Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

blue screen of death


  • Please log in to reply
8 replies to this topic

#1 malfun9

malfun9

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:10 PM

Posted 22 August 2016 - 09:28 AM

Hi I am getting these blue screen faults

Kmode exception

System service exception

Page fault in nonpaged area

I have run blue screen view it says ntoskrnl.exe+7

Can I reinstall this file or replace it

cheers

malfun9



BC AdBot (Login to Remove)

 


#2 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:03:10 AM

Posted 24 August 2016 - 06:15 AM

ntoskrnl.exe (also seen as ntkrnlpa.exe, ntkrnlmp.exe, or ntkrpamp.exe) is the kernel (core) of the Windows operating system.  It is protected by security features and the Windows System File Checker.  As such, if ntoskrnl.exe was to blame, you'd be experiencing many more problems other than the occasional BSOD.

In most cases ntoskrnl.exe was blamed because a driver (typically a 3rd party driver) has corrupted the memory space that ntoskrnl.exe considers as it's own.  When this happens, ntoskrnl.exe typically finds unknown data (from the 3rd party driver) in it's memory space.  At this point the OS panics and throws a BSOD to prevent damage to the system.

If the culprit (the offending 3rd party driver) hasn't exited yet, then a BSOD analyst may be able to find traces of it in the reports/dumps.  If the culprit has exited, then the chase is on and further tests/reports will be needed to help identify what actually caused it.

More info here:  https://en.wikipedia.org/wiki/Ntoskrnl.exe


Multiple different BSOD's are usually a sign of a hardware/compatibility/or low-level driver problem.

Please start by running these free hardware diagnostics:  http://www.carrona.org/hwdiag.html

 

In order for us to analyze the problem, Please run this report collecting tool so that we can provide a complete analysis: (from the pinned topic at the top of the forum)   http://www.bleepingcomputer.com/forums/t/576314/blue-screen-of-death-bsod-posting-instructions-windows-10-81-8-7-vista/
FYI - I don't often use the Perfmon report, so if it doesn't work please just let me know.
NOTE:  On problem systems it can take up to 20 minutes for the log files to complete.  Please be patient and let it run.

If you still have problems with it running, there's an alternate tool here (direct download link):  https://github.com/blueelvis/BSOD-Inspector/releases/download/1.0.5/BSODInspector-1.0.5.exe

NOTE:
Please zip up the (.ZIP) files - do not use .RAR or other compression utilities. 
.ZIP is the type file that can be uploaded to the forums.

 


My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#3 malfun9

malfun9
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:10 PM

Posted 26 August 2016 - 09:23 AM

Hi you have put a lot of information can we do this a step at a time

I have downloaded & clicked on SysnativeFileCollectionApp it doesn’t do anything

 

Here is perfmon health report

cheers

Attached Files



#4 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:03:10 AM

Posted 27 August 2016 - 08:24 AM

If the sysnative report doesn't work, did you try the alternate? (the github/blueelvis link)

 

If that doesn't work, then here's what I would like to see:

 

Upload Dump Files:
NOTE:  If using a disk cleaning utility, please stop using it while we are troubleshooting your issues.
Please go to C:\Windows\Minidump and zip up the contents of the folder.  Then upload/attach the .zip file with your next post.
Left click on the first minidump file.
Hold down the "Shift" key and left click on the last minidump file.
Right click on the blue highlighted area and select "Send to"
Select "Compressed (zipped) folder" and note where the folder is saved.
Upload that .zip file with your next post.

If you have issues with "Access Denied" errors, try copying the files to your desktop and zipping them up from there.  If it still won't let you zip them up, post back for further advice.

If you don't have anything in that folder, please check in C:\Windows for a file named MEMORY.DMP.  If you find it, zip it up and upload it to a free file hosting service.  Then post the link to it in your topic so that we can download it.

Also, search your entire hard drive for files ending in .dmp, .mdmp, and .hdmp.  Zip up any that you find and upload them with your next post.

Then, follow the directions here to set your system for Minidumps (much smaller than the MEMORY.DMP file):  http://www.carrona.org/setmini.html
More info on dump file options here: http://support.microsoft.com/kb/254649

MSINFO32:
Please go to Start and type in "msinfo32.exe" (without the quotes) and press Enter
Save the report as an .nfo file, then zip up the .nfo file and upload/attach the .zip file with your next post.
Also, save a copy as a .txt file and include it also (it's much more difficult to read, but we have greater success in getting the info from it).

