Code:
BugCheck C5, {8, 2, 0, fffff800031a4000}
*** WARNING: Unable to verify timestamp for athrx.sys
*** ERROR: Module load completed but symbols could not be loaded for athrx.sys
Probably caused by : Pool_Corruption ( nt!ExDeferredFreePool+174 )
Code:
Usual causes: Device driver, Memory
This bugcheck indicates that a device driver has attempted to access a invalid memory address.
Code:
TRAP_FRAME: fffff8800dbccfe0 -- (.trap 0xfffff8800dbccfe0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=fffff800031ffaa0
rdx=fffffa80070f8260 rsi=0000000000000000 rdi=0000000000000000
rip=fffff800031a4000 rsp=fffff8800dbcd170 rbp=0000000000000000
r8=fffffa800bd4e010 r9=fffffa80070f8200 r10=fffffa80070f8210
r11=0000000000000001 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz ac po cy
nt!ExDeferredFreePool+0x174:
fffff800`031a4000 4c395008 cmp qword ptr [rax+8],r10 ds:00000000`00000008=????????????????
Code:
0: kd> lmvm athrx
start end module name
fffff880`05419000 fffff880`057d5000 athrx T (no symbols)
Loaded symbol image file: athrx.sys
Image path: athrx.sys
Image name: athrx.sys
Timestamp: Tue Sep 18 08:33:29 2012 (505823C9)
CheckSum: 0039A433
ImageSize: 003BC000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
Please update your Atheros network adapter driver from either your model support page/motherboard support page, or the Atheros website here - ATHEROS drivers for Microsoft Windows (Atheros?????)
Check Device Manager for the model for the Atheros driver if downloading from the Atheros website.
----------------------------------------------------------------------------------
Code:
BugCheck C2, {7, 1097, 0, fffffa8009821210}
GetPointerFromAddress: unable to read from fffff800032a80e0
GetUlongFromAddress: unable to read from fffff800032a8198
fffffa8009821200 doesn't look like a valid small pool allocation, checking to see
if the entire page is actually part of a large page allocation...
GetUlongFromAddress: unable to read from fffff800032161b0
Probably caused by : dxgmms1.sys ( dxgmms1!VIDMM_GLOBAL::CloseOneAllocation+264 )
Code:
Usual causes: Device driver, Memory
This bugcheck indicates that a device driver has attempted to free a pool allocation twice.
Code:
4: kd> !pool fffffa8009821210
Pool page fffffa8009821210 region is Nonpaged pool
fffffa8009821000 size: 200 previous size: 0 (Allocated) Irp
fffffa8009821200 doesn't look like a valid small pool allocation, checking to see
if the entire page is actually part of a large page allocation...
GetUlongFromAddress: unable to read from fffff800032161b0
fffffa8009821200 is not a valid small pool allocation, checking large pool...
unable to get pool big page table - either wrong symbols or pool tagging is disabled
fffffa8009821200 is freed (or corrupt) pool
Bad allocation size @fffffa8009821200, zero is invalid
***
*** An error (or corruption) in the pool was detected;
*** Attempting to diagnose the problem.
***
*** Use !poolval fffffa8009821000 for more details.
Pool page [ fffffa8009821000 ] is __inVALID.
Analyzing linked list...
[ fffffa8009821000 --> fffffa8009821220 (size = 0x220 bytes)]: Corrupt region
Code:
4: kd> !poolval fffffa8009821200
Pool page fffffa8009821200 region is Nonpaged pool
Validating Pool headers for pool page: fffffa8009821200
Pool page [ fffffa8009821000 ] is __inVALID.
Analyzing linked list...
[ fffffa8009821000 --> fffffa8009821220 (size = 0x220 bytes)]: Corrupt region
Scanning for single bit errors...
None found
Code:
4: kd> k
Child-SP RetAddr Call Site
fffff880`058e91f8 fffff800`031a360e nt!KeBugCheckEx
fffff880`058e9200 fffff880`042845ec nt!ExFreePool+0xccb
fffff880`058e92b0 fffff880`0426aecc dxgmms1!VIDMM_GLOBAL::CloseOneAllocation+0x264
fffff880`058e9380 fffff880`06521c10 dxgmms1!VidMmCloseAllocation+0x44
fffff880`058e93b0 fffff880`065222f0 dxgkrnl!DXGDEVICE::DestroyAllocations+0x248
fffff880`058e94a0 fffff880`0652153d dxgkrnl!DXGDEVICE::DestroyResource+0x84
fffff880`058e94d0 fffff880`0654f40b dxgkrnl!DXGDEVICE::ProcessTerminationList+0x95
fffff880`058e9520 fffff880`0654eb37 dxgkrnl!DXGCONTEXT::Present+0x2cb
fffff880`058e9840 fffff960`001fb510 dxgkrnl!DxgkPresent+0x543
fffff880`058e9bb0 fffff800`03071153 win32k!NtGdiDdDDIPresent+0x18
fffff880`058e9be0 000007fe`fecc13ca nt!KiSystemServiceCopyEnd+0x13
00000000`02a3ec48 00000000`00000000 0x000007fe`fecc13ca
We can from the call stack, all the calls seem to related to freeing a pool allocation.
Run Driver Verifier to scan for any corrupted drivers which may be causing problems, this program works by running various stress tests on drivers, in order to produce a BSOD which will locate the driver; run for least 24 hours:
------------------------------------------------------------------------
Remove:
Code:
Start Menu\Programs\AVG
Start Menu\Programs\AVG PC Tuneup 2011
Start Menu\Programs\AVG PC Tuneup 2011\Utilities
AVG is known to cause BSODs, please remove the program completely with the AVG Removal Tool, and then install and run full scans with these free and proven alternatives, which work the best with the operating system due to their compatibility and lightweight nature on system resources.
Install and perform full scans with:
Information
Remember to install the free version of Malwarebytes not the free trail; untick the free trial box during installation. MSE is the most lightweight and compatible with the Windows 7 operating system
You can also view this thread for a complete free and lightweight security protection combination: