BSOD caused by ntoskrnl.exe


  1. Posts : 18
    Windows 7 Professional 64 bit
       #1

    BSOD caused by ntoskrnl.exe


    6 month old HP Probook 450 G1 laptop running Windows 7 sp1 blue screening. I used Nirsoft's bluescreenview and can see that most of the blue screens have been caused by ntoskrnl.exe. One crash was different - after that crash we had to boot from last known good to get the computer going again.

    I did some reading on various websites on ntoskrnl the error message and on bug check 0x0000009f - with mixed results - some point to corrupt or bad drivers and other message points to it either being a memory or hard disk issue. This computer is in an office that I only have remote access to. I got a staff member to go into F2 at boot and run diagnostics and there were no errors. I will run a disk drive check when there is a staff member present to tell me what is being displayed on the screen.

    I have run memory checks using MemTest - just one pass without errors. I have just started it again and will leave it to run for at least half a day as long as the computer does not crash again.

    I have attached a zip file created by the dm log collector in the hope that some one might be able to help me solve this problem faster.
    Last edited by chocaholic; 16 May 2015 at 17:21.
      My Computer


  2. Posts : 26,863
    Windows 11 Pro
       #2

    Hello, chocaholic. I will see if I can help.

    You had 4 dump files. This is what they listed. I might add the first 2 were identical with one exception.

    Code:
     
    Use !analyze -v to get detailed debugging information.
    BugCheck 9F, {3, fffffa800d6e9990, fffff800051293d8, fffffa800b1cd6c0}
    *** WARNING: Unable to verify timestamp for btfilter.sys
    *** ERROR: Module load completed but symbols could not be loaded for btfilter.sys
    Probably caused by : btfilter.sys
    that is the Atheros Bluetooth Driver

    Code:
    fff800`05129878  fffff880`05e34ed0Unable to load image Rt64win7.sys, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for Rt64win7.sys
    *** ERROR: Module load completed but symbols could not be loaded for Rt64win7.sys
     Rt64win7+0x1aed0
    that is the Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC

    Code:
    ffff800`05129550  fffff880`05532ff0Unable to load image SYMNETS.SYS, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for SYMNETS.SYS
    *** ERROR: Module load completed but symbols could not be loaded for SYMNETS.SYS
     SYMNETS+0x7bff0
    That is the Symantec/ Norton NIS/ N360 Network Security driver

    Code:
    ffff800`05129528  fffff880`05417a00Unable to load image IDSvia64.sys, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for IDSvia64.sys
    *** ERROR: Module load completed but symbols could not be loaded for IDSvia64.sys
     IDSvia64+0xca00
    Which is the Norton Internet Security. That's 2 errors from Norton, both present in 2 dumps. Norton is a well known cause of BSODs. That is from the last dump file, the next one is identical with the addition of

    Code:
    ffff800`00b9a718  fffff880`0794a88fUnable to load image athrx.sys, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for athrx.sys
    *** ERROR: Module load completed but symbols could not be loaded for athrx.sys
     athrx+0x14988f
    That is the Atheros network adapter driver. The third dump listed

    Code:
     
    Use !analyze -v to get detailed debugging information.
    BugCheck 1000007E, {ffffffffc0000005, fffff8800624c61e, fffff88003f161e8, fffff88003f15a40}
    Probably caused by : atikmdag.sys ( atikmdag+4061e )
    Followup: MachineOwner
    Which is the graphics driver, and the last dump is

    Code:
     
    Use !analyze -v to get detailed debugging information.
    BugCheck C5, {8, 2, 0, fffff800031c9b15}
    Probably caused by : Pool_Corruption ( nt!ExDeferredFreePool+249 )
    Followup: Pool_corruption
    Which means basically a driver has corrupted other drivers or system files. If you look at it as a whole, you have Norton internet security and Norton network security mentioned in 2 of the dumps, with maybe one exception the other errors are all network drivers, athrx.sys, Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC and the Atheros Bluetooth Driver. The other issue is the pool corruption which could be the cause of all of these. It appears that the main problem lies with the Network/LAN drivers. Those, I believe are controlled by Norton network security.

    If you would like to know, ntoskrnl.exe is the Windows Kernel and will not cause a BSOD unless it has been tampered with or corrupted by some other process.

    I would suggest that you uninstall Norton, if you can and use the Norton removal tool (https://support.norton.com/sp/en/us/...rProfile_en_us)

    Also, please open an elevated command prompt ( click start, type cmd in the search box, right click on the cmd entry and select run as administrator) in the black box that opens, copy/paste sfc /scannow. If you decide to type it, notice the space between the sfc and the /. It is a system file checker which will scan your system files and attempt to correct any missing or corrupt files. What we want are the results to say windows found no integrity violations. If it says files were found but could not be repaired, close the box, reboot and run it again, after opening the administrative command prompt. You may have to reboot and run it three times for it to repair all system files. If it can't repair them after 3 reboots, let us know.

    I realize you are dealing with this remotely and I don't know how much control you have over what is installed and what isn't. So, you look at the results and decide. You mentioned running Memtest86. If it will help you, I will give you the directions I normally give on how to run it correctly.

