Windows 8.1: BSOD ntoskrnl.exe

Toggle sidebar Toggle sidebar
D

dan2k3k4

Honorable
Jan 4, 2014
11
0
10,510
We've been getting random BSOD's on a remote machine. The problem is that I have to debug this via TeamViewer and the machine seems to have gone done again... so I'll need to get someone to restart later today, so it's a little difficult to fix/find the problem.

The problem seems to be related to: ntoskrnl.exe - however searching online seems to result in various different causes.

Here is what I got from a Bluescreen of Death viewer program:

==================================================
Dump File : 022615-16750-01.dmp
Crash Time : 25.02.2015 04:00:04
Bug Check String : PFN_LIST_CORRUPT
Bug Check Code : 0x0000004e
Parameter 1 : 00000000`00000099
Parameter 2 : 00000000`00010801
Parameter 3 : 00000000`00000002
Parameter 4 : 0e000040`0004eb72
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+153fa0
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.3.9600.17031 (winblue_gdr.140221-1952)
Processor : x64
Crash Address : ntoskrnl.exe+153fa0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\022615-16750-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 9600
Dump File Size : 279 792
Dump File Time : 26.02.2015 08:50:47
==================================================

==================================================
Dump File : 020615-15031-01.dmp
Crash Time : 05.02.2015 01:34:40
Bug Check String :
Bug Check Code : 0x00000133
Parameter 1 : 00000000`00000001
Parameter 2 : 00000000`00001e00
Parameter 3 : 00000000`00000000
Parameter 4 : 00000000`00000000
Caused By Driver : atikmdag.sys
Caused By Address : atikmdag.sys+b22ef
File Description : ATI Radeon Kernel Mode Driver
Product Name : ATI Radeon Family
Company : Advanced Micro Devices, Inc.
File Version : 8.01.01.1248
Processor : x64
Crash Address : ntoskrnl.exe+153fa0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\020615-15031-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 9600
Dump File Size : 279 792
Dump File Time : 06.02.2015 13:17:14
==================================================

==================================================
Dump File : 020215-16593-01.dmp
Crash Time : 22.01.2015 04:00:06
Bug Check String :
Bug Check Code : 0x00000139
Parameter 1 : 00000000`00000003
Parameter 2 : ffffd001`89536920
Parameter 3 : ffffd001`89536878
Parameter 4 : 00000000`00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+153fa0
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.3.9600.17031 (winblue_gdr.140221-1952)
Processor : x64
Crash Address : ntoskrnl.exe+153fa0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\020215-16593-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 9600
Dump File Size : 279 792
Dump File Time : 02.02.2015 10:15:47
==================================================

==================================================
Dump File : 011915-39390-01.dmp
Crash Time : 19.01.2015 13:19:14
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x00000050
Parameter 1 : ffffd000`9e646908
Parameter 2 : 00000000`00000000
Parameter 3 : fffff802`b7fd5252
Parameter 4 : 00000000`00000002
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+153fa0
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.3.9600.17031 (winblue_gdr.140221-1952)
Processor : x64
Crash Address : ntoskrnl.exe+153fa0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\011915-39390-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 9600
Dump File Size : 279 736
Dump File Time : 19.01.2015 13:22:47
==================================================



 
Sort by date Sort by votes
...and if I'm unable to do a clean OS reinstall as it's in a remote location ?


p.s. I'll edit original post once I get access to the PC again on TeamViewer with the full Minidump file
 
Upvote 0 Downvote


You cannot do it remotely :sarcastic:
 
Upvote 0 Downvote
it is a windows 8.1 machine, remote into it and run cmd.exe as an admin
then run
dism.exe /online /cleanup-image /restorehealth

this would fix any corruption. (not that it is likely in this case)

----------
your bugchecks indicate a GPU driver not responding and two memory corruption issues.

remotely all you can do is update the gpu driver and install thermal monitors. Maybe look at the memory dump and see if there are any drivers known to corrupt memory and remove them. Otherwise, I would get someone to check out the machine, blow out dust, make sure the fans are working, reset the BIOS, maybe run a memtest86 run. I guess you could also remotely increase the GPU fan speeds if it is a overheating problem in the GPU.
 
Upvote 0 Downvote
I was able to get someone to do a complete re-install however it still crashed...

