Kernel data inpage error.. sometimes spaceport.sys , sometimes ntfs.sys etc?
Tags:
- NTFS
- Hard Drives
-
Windows 8
- Blue Screen
Last response: in Windows 8
hussassasin
October 11, 2014 11:19:11 PM
guys i have recently been having bsods with kernel data inpage error and sometimes it shows ntfs.sys and sometimes spaceport.sys etc .. and i have noticed that while i start the computer theres some kind of squeaking sound that comes 1 or 2 times for just a second or so .. this same sound comes exactly before getting the bluescreen .. i am not able to figure out where this sound is coming from but i assumed that it was the hard disk and i downloaded crystal info which shows 1 pending sector count and 1 uncorrectable sector count .. also the seatools long test failed .. so i think it maybe the hard drive
i am attaching the dump files https://drive.google.com/folderview?id=0B6I123EK7SNZQnl...
i am attaching the dump files https://drive.google.com/folderview?id=0B6I123EK7SNZQnl...
More about : kernel data inpage error spaceport sys ntfs sys
-
Reply to hussassasin
Paul NZ
October 11, 2014 11:30:47 PM
I would uninstall AMD overdrive, this can cause crashes
Theres strange files on your system MpKsl85b52d33.sys, MpKslaa1997c8.sys, MpKsl6201d057.sys, MpKsl1f1df105.sys, MpKsla3ecc79a.sys, MpKsl478bbe88.sys, MpKsl8a83eebd.sys, MpKsl5b6a049d.sys
Whats this?? ANOD Network Security Filter driver?? The drivers for this are old / from 2009
See if you've got rootkits. Download then run this http://media.kaspersky.com/utilities/VirusUtilities/EN/...
Theres strange files on your system MpKsl85b52d33.sys, MpKslaa1997c8.sys, MpKsl6201d057.sys, MpKsl1f1df105.sys, MpKsla3ecc79a.sys, MpKsl478bbe88.sys, MpKsl8a83eebd.sys, MpKsl5b6a049d.sys
Whats this?? ANOD Network Security Filter driver?? The drivers for this are old / from 2009
See if you've got rootkits. Download then run this http://media.kaspersky.com/utilities/VirusUtilities/EN/...
-
Reply to Paul NZ
m
0
l
hussassasin
October 11, 2014 11:37:16 PM
Paul NZ said:
I would uninstall AMD overdrive, this can cause crashesTheres strange files on your system MpKsl85b52d33.sys, MpKslaa1997c8.sys, MpKsl6201d057.sys, MpKsl1f1df105.sys, MpKsla3ecc79a.sys, MpKsl478bbe88.sys, MpKsl8a83eebd.sys, MpKsl5b6a049d.sys
Whats this?? ANOD Network Security Filter driver?? The drivers for this are old / from 2009
See if you've got rootkits. Download then run this http://media.kaspersky.com/utilities/VirusUtilities/EN/...
okay i am doing what you said right now .. will revert as soon as done .. thank you for the quick reply
-
Reply to hussassasin
m
0
l
Related resources
- 0xf4 and kernel data inpage error BSOD - Forum
- KERNEL_DATA_INPAGE_ERROR, MEMORY_MANAGEMENT, and SYSTEM_SERVICE_EXCEPTION all in 1 day - Forum
- "KERNEL_DATA_INPAGE_ERROR (partmgr.sys)" on newly built rig - Forum
- KERNEL_STACK_INPAGE_ERROR and KERNEL_DATA_INPAGE_ERROR - Forum
- Window's Activation issues + Kernel Data Inpage Error - Forum
Paul NZ
October 11, 2014 11:38:06 PM
hussassasin
October 11, 2014 11:39:57 PM
Paul NZ said:
I would uninstall AMD overdrive, this can cause crashesTheres strange files on your system MpKsl85b52d33.sys, MpKslaa1997c8.sys, MpKsl6201d057.sys, MpKsl1f1df105.sys, MpKsla3ecc79a.sys, MpKsl478bbe88.sys, MpKsl8a83eebd.sys, MpKsl5b6a049d.sys
Whats this?? ANOD Network Security Filter driver?? The drivers for this are old / from 2009
See if you've got rootkits. Download then run this http://media.kaspersky.com/utilities/VirusUtilities/EN/...
hey i uninstalled amd catalyst manager and ran the scan on the software that you told and it found 0 threats ..
-
Reply to hussassasin
m
0
l
Paul NZ
October 11, 2014 11:42:31 PM
OK. See if it crashes again since you've uninstalled AMD overdrive
Get this then run it. Click on scan. If it picks up any of those strange files, once it finishes click on clean then reboot
http://www.bleepingcomputer.com/download/adwcleaner/
Get this then run it. Click on scan. If it picks up any of those strange files, once it finishes click on clean then reboot
http://www.bleepingcomputer.com/download/adwcleaner/
-
Reply to Paul NZ
m
0
l
hussassasin
October 11, 2014 11:52:19 PM
Paul NZ said:
OK. See if it crashes again since you've uninstalled AMD overdriveGet this then run it. Click on scan. If it picks up any of those strange files, once it finishes click on clean then reboot
http://www.bleepingcomputer.com/download/adwcleaner/
okay ill do that and hope it doesnt crash again
.. but what about the hard disk pending sector count .. is that something to worry about .. and the squeaking sound
-
Reply to hussassasin
m
0
l
Paul NZ
October 11, 2014 11:54:24 PM
hussassasin said:
Paul NZ said:
OK. See if it crashes again since you've uninstalled AMD overdriveGet this then run it. Click on scan. If it picks up any of those strange files, once it finishes click on clean then reboot
http://www.bleepingcomputer.com/download/adwcleaner/
okay ill do that and hope it doesnt crash again
.. but what about the hard disk pending sector count .. is that something to worry about .. and the squeaking sound
Whats showing you this hard disk pending sector count? Have no idea what this squeaking noise is
-
Reply to Paul NZ
m
0
l
hussassasin
October 12, 2014 12:01:10 AM
Paul NZ said:
hussassasin said:
Paul NZ said:
OK. See if it crashes again since you've uninstalled AMD overdriveGet this then run it. Click on scan. If it picks up any of those strange files, once it finishes click on clean then reboot
http://www.bleepingcomputer.com/download/adwcleaner/
okay ill do that and hope it doesnt crash again
.. but what about the hard disk pending sector count .. is that something to worry about .. and the squeaking sound
Whats showing you this hard disk pending sector count? Have no idea what this squeaking noise is
speed fan as well as crystalinfo show me the pending sector count
-
Reply to hussassasin
m
0
l
Paul NZ
October 12, 2014 12:02:37 AM
hussassasin said:
guys i have recently been having bsods with kernel data inpage error and sometimes it shows ntfs.sys and sometimes spaceport.sys etc .. and i have noticed that while i start the computer theres some kind of squeaking sound that comes 1 or 2 times for just a second or so .. this same sound comes exactly before getting the bluescreen .. i am not able to figure out where this sound is coming from but i assumed that it was the hard disk and i downloaded crystal info which shows 1 pending sector count and 1 uncorrectable sector count .. also the seatools long test failed .. so i think it maybe the hard drive i am attaching the dump files https://drive.google.com/folderview?id=0B6I123EK7SNZQnl...
The KERNEL_DATA_INPAGE BSoD occurs when the kernel tries to bring paged kernel memory back into physical memory from a swap volume and is unable to read from the swap volume.
There are two common causes of this BSoD.
1. Improperly configured removable storage devices. Windows will attempt to create page files on storage devices that are not configured as removable. If a removable storage device is incorrectly configured as non-removable, and is removed, this BSoD may eventually happen (not right away though).
2. A failing hard disk drive. Similar idea as #1, the kernel tries to bring memory from the swap volume back into physical memory but the hard disk becomes inaccessible during that period.
-
Reply to Pinhedd
m
0
l
hussassasin
October 12, 2014 4:45:10 AM
Pinhedd said:
hussassasin said:
guys i have recently been having bsods with kernel data inpage error and sometimes it shows ntfs.sys and sometimes spaceport.sys etc .. and i have noticed that while i start the computer theres some kind of squeaking sound that comes 1 or 2 times for just a second or so .. this same sound comes exactly before getting the bluescreen .. i am not able to figure out where this sound is coming from but i assumed that it was the hard disk and i downloaded crystal info which shows 1 pending sector count and 1 uncorrectable sector count .. also the seatools long test failed .. so i think it maybe the hard drive i am attaching the dump files https://drive.google.com/folderview?id=0B6I123EK7SNZQnl...
The KERNEL_DATA_INPAGE BSoD occurs when the kernel tries to bring paged kernel memory back into physical memory from a swap volume and is unable to read from the swap volume.
There are two common causes of this BSoD.
1. Improperly configured removable storage devices. Windows will attempt to create page files on storage devices that are not configured as removable. If a removable storage device is incorrectly configured as non-removable, and is removed, this BSoD may eventually happen (not right away though).
2. A failing hard disk drive. Similar idea as #1, the kernel tries to bring memory from the swap volume back into physical memory but the hard disk becomes inaccessible during that period.
hello thank you very much for the reply ..
Even i think that it is a failingg hard drive .. but is there a solution to detect where the bad sector is? is there something i can do to prevent it from failing or atleast delay it from failing .. coz neither do i have a spare hard drive nor i have the money right now to buy a new one .. coz i am considering buying a 1tb hard disk this time instead of my current 500 gb hdd .. in short i just wanna know that is it currently safe to use it and how long may it approximately last in this condition .. thanks very much again ..
-
Reply to hussassasin
m
0
l
hussassasin said:
Pinhedd said:
hussassasin said:
guys i have recently been having bsods with kernel data inpage error and sometimes it shows ntfs.sys and sometimes spaceport.sys etc .. and i have noticed that while i start the computer theres some kind of squeaking sound that comes 1 or 2 times for just a second or so .. this same sound comes exactly before getting the bluescreen .. i am not able to figure out where this sound is coming from but i assumed that it was the hard disk and i downloaded crystal info which shows 1 pending sector count and 1 uncorrectable sector count .. also the seatools long test failed .. so i think it maybe the hard drive i am attaching the dump files https://drive.google.com/folderview?id=0B6I123EK7SNZQnl...
The KERNEL_DATA_INPAGE BSoD occurs when the kernel tries to bring paged kernel memory back into physical memory from a swap volume and is unable to read from the swap volume.
There are two common causes of this BSoD.
1. Improperly configured removable storage devices. Windows will attempt to create page files on storage devices that are not configured as removable. If a removable storage device is incorrectly configured as non-removable, and is removed, this BSoD may eventually happen (not right away though).
2. A failing hard disk drive. Similar idea as #1, the kernel tries to bring memory from the swap volume back into physical memory but the hard disk becomes inaccessible during that period.
hello thank you very much for the reply ..
Even i think that it is a failingg hard drive .. but is there a solution to detect where the bad sector is? is there something i can do to prevent it from failing or atleast delay it from failing .. coz neither do i have a spare hard drive nor i have the money right now to buy a new one .. coz i am considering buying a 1tb hard disk this time instead of my current 500 gb hdd .. in short i just wanna know that is it currently safe to use it and how long may it approximately last in this condition .. thanks very much again ..
The hard disk platter maintains a region of unallocated, unaddressable sectors used for remapping the addressable sectors as they fail. This is performed transparently by the disk controller. Although it can't prevent data loss, it can ensure that the disk remains completely logically addressable as long as the controller has spare sectors. In other words, this much is working normally. I have a 1TB Western Digital Caviar Black in my PC that's had 3 uncorrectable sectors for several years now.
However, if the drive controller is experiencing periodic instability or power loss (HDD controllers are just embedded ARM microprocessors) this can cause the drive to become unresponsive which would result in the BSoD that you describe.
-
Reply to Pinhedd
m
0
l
hussassasin
October 12, 2014 5:45:49 AM
Pinhedd said:
hussassasin said:
Pinhedd said:
hussassasin said:
guys i have recently been having bsods with kernel data inpage error and sometimes it shows ntfs.sys and sometimes spaceport.sys etc .. and i have noticed that while i start the computer theres some kind of squeaking sound that comes 1 or 2 times for just a second or so .. this same sound comes exactly before getting the bluescreen .. i am not able to figure out where this sound is coming from but i assumed that it was the hard disk and i downloaded crystal info which shows 1 pending sector count and 1 uncorrectable sector count .. also the seatools long test failed .. so i think it maybe the hard drive i am attaching the dump files https://drive.google.com/folderview?id=0B6I123EK7SNZQnl...
The KERNEL_DATA_INPAGE BSoD occurs when the kernel tries to bring paged kernel memory back into physical memory from a swap volume and is unable to read from the swap volume.
There are two common causes of this BSoD.
1. Improperly configured removable storage devices. Windows will attempt to create page files on storage devices that are not configured as removable. If a removable storage device is incorrectly configured as non-removable, and is removed, this BSoD may eventually happen (not right away though).
2. A failing hard disk drive. Similar idea as #1, the kernel tries to bring memory from the swap volume back into physical memory but the hard disk becomes inaccessible during that period.
hello thank you very much for the reply ..
Even i think that it is a failingg hard drive .. but is there a solution to detect where the bad sector is? is there something i can do to prevent it from failing or atleast delay it from failing .. coz neither do i have a spare hard drive nor i have the money right now to buy a new one .. coz i am considering buying a 1tb hard disk this time instead of my current 500 gb hdd .. in short i just wanna know that is it currently safe to use it and how long may it approximately last in this condition .. thanks very much again ..
The hard disk platter maintains a region of unallocated, unaddressable sectors used for remapping the addressable sectors as they fail. This is performed transparently by the disk controller. Although it can't prevent data loss, it can ensure that the disk remains completely logically addressable as long as the controller has spare sectors. In other words, this much is working normally. I have a 1TB Western Digital Caviar Black in my PC that's had 3 uncorrectable sectors for several years now.
However, if the drive controller is experiencing periodic instability or power loss (HDD controllers are just embedded ARM microprocessors) this can cause the drive to become unresponsive which would result in the BSoD that you describe.
so what may be the solution to the bsod ..? And should i be worried about the squeaking sound?
-
Reply to hussassasin
m
0
l
pending sector count: I think this means that there are sectors on your disk that are getting read errors. Windows 8.1 will attempt to read these sectors over and over until it gets a good read. It will then move the data to another location and mark that location as bad.
(very common problem because people only do a quick format of the drive before installing the operating system, A full format of the drive will locate all the bad or weak sectors and mark them as bad before data is place on them. quick format only take 15 seconds, while a full format of a large drive may take hours.)
the same type of thing can happen if you have a solid state drive, the drive firmware will relocate the data to another block inside the drive and mark the block as bad. the firmware runs at IDLE time, so if you have a Solid state driver, boot into BIOS and leave the drive powered but not in use to give the firmware time to finish its housecleaning.
if your windows 8 is running
start cmd.exe as a admin (windows key+x, then type a)
sfc.exe /scannow
this will scan for corrupted winodws core files and attempt to repair them. if it fails to repair you have to run the command:
dism.exe /online /cleanup-image /restorehealth
most of the time a failure to repair is due to rootkits, malware and hacked activation versions of windows.
These programs tend to modify the backup copies that the system file checker attempt to use to repair your system, often they also block windows updates form working.( or lie to you and say they are installed when the updates are not installed)
the dism.exe /online flag will go to a trusted source and get a clean copy of the modified file.
You will also want to run malwarebytes and some sort of rootkit detector.
if you have a pirated version of windows the dism.exe will most likely break the hack.
(very common problem because people only do a quick format of the drive before installing the operating system, A full format of the drive will locate all the bad or weak sectors and mark them as bad before data is place on them. quick format only take 15 seconds, while a full format of a large drive may take hours.)
the same type of thing can happen if you have a solid state drive, the drive firmware will relocate the data to another block inside the drive and mark the block as bad. the firmware runs at IDLE time, so if you have a Solid state driver, boot into BIOS and leave the drive powered but not in use to give the firmware time to finish its housecleaning.
if your windows 8 is running
start cmd.exe as a admin (windows key+x, then type a)
sfc.exe /scannow
this will scan for corrupted winodws core files and attempt to repair them. if it fails to repair you have to run the command:
dism.exe /online /cleanup-image /restorehealth
most of the time a failure to repair is due to rootkits, malware and hacked activation versions of windows.
These programs tend to modify the backup copies that the system file checker attempt to use to repair your system, often they also block windows updates form working.( or lie to you and say they are installed when the updates are not installed)
the dism.exe /online flag will go to a trusted source and get a clean copy of the modified file.
