Your wifi driver (
RTL8192su.sys;Realtek) was doing most of the workload for the thread that caused that single crash. While I can't tell anything beyond this tiny minidump, that's where we can start with. I saw the driver dated from Aug 2011, so you may wanna check for an update with it, also checking an update for your BIOS as well since that can interfere as well. I assume this is a USB wifi dongle given that I'm seeing USB activity in the stack as well, and I know from experience those wifi dongles can sometimes be a little iffy in stability when it comes to drivers.
If none of the previous recommendations fixes anything, I recommend you turn on
Driver Verifier, let it crash the system some, and then send us the crashdumps.
Oh, and don't rule out the CA Antivirus here. I've seen it cause stability issues with people, so it wouldn't be any exception here. However, as of now it is not a prime suspect given the current (albeit sparse) data.
Analysts:
One of the first items to look at in a crashdump is the raw stack of the faulting thread. I'll forgo using Niemiro's tidy little extension he's made for Windbg for such an occasion and demonstrate how to do so without:
Code:
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_CORRUPTED_EXPOOL (c5)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is
caused by drivers that have corrupted the system pool. Run the driver
verifier against any new (or suspect) drivers, and if that doesn't turn up
the culprit, then use gflags to enable special pool.
Arguments:
Arg1: 0000000100000023, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
Arg4: fffff800033b624c, address which referenced memory
Debugging Details:
------------------
TRIAGER: Could not open triage file : C:\Program Files (x86)\Windows Kits\8.0\Debuggers\x64\triage\modclass.ini, error 2
BUGCHECK_STR: 0xC5_2
CURRENT_IRQL: 2
FAULTING_IP:
nt!ExAllocatePoolWithTag+16c
fffff800`033b624c 8b4824 mov ecx,dword ptr [rax+24h]
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
PROCESS_NAME: System
TRAP_FRAME: fffff8800311a640 -- (.trap 0xfffff8800311a640)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=00000000ffffffff rbx=0000000000000000 rcx=fffffa800afe9ed1
rdx=fffffa8007c937c1 rsi=0000000000000000 rdi=0000000000000000
rip=fffff800033b624c rsp=fffff8800311a7d8 rbp=fffffa8000000000
r8=0000000000000801 r9=fffff8000320c000 r10=fffff880009eab20
r11=fffff8800311a9b8 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
nt!ExAllocatePoolWithTag+0x16c:
fffff800`033b624c 8b4824 mov ecx,dword ptr [rax+24h] ds:00000001`00000023=????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff8000328a569 to fffff8000328afc0
STACK_TEXT:
fffff880`0311a4f8 fffff800`0328a569 : 00000000`0000000a 00000001`00000023 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff880`0311a500 fffff800`032891e0 : fffff880`0311a970 00000000`ee795b35 fffffa80`072f36d0 fffffa80`07c937b0 : nt!KiBugCheckDispatch+0x69
fffff880`0311a640 fffff800`033b624c : fffff880`026f20de fffffa80`08ecc7f0 fffff880`016c64e0 fffff880`0272d5c0 : nt!KiPageFault+0x260
fffff880`0311a7d8 00000000`00000000 : 00000000`00000000 00000000`37383138 fffff880`0747e0c7 fffff880`0747f340 : nt!ExAllocatePoolWithTag+0x16c
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!ExAllocatePoolWithTag+16c
fffff800`033b624c 8b4824 mov ecx,dword ptr [rax+24h]
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: nt!ExAllocatePoolWithTag+16c
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 503f82be
FAILURE_BUCKET_ID: X64_0xC5_2_nt!ExAllocatePoolWithTag+16c
BUCKET_ID: X64_0xC5_2_nt!ExAllocatePoolWithTag+16c
Followup: MachineOwner
---------
1: kd>[COLOR=blue] !thread[/COLOR]
GetPointerFromAddress: unable to read from fffff800034ba000
THREAD fffff880009f50c0 Cid 0000.0000 Teb: 0000000000000000 Win32Thread: 0000000000000000 RUNNING on processor 1
Not impersonating
GetUlongFromAddress: unable to read from fffff800033f9ba4
Owning Process fffff8000340c180 Image: <Unknown>
Attached Process fffffa80066dd040 Image: System
fffff78000000000: Unable to get shared data
Wait Start TickCount 1022583
Context Switch Count 1095647 IdealProcessor: 1
ReadMemory error: Cannot get nt!KeMaximumIncrement value.
