bsod FROM NTOSKRNL.EXE

Page 2 - Seeking answers? Join the Tom's Hardware community: where nearly two million members share solutions and discuss the latest tech.
Toggle sidebar Toggle sidebar
C

CHRISTHEGREEK

Reputable
Jun 24, 2014
28
0
4,530
hi i am getting again and again bsod caused by ntoskrnl.exe .No hardware problems all drivers updated but it keeps. im using lenovo g505 and windows 8. HELP ME PLEASE I DONT WANT TO SPEND MONEY FIXING IT!
 
Solution
J
update: here is info on the malware on your machine
http://www.herdprotect.com/2635ac50-5488-40bf-9bfd-accb158f8f3fw64.sys-996e8d90f9a8bcfba34c4f5be6bb0af22d27bb73.aspx

It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages. It is part of the Yontoo branded browser-extension.


--------------------------
it looks like you have a driver that is messing around with other drivers
the driver is _2635ac50_5488_40bf_9bfd_accb158f8f3f_w64.sys
I would expect that it is a virus/malware and you will want to remove it and see if your issue is resolved.

the file is loaded from here...
Sort by date Sort by votes
J

johnbl

Polypheme
Nov 4, 2012
10,072
185
67,090
if you reinstall you just have to run through the entire process again. windows 7 did not support a lot of the low power state link function so if your problem was with a sleep state of a device then windows 7 will not put the device into low power mode. You can get the same effect in windows 8.x by making a change in control panel's power management.

as for the blue tooth drivers you could just go to the device in device manager and disable it and reboot. that way if you still get the problem you can just reenable the device and you know it was not the cause.

some people will just reinstall the OS and do the updates because it is just faster than trying to figure out the actual problem. Especially if the problem is a virus or rootkit that is trying to avoid detection.



 
Upvote 0 Downvote
J

johnbl

Polypheme
Nov 4, 2012
10,072
185
67,090
Your memory dumps were totally corrupted, even the one I got to work would only work for part of the memory dump.

That mean that either the dump was corrupted in memory or when it was written to disk or was corrupted as it was transferred to the cloud. That leaves a lot of things that can cause that problme

at this point a windows debugger will not help so you would just have to uninstall software, update drivers and hope you find the cause of the problem.

or you are correct, you can reinstall and get your system back to a clean state and configure everything again.
 
Upvote 0 Downvote
J

johnbl

Polypheme
Nov 4, 2012
10,072
185
67,090
your system was running 16 seconds
basically, the system was loading sections of the registry into memory, the memory manager was attempting to cache the data into memory but when it went to access the data it was corrupted so it called a bugcheck.

generally, this will be a hardware problem. (bad cache ram in CPU, incorrect timing settings to ram sticks in BIOS, incorrect voltage settings on motherboard, or just a pure hardware failure.)
you should boot on a cd and run memtest86 and confirm that your hardware is working ok.

-your images of the various windows components are ok in memory as checked by the debugger.
- you have one questionable driver that you would want to update if you can LhdX64,sys
(the file is from 2010)

- you need to confirm you have the latest BIOS for your motherboard, these will contain patches for various logic errors for your motherboard or version of CPU. mcupdate_AuthenticAMD.sys contains the software patches for the microcode of your CPU.

-your system looks pretty generic now with the exception of the old lhdx64.sys driver.

notes:
Identifier = REG_SZ AMD64 Family 22 Model 0 Stepping 1
ProcessorNameString = REG_SZ AMD E1-2100 APU with Radeon(TM) HD Graphics
Note: if your system passes memtest86 test run, then I would focus on finding a update for LhdX64.sys

- also, each crash dump you have provided seems to have corruption if different locations. this could be a indication that your network driver is corrupting the files. (just a thought, more likely a bug in the storage driver lhdx64.sys that is out of date)




 
Upvote 0 Downvote
J

johnbl

Polypheme
Nov 4, 2012
10,072
185
67,090
note: it looks like the file was just a rename of file APSx64.sys
(part of the IBM Thinkpad Active Protection System).

The driver is from lenovo, it is a custom driver I don't know anything about it. Best to go to lenovo support to get a update. http://support.lenovo.com/en_US/downloads/detail.page?LegacyDocID=DRVR-MATRIX

depending on what the driver actually does, you may be able to remove it. I was unable to find useful info or a updated driver.



 
Upvote 0 Downvote
J

johnbl

Polypheme
Nov 4, 2012
10,072
185
67,090
Well, if you can. You might try and swap the slots of your memory cards in the off chance that the problem is on one of the SIMMS and was not detected by memtest86. Then rerun the test and post the results.
setting debugging flags in windows will not help because the resulting crash dump is corrupted when I look at it.

you might try to determine if the corruption occurs is during the copy process or at the time of the file creation.
you would do this by doing a binary compare of the memory dump file on the cloud to the original one on the disk.

start cmd.exe as a admin (win key+x then type A)
use the file compare utility
fc.exe /B file1 file2

just rename the copy on the cloud and copy it back to your local system and compare the two files using the /B switch. if they are the same then you know that the network drivers are not corrupting the memory dump as it is being transfered off your machine and onto the cloud. if they are different then you have to find out why.



 
Upvote 0 Downvote
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom