SPECIAL_POOL_DETECTED_MEMORY_CORRUPTION

Discussion in 'Windows 7 Blue Screen of Death (BSOD)' started by gussic, May 2, 2013.

  1. gussic

    gussic New Member

    Joined:
    May 2, 2013
    Messages:
    44
    Likes Received:
    0
  2. usasma

    usasma Fantastic Member
    Microsoft Community Contributor

    Joined:
    Mar 22, 2010
    Messages:
    3,048
    Likes Received:
    83
    Please provide this information so we can provide a complete analysis: http://windows7forums.com/blue-screen-death-bsod/38837-how-ask-help-bsod-problem.html

    The info that you've provided only shows that there was a crash. It blames the kernel (core) of the OS - which isn't very likely. If it was the kernel, you'd be having many, many more problems other than just the occasional BSOD.

    For starters:
     
  3. gussic

    gussic New Member

    Joined:
    May 2, 2013
    Messages:
    44
    Likes Received:
    0
    Hi,

    When i do that the folder it creates is empty.....
     
  4. gussic

    gussic New Member

    Joined:
    May 2, 2013
    Messages:
    44
    Likes Received:
    0
    Sorry worked it out now.View attachment W7F_02-05-2013.zip

    AV: Norton AV 2013 OEM
    MB Asrock z77 extreme 6
    cpu intel 3770k
    16gb mem (forget brand..)
    2 x nvidia gtx 680 msi lightning's
    120 gb intel 330 ssd
    2 tb seagate baracuda
     
  5. gussic

    gussic New Member

    Joined:
    May 2, 2013
    Messages:
    44
    Likes Received:
    0
    Did it again
     
  6. gussic

    gussic New Member

    Joined:
    May 2, 2013
    Messages:
    44
    Likes Received:
    0
    Also I ran Memtest for 48 hours, no problems, used intel ssd to check my ssd, fine, used seatools for windows and did a long test and no errors either...
     
  7. usasma

    usasma Fantastic Member
    Microsoft Community Contributor

    Joined:
    Mar 22, 2010
    Messages:
    3,048
    Likes Received:
    83
    Systeminfo.txt report missing. Please visit Windows Update and get ALL available Windows Updates. Windows 7 systems typically have Service Pack 1 and an additional 160 (or more) updates.

    Most Windows 8 systems have 66 or more updates - please be sure to get them all.

    Please understand that this is a Windows 7 forum - so I may make mistakes based on that assumption. I do not reread every post when I reply to your posts.

    SSD's were temperamental when they first came out, but their reliability has improved greatly over the last year or two. There are 2 things that MUST be checked on systems with BSOD's and SSD's:
    Your Intel Graphics are disabled. Is this deliberate? If so, why?
    Make sure that you enable the Intel graphics, update it's drivers, and then disable it again (if so desired).

    MSI Afterburner (along with Riva Tuner and EVGA Precision) are known to cause BSOD's in some Windows systems. Please un-install it immediately!

    If you're overclocking, please stop the overclock while we're troubleshooting. Feel free to resume the overclock once the system has been stabilized.

    One of the memory dumps is Driver Verifier Enabled. Did you turn Driver Verifier on? If so, have you turned it off?
    Please open VERIFIER.EXE and select "Delete existing settings", click on "Finish" and then reboot the system to be sure.

    Norton is blamed in one of the memory dumps, please do this:
    Please update these older drivers. Links are included to assist in looking up the source of the drivers. If unable to find an update, please remove (un-install) the program responsible for that driver. DO NOT manually delete/rename the driver as it may make the system unbootable! :

    AsrAppCharger.sys Tue May 10 04:28:46 2011 (4DC8F73E)
    ASRock App Charger Likely BSOD cause - haven't seen recently (15Jan2013)
    http://www.carrona.org/drivers/driver.php?id=AsrAppCharger.sys

    WPRO_41_2001.sys Mon Nov 7 16:04:48 2011 (4EB847F0)
    CACE Technologies WinPcap Packet Driver
    http://www.carrona.org/drivers/driver.php?id=WPRO_41_2001.sys



    Analysis:
    The following is for informational purposes only.
    Code:
    [font=lucida console]**************************Thu May  2 15:12:12.947 2013 (UTC - 4:00)**************************
    Loading Dump File [C:\Users\Owner\SysnativeBSODApps\050213-21312-01.dmp]
    Windows 8 Kernel Version 9200 MP (8 procs) Free x64
    Built by: [B]9200[/B].16551.amd64fre.win8_gdr.130306-1502
    System Uptime:[B]0 days 0:28:46.646[/B]
    Probably caused by :[B]memory_corruption ( nt!MiCheckSpecialPoolSlop+a1 )[/B]
    BugCheck [B]C1, {fffff981cf022df0, fffff981cf022604, 39c206, 23}[/B]
    BugCheck Info: [url=http://www.carrona.org/bsodindx.html#0x000000C1]SPECIAL_POOL_DETECTED_MEMORY_CORRUPTION (c1)[/url]
    Arguments: 
    Arg1: fffff981cf022df0, address trying to free
    Arg2: fffff981cf022604, address where bits are corrupted
    Arg3: 000000000039c206, (reserved)
    Arg4: 0000000000000023, caller is freeing an address where nearby bytes within the same page have been corrupted
    BUGCHECK_STR:  0xC1_23
    PROCESS_NAME:  ccSvcHst.exe
    FAILURE_BUCKET_ID: [B]0xC1_23_VRF_nt!MiCheckSpecialPoolSlop[/B]
    CPUID:        "Intel(R) Core(TM) i7-3770K CPU @ 3.50GHz"
    MaxSpeed:     3500
    CurrentSpeed: [B]3500[/B]
      BIOS Version                  P2.70
      BIOS Release Date             04/18/2013
      Manufacturer                  To Be Filled By O.E.M.
      Product Name                  To Be Filled By O.E.M.
    ¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
    **************************Thu May  2 14:42:16.548 2013 (UTC - 4:00)**************************
    Loading Dump File [C:\Users\Owner\SysnativeBSODApps\050213-37328-01.dmp]
    Windows 8 Kernel Version 9200 MP (8 procs) Free x64
    Built by: [B]9200[/B].16551.amd64fre.win8_gdr.130306-1502
    System Uptime:[B]0 days 0:17:01.247[/B]
    Probably caused by :[B]win32k.sys ( win32k!EngStretchBlt+1185e )[/B]
    BugCheck [B]C1, {fffff90105f8cca0, fffff90105f8c643, 37a358, 23}[/B]
    BugCheck Info: [url=http://www.carrona.org/bsodindx.html#0x000000C1]SPECIAL_POOL_DETECTED_MEMORY_CORRUPTION (c1)[/url]
    Arguments: 
    Arg1: fffff90105f8cca0, address trying to free
    Arg2: fffff90105f8c643, address where bits are corrupted
    Arg3: 000000000037a358, (reserved)
    Arg4: 0000000000000023, caller is freeing an address where nearby bytes within the same page have been corrupted
    BUGCHECK_STR:  0xC1_23
    PROCESS_NAME:  mscorsvw.exe
    FAILURE_BUCKET_ID: [B]0xC1_23_VRF_win32k!EngStretchBlt[/B]
    ¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
    **************************Wed May  1 15:00:19.203 2013 (UTC - 4:00)**************************
    Loading Dump File [C:\Users\Owner\SysnativeBSODApps\050113-43906-01.dmp]
    Windows 8 Kernel Version 9200 MP (8 procs) Free x64
    Built by: [B]9200[/B].16551.amd64fre.win8_gdr.130306-1502
    System Uptime:[B]0 days 0:38:50.902[/B]
    Probably caused by :[B]fileinfo.sys ( fileinfo!FIStreamCleanup+c2 )[/B]
    BugCheck [B]C4, {13e, fffff98053540db0, fffff98063540db0, fffffa80142aee60}[/B]
    BugCheck Info: [url=http://www.carrona.org/bsodindx.html#0x000000C4]DRIVER_VERIFIER_DETECTED_VIOLATION (c4)[/url]
    DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
    Arguments: 
    Arg1: 000000000000013e, Pool block address specified by the caller is different from the address tracked by Verifier.
    Arg2: fffff98053540db0, Pool block address specified by the caller.
    Arg3: fffff98063540db0, Pool block address tracked by Verifier.
    Arg4: fffffa80142aee60, Pointer to the pool block address tracked by Verifier.
    BUGCHECK_STR:  0xc4_13e
    PROCESS_NAME:  System
    FAILURE_BUCKET_ID: [B]0xc4_13e_VRF_fileinfo!FIStreamCleanup[/B]
    ¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
    **************************Wed May  1 14:19:59.011 2013 (UTC - 4:00)**************************
    Loading Dump File [C:\Users\Owner\SysnativeBSODApps\050113-37046-01.dmp]
    Windows 8 Kernel Version 9200 MP (8 procs) Free x64
    Built by: [B]9200[/B].16551.amd64fre.win8_gdr.130306-1502
    System Uptime:[B]0 days 0:40:12.710[/B]
    Probably caused by :[B]ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+36384 )[/B]
    BugCheck [B]1A, {3800, fffff6fcc05a6bf0, 8000000208b8b963, 0}[/B]
    BugCheck Info: [url=http://www.carrona.org/bsodindx.html#0x0000001A]MEMORY_MANAGEMENT (1a)[/url]
    Arguments: 
    Arg1: 0000000000003800, The subtype of the bugcheck.
    Arg2: fffff6fcc05a6bf0
    Arg3: 8000000208b8b963
    Arg4: 0000000000000000
    BUGCHECK_STR:  0x1a_3800
    PROCESS_NAME:  ccSvcHst.exe
    FAILURE_BUCKET_ID: [B]0x1a_3800_VRF_nt!_??_::FNODOBFM::_string_[/B]
    CPUID:        "Intel(R) Core(TM) i7-3770K CPU @ 3.50GHz"
    MaxSpeed:     3500
    CurrentSpeed: [B]3500[/B]
      BIOS Version                  P2.70
      BIOS Release Date             04/18/2013
      Manufacturer                  To Be Filled By O.E.M.
      Product Name                  To Be Filled By O.E.M.
    ¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
    **************************Tue Apr 30 22:45:59.605 2013 (UTC - 4:00)**************************
    Loading Dump File [C:\Users\Owner\SysnativeBSODApps\050113-14031-01.dmp]
    Windows 8 Kernel Version 9200 MP (8 procs) Free x64
    Built by: [B]9200[/B].16551.amd64fre.win8_gdr.130306-1502
    System Uptime:[B]0 days 20:28:07.246[/B]
    *** WARNING: Unable to verify timestamp for ccSetx64.sys
    *** ERROR: Module load completed but symbols could not be loaded for ccSetx64.sys
    Probably caused by :[B]ccSetx64.sys ( ccSetx64+10572 )[/B]
    BugCheck [B]3B, {c0000005, fffff880043be572, fffff8800cb16a90, 0}[/B]
    BugCheck Info: [url=http://www.carrona.org/bsodindx.html#0x0000003B]SYSTEM_SERVICE_EXCEPTION (3b)[/url]
    Arguments: 
    Arg1: 00000000c0000005, Exception code that caused the bugcheck
    Arg2: fffff880043be572, Address of the instruction which caused the bugcheck
    Arg3: fffff8800cb16a90, Address of the context record for the exception that caused the bugcheck
    Arg4: 0000000000000000, zero.
    BUGCHECK_STR:  0x3B
    DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
    PROCESS_NAME:  ccSvcHst.exe
    FAILURE_BUCKET_ID: [B]0x3B_ccSetx64+10572[/B]
    CPUID:        "Intel(R) Core(TM) i7-3770K CPU @ 3.50GHz"
    MaxSpeed:     3500
    CurrentSpeed: [B]3500[/B]
      BIOS Version                  P2.70
      BIOS Release Date             04/18/2013
      Manufacturer                  To Be Filled By O.E.M.
      Product Name                  To Be Filled By O.E.M.
    ¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
    **************************Mon Apr 29 19:31:07.631 2013 (UTC - 4:00)**************************
    Loading Dump File [C:\Users\Owner\SysnativeBSODApps\043013-20968-01.dmp]
    Windows 8 Kernel Version 9200 MP (8 procs) Free x64
    Built by: [B]9200[/B].16551.amd64fre.win8_gdr.130306-1502
    System Uptime:[B]1 days 6:20:50.222[/B]
    *** WARNING: Unable to verify timestamp for SRTSP64.SYS
    *** ERROR: Module load completed but symbols could not be loaded for SRTSP64.SYS
    Probably caused by :[B]Pool_Corruption ( nt!ExDeferredFreePool+56a )[/B]
    BugCheck [B]19, {d, fffff8a028371bf0, 286367ac00dfec92, 286367ac5cdfec92}[/B]