You will also want to run malwarebytes and some sort of rootkit detector.
if you have a pirated version of windows the dism.exe will most likely break the hack.
-
Reply to johnbl
m
0
l
hussassasin
October 12, 2014 12:35:37 PM
johnbl said:
pending sector count: I think this means that there are sectors on your disk that are getting read errors. Windows 8.1 will attempt to read these sectors over and over until it gets a good read. It will then move the data to another location and mark that location as bad.(very common problem because people only do a quick format of the drive before installing the operating system, A full format of the drive will locate all the bad or weak sectors and mark them as bad before data is place on them. quick format only take 15 seconds, while a full format of a large drive may take hours.)
the same type of thing can happen if you have a solid state drive, the drive firmware will relocate the data to another block inside the drive and mark the block as bad. the firmware runs at IDLE time, so if you have a Solid state driver, boot into BIOS and leave the drive powered but not in use to give the firmware time to finish its housecleaning.
if your windows 8 is running
start cmd.exe as a admin (windows key+x, then type a)
sfc.exe /scannow
this will scan for corrupted winodws core files and attempt to repair them. if it fails to repair you have to run the command:
dism.exe /online /cleanup-image /restorehealth
most of the time a failure to repair is due to rootkits, malware and hacked activation versions of windows.
These programs tend to modify the backup copies that the system file checker attempt to use to repair your system, often they also block windows updates form working.( or lie to you and say they are installed when the updates are not installed)
the dism.exe /online flag will go to a trusted source and get a clean copy of the modified file.
You will also want to run malwarebytes and some sort of rootkit detector.
if you have a pirated version of windows the dism.exe will most likely break the hack.
i ran a sfc.exe scan .. found some errors which it couldnt fix.. ran the dism.exe and it fixed the errors .. lets hope this solves the problem
-
Reply to hussassasin
m
0
l
hussassasin
October 15, 2014 12:14:02 AM
johnbl said:
pending sector count: I think this means that there are sectors on your disk that are getting read errors. Windows 8.1 will attempt to read these sectors over and over until it gets a good read. It will then move the data to another location and mark that location as bad.(very common problem because people only do a quick format of the drive before installing the operating system, A full format of the drive will locate all the bad or weak sectors and mark them as bad before data is place on them. quick format only take 15 seconds, while a full format of a large drive may take hours.)
the same type of thing can happen if you have a solid state drive, the drive firmware will relocate the data to another block inside the drive and mark the block as bad. the firmware runs at IDLE time, so if you have a Solid state driver, boot into BIOS and leave the drive powered but not in use to give the firmware time to finish its housecleaning.
if your windows 8 is running
start cmd.exe as a admin (windows key+x, then type a)
sfc.exe /scannow
this will scan for corrupted winodws core files and attempt to repair them. if it fails to repair you have to run the command:
dism.exe /online /cleanup-image /restorehealth
most of the time a failure to repair is due to rootkits, malware and hacked activation versions of windows.
These programs tend to modify the backup copies that the system file checker attempt to use to repair your system, often they also block windows updates form working.( or lie to you and say they are installed when the updates are not installed)
the dism.exe /online flag will go to a trusted source and get a clean copy of the modified file.
You will also want to run malwarebytes and some sort of rootkit detector.
if you have a pirated version of windows the dism.exe will most likely break the hack.
Guys unfortunately the problem is still not solved.. it worked fine for 2 days but i got a bluescreen again today saying spaceport.sys ..
heres the minidump
https://docs.google.com/file/d/0B6I123EK7SNZWjFKbDd5aEt...
-
Reply to hussassasin
m
0
l
if you just look at the bugcheck, it indicates that your disk stopped responding and your hardware failed.
this is most likely incorrect. the system was writing a log to the device and got a error that the device did not exist.
(hard drive was able to write the memory .dmp file, so it was there)
well it could be true but it is unlikely, the storage driver looks like it has been modifed
\SystemRoot\System32\drivers\spaceport.sys
be sure to delete/remove these drivers
giveio.sys
MpKsl251c67e3.sys (look like fake microsoft defender files)
MpKslb4b6cdbc.sys (i think it is fake)
then run the dism.exe command again to repair your storage driver.
you have a few other issues that could be checked but they are minor when compared to these.
-------------------
looking at your bugcheck
you have a driver
\C:\WINDOWS\system32\giveio.sys Wed Apr 03 19:33:25 1996
the driver date is 1996, remove the driver.
-----------
C:\Program Files\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys Thu Jul 02 02:12:38 2009
update this driver
----
remove this driver (or update it if it really is a NDIS driver that you need)
\SystemRoot\system32\DRIVERS\anodlwf.sys Fri Mar 06 02:09:51 2009
-----
replace this driver:
\SystemRoot\System32\drivers\spaceport.sys unavailable (00000000)
it looks like it is corrupted. and it is the cause of the bugcheck.
-----
remove this driver
C:\WINDOWS\system32\speedfan.sys Sat Dec 29 12:59:33 2012
----------------
ok you have two drivers
MpKsl251c67e3.sys
C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{050F64BE-C3F7-41F3-B9C6-2D1C449EEC06}\MpKsl251c67e3.sys
Wed Aug 21 15:32:05 2013
C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{050F64BE-C3F7-41F3-B9C6-2D1C449EEC06}\MpKslb4b6cdbc.sys Wed Aug 21 15:32:05 2013
These are most likely malware hiding trying to look like part of windows defender. ( I have looked at lot of memory dumpts and never have seen these files, and why would you do a definition update as a driver file? more likely malware)
overall I would think you have malware that modified your spaceport.sys driver.
attempts to fix it with the sfc.exe /scannow command most likly fail because the malware modifed the backup copy.
the
dism.exe /online /cleanup-image /restorehealth
works because it gets a clean copy directly from microsoft
then malware has to reinfect the driver again.
so run the dism.exe command again to repair your spaceport.sys driver
then boot and delete the fake windows defender files
then start your browser and clear your internet cache files, and empty your recycle bin.
do a hard reboot and not a shutdown, just pull the plug to your computer, then power on again.
then boot up in safe mode and do a rootkit scan.
reboot and run malwarebytes free version.
machine info:
Manufacturer ASUSTeK Computer INC.
Product M5A78L-M LX V2
Version Rev X.0x
BIOS Release Date 07/18/2012
BIOS Version 1001
Processor ID 120f6000fffb8b17
Processor Version AMD FX(tm)-6100 Six-Core Processor
Processor Voltage 8ch - 1.2V
External Clock 200MHz
Max Speed 3300MHz
Current Speed 3300MHz
looks like you only have one RAM bank with 4096MB at 1600MHz
(BIOS info looked like it was truncated)
this is most likely incorrect. the system was writing a log to the device and got a error that the device did not exist.
(hard drive was able to write the memory .dmp file, so it was there)
well it could be true but it is unlikely, the storage driver looks like it has been modifed
\SystemRoot\System32\drivers\spaceport.sys
be sure to delete/remove these drivers
giveio.sys
MpKsl251c67e3.sys (look like fake microsoft defender files)
MpKslb4b6cdbc.sys (i think it is fake)
then run the dism.exe command again to repair your storage driver.
you have a few other issues that could be checked but they are minor when compared to these.
-------------------
looking at your bugcheck
you have a driver
\C:\WINDOWS\system32\giveio.sys Wed Apr 03 19:33:25 1996
the driver date is 1996, remove the driver.
-----------
C:\Program Files\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys Thu Jul 02 02:12:38 2009
update this driver
----
remove this driver (or update it if it really is a NDIS driver that you need)
\SystemRoot\system32\DRIVERS\anodlwf.sys Fri Mar 06 02:09:51 2009
-----
replace this driver:
\SystemRoot\System32\drivers\spaceport.sys unavailable (00000000)
it looks like it is corrupted. and it is the cause of the bugcheck.
-----
remove this driver
C:\WINDOWS\system32\speedfan.sys Sat Dec 29 12:59:33 2012
----------------
ok you have two drivers
MpKsl251c67e3.sys
C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{050F64BE-C3F7-41F3-B9C6-2D1C449EEC06}\MpKsl251c67e3.sys
Wed Aug 21 15:32:05 2013
C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{050F64BE-C3F7-41F3-B9C6-2D1C449EEC06}\MpKslb4b6cdbc.sys Wed Aug 21 15:32:05 2013
These are most likely malware hiding trying to look like part of windows defender. ( I have looked at lot of memory dumpts and never have seen these files, and why would you do a definition update as a driver file? more likely malware)
overall I would think you have malware that modified your spaceport.sys driver.
attempts to fix it with the sfc.exe /scannow command most likly fail because the malware modifed the backup copy.
the
dism.exe /online /cleanup-image /restorehealth
works because it gets a clean copy directly from microsoft
then malware has to reinfect the driver again.
so run the dism.exe command again to repair your spaceport.sys driver
then boot and delete the fake windows defender files
then start your browser and clear your internet cache files, and empty your recycle bin.
do a hard reboot and not a shutdown, just pull the plug to your computer, then power on again.
then boot up in safe mode and do a rootkit scan.
reboot and run malwarebytes free version.
machine info:
Manufacturer ASUSTeK Computer INC.
Product M5A78L-M LX V2
Version Rev X.0x
BIOS Release Date 07/18/2012
BIOS Version 1001
Processor ID 120f6000fffb8b17
Processor Version AMD FX(tm)-6100 Six-Core Processor
Processor Voltage 8ch - 1.2V
External Clock 200MHz
Max Speed 3300MHz
Current Speed 3300MHz
looks like you only have one RAM bank with 4096MB at 1600MHz
(BIOS info looked like it was truncated)
-
Reply to johnbl
m
0
l
hussassasin
October 16, 2014 6:29:49 AM
johnbl said:
if you just look at the bugcheck, it indicates that your disk stopped responding and your hardware failed.this is most likely incorrect. the system was writing a log to the device and got a error that the device did not exist.
(hard drive was able to write the memory .dmp file, so it was there)
well it could be true but it is unlikely, the storage driver looks like it has been modifed
\SystemRoot\System32\drivers\spaceport.sys
be sure to delete/remove these drivers
giveio.sys
MpKsl251c67e3.sys (look like fake microsoft defender files)
MpKslb4b6cdbc.sys (i think it is fake)
then run the dism.exe command again to repair your storage driver.
you have a few other issues that could be checked but they are minor when compared to these.
-------------------
looking at your bugcheck
you have a driver
\C:\WINDOWS\system32\giveio.sys Wed Apr 03 19:33:25 1996
the driver date is 1996, remove the driver.
-----------
C:\Program Files\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys Thu Jul 02 02:12:38 2009
update this driver
----
remove this driver (or update it if it really is a NDIS driver that you need)
\SystemRoot\system32\DRIVERS\anodlwf.sys Fri Mar 06 02:09:51 2009
-----
replace this driver:
\SystemRoot\System32\drivers\spaceport.sys unavailable (00000000)
it looks like it is corrupted. and it is the cause of the bugcheck.
-----
remove this driver
C:\WINDOWS\system32\speedfan.sys Sat Dec 29 12:59:33 2012
----------------
ok you have two drivers
MpKsl251c67e3.sys
C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{050F64BE-C3F7-41F3-B9C6-2D1C449EEC06}\MpKsl251c67e3.sys
Wed Aug 21 15:32:05 2013
C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{050F64BE-C3F7-41F3-B9C6-2D1C449EEC06}\MpKslb4b6cdbc.sys Wed Aug 21 15:32:05 2013
These are most likely malware hiding trying to look like part of windows defender. ( I have looked at lot of memory dumpts and never have seen these files, and why would you do a definition update as a driver file? more likely malware)
overall I would think you have malware that modified your spaceport.sys driver.
attempts to fix it with the sfc.exe /scannow command most likly fail because the malware modifed the backup copy.
the
dism.exe /online /cleanup-image /restorehealth
works because it gets a clean copy directly from microsoft
then malware has to reinfect the driver again.
so run the dism.exe command again to repair your spaceport.sys driver
then boot and delete the fake windows defender files
then start your browser and clear your internet cache files, and empty your recycle bin.
do a hard reboot and not a shutdown, just pull the plug to your computer, then power on again.
then boot up in safe mode and do a rootkit scan.
reboot and run malwarebytes free version.
machine info:
Manufacturer ASUSTeK Computer INC.
Product M5A78L-M LX V2
Version Rev X.0x
BIOS Release Date 07/18/2012
BIOS Version 1001
Processor ID 120f6000fffb8b17
Processor Version AMD FX(tm)-6100 Six-Core Processor
Processor Voltage 8ch - 1.2V
External Clock 200MHz
Max Speed 3300MHz
Current Speed 3300MHz
looks like you only have one RAM bank with 4096MB at 1600MHz
(BIOS info looked like it was truncated)
i tried to find MpKsl251c67e3.sys and MpKslb4b6cdbc.sys but i cant find them .. the adress that u gave doesnt open and i manually tried to go into the definition updates but theres no such files there .. i found MpKsle6417387.sys there but when i try to delete this windows prompts that is being used by windows defender
-
Reply to hussassasin
m
0
l
any malware that hooks into your storage driver has the ability to filter the data coming out of the storage.
IE they can remove there drivers from the list of files.
you can run the dims.exe with the /online option to get the driver repaired but if the malware has a program running it will attempt to reinfect your computer.
So, you will want to boot off another CD image of windows an scan your hard drive for rootkits/malware/viruses and have them removed.
for some problems boot into safe mode and try to do the clean up. The files will not be in use during safe mode.
-you might connect your drive to another computer as a data drive and scan the drive for malware files.
in any case, I don't think your winodows defender is ok. disable it and do a malwarebytes scan and see if it detects anything. Then do a root kit scan.
this is most likely incorrect. the system was writing a log to the device and got a error that the device did not exist.
(hard drive was able to write the memory .dmp file, so it was there)
well it could be true but it is unlikely, the storage driver looks like it has been modifed
\SystemRoot\System32\drivers\spaceport.sys
be sure to delete/remove these drivers
giveio.sys
MpKsl251c67e3.sys (look like fake microsoft defender files)
MpKslb4b6cdbc.sys (i think it is fake)
then run the dism.exe command again to repair your storage driver.
you have a few other issues that could be checked but they are minor when compared to these.
-------------------
looking at your bugcheck
you have a driver
\C:\WINDOWS\system32\giveio.sys Wed Apr 03 19:33:25 1996
the driver date is 1996, remove the driver.
-----------
C:\Program Files\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys Thu Jul 02 02:12:38 2009
update this driver
----
remove this driver (or update it if it really is a NDIS driver that you need)
\SystemRoot\system32\DRIVERS\anodlwf.sys Fri Mar 06 02:09:51 2009
-----
replace this driver:
\SystemRoot\System32\drivers\spaceport.sys unavailable (00000000)
it looks like it is corrupted. and it is the cause of the bugcheck.
-----
remove this driver
C:\WINDOWS\system32\speedfan.sys Sat Dec 29 12:59:33 2012
----------------
ok you have two drivers
MpKsl251c67e3.sys
C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{050F64BE-C3F7-41F3-B9C6-2D1C449EEC06}\MpKsl251c67e3.sys
Wed Aug 21 15:32:05 2013
C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{050F64BE-C3F7-41F3-B9C6-2D1C449EEC06}\MpKslb4b6cdbc.sys Wed Aug 21 15:32:05 2013
These are most likely malware hiding trying to look like part of windows defender. ( I have looked at lot of memory dumpts and never have seen these files, and why would you do a definition update as a driver file? more likely malware)
overall I would think you have malware that modified your spaceport.sys driver.
attempts to fix it with the sfc.exe /scannow command most likly fail because the malware modifed the backup copy.
the
dism.exe /online /cleanup-image /restorehealth
works because it gets a clean copy directly from microsoft
then malware has to reinfect the driver again.
so run the dism.exe command again to repair your spaceport.sys driver
then boot and delete the fake windows defender files
then start your browser and clear your internet cache files, and empty your recycle bin.
do a hard reboot and not a shutdown, just pull the plug to your computer, then power on again.
then boot up in safe mode and do a rootkit scan.
reboot and run malwarebytes free version.
machine info:
Manufacturer ASUSTeK Computer INC.
Product M5A78L-M LX V2
Version Rev X.0x
BIOS Release Date 07/18/2012
BIOS Version 1001
Processor ID 120f6000fffb8b17
Processor Version AMD FX(tm)-6100 Six-Core Processor
Processor Voltage 8ch - 1.2V
External Clock 200MHz
Max Speed 3300MHz
Current Speed 3300MHz
looks like you only have one RAM bank with 4096MB at 1600MHz
(BIOS info looked like it was truncated)
i tried to find MpKsl251c67e3.sys and MpKslb4b6cdbc.sys but i cant find them .. the adress that u gave doesnt open and i manually tried to go into the definition updates but theres no such files there .. i found MpKsle6417387.sys there but when i try to delete this windows prompts that is being used by windows defender
IE they can remove there drivers from the list of files.
you can run the dims.exe with the /online option to get the driver repaired but if the malware has a program running it will attempt to reinfect your computer.
So, you will want to boot off another CD image of windows an scan your hard drive for rootkits/malware/viruses and have them removed.
for some problems boot into safe mode and try to do the clean up. The files will not be in use during safe mode.
-you might connect your drive to another computer as a data drive and scan the drive for malware files.
in any case, I don't think your winodows defender is ok. disable it and do a malwarebytes scan and see if it detects anything. Then do a root kit scan.
hussassasin said:
johnbl said:
if you just look at the bugcheck, it indicates that your disk stopped responding and your hardware failed.this is most likely incorrect. the system was writing a log to the device and got a error that the device did not exist.
(hard drive was able to write the memory .dmp file, so it was there)
well it could be true but it is unlikely, the storage driver looks like it has been modifed
\SystemRoot\System32\drivers\spaceport.sys
be sure to delete/remove these drivers
giveio.sys
MpKsl251c67e3.sys (look like fake microsoft defender files)
MpKslb4b6cdbc.sys (i think it is fake)
then run the dism.exe command again to repair your storage driver.
you have a few other issues that could be checked but they are minor when compared to these.
-------------------
looking at your bugcheck
you have a driver
\C:\WINDOWS\system32\giveio.sys Wed Apr 03 19:33:25 1996
the driver date is 1996, remove the driver.
-----------
C:\Program Files\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys Thu Jul 02 02:12:38 2009
update this driver
----
remove this driver (or update it if it really is a NDIS driver that you need)
\SystemRoot\system32\DRIVERS\anodlwf.sys Fri Mar 06 02:09:51 2009
-----
replace this driver:
\SystemRoot\System32\drivers\spaceport.sys unavailable (00000000)
it looks like it is corrupted. and it is the cause of the bugcheck.
-----
remove this driver
C:\WINDOWS\system32\speedfan.sys Sat Dec 29 12:59:33 2012
----------------
ok you have two drivers
MpKsl251c67e3.sys
C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{050F64BE-C3F7-41F3-B9C6-2D1C449EEC06}\MpKsl251c67e3.sys
Wed Aug 21 15:32:05 2013
C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{050F64BE-C3F7-41F3-B9C6-2D1C449EEC06}\MpKslb4b6cdbc.sys Wed Aug 21 15:32:05 2013
These are most likely malware hiding trying to look like part of windows defender. ( I have looked at lot of memory dumpts and never have seen these files, and why would you do a definition update as a driver file? more likely malware)
overall I would think you have malware that modified your spaceport.sys driver.
attempts to fix it with the sfc.exe /scannow command most likly fail because the malware modifed the backup copy.
the
dism.exe /online /cleanup-image /restorehealth
works because it gets a clean copy directly from microsoft
then malware has to reinfect the driver again.
so run the dism.exe command again to repair your spaceport.sys driver
then boot and delete the fake windows defender files
then start your browser and clear your internet cache files, and empty your recycle bin.
do a hard reboot and not a shutdown, just pull the plug to your computer, then power on again.
then boot up in safe mode and do a rootkit scan.
reboot and run malwarebytes free version.
machine info:
Manufacturer ASUSTeK Computer INC.
Product M5A78L-M LX V2
Version Rev X.0x
BIOS Release Date 07/18/2012
BIOS Version 1001
Processor ID 120f6000fffb8b17
Processor Version AMD FX(tm)-6100 Six-Core Processor
Processor Voltage 8ch - 1.2V
External Clock 200MHz
Max Speed 3300MHz
Current Speed 3300MHz
looks like you only have one RAM bank with 4096MB at 1600MHz
(BIOS info looked like it was truncated)
i tried to find MpKsl251c67e3.sys and MpKslb4b6cdbc.sys but i cant find them .. the adress that u gave doesnt open and i manually tried to go into the definition updates but theres no such files there .. i found MpKsle6417387.sys there but when i try to delete this windows prompts that is being used by windows defender
-
Reply to johnbl
m
0
l
hussassasin
October 16, 2014 9:56:50 AM
johnbl said:
any malware that hooks into your storage driver has the ability to filter the data coming out of the storage.IE they can remove there drivers from the list of files.
you can run the dims.exe with the /online option to get the driver repaired but if the malware has a program running it will attempt to reinfect your computer.
So, you will want to boot off another CD image of windows an scan your hard drive for rootkits/malware/viruses and have them removed.
for some problems boot into safe mode and try to do the clean up. The files will not be in use during safe mode.
-you might connect your drive to another computer as a data drive and scan the drive for malware files.
in any case, I don't think your winodows defender is ok. disable it and do a malwarebytes scan and see if it detects anything. Then do a root kit scan.
hussassasin said:
johnbl said:
if you just look at the bugcheck, it indicates that your disk stopped responding and your hardware failed.this is most likely incorrect. the system was writing a log to the device and got a error that the device did not exist.
(hard drive was able to write the memory .dmp file, so it was there)
well it could be true but it is unlikely, the storage driver looks like it has been modifed
\SystemRoot\System32\drivers\spaceport.sys
be sure to delete/remove these drivers
giveio.sys
MpKsl251c67e3.sys (look like fake microsoft defender files)
MpKslb4b6cdbc.sys (i think it is fake)
then run the dism.exe command again to repair your storage driver.
you have a few other issues that could be checked but they are minor when compared to these.
-------------------
looking at your bugcheck
you have a driver
\C:\WINDOWS\system32\giveio.sys Wed Apr 03 19:33:25 1996
the driver date is 1996, remove the driver.
-----------
C:\Program Files\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys Thu Jul 02 02:12:38 2009
update this driver
----
remove this driver (or update it if it really is a NDIS driver that you need)
\SystemRoot\system32\DRIVERS\anodlwf.sys Fri Mar 06 02:09:51 2009
-----
replace this driver:
\SystemRoot\System32\drivers\spaceport.sys unavailable (00000000)
it looks like it is corrupted. and it is the cause of the bugcheck.
-----
remove this driver
C:\WINDOWS\system32\speedfan.sys Sat Dec 29 12:59:33 2012
----------------
ok you have two drivers
MpKsl251c67e3.sys
C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{050F64BE-C3F7-41F3-B9C6-2D1C449EEC06}\MpKsl251c67e3.sys
Wed Aug 21 15:32:05 2013
C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{050F64BE-C3F7-41F3-B9C6-2D1C449EEC06}\MpKslb4b6cdbc.sys Wed Aug 21 15:32:05 2013
These are most likely malware hiding trying to look like part of windows defender. ( I have looked at lot of memory dumpts and never have seen these files, and why would you do a definition update as a driver file? more likely malware)
overall I would think you have malware that modified your spaceport.sys driver.
attempts to fix it with the sfc.exe /scannow command most likly fail because the malware modifed the backup copy.
the
dism.exe /online /cleanup-image /restorehealth
works because it gets a clean copy directly from microsoft
then malware has to reinfect the driver again.
so run the dism.exe command again to repair your spaceport.sys driver
then boot and delete the fake windows defender files
then start your browser and clear your internet cache files, and empty your recycle bin.
do a hard reboot and not a shutdown, just pull the plug to your computer, then power on again.
then boot up in safe mode and do a rootkit scan.
reboot and run malwarebytes free version.
machine info:
Manufacturer ASUSTeK Computer INC.
Product M5A78L-M LX V2
Version Rev X.0x
BIOS Release Date 07/18/2012
BIOS Version 1001
Processor ID 120f6000fffb8b17
Processor Version AMD FX(tm)-6100 Six-Core Processor
Processor Voltage 8ch - 1.2V
External Clock 200MHz
Max Speed 3300MHz
Current Speed 3300MHz
looks like you only have one RAM bank with 4096MB at 1600MHz
(BIOS info looked like it was truncated)
i tried to find MpKsl251c67e3.sys and MpKslb4b6cdbc.sys but i cant find them .. the adress that u gave doesnt open and i manually tried to go into the definition updates but theres no such files there .. i found MpKsle6417387.sys there but when i try to delete this windows prompts that is being used by windows defender
what if i just reinstall the complete os? will this definitely solve the problem?
