- Jan 19, 2015
- 22
- 0
- 4,510
Hello!
I have during last week encountered about three BSODs, and it's very annoying. I would like to find out which driver is causing the trouble and at least try fixing it.
I ran the memory dump in 2 programs:
1. "WhoCrashed", the only differences found was the ending of the address that caused it (highlighted):
2. "BlueScreenViewer". The only difference found was in "parameters" and the address that caused it (same as with "WhoCrashed")
So... which driver is causing and and what program is associated with that driver? If I am correct, the first step is trying to reinstall the program/driver.
Thanks for Your time!
EDIT: Here are the .dmp files http://www.sendspace.com/filegroup/1Pw66Xl3oTP6P%2B6C8IX8xAKHZNv5G98T
with the associated virustotal scans:
https://www.virustotal.com/sv/file/8e340618c8801b9843d943cd6c73a0f1e3bd600b39ab2e16d340691b5500fb5f/analysis/1421344982/]
https://www.virustotal.com/sv/file/7a4ebab0029f6e1d483c926c9e695ffaddb0faae0389003fb9266fff1f1c50ce/analysis/1421345003/
https://www.virustotal.com/sv/file/9a9e8accbf222806706c05e3e02bb62cfc13979d2eca9d6bb23a47aefa65fbec/analysis/1421345012/
I have during last week encountered about three BSODs, and it's very annoying. I would like to find out which driver is causing the trouble and at least try fixing it.
I ran the memory dump in 2 programs:
1. "WhoCrashed", the only differences found was the ending of the address that caused it (highlighted):
On Thu 15/01-2015 17:47:45 GMT your computer crashed
crash dump file: C:\Windows\Minidump\011515-28375-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x76E80)
Bugcheck code: 0xC5 (0x8, 0x2, 0x0, 0xFFFFF80003206B05)
Error: DRIVER_CORRUPTED_EXPOOL
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that the system attempted to access invalid memory at a process IRQL that was too high.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.
On Thu 15/01-2015 17:47:45 GMT your computer crashed
crash dump file: C:\Windows\memory.dmp
This was probably caused by the following module: ntkrnlmp.exe (nt!KeBugCheckEx+0x0)
Bugcheck code: 0xC5 (0x8, 0x2, 0x0, 0xFFFFF80003206B05)
Error: DRIVER_CORRUPTED_EXPOOL
Bug check description: This indicates that the system attempted to access invalid memory at a process IRQL that was too high.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.
On Tue 13/01-2015 19:14:10 GMT your computer crashed
crash dump file: C:\Windows\Minidump\011315-47937-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x75BC0)
Bugcheck code: 0xC5 (0x8, 0x2, 0x0, 0xFFFFF800031FEB05)
Error: DRIVER_CORRUPTED_EXPOOL
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that the system attempted to access invalid memory at a process IRQL that was too high.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.
On Mon 12/01-2015 20:06:54 GMT your computer crashed
crash dump file: C:\Windows\Minidump\011215-56953-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x75BC0)
Bugcheck code: 0xC5 (0x8, 0x2, 0x0, 0xFFFFF8000320DB05)
Error: DRIVER_CORRUPTED_EXPOOL
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that the system attempted to access invalid memory at a process IRQL that was too high.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.
crash dump file: C:\Windows\Minidump\011515-28375-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x76E80)
Bugcheck code: 0xC5 (0x8, 0x2, 0x0, 0xFFFFF80003206B05)
Error: DRIVER_CORRUPTED_EXPOOL
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that the system attempted to access invalid memory at a process IRQL that was too high.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.
On Thu 15/01-2015 17:47:45 GMT your computer crashed
crash dump file: C:\Windows\memory.dmp
This was probably caused by the following module: ntkrnlmp.exe (nt!KeBugCheckEx+0x0)
Bugcheck code: 0xC5 (0x8, 0x2, 0x0, 0xFFFFF80003206B05)
Error: DRIVER_CORRUPTED_EXPOOL
Bug check description: This indicates that the system attempted to access invalid memory at a process IRQL that was too high.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.
On Tue 13/01-2015 19:14:10 GMT your computer crashed
crash dump file: C:\Windows\Minidump\011315-47937-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x75BC0)
Bugcheck code: 0xC5 (0x8, 0x2, 0x0, 0xFFFFF800031FEB05)
Error: DRIVER_CORRUPTED_EXPOOL
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that the system attempted to access invalid memory at a process IRQL that was too high.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.
On Mon 12/01-2015 20:06:54 GMT your computer crashed
crash dump file: C:\Windows\Minidump\011215-56953-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x75BC0)
Bugcheck code: 0xC5 (0x8, 0x2, 0x0, 0xFFFFF8000320DB05)
Error: DRIVER_CORRUPTED_EXPOOL
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that the system attempted to access invalid memory at a process IRQL that was too high.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.
2. "BlueScreenViewer". The only difference found was in "parameters" and the address that caused it (same as with "WhoCrashed")
So... which driver is causing and and what program is associated with that driver? If I am correct, the first step is trying to reinstall the program/driver.
Thanks for Your time!
EDIT: Here are the .dmp files http://www.sendspace.com/filegroup/1Pw66Xl3oTP6P%2B6C8IX8xAKHZNv5G98T
with the associated virustotal scans:
https://www.virustotal.com/sv/file/8e340618c8801b9843d943cd6c73a0f1e3bd600b39ab2e16d340691b5500fb5f/analysis/1421344982/]
https://www.virustotal.com/sv/file/7a4ebab0029f6e1d483c926c9e695ffaddb0faae0389003fb9266fff1f1c50ce/analysis/1421345003/
https://www.virustotal.com/sv/file/9a9e8accbf222806706c05e3e02bb62cfc13979d2eca9d6bb23a47aefa65fbec/analysis/1421345012/
Facebook
Twitter
Instagram