Security Software (just to check you have it and it is working properly):
Code:
mcsvhost.exe c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe 1992 8 3072 4608 04/04/2012 19:55 2.0.230.0 244.08 KB (249,936 bytes) 04/04/2012 13:52
mcshield.exe c:\program files\common files\mcafee\systemcore\mcshield.exe 2728 8 200 1380 04/04/2012 19:55 14.4.0.380 194.60 KB (199,272 bytes) 04/04/2012 13:53
mfefire.exe c:\program files\common files\mcafee\systemcore\mfefire.exe 2776 8 200 1380 04/04/2012 19:55 14.4.0.478 203.65 KB (208,536 bytes) 04/04/2012 13:53
mcagent.exe c:\program files\mcafee.com\agent\mcagent.exe 4404 8 200 1380 04/04/2012 19:55 11.0.644.0 1.60 MB (1,675,160 bytes) 04/04/2012 13:53
Code:
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [D:\Kingston\BSODDmpFiles\bentleym33\Windows_NT6_BSOD_jcgriff2\040412-15693-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.17727.amd64fre.win7sp1_gdr.111118-2330
Machine Name:
Kernel base = 0xfffff800`03a64000 PsLoadedModuleList = 0xfffff800`03ca8650
Debug session time: Wed Apr 4 12:53:31.428 2012 (UTC - 6:00)
System Uptime: 0 days 0:53:37.287
Loading Kernel Symbols
...............................................................
................................................................
...............................
Loading User Symbols
Loading unloaded module list
.................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 19, {20, fffffa80069bfc90, fffffa80069bfcf0, 4060006}
GetPointerFromAddress: unable to read from fffff80003d12100
Probably caused by : ntkrnlmp.exe ( nt!IopFreeMiniCompletionPacket+70 )
Followup: MachineOwner
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
BAD_POOL_HEADER (19)
The pool is already corrupt at the time of the current request.
This may or may not be due to the caller.
The internal pool links must be walked to figure out a possible cause of
the problem, and then special pool applied to the suspect tags or the driver
verifier to a suspect driver.
Arguments:
Arg1: 0000000000000020, a pool block header size is corrupt.
Arg2: fffffa80069bfc90, The pool entry we were looking for within the page.
Arg3: fffffa80069bfcf0, The next pool entry.
Arg4: 0000000004060006, (reserved)
Debugging Details:
------------------
BUGCHECK_STR: 0x19_20
POOL_ADDRESS: fffffa80069bfc90
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: svchost.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff80003c0dcae to fffff80003ae0d40
STACK_TEXT:
fffff880`0a3bd808 fffff800`03c0dcae : 00000000`00000019 00000000`00000020 fffffa80`069bfc90 fffffa80`069bfcf0 : nt!KeBugCheckEx
fffff880`0a3bd810 fffff800`03d93eb8 : 00000000`00000000 00000000`000003ff 00000000`20706349 fffff800`03dc1328 : nt!ExDeferredFreePool+0x12da
fffff880`0a3bd8c0 fffff800`03a8eb66 : fffffa80`0b73d000 00000017`00000000 fffff880`07d97000 00000000`00000000 : nt!IopFreeMiniCompletionPacket+0x70
fffff880`0a3bd8f0 fffff800`03a8eb12 : fffffa80`0b73d000 fffff8a0`0be786e0 fffffa80`0aaa9620 fffff800`03abe4e0 : nt!AlpcpDeferredFreeCompletionPacketLookaside+0x2a
fffff880`0a3bd920 fffff800`03d518be : fffff8a0`0be786e0 fffff8a0`0be786e0 fffff880`0a3bdb60 00000000`00000000 : nt!AlpcpFreeCompletionPacketLookaside+0x92
fffff880`0a3bd980 fffff800`03dc6f6b : 00000000`00000000 fffffa80`00000001 00000000`015df510 fffff880`00000002 : nt!AlpcpInitializeCompletionList+0x21e
fffff880`0a3bda00 fffff800`03adffd3 : fffffa80`0aaa9620 fffffa80`0767f5c0 00000000`01e82510 00000000`00000000 : nt!NtAlpcSetInformation+0x33a
fffff880`0a3bdae0 00000000`77c91b7a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`015df4e8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x77c91b7a
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!IopFreeMiniCompletionPacket+70
fffff800`03d93eb8 ebb4 jmp nt!IopFreeMiniCompletionPacket+0x26 (fffff800`03d93e6e)
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: nt!IopFreeMiniCompletionPacket+70
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4ec79dd2
FAILURE_BUCKET_ID: X64_0x19_20_nt!IopFreeMiniCompletionPacket+70
BUCKET_ID: X64_0x19_20_nt!IopFreeMiniCompletionPacket+70
Followup: MachineOwner
---------
This crash is usually caused by an underlying driver. Unfortunately, the crash report did not indicate which driver. - An underlying driver may be incompatible\conflicting with your system. Run Driver Verifier to find any issues. To run Driver Verifier, do the following:
a.
Backup your system and user files
b.
Create a system restore point
c. If you do not have a Windows 7 DVD,
Create a system repair disc
d. In Windows 7:
- Click the Start Menu
- Type verifier in Search programs and files (do not hit enter)
- Right click verifier and click Run as administrator
- Put a tick in Create custom settings (for code developers) and click next
- Put a tick in Select individual settings from a full list and click next
- Set up the individual settings as in the image and click next
Attachment 205838 - Put a tick in Select driver names from a list
- Put a tick next to all non-Microsoft drivers.
- Click Finish.
- Restart your computer.
If Windows cannot start in normal mode with driver verifier running, start in safe mode. If it cannot start in safe mode or normal mode, restore the system restore point using
System Restore OPTION TWO.
Thanks to zigzag3143 for contributing to the Verifier steps.
If you are unable to start Windows with all drivers being verified or if the blue screen crashes fail to create .dmp files, run them in groups of 5 or 10 until you find a group that causes blue screen crashes and stores the blue screen .dmp files.
The idea with Verifier is to cause the system to crash, so do the things you normally do that cause crashes. After you have a few crashes, upload the crash reports for us to take a look and try to find patterns.