Windows 7: Bad pool header BSOD

themaniacboy · 16 Jan 2012

Hello to everyone,

I am new here, i was searching if i could find a solution to my problem and i found these forums.
Hopefully you can help me with my problem.
I am getting random BSODs, some with information and others telling me to reinstall drivers.

I have not yet figured out my problem, it is not a hardware problem, that is for sure.

My windows is Windows 7 x86 bit legitimate version.

My hardware is around 2 years old and i have recently installed my Windows on a new hard drive.

Thanks in advance.

writhziden · 16 Jan 2012

Code:

Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\themaniacboy\011112-20732-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17713.x86fre.win7sp1_gdr.111025-1505
Machine Name:
Kernel base = 0xe3250000 PsLoadedModuleList = 0xe33994d0
Debug session time: Wed Jan 11 15:35:47.923 2012 (UTC - 7:00)
System Uptime: 0 days 0:02:57.531
Loading Kernel Symbols
...............................................................
................................................................
...................................
Loading User Symbols
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1, {e3484dbb, 0, ffff0000, 0}

Probably caused by : ntkrpamp.exe ( nt!NtQueryDirectoryFile+0 )

Followup: MachineOwner
---------

3: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

APC_INDEX_MISMATCH (1)
This is a kernel internal error. The most common reason to see this
bugcheck is when a filesystem or a driver has a mismatched number of
calls to disable and re-enable APCs. The key data item is the
Thread->KernelApcDisable field. A negative value indicates that a driver
has disabled APC calls without re-enabling them.  A positive value indicates
that the reverse is true. This check is made on exit from a system call.
Arguments:
Arg1: e3484dbb, address of system function (system call)
Arg2: 00000000, Thread->ApcStateIndex << 8 | Previous ApcStateIndex
Arg3: ffff0000, Thread->KernelApcDisable
Arg4: 00000000, Previous KernelApcDisable

Debugging Details:
------------------


FAULTING_IP: 
nt!NtQueryDirectoryFile+0
e3484dbb 8bff            mov     edi,edi

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0x1

PROCESS_NAME:  sppsvc.exe

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from 776670b4 to e328e5a3

STACK_TEXT:  
c73eed34 776670b4 badb0d00 00d4f040 00000000 nt!KiServiceExit2+0x17a
WARNING: Frame IP not in any known module. Following frames may be wrong.
00d4f344 00000000 00000000 00000000 00000000 0x776670b4


STACK_COMMAND:  .bugcheck ; kb

FOLLOWUP_IP: 
nt!NtQueryDirectoryFile+0
e3484dbb 8bff            mov     edi,edi

SYMBOL_NAME:  nt!NtQueryDirectoryFile+0

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrpamp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  4ea76eb4

FAILURE_BUCKET_ID:  0x1_SysCallNum_df_nt!NtQueryDirectoryFile+0

BUCKET_ID:  0x1_SysCallNum_df_nt!NtQueryDirectoryFile+0

Followup: MachineOwner
---------

The .dmp file provided is rather inconclusive. Please follow the http://www.sevenforums.com/crashes-d...tructions.html to provide us with more information so we may better assist you.

In the meantime, update the following drivers.

Code:
Rt86win7	cc4f8000	cc51d000	Thu Feb 26 02:04:22 2009 (49a65b16)	0002bdef		Rt86win7.sys
KMWDFILTER	cdf87000	cdf90000	Wed Apr 29 00:12:12 2009 (49f7efbc)	0000ae43		KMWDFILTER.sys
You may use the following sites as references for finding drivers. We recommend finding the manufacturer of the driver and downloading drivers directly from the manufacturer or software developer. If you have trouble finding a driver or driver manufacturer, let us know and we will do our best to assist you. If you need help, please provide the device name, manufacturer, and the driver .sys file that you are looking for.
Driver Reference is a good site to find the driver .sys files, their descriptions, and the site most likely to contain an update.

Driver Search Methods provides driver manufacturers and links to their homepages.

There are a few methods for updating drivers.
Installing and updating drivers in 7

Driver Install - Add Hardware Wizard

Driver Install - Device Manager

To fully re-install a driver, use the following steps.
Click Start Menu

Right Click My Computer/Computer

Click Manage

Click Device Manager from the list on the left

Find the device you are trying to uninstall by expanding the appropriate set of devices

Right click the device

Click Uninstall (do not click OK in the dialog box that pops up after hitting Uninstall)

Put a tick in Delete driver software for this device (if this option is available, otherwise just hit OK) and hit OK

Restart your computer

Install the latest driver for the device once Windows starts.

Alternatively:
Login as an adminstrative user.

Click Start Menu

Click Control Panel

Click Hardware and Sound

Click Device Manager (the last link under Devices and Printers)

Find the device you are trying to uninstall by expanding the appropriate set of devices

Right click the device

Click Uninstall (do not click OK in the dialog box that pops up after hitting Uninstall)

Put a tick in Delete driver software for this device (if this option is available, otherwise just hit OK) and hit OK

Restart your computer

Install the latest driver for the device once Windows starts.

Please remove any CD/DVD virtualization software, such as Daemon Tools/Alcohol 120%, as they use a driver called sptd.sys that is known to cause BSODs. Use add/remove programs to remove the software. After removing the software, use the sptd.sys uninstaller to remove sptd.sys from the system.

I prefer TotalMounter as my CD/DVD virtualization software as it allows me to burn images to a virtual CD/DVD if I just want an ISO file instead of a disc, and it is free.

Many use MagicISO - Convert BIN to ISO, Create, Edit, Burn, Extract ISO file, ISO/BIN converter/extractor/editor as well, which is also free.

themaniacboy · 18 Jan 2012

Hello, first of all, i want to personally thank you for your help, the driver problem has been solved but today i got another two blue screens of death, one indicating that the pfn list corrupt is and the other about bad memory management.

I've included the minidump files.

Greetz,
Jeroen

writhziden · 18 Jan 2012

Code:


Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\themaniacboy\011812-20560-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17713.x86fre.win7sp1_gdr.111025-1505
Machine Name:
Kernel base = 0xe324c000 PsLoadedModuleList = 0xe33954d0
Debug session time: Wed Jan 18 11:58:33.155 2012 (UTC - 7:00)
System Uptime: 0 days 0:01:45.763
Loading Kernel Symbols
...............................................................
................................................................
...............................
Loading User Symbols
3: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

MEMORY_MANAGEMENT (1a)
    # Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 00005003, The subtype of the bugcheck.
Arg2: c0802000
Arg3: 0000450c
Arg4: 0450ea1c

Debugging Details:
------------------


BUGCHECK_STR:  0x1a_5003

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

PROCESS_NAME:  stdrt.exe

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from e32b05db to e332aef4

STACK_TEXT:  
ca82fc04 e32b05db 0000001a 00005003 c0802000 nt!KeBugCheckEx+0x1e
ca82fc3c e32ea5e0 c0075c60 c2274ac0 00000000 nt!MiAllocateWsle+0x6f
ca82fc90 e32dc0cc 00000001 0eb8c000 00000111 nt!MiResolveDemandZeroFault+0x4eb
ca82fd1c e328d408 00000001 0eb8c000 00000001 nt!MmAccessFault+0x1dc1
ca82fd1c 6c120dcb 00000001 0eb8c000 00000001 nt!KiTrap0E+0xdc
WARNING: Frame IP not in any known module. Following frames may be wrong.
0012d614 00000000 00000000 00000000 00000000 0x6c120dcb


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt!MiAllocateWsle+6f
e32b05db cc              int     3

SYMBOL_STACK_INDEX:  1

SYMBOL_NAME:  nt!MiAllocateWsle+6f

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

DEBUG_FLR_IMAGE_TIMESTAMP:  4ea76eb4

IMAGE_NAME:  memory_corruption

FAILURE_BUCKET_ID:  0x1a_5003_nt!MiAllocateWsle+6f

BUCKET_ID:  0x1a_5003_nt!MiAllocateWsle+6f

Followup: MachineOwner
---------

Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\themaniacboy\011912-19515-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17713.x86fre.win7sp1_gdr.111025-1505
Machine Name:
Kernel base = 0xe3217000 PsLoadedModuleList = 0xe33604d0
Debug session time: Wed Jan 18 16:09:27.502 2012 (UTC - 7:00)
System Uptime: 0 days 0:23:10.109
Loading Kernel Symbols
...............................................................
................................................................
..............................
Loading User Symbols
Loading unloaded module list
..
0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

PFN_LIST_CORRUPT (4e)
Typically caused by drivers passing bad memory descriptor lists (ie: calling
MmUnlockPages twice with the same list, etc).  If a kernel debugger is
available get the stack trace.
Arguments:
Arg1: 0000008d, 
Arg2: 000bd1f4
Arg3: 00510001
Arg4: c0037a4b

Debugging Details:
------------------


BUGCHECK_STR:  0x4E_8d

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

PROCESS_NAME:  System

CURRENT_IRQL:  2

LAST_CONTROL_TRANSFER:  from e3275d10 to e32f5ef4

STACK_TEXT:  
bdb7fca4 e3275d10 0000004e 0000008d 000bd1f4 nt!KeBugCheckEx+0x1e
bdb7fd44 e33a344f 00000000 bdb7fd90 e341ffda nt!MmZeroPageThread+0x504
bdb7fd50 e341ffda e080a920 91303783 00000000 nt!Phase1Initialization+0x14
bdb7fd90 e32c81f9 e33a343b e080a920 00000000 nt!PspSystemThreadStartup+0x9e
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x19


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt!MmZeroPageThread+504
e3275d10 cc              int     3

SYMBOL_STACK_INDEX:  1

SYMBOL_NAME:  nt!MmZeroPageThread+504

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

DEBUG_FLR_IMAGE_TIMESTAMP:  4ea76eb4

IMAGE_NAME:  memory_corruption

FAILURE_BUCKET_ID:  0x4E_8d_nt!MmZeroPageThread+504

BUCKET_ID:  0x4E_8d_nt!MmZeroPageThread+504

Followup: MachineOwner
---------

If you are overclocking anything, please stop.

Caused by stdrt.exe. Do you know what that is? A quick Google search says it is probably a virus/malware. Other possible causes are Memory problems... Drivers...
- Check for viruses.
  Download and install the free version of Malwarebytes : Free anti-malware, anti-virus and spyware removal download (do not start the trial) and make sure it is updated. Do not run a scan yet.
  Download VIPRE Rescue - VIPRE Computer Recovery Solution from Sunbelt Software but do not unzip it yet
  Download the Fakerean removal tool but do not run it yet.
  Start your computer in Safe Mode
  Unzip VIPRE Rescue and let it run.
  Run a full scan with Malwarebytes.
  Run the fakerean removal tool.
- Install all Windows Updates.
- Run the boot version of Memtest86+ paying close attention to Parts 2 and 3 of the tutorial. Also, in case Memtest86+ misses anything and comes up with no errors, run the extended version of the Windows Memory Diagnostics Tool for at least five passes. These you may want to run overnight since they take a long time to complete (run them an hour before bed each of the next two nights and check before going to sleep that they are still running).
- An underlying driver may be incompatible\conflicting with your system. Run Driver Verifier to find any issues. To run Driver Verifier, do the following:
  a. Backup your system and user files
  b. Create a system restore point
  c. If you do not have a Windows 7 DVD, Create a system repair disc
  d. Run Driver Verifier
  
  If Windows cannot start in normal mode with driver verifier running, start in safe mode. If it cannot start in safe mode or normal mode, restore the system restore point using System Restore OPTION TWO.
  
  Thanks to zigzag3143 for contributing to the Verifier steps.
  If you are unable to start Windows with all drivers being verified or if the blue screen crashes fail to create .dmp files, run them in groups of 5 or 10 until you find a group that causes blue screen crashes and stores the blue screen .dmp files.
Same causes as 1.

Thanks to Dave76 for help understanding possible causes.

themaniacboy · 19 Jan 2012

Thank you for your help, i will try every suggestion you made, if it all fails then i'll have to reinstall windows 7.
I will report back with how things have gone.

themaniacboy · 21 Jan 2012

Hello, i've tried running in safe mode but it crashes, i got several new blue screens since my last reply.

Here are the minidumps.
I am so frustated right now, i think i am gonna reinstall my windows to 64 bit.

writhziden · 21 Jan 2012

Use Advanced Boot Options and select Last Known Good Configuration (advanced) and see if you can start Windows.

themaniacboy · 22 Jan 2012

I still can't start windows in safe mode and i already tried that, i've used my pc the whole evening after several starting problems whereby my monitor couldn't display anything and kept searching for a input.
I did get a blue screen with no information at all the first time i booted today, if i encounter another bluescreen then i'll reinstall Windows.
In the meantime, here is the latest minidump, i did try everything you guys suggested.

If the next minidump doesn't really conclude anything, i'll just reinstall windows

writhziden · 22 Jan 2012

Your crashes could be related to system file corruption or errors on the hard disk. Use Advanced Boot Options to select Repair Your Computer and get to System Recovery Options and start command prompt.

sfc /scannow
sfc /scannow
sfc /scannow

Yes, three times (unless the first time gives the message that there were no integrity violations).

If that does not work, get into command prompt as before and run the following lines.

chkdsk /r c:
chkdsk /r d:
chkdsk /r e:
chkdsk /r f:

until it says it cannot open the volume.

If you would rather clean install, let us know. There are steps you need to take in case this was caused by a virus or malware. Also, if you need help backing up important files before the clean install, we can assist you.

themaniacboy · 24 Jan 2012

Hello, me again, after lots of trial and error i decided to reinstall windows to 64 bit.
Backuped everything i would like to keep, after format and reinstall, i got another Blue screen, regarding memory management, tested my memory, no problems.
I think this has to do with Windows updates.
I did a system recovery before installing updates and it didn't give a BSOD, ofcourse i want to have updates because it is a security risk if i don't.

I will post a minidump next time i encounter a blue screen.

Windows 7: Bad pool header BSOD

Bad pool header BSOD problems?