BSOD invalid_kernel_handle

Page 1 of 3 123 LastLast

  1. Posts : 12
    Windows 7 Starter 32bit
       #1

    BSOD invalid_kernel_handle


    Please i need help whit my netbook...i got bsod like a month ago while i was just browsing internet, tought it will disappeared by it self but it happend fourth time todday. It all started (i think) when i was updating windows and it just freezed so i had to trun off netbook complety after that some repair think came up and windows started so i tought it was allright. The netbook is asus eeepc and its 2 months old, i got OEM Windows 7 starter 32bit. The dump file is attached below.....pls help me.
      My Computer


  2. Posts : 11,269
    Windows 7 Home Premium 64 Bit
       #2

    Code:
    Microsoft (R) Windows Debugger Version 6.11.0001.404 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.
    
    
    Loading Dump File [F:\BSODDmpFiles\mattes\020912-17409-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available
    
    Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
    Executable search path is: 
    Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x86 compatible
    Product: WinNt, suite: TerminalServer SingleUserTS Personal
    Built by: 7601.17592.x86fre.win7sp1_gdr.110408-1631
    Machine Name:
    Kernel base = 0x81e3b000 PsLoadedModuleList = 0x81f844d0
    Debug session time: Thu Feb  9 11:01:45.063 2012 (GMT-7)
    System Uptime: 0 days 4:03:03.782
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    ..........................
    Loading User Symbols
    Loading unloaded module list
    ...........
    0: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    INVALID_KERNEL_HANDLE (93)
    This message occurs if kernel code (server, redirector, other driver, etc.)
    attempts to close a handle that is not a valid handle.
    Arguments:
    Arg1: 00003668, The handle that NtClose was called with.
    Arg2: 00000000, means a protected handle was closed.
    Arg3: 00000000
    Arg4: 00000000
    
    Debugging Details:
    ------------------
    
    
    CUSTOMER_CRASH_COUNT:  1
    
    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
    
    BUGCHECK_STR:  0x93
    
    PROCESS_NAME:  System
    
    CURRENT_IRQL:  0
    
    LAST_CONTROL_TRANSFER:  from 820802a0 to 81f19f2c
    
    STACK_TEXT:  
    8742705c 820802a0 00000093 00003668 00000000 nt!KeBugCheckEx+0x1e
    874270b0 82080032 87201e10 9dbd6cd0 833544c8 nt!ObpCloseHandleTableEntry+0x1b2
    874270e0 820803cc 833544c8 00000000 87427184 nt!ObpCloseHandle+0x7f
    874270fc 81e791ea 80003668 87427bdc 81e76b4d nt!NtClose+0x4e
    874270fc 81e76b4d 80003668 87427bdc 81e76b4d nt!KiFastCallEntry+0x12a
    87427178 8645493a 80003668 86443882 8643dde4 nt!ZwClose+0x11
    87427bdc 86454af7 834a5308 872fd9f0 01041750 Ntfs!TxfClearDir+0x44a
    87427c58 86480668 834a5308 8739c000 8725a8e8 Ntfs!TxfResetRm+0x17c
    87427ce4 864534b3 842cf0d8 00000000 842d3c10 Ntfs!TxfInitializeVolume+0x4d5
    87427d00 81eb8aab 842cf0d8 00000000 8339cd48 Ntfs!TxfRmRestartWorkItemRoutine+0xa0
    87427d50 82043f64 00000000 89353680 00000000 nt!ExpWorkerThread+0x10d
    87427d90 81eec219 81eb899e 00000000 00000000 nt!PspSystemThreadStartup+0x9e
    00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x19
    
    
    STACK_COMMAND:  kb
    
    FOLLOWUP_IP: 
    nt!ObpCloseHandleTableEntry+1b2
    820802a0 cc              int     3
    
    SYMBOL_STACK_INDEX:  1
    
    SYMBOL_NAME:  nt!ObpCloseHandleTableEntry+1b2
    
    FOLLOWUP_NAME:  MachineOwner
    
    MODULE_NAME: nt
    
    IMAGE_NAME:  ntkrpamp.exe
    
    DEBUG_FLR_IMAGE_TIMESTAMP:  4d9fd753
    
    FAILURE_BUCKET_ID:  0x93_nt!ObpCloseHandleTableEntry+1b2
    
    BUCKET_ID:  0x93_nt!ObpCloseHandleTableEntry+1b2
    
    Followup: MachineOwner
    ---------
    There is very little information about your crash. There does not seem to be one like it on these forums, either. The crash seems to signify a driver doing something it is not supposed to, but beyond that, the dump file is inconclusive.

    The only driver that stands out to me is dtsoftbus01.sys as a potential problem. Please remove Daemon Tools, as it uses a driver called dtsoftbus01.sys that is known to cause BSODs.

    I prefer TotalMounter as my CD/DVD virtualization software as it allows me to burn images to a virtual CD/DVD if I just want an ISO file instead of a disc, and it is free.

    Many use MagicISO - Convert BIN to ISO, Create, Edit, Burn, Extract ISO file, ISO/BIN converter/extractor/editor as well, which is also free.



    This may be network related, so it is probably a good step to make sure you network adapter drivers are up to date. Even if they are up to date, you should try uninstalling and re-installing using the following steps in case the current drivers are corrupted.
    1. Click Start Menu
    2. Right Click My Computer/Computer
    3. Click Manage
    4. Click Device Manager from the list on the left
    5. Expand network adapters and do the last five steps for each device
    6. Right click the device
    7. Click Uninstall (do not click OK in the dialog box that pops up after hitting Uninstall)
    8. Put a tick in Delete driver software for this device (if this option is available, otherwise just hit OK) and hit OK
    9. Restart your computer
    10. Install the latest driver for the device once Windows starts.


