[SOLVED] NTDLL.DLL access restrictions.

Status
Not open for further replies.
nicklemarr

nicklemarr

Member
Joined
Mar 21, 2013
Posts
8
Location
Savannah, GA
Hello all, I'm not really sure if this is in the right place, so delete it and let me know if it isn't.

Now, on to the problem.
I installed Windows 8, had nothing but issues getting it configured the way I like it. Some time after, (about a month) I started having my programs crash (not randomly), as well as my computer BSODing when my "when to turn monitor off" timer hit.

I could not solve it, and no matter where I went and the amount of time I put it, I still had the same errors. I ended up installing Windows 7 again with no issues. I got it configured perfectly, but yet again (seems to be after installing updates, but I may just be paranoid) I get the same errors messages, linking to the same .dll, and the same BSOD when the monitor get turned off (as I said before, from power settings not button.)

I've been writing down basic information and checking (and subsequently modifying) permissions to various files as well as running SFCs periodically reading from a local and disc Windows.

Now to specifics:
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f
Exception code: 0xc0000005
Fault offset: 0x0001fb4d
Faulting module path: C:\Windows\SysWOW64\ntdll.dll

This is the error 95% of the time. So I've made sure permission are fine. Checked the size versus the same file on different installations (I've even copied just in case) and no progress.

I know enough to diagnose and fix most problems, but this one is most stubborn, and there are so many variables to account for, that I'm having quite a difficult time figuring out what to do. If I had more time, I'd reinstall and install each program and update one by one and check to see the status of the program crashing constantly. I would like to figure this out without going that route. Oh, by the way, the applications that do crash do so 100% of the time, which I'm assuming is because they need the functions provided. Also, it's always the 32bit ntdll.dll.

How can I help you help me?
 
usasma said:
Please provide this information so we can provide a complete analysis: https://www.sysnative.com/forums/bs...d-posting-instructions-windows-8-7-vista.html
Click to expand...

Ahhh. Attached.
Also, I've tested my RAM, SSD, and CPU stability at various speeds with various utilities, and I've never received an error. All checks pass. Prime95 stable for running past 72 hours.
As far as the information in step five, it's all listed in the files attached.

View attachment sysnative.7z.zip
 
Please rerun the data collection application and then re-upload the zip file (no need to use both 7zip and the windows zip utility).
The uploaded file is either corrupt or empty.
 
I can open the zip, see the files, but cannot open the files.

Please zip using Windows - RIGHT-click on folder, "Send To", "Zip (compressed) Folder"
 
jcgriff2 said:
I can open the zip, see the files, but cannot open the files.

Please zip using Windows - RIGHT-click on folder, "Send To", "Zip (compressed) Folder"
Click to expand...

I removed the Send To context menu quite a long time ago. Also, zip functionality has been disabled. I will see about enabling it and get back to you. I also am having trouble understanding your problem, as I have a co-worker that has opened both of my uploaded files from this thread with no issue.
 
What is "namehelp"? It is all over Event Viewer logs and appears to be causing problems.

Event Viewer shows Windows is validated, but these entries suggest there may be issues with Activation & Validation -
Code: 
Event[84]:
  Log Name: Application
  Source: Windows Activation Technologies
  Date: 2013-03-18T07:37:00.000
  Description: 
[COLOR="#FF0000"]SLUI notification schedule modified. 
 Schedule type: 1[/COLOR]

Code: 
Event[85]:
  Log Name: Application
  Source: Windows Activation Technologies
  Date: 2013-03-18T07:37:00.000
  Description: 
[COLOR="#FF0000"]Genuine validation schedule created/changed. 
 Interval: 129600 minutes[/COLOR]

Is Windows 7 OEM version or full retail version?
 
Please post an MGADiag report.

we need to see a full copy of the report produced by the MGADiag tool
(download and save to desktop - http://go.microsoft.com/fwlink/?linkid=52012 )
Once saved, run the tool.
Click on the Continue button, which will produce the report.
To copy the report to your response, click on the Copy button in the tool (ignore any error messages at this point), and then paste (using either r-click/Paste, or Ctrl+V ) into your response.
- **in your own thread**, please

Please also state the Version and Edition of Windows quoted on your COA sticker (if you have one) on the case of your machine (or inside the battery compartment), but do NOT quote the Key on the sticker!
How to Tell ? Hardware
 
NoelDP said:
That's solved NOTHING.
Your installation is counterfeit.
Click to expand...

Indeed it is, but I don't understand the correlation.

Either way, if anyone wants to know how I fixed it.
  • Disable all startup programs.
  • Run SFC. (This is optional, but I did it anyways.)
  • Open CMD as admin and inpute the following "secedit /configure /cfg %windir%\inf\defltbase.inf /db defltbase.sdb /verbose"
  • Reboot.
  • Run SFC again.
  • Reboot. Viola.
 
Last edited:
The hacks required to bypass activation and validation frequently come with malware attached - and it's impossible to be sure of system integrity unless it is reformatted and reinstalled using genuine media.
A large proportion of BSOD reports that come in are from hacked machines - much larger than the comparative incidence of hacked Windows.
 
Status
Not open for further replies.

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top