BSODs caused by ntoskrnl.exe...

Hi

For a while now ive been getting random BSODs for seemingly no reason.

However, recently ALL my BSODs point to ntoskrnl.exe (+70710 and +70740), i cant figure out the cause (obviously ) and its driving me up the wall.

I thought it may be a memory issue, but after running memtest86+ (4.1) for approx 7 hours with no errors, so i think i can rule that out...

I recently installed a new graphics card (his 5850 icooler v) and the BSODs seem to have become more frequent.

The most recent BSOD was about 10 mins ago when playing crysis, everything seemed to be going fine, then bam - screen goes all garbled with a continuous sound loop - then BSOD.

Also i ran Driver Verifier and selected ntoskrnl.exe to be tested at startup - i rebooted and as soon as driver verifier loaded ntoskrnl.exe - instant BSOD and this happened for every subsequent reboot until i disabled DV in safemode.

Just wandering if you guys could take a look at the bluescreenview files which i have attached and give me some reason for the BSODs.

Thanks

 

sorry should have included the actual .dmp files - here there are...

 

imzo79, greetings.
I have had this issue before. There are a few things that can cause this. Starting with the most easiest.
1. Possible Keyboard issue. Try swapping out the keyboard and see if that fixes the problem. (9 times out of 10 it does not but it could be something as simple as a keyboard issue)
2. Could be a miscellaneous corruption. Where is you would boot into safe mode and boot to the last known configuration.
3. Could be a corrupted or missing (more than likely corrupted) ntoskrnl.exe file. If you have the Windows CD you will need to boot from it. If not, if you have Recovery Console in a partition you can boot from that should be F11 to boot to recovery partition could be different on your computer.
-Once you boot from the disk or recovery partition select "R" for repair.
-You will be asked what Windows installation you want to log into (in most cases it will be 1. C:\Windows)
-If you have an Administrator password put it in or just hit enter
-This will bring you to the C:\Windows prompt.
-type in cd system32 then hit enter
-You should now see C:\Windows\System32
-Depending on what drive your Windows Recovery partition or CD is you will use that. For the sake of discussion we will use the "D" drive
-Type in: expand d:\i386\ntoskrnl.ex_ then hit enter
-You will be prompted if you want to overwrite this file click "Y"
-Reboot into Windows and see if this helps. Hopefully if you went through steps 1 and 2 with no avail, this will fix the corrupted ntoskrnl.exe file.

Good luck and let us know if it worked.

 

A kernel system file such as ntoskrnl is very unlikely to be the cause of this.

Only the oldest dmp gives anything other than ntoskrnl and it shows 3 files, all graphics/DirectX related.

From your description, however, I'd first want to check is whether the PSU really is up to the task.

Are you running anything overclocked?

Have you tried booting with the BIOS set to optimised defaults and tested?

 

Hi ICHASE

Probably should have mentioned that im running windows 7 ultimate 64 bit, not windows xp (as you may have thought) as my disk doesnt seem to contain the file ntoskrnl.ex_/exe nor the directory i386, also i cant find the repair console. Not your fault.

 

Hi satrow

I think my PSU is upto the task, its a thermaltake toughpower 850W, the 5850 only requires a min of 500w.

No, i havnt overclocked anything other than cpu NB (2400mhz w/+.25v) and fsb (201mhz - normal = 200)

Other than the cpu NB and fsb the bios settings are all at normal (for my hardware anyway).

Nor have i overclocked my 5850.

Also dont think its a heat issue as i have monitored temps while gaming...

Any other suggestions are welcome.

 

Are the voltages normal in the BIOS and in Windows? Try running SpeedFan, it will monitor voltages, temperatures etc., just one dodgy component could be causing your BSOD's. (I have a mainboard that crashes because the 12V is flakey, it runs fine for weeks so long as I don't push it too hard, switching to known good PSU's has no effect).

You can get a Power Efficiency Diagnostics Report, Start > Run > "powercfg -energy" and hit enter. The resulting report should be saved as an html file in the root of C:. It may show up an anomaly.

