Solved

Interpreting crash dump help - Windows 2008 R2...

Posted on 2013-06-03
1
1,937 Views
Last Modified: 2013-06-07
One of my servers Windows 2k8 R2 X64 SP1 keeps crashing, here is the output of the dump, what could be causing this issue?

Opened log file 'c:\debuglog.txt'
1: kd> .sympath srv*c:\symbols*http://msdl.microsoft.com/download/symbols 
Symbol search path is: srv*c:\symbols*http://msdl.microsoft.com/download/symbols 
Expanded Symbol search path is: srv*c:\symbols*http://msdl.microsoft.com/download/symbols 
WARNING: Whitespace at end of path element
1: kd> .reload;!analyze -v;r;kv;lmnt;.logclose;q 
Loading Kernel Symbols
...............................................................
................................................................
.................................
Loading User Symbols
PEB is paged out (Peb.Ldr = 000007ff`fffd5018).  Type ".hh dbgerr001" for details
Loading unloaded module list
......
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

BAD_POOL_HEADER (19)
The pool is already corrupt at the time of the current request.
This may or may not be due to the caller.
The internal pool links must be walked to figure out a possible cause of
the problem, and then special pool applied to the suspect tags or the driver
verifier to a suspect driver.
Arguments:
Arg1: 0000000000000020, a pool block header size is corrupt.
Arg2: fffffa8009382bce, The pool entry we were looking for within the page.
Arg3: fffffa8009382dce, The next pool entry.
Arg4: 0000000004200000, (reserved)

Debugging Details:
------------------

*** ERROR: Symbol file could not be found.  Defaulted to export symbols for mfehidk.sys - 
*** ERROR: Module load completed but symbols could not be loaded for rskcore.sys

BUGCHECK_STR:  0x19_20

POOL_ADDRESS:  fffffa8009382bce Nonpaged pool

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

PROCESS_NAME:  smss.exe

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from fffff800019bfcae to fffff80001894fc0

STACK_TEXT:  
fffff880`06731498 fffff800`019bfcae : 00000000`00000019 00000000`00000020 fffffa80`09382bce fffffa80`09382dce : nt!KeBugCheckEx
fffff880`067314a0 fffff880`0183ba66 : 00000000`00000000 fffffa80`09382bde 00000000`3045464d fffffa80`090407e0 : nt!ExDeferredFreePool+0x12da
fffff880`06731550 fffff880`0181b0e4 : fffffa80`09382bde fffffa80`09882b30 00000000`00001c6c fffffa80`09b8d250 : mfehidk!DEVICEDISPATCH::DispatchPassThrough+0x5c56
fffff880`06731580 fffff880`0181babb : fffffa80`09882b30 00000000`00001c6c fffffa80`09b8d250 00000000`00000000 : mfehidk+0x1b0e4
fffff880`067315b0 fffff880`0181c93c : fffff880`018563f0 00000000`00000000 00000000`00001c6c 00000000`000007ff : mfehidk+0x1babb
fffff880`06731670 fffff880`018200fb : fffffa80`09b71ac0 fffff880`06731828 fffffa80`09882b30 00000000`00000000 : mfehidk+0x1c93c
fffff880`06731710 fffff880`01820c5a : fffff8a0`02e7e420 fffff880`067318f0 fffffa80`06ca9e90 00000000`00000000 : mfehidk+0x200fb
fffff880`06731740 fffff800`01c32646 : fffffa80`09882b30 00000000`00000000 00000000`00000000 fffffa80`09882b00 : mfehidk+0x20c5a
fffff880`06731770 fffff800`01c32b4f : fffffa80`00000000 fffffa80`09882b30 fffff880`067318f0 fffffa80`06ca9de0 : nt!ObpCallPreOperationCallbacks+0x196
fffff880`067317f0 fffff800`01baff2d : fffff880`067319d0 fffffa80`06ca9de0 00000000`00000200 fffff8a0`00001720 : nt!ObpPreInterceptHandleCreate+0xaf
fffff880`06731870 fffff800`01b7c441 : 00000000`00000001 fffffa80`09882b30 00000000`00000000 fffffa80`073e1300 : nt! ?? ::NNGAKEGL::`string'+0x303af
fffff880`06731980 fffff800`01b6e23c : fffffa80`08ae6b50 fffff800`01b63832 00000000`00000000 00000000`00000000 : nt!ObOpenObjectByPointerWithTag+0x109
fffff880`06731ba0 fffff880`019849c1 : 00000000`00000010 00000000`00000000 00000000`00000000 fffff880`01984823 : nt!ObOpenObjectByPointer+0x30
fffff880`06731bf0 fffff880`01989410 : 00000000`00000010 fffffa80`09882b30 fffffa80`09882b01 00000000`00000000 : rskcore+0x19c1
fffff880`06731c40 fffff800`01b7da26 : fffff8a0`002aab20 fffff880`06732ca0 fffff880`06732ca0 fffffa80`09882b30 : rskcore+0x6410
fffff880`06731f00 fffff800`01b3a5c3 : fffffa80`09a0a060 fffffa80`09882b30 fffff880`067321b0 fffff880`067320ec : nt!PspInsertThread+0x61a
fffff880`06732080 fffff800`01894253 : fffffa80`073e4100 fffff880`06732ca0 00000000`00000002 00000000`00000000 : nt!NtCreateUserProcess+0x732
fffff880`06732bb0 00000000`77431dea : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`006ceba8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x77431dea


