Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BSOD cause probably by ntoskrnl.exe module


  • Please log in to reply
2 replies to this topic

#1 BrownRecluse

BrownRecluse

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:56 AM

Posted 16 December 2016 - 09:56 AM

I have a computer that keeps crashing and when I ran WhoCrashed, it shows me that it was probably caused by ntoskrnl.exe

Here is the information from the BSOD posting requirements.
 

Thank you for your help.

Attached Files


Edited by BrownRecluse, 16 December 2016 - 09:57 AM.


BC AdBot (Login to Remove)

 


#2 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:03:56 AM

Posted 20 December 2016 - 05:01 PM

My apologies for the delay in responding, lot's of personal stuff going on - and now I have a cast on my left arm :(

 

ntoskrnl.exe (also seen as ntkrnlpa.exe, ntkrnlmp.exe, or ntkrpamp.exe) is the kernel (core) of the Windows operating system.  It is protected by security features and the Windows System File Checker.  As such, if ntoskrnl.exe was to blame, you'd be experiencing many more problems other than the occasional BSOD.

In most cases ntoskrnl.exe was blamed because a driver (typically a 3rd party driver) has corrupted the memory space that ntoskrnl.exe considers as it's own.  When this happens, ntoskrnl.exe typically finds unknown data (from the 3rd party driver) in it's memory space.  At this point the OS panics and throws a BSOD to prevent damage to the system.

If the culprit (the offending 3rd party driver) hasn't exited yet, then a BSOD analyst may be able to find traces of it in the reports/dumps.  If the culprit has exited, then the chase is on and further tests/reports will be needed to help identify what actually caused it.

More info here:  https://en.wikipedia.org/wiki/Ntoskrnl.exe

Although you appear to have a reasonable number of Windows Update hotfixes for this version of your OS, please double check for any new Windows Updates.  It only takes one update to cause a problem, so it's essential that you have all of them.  The actual number is not important.  Rather it's important that you checked manually, installed any available updates, and didn't experience any errors when checking or updating.

I have a hunch that this might be a hardware problem, please perform ALL of the free diagnostics here:  http://www.carrona.org/hwdiag.html - and let us know the results.

Be sure to run MemTest and Prime95 first, but run ALL of the diagnostics as any of them can reveal problems with the memory.

 

Please uninstall LogMeIn as it's driver dates from 2007.

 

Beyond that, if the diagnostics all pass, then please run Driver Verifier according to these instructions:  http://www.carrona.org/verifier.html

 


