Multiple BSODs - Possible Driver issue?

#1
Hey y'all!!

I am experiencing an issue with a Win7 laptop crashing pretty consistently. During my attempt to troubleshoot this issue I am learning how to use some of the Window debugging tools (which has been fun) but I think I have finally gotten stuck. I don't know what else to try! It all began with a BSOD:

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7601.2.1.0.768.3
Locale ID: 1033

Additional information about the problem:
BCCode: 3b
BCP1: 00000000C0000005
BCP2: FFFFF800031B19BC
BCP3: FFFFF880040ADA90
BCP4: 0000000000000000
OS Version: 6_1_7601
Service Pack: 1_0
Product: 768_1

I ran MBAM and AVG scans in safe mode (came back clean). I ran a disk check, which didn't come back with anything too serious, but some memory had been allocated incorrectly (maybe the symtpom of a larger issue?). I updated the graphics card drivers from the Intel website and ran a memory check (came back fine) based on some advice I found regarding the above BC Code (and as a result of some info from the dump files I've attached).


Now I've sifted through some of these dump files, and I ran driver verifier (now disabled as it was causing more fequent BSODs), which flagged some drivers. But I fear I don't really know how to read the data in these files. It looks like a USB driver was flagged, and another one of these dumps flagged MBAM as a potential pool leak issue (I'm not entirely certain what that means). I have had alot of issues with the USB 3 port in the past so I just disabled that, then reinstalled all of the drivers for the other USB devices on the machine. As soon as it boot back up, it crashed again. Booted again, and I figured a clean reinstall of MBAM wouldn't be a bad idea. Tried to uninstall but the PC crashed in the process (at this point I still had driver verifier on, which I think was the culprit for that BSOD). Disabled driver verifier and uninstalled MBAM with their clean up tool. As of now it is still crashing...

Any ideas?

View attachment 121112-27487-01.dmp
View attachment 121112-53133-01.dmp
View attachment 121312-35724-01.dmp
View attachment 121312-36488-01.dmp
View attachment chkdskLog.txt
 


GeneralHiningII

Honorable Member
#2
http://windows7forums.com/blue-screen-death-bsod/38837-how-ask-help-bsod-problem.html

Please use the link provided to post a BSOD report, thanks.


Code:
Debug session time: Wed Dec 12 04:46:39.778 2012 (UTC + 11:00)
Loading Dump File [C:\Users\MZ\SysnativeBSODApps\121112-53133-01.dmp]
Built by: 7601.17944.amd64fre.win7sp1_gdr.120830-0333
System Uptime: 0 days 3:51:35.311
BugCheck 19, {3, fffff8000320ac10, 7365443a4c444d3b, 50483a47464dc800}
*** WARNING: Unable to verify timestamp for avgtdia.sys
*** ERROR: Module load completed but symbols could not be loaded for avgtdia.sys
Probably caused by :[COLOR=#ff0000] Pool_Corruption ( nt!ExDeferredFreePool+a53 )[/COLOR]
Bugcheck code 00000019
Arguments: 
Arg1: 0000000000000003, the pool freelist is corrupt.
Arg2: fffff8000320ac10, the pool entry being checked.
Arg3: 7365443a4c444d3b, the read back flink freelist value (should be the same as 2).
Arg4: 50483a47464dc800, the read back blink freelist value (should be the same as 2).
BUGCHECK_STR:  0x19_3
DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
PROCESS_NAME: [COLOR=#ff0000] unattended_srv[/COLOR]
FAILURE_BUCKET_ID:  X64_0x19_3_nt!ExDeferredFreePool+a53
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
Debug session time: Fri Dec 14 09:27:50.662 2012 (UTC + 11:00)
Loading Dump File [C:\Users\MZ\SysnativeBSODApps\121312-35724-01.dmp]
Built by: 7601.17944.amd64fre.win7sp1_gdr.120830-0333
System Uptime: 0 days 0:06:16.754
BugCheck C4, {62, fffffa8008824be8, fffffa80080c9a00, 1}
*** WARNING: Unable to verify timestamp for mbam.sys
*** ERROR: Module load completed but symbols could not be loaded for mbam.sys
Probably caused by :[COLOR=#ff0000] mbam.sys[/COLOR]
Bugcheck code 000000c4
[COLOR=#ff0000]DRIVER_VERIFIER_DETECTED_VIOLATION (c4)[/COLOR]
Arguments: 
Arg1: 0000000000000062, A driver has forgotten to free its pool allocations prior to unloading.
Arg2: fffffa8008824be8, name of the driver having the issue.
Arg3: fffffa80080c9a00, verifier internal structure with driver information.
Arg4: 0000000000000001, total # of (paged+nonpaged) allocations that weren't freed.
    Type !verifier 3 drivername.sys for info on the allocations
    that were leaked that caused the bugcheck.
BUGCHECK_STR:  0xc4_62
DEFAULT_BUCKET_ID:[COLOR=#ff0000]  VERIFIER_ENABLED_VISTA_MINIDUMP[/COLOR]
PROCESS_NAME:  services.exe
FAILURE_BUCKET_ID:  X64_0xc4_62_VRF_LEAKED_POOL_IMAGE_mbam.sys
MaxSpeed:     2300
CurrentSpeed: 2294
BiosVersion = K54C.202
[COLOR=#ff0000]BiosReleaseDate = 11/03/2011[/COLOR]
SystemManufacturer = ASUSTeK Computer Inc.
SystemProductName = K54C
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
Debug session time: Fri Dec 14 10:05:21.345 2012 (UTC + 11:00)
Loading Dump File [C:\Users\MZ\SysnativeBSODApps\121312-36488-01.dmp]
Built by: 7601.17944.amd64fre.win7sp1_gdr.120830-0333
System Uptime: 0 days 0:36:37.812
BugCheck C4, {62, fffffa80080d37e8, fffffa80080d39b0, 1}
*** WARNING: Unable to verify timestamp for mbam.sys
*** ERROR: Module load completed but symbols could not be loaded for mbam.sys
Probably caused by : [COLOR=#ff0000]mbam.sys[/COLOR]
Bugcheck code 000000c4
[COLOR=#ff0000]DRIVER_VERIFIER_DETECTED_VIOLATION (c4)[/COLOR]
Arguments: 
Arg1: 0000000000000062, A driver has forgotten to free its pool allocations prior to unloading.
Arg2: fffffa80080d37e8, name of the driver having the issue.
Arg3: fffffa80080d39b0, verifier internal structure with driver information.
Arg4: 0000000000000001, total # of (paged+nonpaged) allocations that weren't freed.
    Type !verifier 3 drivername.sys for info on the allocations
    that were leaked that caused the bugcheck.
BUGCHECK_STR:  0xc4_62
DEFAULT_BUCKET_ID: [COLOR=#ff0000] VERIFIER_ENABLED_VISTA_MINIDUMP[/COLOR]
PROCESS_NAME:  [COLOR=#ff0000]services.exe[/COLOR]
FAILURE_BUCKET_ID:  X64_0xc4_62_VRF_LEAKED_POOL_IMAGE_mbam.sys
MaxSpeed:     2300
CurrentSpeed: 2294
BiosVersion = K54C.202
[COLOR=#ff0000]BiosReleaseDate = 11/03/2011[/COLOR]
SystemManufacturer = ASUSTeK Computer Inc.
SystemProductName = K54C
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
Debug session time: Wed Dec 12 07:33:53.705 2012 (UTC + 11:00)
Loading Dump File [C:\Users\MZ\SysnativeBSODApps\121112-27487-01.dmp]
Built by: 7601.17944.amd64fre.win7sp1_gdr.120830-0333
System Uptime: 0 days 0:29:28.188
BugCheck 3B, {c0000005, fffff800031b19bc, fffff880040ada90, 0}
Probably caused by : [COLOR=#ff0000]Pool_Corruption ( nt!ExDeferredFreePool+100 )[/COLOR]
Bugcheck code 0000003B
Arguments: 
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff800031b19bc, Address of the instruction which caused the bugcheck
Arg3: fffff880040ada90, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
BUGCHECK_STR:  0x3B
PROCESS_NAME:  [COLOR=#ff0000]csrss.exe[/COLOR]
FAILURE_BUCKET_ID:  X64_0x3B_nt!ExDeferredFreePool+100
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
First one:
unattended_srv points to Hamachi LogMeIn -
Try:
uninstalling Hamachi
Check your internet connection (might want to contact your ISP (InternetServiceProvider) as a precaution)
Disabling Hamachi on startup:
To disable programs:
Go to Start Menu, and type in "msconfig".
Under the Startup Tab, and uncheck the box labelled <service problem>.
Second and third:
Mbam.sys belongs to MalwareBytes -
Check you have your Firewall running (don't just rely on MB): Go to Start Menu and type in Windows Firewall, the first one under Control Panel.
http://downloads.malwarebytes.org/file/mbam_clean
Could you also fill in your System Specs.

For the fourth one:
Follow the steps for msconfig, but instead, under services, disable all of them except your antivirus. Restart, and see if the problem still occurs.
 


Last edited:
This website is not affiliated, owned, or endorsed by Microsoft Corporation. It is a member of the Microsoft Partner Program.