STACK_COMMAND:  kb

FOLLOWUP_IP: 
mfehidk!DEVICEDISPATCH::DispatchPassThrough+5c56
fffff880`0183ba66 4883c428        add     rsp,28h

SYMBOL_STACK_INDEX:  2

SYMBOL_NAME:  mfehidk!DEVICEDISPATCH::DispatchPassThrough+5c56

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: mfehidk

IMAGE_NAME:  mfehidk.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4d0bd4f2

FAILURE_BUCKET_ID:  X64_0x19_20_mfehidk!DEVICEDISPATCH::DispatchPassThrough+5c56

BUCKET_ID:  X64_0x19_20_mfehidk!DEVICEDISPATCH::DispatchPassThrough+5c56

Followup: MachineOwner
---------

rax=0000000004200000 rbx=fffffa8009382bce rcx=0000000000000019
rdx=0000000000000020 rsi=0000000000000002 rdi=0000000000000000
rip=fffff80001894fc0 rsp=fffff88006731498 rbp=000000003045464d
 r8=fffffa8009382bce  r9=fffffa8009382dce r10=fffff98000020654
r11=fffffa80090407f6 r12=0000000000000020 r13=fffffa8009382bde
r14=0000000000000000 r15=fffffa8006ca9ea0
iopl=0         nv up ei pl nz na pe nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00000202
nt!KeBugCheckEx:
fffff800`01894fc0 48894c2408      mov     qword ptr [rsp+8],rcx ss:0018:fffff880`067314a0=0000000000000019
Child-SP          RetAddr           : Args to Child                                                           : Call Site
fffff880`06731498 fffff800`019bfcae : 00000000`00000019 00000000`00000020 fffffa80`09382bce fffffa80`09382dce : nt!KeBugCheckEx
fffff880`067314a0 fffff880`0183ba66 : 00000000`00000000 fffffa80`09382bde 00000000`3045464d fffffa80`090407e0 : nt!ExDeferredFreePool+0x12da
fffff880`06731550 fffff880`0181b0e4 : fffffa80`09382bde fffffa80`09882b30 00000000`00001c6c fffffa80`09b8d250 : mfehidk!DEVICEDISPATCH::DispatchPassThrough+0x5c56
fffff880`06731580 fffff880`0181babb : fffffa80`09882b30 00000000`00001c6c fffffa80`09b8d250 00000000`00000000 : mfehidk+0x1b0e4
fffff880`067315b0 fffff880`0181c93c : fffff880`018563f0 00000000`00000000 00000000`00001c6c 00000000`000007ff : mfehidk+0x1babb
fffff880`06731670 fffff880`018200fb : fffffa80`09b71ac0 fffff880`06731828 fffffa80`09882b30 00000000`00000000 : mfehidk+0x1c93c
fffff880`06731710 fffff880`01820c5a : fffff8a0`02e7e420 fffff880`067318f0 fffffa80`06ca9e90 00000000`00000000 : mfehidk+0x200fb
fffff880`06731740 fffff800`01c32646 : fffffa80`09882b30 00000000`00000000 00000000`00000000 fffffa80`09882b00 : mfehidk+0x20c5a
fffff880`06731770 fffff800`01c32b4f : fffffa80`00000000 fffffa80`09882b30 fffff880`067318f0 fffffa80`06ca9de0 : nt!ObpCallPreOperationCallbacks+0x196
fffff880`067317f0 fffff800`01baff2d : fffff880`067319d0 fffffa80`06ca9de0 00000000`00000200 fffff8a0`00001720 : nt!ObpPreInterceptHandleCreate+0xaf
fffff880`06731870 fffff800`01b7c441 : 00000000`00000001 fffffa80`09882b30 00000000`00000000 fffffa80`073e1300 : nt! ?? ::NNGAKEGL::`string'+0x303af
fffff880`06731980 fffff800`01b6e23c : fffffa80`08ae6b50 fffff800`01b63832 00000000`00000000 00000000`00000000 : nt!ObOpenObjectByPointerWithTag+0x109
fffff880`06731ba0 fffff880`019849c1 : 00000000`00000010 00000000`00000000 00000000`00000000 fffff880`01984823 : nt!ObOpenObjectByPointer+0x30
fffff880`06731bf0 fffff880`01989410 : 00000000`00000010 fffffa80`09882b30 fffffa80`09882b01 00000000`00000000 : rskcore+0x19c1
fffff880`06731c40 fffff800`01b7da26 : fffff8a0`002aab20 fffff880`06732ca0 fffff880`06732ca0 fffffa80`09882b30 : rskcore+0x6410
fffff880`06731f00 fffff800`01b3a5c3 : fffffa80`09a0a060 fffffa80`09882b30 fffff880`067321b0 fffff880`067320ec : nt!PspInsertThread+0x61a
fffff880`06732080 fffff800`01894253 : fffffa80`073e4100 fffff880`06732ca0 00000000`00000002 00000000`00000000 : nt!NtCreateUserProcess+0x732
fffff880`06732bb0 00000000`77431dea : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`06732c20)
00000000`006ceba8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x77431dea
start             end                 module name
fffff800`0161d000 fffff800`01627000   kdcom    kdcom.dll    Sat Feb 05 10:52:49 2011 (4D4D8061)
fffff800`01816000 fffff800`01dfe000   nt       ntkrnlmp.exe Thu Aug 30 10:11:58 2012 (503F82BE)
fffff800`01dfe000 fffff800`01e47000   hal      hal.dll      Sat Nov 20 07:00:25 2010 (4CE7C669)
fffff880`00c00000 fffff880`00c5c000   volmgrx  volmgrx.sys  Sat Nov 20 03:20:43 2010 (4CE792EB)
fffff880`00c5c000 fffff880`00c76000   vmci     vmci.sys     Wed Jan 04 10:45:06 2012 (4F048212)
fffff880`00c76000 fffff880`00c90000   mountmgr mountmgr.sys Sat Nov 20 03:19:21 2010 (4CE79299)
fffff880`00c90000 fffff880`00ca4000   winhv    winhv.sys    Sat Nov 20 03:20:02 2010 (4CE792C2)
fffff880`00ca4000 fffff880`00cad000   atapi    atapi.sys    Mon Jul 13 18:19:47 2009 (4A5BC113)
fffff880`00cb7000 fffff880`00d06000   mcupdate_GenuineIntel mcupdate_GenuineIntel.dll Sat Nov 20 07:03:51 2010 (4CE7C737)
fffff880`00d06000 fffff880`00d1a000   PSHED    PSHED.dll    Mon Jul 13 20:32:23 2009 (4A5BE027)
fffff880`00d1a000 fffff880`00d78000   CLFS     CLFS.SYS     Mon Jul 13 18:19:57 2009 (4A5BC11D)
fffff880`00d78000 fffff880`00dab000   pci      pci.sys      Sat Nov 20 03:19:11 2010 (4CE7928F)
fffff880`00dab000 fffff880`00dc0000   volmgr   volmgr.sys   Sat Nov 20 03:19:28 2010 (4CE792A0)
fffff880`00dc0000 fffff880`00dfc000   vmbus    vmbus.sys    Sat Nov 20 03:57:29 2010 (4CE79B89)
fffff880`00e00000 fffff880`00e57000   ACPI     ACPI.sys     Sat Nov 20 03:19:16 2010 (4CE79294)
fffff880`00e57000 fffff880`00e63000   BATTC    BATTC.SYS    Mon Jul 13 18:31:01 2009 (4A5BC3B5)
fffff880`00e66000 fffff880`00f26000   CI       CI.dll       Sat Nov 20 07:12:36 2010 (4CE7C944)
fffff880`00f26000 fffff880`00f2f000   rdpencdd rdpencdd.sys Mon Jul 13 19:16:34 2009 (4A5BCE62)
fffff880`00f2f000 fffff880`00f38000   rdprefmp rdprefmp.sys Mon Jul 13 19:16:35 2009 (4A5BCE63)
fffff880`00f41000 fffff880`00fe5000   Wdf01000 Wdf01000.sys Mon Jul 13 18:22:07 2009 (4A5BC19F)
fffff880`00fe5000 fffff880`00fed000   intelide intelide.sys Mon Jul 13 18:19:48 2009 (4A5BC114)
fffff880`00fed000 fffff880`00ffd000   PCIIDEX  PCIIDEX.SYS  Mon Jul 13 18:19:48 2009 (4A5BC114)
fffff880`01000000 fffff880`0105e000   msrpc    msrpc.sys    Sat Nov 20 03:21:56 2010 (4CE79334)