Unsure how I can attach .dmp file so used http://www.osronline.com/dump/DA2.cfm

Which gives (although unsure if this is correct as there is no e:/ and no programs check for e:/) :


Crash Dump Analysis provided by OSR Open Systems Resources, Inc. (http://www.osr.com)
Online Crash Dump Analysis Service
See http://www.osronline.com for more information
Windows 8 Kernel Version 9600 MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 9600.17630.amd64fre.winblue_r7.150109-2022
Machine Name:
Kernel base = 0xfffff803`2a60c000 PsLoadedModuleList = 0xfffff803`2a8e5250
Debug session time: Thu Mar 5 03:35:52.204 2015 (UTC - 5:00)
System Uptime: 0 days 1:21:24.996
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff960001f5364, Address of the instruction which caused the bugcheck
Arg3: ffffd001f0b9a020, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.

Debugging Details:
------------------

TRIAGER: Could not open triage file : e:\dump_analysis\program\triage\modclass.ini, error 2

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

FAULTING_IP:
win32k!HMUnlockObject+4
fffff960`001f5364 ff4908 dec dword ptr [rcx+8]

CONTEXT: ffffd001f0b9a020 -- (.cxr 0xffffd001f0b9a020)
rax=0000000000000060 rbx=fffff9014124c200 rcx=0000000000000060
rdx=fffff90141200830 rsi=fffff90140121a00 rdi=fffff9014124c258
rip=fffff960001f5364 rsp=ffffd001f0b9aa50 rbp=0000000000000002
r8=0000000000000000 r9=0000000000000000 r10=0000000046010000
r11=ffffd001f0b9a9e0 r12=0000000000000000 r13=0000000000000001
r14=fffff90144e228b0 r15=00007ffa8cbc2560
iopl=0 nv up ei ng nz na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010286
win32k!HMUnlockObject+0x4:
fffff960`001f5364 ff4908 dec dword ptr [rcx+8] ds:002b:00000000`00000068=????????
Resetting default scope

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT

BUGCHECK_STR: 0x3B

PROCESS_NAME: explorer.exe

CURRENT_IRQL: 0

LAST_CONTROL_TRANSFER: from fffff960001f91af to fffff960001f5364

STACK_TEXT:
ffffd001`f0b9aa50 fffff960`001f91af : fffff901`4124c200 00000000`00000002 00000000`00000012 00000000`00000000 : win32k!HMUnlockObject+0x4
ffffd001`f0b9aa80 fffff960`001e3488 : fffff901`4124c200 ffffd001`f0b9aba9 00000000`00000000 ffffd001`00000000 : win32k!xxxFreeWindow+0xae7
ffffd001`f0b9ab50 fffff960`001eff46 : 00007ffa`00000000 00000000`000202a2 ffffd001`00000000 00000000`00000000 : win32k!xxxDestroyWindow+0x328
ffffd001`f0b9ac10 fffff803`2a7681b3 : ffffe000`b565f080 ffffffff`9e0a0b3a 00000000`00000020 ffffe000`b565f080 : win32k!NtUserDestroyWindow+0x33
ffffd001`f0b9ac40 00007ffa`a09212ca : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`048bef78 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7ffa`a09212ca


FOLLOWUP_IP:
win32k!HMUnlockObject+4
fffff960`001f5364 ff4908 dec dword ptr [rcx+8]

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: win32k!HMUnlockObject+4

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: win32k

IMAGE_NAME: win32k.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 54b0e120

STACK_COMMAND: .cxr 0xffffd001f0b9a020 ; kb

FAILURE_BUCKET_ID: X64_0x3B_win32k!HMUnlockObject+4

BUCKET_ID: X64_0x3B_win32k!HMUnlockObject+4

Followup: MachineOwner
---------


 
Upvote 0 Downvote
- run cmd.exe as an admin, then
sfc.exe /scannow
check the log and see if there is any corruption it can not fix.

you have a driver that is old:
\SystemRoot\syswow64\DRIVERS\SiteKey.sys Tue Mar 16 04:52:09 2010
I would remove this. It shows up as a hp driver.

-is this a hacked version of windows? (key server hack?)

I am not sure what kind of machine you have. is this a custom BIOS?
machine info:
BIOS Version 6.00 PG
BIOS Release Date 04/03/2012
Manufacturer Phoenix Technologies
Product RS780E-SB710
Version 12345678
Manufacturer Phoenix Technologies
Chassis Type Desktop
Version RS780+SB700
Socket Designation Socket AM2
Processor Type Central Processor
Processor Family 0ch - Pentium Pro Processor
Processor Manufacturer AMD
Processor ID 630f1000fffb8b17
Processor Version AMD Athlon(tm) XLT V66C Processor
Processor Voltage 8dh - 1.3V
External Clock 200MHz
Max Speed 2800MHz
Current Speed 2800MHz







quotemsg=15422260,0,1539555]Minidump file:
http://www.filedropper.com/030515-18468-01[/quotemsg]

 
Upvote 0 Downvote
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom