Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: BSOD invalid_kernel_handle

09 Feb 2012   #1
mattes

Windows 7 Starter 32bit
 
 
BSOD invalid_kernel_handle

Please i need help whit my netbook...i got bsod like a month ago while i was just browsing internet, tought it will disappeared by it self but it happend fourth time todday. It all started (i think) when i was updating windows and it just freezed so i had to trun off netbook complety after that some repair think came up and windows started so i tought it was allright. The netbook is asus eeepc and its 2 months old, i got OEM Windows 7 starter 32bit. The dump file is attached below.....pls help me.


My System SpecsSystem Spec
.
09 Feb 2012   #2
writhziden

Windows 7 Home Premium 64 Bit
 
 

Code:
Microsoft (R) Windows Debugger Version 6.11.0001.404 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [F:\BSODDmpFiles\mattes\020912-17409-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.17592.x86fre.win7sp1_gdr.110408-1631
Machine Name:
Kernel base = 0x81e3b000 PsLoadedModuleList = 0x81f844d0
Debug session time: Thu Feb  9 11:01:45.063 2012 (GMT-7)
System Uptime: 0 days 4:03:03.782
Loading Kernel Symbols
...............................................................
................................................................
..........................
Loading User Symbols
Loading unloaded module list
...........
0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

INVALID_KERNEL_HANDLE (93)
This message occurs if kernel code (server, redirector, other driver, etc.)
attempts to close a handle that is not a valid handle.
Arguments:
Arg1: 00003668, The handle that NtClose was called with.
Arg2: 00000000, means a protected handle was closed.
Arg3: 00000000
Arg4: 00000000

Debugging Details:
------------------


CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0x93

PROCESS_NAME:  System

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from 820802a0 to 81f19f2c

STACK_TEXT:  
8742705c 820802a0 00000093 00003668 00000000 nt!KeBugCheckEx+0x1e
874270b0 82080032 87201e10 9dbd6cd0 833544c8 nt!ObpCloseHandleTableEntry+0x1b2
874270e0 820803cc 833544c8 00000000 87427184 nt!ObpCloseHandle+0x7f
874270fc 81e791ea 80003668 87427bdc 81e76b4d nt!NtClose+0x4e
874270fc 81e76b4d 80003668 87427bdc 81e76b4d nt!KiFastCallEntry+0x12a
87427178 8645493a 80003668 86443882 8643dde4 nt!ZwClose+0x11
87427bdc 86454af7 834a5308 872fd9f0 01041750 Ntfs!TxfClearDir+0x44a
87427c58 86480668 834a5308 8739c000 8725a8e8 Ntfs!TxfResetRm+0x17c
87427ce4 864534b3 842cf0d8 00000000 842d3c10 Ntfs!TxfInitializeVolume+0x4d5
87427d00 81eb8aab 842cf0d8 00000000 8339cd48 Ntfs!TxfRmRestartWorkItemRoutine+0xa0
87427d50 82043f64 00000000 89353680 00000000 nt!ExpWorkerThread+0x10d
87427d90 81eec219 81eb899e 00000000 00000000 nt!PspSystemThreadStartup+0x9e
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x19


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt!ObpCloseHandleTableEntry+1b2
820802a0 cc              int     3

SYMBOL_STACK_INDEX:  1

SYMBOL_NAME:  nt!ObpCloseHandleTableEntry+1b2

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrpamp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  4d9fd753

FAILURE_BUCKET_ID:  0x93_nt!ObpCloseHandleTableEntry+1b2

BUCKET_ID:  0x93_nt!ObpCloseHandleTableEntry+1b2

Followup: MachineOwner
---------
There is very little information about your crash. There does not seem to be one like it on these forums, either. The crash seems to signify a driver doing something it is not supposed to, but beyond that, the dump file is inconclusive.

The only driver that stands out to me is dtsoftbus01.sys as a potential problem. Please remove Daemon Tools, as it uses a driver called dtsoftbus01.sys that is known to cause BSODs.

I prefer TotalMounter as my CD/DVD virtualization software as it allows me to burn images to a virtual CD/DVD if I just want an ISO file instead of a disc, and it is free.

Many use MagicISO - Convert BIN to ISO, Create, Edit, Burn, Extract ISO file, ISO/BIN converter/extractor/editor as well, which is also free.



This may be network related, so it is probably a good step to make sure you network adapter drivers are up to date. Even if they are up to date, you should try uninstalling and re-installing using the following steps in case the current drivers are corrupted.
  1. Click Start Menu
  2. Right Click My Computer/Computer
  3. Click Manage
  4. Click Device Manager from the list on the left
  5. Expand network adapters and do the last five steps for each device
  6. Right click the device
  7. Click Uninstall (do not click OK in the dialog box that pops up after hitting Uninstall)
  8. Put a tick in Delete driver software for this device (if this option is available, otherwise just hit OK) and hit OK
  9. Restart your computer
  10. Install the latest driver for the device once Windows starts.

Alternatively:
  1. Login as an adminstrative user.
  2. Click Start Menu
  3. Click Control Panel
  4. Click Hardware and Sound
  5. Click Device Manager (the last link under Devices and Printers)
  6. Expand network adapters and do the last five steps for each device
  7. Right click the device
  8. Click Uninstall (do not click OK in the dialog box that pops up after hitting Uninstall)
  9. Put a tick in Delete driver software for this device (if this option is available, otherwise just hit OK) and hit OK
  10. Restart your computer
  11. Install the latest driver for the device once Windows starts.



While dump files are useful tools for analysis, it helps to have more than one to find patterns. Also, they yield information about the system, but it would take hours to sift through it all, and it is not the most reliable source of that information. Could you please follow the http://www.sevenforums.com/crashes-d...tructions.html so that we may have more information regarding your crashes, crash reports, your system, any error logs for applications, and any error logs for the system? I have a feeling I am missing information regarding a possible driver that is disabled and should be enabled or something along those lines, but without the information provided by those instructions, I am at a loss as to how to proceed next.
My System SpecsSystem Spec
10 Feb 2012   #3
mattes

Windows 7 Starter 32bit
 
 

Thank you very much for fast reply, i included the files u requested, but i got problems with System Health Report, i got error every time i try to run it is says something about it cant be generated becouse it allredy was generated...no idea what taht means, i tryied look for the file but found nothing....thank u again for help and pls have a look at the files u wanted.
My System SpecsSystem Spec
.

10 Feb 2012   #4
writhziden

Windows 7 Home Premium 64 Bit
 
 

You have both ESET and Trend Micro on your system. Is this intentional? Did you try to remove one and it did not fully uninstall perhaps? All of your crashes may have to do with having two security systems installed on your computer.



Also, since NTFS is in the stack with your INVALID_KERNEL_HANDLE crash, I would recommend that you run Disk Check with both boxes checked for all HDDs and with Automatically fix file system errors checked for all SSDs. Post back your logs for the checks after finding them using Check Disk (chkdsk) - Read Event Viewer Log.



You may want to check for corrupted Windows files. Run SFC /SCANNOW Command - System File Checker up to three times to fix all errors. Post back if it continues to show errors after a fourth run or if the first run comes back with no integrity violations.
My System SpecsSystem Spec
10 Feb 2012   #5
mattes

Windows 7 Starter 32bit
 
 

I had problems with tred micro antivirus, i could not uninstall it. So i did some googling a found that many people had the same problem as me, actually i found at official site of trend that antivirus cannot be removed complety, there was some instructions how to do it but non of them worked for me so i just deleted the dam thing and tried to clean the registry. Thank you for helping me out i will post u after i do all the checks u said. Thanks again.
My System SpecsSystem Spec
10 Feb 2012   #6
writhziden

Windows 7 Home Premium 64 Bit
 
 

Go to C:\Windows\System32\Drivers and rename tmevtmgr.sys to tmevtmgr.sys.bak as it caused a crash on your system and is part of Trend Micro. It continues to be loaded on your system in your other crashes.
My System SpecsSystem Spec
10 Feb 2012   #7
mattes

Windows 7 Starter 32bit
 
 

Ok, i did the check disk both of them and it came as no problems at all and iam running now the SFC /SCANNOW comad as u told me, and i did renamed the tmevtmgr.sys to tmevtmgr.sys.bak but i found another file in the drivers directory tmtdi.sys and its another trend micro file....what should i do with this file??



So i just finished the SFC /SCANNOW check an it came as: windows resource protection did not find any integrity violations.

Any suggestions...??

Thank you very much for your help.
My System SpecsSystem Spec
10 Feb 2012   #8
writhziden

Windows 7 Home Premium 64 Bit
 
 

Same thing. Add .bak to it. I'll check for others and edit this post if I find any.

tmactmon.sys -> tmactmon.sys.bak
tmcomm.sys -> tmcomm.sys.bak
My System SpecsSystem Spec
10 Feb 2012   #9
mattes

Windows 7 Starter 32bit
 
 

Thank you again, sorry to bother u but i have last question for u i found at event viewer: Windows logs\System a lots of errors and warnings like 50 000 of them and it just says:The default transaction resource manager on volume C: encountered a non-retryable error and could not start. The data contains the error code. thats for the error and warning says: The default transaction resource manager on volume C: encountered an error while starting and its metadata was reset. The data contains the error code.

Do u know what that means...??...My netbook seems to run ok apart from the bsod.

Thank you.
My System SpecsSystem Spec
10 Feb 2012   #10
writhziden

Windows 7 Home Premium 64 Bit
 
 

See I receive the error "The default transaction resource manager on - Microsoft Answers for your error. The first answer says:
  1. Delete the .blf files and the .regtrans-ms files from the %Windir%\System32\SMI\Store\Machine folder.To delete the files, follow these steps:
    • Start an Elevated Command Prompt
    • type
      cd %SYSTEMROOT%\System32\SMI\Store\Machine
      and press enter
    • type
      del
      (make sure you have a space after del and press tab key until you see files ending with .regtrans-ms or .blf) and press enter (if you do not ever see .regtrans-ms or .blf after hitting the tab key multiple times, and you continue to see the same files over and over again, press ESC).
  2. After you restart the computer, the registry regenerates the deleted files. These regenerated files are in a consistent state.
  3. Start an Elevated Command Prompt
  4. Type
    fsutil resource setautoreset true c:\
    into the command prompt and press enter
  5. Restart the computer.
My System SpecsSystem Spec
Reply

 BSOD invalid_kernel_handle




Thread Tools Search this Thread
Search this Thread:

Advanced Search



Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 05:14.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App