 

I swear, I am never going to learn "NOT TO ASSUME ANYTHING" :-D I'm sorry I waisted your time with such a long unusable post. But maybe if someone out there has an XP machine and has a problem with the ntoskrnl.exe, they could use the advice.

Good luck in finding your solution.

 

Hi ichase

No...problem, i appreciate you trying to help

Even if you assumed incorrectly.


Thanks Again

 

Hi satrow

I checked the voltages using both CPUID Hardware Montor and Speedfan, all voltages on each program matched exactly but speen fan shows more voltages so these are the results in order as they appear on speedfan...

Vcore 1 -0.94 - 1.54/5v (think that must be CPU (cool&quiet would explain the rise+ fall)
Vcore 2 - 1.65/6v (RAM)
+3.3 - 3.33v
+5 - 5.05v
+12 - 12.22v

sorry accidently hit post...

-12 - -7.75v (although it varies... this is the lowest i saw it go)
-5 - -4.05v (again varies)
+5 - 3.63v (didnt see this change)
VBAT - 3.12v

Note: all voltages were taken with system at idle (other than monitoring and typing)

Temps where

CPU approx 37c idle
GPU approx 30-34c idle
HDD approx 27c

 

Just had another BSOD:mad

Again while playing Crysis, and interestingly almost in the exact same spot...:confused

Yet again the BSOD points to ntoskrnl.exe (+70710...again), see attatched zip.

 

Maybe reload the HIS or ATI drivers, just for s&g?

 

Let's see those errors....

Download BlueScreenView (in Zip file)
No installation required.
Unzip downloaded file and double click on BlueScreenView.exe file to run the program.
When scanning is done, go Edit>Select All.
Go File>Save Selected Items, and save the report as BSOD.txt.
Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.

 

Oh, OK....pretty new around here

How can I know, if any particular tool is available at MG site?
I have a lot of canned, so should I check every single link/tool?

 

That's what I do - doesn't take long, and it gives a kudos to the people who make this site possible.

 

Well, the problem is, I use my canned on number of other sites, so I'd have to have two sets of canned.

 

Well thats your problem, but you can also change your normal canned to point to mg downloads eh? No reason not to download from here as everything is tested and checked for issues before being posted for download. Problem solved

 

Or you can use google to search the Majorgeeks for a tool by adding "site:majorgeeks.com" ie ccleaner site:majorgeeks.com

 

I see. Got it.
Thanks for the explanation

 

Thank you

 

Hi

As requested here is what BlueScreenView say (btw i already had the program)...



Although id have thought that the actual .dmp files that i attached in previous post would contain more info.

 

Hi caliban

I have tried reseating the card a few times and also have uninstalled the drivers, ran driver sweeper, then reinstalled the drivers again, but still having BSODs....

 

Hi Halo

I built the PC myself a couple of months ago, so no OEM. Here are the specs...

CPU - AMD Phenom II 965BE @3.417Ghz
MB - Gigabyte GA-890GPA-UD3H, Bios version FD
RAM - G.Skill RipJaw F3-12800CL7D-4GBRM @ 1608 Mhz w/7-8-7-24-33-1T timings
GPU - HIS HD 5850 iCooler V @ Stock (725/1000)
PSU - ThermalTake ToughPower XT 850W Modular
HDD - Samsung F3 1TB
DVD - Samsung Super WriteMaster SH-s223L
CASE - Antec 300 w/ 5 fans
Windows 7 Ultimate 64bit (build 7600)

-------------------------------------------------------------------------------------

The crashes have happened when just browsing the net, but mostly they happen while gaming or performing strenuous tasks for extended periods (1 hour+).

I have scanned for viruses etc using BitDefender Total Security 2010, i am also running the lastest crysis patch 1.2

I am using the latest catalyst drivers from ATI, version 10.9. And have also disabled the onboard IGP incase there where any conflicts. I unistalled the IGP drivers first then ran Driver Sweeper to erase all ATI/Nvidia drivers, restarted and installed the 10.9 drivers.