Analysis:
The following is for information purposes only. The following information contains the relevant information from the blue screen analysis:
**************************Wed Dec 14 16:19:53.405 2016 (UTC - 5:00)**************************
Loading Dump File [C:\Users\john\SysnativeBSODApps\121416-18189-01.dmp]
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Built by: 7601.23572.amd64fre.win7sp1_ldr.161011-0600
System Uptime:0 days 0:00:21.342
*** WARNING: Unable to verify timestamp for win32k.sys
*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
Probably caused by :memory_corruption
BugCheck 50, {ffffffffffffff8c, 0, fffff8000333cbb0, 0}
BugCheck Info: PAGE_FAULT_IN_NONPAGED_AREA (50)
Arguments:
Arg1: ffffffffffffff8c, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff8000333cbb0, If non-zero, the instruction address which referenced the bad memory
    address.
Arg4: 0000000000000000, (reserved)
BUGCHECK_STR:  0x50
DEFAULT_BUCKET_ID:  CODE_CORRUPTION
PROCESS_NAME:  svchost.exe
FAILURE_BUCKET_ID: X64_MEMORY_CORRUPTION_ONE_BIT
CPUID:        "Intel® Core™ i3-3240 CPU @ 3.40GHz"
MaxSpeed:     3400
CurrentSpeed: 3392
  BIOS Version                  F14 GA
  BIOS Release Date             07/24/2013
  Manufacturer                  Equus Computer Systems
  Baseboard Manufacturer        Gigabyte Technology Co., Ltd.
  Product Name                  Nobilis
  Baseboard Product             B75M-D3H
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Wed Dec 14 14:09:12.701 2016 (UTC - 5:00)**************************
Loading Dump File [C:\Users\john\SysnativeBSODApps\121416-17284-01.dmp]
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Built by: 7601.23572.amd64fre.win7sp1_ldr.161011-0600
System Uptime:0 days 2:24:00.012
*** WARNING: Unable to verify timestamp for win32k.sys
*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
Probably caused by :memory_corruption
BugCheck 109, {a3a039d89ebe06da, b3b7465ef13ad630, fffff8000313c8ad, 1}
BugCheck Info: CRITICAL_STRUCTURE_CORRUPTION (109)
Arguments:
Arg1: a3a039d89ebe06da, Reserved
Arg2: b3b7465ef13ad630, Reserved
Arg3: fffff8000313c8ad, Failure type dependent information
Arg4: 0000000000000001, Type of corrupted region, can be
    0   : A generic data region
    1   : Modification of a function or .pdata
    2   : A processor IDT
    3   : A processor GDT
    4   : Type 1 process list corruption
    5   : Type 2 process list corruption
    6   : Debug routine modification
    7   : Critical MSR modification
    8   : Object type
    9   : A processor IVT
    a   : Modification of a system service function
    b   : A generic session data region
    c   : Modification of a session function or .pdata
    d   : Modification of an import table
    e   : Modification of a session import table
    f   : Ps Win32 callout modification
    10  : Debug switch routine modification
    11  : IRP allocator modification
    12  : Driver call dispatcher modification
    13  : IRP completion dispatcher modification
    14  : IRP deallocator modification
    15  : A processor control register
    16  : Critical floating point control register modification
    17  : Local APIC modification
    18  : Kernel notification callout modification
    19  : Loaded module list modification
    1a  : Type 3 process list corruption
    1b  : Type 4 process list corruption
    1c  : Driver object corruption
    1d  : Executive callback object modification
    1e  : Modification of module padding
    1f  : Modification of a protected process
    20  : A generic data region
    21  : A page hash mismatch
    22  : A session page hash mismatch
    23  : Load config directory modification
    24  : Inverted function table modification
    25  : Session configuration modification
    26  : An extended processor control register
    27  : Type 1 pool corruption
    28  : Type 2 pool corruption
    29  : Type 3 pool corruption
    101 : General pool corruption
    102 : Modification of win32k.sys
BUGCHECK_STR:  0x109
DEFAULT_BUCKET_ID:  CODE_CORRUPTION
PROCESS_NAME:  System
FAILURE_BUCKET_ID: X64_MEMORY_CORRUPTION_ONE_BIT
CPUID:        "Intel® Core™ i3-3240 CPU @ 3.40GHz"
MaxSpeed:     3400
CurrentSpeed: 3392
  BIOS Version                  F14 GA
  BIOS Release Date             07/24/2013
  Manufacturer                  Equus Computer Systems
  Baseboard Manufacturer        Gigabyte Technology Co., Ltd.
  Product Name                  Nobilis
  Baseboard Product             B75M-D3H
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Wed Dec 14 11:43:56.920 2016 (UTC - 5:00)**************************
Loading Dump File [C:\Users\john\SysnativeBSODApps\121416-20467-01.dmp]
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Built by: 7601.23572.amd64fre.win7sp1_ldr.161011-0600
System Uptime:0 days 7:44:06.857
*** WARNING: Unable to verify timestamp for win32k.sys
*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
Probably caused by :memory_corruption
BugCheck 109, {a3a039d89f9156a7, b3b7465ef20e25fd, fffff8000313c7ce, 1}
BugCheck Info: CRITICAL_STRUCTURE_CORRUPTION (109)
Arguments:
Arg1: a3a039d89f9156a7, Reserved
Arg2: b3b7465ef20e25fd, Reserved
Arg3: fffff8000313c7ce, Failure type dependent information
Arg4: 0000000000000001, Type of corrupted region, can be
    0   : A generic data region
    1   : Modification of a function or .pdata
    2   : A processor IDT
    3   : A processor GDT
    4   : Type 1 process list corruption
    5   : Type 2 process list corruption
    6   : Debug routine modification
    7   : Critical MSR modification
    8   : Object type
    9   : A processor IVT
    a   : Modification of a system service function
    b   : A generic session data region
    c   : Modification of a session function or .pdata
    d   : Modification of an import table
    e   : Modification of a session import table
    f   : Ps Win32 callout modification
    10  : Debug switch routine modification
    11  : IRP allocator modification
    12  : Driver call dispatcher modification
    13  : IRP completion dispatcher modification
    14  : IRP deallocator modification
    15  : A processor control register
    16  : Critical floating point control register modification
    17  : Local APIC modification
    18  : Kernel notification callout modification
    19  : Loaded module list modification
    1a  : Type 3 process list corruption
    1b  : Type 4 process list corruption
    1c  : Driver object corruption
    1d  : Executive callback object modification
    1e  : Modification of module padding
    1f  : Modification of a protected process
    20  : A generic data region
    21  : A page hash mismatch
    22  : A session page hash mismatch
    23  : Load config directory modification
    24  : Inverted function table modification
    25  : Session configuration modification
    26  : An extended processor control register
    27  : Type 1 pool corruption
    28  : Type 2 pool corruption
    29  : Type 3 pool corruption
    101 : General pool corruption
    102 : Modification of win32k.sys
BUGCHECK_STR:  0x109
DEFAULT_BUCKET_ID:  CODE_CORRUPTION
PROCESS_NAME:  System
FAILURE_BUCKET_ID: X64_MEMORY_CORRUPTION_ONE_BIT
CPUID:        "Intel® Core™ i3-3240 CPU @ 3.40GHz"
MaxSpeed:     3400
CurrentSpeed: 3392
  BIOS Version                  F14 GA
  BIOS Release Date             07/24/2013
  Manufacturer                  Equus Computer Systems
  Baseboard Manufacturer        Gigabyte Technology Co., Ltd.
  Product Name                  Nobilis
  Baseboard Product             B75M-D3H
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
The rest of the memory dump summaries are hidden in the Spoiler tag below.  Click on "Show" to reveal them.

Spoiler


3rd Party Drivers:
The following is for information purposes only. My recommendations were given above. The drivers that follow belong to software or devices that were not developed by Microsoft.  You can find links to the driver information and where to update the drivers in the section after the code box:

**************************Wed Dec 14 16:19:53.405 2016 (UTC - 5:00)**************************
lmimirr.sys                 Tue Apr 10 18:32:45 2007 (461C108D)
intelppm.sys                Mon Jul 13 19:19:25 2009 (4A5BC0FD)
amdxata.sys                 Fri Mar 19 12:18:18 2010 (4BA3A3CA)
radpms.sys                  Mon May 17 10:41:11 2010 (4BF15587)
Rt64win7.sys                Tue Sep 27 10:50:33 2011 (4E81E2B9)
iaStor.sys                  Wed Feb  1 19:15:24 2012 (4F29D59C)
iusb3hub.sys                Mon May 21 03:21:36 2012 (4FB9ED00)
iusb3xhc.sys                Mon May 21 03:21:40 2012 (4FB9ED04)
iusb3hcs.sys                Mon May 21 03:23:42 2012 (4FB9ED7E)
RTKVHD64.sys                Tue May 22 06:19:20 2012 (4FBB6828)
HECIx64.sys                 Mon Jul  2 18:14:58 2012 (4FF21D62)
Ingenico_enum.sys           Thu Feb 14 08:38:01 2013 (511CE8B9)
sprecorder.sys              Mon Jul  1 16:49:58 2013 (51D1EB76)
point64.sys                 Thu Dec 12 08:16:17 2013 (52A9B721)
IntcDAud.sys                Tue Sep  9 08:13:01 2014 (540EEECD)
dc3d.sys                    Wed Jul 22 14:21:39 2015 (55AFDF33)
em015_64.dat                Thu Aug  6 05:05:59 2015 (55C32377)
igdkmd64.sys                Mon Aug 17 11:34:01 2015 (55D1FEE9)
em006_64.dat                Fri Oct  7 08:39:14 2016 (57F79772)
eamonm.sys                  Mon Oct 17 08:22:19 2016 (5804C27B)
ehdrv.sys                   Mon Oct 17 08:23:22 2016 (5804C2BA)
em018_64.dat                Tue Dec  6 05:48:26 2016 (5846977A)
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Wed Dec 14 14:09:12.701 2016 (UTC - 5:00)**************************
LMIRfsDriver.sys            Mon Jul 14 12:26:56 2008 (487B7E50)
inpoutx64.sys               Fri Oct 17 19:01:16 2008 (48F9193C)
RaInfo.sys                  Fri Jan 11 07:19:28 2013 (50F00350)
epfwwfpr.sys                Mon Oct 17 08:24:18 2016 (5804C2F2)
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Mon Dec 12 14:59:15.296 2016 (UTC - 5:00)**************************
MBAMSwissArmy.sys           Wed Jul 29 00:26:01 2015 (55B855D9)
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Wed Dec  7 15:48:42.459 2016 (UTC - 5:00)**************************
em018_64.dat                Mon Nov 28 04:30:15 2016 (583BF927)
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Tue Nov 29 11:28:53.477 2016 (UTC - 5:00)**************************
em018_64.dat                Mon Nov 14 04:31:56 2016 (5829848C)


