SPECIAL_POOL_DETECTED_MEMORY_CORRUPTION

usasma

Fantastic Member
Microsoft Community Contributor
#2
Please provide this information so we can provide a complete analysis: http://windows7forums.com/blue-screen-death-bsod/38837-how-ask-help-bsod-problem.html

The info that you've provided only shows that there was a crash. It blames the kernel (core) of the OS - which isn't very likely. If it was the kernel, you'd be having many, many more problems other than just the occasional BSOD.

For starters:
At work we start all repairs with a set of diagnostics. Often they find problems that weren't even expected. It's a waste of time to try to fix software on a system that has hardware problems.
Please try these free diagnostics for starters: Initial Hardware Diagnostics
Also, please ensure that you have ALL available Windows Updates (it may take several trips to get them all).
 


#3
Hi,

When i do that the folder it creates is empty.....
 


#4
Sorry worked it out now. View attachment W7F_02-05-2013.zip

AV: Norton AV 2013 OEM
MB Asrock z77 extreme 6
cpu intel 3770k
16gb mem (forget brand..)
2 x nvidia gtx 680 msi lightning's
120 gb intel 330 ssd
2 tb seagate baracuda
 


#5
Did it again
 


#6
Also I ran Memtest for 48 hours, no problems, used intel ssd to check my ssd, fine, used seatools for windows and did a long test and no errors either...
 


usasma

Fantastic Member
Microsoft Community Contributor
#7
Systeminfo.txt report missing. Please visit Windows Update and get ALL available Windows Updates. Windows 7 systems typically have Service Pack 1 and an additional 160 (or more) updates.

Most Windows 8 systems have 66 or more updates - please be sure to get them all.

Please understand that this is a Windows 7 forum - so I may make mistakes based on that assumption. I do not reread every post when I reply to your posts.

SSD's were temperamental when they first came out, but their reliability has improved greatly over the last year or two. There are 2 things that MUST be checked on systems with BSOD's and SSD's:
1) That the SSD firmware is the latest available for the SSD
2) That the storage controller drivers on the motherboard are the most recent. They must date from late 2012 or later. This is all controllers, not just the one that the SSD is attached to.
Your Intel Graphics are disabled. Is this deliberate? If so, why?
Make sure that you enable the Intel graphics, update it's drivers, and then disable it again (if so desired).

MSI Afterburner (along with Riva Tuner and EVGA Precision) are known to cause BSOD's in some Windows systems. Please un-install it immediately!

If you're overclocking, please stop the overclock while we're troubleshooting. Feel free to resume the overclock once the system has been stabilized.

One of the memory dumps is Driver Verifier Enabled. Did you turn Driver Verifier on? If so, have you turned it off?
Please open VERIFIER.EXE and select "Delete existing settings", click on "Finish" and then reboot the system to be sure.

Norton is blamed in one of the memory dumps, please do this:
Anti-Virus Removal:
Please do the following:
- download a free anti-virus for testing purposes: Free AntiVirus If using Windows 8, enable Windows Defender and the Windows Firewall instead.
- un-install the Norton from your system (you can reinstall it, if so desired, when we're done troubleshooting)
- remove any remnants of Norton using this free tool: http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN
- IMMEDIATELY install and update the free anti-virus (if using Win8, enable Windows Defender), then check to ensure that the Windows Firewall is turned on.
- perform a full system scan to ensure that no malware has snuck onto your system while the anti-virus was malfunctioning.
- check to see if this fixes the BSOD's
NOTE: NEVER ru
Please update these older drivers. Links are included to assist in looking up the source of the drivers. If unable to find an update, please remove (un-install) the program responsible for that driver. DO NOT manually delete/rename the driver as it may make the system unbootable! :

AsrAppCharger.sys Tue May 10 04:28:46 2011 (4DC8F73E)
ASRock App Charger Likely BSOD cause - haven't seen recently (15Jan2013)
http://www.carrona.org/drivers/driver.php?id=AsrAppCharger.sys

WPRO_41_2001.sys Mon Nov 7 16:04:48 2011 (4EB847F0)
CACE Technologies WinPcap Packet Driver
http://www.carrona.org/drivers/driver.php?id=WPRO_41_2001.sys