    Please Run Memtest86+

       Information
    Please download from this site only http://www.memtest.org/ in the middle of the page are the Download links, you can download the ISO.zip or the Auto USB Flash Drive installer.zip

    Extract the Zip file. If you chose the ISO image, burn it to a CD using Windows Disk Image Burner or any Image burner you may have. If you downloaded the Auto USB installer, extract it, insert your USB 2.0 Flash Drive and take note of the drive letter. Run the installer, select the Flash Drive Letter, check the format box and press next. It will install memtest86+ to a flash drive. You can use either V4.20 or V5.01. Boot from your selected media. If you use V5.01 it will tell you to press certain buttons at the start, please press no buttons. The test will begin on it's own and continue to run until you stop it. It needs to run for 8 complete passes or until you receive an error. If you receive an error, stop the test. Even 1 error is a fail. Each pass tests a different part of the ram and each of the 10 tests in each pass tests something different. It takes a minimum of 8 passes to completely test the ram, more passes are better. It is quite a long test and will take several hours depending on how much ram you have. Due to the time length it is best to run overnight. If you have any questions, please do not hesitate to ask.

    Please try some of those things and let us know your results.
      My Computer


  3. Posts : 18
    Windows 7 Professional 64 bit
    Thread Starter
       #3

    Thank you so much for your detailed reply. It is most helpful. I am using MemTest not Memtest86 - but note your instructions and will try that later if no luck with the rest of your suggestions. The MemTest has been running for 7 hours without errors. I have suggested moving away from Norton but the owner of the company likes it and does not want to do this. I might have more chance if it does prove to be the main cause of the problems.

    I have disabled bluetooth as they do not need to use this and I noted that there is a Microsoft virtual WIFI miniport adapter installed which I have uninstalled as this is not required either.

    The sfc /scannow found a few corruption problems - It would appear that the corrupt files are part of KB3022345 which was installed on the 15th May - I found that this update has caused problems for a few people and have removed the update.

    I re-run sfc /scannow a second time after rebooting and there were no issues reported.
      My Computer


  4. Posts : 26,863
    Windows 11 Pro
       #4

    Thanks for the response. You may want to be on the lookout for that Update next time you run WU. The clean sfc scan is good news. The owner is welcome to come here and ask everyone on our BSOD Team whether Norton is a BSOD cause. I believe all responses would be the same. It's really an eye opener when you start debugging BSODs every day. You find things you thought were very safe are not at all. But, I understand. I am very well acquainted with things that you really like, are not always good for you.
      My Computer


  5. Posts : 18
    Windows 7 Professional 64 bit
    Thread Starter
       #5

    We are still having issues with the laptop hanging and they have to power it off - no blue screens today. I am thinking that I might try updating the drivers. I checked the realtek driver against the driver available on the HP drivers website and found that the latest driver is running. In the BSOD breakdown above you said "that is the Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC" . Can you tell me how you worked out the model number? I have been looking for it everywhere on the laptop - everywhere I look it talks about the Realtek PCIe GBE Family Controller - no model mentioned. I am thinking that I might get a later driver from the Realtek website.
      My Computer


  6. Posts : 26,863
    Windows 11 Pro
       #6

    It is most likely listed as the LAN driver on the HP site. The dump file listed the driver as Rt64win7.sys
    and look here and it will tell you what the driver is for. It should be on the Realtk site here -
    Realtek But, it may be best to get it from the HP site if you can.
      My Computer


  7. Posts : 18
    Windows 7 Professional 64 bit
    Thread Starter
       #7

    After trying everything to get this laptop stable...it eventually stopped booting and we had to rebuild. So far so good since rebuild. Thank you for your help.

    I have two other laptops doing the same thing - all from the same HP model type (HP 450/470 - 50 being 15" and 70 being 17"). I found this out after checking with them to see if they were having any issues - the problem was not as frequent so they had not got around to letting me know. It has been occurring for months. Other than being the same model type, and having Microsoft Office installed, they are used in different environments with different software installed. The other HP laptop models are fine. I believe it is possibly an update that is conflicting with a driver on these particular laptops. More research required here unfortunately. I have spoken to supplier and HP and all they could say was they have not heard of others with this issue and rebuild the laptop is the best option. Although painful to rebuild it is probably our quickest option - I am going to wait a week to make sure the problem is solved on the laptop already rebuilt.
      My Computer


  8. Posts : 26,863
    Windows 11 Pro
       #8

    chocaholic, that seems like a real pain. I'm sure you have weighed the cost of a rebuild vs. the cost of a new laptop. I would think we would have seen it here if there was some type of problem with updates and HP laptops, but we haven't, or at least I haven't. If we can assist you in any way, just let us know. Thanks for the update.
      My Computer


  9. Posts : 18
    Windows 7 Professional 64 bit
    Thread Starter
       #9

    It is a real pain - 2 laptops are only 6 months old and the 3rd is 2 months old
      My Computer


  10. Posts : 26,863
    Windows 11 Pro
       #10

    Good luck to you. Sorry you're having to go through that.
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 19:56.
Find Us