Code:
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\natyan\Windows_NT6_BSOD_jcgriff2\123011-106143-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16905.x86fre.win7_gdr.111025-1503
Machine Name:
Kernel base = 0x8280a000 PsLoadedModuleList = 0x82952810
Debug session time: Fri Dec 30 07:04:04.814 2011 (UTC - 7:00)
System Uptime: 0 days 11:34:22.921
Loading Kernel Symbols
...............................................................
................................................................
................................
Loading User Symbols
Loading unloaded module list
................
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
BAD_POOL_HEADER (19)
The pool is already corrupt at the time of the current request.
This may or may not be due to the caller.
The internal pool links must be walked to figure out a possible cause of
the problem, and then special pool applied to the suspect tags or the driver
verifier to a suspect driver.
Arguments:
Arg1: 00000020, a pool block header size is corrupt.
Arg2: 8520d000, The pool entry we were looking for within the page.
Arg3: 8520d300, The next pool entry.
Arg4: 08600000, (reserved)
Debugging Details:
------------------
Unable to load image \SystemRoot\system32\DRIVERS\athr.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for athr.sys
*** ERROR: Module load completed but symbols could not be loaded for athr.sys
BUGCHECK_STR: 0x19_20
POOL_ADDRESS: GetPointerFromAddress: unable to read from 82972718
Unable to read MiSystemVaType memory at 82952160
8520d000
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: SynTPEnh.exe
CURRENT_IRQL: 2
LAST_CONTROL_TRANSFER: from 8aa07df9 to 829291b6
STACK_TEXT:
807e3ce8 8aa07df9 8520d008 00000000 00000040 nt!ExFreePoolWithTag+0x1b1
807e3d00 8aa07ad5 8520d018 87579840 87579800 ndis!ndisFreeToNPagedPool+0x39
807e3d1c 8aa07b77 87579800 00000040 8520d018 ndis!ndisPplFree+0x4a
807e3d38 822c3834 8520d018 85e2aae0 807e3d60 ndis!NdisFreeNetBufferList+0x3f
807e3d48 822c67fd 807e3d68 852f4318 852f4318 nwifi!Dot11FreeSendPacket+0x4e
807e3d60 822c363d 8520d018 00000000 874ff008 nwifi!Dot11EnterRoamingWithLock+0x157
807e3d84 822c5810 8757b910 8520d018 00000000 nwifi!Dot11SendCompletion+0x2d
807e3d9c 8aa085e2 8757b910 8520d018 00000001 nwifi!Pt6SendComplete+0x1e
807e3db0 9050c6cf 86205e00 8520d018 00000001 ndis!NdisFSendNetBufferListsComplete+0x3a
807e3dd0 8aa6cf0a 87027008 00000000 00000001 vwififlt!FilterSendNetBufferListsComplete+0x93
807e3df4 94c3e7d2 860320e0 87bab470 00000001 ndis!NdisMSendNetBufferListsComplete+0xa4
WARNING: Stack unwind information not available. Following frames may be wrong.
807e3e6c 94c29d6e 00000000 00000001 00000000 athr+0x2a7d2
807e3e8c 94c2a09d 86bb2028 00000001 00000002 athr+0x15d6e
807e3ea0 94c8c424 86bb2028 807e3ec8 94c915ff athr+0x1609d
807e3eac 94c915ff 86bb4020 807e3ed8 8a72d81c athr+0x78424
807e3ec8 94c30dfd 86bb4020 807e3ee4 94c15791 athr+0x7d5ff
807e3ed4 94c15791 86203020 86bb2028 807e3f20 athr+0x1cdfd
807e3ee4 8aa5a309 86bb2028 00000000 807e3f10 athr+0x1791
807e3f20 8aa059f4 87003174 00003160 00000000 ndis!ndisMiniportDpc+0xe2
807e3f48 828724f5 87003174 87003160 00000000 ndis!ndisInterruptDpc+0xaf
807e3fa4 82872358 807c3120 85331b60 00000000 nt!KiExecuteAllDpcs+0xf9
807e3ff4 82871b1c 991e355c 00000000 00000000 nt!KiRetireDpcList+0xd5
807e3ff8 991e355c 00000000 00000000 00000000 nt!KiDispatchInterrupt+0x2c
82871b1c 00000000 0000001a 00d6850f bb830000 0x991e355c
STACK_COMMAND: kb
FOLLOWUP_IP:
nwifi!Dot11FreeSendPacket+4e
822c3834 832700 and dword ptr [edi],0
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: nwifi!Dot11FreeSendPacket+4e
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nwifi
IMAGE_NAME: nwifi.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bc89f
FAILURE_BUCKET_ID: 0x19_20_nwifi!Dot11FreeSendPacket+4e
BUCKET_ID: 0x19_20_nwifi!Dot11FreeSendPacket+4e
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\natyan\Windows_NT6_BSOD_jcgriff2\010212-93912-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17713.x86fre.win7sp1_gdr.111025-1505
Machine Name:
Kernel base = 0x82847000 PsLoadedModuleList = 0x829904d0
Debug session time: Mon Jan 2 21:04:18.166 2012 (UTC - 7:00)
System Uptime: 0 days 12:44:38.273
Loading Kernel Symbols
...............................................................
................................................................
.................................
Loading User Symbols
Loading unloaded module list
............
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
BAD_POOL_HEADER (19)
The pool is already corrupt at the time of the current request.
This may or may not be due to the caller.
The internal pool links must be walked to figure out a possible cause of
the problem, and then special pool applied to the suspect tags or the driver
verifier to a suspect driver.
Arguments:
Arg1: 00000020, a pool block header size is corrupt.
Arg2: 8520d000, The pool entry we were looking for within the page.
Arg3: 8520d300, The next pool entry.
Arg4: 08600000, (reserved)
Debugging Details:
------------------
GetPointerFromAddress: unable to read from 829b0848
Unable to read MiSystemVaType memory at 8298fe20
BUGCHECK_STR: 0x19_20
POOL_ADDRESS: GetPointerFromAddress: unable to read from 829b0848
Unable to read MiSystemVaType memory at 8298fe20
8520d000
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: TCrdMain.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from 82a69879 to 82967c6b
STACK_TEXT:
ba5d0b5c 82a69879 8520d008 c3504c41 8520d008 nt!ExFreePoolWithTag+0x1b1
ba5d0b80 82a6961e 8520d038 8520d020 00000000 nt!ObpFreeObject+0x24f
ba5d0b94 828bfd40 00000000 85ab9d48 8520d020 nt!ObpRemoveObjectRoutine+0x5e
ba5d0ba8 828bfcb0 8520d038 82a8c3c6 accbf028 nt!ObfDereferenceObjectWithTag+0x88
ba5d0bb0 82a8c3c6 accbf028 85ab9d48 accbf028 nt!ObfDereferenceObject+0xd
ba5d0bf0 82abac69 abe70de8 accbf028 8502abb8 nt!ObpCloseHandleTableEntry+0x21d
ba5d0c20 82aa3044 abe70de8 ba5d0c34 acc5f3b8 nt!ExSweepHandleTable+0x5f
ba5d0c40 82ab0726 9c06b7f8 85ab9d48 40010004 nt!ObKillProcess+0x54
ba5d0cb4 82ac4111 40010004 864a5198 00000001 nt!PspExitThread+0x5db
ba5d0ccc 828f88a0 864a5198 ba5d0cf8 ba5d0d04 nt!PsExitSpecialApc+0x22
ba5d0d1c 828852d4 00000001 00000000 ba5d0d34 nt!KiDeliverApc+0x28b
ba5d0d1c 76df70b4 00000001 00000000 ba5d0d34 nt!KiServiceExit+0x64
WARNING: Frame IP not in any known module. Following frames may be wrong.
0444ff88 00000000 00000000 00000000 00000000 0x76df70b4
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!ExFreePoolWithTag+1b1
82967c6b cc int 3
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!ExFreePoolWithTag+1b1
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrpamp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4ea76eb4
FAILURE_BUCKET_ID: 0x19_20_nt!ExFreePoolWithTag+1b1
BUCKET_ID: 0x19_20_nt!ExFreePoolWithTag+1b1
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\natyan\Windows_NT6_BSOD_jcgriff2\010512-110979-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17713.x86fre.win7sp1_gdr.111025-1505
Machine Name:
Kernel base = 0x82848000 PsLoadedModuleList = 0x829914d0
Debug session time: Thu Jan 5 13:32:40.759 2012 (UTC - 7:00)
System Uptime: 0 days 7:10:06.882
Loading Kernel Symbols
...............................................................
................................................................
...................................
Loading User Symbols
Loading unloaded module list
...................
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
MEMORY_MANAGEMENT (1a)
# Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 00041287, The subtype of the bugcheck.
Arg2: 64536d59
Arg3: 00000000
Arg4: 00000000
Debugging Details:
------------------
BUGCHECK_STR: 0x1a_41287
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: msiexec.exe
CURRENT_IRQL: 0
TRAP_FRAME: a07f5c00 -- (.trap 0xffffffffa07f5c00)
ErrCode = 00000000
eax=64536d4d ebx=a07f5ce0 ecx=64536d4d edx=00075c99 esi=873bebb8 edi=75c99349
eip=828e3f88 esp=a07f5c74 ebp=a07f5c74 iopl=0 nv up ei pl nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010206
nt!MiFindNodeOrParent+0x17:
828e3f88 3b510c cmp edx,dword ptr [ecx+0Ch] ds:0023:64536d59=????????
Resetting default scope
LAST_CONTROL_TRANSFER: from 82889408 to 828d640f
STACK_TEXT:
a07f5be8 82889408 00000000 64536d59 00000000 nt!MmAccessFault+0x106
a07f5be8 828e3f88 00000000 64536d59 00000000 nt!KiTrap0E+0xdc
a07f5c74 828e3b73 a07f5c84 c03ae4c8 851267d8 nt!MiFindNodeOrParent+0x17
a07f5c88 828e3bc8 87752760 c03ae4c8 00000000 nt!MiLocateAddress+0x41
a07f5ca0 828d8108 a07f5ce0 a07f5cd8 75c99349 nt!MiCheckVirtualAddress+0x42
a07f5d1c 82889408 00000008 75c99349 00000001 nt!MmAccessFault+0x1dfd
a07f5d1c 75c99349 00000008 75c99349 00000001 nt!KiTrap0E+0xdc
WARNING: Frame IP not in any known module. Following frames may be wrong.
0140f0bc 00000000 00000000 00000000 00000000 0x75c99349
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!KiTrap0E+dc
82889408 85c0 test eax,eax
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!KiTrap0E+dc
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrpamp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4ea76eb4
FAILURE_BUCKET_ID: 0x1a_41287_nt!KiTrap0E+dc
BUCKET_ID: 0x1a_41287_nt!KiTrap0E+dc
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\natyan\Windows_NT6_BSOD_jcgriff2\010712-91915-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17713.x86fre.win7sp1_gdr.111025-1505
Machine Name:
Kernel base = 0x82817000 PsLoadedModuleList = 0x829604d0
Debug session time: Sat Jan 7 11:50:09.984 2012 (UTC - 7:00)
System Uptime: 1 days 5:33:55.091
Loading Kernel Symbols
...............................................................
................................................................
.....................................
Loading User Symbols
Loading unloaded module list
...........................
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
BAD_POOL_HEADER (19)
The pool is already corrupt at the time of the current request.
This may or may not be due to the caller.
The internal pool links must be walked to figure out a possible cause of
the problem, and then special pool applied to the suspect tags or the driver
verifier to a suspect driver.
Arguments:
Arg1: 00000020, a pool block header size is corrupt.
Arg2: 8520d000, The pool entry we were looking for within the page.
Arg3: 8520d300, The next pool entry.
Arg4: 08600000, (reserved)
Debugging Details:
------------------
GetPointerFromAddress: unable to read from 82980848
Unable to read MiSystemVaType memory at 8295fe20
BUGCHECK_STR: 0x19_20
POOL_ADDRESS: GetPointerFromAddress: unable to read from 82980848
Unable to read MiSystemVaType memory at 8295fe20
8520d000
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from 82a39879 to 82937c6b
STACK_TEXT:
8c93fc4c 82a39879 8520d008 e56c6946 8520d008 nt!ExFreePoolWithTag+0x1b1
8c93fc70 82a3961e 8520d028 8520d010 00000000 nt!ObpFreeObject+0x24f
8c93fc84 8288fd40 00000000 000c0000 00000000 nt!ObpRemoveObjectRoutine+0x5e
8c93fc98 8288fcb0 8520d028 82a3eff9 8515e340 nt!ObfDereferenceObjectWithTag+0x88
8c93fca0 82a3eff9 8515e340 8515e368 829829c0 nt!ObfDereferenceObject+0xd
8c93fccc 82878f04 8515e340 00000000 00000000 nt!MiSegmentDelete+0x191
8c93fd28 82879225 84eed638 00000000 10020020 nt!MiProcessDereferenceList+0xdb
8c93fd50 82a1ffda 00000000 a8b26fd5 00000000 nt!MiDereferenceSegmentThread+0xc5
8c93fd90 828c81f9 8287915e 00000000 00000000 nt!PspSystemThreadStartup+0x9e
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x19
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!ExFreePoolWithTag+1b1
82937c6b cc int 3
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!ExFreePoolWithTag+1b1
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrpamp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4ea76eb4
FAILURE_BUCKET_ID: 0x19_20_nt!ExFreePoolWithTag+1b1
BUCKET_ID: 0x19_20_nt!ExFreePoolWithTag+1b1
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\natyan\Windows_NT6_BSOD_jcgriff2\010812-71417-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17713.x86fre.win7sp1_gdr.111025-1505
Machine Name:
Kernel base = 0x8280e000 PsLoadedModuleList = 0x829574d0
Debug session time: Sat Jan 7 20:37:31.585 2012 (UTC - 7:00)
System Uptime: 0 days 5:24:56.583
Loading Kernel Symbols
...............................................................
................................................................
....................................
Loading User Symbols
Loading unloaded module list
......
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
BAD_POOL_HEADER (19)
The pool is already corrupt at the time of the current request.
This may or may not be due to the caller.
The internal pool links must be walked to figure out a possible cause of
the problem, and then special pool applied to the suspect tags or the driver
verifier to a suspect driver.
Arguments:
Arg1: 00000020, a pool block header size is corrupt.
Arg2: 8520d000, The pool entry we were looking for within the page.
Arg3: 8520d300, The next pool entry.
Arg4: 08600000, (reserved)
Debugging Details:
------------------
GetPointerFromAddress: unable to read from 82977848
Unable to read MiSystemVaType memory at 82956e20
BUGCHECK_STR: 0x19_20
POOL_ADDRESS: GetPointerFromAddress: unable to read from 82977848
Unable to read MiSystemVaType memory at 82956e20
8520d000
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from 8a83ff3a to 8292ec6b
STACK_TEXT:
e2f80adc 8a83ff3a 8520d008 00000000 828d1d6d nt!ExFreePoolWithTag+0x1b1
e2f80af4 8a836748 8520d008 e2f80b18 8a8ca5ec Ntfs!NtfsFreeNonpagedDataFcb+0x28
e2f80b00 8a8ca5ec 8a863300 8520d008 86d88128 Ntfs!ExFreeToNPagedLookasideList+0x1e
e2f80b18 8a8bb199 8520d008 00000000 85b49240 Ntfs!NtfsDeleteNonpagedFcb+0x3c
e2f80b40 8a835b29 86d88128 e2f80b70 e2f80b7a Ntfs!NtfsDeleteFcb+0xd5
e2f80b94 8a8ca372 86d88128 85b490d8 ab463c88 Ntfs!NtfsTeardownFromLcb+0x24f
e2f80be4 8a83a2cb 86d88128 ab463d78 01463f20 Ntfs!NtfsTeardownStructures+0xf3
e2f80c0c 8a8ce341 86d88128 ab463d78 ab463f20 Ntfs!NtfsDecrementCloseCounts+0xaf
e2f80c6c 8a8d2424 86d88128 ab463d78 ab463c88 Ntfs!NtfsCommonClose+0x4f2
e2f80d00 8288ba6b 00000000 00000000 853ada68 Ntfs!NtfsFspClose+0x118
e2f80d50 82a16fda 80000000 c6d9977f 00000000 nt!ExpWorkerThread+0x10d
e2f80d90 828bf1f9 8288b95e 80000000 00000000 nt!PspSystemThreadStartup+0x9e
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x19
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!ExFreePoolWithTag+1b1
8292ec6b cc int 3
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!ExFreePoolWithTag+1b1
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrpamp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4ea76eb4
FAILURE_BUCKET_ID: 0x19_20_nt!ExFreePoolWithTag+1b1
BUCKET_ID: 0x19_20_nt!ExFreePoolWithTag+1b1
Followup: MachineOwner
---------
First step should be to remove all Symantec software running on your machine as these are known to cause BSODs on some systems.
Code:
rtvscan.exe c:\program files\symantec\symantec endpoint protection\rtvscan.exe 2056 8 200 1380 1/8/2012 9:44 AM 11.0.6300.541 1.75 MB (1,839,888 bytes) 7/21/2011 1:42 PM
smc.exe c:\program files\symantec\symantec endpoint protection\smc.exe 1220 8 200 1380 1/8/2012 9:44 AM 11.0.6300.552 1.81 MB (1,893,840 bytes) 7/21/2011 1:42 PM
smcgui.exe c:\program files\symantec\symantec endpoint protection\smcgui.exe 3432 8 200 1380 1/8/2012 9:45 AM 11.0.6300.552 1.39 MB (1,459,616 bytes) 7/21/2011 1:42 PM
Second step is to update the following drivers using the steps in Installing and updating drivers in 7 and information from Driver Reference for drivers and Drivers and Downloads for drivers' manufacturers.
Code:
mchInjDrv a63eb000 a63eba00 Wed Jan 11 00:07:52 2006 (43c4aec8) 000017a5 mchInjDrv.sys
FwLnk 9a78b000 9a793000 Sun Nov 19 07:11:12 2006 (45606600) 00002c0b FwLnk.sys
SynTP 9a7a9000 9a7d9000 Thu Aug 14 20:02:22 2008 (48a4e3ae) 00032a65 SynTP.sys
AGRSM a2432000 a2538000 Mon Nov 10 07:56:37 2008 (49184ba5) 0010b850 AGRSM.sys
dsNcAdpt 9a7d9000 9a7e4000 Mon Mar 30 20:39:02 2009 (49d18246) 00008e2a dsNcAdpt.sys