Multiple BSODs - Possible Driver issue?

Discussion in 'Windows 7 Blue Screen of Death (BSOD)' started by Leeloo, Dec 14, 2012.

  1. Leeloo

    Leeloo New Member

    Joined:
    Dec 14, 2012
    Messages:
    2
    Likes Received:
    0
    Hey y'all!!

    I am experiencing an issue with a Win7 laptop crashing pretty consistently. During my attempt to troubleshoot this issue I am learning how to use some of the Window debugging tools (which has been fun) but I think I have finally gotten stuck. I don't know what else to try! It all began with a BSOD:

    Problem signature:
    Problem Event Name: BlueScreen
    OS Version: 6.1.7601.2.1.0.768.3
    Locale ID: 1033

    Additional information about the problem:
    BCCode: 3b
    BCP1: 00000000C0000005
    BCP2: FFFFF800031B19BC
    BCP3: FFFFF880040ADA90
    BCP4: 0000000000000000
    OS Version: 6_1_7601
    Service Pack: 1_0
    Product: 768_1

    I ran MBAM and AVG scans in safe mode (came back clean). I ran a disk check, which didn't come back with anything too serious, but some memory had been allocated incorrectly (maybe the symtpom of a larger issue?). I updated the graphics card drivers from the Intel website and ran a memory check (came back fine) based on some advice I found regarding the above BC Code (and as a result of some info from the dump files I've attached).


    Now I've sifted through some of these dump files, and I ran driver verifier (now disabled as it was causing more fequent BSODs), which flagged some drivers. But I fear I don't really know how to read the data in these files. It looks like a USB driver was flagged, and another one of these dumps flagged MBAM as a potential pool leak issue (I'm not entirely certain what that means). I have had alot of issues with the USB 3 port in the past so I just disabled that, then reinstalled all of the drivers for the other USB devices on the machine. As soon as it boot back up, it crashed again. Booted again, and I figured a clean reinstall of MBAM wouldn't be a bad idea. Tried to uninstall but the PC crashed in the process (at this point I still had driver verifier on, which I think was the culprit for that BSOD). Disabled driver verifier and uninstalled MBAM with their clean up tool. As of now it is still crashing...

    Any ideas?

    View attachment 121112-27487-01.dmp
    View attachment 121112-53133-01.dmp
    View attachment 121312-35724-01.dmp
    View attachment 121312-36488-01.dmp
    View attachment chkdskLog.txt
     
  2. GeneralHiningII

    GeneralHiningII Honorable Member

    Joined:
    Sep 21, 2012
    Messages:
    745
    Likes Received:
    7
    http://windows7forums.com/blue-screen-death-bsod/38837-how-ask-help-bsod-problem.html

    Please use the link provided to post a BSOD report, thanks.


    Code:
    Debug session time: Wed Dec 12 04:46:39.778 2012 (UTC + 11:00)
    Loading Dump File [C:\Users\MZ\SysnativeBSODApps\121112-53133-01.dmp]
    Built by: 7601.17944.amd64fre.win7sp1_gdr.120830-0333
    System Uptime: 0 days 3:51:35.311
    BugCheck 19, {3, fffff8000320ac10, 7365443a4c444d3b, 50483a47464dc800}
    *** WARNING: Unable to verify timestamp for avgtdia.sys
    *** ERROR: Module load completed but symbols could not be loaded for avgtdia.sys
    Probably caused by :[COLOR=#ff0000] Pool_Corruption ( nt!ExDeferredFreePool+a53 )[/COLOR]
    Bugcheck code 00000019
    Arguments: 
    Arg1: 0000000000000003, the pool freelist is corrupt.
    Arg2: fffff8000320ac10, the pool entry being checked.
    Arg3: 7365443a4c444d3b, the read back flink freelist value (should be the same as 2).
    Arg4: 50483a47464dc800, the read back blink freelist value (should be the same as 2).
    BUGCHECK_STR:  0x19_3
    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
    PROCESS_NAME: [COLOR=#ff0000] unattended_srv[/COLOR]
    FAILURE_BUCKET_ID:  X64_0x19_3_nt!ExDeferredFreePool+a53
    ¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
    Debug session time: Fri Dec 14 09:27:50.662 2012 (UTC + 11:00)
    Loading Dump File [C:\Users\MZ\SysnativeBSODApps\121312-35724-01.dmp]
    Built by: 7601.17944.amd64fre.win7sp1_gdr.120830-0333
    System Uptime: 0 days 0:06:16.754
    BugCheck C4, {62, fffffa8008824be8, fffffa80080c9a00, 1}
    *** WARNING: Unable to verify timestamp for mbam.sys
    *** ERROR: Module load completed but symbols could not be loaded for mbam.sys
    Probably caused by :[COLOR=#ff0000] mbam.sys[/COLOR]
    Bugcheck code 000000c4
    [COLOR=#ff0000]DRIVER_VERIFIER_DETECTED_VIOLATION (c4)[/COLOR]
    Arguments: 
    Arg1: 0000000000000062, A driver has forgotten to free its pool allocations prior to unloading.
    Arg2: fffffa8008824be8, name of the driver having the issue.
    Arg3: fffffa80080c9a00, verifier internal structure with driver information.
    Arg4: 0000000000000001, total # of (paged+nonpaged) allocations that weren't freed.
        Type !verifier 3 drivername.sys for info on the allocations
        that were leaked that caused the bugcheck.
    BUGCHECK_STR:  0xc4_62
    DEFAULT_BUCKET_ID:[COLOR=#ff0000]  VERIFIER_ENABLED_VISTA_MINIDUMP[/COLOR]
    PROCESS_NAME:  services.exe
    FAILURE_BUCKET_ID:  X64_0xc4_62_VRF_LEAKED_POOL_IMAGE_mbam.sys
    MaxSpeed:     2300
    CurrentSpeed: 2294
    BiosVersion = K54C.202
    [COLOR=#ff0000]BiosReleaseDate = 11/03/2011[/COLOR]
    SystemManufacturer = ASUSTeK Computer Inc.
    SystemProductName = K54C
    ¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
    Debug session time: Fri Dec 14 10:05:21.345 2012 (UTC + 11:00)
    Loading Dump File [C:\Users\MZ\SysnativeBSODApps\121312-36488-01.dmp]
    Built by: 7601.17944.amd64fre.win7sp1_gdr.120830-0333
    System Uptime: 0 days 0:36:37.812
    BugCheck C4, {62, fffffa80080d37e8, fffffa80080d39b0, 1}
    *** WARNING: Unable to verify timestamp for mbam.sys
    *** ERROR: Module load completed but symbols could not be loaded for mbam.sys
    Probably caused by : [COLOR=#ff0000]mbam.sys[/COLOR]
    Bugcheck code 000000c4
    [COLOR=#ff0000]DRIVER_VERIFIER_DETECTED_VIOLATION (c4)[/COLOR]
    Arguments: 
    Arg1: 0000000000000062, A driver has forgotten to free its pool allocations prior to unloading.
    Arg2: fffffa80080d37e8, name of the driver having the issue.
    Arg3: fffffa80080d39b0, verifier internal structure with driver information.
    Arg4: 0000000000000001, total # of (paged+nonpaged) allocations that weren't freed.
        Type !verifier 3 drivername.sys for info on the allocations
        that were leaked that caused the bugcheck.
    BUGCHECK_STR:  0xc4_62
    DEFAULT_BUCKET_ID: [COLOR=#ff0000] VERIFIER_ENABLED_VISTA_MINIDUMP[/COLOR]
    PROCESS_NAME:  [COLOR=#ff0000]services.exe[/COLOR]
    FAILURE_BUCKET_ID:  X64_0xc4_62_VRF_LEAKED_POOL_IMAGE_mbam.sys
    MaxSpeed:     2300
    CurrentSpeed: 2294
    BiosVersion = K54C.202
    [COLOR=#ff0000]BiosReleaseDate = 11/03/2011[/COLOR]
    SystemManufacturer = ASUSTeK Computer Inc.
    SystemProductName = K54C
    ¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
    Debug session time: Wed Dec 12 07:33:53.705 2012 (UTC + 11:00)
    Loading Dump File [C:\Users\MZ\SysnativeBSODApps\121112-27487-01.dmp]
    Built by: 7601.17944.amd64fre.win7sp1_gdr.120830-0333
    System Uptime: 0 days 0:29:28.188
    BugCheck 3B, {c0000005, fffff800031b19bc, fffff880040ada90, 0}
    Probably caused by : [COLOR=#ff0000]Pool_Corruption ( nt!ExDeferredFreePool+100 )[/COLOR]
    Bugcheck code 0000003B
    Arguments: 
    Arg1: 00000000c0000005, Exception code that caused the bugcheck
    Arg2: fffff800031b19bc, Address of the instruction which caused the bugcheck
    Arg3: fffff880040ada90, Address of the context record for the exception that caused the bugcheck
    Arg4: 0000000000000000, zero.
    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
    BUGCHECK_STR:  0x3B
    PROCESS_NAME:  [COLOR=#ff0000]csrss.exe[/COLOR]
    FAILURE_BUCKET_ID:  X64_0x3B_nt!ExDeferredFreePool+100
    ¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
    
    
    First one:
    unattended_srv points to Hamachi LogMeIn -
    Try:
    uninstalling Hamachi
    Check your internet connection (might want to contact your ISP (InternetServiceProvider) as a precaution)
    Disabling Hamachi on startup:
    Second and third:
    Mbam.sys belongs to MalwareBytes -
    Check you have your Firewall running (don't just rely on MB): Go to Start Menu and type in Windows Firewall, the first one under Control Panel.
    http://downloads.malwarebytes.org/file/mbam_clean
    Could you also fill in your System Specs.

    For the fourth one:
    Follow the steps for msconfig, but instead, under services, disable all of them except your antivirus. Restart, and see if the problem still occurs.
     
    #2 GeneralHiningII, Dec 14, 2012
    Last edited: Dec 14, 2012

Share This Page

Loading...