    BugCheck Info: [url=http://www.carrona.org/bsodindx.html#0x00000019]BAD_POOL_HEADER (19)[/url]
    Arguments: 
    Arg1: 000000000000000d, 
    Arg2: fffff8a028371bf0
    Arg3: 286367ac00dfec92
    Arg4: 286367ac5cdfec92
    BUGCHECK_STR:  0x19_d
    PROCESS_NAME:  System
    FAILURE_BUCKET_ID: [B]0x19_d_nt!ExDeferredFreePool[/B]
    CPUID:        "Intel(R) Core(TM) i7-3770K CPU @ 3.50GHz"
    MaxSpeed:     3500
    CurrentSpeed: [B]3500[/B]
      BIOS Version                  P2.70
      BIOS Release Date             04/18/2013
      Manufacturer                  To Be Filled By O.E.M.
      Product Name                  To Be Filled By O.E.M.
    ¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
    [/font]
    3rd Party Drivers:
    The following is for information purposes only.
    Any drivers in red should be updated or removed from your system. And should have been discussed in the body of my post.
    Code:
    [font=lucida console]**************************Thu May  2 15:12:12.947 2013 (UTC - 4:00)**************************
    [COLOR=RED][B]AsrAppCharger.sys           Tue May 10 04:28:46 2011 (4DC8F73E)[/B][/COLOR]
    [COLOR=RED][B]WPRO_41_2001.sys            Mon Nov  7 16:04:48 2011 (4EB847F0)[/B][/COLOR]
    AsrRamDisk.sys              Thu Jan 12 23:52:38 2012 (4F0FB896)
    athrx.sys                   Wed Mar 21 23:26:22 2012 (4F6A9BDE)
    GEARAspiWDM.sys             Thu May  3 15:56:17 2012 (4FA2E2E1)
    ISCTD64.sys                 Fri May  4 20:44:01 2012 (4FA477D1)
    SYMEVENT64x86.SYS           Wed May 23 20:52:24 2012 (4FBD8648)
    ikbevent.sys                Tue Jun 12 15:22:18 2012 (4FD796EA)
    EtronXHCI.sys               Tue Jul  3 07:00:15 2012 (4FF2D0BF)
    EtronHub3.sys               Tue Jul  3 07:00:21 2012 (4FF2D0C5)
    asahci64.sys                Tue Jul 17 23:15:00 2012 (50062A34)
    SYMNETS.SYS                 Fri Jul 20 22:07:07 2012 (500A0ECB)
    Ironx64.SYS                 Mon Jul 23 20:34:50 2012 (500DEDAA)
    EraserUtilRebootDrv.sys     Tue Jul 31 19:36:50 2012 (50186C12)
    eeCtrl64.sys                Tue Jul 31 19:36:51 2012 (50186C13)
    ccSetx64.sys                Thu Aug 16 17:18:11 2012 (502D6393)
    imsevent.sys                Thu Aug 16 19:20:04 2012 (502D8024)
    k57nd60a.sys                Sun Aug 26 00:58:34 2012 (5039ACFA)
    IDSvia64.sys                Tue Aug 28 22:48:40 2012 (503D8308)
    iaStorA.sys                 Sat Sep  1 21:01:24 2012 (5042AFE4)
    dump_iaStorA.sys            Sat Sep  1 21:01:24 2012 (5042AFE4)
    lvrs64.sys                  Mon Oct 22 22:11:24 2012 (5085FCCC)
    lvuvc64.sys                 Mon Oct 22 22:12:08 2012 (5085FCF8)
    intelppm.sys                Mon Nov  5 22:55:02 2012 (50988A16)
    HECIx64.sys                 Mon Dec 17 14:32:21 2012 (50CF7345)
    EX64.SYS                    Thu Dec 20 04:22:39 2012 (50D2D8DF)
    ENG64.SYS                   Thu Dec 20 04:24:21 2012 (50D2D945)
    CMHDAudioV64.sys            Tue Dec 25 03:53:42 2012 (50D96996)
    SYMDS64.SYS                 Wed Jan 16 20:56:45 2013 (50F75A5D)
    SYMEFA64.SYS                Fri Jan 18 19:31:37 2013 (50F9E969)
    SRTSP64.SYS                 Fri Jan 25 16:26:16 2013 (5102F878)
    SRTSPX64.SYS                Fri Jan 25 16:30:05 2013 (5102F95D)
    rzendpt.sys                 Mon Mar  4 01:48:30 2013 (513443BE)
    BHDrvx64.sys                Wed Apr 10 01:39:03 2013 (5164FAF7)
    nvlddmkm.sys                Thu Apr 18 21:23:41 2013 (51709C9D)
    rzudd.sys                   Thu Apr 18 22:00:07 2013 (5170A527)
    rzvkeyboard.sys             Thu Apr 18 22:00:15 2013 (5170A52F)
    rzdaendpt.sys               Thu Apr 18 22:00:17 2013 (5170A531)
    ¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
    **************************Wed May  1 15:00:19.203 2013 (UTC - 4:00)**************************
    usbaapl64.sys               Tue Nov 27 18:38:02 2012 (50B54EDA)
    cpuz136_x64.sys             Wed Mar 20 07:05:43 2013 (51499807)
    ¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
    **************************Wed May  1 14:19:59.011 2013 (UTC - 4:00)**************************
    rzudd.sys                   Mon Mar  4 01:48:31 2013 (513443BF)
    rzvkeyboard.sys             Mon Mar  4 01:48:38 2013 (513443C6)
    rzdaendpt.sys               Mon Mar  4 01:48:41 2013 (513443C9)
    ¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
    **************************Tue Apr 30 22:45:59.605 2013 (UTC - 4:00)**************************
    nvhda64v.sys                Mon Feb 25 00:27:35 2013 (512AF647)
    [/font]
    http://www.carrona.org/drivers/driver.php?id=AsrAppCharger.sys
    http://www.carrona.org/drivers/driver.php?id=WPRO_41_2001.sys
    http://www.carrona.org/drivers/driver.php?id=AsrRamDisk.sys
    http://www.carrona.org/drivers/driver.php?id=athrx.sys
    http://www.carrona.org/drivers/driver.php?id=GEARAspiWDM.sys
    http://www.carrona.org/drivers/driver.php?id=ISCTD64.sys
    http://www.carrona.org/drivers/driver.php?id=SYMEVENT64x86.SYS
    http://www.carrona.org/drivers/driver.php?id=ikbevent.sys
    http://www.carrona.org/drivers/driver.php?id=EtronXHCI.sys
    http://www.carrona.org/drivers/driver.php?id=EtronHub3.sys
    http://www.carrona.org/drivers/driver.php?id=asahci64.sys
    http://www.carrona.org/drivers/driver.php?id=SYMNETS.SYS
    http://www.carrona.org/drivers/driver.php?id=Ironx64.SYS
    http://www.carrona.org/drivers/driver.php?id=EraserUtilRebootDrv.sys
    http://www.carrona.org/drivers/driver.php?id=eeCtrl64.sys
    http://www.carrona.org/drivers/driver.php?id=ccSetx64.sys
    http://www.carrona.org/drivers/driver.php?id=imsevent.sys
    http://www.carrona.org/drivers/driver.php?id=k57nd60a.sys
    http://www.carrona.org/drivers/driver.php?id=IDSvia64.sys
    http://www.carrona.org/drivers/driver.php?id=iaStorA.sys
    http://www.carrona.org/drivers/driver.php?id=dump_iaStorA.sys
    http://www.carrona.org/drivers/driver.php?id=lvrs64.sys
    http://www.carrona.org/drivers/driver.php?id=lvuvc64.sys
    http://www.carrona.org/drivers/driver.php?id=intelppm.sys
    http://www.carrona.org/drivers/driver.php?id=HECIx64.sys
    http://www.carrona.org/drivers/driver.php?id=EX64.SYS
    http://www.carrona.org/drivers/driver.php?id=ENG64.SYS
    CMHDAudioV64.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
    http://www.carrona.org/drivers/driver.php?id=SYMDS64.SYS
    http://www.carrona.org/drivers/driver.php?id=SYMEFA64.SYS
    http://www.carrona.org/drivers/driver.php?id=SRTSP64.SYS
    http://www.carrona.org/drivers/driver.php?id=SRTSPX64.SYS
    http://www.carrona.org/drivers/driver.php?id=rzendpt.sys
    http://www.carrona.org/drivers/driver.php?id=BHDrvx64.sys
    http://www.carrona.org/drivers/driver.php?id=nvlddmkm.sys
    http://www.carrona.org/drivers/driver.php?id=rzudd.sys
    http://www.carrona.org/drivers/driver.php?id=rzvkeyboard.sys
    http://www.carrona.org/drivers/driver.php?id=rzdaendpt.sys
    http://www.carrona.org/drivers/driver.php?id=usbaapl64.sys
    http://www.carrona.org/drivers/driver.php?id=cpuz136_x64.sys
    http://www.carrona.org/drivers/driver.php?id=rzudd.sys
    http://www.carrona.org/drivers/driver.php?id=rzvkeyboard.sys
    http://www.carrona.org/drivers/driver.php?id=rzdaendpt.sys
    http://www.carrona.org/drivers/driver.php?id=nvhda64v.sys
     