    Alternatively:
    1. Login as an adminstrative user.
    2. Click Start Menu
    3. Click Control Panel
    4. Click Hardware and Sound
    5. Click Device Manager (the last link under Devices and Printers)
    6. Expand network adapters and do the last five steps for each device
    7. Right click the device
    8. Click Uninstall (do not click OK in the dialog box that pops up after hitting Uninstall)
    9. Put a tick in Delete driver software for this device (if this option is available, otherwise just hit OK) and hit OK
    10. Restart your computer
    11. Install the latest driver for the device once Windows starts.




    While dump files are useful tools for analysis, it helps to have more than one to find patterns. Also, they yield information about the system, but it would take hours to sift through it all, and it is not the most reliable source of that information. Could you please follow the https://www.sevenforums.com/crashes-d...tructions.html so that we may have more information regarding your crashes, crash reports, your system, any error logs for applications, and any error logs for the system? I have a feeling I am missing information regarding a possible driver that is disabled and should be enabled or something along those lines, but without the information provided by those instructions, I am at a loss as to how to proceed next.
    Last edited by writhziden; 09 Feb 2012 at 22:17. Reason: Possibly network adapters
      My Computer


  3. Posts : 12
    Windows 7 Starter 32bit
    Thread Starter
       #3

    Thank you very much for fast reply, i included the files u requested, but i got problems with System Health Report, i got error every time i try to run it is says something about it cant be generated becouse it allredy was generated...no idea what taht means, i tryied look for the file but found nothing....thank u again for help and pls have a look at the files u wanted.
      My Computer


  4. Posts : 11,269
    Windows 7 Home Premium 64 Bit
       #4

    You have both ESET and Trend Micro on your system. Is this intentional? Did you try to remove one and it did not fully uninstall perhaps? All of your crashes may have to do with having two security systems installed on your computer.



    Also, since NTFS is in the stack with your INVALID_KERNEL_HANDLE crash, I would recommend that you run Disk Check with both boxes checked for all HDDs and with Automatically fix file system errors checked for all SSDs. Post back your logs for the checks after finding them using Check Disk (chkdsk) - Read Event Viewer Log.



    You may want to check for corrupted Windows files. Run SFC /SCANNOW Command - System File Checker up to three times to fix all errors. Post back if it continues to show errors after a fourth run or if the first run comes back with no integrity violations.
      My Computer


  5. Posts : 12
    Windows 7 Starter 32bit
    Thread Starter
       #5

    I had problems with tred micro antivirus, i could not uninstall it. So i did some googling a found that many people had the same problem as me, actually i found at official site of trend that antivirus cannot be removed complety, there was some instructions how to do it but non of them worked for me so i just deleted the dam thing and tried to clean the registry. Thank you for helping me out i will post u after i do all the checks u said. Thanks again.
      My Computer


  6. Posts : 11,269
    Windows 7 Home Premium 64 Bit
       #6

    Go to C:\Windows\System32\Drivers and rename tmevtmgr.sys to tmevtmgr.sys.bak as it caused a crash on your system and is part of Trend Micro. It continues to be loaded on your system in your other crashes.
      My Computer


  7. Posts : 12
    Windows 7 Starter 32bit
    Thread Starter
       #7

    Ok, i did the check disk both of them and it came as no problems at all and iam running now the SFC /SCANNOW comad as u told me, and i did renamed the tmevtmgr.sys to tmevtmgr.sys.bak but i found another file in the drivers directory tmtdi.sys and its another trend micro file....what should i do with this file??



    So i just finished the SFC /SCANNOW check an it came as: windows resource protection did not find any integrity violations.

    Any suggestions...??

    Thank you very much for your help.
      My Computer


  8. Posts : 11,269
    Windows 7 Home Premium 64 Bit
       #8

    Same thing. Add .bak to it. I'll check for others and edit this post if I find any.

    tmactmon.sys -> tmactmon.sys.bak
    tmcomm.sys -> tmcomm.sys.bak
    Last edited by writhziden; 10 Feb 2012 at 13:17. Reason: other drivers to change added
      My Computer


  9. Posts : 12
    Windows 7 Starter 32bit
    Thread Starter
       #9

    Thank you again, sorry to bother u but i have last question for u i found at event viewer: Windows logs\System a lots of errors and warnings like 50 000 of them and it just says:The default transaction resource manager on volume C: encountered a non-retryable error and could not start. The data contains the error code. thats for the error and warning says: The default transaction resource manager on volume C: encountered an error while starting and its metadata was reset. The data contains the error code.

    Do u know what that means...??...My netbook seems to run ok apart from the bsod.

    Thank you.
      My Computer


  10. Posts : 11,269
    Windows 7 Home Premium 64 Bit
       #10

    See I receive the error "The default transaction resource manager on - Microsoft Answers for your error. The first answer says:
    1. Delete the .blf files and the .regtrans-ms files from the %Windir%\System32\SMI\Store\Machine folder.To delete the files, follow these steps:
      • Start an Elevated Command Prompt
      • type
        cd %SYSTEMROOT%\System32\SMI\Store\Machine
        and press enter
      • type
        del
        (make sure you have a space after del and press tab key until you see files ending with .regtrans-ms or .blf) and press enter (if you do not ever see .regtrans-ms or .blf after hitting the tab key multiple times, and you continue to see the same files over and over again, press ESC).
    2. After you restart the computer, the registry regenerates the deleted files. These regenerated files are in a consistent state.
    3. Start an Elevated Command Prompt
    4. Type
      fsutil resource setautoreset true c:\
      into the command prompt and press enter
    5. Restart the computer.
    Last edited by writhziden; 10 Feb 2012 at 14:03. Reason: Steps to delete files
      My Computer


 
Page 1 of 3 123 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 13:08.
Find Us