-
Reply to hussassasin
m
0
l
Most people would do a reinstall just because it will be so much faster. Just be sure to use a clean windows image and not a bootleg images, they can have built in malware. after you do a reinstall, be sure to scan any data drives for malware so you don't end up running something that just reinstalls a rootkit /malware.
IE they can remove there drivers from the list of files.
you can run the dims.exe with the /online option to get the driver repaired but if the malware has a program running it will attempt to reinfect your computer.
So, you will want to boot off another CD image of windows an scan your hard drive for rootkits/malware/viruses and have them removed.
for some problems boot into safe mode and try to do the clean up. The files will not be in use during safe mode.
-you might connect your drive to another computer as a data drive and scan the drive for malware files.
in any case, I don't think your winodows defender is ok. disable it and do a malwarebytes scan and see if it detects anything. Then do a root kit scan.
this is most likely incorrect. the system was writing a log to the device and got a error that the device did not exist.
(hard drive was able to write the memory .dmp file, so it was there)
well it could be true but it is unlikely, the storage driver looks like it has been modifed
\SystemRoot\System32\drivers\spaceport.sys
be sure to delete/remove these drivers
giveio.sys
MpKsl251c67e3.sys (look like fake microsoft defender files)
MpKslb4b6cdbc.sys (i think it is fake)
then run the dism.exe command again to repair your storage driver.
you have a few other issues that could be checked but they are minor when compared to these.
-------------------
looking at your bugcheck
you have a driver
\C:\WINDOWS\system32\giveio.sys Wed Apr 03 19:33:25 1996
the driver date is 1996, remove the driver.
-----------
C:\Program Files\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys Thu Jul 02 02:12:38 2009
update this driver
----
remove this driver (or update it if it really is a NDIS driver that you need)
\SystemRoot\system32\DRIVERS\anodlwf.sys Fri Mar 06 02:09:51 2009
-----
replace this driver:
\SystemRoot\System32\drivers\spaceport.sys unavailable (00000000)
it looks like it is corrupted. and it is the cause of the bugcheck.
-----
remove this driver
C:\WINDOWS\system32\speedfan.sys Sat Dec 29 12:59:33 2012
----------------
ok you have two drivers
MpKsl251c67e3.sys
C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{050F64BE-C3F7-41F3-B9C6-2D1C449EEC06}\MpKsl251c67e3.sys
Wed Aug 21 15:32:05 2013
C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{050F64BE-C3F7-41F3-B9C6-2D1C449EEC06}\MpKslb4b6cdbc.sys Wed Aug 21 15:32:05 2013
These are most likely malware hiding trying to look like part of windows defender. ( I have looked at lot of memory dumpts and never have seen these files, and why would you do a definition update as a driver file? more likely malware)
overall I would think you have malware that modified your spaceport.sys driver.
attempts to fix it with the sfc.exe /scannow command most likly fail because the malware modifed the backup copy.
the
dism.exe /online /cleanup-image /restorehealth
works because it gets a clean copy directly from microsoft
then malware has to reinfect the driver again.
so run the dism.exe command again to repair your spaceport.sys driver
then boot and delete the fake windows defender files
then start your browser and clear your internet cache files, and empty your recycle bin.
do a hard reboot and not a shutdown, just pull the plug to your computer, then power on again.
then boot up in safe mode and do a rootkit scan.
reboot and run malwarebytes free version.
machine info:
Manufacturer ASUSTeK Computer INC.
Product M5A78L-M LX V2
Version Rev X.0x
BIOS Release Date 07/18/2012
BIOS Version 1001
Processor ID 120f6000fffb8b17
Processor Version AMD FX(tm)-6100 Six-Core Processor
Processor Voltage 8ch - 1.2V
External Clock 200MHz
Max Speed 3300MHz
Current Speed 3300MHz
looks like you only have one RAM bank with 4096MB at 1600MHz
(BIOS info looked like it was truncated)
i tried to find MpKsl251c67e3.sys and MpKslb4b6cdbc.sys but i cant find them .. the adress that u gave doesnt open and i manually tried to go into the definition updates but theres no such files there .. i found MpKsle6417387.sys there but when i try to delete this windows prompts that is being used by windows defender
what if i just reinstall the complete os? will this definitely solve the problem?
hussassasin said:
johnbl said:
any malware that hooks into your storage driver has the ability to filter the data coming out of the storage.IE they can remove there drivers from the list of files.
you can run the dims.exe with the /online option to get the driver repaired but if the malware has a program running it will attempt to reinfect your computer.
So, you will want to boot off another CD image of windows an scan your hard drive for rootkits/malware/viruses and have them removed.
for some problems boot into safe mode and try to do the clean up. The files will not be in use during safe mode.
-you might connect your drive to another computer as a data drive and scan the drive for malware files.
in any case, I don't think your winodows defender is ok. disable it and do a malwarebytes scan and see if it detects anything. Then do a root kit scan.
hussassasin said:
johnbl said:
if you just look at the bugcheck, it indicates that your disk stopped responding and your hardware failed.this is most likely incorrect. the system was writing a log to the device and got a error that the device did not exist.
(hard drive was able to write the memory .dmp file, so it was there)
well it could be true but it is unlikely, the storage driver looks like it has been modifed
\SystemRoot\System32\drivers\spaceport.sys
be sure to delete/remove these drivers
giveio.sys
MpKsl251c67e3.sys (look like fake microsoft defender files)
MpKslb4b6cdbc.sys (i think it is fake)
then run the dism.exe command again to repair your storage driver.
you have a few other issues that could be checked but they are minor when compared to these.
-------------------
looking at your bugcheck
you have a driver
\C:\WINDOWS\system32\giveio.sys Wed Apr 03 19:33:25 1996
the driver date is 1996, remove the driver.
-----------
C:\Program Files\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys Thu Jul 02 02:12:38 2009
update this driver
----
remove this driver (or update it if it really is a NDIS driver that you need)
\SystemRoot\system32\DRIVERS\anodlwf.sys Fri Mar 06 02:09:51 2009
-----
replace this driver:
\SystemRoot\System32\drivers\spaceport.sys unavailable (00000000)
it looks like it is corrupted. and it is the cause of the bugcheck.
-----
remove this driver
C:\WINDOWS\system32\speedfan.sys Sat Dec 29 12:59:33 2012
----------------
ok you have two drivers
MpKsl251c67e3.sys
C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{050F64BE-C3F7-41F3-B9C6-2D1C449EEC06}\MpKsl251c67e3.sys
Wed Aug 21 15:32:05 2013
C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{050F64BE-C3F7-41F3-B9C6-2D1C449EEC06}\MpKslb4b6cdbc.sys Wed Aug 21 15:32:05 2013
These are most likely malware hiding trying to look like part of windows defender. ( I have looked at lot of memory dumpts and never have seen these files, and why would you do a definition update as a driver file? more likely malware)
overall I would think you have malware that modified your spaceport.sys driver.
attempts to fix it with the sfc.exe /scannow command most likly fail because the malware modifed the backup copy.
the
dism.exe /online /cleanup-image /restorehealth
works because it gets a clean copy directly from microsoft
then malware has to reinfect the driver again.
so run the dism.exe command again to repair your spaceport.sys driver
then boot and delete the fake windows defender files
then start your browser and clear your internet cache files, and empty your recycle bin.
do a hard reboot and not a shutdown, just pull the plug to your computer, then power on again.
then boot up in safe mode and do a rootkit scan.
reboot and run malwarebytes free version.
machine info:
Manufacturer ASUSTeK Computer INC.
Product M5A78L-M LX V2
Version Rev X.0x
BIOS Release Date 07/18/2012
BIOS Version 1001
Processor ID 120f6000fffb8b17
Processor Version AMD FX(tm)-6100 Six-Core Processor
Processor Voltage 8ch - 1.2V
External Clock 200MHz
Max Speed 3300MHz
Current Speed 3300MHz
looks like you only have one RAM bank with 4096MB at 1600MHz
(BIOS info looked like it was truncated)
i tried to find MpKsl251c67e3.sys and MpKslb4b6cdbc.sys but i cant find them .. the adress that u gave doesnt open and i manually tried to go into the definition updates but theres no such files there .. i found MpKsle6417387.sys there but when i try to delete this windows prompts that is being used by windows defender
what if i just reinstall the complete os? will this definitely solve the problem?
-
Reply to johnbl
m
0
l
hussassasin
October 16, 2014 11:35:04 AM
johnbl said:
Most people would do a reinstall just because it will be so much faster. Just be sure to use a clean windows image and not a bootleg images, they can have built in malware. after you do a reinstall, be sure to scan any data drives for malware so you don't end up running something that just reinstalls a rootkit /malware.hussassasin said:
johnbl said:
any malware that hooks into your storage driver has the ability to filter the data coming out of the storage.IE they can remove there drivers from the list of files.
you can run the dims.exe with the /online option to get the driver repaired but if the malware has a program running it will attempt to reinfect your computer.
So, you will want to boot off another CD image of windows an scan your hard drive for rootkits/malware/viruses and have them removed.
for some problems boot into safe mode and try to do the clean up. The files will not be in use during safe mode.
-you might connect your drive to another computer as a data drive and scan the drive for malware files.
in any case, I don't think your winodows defender is ok. disable it and do a malwarebytes scan and see if it detects anything. Then do a root kit scan.
hussassasin said:
johnbl said:
if you just look at the bugcheck, it indicates that your disk stopped responding and your hardware failed.this is most likely incorrect. the system was writing a log to the device and got a error that the device did not exist.
(hard drive was able to write the memory .dmp file, so it was there)
well it could be true but it is unlikely, the storage driver looks like it has been modifed
\SystemRoot\System32\drivers\spaceport.sys
be sure to delete/remove these drivers
giveio.sys
MpKsl251c67e3.sys (look like fake microsoft defender files)
MpKslb4b6cdbc.sys (i think it is fake)
then run the dism.exe command again to repair your storage driver.
you have a few other issues that could be checked but they are minor when compared to these.
-------------------
looking at your bugcheck
you have a driver
\C:\WINDOWS\system32\giveio.sys Wed Apr 03 19:33:25 1996
the driver date is 1996, remove the driver.
-----------
C:\Program Files\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys Thu Jul 02 02:12:38 2009
update this driver
----
remove this driver (or update it if it really is a NDIS driver that you need)
\SystemRoot\system32\DRIVERS\anodlwf.sys Fri Mar 06 02:09:51 2009
-----
replace this driver:
\SystemRoot\System32\drivers\spaceport.sys unavailable (00000000)
it looks like it is corrupted. and it is the cause of the bugcheck.
-----
remove this driver
C:\WINDOWS\system32\speedfan.sys Sat Dec 29 12:59:33 2012
----------------
ok you have two drivers
MpKsl251c67e3.sys
C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{050F64BE-C3F7-41F3-B9C6-2D1C449EEC06}\MpKsl251c67e3.sys
Wed Aug 21 15:32:05 2013
C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{050F64BE-C3F7-41F3-B9C6-2D1C449EEC06}\MpKslb4b6cdbc.sys Wed Aug 21 15:32:05 2013
These are most likely malware hiding trying to look like part of windows defender. ( I have looked at lot of memory dumpts and never have seen these files, and why would you do a definition update as a driver file? more likely malware)
overall I would think you have malware that modified your spaceport.sys driver.
attempts to fix it with the sfc.exe /scannow command most likly fail because the malware modifed the backup copy.
the
dism.exe /online /cleanup-image /restorehealth
works because it gets a clean copy directly from microsoft
then malware has to reinfect the driver again.
so run the dism.exe command again to repair your spaceport.sys driver
then boot and delete the fake windows defender files
then start your browser and clear your internet cache files, and empty your recycle bin.
do a hard reboot and not a shutdown, just pull the plug to your computer, then power on again.
then boot up in safe mode and do a rootkit scan.
reboot and run malwarebytes free version.
machine info:
Manufacturer ASUSTeK Computer INC.
Product M5A78L-M LX V2
Version Rev X.0x
BIOS Release Date 07/18/2012
BIOS Version 1001
Processor ID 120f6000fffb8b17
Processor Version AMD FX(tm)-6100 Six-Core Processor
Processor Voltage 8ch - 1.2V
External Clock 200MHz
Max Speed 3300MHz
Current Speed 3300MHz
looks like you only have one RAM bank with 4096MB at 1600MHz
(BIOS info looked like it was truncated)
i tried to find MpKsl251c67e3.sys and MpKslb4b6cdbc.sys but i cant find them .. the adress that u gave doesnt open and i manually tried to go into the definition updates but theres no such files there .. i found MpKsle6417387.sys there but when i try to delete this windows prompts that is being used by windows defender
what if i just reinstall the complete os? will this definitely solve the problem?
i have noticed one thing though that this happens mostly when i am loading something related to graphics ... i have seen that when i start playing dota theres a squeaking sound and the pc restarts but if it doesnt then it wont restart howmuchever i play... also it has happened to me while watching videos ... but it doesnt happen when i am just surfing the web or something ... so is it possible that it may be a graphic related thing maybe? i even suspect that my power supply may be the culprit it maybe cutting of the power for a hardware or something? any ideas on this?
-
Reply to hussassasin
m
0
l
graphics problems don't make driver that change there names and try to hide in another programs directory.
and they don't modifiy the storage device binary.
You might even run the free malwarebytes and get help from them, they might recognize what is going on and have a targeted fix. To me, your problems and the installed files are acting like malware.
IE they can remove there drivers from the list of files.
you can run the dims.exe with the /online option to get the driver repaired but if the malware has a program running it will attempt to reinfect your computer.
So, you will want to boot off another CD image of windows an scan your hard drive for rootkits/malware/viruses and have them removed.
for some problems boot into safe mode and try to do the clean up. The files will not be in use during safe mode.
-you might connect your drive to another computer as a data drive and scan the drive for malware files.
in any case, I don't think your winodows defender is ok. disable it and do a malwarebytes scan and see if it detects anything. Then do a root kit scan.
this is most likely incorrect. the system was writing a log to the device and got a error that the device did not exist.
(hard drive was able to write the memory .dmp file, so it was there)
well it could be true but it is unlikely, the storage driver looks like it has been modifed
\SystemRoot\System32\drivers\spaceport.sys
be sure to delete/remove these drivers
giveio.sys
MpKsl251c67e3.sys (look like fake microsoft defender files)
MpKslb4b6cdbc.sys (i think it is fake)
then run the dism.exe command again to repair your storage driver.
you have a few other issues that could be checked but they are minor when compared to these.
-------------------
looking at your bugcheck
you have a driver
\C:\WINDOWS\system32\giveio.sys Wed Apr 03 19:33:25 1996
the driver date is 1996, remove the driver.
-----------
C:\Program Files\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys Thu Jul 02 02:12:38 2009
update this driver
----
remove this driver (or update it if it really is a NDIS driver that you need)
\SystemRoot\system32\DRIVERS\anodlwf.sys Fri Mar 06 02:09:51 2009
-----
replace this driver:
\SystemRoot\System32\drivers\spaceport.sys unavailable (00000000)
it looks like it is corrupted. and it is the cause of the bugcheck.
-----
remove this driver
C:\WINDOWS\system32\speedfan.sys Sat Dec 29 12:59:33 2012
----------------
ok you have two drivers
MpKsl251c67e3.sys
C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{050F64BE-C3F7-41F3-B9C6-2D1C449EEC06}\MpKsl251c67e3.sys
Wed Aug 21 15:32:05 2013
C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{050F64BE-C3F7-41F3-B9C6-2D1C449EEC06}\MpKslb4b6cdbc.sys Wed Aug 21 15:32:05 2013
These are most likely malware hiding trying to look like part of windows defender. ( I have looked at lot of memory dumpts and never have seen these files, and why would you do a definition update as a driver file? more likely malware)
overall I would think you have malware that modified your spaceport.sys driver.
attempts to fix it with the sfc.exe /scannow command most likly fail because the malware modifed the backup copy.
the
dism.exe /online /cleanup-image /restorehealth
works because it gets a clean copy directly from microsoft
then malware has to reinfect the driver again.
so run the dism.exe command again to repair your spaceport.sys driver
then boot and delete the fake windows defender files
then start your browser and clear your internet cache files, and empty your recycle bin.
do a hard reboot and not a shutdown, just pull the plug to your computer, then power on again.
then boot up in safe mode and do a rootkit scan.
reboot and run malwarebytes free version.
machine info:
Manufacturer ASUSTeK Computer INC.
Product M5A78L-M LX V2
Version Rev X.0x
BIOS Release Date 07/18/2012
BIOS Version 1001
Processor ID 120f6000fffb8b17
Processor Version AMD FX(tm)-6100 Six-Core Processor
Processor Voltage 8ch - 1.2V
External Clock 200MHz
Max Speed 3300MHz
Current Speed 3300MHz
looks like you only have one RAM bank with 4096MB at 1600MHz
(BIOS info looked like it was truncated)
i tried to find MpKsl251c67e3.sys and MpKslb4b6cdbc.sys but i cant find them .. the adress that u gave doesnt open and i manually tried to go into the definition updates but theres no such files there .. i found MpKsle6417387.sys there but when i try to delete this windows prompts that is being used by windows defender
what if i just reinstall the complete os? will this definitely solve the problem?
i have noticed one thing though that this happens mostly when i am loading something related to graphics ... i have seen that when i start playing dota theres a squeaking sound and the pc restarts but if it doesnt then it wont restart howmuchever i play... also it has happened to me while watching videos ... but it doesnt happen when i am just surfing the web or something ... so is it possible that it may be a graphic related thing maybe? i even suspect that my power supply may be the culprit it maybe cutting of the power for a hardware or something? any ideas on this?
and they don't modifiy the storage device binary.
You might even run the free malwarebytes and get help from them, they might recognize what is going on and have a targeted fix. To me, your problems and the installed files are acting like malware.
hussassasin said:
johnbl said:
Most people would do a reinstall just because it will be so much faster. Just be sure to use a clean windows image and not a bootleg images, they can have built in malware. after you do a reinstall, be sure to scan any data drives for malware so you don't end up running something that just reinstalls a rootkit /malware.hussassasin said:
johnbl said:
any malware that hooks into your storage driver has the ability to filter the data coming out of the storage.IE they can remove there drivers from the list of files.
you can run the dims.exe with the /online option to get the driver repaired but if the malware has a program running it will attempt to reinfect your computer.
So, you will want to boot off another CD image of windows an scan your hard drive for rootkits/malware/viruses and have them removed.
for some problems boot into safe mode and try to do the clean up. The files will not be in use during safe mode.
-you might connect your drive to another computer as a data drive and scan the drive for malware files.
in any case, I don't think your winodows defender is ok. disable it and do a malwarebytes scan and see if it detects anything. Then do a root kit scan.
hussassasin said:
johnbl said:
if you just look at the bugcheck, it indicates that your disk stopped responding and your hardware failed.this is most likely incorrect. the system was writing a log to the device and got a error that the device did not exist.
(hard drive was able to write the memory .dmp file, so it was there)
well it could be true but it is unlikely, the storage driver looks like it has been modifed
\SystemRoot\System32\drivers\spaceport.sys
be sure to delete/remove these drivers
giveio.sys
MpKsl251c67e3.sys (look like fake microsoft defender files)
MpKslb4b6cdbc.sys (i think it is fake)
then run the dism.exe command again to repair your storage driver.
you have a few other issues that could be checked but they are minor when compared to these.
-------------------
looking at your bugcheck
you have a driver
\C:\WINDOWS\system32\giveio.sys Wed Apr 03 19:33:25 1996
the driver date is 1996, remove the driver.
-----------
C:\Program Files\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys Thu Jul 02 02:12:38 2009
update this driver
----
remove this driver (or update it if it really is a NDIS driver that you need)
\SystemRoot\system32\DRIVERS\anodlwf.sys Fri Mar 06 02:09:51 2009
-----
replace this driver:
\SystemRoot\System32\drivers\spaceport.sys unavailable (00000000)
it looks like it is corrupted. and it is the cause of the bugcheck.
-----
remove this driver
C:\WINDOWS\system32\speedfan.sys Sat Dec 29 12:59:33 2012
----------------
ok you have two drivers
MpKsl251c67e3.sys
C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{050F64BE-C3F7-41F3-B9C6-2D1C449EEC06}\MpKsl251c67e3.sys
Wed Aug 21 15:32:05 2013
C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{050F64BE-C3F7-41F3-B9C6-2D1C449EEC06}\MpKslb4b6cdbc.sys Wed Aug 21 15:32:05 2013
These are most likely malware hiding trying to look like part of windows defender. ( I have looked at lot of memory dumpts and never have seen these files, and why would you do a definition update as a driver file? more likely malware)
overall I would think you have malware that modified your spaceport.sys driver.
attempts to fix it with the sfc.exe /scannow command most likly fail because the malware modifed the backup copy.
the
dism.exe /online /cleanup-image /restorehealth
works because it gets a clean copy directly from microsoft
then malware has to reinfect the driver again.
so run the dism.exe command again to repair your spaceport.sys driver
then boot and delete the fake windows defender files
then start your browser and clear your internet cache files, and empty your recycle bin.
do a hard reboot and not a shutdown, just pull the plug to your computer, then power on again.
then boot up in safe mode and do a rootkit scan.
reboot and run malwarebytes free version.
machine info:
Manufacturer ASUSTeK Computer INC.
Product M5A78L-M LX V2
Version Rev X.0x
BIOS Release Date 07/18/2012
BIOS Version 1001
Processor ID 120f6000fffb8b17
Processor Version AMD FX(tm)-6100 Six-Core Processor
Processor Voltage 8ch - 1.2V
External Clock 200MHz
Max Speed 3300MHz
Current Speed 3300MHz
looks like you only have one RAM bank with 4096MB at 1600MHz
(BIOS info looked like it was truncated)
i tried to find MpKsl251c67e3.sys and MpKslb4b6cdbc.sys but i cant find them .. the adress that u gave doesnt open and i manually tried to go into the definition updates but theres no such files there .. i found MpKsle6417387.sys there but when i try to delete this windows prompts that is being used by windows defender
what if i just reinstall the complete os? will this definitely solve the problem?
i have noticed one thing though that this happens mostly when i am loading something related to graphics ... i have seen that when i start playing dota theres a squeaking sound and the pc restarts but if it doesnt then it wont restart howmuchever i play... also it has happened to me while watching videos ... but it doesnt happen when i am just surfing the web or something ... so is it possible that it may be a graphic related thing maybe? i even suspect that my power supply may be the culprit it maybe cutting of the power for a hardware or something? any ideas on this?
-
Reply to johnbl
m
0
l
hussassasin
October 16, 2014 12:20:44 PM
johnbl said:
graphics problems don't make driver that change there names and try to hide in another programs directory.and they don't modifiy the storage device binary.
[/quotemsg]
i agree to what u say but the ssqueaking noise is what i am wondering about .. it happens exactly before the crash happens .. so its definitely something related ... i will wait for a week or so before reinstalling the os and check if i can solve the problem instead ..
-
Reply to hussassasin
m
0
l
Related resources
- CRITICAL_PROCESS_DIED and KERNEL_DATA_INPAGE_ERROR BSOD Forum
- Kernel Data Inpage Error Forum
- Kernel Data Inpage Error & Critical Process Died BSOD ... I'm stuck :( Forum
- SolvedBSOD-Kernel Data Inpage Error Forum
- SolvedCrashing computer KERNEL_DATA_INPAGE_ERROR Forum
- BSOD-Kernel Data Inpage Error Forum
- Kernel data inpage error???? What is this??? Forum
- SolvedBSOD - KERNEL_DATA_INPAGE_ERROR and CRITICAL_PROCESS_DIED Forum
- Blue Screen of Death: Kernel_Data_Inpage_Error (7a) Forum
- Kernel Data Inpage Error Prevents My PC From Starting Up. Forum
- SolvedInstruction memory references, Kernel_Data_Inpage_Errors, and overall slowness. Help please! Forum
- SOLVED: Windows 8 BSOD - Kernel Data Inpage Error & Critical Process Died Forum
- BSOD issues. Kernel_Data_Inpage_Error. Help Please! Forum
- Kernel Data Inpage Error Please Help Forum
- Kernel data inpage error and chkdsk Forum
- More resources
Read discussions in other Windows 8 categories
!