Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News: New Technique Recycles Exploit Chain to Keep Antivirus Silent

Featured Deal: Get The Pay What You Want: AWS Cloud Development Bundle Deal

ntoskrnl.exe frequent BSODs, help please!

Started by leroflwaffle , Jan 10 2017 09:43 AM

Please log in to reply

1 reply to this topic

#1 leroflwaffle

Members
1 posts
OFFLINE

Local time:07:00 PM

Posted 10 January 2017 - 09:43 AM

Been fighting this for over a week.

Bluescreen view shows that ntoskrnl.exe is causing a blue screen. The address in stack is ntoskrnl.exe+6f9a9. I googled that and got little info. It just randomly blue screens multiple times a day.

· OS - Windows 7
· x86 (32-bit) or x64 ?x64
· What was original installed OS on system? Windows 7
· Is the OS an OEM version (came pre-installed on system) or full retail version (YOU purchased it from retailer)? Full Retail
· Age of system (hardware) 1-2 years
· Age of OS installation - have you re-installed the OS? Less then a week

· CPU - Core i5
· Video Card Intel HD 4600
· MotherBoard - (if NOT a laptop) Laptop
· Power Supply - brand & wattage (skip if laptop) Laptop

· System Manufacturer - Lenovo
· Exact model number (if laptop, check label on bottom): W540

· Laptop or Desktop? Laptop.

Perfmon and sysnative file collection App info posted. If you have any other questions please ask, and thank you very much in advance.

Attached Files

perfmon.zip 152.24KB 2 downloads
SysnativeFileCollectionApp.zip 1.33MB 3 downloads

Back to top

BC AdBot (Login to Remove)

BleepingComputer.com
Register to remove ads

#2 usasma

Still visually handicapped (avatar is memory developed by my Dad

BSOD Kernel Dump Expert
25,091 posts
OFFLINE

Gender:Male
Location:Southeastern CT, USA
Local time:11:00 PM

Posted 11 January 2017 - 08:35 AM

ntoskrnl.exe (also seen as ntkrnlpa.exe, ntkrnlmp.exe, or ntkrpamp.exe) is the kernel (core) of the Windows operating system. It is protected by security features and the Windows System File Checker. As such, if ntoskrnl.exe was to blame, you'd be experiencing many more problems other than the occasional BSOD.

In most cases ntoskrnl.exe was blamed because a driver (typically a 3rd party driver) has corrupted the memory space that ntoskrnl.exe considers as it's own. When this happens, ntoskrnl.exe typically finds unknown data (from the 3rd party driver) in it's memory space. At this point the OS panics and throws a BSOD to prevent damage to the system.

If the culprit (the offending 3rd party driver) hasn't exited yet, then a BSOD analyst may be able to find traces of it in the reports/dumps. If the culprit has exited, then the chase is on and further tests/reports will be needed to help identify what actually caused it.

More info here: https://en.wikipedia.org/wiki/Ntoskrnl.exe

Only 291 Windows Update hotfixes installed. Most systems with SP1 have 350-400 or more. Please visit Windows Update and get ALL available updates (it may take several trips to get them all).
The actual number is not important. Rather it's important that you checked manually, installed any available updates, and didn't experience any errors when checking or updating.

This device is disabled in Device Manager:

Cisco Systems VPN Adapter for 64-bit Windows ROOT\NET\0000 This device is disabled.

If it's not needed, please uninstall it.

If it is needed, please enable it and then update it's software to the latest compatible version. Then feel free to disable it AFTER updating it.

Please note that even though the device is disabled, the Cisco driver is present in the memory dump - implying that there was some sort of interaction with the driver even though it is disabled.

Also, the driver dates from 2008, so it may have issues that have since been fixed by updates.

Out of 25 memory dumps there were 10 different BSOD (aka STOP or BugCheck) error codes. The differing error codes are usually symptomatic of a lower level problem within the system. They are usually caused by one of these things (the list is not in any sort of order):
- borked (broken) hardware (several different procedures used to isolate the problem device)
- BIOS issues (check for updates at the motherboard manufacturer's website)
- overclocking/overheating - You'll know if you're overclocking or not. If uncertain we can suggest things to check.
- dirt/dust/hair/fur/crud inside the case. Blow out the case/vents with canned air (DO NOT use an air compressor or vacuum as they can cause damage to the system)
- missing Windows Updates
- compatibility issues (3rd party hardware/drivers), older systems, or even pirated systems
- low-level driver problems
- or even malware (scanned for when we ask for hardware diagnostics from http://www.carrona.org/initdiag.html or http://www.carrona.org/hwdiag.html ).

Please get a head start on the hardware diagnostics - they are located here: http://www.carrona.org/hwdiag.html
Please finish ALL of them and let us know the results
If they ALL pass, then try Driver Verifier according to these instructions: http://www.carrona.org/verifier.html

Analysis:
The following is for information purposes only. The following information contains the relevant information from the blue screen analysis:
**************************Tue Jan 10 08:54:04.305 2017 (UTC - 5:00)**************************
Loading Dump File [C:\Users\john\SysnativeBSODApps\011017-15459-01.dmp]
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Built by: 7601.23572.amd64fre.win7sp1_ldr.161011-0600
System Uptime:0 days 0:22:48.839
Probably caused by :ntkrnlmp.exe ( nt!KeSetEvent+327 )
BugCheck 3B, {c0000005, fffff80003092c99, fffff880091c4030, 0}
BugCheck Info: SYSTEM_SERVICE_EXCEPTION (3b)
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff80003092c99, Address of the instruction which caused the bugcheck
Arg3: fffff880091c4030, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
BUGCHECK_STR: 0x3B
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
PROCESS_NAME: svchost.exe
FAILURE_BUCKET_ID: X64_0x3B_nt!KeSetEvent+327
CPUID:        "Intel® Core™ i7-4800MQ CPU @ 2.70GHz"
MaxSpeed:     2700
CurrentSpeed: 2693
Manufacturer                  LENOVO
Product Name                  20BHS03X0D
BIOS Version                  GNET79WW (2.27 )
BIOS Release Date             03/16/2016
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Tue Jan 10 08:30:15.439 2017 (UTC - 5:00)**************************
Loading Dump File [C:\Users\john\SysnativeBSODApps\011017-16458-01.dmp]
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Built by: 7601.23572.amd64fre.win7sp1_ldr.161011-0600
System Uptime:0 days 0:40:29.874
Probably caused by :ntkrnlmp.exe ( nt!KiKernelCalloutExceptionHandler+e )
BugCheck 1E, {0, 0, 0, 0}
BugCheck Info: KMODE_EXCEPTION_NOT_HANDLED (1e)
Arguments:
Arg1: 0000000000000000, The exception code that was not handled
Arg2: 0000000000000000, The address that the exception occurred at
Arg3: 0000000000000000, Parameter 0 of the exception
Arg4: 0000000000000000, Parameter 1 of the exception
BUGCHECK_STR: 0x1E
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
PROCESS_NAME: System
FAILURE_BUCKET_ID: X64_0x1E_nt!KiKernelCalloutExceptionHandler+e
CPUID:        "Intel® Core™ i7-4800MQ CPU @ 2.70GHz"
MaxSpeed:     2700
CurrentSpeed: 2693
Manufacturer                  LENOVO
Product Name                  20BHS03X0D
BIOS Version                  GNET79WW (2.27 )
BIOS Release Date             03/16/2016
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Tue Jan 10 07:48:46.119 2017 (UTC - 5:00)**************************
Loading Dump File [C:\Users\john\SysnativeBSODApps\011017-16395-01.dmp]
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Built by: 7601.23572.amd64fre.win7sp1_ldr.161011-0600
System Uptime:0 days 0:16:24.015
*** WARNING: Unable to verify timestamp for Apsx64.sys
*** ERROR: Module load completed but symbols could not be loaded for Apsx64.sys
Probably caused by :Apsx64.sys ( Apsx64+2a64 )
BugCheck 1000007E, {ffffffffc0000005, fffff80003096dbb, fffff88003f083d8, fffff88003f07c30}
BugCheck Info: SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff80003096dbb, The address that the exception occurred at
Arg3: fffff88003f083d8, Exception Record Address
Arg4: fffff88003f07c30, Context Record Address
PROCESS_NAME: System
BUGCHECK_STR: 0x7E
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
FAILURE_BUCKET_ID: X64_0x7E_Apsx64+2a64
CPUID:        "Intel® Core™ i7-4800MQ CPU @ 2.70GHz"
MaxSpeed:     2700
CurrentSpeed: 2693
Manufacturer                  LENOVO
Product Name                  20BHS03X0D
BIOS Version                  GNET79WW (2.27 )
BIOS Release Date             03/16/2016
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
The rest of the memory dump summaries are hidden in the Spoiler tag below. Click on "Show" to reveal them.

Spoiler

3rd Party Drivers:
The following is for information purposes only. My recommendations were given above. The drivers that follow belong to software or devices that were not developed by Microsoft. You can find links to the driver information and where to update the drivers in the section after the code box:

**************************Tue Jan 10 08:54:04.305 2017 (UTC - 5:00)**************************
dne64x.sys                  Mon Nov 10 20:01:24 2008 (4918D964)
intelppm.sys                Mon Jul 13 19:19:25 2009 (4A5BC0FD)
amdxata.sys                 Fri Mar 19 12:18:18 2010 (4BA3A3CA)
AlcGener.sys                Thu Dec 16 07:35:22 2010 (4D0A078A)
CVPNDRVA.sys                Fri Mar  4 14:43:37 2011 (4D7140E9)
DzHDD64.sys                 Mon Oct 24 06:10:13 2011 (4EA53985)
GEARAspiWDM.sys             Thu May  3 15:56:17 2012 (4FA2E2E1)
HECIx64.sys                 Mon Dec 17 14:32:21 2012 (50CF7345)
SzCCID.sys                  Tue Jul  9 21:49:57 2013 (51DCBDC5)
iaStorA.sys                 Fri Nov 15 14:59:34 2013 (52867D26)
iaStorF.sys                 Fri Nov 15 14:59:36 2013 (52867D28)
O2FJ2w7x64.sys              Mon Mar 24 23:49:11 2014 (5330FCB7)
e1d62x64.sys                Thu Aug 13 05:05:40 2015 (55CC5DE4)
ApsHM64.sys                 Sun Sep 20 07:06:53 2015 (55FE934D)
Apsx64.sys                  Sun Sep 20 07:09:33 2015 (55FE93ED)
mbam.sys                    Tue Feb  9 13:39:09 2016 (56BA324D)
RTKVHD64.sys                Thu Feb 18 03:23:21 2016 (56C57F79)
igdkmd64.sys                Wed Mar 23 12:47:53 2016 (56F2C8B9)
Tppwr64v.sys                Thu Mar 31 00:16:47 2016 (56FCA4AF)
SynTP.sys                   Wed Jun 15 21:31:08 2016 (5762015C)
Smb_driver_Intel.sys        Wed Jun 15 21:31:41 2016 (5762017D)
iusb3hub.sys                Mon Jun 20 07:00:59 2016 (5767CCEB)
iusb3xhc.sys                Mon Jun 20 07:01:02 2016 (5767CCEE)
iusb3hcs.sys                Mon Jun 20 07:02:03 2016 (5767CD2B)
SPUVCbv64.sys               Tue Jun 21 21:06:46 2016 (5769E4A6)
mfehidk.sys                 Tue Jul 12 17:38:32 2016 (57856358)
mfeavfk.sys                 Tue Jul 12 17:39:28 2016 (57856390)
mfeaack.sys                 Tue Jul 12 17:43:31 2016 (57856483)
mfeplk.sys                  Tue Jul 12 17:43:35 2016 (57856487)
Netwsw02.sys                Sun Oct  9 12:17:26 2016 (57FA6D96)
ibmpmdrv.sys                Thu Oct 13 05:53:51 2016 (57FF59AF)
nvpciflt.sys                Tue Oct 18 11:06:55 2016 (58063A8F)
nvlddmkm.sys                Tue Oct 18 11:10:50 2016 (58063B7A)
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Wed Jan  4 18:09:11.863 2017 (UTC - 5:00)**************************
iusb3hcs.sys                Thu Aug  8 04:28:12 2013 (5203569C)

My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. ** If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.