  8. gussic

    gussic New Member

    Joined:
    May 2, 2013
    Messages:
    44
    Likes Received:
    0
    Hi,

    Thanks for your informative post.

    I did all of what you suggested, I had no idea what that WINpap thing was but anyway.

    Had Intel disabled as I have my GTX 680's but anyways did as you suggested, also uninstalled Norton anti virus.

    I also disabled driver verification.

    I've done another grab - would you mind seeing if there is anything else you can see that might be an issue??

    I also did a clean install of the WHQL driver for Nvidia just in case the beta drivers were an issue (haven't been in the past)View attachment W7F_02-05-2013.zip
     
  9. usasma

    usasma Fantastic Member
    Microsoft Community Contributor

    Joined:
    Mar 22, 2010
    Messages:
    3,048
    Likes Received:
    83
    Had you enabled Driver Verifier previously? This is important as there are some BSOD's that will spit out Driver Verifier Enabled memory dumps without you having enabled it (and that makes the analysis a bit different).

    Nothing significant noted in the reports - but that's not unusual
    Now we wait for further BSOD's to see what we can find.
     
  10. gussic

    gussic New Member

    Joined:
    May 2, 2013
    Messages:
    44
    Likes Received:
    0
    Yes I had, read somewhere on the net to try enabling it.
     
  11. usasma

    usasma Fantastic Member
    Microsoft Community Contributor

    Joined:
    Mar 22, 2010
    Messages:
    3,048
    Likes Received:
    83
    Since Driver Verifier shows a Windows driver being blamed, it's most likely that this isn't a 3rd party driver problem.
    As such, the next thing to look at is hardware. Please start with these free diagnostics: Hardware Diagnostics (If the BSOD's continue after doing the steps in my previous post).
     
  12. Vir Gnarus

    Vir Gnarus Active Member

    Joined:
    Jan 8, 2013
    Messages:
    199
    Likes Received:
    9
    TL;DR: Remove Symantec. It appears to be corrupting memory.

    I'm very curious about these crashdumps. Take this one to start off with:

    Code:
    6: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
    A device driver attempting to corrupt the system has been caught.  This is
    because the driver was specified in the registry as being suspect (by the
    administrator) and the kernel has enabled substantial checking of this driver.
    If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
    be among the most commonly seen crashes.
    Arguments:
    Arg1: 000000000000013e, Pool block address specified by the caller is different from the address tracked by Verifier.
    Arg2: fffff980[COLOR=#ff0000]5[/COLOR]3540db0, Pool block address specified by the caller.
    Arg3: fffff980[COLOR=#ff0000]6[/COLOR]3540db0, Pool block address tracked by Verifier.
    Arg4: fffffa80142aee60, Pointer to the pool block address tracked by Verifier.
    
    ...
    
    6: kd> .formats fffff98053540db0;.formats fffff98063540db0
    Evaluate expression:
      Hex:     fffff980`53540db0
      Decimal: -7145427563088
      Octal:   1777777630012325006660
      Binary:  11111111 11111111 11111001 10000000 01[COLOR=#ff0000]01[/COLOR]0011 01010100 00001101 10110000
      Chars:   ....ST..
      Time:    ***** Invalid FILETIME
      Float:   low 9.10763e+011 high -1.#QNAN
      Double:  -1.#QNAN
    Evaluate expression:
      Hex:     fffff980`63540db0
      Decimal: -7145159127632
      Octal:   1777777630014325006660
      Binary:  11111111 11111111 11111001 10000000 01[COLOR=#ff0000]10[/COLOR]0011 01010100 00001101 10110000
      Chars:   ....cT..
      Time:    ***** Invalid FILETIME
      Float:   low 3.9117e+021 high -1.#QNAN
      Double:  -1.#QNAN
    
    
    The two pool addresses are only one digit away in difference, and while 5 is only 1 away from 6, from a bitwise perspective there's more than just that, in that two bits had to have actually been changed. Now what's even more unusual, is that this exact same problem is actually happening with another crash. Observe this other one:

    Code:
    0: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    BAD_POOL_HEADER (19)
    The pool is already corrupt at the time of the current request.
    This may or may not be due to the caller.
    The internal pool links must be walked to figure out a possible cause of
    the problem, and then special pool applied to the suspect tags or the driver
    verifier to a suspect driver.
    Arguments:
    Arg1: 000000000000000d, 
    Arg2: fffff8a028371bf0
    Arg3: 286367ac00dfec92
    Arg4: 286367ac5cdfec92
    
    Debugging Details:
    ------------------
    
    TRIAGER: Could not open triage file : C:\Program Files (x86)\Windows Kits\8.0\Debuggers\x64\triage\modclass.ini, error 2
    
    BUGCHECK_STR:  0x19_d
    
    CUSTOMER_CRASH_COUNT:  1
    
    DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
    
    PROCESS_NAME:  System
    
    CURRENT_IRQL:  1
    
    LAST_CONTROL_TRANSFER:  from fffff8004caed1ec to fffff8004c8d5240
    
    STACK_TEXT:  
    fffff880`0f460e98 fffff800`4caed1ec : 00000000`00000019 00000000`0000000d fffff8a0`28371bf0 286367ac`00dfec92 : nt!KeBugCheckEx
    fffff880`0f460ea0 fffff800`4caecc4c : fffff8a0`00000000 fffff8a0`02f088b0 fffff8a0`25600c00 00000000`65456153 : nt!ExDeferredFreePool+0x56a
    fffff880`0f460f30 fffff880`10248ef1 : fffff8a0`02f088c0 00000000`000478ef fffff8a0`007734c0 63636400`65456153 : nt!ExFreePoolWithTag+0xaec
    fffff880`0f461010 fffff8a0`02f088c0 : 00000000`000478ef fffff8a0`007734c0 63636400`65456153 00000000`00000000 : SRTSP64+0x40ef1
    fffff880`0f461018 00000000`000478ef : fffff8a0`007734c0 63636400`65456153 00000000`00000000 fffff880`10a81df6 : 0xfffff8a0`02f088c0
    fffff880`0f461020 fffff8a0`007734c0 : 63636400`65456153 00000000`00000000 fffff880`10a81df6 00000000`00000010 : 0x478ef
    fffff880`0f461028 63636400`65456153 : 00000000`00000000 fffff880`10a81df6 00000000`00000010 fffff8a0`03c0c690 : 0xfffff8a0`007734c0
    fffff880`0f461030 00000000`00000000 : fffff880`10a81df6 00000000`00000010 fffff8a0`03c0c690 00000000`000478ef : 0x63636400`65456153
    
    
    STACK_COMMAND:  kb
    
    FOLLOWUP_IP: 
    SRTSP64+40ef1
    fffff880`10248ef1 ??              ???
    
    SYMBOL_STACK_INDEX:  3
    
    SYMBOL_NAME:  SRTSP64+40ef1
    
    FOLLOWUP_NAME:  MachineOwner
    
    MODULE_NAME: SRTSP64
    
    IMAGE_NAME:  SRTSP64.SYS
    
    DEBUG_FLR_IMAGE_TIMESTAMP:  5102f878
    
    FAILURE_BUCKET_ID:  X64_0x19_d_SRTSP64+40ef1
    
    BUCKET_ID:  X64_0x19_d_SRTSP64+40ef1
    
    Followup: MachineOwner
    ---------
    
    Arg2 of the bugcheck is the pool address. Let's take a look:

    Code:
    0: kd> [COLOR=#0000cd]!pool [/COLOR]fffff8a028371bf0
    GetPointerFromAddress: unable to read from fffff8004cbd3168
    Pool page fffff8a028371bf0 region is GetUlongFromAddress: unable to read from fffff8004cbd31f8
    Paged pool
     fffff8a028371000 size:  5a0 previous size:    0  (Allocated)  NtfF
     fffff8a0283715a0 size:   30 previous size:  5a0  (Free)       Free
     fffff8a0283715d0 size:   40 previous size:   30  (Allocated)  NtFs
     fffff8a028371610 size:   70 previous size:   40  (Allocated)  SaFe
     fffff8a028371680 size:   40 previous size:   70  (Allocated)  SApn
     fffff8a0283716c0 size:   c0 previous size:   40  (Allocated)  FIcs
     fffff8a028371780 size:   90 previous size:   c0  (Allocated)  FSim
     fffff8a028371810 size:   60 previous size:   90  (Allocated)  SaFe
     fffff8a028371870 size:  1d0 previous size:   60  (Allocated)  FMfn
     fffff8a028371a40 size:   60 previous size:  1d0  (Allocated)  Sa[COLOR=#ff0000]F[/COLOR]e
     fffff8a028371aa0 size:  150 previous size:   60  (Free)       Free
    *fffff8a028371bf0 size:  410 previous size:  150  (Free)      *Sa[COLOR=#ff0000]E[/COLOR]e
            Owning component : Unknown (update pooltag.txt)
    
    Now that's odd. The pool tag name is 'SaEe', not 'SaFe' like previous allocations with the name. Let's take a closer look and compare:

    Code:
    0: kd> [COLOR=#0000cd]dc[/COLOR] fffff8a028371bf0[COLOR=#0000cd];dc[/COLOR] fffff8a028371a40
    fffff8a0`28371bf0  00410115 65[COLOR=#ff0000]45[/COLOR]6153 00dfec92 286367ac  ..A.Sa[COLOR=#ff0000]E[/COLOR]e.....gc(
    fffff8a0`28371c00  17f21010 fffff8a0 00450052 002e0045  ........R.E.E...
    fffff8a0`28371c10  004c0044 ffff004c ffffffff ffffffff  D.L.L...........
    fffff8a0`28371c20  0073006d 006f0063 00650072 002e0065  m.s.c.o.r.e.e...
    fffff8a0`28371c30  006c0064 ffff006c ffffffff ffffffff  d.l.l...........
    fffff8a0`28371c40  00000000 00000000 00000000 00000000  ................
    fffff8a0`28371c50  00000000 00000000 00000000 00000000  ................
    fffff8a0`28371c60  00000000 00000000 00000000 00000000  ................
    fffff8a0`28371a40  0306011d 65[COLOR=#ff0000]46[/COLOR]6153 5cdfed22 286367ac  ....Sa[COLOR=#ff0000]F[/COLOR]e"..\.gc(
    fffff8a0`28371a50  10f656f0 fffff8a0 122b6888 fffff8a0  .V.......h+.....
    fffff8a0`28371a60  00000050 00000003 00080006 00000000  P...............
    fffff8a0`28371a70  28371a88 fffff8a0 00000012 0000003e  ..7(........>...
    fffff8a0`28371a80  28371a8e fffff8a0 00560041 07030045  ..7(....A.V.E...
    fffff8a0`28371a90  00054000 f7f72b52 9ab2fb29 53b223ab  .@..R+..)....#.S
    fffff8a0`28371aa0  00150106 65657246 5cdfedc2 286367ac  ....Free...\.gc(
    fffff8a0`28371ab0  02f08770 fffff8a0 17f21420 fffff8a0  p....... .......
    
    0: kd> [COLOR=#0000cd].formats[/COLOR] 65466153[COLOR=#0000cd];.formats [/COLOR]65456153
    Evaluate expression:
      Hex:     00000000`65466153
      Decimal: 1699111251
      Octal:   0000000000014521460523
      Binary:  00000000 00000000 00000000 00000000 01100101 010001[COLOR=#ff0000]10[/COLOR] 01100001 01010011
      Chars:   ....e[COLOR=#ff0000]F[/COLOR]aS
      Time:    Sat Nov 04 11:20:51 2023
      Float:   low 5.85515e+022 high 0
      Double:  8.39472e-315
    Evaluate expression:
      Hex:     00000000`65456153
      Decimal: 1699045715
      Octal:   0000000000014521260523
      Binary:  00000000 00000000 00000000 00000000 01100101 010001[COLOR=#ff0000]01[/COLOR] 01100001 01010011
      Chars:   ....e[COLOR=#ff0000]E[/COLOR]aS
      Time:    Fri Nov 03 17:08:35 2023
      Float:   low 5.82563e+022 high 0
      Double:  8.3944e-315
    
    
    Same problem as before! Unfortunately that's where the similarities end so far that I've found. The two DV crashes that discovered corrupt special pool did not display the same corruption, but they were similar in pattern to each other:

    Code:
    4: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    SPECIAL_POOL_DETECTED_MEMORY_CORRUPTION (c1)
    Special pool has detected memory corruption.  Typically the current thread's
    stack backtrace will reveal the guilty party.
    Arguments:
    Arg1: fffff90105f8cca0, address trying to free
    Arg2: [COLOR=#006400]fffff90105f8c643[/COLOR], address where bits are corrupted
    Arg3: 000000000037a358, (reserved)
    Arg4: 0000000000000023, caller is freeing an address where nearby bytes within the same page have been corrupted
    
    Debugging Details:
    ------------------
    
    TRIAGER: Could not open triage file : C:\Program Files (x86)\Windows Kits\8.0\Debuggers\x64\triage\modclass.ini, error 2
    