If you're having difficulties with the format, please open an elevated (Run as administrator) Command Prompt and type (or copy/paste) "msinfo32 /nfo %USERPROFILE%\Desktop\TEST.NFO" (without the quotes) and press Enter.  Then navigate to Desktop to retrieve the TEST.NFO file.  If you have difficulties with making this work, please post back.  Then zip up the .nfo file and upload/attach the .zip file with your next post.

systeminfo:
Please open an elevated (Run as administrator) Command Prompt and type (or copy/paste) "systeminfo.exe >%USERPROFILE%\Desktop\systeminfo.txt" (without the quotes) and press Enter.  Then navigate to Desktop to retrieve the syteminfo.txt file.  If you have difficulties with making this work, please post back.  Then zip up the .txt file and upload/attach the .zip file with your next post.
NOTE:    Will not work with Windows XP


My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#5 malfun9

malfun9
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:10 PM

Posted 30 August 2016 - 09:16 AM

I tried bsod inspector I got a message box

A problem caused the program to stop working

 

Please See wanted attached files

Attached Files



#6 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:03:10 AM

Posted 30 August 2016 - 11:28 AM

As the systeminfo.txt report is missing, I can't provide some assistance.
Plase submit the report with your next post.

 

AVG has problems in your Device Manager

Please uninstall it, then download/install a fresh copy immediately.

Then check Device Manager to be sure that the problem is fixed

 

Beyond this I have these 5 suggestions:
1.  Get ALL available Windows Updates.  It may take several trips to get them all
2.  Get ALL available, compatible updates for your system from the manufacturer's website (to include BIOS/UEFI).
3.  Get ALL available, compatible updates for the programs and any additional hardware installed on your computer from the developer's website
4.  Start with these free hardware diagnostics:  http://www.carrona.org/hwdiag.html
5.  If all of the hardware tests pass, then run Driver Verifier according to these instructions:  http://www.carrona.org/verifier.html
 

 

Analysis:

The following is for information purposes only. The following information contains the relevant information from the blue screen analysis:
**************************Tue Aug 30 07:19:49.530 2016 (UTC - 4:00)**************************
Loading Dump File [C:\Users\john\SysnativeBSODApps\083016-18220-01.dmp]
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Built by: 7601.18939.amd64fre.win7sp1_gdr.150722-0600
System Uptime:0 days 0:00:11.169
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Probably caused by :ntoskrnl.exe ( nt_fffff80004000000+2a49 )
BugCheck 50, {fffff8a000c8f000, 0, fffff800040ddeee, 0}
BugCheck Info: PAGE_FAULT_IN_NONPAGED_AREA (50)
Arguments:
Arg1: fffff8a000c8f000, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff800040ddeee, If non-zero, the instruction address which referenced the bad memory
    address.
Arg4: 0000000000000000, (reserved)
BUGCHECK_STR:  0x50
DEFAULT_BUCKET_ID: VERIFIER_ENABLED_VISTA_MINIDUMP
PROCESS_NAME:  smss.exe
FAILURE_BUCKET_ID: X64_0x50_VRF_nt_fffff80004000000+2a49
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Sun Aug 28 03:48:45.082 2016 (UTC - 4:00)**************************
Loading Dump File [C:\Users\john\SysnativeBSODApps\082816-18766-01.dmp]
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Built by: 7601.18939.amd64fre.win7sp1_gdr.150722-0600
System Uptime:0 days 0:00:41.736
Probably caused by :cng.sys ( cng!SslDecrementProviderReferenceCount+3c5e )
BugCheck 3B, {c0000005, fffff8800116cc2e, fffff88005c11aa0, 0}
BugCheck Info: SYSTEM_SERVICE_EXCEPTION (3b)
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff8800116cc2e, Address of the instruction which caused the bugcheck
Arg3: fffff88005c11aa0, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
BUGCHECK_STR:  0x3B
DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT
PROCESS_NAME:  iexplore.exe
FAILURE_BUCKET_ID: X64_0x3B_cng!SslDecrementProviderReferenceCount+3c5e
  BIOS Version                  F12
  BIOS Release Date             08/25/2010
  Manufacturer                  Gigabyte Technology Co., Ltd.
  Product Name                  GA-MA78LMT-S2
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Thu Aug 25 23:32:36.841 2016 (UTC - 4:00)**************************
Loading Dump File [C:\Users\john\SysnativeBSODApps\082616-13291-01.dmp]
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Built by: 7601.18939.amd64fre.win7sp1_gdr.150722-0600
System Uptime:0 days 0:01:33.105
Probably caused by :memory_corruption ( nt!MiCheckForConflictingVadExistence+1d )
BugCheck 1E, {ffffffffc0000005, fffff800040da515, 0, ffffffffffffffff}
BugCheck Info: KMODE_EXCEPTION_NOT_HANDLED (1e)
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff800040da515, The address that the exception occurred at
Arg3: 0000000000000000, Parameter 0 of the exception
Arg4: ffffffffffffffff, Parameter 1 of the exception
BUGCHECK_STR:  0x1E_c0000005_R
PROCESS_NAME:  SearchFilterHo
FAILURE_BUCKET_ID: X64_0x1E_c0000005_R_nt!MiCheckForConflictingVadExistence+1d
  BIOS Version                  F12
  BIOS Release Date             08/25/2010
  Manufacturer                  Gigabyte Technology Co., Ltd.
  Product Name                  GA-MA78LMT-S2
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
The rest of the memory dump summaries are hidden in the Spoiler tag below.  Click on "Show" to reveal them.

