New
#1
Multiple BSOD! Help! (Minidump Attached)
Hello! My computer has been crashing with disturbing regularity - it didn't happen at all on my old computer running XP!
Any help from the Minidump would be much appreciated!
Hello! My computer has been crashing with disturbing regularity - it didn't happen at all on my old computer running XP!
Any help from the Minidump would be much appreciated!
In both memory was the casue. In the first your ad-aware caused the memory pool to be corrupt. I would un-install it
In the other the VSS (volume shadow service) caused a bad pool header.
Since they both involved memory I would downlaod memtestx86, burn it to cd and run it for 5 passes or more.
Let us know if you need help
ken
Code:Microsoft (R) Windows Debugger Version 6.11.0001.404 X86 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [C:\Users\K\Desktop\Minidump\050910-21918-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: SRV*C:\symbols*http://msdl.microsoft.com/download/symbols;srv*e:\symbols *http://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Kernel Version 7600 MP (4 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Personal Built by: 7600.16539.amd64fre.win7_gdr.100226-1909 Machine Name: Kernel base = 0xfffff800`03406000 PsLoadedModuleList = 0xfffff800`03643e50 Debug session time: Sun May 9 04:47:03.538 2010 (GMT-4) System Uptime: 0 days 0:02:19.865 Loading Kernel Symbols ............................................................... ................................................................ ................................... Loading User Symbols Loading unloaded module list ..... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 19, {3, fffffa8003c9a9b0, fa8003c9a9b0ffff, fffffa8003c9a9b0} Unable to load image \SystemRoot\system32\drivers\mfehidk.sys, Win32 error 0n2 *** WARNING: Unable to verify timestamp for mfehidk.sys *** ERROR: Module load completed but symbols could not be loaded for mfehidk.sys Probably caused by : Pool_Corruption ( nt!ExFreePool+780 ) Followup: Pool_corruption --------- 0: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* BAD_POOL_HEADER (19) The pool is already corrupt at the time of the current request. This may or may not be due to the caller. The internal pool links must be walked to figure out a possible cause of the problem, and then special pool applied to the suspect tags or the driver verifier to a suspect driver. Arguments: Arg1: 0000000000000003, the pool freelist is corrupt. Arg2: fffffa8003c9a9b0, the pool entry being checked. Arg3: fa8003c9a9b0ffff, the read back flink freelist value (should be the same as 2). Arg4: fffffa8003c9a9b0, the read back blink freelist value (should be the same as 2). Debugging Details: ------------------ OVERLAPPED_MODULE: Address regions for 'cfwids' and 'mfeavfk01.sy' overlap BUGCHECK_STR: 0x19_3 CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT PROCESS_NAME: AAWService.exe CURRENT_IRQL: 2 LAST_CONTROL_TRANSFER: from fffff800035a9130 to fffff80003476600 STACK_TEXT: fffff880`099bdb78 fffff800`035a9130 : 00000000`00000019 00000000`00000003 fffffa80`03c9a9b0 fa8003c9`a9b0ffff : nt!KeBugCheckEx fffff880`099bdb80 fffff800`035ab4c1 : fffff8a0`00001900 fffffa80`0449a000 00000000`00000000 fffffa80`04ad8630 : nt!ExFreePool+0x780 fffff880`099bdc10 fffff800`0378d75e : fffffa80`04c1e930 00000000`00000001 fffffa80`20707249 fffffa80`04c1e930 : nt!ExFreePoolWithTag+0x411 fffff880`099bdcc0 fffff800`0347b7b4 : 00000000`00000000 fffffa80`06aa6060 fffffa80`03d12f30 00000000`00000000 : nt!IopDeleteFile+0x14e fffff880`099bdd50 fffff800`0378d4b4 : fffffa80`06aa6060 00000000`00000000 fffffa80`078bab60 00000000`00000000 : nt!ObfDereferenceObject+0xd4 fffff880`099bddb0 fffff800`0378d3b4 : 00000000`00000c84 fffffa80`06aa6060 fffff8a0`00001950 