    BUGCHECK_STR:  0xC1_23
    
    SPECIAL_POOL_CORRUPTION_TYPE:  23
    
    CUSTOMER_CRASH_COUNT:  1
    
    DEFAULT_BUCKET_ID:  VERIFIER_ENABLED_VISTA_MINIDUMP
    
    PROCESS_NAME:  mscorsvw.exe
    
    CURRENT_IRQL:  0
    
    LAST_CONTROL_TRANSFER:  from fffff80161b9f009 to fffff80161a6c240
    
    STACK_TEXT:  
    fffff880`0ed8e5f8 fffff801`61b9f009 : 00000000`000000c1 fffff901`05f8cca0 fffff901`05f8c643 00000000`0037a358 : nt!KeBugCheckEx
    fffff880`0ed8e600 fffff801`61b9e51c : 00000000`00000001 fffffa80`0e8f6db0 00000000`00000003 fffff801`61ad8206 : nt!MiCheckSpecialPoolSlop+0xa1
    fffff880`0ed8e640 fffff801`61c84825 : 00000000`0000c130 00000000`00000021 00000000`69707355 00000000`00000000 : nt!MmFreeSpecialPool+0x178
    fffff880`0ed8e770 fffff801`62053577 : fffff901`05f8cca0 fffffa80`0e909080 00000000`00000001 fffffa80`0e8f6db0 : nt!ExDeferredFreePool+0xc22
    fffff880`0ed8e850 fffff960`000f261e : 00000000`00000000 fffff901`0581afd0 fffffa80`0e8f6940 00000000`00000000 : nt!VerifierExFreePoolWithTag+0x47
    fffff880`0ed8e880 fffff960`0010a73b : 00000000`00000000 00000000`00000000 fffff880`0ed8ea00 00000000`00000000 : win32k!EngStretchBlt+0x1185e
    fffff880`0ed8e8b0 fffff960`001413f0 : fffff880`0ed8ea00 fffffa80`0e8f6940 00000000`00000000 00000000`00000000 : win32k!EngCopyBits+0xf53b
    fffff880`0ed8e8e0 fffff801`61ea8b8a : fffffa80`0e8f6940 fffffa80`0e8f6db0 00000000`00000000 00000000`00000008 : win32k!memcpy+0xa70
    fffff880`0ed8e940 fffff801`61e7d154 : fffffa80`11237e40 00000000`00000001 00000000`00000000 00000000`00000000 : nt!ExCallCallBack+0x3a
    fffff880`0ed8e970 fffff801`61ea88a5 : 00000000`00000000 fffffa80`0e8f6901 00000000`00000000 fffffa80`0e909080 : nt!PspExitThread+0x414
    fffff880`0ed8ea90 fffff801`61a6b253 : fffffa80`0e8f6940 fffffa80`0e909080 fffff880`0ed8eb80 ffffffff`ffffffff : nt!NtTerminateProcess+0xfd
    fffff880`0ed8eb00 000007ff`db7e2eaa : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
    000000e4`5f63f398 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7ff`db7e2eaa
    
    
    STACK_COMMAND:  kb
    
    FOLLOWUP_IP: 
    win32k!EngStretchBlt+1185e
    fffff960`000f261e 488b0d23b53600  mov     rcx,qword ptr [win32k!EngDeleteClip+0xe9a10 (fffff960`0045db48)]
    
    SYMBOL_STACK_INDEX:  5
    
    SYMBOL_NAME:  win32k!EngStretchBlt+1185e
    
    FOLLOWUP_NAME:  MachineOwner
    
    MODULE_NAME: win32k
    
    IMAGE_NAME:  win32k.sys
    
    DEBUG_FLR_IMAGE_TIMESTAMP:  5148e456
    
    FAILURE_BUCKET_ID:  X64_0xC1_23_VRF_win32k!EngStretchBlt+1185e
    
    BUCKET_ID:  X64_0xC1_23_VRF_win32k!EngStretchBlt+1185e
    
    Followup: MachineOwner
    ---------
    
    4: kd> [COLOR=#0000cd]dc[/COLOR] [COLOR=#006400]fffff90105f8c643[/COLOR]
    fffff901`05f8c643  373737[COLOR=#ff0000]00[/COLOR] 37373737 373737[COLOR=#ff0000]04[/COLOR] 37373737  [COLOR=#ff0000].[/COLOR]7777777[COLOR=#ff0000].[/COLOR]7777777
    fffff901`05f8c653  373737[COLOR=#ff0000]00[/COLOR] 37373737 373737[COLOR=#ff0000]00[/COLOR] 37373737  [COLOR=#ff0000].[/COLOR]7777777[COLOR=#ff0000].[/COLOR]7777777
    fffff901`05f8c663  373737[COLOR=#ff0000]00[/COLOR] 37373737 373737[COLOR=#ff0000]6e[/COLOR] 37373737  [COLOR=#ff0000].[/COLOR]7777777[COLOR=#ff0000]n[/COLOR]7777777
    fffff901`05f8c673  373737[COLOR=#ff0000]04[/COLOR] 37373737 373737[COLOR=#ff0000]00[/COLOR] 37373737  [COLOR=#ff0000].[/COLOR]7777777[COLOR=#ff0000].[/COLOR]7777777
    fffff901`05f8c683  37373737 37373737 37373737 37373737  7777777777777777
    fffff901`05f8c693  37373737 37373737 37373737 37373737  7777777777777777
    fffff901`05f8c6a3  37373737 37373737 37373737 37373737  7777777777777777
    fffff901`05f8c6b3  37373737 37373737 37373737 37373737  7777777777777777
    
    
    Code:
    1: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    SPECIAL_POOL_DETECTED_MEMORY_CORRUPTION (c1)
    Special pool has detected memory corruption.  Typically the current thread's
    stack backtrace will reveal the guilty party.
    Arguments:
    Arg1: fffff981cf022df0, address trying to free
    Arg2: [COLOR=#006400]fffff981cf022604[/COLOR], address where bits are corrupted
    Arg3: 000000000039c206, (reserved)
    Arg4: 0000000000000023, caller is freeing an address where nearby bytes within the same page have been corrupted
    
    Debugging Details:
    ------------------
    
    TRIAGER: Could not open triage file : C:\Program Files (x86)\Windows Kits\8.0\Debuggers\x64\triage\modclass.ini, error 2
    
    BUGCHECK_STR:  0xC1_23
    
    SPECIAL_POOL_CORRUPTION_TYPE:  23
    
    CUSTOMER_CRASH_COUNT:  1
    
    DEFAULT_BUCKET_ID:  VERIFIER_ENABLED_VISTA_MINIDUMP
    
    PROCESS_NAME:  ccSvcHst.exe
    
    CURRENT_IRQL:  0
    
    LAST_CONTROL_TRANSFER:  from fffff801d9bfb009 to fffff801d9ac8240
    
    STACK_TEXT:  
    fffff880`111102e8 fffff801`d9bfb009 : 00000000`000000c1 fffff981`cf022df0 fffff981`cf022604 00000000`0039c206 : nt!KeBugCheckEx
    fffff880`111102f0 fffff801`d9bfa51c : fffff980`0392e7f0 00000000`00004000 00000000`00000003 fffff801`d9b34206 : nt!MiCheckSpecialPoolSlop+0xa1
    fffff880`11110330 fffff801`d9ce0825 : ffffffff`fff71ffa 00000000`00000001 00000000`6e664d46 00000000`00000000 : nt!MmFreeSpecialPool+0x178
    fffff880`11110460 fffff801`da0af577 : fffff981`cf022df0 fffffa80`0cd1bc00 00000000`00000000 fffff880`0195ce72 : nt!ExDeferredFreePool+0xc22
    fffff880`11110540 fffff880`0198634a : fffff981`cf022df0 fffff880`01118471 fffff981`cf022e08 ffffffff`ffffffff : nt!VerifierExFreePoolWithTag+0x47
    fffff880`11110570 fffff880`01985e3b : 00000000`ffffbfff fffff801`da0c03f6 fffffa80`0cd1bb00 fffff880`01118471 : fltmgr!FltReleaseFileNameInformation+0xca
    fffff880`111105b0 fffff880`01990cca : fffff981`ce2baef0 fffff981`ce288ef0 00000000`00000000 ffffffff`ffffffff : fltmgr!DeleteNameCacheNodes+0x16a
    fffff880`11110600 fffff880`01989ceb : fffff982`289aaef0 fffff980`0392e7f0 fffff982`28ac6b80 00000000`00000000 : fltmgr!FltpPurgeVolumeNameCache+0x110
    fffff880`11110650 fffff880`01989e58 : fffff980`0392e7f0 fffff880`11110700 fffffa80`1723f8d0 00000000`00000000 : fltmgr!FltpReinstateNameCaching+0x17b
    fffff880`11110690 fffff880`0195c984 : fffff982`28ac6b80 00000000`00000000 00000000`00000000 fffff801`da0aed7e : fltmgr!FltpReinstateNameCachingAllFrames+0x48
    fffff880`111106c0 fffff880`0195b61b : fffff982`28ac6b80 fffff982`28af6ab0 fffff982`28af6fb8 fffffa80`163bc840 : fltmgr!FltpPassThroughCompletionWorker+0x3a4
    fffff880`11110730 fffff880`019590b6 : fffffa80`0f294890 00000000`00000002 fffff982`28af6ab0 fffffa80`163baf18 : fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x38b
    fffff880`111107d0 fffff801`da0aed56 : fffff982`28af6ab0 00000000`00000002 00000000`000000f4 fffff880`11110b80 : fltmgr!FltpDispatch+0xb6
    fffff880`11110830 fffff801`d9eda0fc : 00000000`00000000 fffff880`11110b80 00000000`00000000 fffffa80`163bae70 : nt!IovCallDriver+0x3e6
    fffff880`11110880 fffff801`d9ac7253 : 00000000`00002b0c 00000000`00000000 fffff6fb`7dbed000 fffff6fb`7da00008 : nt!NtSetInformationFile+0x668
    fffff880`11110a90 000007fd`9fbd2e5a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
    00000000`0226e228 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7fd`9fbd2e5a
    
    
    STACK_COMMAND:  kb
    
    FOLLOWUP_IP: 
    nt!MiCheckSpecialPoolSlop+a1
    fffff801`d9bfb009 cc              int     3
    
    SYMBOL_STACK_INDEX:  1
    
    SYMBOL_NAME:  nt!MiCheckSpecialPoolSlop+a1
    
    FOLLOWUP_NAME:  MachineOwner
    
    MODULE_NAME: nt
    
    DEBUG_FLR_IMAGE_TIMESTAMP:  513814ba
    
    IMAGE_NAME:  memory_corruption
    
    FAILURE_BUCKET_ID:  X64_0xC1_23_VRF_nt!MiCheckSpecialPoolSlop+a1
    
    BUCKET_ID:  X64_0xC1_23_VRF_nt!MiCheckSpecialPoolSlop+a1
    
    Followup: MachineOwner
    ---------
    
    1: kd>[COLOR=#0000cd] dc[/COLOR] [COLOR=#006400]fffff981cf022604[/COLOR]
    fffff981`cf022604  393939[COLOR=#ff0000]6f[/COLOR] 39393939 393939[COLOR=#ff0000]6f[/COLOR] 39393939  [COLOR=#ff0000]o[/COLOR]9999999[COLOR=#ff0000]o[/COLOR]9999999
    fffff981`cf022614  393939[COLOR=#ff0000]6f[/COLOR] 39393939 393939[COLOR=#ff0000]6f[/COLOR] 39393939  [COLOR=#ff0000]o[/COLOR]9999999[COLOR=#ff0000]o[/COLOR]9999999
    fffff981`cf022624  393939[COLOR=#ff0000]6f[/COLOR] 39393939 393939[COLOR=#ff0000]6f [/COLOR]39393939  [COLOR=#ff0000]o[/COLOR]9999999[COLOR=#ff0000]o[/COLOR]9999999
    fffff981`cf022634  393939[COLOR=#ff0000]6f[/COLOR] 39393939 393939[COLOR=#ff0000]6f[/COLOR] 39393939  [COLOR=#ff0000]o[/COLOR]9999999[COLOR=#ff0000]o[/COLOR]9999999
    fffff981`cf022644  39393939 39393939 39393939 39393939  9999999999999999
    fffff981`cf022654  39393939 39393939 39393939 39393939  9999999999999999
    fffff981`cf022664  39393939 39393939 39393939 39393939  9999999999999999
    fffff981`cf022674  39393939 39393939 39393939 39393939  9999999999999999
    
    
    Both exhibit strides of corruption of identical length. The corruption is not the same, though, and the corruption does not involve just missing bits.

    So what does this all mean? Well, TBH the most common cause of these kinds of corruptions are actually driver-based. If it was hardware-based, it'd have to fudge up pretty bad to actually write 1's where they shouldn't as well as remove, so I think something was tampering with memory it wasn't supposed too. The biggest pattern I saw from these crashdumps is that Symantec was responsible for all of em. In fact, the most recent crashdumps given all pointed finger at Symantec with identical corruption patterns. So I say, get rid of Symantec. Btw, I don't know what VerifierExt.sys is, but I personally haven't seen it before, even though it claims to be part of Driver Verifier.
     
    1 person likes this.
  13. gussic

    gussic New Member

    Joined:
    May 2, 2013
    Messages:
    44
    Likes Received:
    0
    Thank you both for your in depth analysis of the dumps. It's very kind of you. I have removed Symantec and cross fingers 12 hours of no crashes which is good. As far as hardware goes I've tested the RAM, SSD, HDD and CPU as well as the GPU's with various utilities MemTest, SeaTools, Intel SSD toolbox, prime 95 and Kombuster and no issues have been found. I did do an SFC /scannow and that found some issues but is supposedly fixed now. Why would Norton cause issues all of a sudden. It's been fine up until about 2 weeks ago.
     
  14. usasma

    usasma Fantastic Member
    Microsoft Community Contributor

    Joined:
    Mar 22, 2010
    Messages:
    3,048
    Likes Received:
    83
    Thanks VirGnarus!
     
  15. gussic

    gussic New Member

    Joined:
    May 2, 2013
    Messages:
    44
    Likes Received:
    0
    Thanks again, i did another sfc scannow and it said it was unable to repair some corrupt files....

    There's been no BSOD since yesterday though....
     
  16. gussic

    gussic New Member

    Joined:
    May 2, 2013
    Messages:
    44
    Likes Received:
    0
    Hi,

    So i just had another BSOD I've attatched a new dump file, hopefully you can figure it out, up until now everything had been ok!
     

    Attached Files:

  17. gussic

    gussic New Member

    Joined:
    May 2, 2013
    Messages:
    44
    Likes Received:
    0
    And another one! PAGE_FAULT_IN_NONPAGED_AREA
     
  18. darshansoni

    darshansoni New Member

    Joined:
    Apr 29, 2013
    Messages:
    2
    Likes Received:
    0
    windwos7 newupdeta

    7405532398
     
  19. gussic

    gussic New Member

    Joined:
    May 2, 2013
    Messages:
    44
    Likes Received:
    0
    Re: windwos7 newupdeta

    ??????????????
     
  20. usasma

    usasma Fantastic Member
    Microsoft Community Contributor

    Joined:
    Mar 22, 2010
    Messages:
    3,048
    Likes Received:
    83
    Re: windwos7 newupdeta

    No firm results in this memory dump. The raw stack shows wireless drivers and video drivers - but that could just be a distraction. I tend to suspect issues with network devices. In this case I have to wonder about the WinPcap program as it's relatively older.