UserTime 00:00:00.000
KernelTime 00:00:00.000
Win32 Start Address nt!KiIdleLoop (0xfffff80003282c70)
Stack Init fffff8800311bc70 Current fffff8800311bc00
[COLOR=teal]Base fffff8800311c000[/COLOR] [COLOR=purple]Limit fffff88003116000[/COLOR] Call 0
Priority 16 BasePriority 0 UnusualBoost 0 ForegroundBoost 0 IoPriority 0 PagePriority 0
Child-SP RetAddr : Args to Child : Call Site
fffff880`0311a4f8 fffff800`0328a569 : 00000000`0000000a 00000001`00000023 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff880`0311a500 fffff800`032891e0 : fffff880`0311a970 00000000`ee795b35 fffffa80`072f36d0 fffffa80`07c937b0 : nt!KiBugCheckDispatch+0x69
fffff880`0311a640 fffff800`033b624c : fffff880`026f20de fffffa80`08ecc7f0 fffff880`016c64e0 fffff880`0272d5c0 : nt!KiPageFault+0x260 (TrapFrame @ fffff880`0311a640)
fffff880`0311a7d8 00000000`00000000 : 00000000`00000000 00000000`37383138 fffff880`0747e0c7 fffff880`0747f340 : nt!ExAllocatePoolWithTag+0x16c
1: kd> [COLOR=blue]dps [/COLOR][COLOR=purple]fffff88003116000 [/COLOR][COLOR=teal]fffff8800311c000[/COLOR] [COLOR=green]//start of range is [I]Limit[/I], end of range is [I]Base[/I], since stacks grow backwards.[/COLOR]
fffff880`03116000 ????????`????????
fffff880`03116008 ????????`????????
fffff880`03116010 ????????`???????? [COLOR=green]//Currently unused portion of stack[/COLOR]
fffff880`03116018 ????????`????????
fffff880`03116020 ????????`????????
fffff880`03116028 ????????`????????
...
fffff880`03119ff0 ????????`????????
fffff880`03119ff8 ????????`????????
fffff880`0311a000 00000000`00000000 [COLOR=green] //Current top of stack[/COLOR]
fffff880`0311a008 00000000`00000000
fffff880`0311a010 00000000`37383138
fffff880`0311a018 fffff800`0328afc0 nt!KeBugCheckEx
fffff880`0311a020 00000000`00000000
fffff880`0311a028 00000000`00000000
fffff880`0311a030 00000000`00000000
...
fffff880`0311a938 fffffa80`0c4a6000
fffff880`0311a940 fffff880`0311a9c8
fffff880`0311a948 fffff880`0d2d0392 [COLOR=red]RTL8192su+0xe392[/COLOR]
fffff880`0311a950 00000000`00000000
fffff880`0311a958 00000000`00000000
...
fffff880`0311b4d0 00000068`06938100
fffff880`0311b4d8 fffff880`0d338618 RTL8192su+0x76618
fffff880`0311b4e0 fffffa80`0c5c8000
fffff880`0311b4e8 fffff880`07d4cd8f [COLOR=darkred]usbhub!UsbhPdoInternalDeviceControl+[/COLOR]0x373
fffff880`0311b4f0 00000000`00000000 [COLOR=green]//Current bottom of stack. Notice USB activity in stack.[/COLOR]
fffff880`0311b4f8 ????????`????????
fffff880`0311b500 ????????`????????