00000000`00000c84 : nt!ObpCloseHandleTableEntry+0xc4 fffff880`099bde40 fffff800`03475853 : fffffa80`078bab60 fffff880`099bdf10 fffff8a0`09062120 fffffa80`044ac010 : nt!ObpCloseHandle+0x94 fffff880`099bde90 fffff800`03471df0 : fffff880`01157e33 00000000`00000000 00000000`00000034 fffff8a0`09062120 : nt!KiSystemServiceCopyEnd+0x13 fffff880`099be028 fffff880`01157e33 : 00000000`00000000 00000000`00000034 fffff8a0`09062120 fffffa80`04c62890 : nt!KiServiceLinkage fffff880`099be030 00000000`00000000 : 00000000`00000034 fffff8a0`09062120 fffffa80`04c62890 fffff880`099be138 : mfehidk+0xfe33 STACK_COMMAND: kb FOLLOWUP_IP: nt!ExFreePool+780 fffff800`035a9130 cc int 3 SYMBOL_STACK_INDEX: 1 SYMBOL_NAME: nt!ExFreePool+780 FOLLOWUP_NAME: Pool_corruption IMAGE_NAME: Pool_Corruption DEBUG_FLR_IMAGE_TIMESTAMP: 0 MODULE_NAME: Pool_Corruption FAILURE_BUCKET_ID: X64_0x19_3_nt!ExFreePool+780 BUCKET_ID: X64_0x19_3_nt!ExFreePool+780 Followup: Pool_corruption ---------
Thanks, Ken!
Just out of interest, why would AdAware be causing the problem? I thought it was a pretty stable, reputable bit of software! Though I do say that with little actual expertise.
Will uninstall all the same, download memtestx86 and run it from a CD. Hope it works!
Is this the 'memtest' I'm looking for? http://www.memtest.org/
If I download the 'Pre-Compiled Bootable ISO', does that mean I can copy it straight to a CD without needing to 'burn' it?
Conveniently, I got another BSOD after restarting having uninstalled AdAware! I've attached the updated Minidump and here's the entry from Event Viewer if that's at all useful.
Log Name: System
Source: Microsoft-Windows-Kernel-Power
Date: 09/05/2010 22:46:08
Event ID: 41
Task Category: (63)
Level: Critical
Keywords: (2)
User: SYSTEM
Computer: Admin-PC
Description:
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Power" Guid="{331C3B3A-2005-44C2-AC5E-77220C37D6B4}" />
<EventID>41</EventID>
<Version>2</Version>
<Level>1</Level>
<Task>63</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000002</Keywords>
<TimeCreated SystemTime="2010-05-09T21:46:08.343617300Z" />
<EventRecordID>23885</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>Admin-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="BugcheckCode">59</Data>
<Data Name="BugcheckParameter1">0xc0000005</Data>
<Data Name="BugcheckParameter2">0xfffff800034ab7a9</Data>
<Data Name="BugcheckParameter3">0xfffff88009539ed0</Data>
<Data Name="BugcheckParameter4">0x0</Data>
<Data Name="SleepInProgress">false</Data>
<Data Name="PowerButtonTimestamp">0</Data>
</EventData>
</Event>
Sorry for the double post, but I have the results of my memtestx86! Left it on all day while I was at school - it ran for a whopping 14 passes and found 0 errors! That confused me, but I guess it means it isn't a hardware problem?
I hope it ran correctly - I didn't do any configuration and just let it run from boot without me touching it. I couldn't see a way of capturing the screen, but I used the distinctly newby tactic of photographing the screen if anyone wants to see it.
So good news, but the mystery is unsolved! Help!
I can't figure out what are the latest dmps. Please delete all the dmps in your minidump folder, and upload the new ones as they come.
Okay. I had a new one after a bit of use this afternoon, but before I could post my dumps the computer crashed again! It's starting to seem like a hopeless battle. Are there any indications from the existing dumps as to the problem? Also, does the memtestx86 score rule out hardware problems?
EDIT: Is there any way to post the dumps via safe mode? Otherwise I'll just have to try to be speedy - or lucky.
Deleted old dumps as you requested. Attached is one new one! Please help - I want my (normally) lovely computer back! Thanks in advance! :)