    Please un-install the WinPcap program and see if that helps

    If it doesn't, please run Driver Verifier according to these instructions: Driver Verifier Settings

    Please update these older drivers. Links are included to assist in looking up the source of the drivers. If unable to find an update, please remove (un-install) the program responsible for that driver. DO NOT manually delete/rename the driver as it may make the system unbootable! :

    AsrAppCharger.sys Fri Jun 11 02:37:12 2010 (4C11D998)
    ASRock App Charger Likely BSOD cause - haven't seen recently (15Jan2013)
    http://www.carrona.org/drivers/driver.php?id=AsrAppCharger.sys



    Analysis:
    The following is for informational purposes only.
    Code:
    [font=lucida console]**************************Sat May  4 21:05:20.449 2013 (UTC - 4:00)**************************
    Loading Dump File [C:\Users\Owner\SysnativeBSODApps\050513-14671-01.dmp]
    Windows 8 Kernel Version 9200 MP (8 procs) Free x64
    Built by: [B]9200[/B].16551.amd64fre.win8_gdr.130306-1502
    System Uptime:[B]0 days 16:57:47.088[/B]
    Probably caused by :[B]ntkrnlmp.exe ( nt!KeEnumerateKernelStackSegments+5e )[/B]
    BugCheck [B]1000007E, {ffffffffc0000005, fffff801f34f7efa, fffff88003568878, fffff880035680b0}[/B]
    BugCheck Info: [url=http://www.carrona.org/bsodindx.html#0x1000007E]SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)[/url]
    Arguments: 
    Arg1: ffffffffc0000005, The exception code that was not handled
    Arg2: fffff801f34f7efa, The address that the exception occurred at
    Arg3: fffff88003568878, Exception Record Address
    Arg4: fffff880035680b0, Context Record Address
    PROCESS_NAME:  System
    BUGCHECK_STR:  AV
    DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
    FAILURE_BUCKET_ID: [B]AV_nt!KeEnumerateKernelStackSegments[/B]
    CPUID:        "Intel(R) Core(TM) i7-3770K CPU @ 3.50GHz"
    MaxSpeed:     3500
    CurrentSpeed: [B]3500[/B]
      BIOS Version                  P2.70
      BIOS Release Date             04/18/2013
      Manufacturer                  To Be Filled By O.E.M.
      Product Name                  To Be Filled By O.E.M.
    ¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
    [/font]
    3rd Party Drivers:
    The following is for information purposes only.
    Any drivers in red should be updated or removed from your system. And should have been discussed in the body of my post.
    Code:
    [font=lucida console]**************************Sat May  4 21:05:20.449 2013 (UTC - 4:00)**************************
    [COLOR=RED][B]AsrAppCharger.sys           Fri Jun 11 02:37:12 2010 (4C11D998)[/B][/COLOR]
    [COLOR=RED][B]WPRO_41_2001.sys            Mon Nov  7 16:04:48 2011 (4EB847F0)[/B][/COLOR]
    AsrRamDisk.sys              Thu Jan 12 23:52:38 2012 (4F0FB896)
    athrx.sys                   Wed Mar 21 23:26:22 2012 (4F6A9BDE)
    GEARAspiWDM.sys             Thu May  3 15:56:17 2012 (4FA2E2E1)
    ISCTD64.sys                 Fri May  4 20:44:01 2012 (4FA477D1)
    ikbevent.sys                Tue Jun 12 15:22:18 2012 (4FD796EA)
    EtronXHCI.sys               Tue Jul  3 07:00:15 2012 (4FF2D0BF)
    EtronHub3.sys               Tue Jul  3 07:00:21 2012 (4FF2D0C5)
    asahci64.sys                Tue Jul 17 23:15:00 2012 (50062A34)
    imsevent.sys                Thu Aug 16 19:20:04 2012 (502D8024)
    k57nd60a.sys                Sun Aug 26 00:58:34 2012 (5039ACFA)
    dump_iaStorA.sys            Sat Sep  1 21:01:24 2012 (5042AFE4)
    iaStorA.sys                 Sat Sep  1 21:01:24 2012 (5042AFE4)
    lvrs64.sys                  Mon Oct 22 22:11:24 2012 (5085FCCC)
    lvuvc64.sys                 Mon Oct 22 22:12:08 2012 (5085FCF8)
    intelppm.sys                Mon Nov  5 22:55:02 2012 (50988A16)
    igdkmd64.sys                Wed Dec 12 19:42:26 2012 (50C92472)
    HECIx64.sys                 Mon Dec 17 14:32:21 2012 (50CF7345)
    nvhda64v.sys                Wed Dec 19 00:41:41 2012 (50D15395)
    CMHDAudioV64.sys            Tue Dec 25 03:53:42 2012 (50D96996)
    npf.sys                     Thu Feb 28 20:31:24 2013 (513004EC)
    rzendpt.sys                 Mon Mar  4 01:48:30 2013 (513443BE)
    nvlddmkm.sys                Thu Mar 14 21:37:00 2013 (51427B3C)
    rzudd.sys                   Thu Apr 18 22:00:07 2013 (5170A527)
    rzvkeyboard.sys             Thu Apr 18 22:00:15 2013 (5170A52F)
    rzdaendpt.sys               Thu Apr 18 22:00:17 2013 (5170A531)
    [/font]
    http://www.carrona.org/drivers/driver.php?id=AsrAppCharger.sys
    http://www.carrona.org/drivers/driver.php?id=WPRO_41_2001.sys
    http://www.carrona.org/drivers/driver.php?id=AsrRamDisk.sys
    http://www.carrona.org/drivers/driver.php?id=athrx.sys
    http://www.carrona.org/drivers/driver.php?id=GEARAspiWDM.sys
    http://www.carrona.org/drivers/driver.php?id=ISCTD64.sys
    http://www.carrona.org/drivers/driver.php?id=ikbevent.sys
    http://www.carrona.org/drivers/driver.php?id=EtronXHCI.sys
    http://www.carrona.org/drivers/driver.php?id=EtronHub3.sys
    http://www.carrona.org/drivers/driver.php?id=asahci64.sys
    http://www.carrona.org/drivers/driver.php?id=imsevent.sys
    http://www.carrona.org/drivers/driver.php?id=k57nd60a.sys
    http://www.carrona.org/drivers/driver.php?id=dump_iaStorA.sys
    http://www.carrona.org/drivers/driver.php?id=iaStorA.sys
    http://www.carrona.org/drivers/driver.php?id=lvrs64.sys
    http://www.carrona.org/drivers/driver.php?id=lvuvc64.sys
    http://www.carrona.org/drivers/driver.php?id=intelppm.sys
    http://www.carrona.org/drivers/driver.php?id=igdkmd64.sys
    http://www.carrona.org/drivers/driver.php?id=HECIx64.sys
    http://www.carrona.org/drivers/driver.php?id=nvhda64v.sys
    CMHDAudioV64.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
    http://www.carrona.org/drivers/driver.php?id=npf.sys
    http://www.carrona.org/drivers/driver.php?id=rzendpt.sys
    http://www.carrona.org/drivers/driver.php?id=nvlddmkm.sys
    http://www.carrona.org/drivers/driver.php?id=rzudd.sys
    http://www.carrona.org/drivers/driver.php?id=rzvkeyboard.sys
    http://www.carrona.org/drivers/driver.php?id=rzdaendpt.sys
     

Share This Page

Loading...