Spoiler




3rd Party Drivers:

The following is for information purposes only. My recommendations were given above. The drivers that follow belong to software or devices that were not developed by Microsoft.  You can find links to the driver information and where to update the drivers in the section after the code box:

**************************Tue Aug 30 07:19:49.530 2016 (UTC - 4:00)**************************
atikmdag.sys                Tue Nov 24 22:44:50 2009 (4B0CA832)
amdxata.sys                 Fri Mar 19 12:18:18 2010 (4BA3A3CA)
Rt64win7.sys                Fri Dec 24 02:30:25 2010 (4D144C11)
AVGIDSEH.Sys                Tue Feb 22 00:23:04 2011 (4D634838)
avgmfx64.sys                Tue Mar  1 07:25:15 2011 (4D6CE5AB)
avgrkx64.sys                Wed Mar 16 10:06:34 2011 (4D80C3EA)
SASKUTIL64.SYS              Tue Jul 12 17:00:01 2011 (4E1CB5D1)
SASDIFSV64.SYS              Thu Jul 21 19:03:00 2011 (4E28B024)
avgtdia.sys                 Mon Nov  3 21:46:40 2014 (54583E10)
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Sun Aug 28 03:48:45.082 2016 (UTC - 4:00)**************************
RTKVHD64.sys                Fri Sep  3 04:02:27 2010 (4C80AB93)
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Fri Aug 19 01:22:00.439 2016 (UTC - 4:00)**************************
ewusbnet.sys                Mon Dec  7 06:35:29 2009 (4B1CE881)
ewusbmdm.sys                Mon Dec  7 06:53:24 2009 (4B1CECB4)


http://www.carrona.org/drivers/driver.php?id=atikmdag.sys
http://www.carrona.org/drivers/driver.php?id=amdxata.sys
http://www.carrona.org/drivers/driver.php?id=Rt64win7.sys
http://www.carrona.org/drivers/driver.php?id=AVGIDSEH.Sys
http://www.carrona.org/drivers/driver.php?id=avgmfx64.sys
http://www.carrona.org/drivers/driver.php?id=avgrkx64.sys
http://www.carrona.org/drivers/driver.php?id=SASKUTIL64.SYS
http://www.carrona.org/drivers/driver.php?id=SASDIFSV64.SYS
http://www.carrona.org/drivers/driver.php?id=avgtdia.sys
http://www.carrona.org/drivers/driver.php?id=RTKVHD64.sys
http://www.carrona.org/drivers/driver.php?id=ewusbnet.sys
http://www.carrona.org/drivers/driver.php?id=ewusbmdm.sys


 

Edited by usasma, 30 August 2016 - 11:30 AM.

My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#7 malfun9

malfun9
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:10 PM

Posted 02 September 2016 - 10:07 AM

Hi thank you for your help

I ran verifier ticked all drivers except Microsoft

Ticked finish it said restart I clicked ok nothing happened

I restarted it went to windows as normal

 

I use to have avg antivirus but it went wrong & would not run so I used their unistall tool but that would not work either

Avg tried to help me uninstall & re install but nothing would work

so I deleted them all manually some system files were left In windows system32/drivers how do I delete them or can I rename them so they are not detected

 

I have tried windows updates rolled back drivers

Done chkdsk /f & sfc /scannow also diagnostic memory test all were ok

I also ran who crashed utility

 

See zip files

Attached Files



#8 malfun9

malfun9
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:10 PM

Posted 04 September 2016 - 08:03 AM

Sorry this is a sysinfo I should have sent

 

I have also done a virus scan manually & online I don’t have a virus or malware

 

Attached Files



#9 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:03:10 AM

Posted 06 September 2016 - 05:59 AM

The systeminfo.txt report doesn't have the information that I normally use.

Either the report had problems being generated, or the report was modified after it was generated.

 

 

I would suggest this procedure to remove the AVG drivers (only if you are still having BSOD's):

 

1)   Create a Restore Point using System Restore
2)   Create a Repair disc (Recovery Drive in Win8.1/10):
Win 7 - Go to Start...All Programs...Maintenance...Create a System Repair Disc
Win 8 - Press "WIN" and "R" to open the Run dialog...type "RECDISC" (without the quotes) and press ENTER
Win 8.1 - Go to the Start Screen and type in "recoverydrive" (one word, without the quotes).  That will start the recovery drive process.  You will need a USB drive of at least 512 mB - and all data will be erased off of it.  If copying the recovery partition the drive size will be much, much larger (16 - 32 gB drive required).
Win 10 - Go to Start (press the "Win" key) and type in "recoverydrive" (one word, without the quotes).  That will start the recovery drive process.  You will need a USB drive of at least 512 mB - and all data will be erased off of it.  If copying the recovery partition the drive size will be much, much larger (16 - 32 gB drive required).
3)   Test the System Repair disc/Recovery Drive to make sure that you can get to the System Restore entry when you boot from the disk/drive (you may also want to try actually using System Restore to make sure that it works)
4)   Download this free program (http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx) and use it to disable any instances of AVG drivers that are starting (or any other AVG entries) (DO NOT DELETE - only disable by removing the checkmark in the left hand column)
5)   Check in Device Manager (to include showing hidden devices from the View menu item) and ensure that any instances of AVG drivers (or any other AVG entries) are "Uninstalled" (DO NOT DISABLE THESE).
6)   Check in the Services applet (services.msc) to be sure any instances of AVG drivers or any other AVG entries are disabled.
7)   EXPERIMENTAL STEP (only try if you're certain of your abilities - I have not tried this step myself).  Search the registry (use regedit.exe) to locate any entries that have the AVG driver name or the AVG program name.  Delete these keys (it's advisable to back them up first - but you've also backed up the entire registry when creating a System Restore point in step 1.  Alternatively, you can set the values in these keys to DISABLED (but the "how" of this is beyond the scope of this guide).
8)   Go to C:\Windows\System32\drivers and rename the AVG drivers to xxxxxx.BAD (search the hard drive for it if it's not in C:\Windows\System32\drivers).
9)   Test to be sure that the device is working OK and that any BSOD's/errors have stopped.


In the event that the system doesn't boot:

1)   Boot from the System Repair disc/Recovery Drive and use the Command Prompt option to rename xxxxxx.BAD to xxxxxx.sys
2)   Boot from the System Repair disc/Recovery Drive and use the System Restore option to restore the system to a point before the changes were made.

Good luck!

In particular, keep an eye out for these drivers (from the memory dumps):
 

AVGIDSEH.Sys                Tue Feb 22 00:23:04 2011 (4D634838)
avgmfx64.sys                Tue Mar  1 07:25:15 2011 (4D6CE5AB)
avgrkx64.sys                Wed Mar 16 10:06:34 2011 (4D80C3EA)
avgtdia.sys                 Mon Nov  3 21:46:40 2014 (54583E10)

 


My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users