I believe my PC to be more than competent to run Win 7, although i didnt verify it...

I checked Device Manager and yes there is one yellow mark - 'Teredo Tunneling Pseudo-Interface', with error code 10 (this device cannot start).

 

Teredo tunneling is a method of tunneling IPv6 traffic over an IPv4 network.
Since IPv6 is rarely used, I wouldn't worry about the error for now.

Download, and install SpeedFan: http://majorgeeks.com/SpeedFan_d337.html
Post your computer temperatures:

http://209.85.48.8/228/109/upload/p4377202.gif

Post two sets of results, one when computer idle and another one, when playing your game.


Judging fro type of your errors, some other possible causes could be:
- an infection
- hard drive issue

 

Hi broni

As requested - the temps... see attached jpg's.

On my first attempt trying to play Crysis i got another BSOD, exactly the same as the last... see attached zip for the dmp file.

 

Temperatures look fine...

I doubt, ntoskrnl.exe file corruption is really at fault, but let's take a look....

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64-bit users go HERE

• Double-click SystemLook.exe to run it.
• Vista users:: Right click on SystemLook.exe, click Run As Administrator
• Copy the content of the following box into the main textfield:
  
  Code:

  :filefind
  ntoskrnl.exe
  

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

 

Hi Broni

Downloaded SystemLook (it seems the link to the 64bit version that you posted doesnt work - '404 not found' so you may want to check that.)

See attached .txt file for the report.

 

Just had another BSOD - again playing cryisis.

This time ntoskrnl.exe is involved, but also an ATI driver... see attached zip for .dmp.

This is what bluescreenview said...

==================================================
Dump File : 092610-30981-01.dmp
Crash Time : 26/09/2010 10:56:49
Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000007e
Parameter 1 : ffffffff`c000001d
Parameter 2 : fffff800`03484391
Parameter 3 : fffff880`0756c3e8
Parameter 4 : fffff880`0756bc50
Caused By Driver : atikmdag.sys
Caused By Address : atikmdag.sys+3a5c10
File Description :
Product Name :
Company :
File Version :
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\092610-30981-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
==================================================

 

This needs to be narrowed down to take out as many variables as we can.

Disconnect and uninstall any non-vital peripherals and fully uninstall all non-vital programs.

Test until you get a new BSOD.

Then check ALL drivers listed in the bugcheck to ensure that they are the very latest available. Update then check to see if they've 'stuck'.

Test again and attach the next BSOD.

 

Yeah. You said earlier, that you put new video card in and the things got worse.
What was the actual reason for replacing video card?

Now, looking at SystemLook log...
I have no idea, if it has anything to do with your problem, but you have 32-bit version of ntoskrnl.exe file in both, 64--bit and 32-bit folders (C:\Windows\System32 and C:\Windows\SysWOW64).

MS made it little bit confusing, so just to explain...

The SysWOW64 folder is where the 32-bit files go (confusingly). WOW64 means Windows (32) On Windows 64, so anything WOW64, means x86 running on x64. The WOW64 folder is what a 32-bit application sees if it tries to access C:\WINDOWS\system32 on a 64-bit system.
Similarly here, on x64 systems, the C:\WINDOWS\system32 folder is for native x64 files (again, confusingly named).

 

Hi Broni... (Satro i'll get to you later)

The reason for installing the card was because, well... i didnt have one - and was using the IGP... which wasnt exactly the best thing for playing games with

Regarding ntoskrnl.exe... are you suggesting that i shouldnt have 2 32bit versions and instead have 1 32bit and 1 64bit? If so then i guess having 2 of the same version could conflict with each other?

 

Is the card, you installed, brand new one?

Keeping in mind, that it's not necessary causing your problems, but you should have 32-bit ntoskrnl.exe in 32-bit folder (SysWOW64) and 64-bit of ntoskrnl.exe in 64-bit folder (System32).
You have 32-bit version in both folders.

