WW(V1.05)) dates from 2013.  Please check at the manufacturer's website to see if there are any UEFI/BIOS updates available for your system.  If you are able to install the update through Windows (without booting from an external drive), then go ahead and update it.  WARNING - if the computer might shut down during this procedure, please don't do it, as this may physically damage the computer and prevent it from booting.

Only 3 Windows Update hotfixes installed.  Most build 10586 (TH2/1511) systems have more than this.  Please visit Windows Update and get ALL available Windows Updates.

Lot's of problems with the sysmon.sys driver in the WER section of the MSINFO32 report.  Also, all of the memory dumps blame it also.

Please uninstall the Rising software to see if that helps.  Enable Windows Defender and the Windows firewall while you're testing it out.

 

Daemon Tools (and Alcohol % software) are known to cause BSOD's on some Windows systems (mostly due to the sptd.sys driver, although I have seen both dtsoftbus01.sys and dtscsibus.sys blamed on several occasions).

 

Please un-install the program, then use the following free tool to ensure that the troublesome sptd.sys driver is removed from your system (pick the 32 or 64 bit system depending on your system's configuration):  New link (15 Aug 2012):  http://www.duplexsecure.com/downloads (pick the appropriate version for your system and select "Un-install" when you run it).
Alternate link:  http://www.disc-tools.com/download/sptd
Manual procedure here:  http://daemonpro-help.com/en/problems_and_solutions/registry_and_sptd_problems.html
NOTE:  The uninstaller may not find the SPTD.sys driver.  Don't worry about it, just let us know in your post.

System may be infected.

This driver is in the memory dump:  http://www.carrona.org/drivers/search.php?id=gw64

 

Analysis:
The following is for informational purposes only.
**************************Sun Dec 27 17:46:20.702 2015 (UTC - 5:00)**************************
Loading Dump File [C:\Users\John\SysnativeBSODApps\122715-37125-01.dmp]
Windows 10 Kernel Version 10586 MP (4 procs) Free x64
Built by: 10586.17.amd64fre.th2_release.151121-2308
System Uptime: 0 days 0:17:34.514
*** WARNING: Unable to verify timestamp for sysmon.sys
*** ERROR: Module load completed but symbols could not be loaded for sysmon.sys
Probably caused by : sysmon.sys ( sysmon+14f9 )
BugCheck 50, {ffffe0004051a000, 0, fffff8010af51118, 0}
BugCheck Info: PAGE_FAULT_IN_NONPAGED_AREA (50)
Arguments:
Arg1: ffffe0004051a000, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff8010af51118, If non-zero, the instruction address which referenced the bad memory
    address.
Arg4: 0000000000000000, (reserved)
BUGCHECK_STR:  AV
DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
PROCESS_NAME:  chrome.exe
FAILURE_BUCKET_ID:  AV_R_INVALID_sysmon!Unknown_Function
  BIOS Version                  83CN16WW(V1.05)
  BIOS Release Date             09/18/2013
  Manufacturer                  LENOVO
  Product Name                  20255
  Baseboard Product             Lenovo G505s
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Fri Dec 25 00:20:03.625 2015 (UTC - 5:00)**************************
Loading Dump File [C:\Users\John\SysnativeBSODApps\122515-34171-01.dmp]
Windows 10 Kernel Version 10586 MP (4 procs) Free x64
Built by: 10586.17.amd64fre.th2_release.151121-2308
System Uptime: 0 days 0:25:36.496
*** WARNING: Unable to verify timestamp for sysmon.sys
*** ERROR: Module load completed but symbols could not be loaded for sysmon.sys
Probably caused by : sysmon.sys ( sysmon+14f9 )
BugCheck 50, {ffffe00162dde000, 0, fffff80346fc6118, 0}
BugCheck Info: PAGE_FAULT_IN_NONPAGED_AREA (50)
Arguments:
Arg1: ffffe00162dde000, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff80346fc6118, If non-zero, the instruction address which referenced the bad memory
    address.
Arg4: 0000000000000000, (reserved)
BUGCHECK_STR:  AV
DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
PROCESS_NAME:  chrome.exe
FAILURE_BUCKET_ID:  AV_R_INVALID_sysmon!Unknown_Function
  BIOS Version                  83CN16WW(V1.05)
  BIOS Release Date             09/18/2013
  Manufacturer                  LENOVO
  Product Name                  20255
  Baseboard Product             Lenovo G505s
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Thu Dec 24 00:20:02.333 2015 (UTC - 5:00)**************************
Loading Dump File [C:\Users\John\SysnativeBSODApps\122415-36343-01.dmp]
Windows 10 Kernel Version 10586 MP (4 procs) Free x64
Built by: 10586.0.amd64fre.th2_release.151029-1700
System Uptime: 0 days 0:16:16.069
*** WARNING: Unable to verify timestamp for sysmon.sys
*** ERROR: Module load completed but symbols could not be loaded for sysmon.sys
Probably caused by : sysmon.sys ( sysmon+14f9 )
BugCheck 50, {ffffe0019305b000, 0, fffff80248b3c938, 0}
BugCheck Info: PAGE_FAULT_IN_NONPAGED_AREA (50)
Arguments:
Arg1: ffffe0019305b000, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff80248b3c938, If non-zero, the instruction address which referenced the bad memory
    address.
Arg4: 0000000000000000, (reserved)
BUGCHECK_STR:  AV
DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
PROCESS_NAME:  chrome.exe
FAILURE_BUCKET_ID:  AV_R_INVALID_sysmon!Unknown_Function
  BIOS Version                  83CN16WW(V1.05)
  BIOS Release Date             09/18/2013
  Manufacturer                  LENOVO
  Product Name                  20255
  Baseboard Product             Lenovo G505s
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Wed Dec 23 23:56:53.996 2015 (UTC - 5:00)**************************
Loading Dump File [C:\Users\John\SysnativeBSODApps\122415-28953-01.dmp]
Windows 10 Kernel Version 10586 MP (4 procs) Free x64
Built by: 10586.0.amd64fre.th2_release.151029-1700
System Uptime: 0 days 1:01:38.784
*** WARNING: Unable to verify timestamp for sysmon.sys
*** ERROR: Module load completed but symbols could not be loaded for sysmon.sys
Probably caused by : sysmon.sys ( sysmon+14f9 )
BugCheck 50, {ffffe000852cf000, 0, fffff800e3f51938, 0}
BugCheck Info: PAGE_FAULT_IN_NONPAGED_AREA (50)
Arguments:
Arg1: ffffe000852cf000, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff800e3f51938, If non-zero, the instruction address which referenced the bad memory
    address.
Arg4: 0000000000000000, (reserved)
BUGCHECK_STR:  AV
DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
PROCESS_NAME:  chrome.exe
FAILURE_BUCKET_ID:  AV_R_INVALID_sysmon!Unknown_Function
  BIOS Version                  83CN16WW(V1.05)
  BIOS Release Date             09/18/2013
  Manufacturer                  LENOVO
  Product Name                  20255
  Baseboard Product             Lenovo G505s
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Wed Dec 23 21:34:40.907 2015 (UTC - 5:00)**************************
Loading Dump File [C:\Users\John\SysnativeBSODApps\122315-57812-01.dmp]
Windows 10 Kernel Version 10586 MP (4 procs) Free x64
Built by: 10586.0.amd64fre.th2_release.151029-1700
System Uptime: 0 days 1:29:50.641
*** WARNING: Unable to verify timestamp for sysmon.sys
*** ERROR: Module load completed but symbols could not be loaded for sysmon.sys
Probably caused by : sysmon.sys ( sysmon+14f9 )
BugCheck 50, {ffffe001070be000, 0, fffff803ff1ba938, 0}
BugCheck Info: PAGE_FAULT_IN_NONPAGED_AREA (50)
Arguments:
Arg1: ffffe001070be000, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff803ff1ba938, If non-zero, the instruction address which referenced the bad memory
    address.
Arg4: 0000000000000000, (reserved)
BUGCHECK_STR:  AV
DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
PROCESS_NAME:  SogouExplorer.
FAILURE_BUCKET_ID:  AV_R_INVALID_sysmon!Unknown_Function
  BIOS Version                  83CN16WW(V1.05)
  BIOS Release Date             09/18/2013
  Manufacturer                  LENOVO
  Product Name                  20255
  Baseboard Product             Lenovo G505s
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Wed Dec 23 19:53:41.517 2015 (UTC - 5:00)**************************
Loading Dump File [C:\Users\John\SysnativeBSODApps\122315-43515-01.dmp]
Windows 10 Kernel Version 10586 MP (4 procs) Free x64
Built by: 10586.0.amd64fre.th2_release.151029-1700
System Uptime: 0 days 0:21:58.372
*** WARNING: Unable to verify timestamp for sysmon.sys
*** ERROR: Module load completed but symbols could not be loaded for sysmon.sys
Probably caused by : sysmon.sys ( sysmon+14f9 )
BugCheck 50, {ffffe001330e2000, 0, fffff8007b345938, 0}
BugCheck Info: PAGE_FAULT_IN_NONPAGED_AREA (50)
Arguments:
Arg1: ffffe001330e2000, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff8007b345938, If non-zero, the instruction address which referenced the bad memory
    address.
Arg4: 0000000000000000, (reserved)
BUGCHECK_STR:  AV
DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
PROCESS_NAME:  SogouExplorer.
FAILURE_BUCKET_ID:  AV_R_INVALID_sysmon!Unknown_Function
  BIOS Version                  83CN16WW(V1.05)
  BIOS Release Date             09/18/2013
  Manufacturer                  LENOVO
  Product Name                  20255
  Baseboard Product             Lenovo G505s
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``


3rd Party Drivers:
The following is for information purposes only.
Any drivers in RED should be updated or removed from your system. And should have been discussed in the body of my post.
**************************Sun Dec 27 17:46:20.702 2015 (UTC - 5:00)**************************
LhdX64.sys                                       Mon Jan 11 10:06:58 2010 (4B4B3E92)
ElcMouLFlt.sys                                   Mon Oct  4 19:30:57 2010 (4CAA63B1)
ElcMouUFlt.sys                                   Tue Nov 30 00:42:46 2010 (4CF48ED6)
rsktdi.sys                                       Thu Apr 21 21:05:21 2011 (4DB0D451)
rsndisp.sys                                      Thu Feb 23 02:55:36 2012 (4F45F0F8)
AODDriver2.sys                                   Thu Apr  5 05:23:37 2012 (4F7D6499)
GEARAspiWDM.sys                                  Thu May  3 15:56:17 2012 (4FA2E2E1)
AcpiVpc.sys                                      Mon May 14 21:18:53 2012 (4FB1AEFD)
usbfilter.sys                                    Tue Aug 28 21:27:12 2012 (503D6FF0)
hvm.sys                                          Sun Sep 16 21:30:29 2012 (50567D35)
amd_sata.sys                                     Fri Nov 30 04:00:42 2012 (50B875BA)
amd_xata.sys                                     Fri Nov 30 04:00:46 2012 (50B875BE)
t_mouse.sys                                      Mon Dec  3 01:19:30 2012 (50BC4472)
btath_bus.sys                                    Mon Jan 21 04:18:42 2013 (50FD07F2)
vstor2-mntapi20-shared.sys                       Fri Feb 22 06:27:11 2013 (5127560F)
L1C63x64.sys                                     Sun Mar 31 23:15:17 2013 (5158FBC5)
appexDrv.sys                                     Wed Apr 10 15:55:54 2013 (5165C3CA)
AtihdW86.sys                                     Tue Apr 23 06:56:48 2013 (517668F0)
vmci.sys                                         Fri May 17 21:19:18 2013 (5196D716)
VMNET.SYS                                        Thu Jul 18 15:42:50 2013 (51E8453A)
vmnetadapter.sys                                 Thu Jul 18 15:43:00 2013 (51E84544)
vmnetbridge.sys                                  Thu Jul 18 15:43:47 2013 (51E84573)
vsock.sys                                        Wed Jul 31 22:46:10 2013 (51F9CBF2)
hcmon.sys                                        Wed Oct  9 11:03:51 2013 (52557057)
vmnetuserif.sys                                  Fri Oct 18 14:19:38 2013 (52617BBA)
VMkbd.sys                                        Fri Oct 18 14:50:26 2013 (526182F2)
vmx86.sys                                        Fri Oct 18 15:34:39 2013 (52618D4F)
{5eeb83d0-96ea-4249-942c-beead6847053}Gw64.sys   Wed Aug  6 19:52:18 2014 (53E2BFB2)
VBoxUSBMon.sys                                   Sun Aug 24 14:48:51 2014 (53FA3393)
VBoxNetAdp.sys                                   Sun Aug 24 14:48:51 2014 (53FA3393)
VBoxDrv.sys                                      Sun Aug 24 14:51:17 2014 (53FA3425)
athw8x.sys                                       Sun Apr 26 22:56:12 2015 (553DA54C)
rtsuvc.sys                                       Fri May 29 05:18:01 2015 (55682EC9)
CHDRT64.sys                                      Thu Jul  9 05:36:25 2015 (559E4099)
atikmpag.sys                                     Tue Jul 21 21:11:28 2015 (55AEEDC0)
atikmdag.sys                                     Tue Jul 21 21:35:10 2015 (55AEF34E)
bd0002.sys                                       Thu Jul 30 22:53:08 2015 (55BAE314)
bd0001.sys                                       Thu Jul 30 22:53:29 2015 (55BAE329)
rsutils.sys                                      Wed Aug  5 23:28:51 2015 (55C2D473)
ETD.sys                                          Thu Sep 24 09:05:48 2015 (5603F52C)
sysmon.sys                                       Mon Nov 16 01:51:21 2015 (56497CE9)
QQProtectX64.sys                                 Mon Nov 16 21:45:23 2015 (564A94C3)
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Fri Dec 25 00:20:03.625 2015 (UTC - 5:00)**************************
npf.sys                                          Tue Oct 20 14:00:19 2009 (4ADDFAB3)
dtsoftbus01.sys                                  Fri Jan 13 08:45:46 2012 (4F10358A)
BDMNetMon.sys                                    Fri Aug 29 02:45:10 2014 (54002176)
BDDefense.sys                                    Mon Apr 13 21:34:51 2015 (552C6EBB)
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Wed Dec 23 19:53:41.517 2015 (UTC - 5:00)**************************
CHDRT64.sys                                      Tue Feb 26 00:08:22 2013 (512C4346)
ETD.sys                                          Wed Feb 27 01:43:34 2013 (512DAB16)
rtsuvc.sys                                       Wed Apr 10 06:43:21 2013 (51654249)
http://www.carrona.org/drivers/driver.php?id=LhdX64.sys
ElcMouLFlt.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
ElcMouUFlt.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
rsktdi.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
rsndisp.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
http://www.carrona.org/drivers/driver.php?id=AODDriver2.sys
http://www.carrona.org/drivers/driver.php?id=GEARAspiWDM.sys
http://www.carrona.org/drivers/driver.php?id=AcpiVpc.sys
http://www.carrona.org/drivers/driver.php?id=usbfilter.sys
hvm.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
http://www.carrona.org/drivers/driver.php?id=amd_sata.sys
http://www.carrona.org/drivers/driver.php?id=amd_xata.sys
http://www.carrona.org/drivers/driver.php?id=t_mouse.sys
http://www.carrona.org/drivers/driver.php?id=btath_bus.sys
http://www.carrona.org/drivers/driver.php?id=vstor2-mntapi20-shared.sys
http://www.carrona.org/drivers/driver.php?id=L1C63x64.sys
http://www.carrona.org/drivers/driver.php?id=appexDrv.sys
http://www.carrona.org/drivers/driver.php?id=AtihdW86.sys
http://www.carrona.org/drivers/driver.php?id=vmci.sys
http://www.carrona.org/drivers/driver.php?id=VMNET.SYS
http://www.carrona.org/drivers/driver.php?id=vmnetadapter.sys
http://www.carrona.org/drivers/driver.php?id=vmnetbridge.sys
http://www.carrona.org/drivers/driver.php?id=vsock.sys
http://www.carrona.org/drivers/driver.php?id=hcmon.sys
http://www.carrona.org/drivers/driver.php?id=vmnetuserif.sys
http://www.carrona.org/drivers/driver.php?id=VMkbd.sys
http://www.carrona.org/drivers/driver.php?id=vmx86.sys
{5eeb83d0-96ea-4249-942c-beead6847053}Gw64.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
http://www.carrona.org/drivers/driver.php?id=VBoxUSBMon.sys
http://www.carrona.org/drivers/driver.php?id=VBoxNetAdp.sys
http://www.carrona.org/drivers/driver.php?id=VBoxDrv.sys
http://www.carrona.org/drivers/driver.php?id=athw8x.sys
http://www.carrona.org/drivers/driver.php?id=rtsuvc.sys
http://www.carrona.org/drivers/driver.php?id=CHDRT64.sys
http://www.carrona.org/drivers/driver.php?id=atikmpag.sys
http://www.carrona.org/drivers/driver.php?id=atikmdag.sys
bd0002.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
bd0001.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
rsutils.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
http://www.carrona.org/drivers/driver.php?id=ETD.sys
sysmon.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
QQProtectX64.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
http://www.carrona.org/drivers/driver.php?id=npf.sys
http://www.carrona.org/drivers/driver.php?id=dtsoftbus01.sys
BDMNetMon.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
BDDefense.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
http://www.carrona.org/drivers/driver.php?id=CHDRT64.sys
http://www.carrona.org/drivers/driver.php?id=ETD.sys
http://www.carrona.org/drivers/driver.php?id=rtsuvc.sys
 

Hi! It seems that the problem is fixed after I updated my system, uninstalled the rising software and daemon tools, and remove te gw64.sys. Thanks for your help.



#7 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,089 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:03:45 AM

Posted 02 January 2016 - 06:04 AM

I'm glad to hear it.

Thanks for letting us know!


My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users