http://www.carrona.org/drivers/driver.php?id=lmimirr.sys
http://www.carrona.org/drivers/driver.php?id=intelppm.sys
http://www.carrona.org/drivers/driver.php?id=amdxata.sys
http://www.carrona.org/drivers/driver.php?id=radpms.sys
http://www.carrona.org/drivers/driver.php?id=Rt64win7.sys
http://www.carrona.org/drivers/driver.php?id=iaStor.sys
http://www.carrona.org/drivers/driver.php?id=iusb3hub.sys
http://www.carrona.org/drivers/driver.php?id=iusb3xhc.sys
http://www.carrona.org/drivers/driver.php?id=iusb3hcs.sys
http://www.carrona.org/drivers/driver.php?id=RTKVHD64.sys
http://www.carrona.org/drivers/driver.php?id=HECIx64.sys
Ingenico_enum.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
sprecorder.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
http://www.carrona.org/drivers/driver.php?id=point64.sys
http://www.carrona.org/drivers/driver.php?id=IntcDAud.sys
http://www.carrona.org/drivers/driver.php?id=dc3d.sys
http://www.carrona.org/drivers/driver.php?id=em015_64.dat
http://www.carrona.org/drivers/driver.php?id=igdkmd64.sys
http://www.carrona.org/drivers/driver.php?id=em006_64.dat
http://www.carrona.org/drivers/driver.php?id=eamonm.sys
http://www.carrona.org/drivers/driver.php?id=ehdrv.sys
http://www.carrona.org/drivers/driver.php?id=em018_64.dat
http://www.carrona.org/drivers/driver.php?id=LMIRfsDriver.sys
http://www.carrona.org/drivers/driver.php?id=inpoutx64.sys
http://www.carrona.org/drivers/driver.php?id=RaInfo.sys
http://www.carrona.org/drivers/driver.php?id=epfwwfpr.sys
http://www.carrona.org/drivers/driver.php?id=MBAMSwissArmy.sys
http://www.carrona.org/drivers/driver.php?id=em018_64.dat
http://www.carrona.org/drivers/driver.php?id=em018_64.dat


 
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#3 BrownRecluse

BrownRecluse
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:56 AM

Posted 22 December 2016 - 10:29 AM

Thank you so much for your help.
We decided to try a new memory stick and that actually seems to have fixed the issue. We haven't had a freeze up in a few days now.  I'm not sure if thats a temporary fix or not, but it seems to be working for now.
 

We have another computer that I could use this solution on though, so I really appreciate your help.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users