 

Hi Broni

Yes the card is brand new...

Are you absolutely sure that i should have 1 32bit and 1 64bit ntosknrl.exe (in thier respective folders)?

If so do you or does anyone else have the 64bit version of ntoskrnl.exe that i could use?

 

Yes. You can read more about it here: http://www.samlogic.net/articles/32-64-bit-windows-folder-x86-syswow64.htm

No need to ask anyone for that file.
Since Vista, most backup files are located on your hard drive.

If you take a look at SystemLook log, you'll see them:

First three files (in bold) are 64-bit ntoskrnl.exe versions (the 3rd one is the newest one).

 

Just an update...

I checked both versions of ntoskrnl.exe in each folder and there are both different sizes - one is 3.71MB (sysWOW64) and the other is 5.25MB (system32), so one must be 64bit and the other 32bit.... i think.

Also i descided to download malware-bites and scan for malware even though i have anti-virus installed, my ani-virus found nothing - but with a few seconds of scanning with malware bites, it found about 6 infected items. One of these items was disguised as windows_KB57H43.exe (if i had seen that myself id have just thought it was a windows update file), after some googlingi found out that it is actualy a Remote Administration Tool (RAT), wich apparently is a way for a hacker to well... hack your system and/or infect it with more viruses etc... So obviously i had malwarebites delete it along several other infections.

Since running malwarebites and ridding my system of said infections i tried playing crysis again, and... so far no crashes (touch wood/ fingers crossed etc...), i didnt play for that long though so we'll see...

Will wait to see if i get another crash before following Satrow's suggestion... keep you posted.

 

Very good news

Now I know what happened.
You ran 32-bit version of SystemLook, because you couldn't access 64-bit download.
For some reason, my link had a missing letter.
The correct link is: http://jpshortstuff.247fixes.com/SystemLook_x64.exe

 

Hi Broni

Just a quick question...

I checked the versions of ntoskrnl.exe that are in wow64 and system32 and noticed that they appear to be the older ones (16617), so would it be a good idea to replace them with the newer version (20738) (not sure why windows hasnt done this...)? If so then i imagine that i cannot replace them with the newer ones while windows is running...?

Thanks

 

Well, if they're not causing problems, I'd leave them alone.

And yes, since those are kernel files, you'd have to boot from Windows 7 DVD, or Windows 7 Recovery Disc and use command prompt to do it.

 

Another BSOD...

Well i guess it was too much to hope that it was just malware...

Bluescreenview...

==================================================
Dump File : 092610-30654-01.dmp
Crash Time : 26/09/2010 20:21:43
Bug Check String : KMODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x0000001e
Parameter 1 : 00000000`00000000
Parameter 2 : 00000000`00000000
Parameter 3 : 00000000`00000000
Parameter 4 : 00000000`00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70710
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16617 (win7_gdr.100618-1621)
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\092610-30654-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
==================================================

Guess i'll try satrow's suggestion... although i dont like the idea of unistalling ALL my programs (thats a LOT of programs...), oh well - here goes...

Be back in a few years when ive unistalled everything...lol

 

I'd suggest, you start new topic in malware forum to make sure your computer is REALLY clean.
MBAM may be coming up clean, but....if there is one infection, there may be more.
One program won't detect everything.

 

Hi TimW

Just ran fsc /scannow...

This is the message i got back....

'Beginning system scan. This process will take some time.

Beginning verification phase of system scan.
Verification 0% complete.
Windows Resource Protection found corrupt files but was unable to fix some of them.
Details are included in the CBS.Log windir\Logs\CBS\CBS.log. For example
C:\Windows\Logs\CBS\CBS.log'

...didnt even run for 2 secs, ive attached a partial log (from today - 26th) for you to look at.

 

Hi

No... it didnt ask for the OS disk, and i checked the log myself, but also couldnt see a specific file... something funny going on - wonder if its related to the BSODs...?

 

Hi

No... this is Win 7 Ultimate x64, not vista. Is there still a system repair in 7?