BSOD - Unable to verify timestamp for ntoskrnl.exe

bsod ntoskrnl.exe windows-vista 64-bit
15,890

Solution 1

This indicates that the debugger (presumably WinDbg) can't load ntoskrnl.exe. While it is certainly possible that some malicious program has replaced your ntoskrnl.exe as Wil suggested, a more likely explanation is that you don't have WinDbg configured to download symbols from Microsoft's public symbol server.

Try running the .symfix and !sym noisy commands and then try running !analyze -v again. If that doesn't help, please post all of the relevant debugger output (with !sym noisy turned on). (Posting the actual minidump could also help.) For example, some of the output you omitted includes the symbol path:

Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [C:\temp\oops.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: srv*C:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Unable to load image \SystemRoot\system32\ntoskrnl.chk, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.chk
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.chk
Windows Server 2008/Windows Vista Kernel Version 6002 MP (2 procs) Checked x64

If your symbol path is set up correctly, memory corruption due to bad hardware would be another possible non-malware explanation. Try running MemTest86+ for a few hours.

Regarding the bug check code info: bug check 0x1000007e is SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M. The associated exception is 0xC0000005, STATUS_ACCESS_VIOLATION. The other three parameters don't offer much insight without further examination in the debugger. This could be due to a driver bug, overclocking, faulty memory, a corrupted/replaced file on disk, a failed attempt at exploiting a buffer overflow in a system service, a cosmic ray striking one of your PC's RAM chips, etc.

Solution 2

Not sure if this helps you and I am no expert but I just had this problem . i sent the report in and microsoft popped up a page that gave answers to this problem . they said it was most likely a hard drive error , windows could not read from the drive and gave a few reasons why . One reason was that I had just transfered a large file to my drive from external media or drive . I had just transfered my win cd to my hd . sorry but I forgot what the other reasons were but they too were just simple things . They said to run chkdsk .

Solution 3

It seems others have had the same problem, specifically after Windows updates as well. It sounds like a lower level problem and searching has yielded a few possible solutions:

  • replace ntoskrnl.exe from your Windows DVD.
  • Run a chkdsk on your drive
  • Run a Memtest

Personally, rather than doing process of elimination and wasting time, Id prefer to do a fresh install of Windows (after backing up all of your files of course).

Share:
15,890

Related videos on Youtube

Michael Kniskern
Author by

Michael Kniskern

I am currently working as an IT engineer for the government of Mesa, Arizona USA

Updated on September 17, 2022

Comments

  • Michael Kniskern
    Michael Kniskern almost 2 years

    Recently, my Dell desktop has been randomly crashing when left running for an extended period of time. The following information was written to the dump file:

    Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2
    WARNING: Unable to verify timestamp for ntoskrnl.exe
    ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe Windows Server 2008/Windows Vista Kernel Version 6001 (Service Pack 1) MP (4 procs) Free x64
    Product: WinNt, suite: TerminalServer SingleUserTS Personal
    Machine Name:
    Kernel base = 0xfffff80001e5c000 PsLoadedModuleList = 0xfffff8000201edb0
    Debug session time: Mon Aug 31 19:33:29.995 2009 (GMT-7)
    System Uptime: 0 days 11:59:15.563

    Has anyone experienced this issue with the ntoskrnl.exe causing Windows Vista to crash? I am running Windows Vista 64-bit home premium

    Update

    This behavior starting occurring last week after the latest set of Windows Vista updates were automatically installed on my computer (KB973879, KB973874, KB970653 and KB972036). I also uninstalled and old version of McFee Security Center and installed AVS Anti-Virus Free Editon 8.5.

    Also, the BSOD would also occur when I disconnected my iPhone from my computer.

    @Wil - Is there a suggested tool for determining if I have a roolkit installed on my workstation.

    Update 2

    Here are the crash codes from my latest BSOD. Also, I had to reinstall my drivers for my Belkin G Wireless USB Network Adapter and it cleared my cookies cache from IE8.

    BCCode: 1000007e
    BCP1: FFFFFFFFC0000005
    BCP2: FFFFF800021D3B81
    BCP3: FFFFFA60017B4798
    BCP4: FFFFFA60017B4170

    Update 3

    @Wil - I tried running Rootkit Revealer and it wrote the following application error to the event log:

    Faulting application RootkitRevealer.exe, version 1.71.0.0, time stamp 0x44e255aa, faulting module RootkitRevealer.exe, version 1.71.0.0, time stamp 0x44e255aa, exception code 0xc0000005, fault offset 0x000040cd, process id 0x11b0, application start time 0x01ca2ab8f0adc004.

  • William Hilsum
    William Hilsum almost 15 years
    He has posted all the needed information - The critical Windows files are "signed" with a digital key, it may say time stamp, but this basically means that the kernel itself no longer has a valid certificate against it / it has been edited and is failing the CRC / integrity check.... It may be fixable as I said, however it is a lot more likely an indication of a more serious error to come.
  • Michael Kniskern
    Michael Kniskern almost 15 years
    I have updated my question based on your answer
  • Michael Kniskern
    Michael Kniskern almost 15 years
    I have updated my question based on your answer
  • William Hilsum
    William Hilsum almost 15 years
    updated my answer based on your updated question! :)
  • Michael Kniskern
    Michael Kniskern almost 15 years
    I tried running Rootkit Revealer exe and windows popped up a "Rootkit detection utility has stopped working" dialog box.
  • bk1e
    bk1e almost 15 years
    @Wil: You can easily get the same error with a kernel that has a valid Microsoft signature. Also, WinDbg doesn't look at digital signatures.
  • Michael Kniskern
    Michael Kniskern almost 15 years
    @John T - I ran chkdsk and everything came back OK.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to know what was the reason of this bluescreen error?
Minidump folder cannot be found
Install Additional Printer Drivers (x86) on Vista (x64) - Can't find suitable (x86) ntprint.inf
Installer is asking about x86 and x64 - what are they?
Is there a Norton Commander clone for Windows Vista, 64-bits?
Why is moving files from one harddrive to another so slow?
Switching BIOS SATA RAID/AHCI setting causes BSOD at Windows Start - Why?
"EISA Configuration" partition
Cannot Acess Folder on Externally Mounted HD
Can Vista x64 or Windows 7 x64 drivers be used for Windows Server 2008 x64, including R2?