Analysis:
The following is for informational purposes only.
Code:
[font=lucida console]**************************Thu May  2 15:12:12.947 2013 (UTC - 4:00)**************************
Loading Dump File [C:\Users\Owner\SysnativeBSODApps\050213-21312-01.dmp]
Windows 8 Kernel Version 9200 MP (8 procs) Free x64
Built by: [B]9200[/B].16551.amd64fre.win8_gdr.130306-1502
System Uptime:[B]0 days 0:28:46.646[/B]
Probably caused by :[B]memory_corruption ( nt!MiCheckSpecialPoolSlop+a1 )[/B]
BugCheck [B]C1, {fffff981cf022df0, fffff981cf022604, 39c206, 23}[/B]
BugCheck Info: [url=http://www.carrona.org/bsodindx.html#0x000000C1]SPECIAL_POOL_DETECTED_MEMORY_CORRUPTION (c1)[/url]
Arguments: 
Arg1: fffff981cf022df0, address trying to free
Arg2: fffff981cf022604, address where bits are corrupted
Arg3: 000000000039c206, (reserved)
Arg4: 0000000000000023, caller is freeing an address where nearby bytes within the same page have been corrupted
BUGCHECK_STR:  0xC1_23
PROCESS_NAME:  ccSvcHst.exe
FAILURE_BUCKET_ID: [B]0xC1_23_VRF_nt!MiCheckSpecialPoolSlop[/B]
CPUID:        "Intel(R) Core(TM) i7-3770K CPU @ 3.50GHz"
MaxSpeed:     3500
CurrentSpeed: [B]3500[/B]
  BIOS Version                  P2.70
  BIOS Release Date             04/18/2013
  Manufacturer                  To Be Filled By O.E.M.
  Product Name                  To Be Filled By O.E.M.
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Thu May  2 14:42:16.548 2013 (UTC - 4:00)**************************
Loading Dump File [C:\Users\Owner\SysnativeBSODApps\050213-37328-01.dmp]
Windows 8 Kernel Version 9200 MP (8 procs) Free x64
Built by: [B]9200[/B].16551.amd64fre.win8_gdr.130306-1502
System Uptime:[B]0 days 0:17:01.247[/B]
Probably caused by :[B]win32k.sys ( win32k!EngStretchBlt+1185e )[/B]
BugCheck [B]C1, {fffff90105f8cca0, fffff90105f8c643, 37a358, 23}[/B]
BugCheck Info: [url=http://www.carrona.org/bsodindx.html#0x000000C1]SPECIAL_POOL_DETECTED_MEMORY_CORRUPTION (c1)[/url]
Arguments: 
Arg1: fffff90105f8cca0, address trying to free
Arg2: fffff90105f8c643, address where bits are corrupted
Arg3: 000000000037a358, (reserved)
Arg4: 0000000000000023, caller is freeing an address where nearby bytes within the same page have been corrupted
BUGCHECK_STR:  0xC1_23
PROCESS_NAME:  mscorsvw.exe
FAILURE_BUCKET_ID: [B]0xC1_23_VRF_win32k!EngStretchBlt[/B]
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Wed May  1 15:00:19.203 2013 (UTC - 4:00)**************************
Loading Dump File [C:\Users\Owner\SysnativeBSODApps\050113-43906-01.dmp]
Windows 8 Kernel Version 9200 MP (8 procs) Free x64
Built by: [B]9200[/B].16551.amd64fre.win8_gdr.130306-1502
System Uptime:[B]0 days 0:38:50.902[/B]
Probably caused by :[B]fileinfo.sys ( fileinfo!FIStreamCleanup+c2 )[/B]
BugCheck [B]C4, {13e, fffff98053540db0, fffff98063540db0, fffffa80142aee60}[/B]
BugCheck Info: [url=http://www.carrona.org/bsodindx.html#0x000000C4]DRIVER_VERIFIER_DETECTED_VIOLATION (c4)[/url]
DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
Arguments: 
Arg1: 000000000000013e, Pool block address specified by the caller is different from the address tracked by Verifier.
Arg2: fffff98053540db0, Pool block address specified by the caller.
Arg3: fffff98063540db0, Pool block address tracked by Verifier.
Arg4: fffffa80142aee60, Pointer to the pool block address tracked by Verifier.
BUGCHECK_STR:  0xc4_13e
PROCESS_NAME:  System
FAILURE_BUCKET_ID: [B]0xc4_13e_VRF_fileinfo!FIStreamCleanup[/B]
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Wed May  1 14:19:59.011 2013 (UTC - 4:00)**************************
Loading Dump File [C:\Users\Owner\SysnativeBSODApps\050113-37046-01.dmp]
Windows 8 Kernel Version 9200 MP (8 procs) Free x64
Built by: [B]9200[/B].16551.amd64fre.win8_gdr.130306-1502
System Uptime:[B]0 days 0:40:12.710[/B]
Probably caused by :[B]ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+36384 )[/B]
BugCheck [B]1A, {3800, fffff6fcc05a6bf0, 8000000208b8b963, 0}[/B]
BugCheck Info: [url=http://www.carrona.org/bsodindx.html#0x0000001A]MEMORY_MANAGEMENT (1a)[/url]
Arguments: 
Arg1: 0000000000003800, The subtype of the bugcheck.
Arg2: fffff6fcc05a6bf0
Arg3: 8000000208b8b963
Arg4: 0000000000000000
BUGCHECK_STR:  0x1a_3800
PROCESS_NAME:  ccSvcHst.exe
FAILURE_BUCKET_ID: [B]0x1a_3800_VRF_nt!_??_::FNODOBFM::_string_[/B]
CPUID:        "Intel(R) Core(TM) i7-3770K CPU @ 3.50GHz"
MaxSpeed:     3500
CurrentSpeed: [B]3500[/B]
  BIOS Version                  P2.70
  BIOS Release Date             04/18/2013
  Manufacturer                  To Be Filled By O.E.M.
  Product Name                  To Be Filled By O.E.M.
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Tue Apr 30 22:45:59.605 2013 (UTC - 4:00)**************************
Loading Dump File [C:\Users\Owner\SysnativeBSODApps\050113-14031-01.dmp]
Windows 8 Kernel Version 9200 MP (8 procs) Free x64
Built by: [B]9200[/B].16551.amd64fre.win8_gdr.130306-1502
System Uptime:[B]0 days 20:28:07.246[/B]
*** WARNING: Unable to verify timestamp for ccSetx64.sys
*** ERROR: Module load completed but symbols could not be loaded for ccSetx64.sys
Probably caused by :[B]ccSetx64.sys ( ccSetx64+10572 )[/B]
BugCheck [B]3B, {c0000005, fffff880043be572, fffff8800cb16a90, 0}[/B]
BugCheck Info: [url=http://www.carrona.org/bsodindx.html#0x0000003B]SYSTEM_SERVICE_EXCEPTION (3b)[/url]
Arguments: 
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff880043be572, Address of the instruction which caused the bugcheck
Arg3: fffff8800cb16a90, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
BUGCHECK_STR:  0x3B
DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
PROCESS_NAME:  ccSvcHst.exe
FAILURE_BUCKET_ID: [B]0x3B_ccSetx64+10572[/B]
CPUID:        "Intel(R) Core(TM) i7-3770K CPU @ 3.50GHz"
MaxSpeed:     3500
CurrentSpeed: [B]3500[/B]
  BIOS Version                  P2.70
  BIOS Release Date             04/18/2013
  Manufacturer                  To Be Filled By O.E.M.
  Product Name                  To Be Filled By O.E.M.
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Mon Apr 29 19:31:07.631 2013 (UTC - 4:00)**************************
Loading Dump File [C:\Users\Owner\SysnativeBSODApps\043013-20968-01.dmp]
Windows 8 Kernel Version 9200 MP (8 procs) Free x64
Built by: [B]9200[/B].16551.amd64fre.win8_gdr.130306-1502
System Uptime:[B]1 days 6:20:50.222[/B]
*** WARNING: Unable to verify timestamp for SRTSP64.SYS
*** ERROR: Module load completed but symbols could not be loaded for SRTSP64.SYS
Probably caused by :[B]Pool_Corruption ( nt!ExDeferredFreePool+56a )[/B]
BugCheck [B]19, {d, fffff8a028371bf0, 286367ac00dfec92, 286367ac5cdfec92}[/B]
BugCheck Info: [url=http://www.carrona.org/bsodindx.html#0x00000019]BAD_POOL_HEADER (19)[/url]
Arguments: 
Arg1: 000000000000000d, 
Arg2: fffff8a028371bf0
Arg3: 286367ac00dfec92
Arg4: 286367ac5cdfec92
BUGCHECK_STR:  0x19_d
PROCESS_NAME:  System
FAILURE_BUCKET_ID: [B]0x19_d_nt!ExDeferredFreePool[/B]
CPUID:        "Intel(R) Core(TM) i7-3770K CPU @ 3.50GHz"
MaxSpeed:     3500
CurrentSpeed: [B]3500[/B]
  BIOS Version                  P2.70
  BIOS Release Date             04/18/2013
  Manufacturer                  To Be Filled By O.E.M.
  Product Name                  To Be Filled By O.E.M.
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
[/font]
3rd Party Drivers:
The following is for information purposes only.
Any drivers in red should be updated or removed from your system. And should have been discussed in the body of my post.
Code:
[font=lucida console]**************************Thu May  2 15:12:12.947 2013 (UTC - 4:00)**************************
[COLOR=RED][B]AsrAppCharger.sys           Tue May 10 04:28:46 2011 (4DC8F73E)[/B][/COLOR]
[COLOR=RED][B]WPRO_41_2001.sys            Mon Nov  7 16:04:48 2011 (4EB847F0)[/B][/COLOR]
AsrRamDisk.sys              Thu Jan 12 23:52:38 2012 (4F0FB896)
athrx.sys                   Wed Mar 21 23:26:22 2012 (4F6A9BDE)
GEARAspiWDM.sys             Thu May  3 15:56:17 2012 (4FA2E2E1)
ISCTD64.sys                 Fri May  4 20:44:01 2012 (4FA477D1)
SYMEVENT64x86.SYS           Wed May 23 20:52:24 2012 (4FBD8648)
ikbevent.sys                Tue Jun 12 15:22:18 2012 (4FD796EA)
EtronXHCI.sys               Tue Jul  3 07:00:15 2012 (4FF2D0BF)
EtronHub3.sys               Tue Jul  3 07:00:21 2012 (4FF2D0C5)
asahci64.sys                Tue Jul 17 23:15:00 2012 (50062A34)
SYMNETS.SYS                 Fri Jul 20 22:07:07 2012 (500A0ECB)
Ironx64.SYS                 Mon Jul 23 20:34:50 2012 (500DEDAA)
EraserUtilRebootDrv.sys     Tue Jul 31 19:36:50 2012 (50186C12)
eeCtrl64.sys                Tue Jul 31 19:36:51 2012 (50186C13)
ccSetx64.sys                Thu Aug 16 17:18:11 2012 (502D6393)
imsevent.sys                Thu Aug 16 19:20:04 2012 (502D8024)
k57nd60a.sys                Sun Aug 26 00:58:34 2012 (5039ACFA)
IDSvia64.sys                Tue Aug 28 22:48:40 2012 (503D8308)
iaStorA.sys                 Sat Sep  1 21:01:24 2012 (5042AFE4)
dump_iaStorA.sys            Sat Sep  1 21:01:24 2012 (5042AFE4)
lvrs64.sys                  Mon Oct 22 22:11:24 2012 (5085FCCC)
lvuvc64.sys                 Mon Oct 22 22:12:08 2012 (5085FCF8)
intelppm.sys                Mon Nov  5 22:55:02 2012 (50988A16)
HECIx64.sys                 Mon Dec 17 14:32:21 2012 (50CF7345)
EX64.SYS                    Thu Dec 20 04:22:39 2012 (50D2D8DF)
ENG64.SYS                   Thu Dec 20 04:24:21 2012 (50D2D945)
CMHDAudioV64.sys            Tue Dec 25 03:53:42 2012 (50D96996)
SYMDS64.SYS                 Wed Jan 16 20:56:45 2013 (50F75A5D)
SYMEFA64.SYS                Fri Jan 18 19:31:37 2013 (50F9E969)
SRTSP64.SYS                 Fri Jan 25 16:26:16 2013 (5102F878)
SRTSPX64.SYS                Fri Jan 25 16:30:05 2013 (5102F95D)
rzendpt.sys                 Mon Mar  4 01:48:30 2013 (513443BE)
BHDrvx64.sys                Wed Apr 10 01:39:03 2013 (5164FAF7)
nvlddmkm.sys                Thu Apr 18 21:23:41 2013 (51709C9D)
rzudd.sys                   Thu Apr 18 22:00:07 2013 (5170A527)
rzvkeyboard.sys             Thu Apr 18 22:00:15 2013 (5170A52F)
rzdaendpt.sys               Thu Apr 18 22:00:17 2013 (5170A531)
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Wed May  1 15:00:19.203 2013 (UTC - 4:00)**************************
usbaapl64.sys               Tue Nov 27 18:38:02 2012 (50B54EDA)
cpuz136_x64.sys             Wed Mar 20 07:05:43 2013 (51499807)
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Wed May  1 14:19:59.011 2013 (UTC - 4:00)**************************
rzudd.sys                   Mon Mar  4 01:48:31 2013 (513443BF)
rzvkeyboard.sys             Mon Mar  4 01:48:38 2013 (513443C6)
rzdaendpt.sys               Mon Mar  4 01:48:41 2013 (513443C9)
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Tue Apr 30 22:45:59.605 2013 (UTC - 4:00)**************************
nvhda64v.sys                Mon Feb 25 00:27:35 2013 (512AF647)
[/font]
http://www.carrona.org/drivers/driver.php?id=AsrAppCharger.sys
http://www.carrona.org/drivers/driver.php?id=WPRO_41_2001.sys
http://www.carrona.org/drivers/driver.php?id=AsrRamDisk.sys
http://www.carrona.org/drivers/driver.php?id=athrx.sys
http://www.carrona.org/drivers/driver.php?id=GEARAspiWDM.sys
http://www.carrona.org/drivers/driver.php?id=ISCTD64.sys
http://www.carrona.org/drivers/driver.php?id=SYMEVENT64x86.SYS
http://www.carrona.org/drivers/driver.php?id=ikbevent.sys
http://www.carrona.org/drivers/driver.php?id=EtronXHCI.sys
http://www.carrona.org/drivers/driver.php?id=EtronHub3.sys
http://www.carrona.org/drivers/driver.php?id=asahci64.sys
http://www.carrona.org/drivers/driver.php?id=SYMNETS.SYS
http://www.carrona.org/drivers/driver.php?id=Ironx64.SYS
http://www.carrona.org/drivers/driver.php?id=EraserUtilRebootDrv.sys
http://www.carrona.org/drivers/driver.php?id=eeCtrl64.sys
http://www.carrona.org/drivers/driver.php?id=ccSetx64.sys
http://www.carrona.org/drivers/driver.php?id=imsevent.sys
http://www.carrona.org/drivers/driver.php?id=k57nd60a.sys
http://www.carrona.org/drivers/driver.php?id=IDSvia64.sys
http://www.carrona.org/drivers/driver.php?id=iaStorA.sys
http://www.carrona.org/drivers/driver.php?id=dump_iaStorA.sys
http://www.carrona.org/drivers/driver.php?id=lvrs64.sys
http://www.carrona.org/drivers/driver.php?id=lvuvc64.sys
http://www.carrona.org/drivers/driver.php?id=intelppm.sys
http://www.carrona.org/drivers/driver.php?id=HECIx64.sys
http://www.carrona.org/drivers/driver.php?id=EX64.SYS
http://www.carrona.org/drivers/driver.php?id=ENG64.SYS
CMHDAudioV64.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
http://www.carrona.org/drivers/driver.php?id=SYMDS64.SYS
http://www.carrona.org/drivers/driver.php?id=SYMEFA64.SYS
http://www.carrona.org/drivers/driver.php?id=SRTSP64.SYS
http://www.carrona.org/drivers/driver.php?id=SRTSPX64.SYS
http://www.carrona.org/drivers/driver.php?id=rzendpt.sys
http://www.carrona.org/drivers/driver.php?id=BHDrvx64.sys
http://www.carrona.org/drivers/driver.php?id=nvlddmkm.sys
http://www.carrona.org/drivers/driver.php?id=rzudd.sys
http://www.carrona.org/drivers/driver.php?id=rzvkeyboard.sys
http://www.carrona.org/drivers/driver.php?id=rzdaendpt.sys
http://www.carrona.org/drivers/driver.php?id=usbaapl64.sys
http://www.carrona.org/drivers/driver.php?id=cpuz136_x64.sys
http://www.carrona.org/drivers/driver.php?id=rzudd.sys
http://www.carrona.org/drivers/driver.php?id=rzvkeyboard.sys
http://www.carrona.org/drivers/driver.php?id=rzdaendpt.sys
http://www.carrona.org/drivers/driver.php?id=nvhda64v.sys
 


#8
Hi,

Thanks for your informative post.

I did all of what you suggested, I had no idea what that WINpap thing was but anyway.

Had Intel disabled as I have my GTX 680's but anyways did as you suggested, also uninstalled Norton anti virus.

I also disabled driver verification.

I've done another grab - would you mind seeing if there is anything else you can see that might be an issue??

I also did a clean install of the WHQL driver for Nvidia just in case the beta drivers were an issue (haven't been in the past) View attachment W7F_02-05-2013.zip
 


usasma

Fantastic Member
Microsoft Community Contributor
#9
Had you enabled Driver Verifier previously? This is important as there are some BSOD's that will spit out Driver Verifier Enabled memory dumps without you having enabled it (and that makes the analysis a bit different).

Nothing significant noted in the reports - but that's not unusual
Now we wait for further BSOD's to see what we can find.
 


usasma

Fantastic Member
Microsoft Community Contributor
#11
Since Driver Verifier shows a Windows driver being blamed, it's most likely that this isn't a 3rd party driver problem.
As such, the next thing to look at is hardware. Please start with these free diagnostics: Hardware Diagnostics (If the BSOD's continue after doing the steps in my previous post).
 


#12
TL;DR: Remove Symantec. It appears to be corrupting memory.

I'm very curious about these crashdumps. Take this one to start off with:

Code:
6: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
A device driver attempting to corrupt the system has been caught.  This is
because the driver was specified in the registry as being suspect (by the
administrator) and the kernel has enabled substantial checking of this driver.
If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
be among the most commonly seen crashes.
Arguments:
Arg1: 000000000000013e, Pool block address specified by the caller is different from the address tracked by Verifier.
Arg2: fffff980[COLOR=#ff0000]5[/COLOR]3540db0, Pool block address specified by the caller.
Arg3: fffff980[COLOR=#ff0000]6[/COLOR]3540db0, Pool block address tracked by Verifier.
Arg4: fffffa80142aee60, Pointer to the pool block address tracked by Verifier.

...

6: kd> .formats fffff98053540db0;.formats fffff98063540db0
Evaluate expression:
  Hex:     fffff980`53540db0
  Decimal: -7145427563088
  Octal:   1777777630012325006660
  Binary:  11111111 11111111 11111001 10000000 01[COLOR=#ff0000]01[/COLOR]0011 01010100 00001101 10110000
  Chars:   ....ST..
  Time:    ***** Invalid FILETIME
  Float:   low 9.10763e+011 high -1.#QNAN
  Double:  -1.#QNAN
Evaluate expression:
  Hex:     fffff980`63540db0
  Decimal: -7145159127632
  Octal:   1777777630014325006660
  Binary:  11111111 11111111 11111001 10000000 01[COLOR=#ff0000]10[/COLOR]0011 01010100 00001101 10110000
  Chars:   ....cT..
  Time:    ***** Invalid FILETIME
  Float:   low 3.9117e+021 high -1.#QNAN
  Double:  -1.#QNAN
The two pool addresses are only one digit away in difference, and while 5 is only 1 away from 6, from a bitwise perspective there's more than just that, in that two bits had to have actually been changed. Now what's even more unusual, is that this exact same problem is actually happening with another crash. Observe this other one:

Code:
0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

BAD_POOL_HEADER (19)
The pool is already corrupt at the time of the current request.
This may or may not be due to the caller.
The internal pool links must be walked to figure out a possible cause of
the problem, and then special pool applied to the suspect tags or the driver
verifier to a suspect driver.
Arguments:
Arg1: 000000000000000d, 
Arg2: fffff8a028371bf0
Arg3: 286367ac00dfec92
Arg4: 286367ac5cdfec92

Debugging Details:
------------------

TRIAGER: Could not open triage file : C:\Program Files (x86)\Windows Kits\8.0\Debuggers\x64\triage\modclass.ini, error 2

BUGCHECK_STR:  0x19_d

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT

PROCESS_NAME:  System

CURRENT_IRQL:  1

LAST_CONTROL_TRANSFER:  from fffff8004caed1ec to fffff8004c8d5240

STACK_TEXT:  
fffff880`0f460e98 fffff800`4caed1ec : 00000000`00000019 00000000`0000000d fffff8a0`28371bf0 286367ac`00dfec92 : nt!KeBugCheckEx
fffff880`0f460ea0 fffff800`4caecc4c : fffff8a0`00000000 fffff8a0`02f088b0 fffff8a0`25600c00 00000000`65456153 : nt!ExDeferredFreePool+0x56a
fffff880`0f460f30 fffff880`10248ef1 : fffff8a0`02f088c0 00000000`000478ef fffff8a0`007734c0 63636400`65456153 : nt!ExFreePoolWithTag+0xaec
fffff880`0f461010 fffff8a0`02f088c0 : 00000000`000478ef fffff8a0`007734c0 63636400`65456153 00000000`00000000 : SRTSP64+0x40ef1
fffff880`0f461018 00000000`000478ef : fffff8a0`007734c0 63636400`65456153 00000000`00000000 fffff880`10a81df6 : 0xfffff8a0`02f088c0
fffff880`0f461020 fffff8a0`007734c0 : 63636400`65456153 00000000`00000000 fffff880`10a81df6 00000000`00000010 : 0x478ef
fffff880`0f461028 63636400`65456153 : 00000000`00000000 fffff880`10a81df6 00000000`00000010 fffff8a0`03c0c690 : 0xfffff8a0`007734c0
fffff880`0f461030 00000000`00000000 : fffff880`10a81df6 00000000`00000010 fffff8a0`03c0c690 00000000`000478ef : 0x63636400`65456153


STACK_COMMAND:  kb

FOLLOWUP_IP: 
SRTSP64+40ef1
fffff880`10248ef1 ??              ???

SYMBOL_STACK_INDEX:  3

SYMBOL_NAME:  SRTSP64+40ef1

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: SRTSP64

IMAGE_NAME:  SRTSP64.SYS

DEBUG_FLR_IMAGE_TIMESTAMP:  5102f878

FAILURE_BUCKET_ID:  X64_0x19_d_SRTSP64+40ef1

BUCKET_ID:  X64_0x19_d_SRTSP64+40ef1

Followup: MachineOwner
---------
Arg2 of the bugcheck is the pool address. Let's take a look:

Code:
0: kd> [COLOR=#0000cd]!pool [/COLOR]fffff8a028371bf0
GetPointerFromAddress: unable to read from fffff8004cbd3168
Pool page fffff8a028371bf0 region is GetUlongFromAddress: unable to read from fffff8004cbd31f8
Paged pool
 fffff8a028371000 size:  5a0 previous size:    0  (Allocated)  NtfF
 fffff8a0283715a0 size:   30 previous size:  5a0  (Free)       Free
 fffff8a0283715d0 size:   40 previous size:   30  (Allocated)  NtFs
 fffff8a028371610 size:   70 previous size:   40  (Allocated)  SaFe
 fffff8a028371680 size:   40 previous size:   70  (Allocated)  SApn
 fffff8a0283716c0 size:   c0 previous size:   40  (Allocated)  FIcs
 fffff8a028371780 size:   90 previous size:   c0  (Allocated)  FSim
 fffff8a028371810 size:   60 previous size:   90  (Allocated)  SaFe
 fffff8a028371870 size:  1d0 previous size:   60  (Allocated)  FMfn
 fffff8a028371a40 size:   60 previous size:  1d0  (Allocated)  Sa[COLOR=#ff0000]F[/COLOR]e
 fffff8a028371aa0 size:  150 previous size:   60  (Free)       Free
*fffff8a028371bf0 size:  410 previous size:  150  (Free)      *Sa[COLOR=#ff0000]E[/COLOR]e
        Owning component : Unknown (update pooltag.txt)
Now that's odd. The pool tag name is 'SaEe', not 'SaFe' like previous allocations with the name. Let's take a closer look and compare:

Code:
0: kd> [COLOR=#0000cd]dc[/COLOR] fffff8a028371bf0[COLOR=#0000cd];dc[/COLOR] fffff8a028371a40
fffff8a0`28371bf0  00410115 65[COLOR=#ff0000]45[/COLOR]6153 00dfec92 286367ac  ..A.Sa[COLOR=#ff0000]E[/COLOR]e.....gc(
fffff8a0`28371c00  17f21010 fffff8a0 00450052 002e0045  ........R.E.E...
fffff8a0`28371c10  004c0044 ffff004c ffffffff ffffffff  D.L.L...........
fffff8a0`28371c20  0073006d 006f0063 00650072 002e0065  m.s.c.o.r.e.e...
fffff8a0`28371c30  006c0064 ffff006c ffffffff ffffffff  d.l.l...........
fffff8a0`28371c40  00000000 00000000 00000000 00000000  ................
fffff8a0`28371c50  00000000 00000000 00000000 00000000  ................
fffff8a0`28371c60  00000000 00000000 00000000 00000000  ................
fffff8a0`28371a40  0306011d 65[COLOR=#ff0000]46[/COLOR]6153 5cdfed22 286367ac  ....Sa[COLOR=#ff0000]F[/COLOR]e"..\.gc(
fffff8a0`28371a50  10f656f0 fffff8a0 122b6888 fffff8a0  .V.......h+.....
fffff8a0`28371a60  00000050 00000003 00080006 00000000  P...............
fffff8a0`28371a70  28371a88 fffff8a0 00000012 0000003e  ..7(........>...
fffff8a0`28371a80  28371a8e fffff8a0 00560041 07030045  ..7(....A.V.E...
fffff8a0`28371a90  00054000 f7f72b52 9ab2fb29 53b223ab  [email protected]+..)....#.S
fffff8a0`28371aa0  00150106 65657246 5cdfedc2 286367ac  ....Free...\.gc(
fffff8a0`28371ab0  02f08770 fffff8a0 17f21420 fffff8a0  p....... .......

0: kd> [COLOR=#0000cd].formats[/COLOR] 65466153[COLOR=#0000cd];.formats [/COLOR]65456153
Evaluate expression:
  Hex:     00000000`65466153
  Decimal: 1699111251
  Octal:   0000000000014521460523
  Binary:  00000000 00000000 00000000 00000000 01100101 010001[COLOR=#ff0000]10[/COLOR] 01100001 01010011
  Chars:   ....e[COLOR=#ff0000]F[/COLOR]aS
  Time:    Sat Nov 04 11:20:51 2023
  Float:   low 5.85515e+022 high 0
  Double:  8.39472e-315
Evaluate expression:
  Hex:     00000000`65456153
  Decimal: 1699045715
  Octal:   0000000000014521260523
  Binary:  00000000 00000000 00000000 00000000 01100101 010001[COLOR=#ff0000]01[/COLOR] 01100001 01010011
  Chars:   ....e[COLOR=#ff0000]E[/COLOR]aS
  Time:    Fri Nov 03 17:08:35 2023
  Float:   low 5.82563e+022 high 0
  Double:  8.3944e-315
Same problem as before! Unfortunately that's where the similarities end so far that I've found. The two DV crashes that discovered corrupt special pool did not display the same corruption, but they were similar in pattern to each other:

Code:
4: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

SPECIAL_POOL_DETECTED_MEMORY_CORRUPTION (c1)
Special pool has detected memory corruption.  Typically the current thread's
stack backtrace will reveal the guilty party.
Arguments:
Arg1: fffff90105f8cca0, address trying to free
Arg2: [COLOR=#006400]fffff90105f8c643[/COLOR], address where bits are corrupted
Arg3: 000000000037a358, (reserved)
Arg4: 0000000000000023, caller is freeing an address where nearby bytes within the same page have been corrupted

Debugging Details:
------------------

TRIAGER: Could not open triage file : C:\Program Files (x86)\Windows Kits\8.0\Debuggers\x64\triage\modclass.ini, error 2

BUGCHECK_STR:  0xC1_23

SPECIAL_POOL_CORRUPTION_TYPE:  23

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VERIFIER_ENABLED_VISTA_MINIDUMP

PROCESS_NAME:  mscorsvw.exe

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from fffff80161b9f009 to fffff80161a6c240

STACK_TEXT:  
fffff880`0ed8e5f8 fffff801`61b9f009 : 00000000`000000c1 fffff901`05f8cca0 fffff901`05f8c643 00000000`0037a358 : nt!KeBugCheckEx
fffff880`0ed8e600 fffff801`61b9e51c : 00000000`00000001 fffffa80`0e8f6db0 00000000`00000003 fffff801`61ad8206 : nt!MiCheckSpecialPoolSlop+0xa1
fffff880`0ed8e640 fffff801`61c84825 : 00000000`0000c130 00000000`00000021 00000000`69707355 00000000`00000000 : nt!MmFreeSpecialPool+0x178
fffff880`0ed8e770 fffff801`62053577 : fffff901`05f8cca0 fffffa80`0e909080 00000000`00000001 fffffa80`0e8f6db0 : nt!ExDeferredFreePool+0xc22
fffff880`0ed8e850 fffff960`000f261e : 00000000`00000000 fffff901`0581afd0 fffffa80`0e8f6940 00000000`00000000 : nt!VerifierExFreePoolWithTag+0x47
fffff880`0ed8e880 fffff960`0010a73b : 00000000`00000000 00000000`00000000 fffff880`0ed8ea00 00000000`00000000 : win32k!EngStretchBlt+0x1185e
fffff880`0ed8e8b0 fffff960`001413f0 : fffff880`0ed8ea00 fffffa80`0e8f6940 00000000`00000000 00000000`00000000 : win32k!EngCopyBits+0xf53b
fffff880`0ed8e8e0 fffff801`61ea8b8a : fffffa80`0e8f6940 fffffa80`0e8f6db0 00000000`00000000 00000000`00000008 : win32k!memcpy+0xa70
fffff880`0ed8e940 fffff801`61e7d154 : fffffa80`11237e40 00000000`00000001 00000000`00000000 00000000`00000000 : nt!ExCallCallBack+0x3a
fffff880`0ed8e970 fffff801`61ea88a5 : 00000000`00000000 fffffa80`0e8f6901 00000000`00000000 fffffa80`0e909080 : nt!PspExitThread+0x414
fffff880`0ed8ea90 fffff801`61a6b253 : fffffa80`0e8f6940 fffffa80`0e909080 fffff880`0ed8eb80 ffffffff`ffffffff : nt!NtTerminateProcess+0xfd
fffff880`0ed8eb00 000007ff`db7e2eaa : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
000000e4`5f63f398 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7ff`db7e2eaa


STACK_COMMAND:  kb

FOLLOWUP_IP: 
win32k!EngStretchBlt+1185e
fffff960`000f261e 488b0d23b53600  mov     rcx,qword ptr [win32k!EngDeleteClip+0xe9a10 (fffff960`0045db48)]

SYMBOL_STACK_INDEX:  5

SYMBOL_NAME:  win32k!EngStretchBlt+1185e

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: win32k

IMAGE_NAME:  win32k.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  5148e456

FAILURE_BUCKET_ID:  X64_0xC1_23_VRF_win32k!EngStretchBlt+1185e

BUCKET_ID:  X64_0xC1_23_VRF_win32k!EngStretchBlt+1185e

Followup: MachineOwner
---------

4: kd> [COLOR=#0000cd]dc[/COLOR] [COLOR=#006400]fffff90105f8c643[/COLOR]
fffff901`05f8c643  373737[COLOR=#ff0000]00[/COLOR] 37373737 373737[COLOR=#ff0000]04[/COLOR] 37373737  [COLOR=#ff0000].[/COLOR]7777777[COLOR=#ff0000].[/COLOR]7777777
fffff901`05f8c653  373737[COLOR=#ff0000]00[/COLOR] 37373737 373737[COLOR=#ff0000]00[/COLOR] 37373737  [COLOR=#ff0000].[/COLOR]7777777[COLOR=#ff0000].[/COLOR]7777777
fffff901`05f8c663  373737[COLOR=#ff0000]00[/COLOR] 37373737 373737[COLOR=#ff0000]6e[/COLOR] 37373737  [COLOR=#ff0000].[/COLOR]7777777[COLOR=#ff0000]n[/COLOR]7777777
fffff901`05f8c673  373737[COLOR=#ff0000]04[/COLOR] 37373737 373737[COLOR=#ff0000]00[/COLOR] 37373737  [COLOR=#ff0000].[/COLOR]7777777[COLOR=#ff0000].[/COLOR]7777777
fffff901`05f8c683  37373737 37373737 37373737 37373737  7777777777777777
fffff901`05f8c693  37373737 37373737 37373737 37373737  7777777777777777
fffff901`05f8c6a3  37373737 37373737 37373737 37373737  7777777777777777
fffff901`05f8c6b3  37373737 37373737 37373737 37373737  7777777777777777
Code:
1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

SPECIAL_POOL_DETECTED_MEMORY_CORRUPTION (c1)
Special pool has detected memory corruption.  Typically the current thread's
stack backtrace will reveal the guilty party.
Arguments:
Arg1: fffff981cf022df0, address trying to free
Arg2: [COLOR=#006400]fffff981cf022604[/COLOR], address where bits are corrupted
Arg3: 000000000039c206, (reserved)
Arg4: 0000000000000023, caller is freeing an address where nearby bytes within the same page have been corrupted

Debugging Details:
------------------

TRIAGER: Could not open triage file : C:\Program Files (x86)\Windows Kits\8.0\Debuggers\x64\triage\modclass.ini, error 2

BUGCHECK_STR:  0xC1_23

SPECIAL_POOL_CORRUPTION_TYPE:  23

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VERIFIER_ENABLED_VISTA_MINIDUMP

PROCESS_NAME:  ccSvcHst.exe

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from fffff801d9bfb009 to fffff801d9ac8240

STACK_TEXT:  
fffff880`111102e8 fffff801`d9bfb009 : 00000000`000000c1 fffff981`cf022df0 fffff981`cf022604 00000000`0039c206 : nt!KeBugCheckEx
fffff880`111102f0 fffff801`d9bfa51c : fffff980`0392e7f0 00000000`00004000 00000000`00000003 fffff801`d9b34206 : nt!MiCheckSpecialPoolSlop+0xa1
fffff880`11110330 fffff801`d9ce0825 : ffffffff`fff71ffa 00000000`00000001 00000000`6e664d46 00000000`00000000 : nt!MmFreeSpecialPool+0x178
fffff880`11110460 fffff801`da0af577 : fffff981`cf022df0 fffffa80`0cd1bc00 00000000`00000000 fffff880`0195ce72 : nt!ExDeferredFreePool+0xc22
fffff880`11110540 fffff880`0198634a : fffff981`cf022df0 fffff880`01118471 fffff981`cf022e08 ffffffff`ffffffff : nt!VerifierExFreePoolWithTag+0x47
fffff880`11110570 fffff880`01985e3b : 00000000`ffffbfff fffff801`da0c03f6 fffffa80`0cd1bb00 fffff880`01118471 : fltmgr!FltReleaseFileNameInformation+0xca
fffff880`111105b0 fffff880`01990cca : fffff981`ce2baef0 fffff981`ce288ef0 00000000`00000000 ffffffff`ffffffff : fltmgr!DeleteNameCacheNodes+0x16a
fffff880`11110600 fffff880`01989ceb : fffff982`289aaef0 fffff980`0392e7f0 fffff982`28ac6b80 00000000`00000000 : fltmgr!FltpPurgeVolumeNameCache+0x110
fffff880`11110650 fffff880`01989e58 : fffff980`0392e7f0 fffff880`11110700 fffffa80`1723f8d0 00000000`00000000 : fltmgr!FltpReinstateNameCaching+0x17b
fffff880`11110690 fffff880`0195c984 : fffff982`28ac6b80 00000000`00000000 00000000`00000000 fffff801`da0aed7e : fltmgr!FltpReinstateNameCachingAllFrames+0x48
fffff880`111106c0 fffff880`0195b61b : fffff982`28ac6b80 fffff982`28af6ab0 fffff982`28af6fb8 fffffa80`163bc840 : fltmgr!FltpPassThroughCompletionWorker+0x3a4
fffff880`11110730 fffff880`019590b6 : fffffa80`0f294890 00000000`00000002 fffff982`28af6ab0 fffffa80`163baf18 : fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x38b
fffff880`111107d0 fffff801`da0aed56 : fffff982`28af6ab0 00000000`00000002 00000000`000000f4 fffff880`11110b80 : fltmgr!FltpDispatch+0xb6
fffff880`11110830 fffff801`d9eda0fc : 00000000`00000000 fffff880`11110b80 00000000`00000000 fffffa80`163bae70 : nt!IovCallDriver+0x3e6
fffff880`11110880 fffff801`d9ac7253 : 00000000`00002b0c 00000000`00000000 fffff6fb`7dbed000 fffff6fb`7da00008 : nt!NtSetInformationFile+0x668
fffff880`11110a90 000007fd`9fbd2e5a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0226e228 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7fd`9fbd2e5a


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt!MiCheckSpecialPoolSlop+a1
fffff801`d9bfb009 cc              int     3

SYMBOL_STACK_INDEX:  1

SYMBOL_NAME:  nt!MiCheckSpecialPoolSlop+a1

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

DEBUG_FLR_IMAGE_TIMESTAMP:  513814ba

IMAGE_NAME:  memory_corruption

FAILURE_BUCKET_ID:  X64_0xC1_23_VRF_nt!MiCheckSpecialPoolSlop+a1

BUCKET_ID:  X64_0xC1_23_VRF_nt!MiCheckSpecialPoolSlop+a1

Followup: MachineOwner
---------

1: kd>[COLOR=#0000cd] dc[/COLOR] [COLOR=#006400]fffff981cf022604[/COLOR]
fffff981`cf022604  393939[COLOR=#ff0000]6f[/COLOR] 39393939 393939[COLOR=#ff0000]6f[/COLOR] 39393939  [COLOR=#ff0000]o[/COLOR]9999999[COLOR=#ff0000]o[/COLOR]9999999
fffff981`cf022614  393939[COLOR=#ff0000]6f[/COLOR] 39393939 393939[COLOR=#ff0000]6f[/COLOR] 39393939  [COLOR=#ff0000]o[/COLOR]9999999[COLOR=#ff0000]o[/COLOR]9999999
fffff981`cf022624  393939[COLOR=#ff0000]6f[/COLOR] 39393939 393939[COLOR=#ff0000]6f [/COLOR]39393939  [COLOR=#ff0000]o[/COLOR]9999999[COLOR=#ff0000]o[/COLOR]9999999
fffff981`cf022634  393939[COLOR=#ff0000]6f[/COLOR] 39393939 393939[COLOR=#ff0000]6f[/COLOR] 39393939  [COLOR=#ff0000]o[/COLOR]9999999[COLOR=#ff0000]o[/COLOR]9999999
fffff981`cf022644  39393939 39393939 39393939 39393939  9999999999999999
fffff981`cf022654  39393939 39393939 39393939 39393939  9999999999999999
fffff981`cf022664  39393939 39393939 39393939 39393939  9999999999999999
fffff981`cf022674  39393939 39393939 39393939 39393939  9999999999999999
Both exhibit strides of corruption of identical length. The corruption is not the same, though, and the corruption does not involve just missing bits.

So what does this all mean? Well, TBH the most common cause of these kinds of corruptions are actually driver-based. If it was hardware-based, it'd have to fudge up pretty bad to actually write 1's where they shouldn't as well as remove, so I think something was tampering with memory it wasn't supposed too. The biggest pattern I saw from these crashdumps is that Symantec was responsible for all of em. In fact, the most recent crashdumps given all pointed finger at Symantec with identical corruption patterns. So I say, get rid of Symantec. Btw, I don't know what VerifierExt.sys is, but I personally haven't seen it before, even though it claims to be part of Driver Verifier.
 


#13
Thank you both for your in depth analysis of the dumps. It's very kind of you. I have removed Symantec and cross fingers 12 hours of no crashes which is good. As far as hardware goes I've tested the RAM, SSD, HDD and CPU as well as the GPU's with various utilities MemTest, SeaTools, Intel SSD toolbox, prime 95 and Kombuster and no issues have been found. I did do an SFC /scannow and that found some issues but is supposedly fixed now. Why would Norton cause issues all of a sudden. It's been fine up until about 2 weeks ago.
 


usasma

Fantastic Member
Microsoft Community Contributor
#14
Thanks VirGnarus!
 


#15
Thanks again, i did another sfc scannow and it said it was unable to repair some corrupt files....

There's been no BSOD since yesterday though....
 


#16
Hi,

So i just had another BSOD I've attatched a new dump file, hopefully you can figure it out, up until now everything had been ok!
 


Attachments

#17
And another one! PAGE_FAULT_IN_NONPAGED_AREA
 


#18
windwos7 newupdeta

7405532398
 


#19
Re: windwos7 newupdeta

??????????????
 


usasma

Fantastic Member
Microsoft Community Contributor
#20
Re: windwos7 newupdeta

No firm results in this memory dump. The raw stack shows wireless drivers and video drivers - but that could just be a distraction. I tend to suspect issues with network devices. In this case I have to wonder about the WinPcap program as it's relatively older.

Please un-install the WinPcap program and see if that helps

If it doesn't, please run Driver Verifier according to these instructions: Driver Verifier Settings

Please update these older drivers. Links are included to assist in looking up the source of the drivers. If unable to find an update, please remove (un-install) the program responsible for that driver. DO NOT manually delete/rename the driver as it may make the system unbootable! :

AsrAppCharger.sys Fri Jun 11 02:37:12 2010 (4C11D998)
ASRock App Charger Likely BSOD cause - haven't seen recently (15Jan2013)
http://www.carrona.org/drivers/driver.php?id=AsrAppCharger.sys



Analysis:
The following is for informational purposes only.
Code:
[font=lucida console]**************************Sat May  4 21:05:20.449 2013 (UTC - 4:00)**************************
Loading Dump File [C:\Users\Owner\SysnativeBSODApps\050513-14671-01.dmp]
Windows 8 Kernel Version 9200 MP (8 procs) Free x64
Built by: [B]9200[/B].16551.amd64fre.win8_gdr.130306-1502
System Uptime:[B]0 days 16:57:47.088[/B]
Probably caused by :[B]ntkrnlmp.exe ( nt!KeEnumerateKernelStackSegments+5e )[/B]
BugCheck [B]1000007E, {ffffffffc0000005, fffff801f34f7efa, fffff88003568878, fffff880035680b0}[/B]
BugCheck Info: [url=http://www.carrona.org/bsodindx.html#0x1000007E]SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)[/url]
Arguments: 
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff801f34f7efa, The address that the exception occurred at
Arg3: fffff88003568878, Exception Record Address
Arg4: fffff880035680b0, Context Record Address
PROCESS_NAME:  System
BUGCHECK_STR:  AV
DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
FAILURE_BUCKET_ID: [B]AV_nt!KeEnumerateKernelStackSegments[/B]
CPUID:        "Intel(R) Core(TM) i7-3770K CPU @ 3.50GHz"
MaxSpeed:     3500
CurrentSpeed: [B]3500[/B]
  BIOS Version                  P2.70
  BIOS Release Date             04/18/2013
  Manufacturer                  To Be Filled By O.E.M.
  Product Name                  To Be Filled By O.E.M.
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
[/font]
3rd Party Drivers:
The following is for information purposes only.
Any drivers in red should be updated or removed from your system. And should have been discussed in the body of my post.
Code:
[font=lucida console]**************************Sat May  4 21:05:20.449 2013 (UTC - 4:00)**************************
[COLOR=RED][B]AsrAppCharger.sys           Fri Jun 11 02:37:12 2010 (4C11D998)[/B][/COLOR]
[COLOR=RED][B]WPRO_41_2001.sys            Mon Nov  7 16:04:48 2011 (4EB847F0)[/B][/COLOR]
AsrRamDisk.sys              Thu Jan 12 23:52:38 2012 (4F0FB896)
athrx.sys                   Wed Mar 21 23:26:22 2012 (4F6A9BDE)
GEARAspiWDM.sys             Thu May  3 15:56:17 2012 (4FA2E2E1)
ISCTD64.sys                 Fri May  4 20:44:01 2012 (4FA477D1)
ikbevent.sys                Tue Jun 12 15:22:18 2012 (4FD796EA)
EtronXHCI.sys               Tue Jul  3 07:00:15 2012 (4FF2D0BF)
EtronHub3.sys               Tue Jul  3 07:00:21 2012 (4FF2D0C5)
asahci64.sys                Tue Jul 17 23:15:00 2012 (50062A34)
imsevent.sys                Thu Aug 16 19:20:04 2012 (502D8024)
k57nd60a.sys                Sun Aug 26 00:58:34 2012 (5039ACFA)
dump_iaStorA.sys            Sat Sep  1 21:01:24 2012 (5042AFE4)
iaStorA.sys                 Sat Sep  1 21:01:24 2012 (5042AFE4)
lvrs64.sys                  Mon Oct 22 22:11:24 2012 (5085FCCC)
lvuvc64.sys                 Mon Oct 22 22:12:08 2012 (5085FCF8)
intelppm.sys                Mon Nov  5 22:55:02 2012 (50988A16)
igdkmd64.sys                Wed Dec 12 19:42:26 2012 (50C92472)
HECIx64.sys                 Mon Dec 17 14:32:21 2012 (50CF7345)
nvhda64v.sys                Wed Dec 19 00:41:41 2012 (50D15395)
CMHDAudioV64.sys            Tue Dec 25 03:53:42 2012 (50D96996)
npf.sys                     Thu Feb 28 20:31:24 2013 (513004EC)
rzendpt.sys                 Mon Mar  4 01:48:30 2013 (513443BE)
nvlddmkm.sys                Thu Mar 14 21:37:00 2013 (51427B3C)
rzudd.sys                   Thu Apr 18 22:00:07 2013 (5170A527)
rzvkeyboard.sys             Thu Apr 18 22:00:15 2013 (5170A52F)
rzdaendpt.sys               Thu Apr 18 22:00:17 2013 (5170A531)
[/font]
http://www.carrona.org/drivers/driver.php?id=AsrAppCharger.sys
http://www.carrona.org/drivers/driver.php?id=WPRO_41_2001.sys
http://www.carrona.org/drivers/driver.php?id=AsrRamDisk.sys
http://www.carrona.org/drivers/driver.php?id=athrx.sys
http://www.carrona.org/drivers/driver.php?id=GEARAspiWDM.sys
http://www.carrona.org/drivers/driver.php?id=ISCTD64.sys
http://www.carrona.org/drivers/driver.php?id=ikbevent.sys
http://www.carrona.org/drivers/driver.php?id=EtronXHCI.sys
http://www.carrona.org/drivers/driver.php?id=EtronHub3.sys
http://www.carrona.org/drivers/driver.php?id=asahci64.sys
http://www.carrona.org/drivers/driver.php?id=imsevent.sys
http://www.carrona.org/drivers/driver.php?id=k57nd60a.sys
http://www.carrona.org/drivers/driver.php?id=dump_iaStorA.sys
http://www.carrona.org/drivers/driver.php?id=iaStorA.sys
http://www.carrona.org/drivers/driver.php?id=lvrs64.sys
http://www.carrona.org/drivers/driver.php?id=lvuvc64.sys
http://www.carrona.org/drivers/driver.php?id=intelppm.sys
http://www.carrona.org/drivers/driver.php?id=igdkmd64.sys
http://www.carrona.org/drivers/driver.php?id=HECIx64.sys
http://www.carrona.org/drivers/driver.php?id=nvhda64v.sys
CMHDAudioV64.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
http://www.carrona.org/drivers/driver.php?id=npf.sys
http://www.carrona.org/drivers/driver.php?id=rzendpt.sys
http://www.carrona.org/drivers/driver.php?id=nvlddmkm.sys
http://www.carrona.org/drivers/driver.php?id=rzudd.sys
http://www.carrona.org/drivers/driver.php?id=rzvkeyboard.sys
http://www.carrona.org/drivers/driver.php?id=rzdaendpt.sys
 


This website is not affiliated, owned, or endorsed by Microsoft Corporation. It is a member of the Microsoft Partner Program.