fffff880`0105e000 fffff880`010be000   NETIO    NETIO.SYS    Wed Aug 22 10:01:38 2012 (5034F452)
fffff880`010be000 fffff880`010cd000   WDFLDR   WDFLDR.SYS   Mon Jul 13 18:19:54 2009 (4A5BC11A)
fffff880`010cd000 fffff880`010d6000   WMILIB   WMILIB.SYS   Mon Jul 13 18:19:51 2009 (4A5BC117)
fffff880`010d7000 fffff880`011c9000   NDIS     NDIS.SYS     Wed Aug 22 10:11:46 2012 (5034F6B2)
fffff880`011c9000 fffff880`011d3000   msisadrv msisadrv.sys Mon Jul 13 18:19:26 2009 (4A5BC0FE)
fffff880`011d3000 fffff880`011e0000   vdrvroot vdrvroot.sys Mon Jul 13 19:01:31 2009 (4A5BCADB)
fffff880`011e0000 fffff880`011f5000   partmgr  partmgr.sys  Sat Mar 17 00:06:09 2012 (4F641BC1)
fffff880`011f5000 fffff880`011fe000   compbatt compbatt.sys Mon Jul 13 18:31:02 2009 (4A5BC3B6)
fffff880`01200000 fffff880`01272000   cng      cng.sys      Fri Aug 24 10:47:16 2012 (5037A204)
fffff880`01272000 fffff880`0129d000   ksecpkg  ksecpkg.sys  Fri Aug 24 10:48:29 2012 (5037A24D)
fffff880`0129d000 fffff880`012ad000   watchdog watchdog.sys Mon Jul 13 18:37:35 2009 (4A5BC53F)
fffff880`012ad000 fffff880`012b6000   RDPCDD   RDPCDD.sys   Mon Jul 13 19:16:34 2009 (4A5BCE62)
fffff880`012b8000 fffff880`012e2000   ataport  ataport.SYS  Sat Nov 20 03:19:15 2010 (4CE79293)
fffff880`012e2000 fffff880`01301000   lsi_scsi lsi_scsi.sys Thu Apr 16 17:13:50 2009 (49E7AD9E)
fffff880`01301000 fffff880`01364000   storport storport.sys Thu Mar 10 22:30:23 2011 (4D79A55F)
fffff880`01364000 fffff880`01381000   lsi_sas  lsi_sas.sys  Mon May 18 19:20:23 2009 (4A11FB47)
fffff880`01381000 fffff880`0138c000   amdxata  amdxata.sys  Fri Mar 19 11:18:18 2010 (4BA3A3CA)
fffff880`0138c000 fffff880`013d8000   fltmgr   fltmgr.sys   Sat Nov 20 03:19:24 2010 (4CE7929C)
fffff880`013d8000 fffff880`013fd000   VIDEOPRT VIDEOPRT.SYS Mon Jul 13 18:38:51 2009 (4A5BC58B)
fffff880`01400000 fffff880`0140e000   vga      vga.sys      Mon Jul 13 18:38:47 2009 (4A5BC587)
fffff880`01415000 fffff880`015b8000   Ntfs     Ntfs.sys     Fri Aug 31 10:14:14 2012 (5040D4C6)
fffff880`015b8000 fffff880`015d3000   ksecdd   ksecdd.sys   Fri Jun 01 21:50:23 2012 (4FC97F6F)
fffff880`015d3000 fffff880`015e4000   pcw      pcw.sys      Mon Jul 13 18:19:27 2009 (4A5BC0FF)
fffff880`015e4000 fffff880`015ee000   Fs_Rec   Fs_Rec.sys   Wed Feb 29 21:41:06 2012 (4F4EEFD2)
fffff880`015ee000 fffff880`015fd000   vmrawdsk vmrawdsk.sys Wed Feb 15 09:55:13 2012 (4F3BD561)
fffff880`01601000 fffff880`01800000   tcpip    tcpip.sys    Wed Aug 22 10:03:47 2012 (5034F4D3)
fffff880`01800000 fffff880`0186f100   mfehidk  mfehidk.sys  Fri Dec 17 15:24:02 2010 (4D0BD4F2)
fffff880`01870000 fffff880`01879000   hwpolicy hwpolicy.sys Sat Nov 20 03:18:54 2010 (4CE7927E)
fffff880`01879000 fffff880`0188f000   disk     disk.sys     Mon Jul 13 18:19:57 2009 (4A5BC11D)
fffff880`0188f000 fffff880`018bf000   CLASSPNP CLASSPNP.SYS Sat Nov 20 03:19:23 2010 (4CE7929B)
fffff880`018d5000 fffff880`0191f000   fwpkclnt fwpkclnt.sys Wed Aug 22 10:01:03 2012 (5034F42F)
fffff880`0191f000 fffff880`0192f000   vmstorfl vmstorfl.sys Sat Nov 20 03:57:30 2010 (4CE79B8A)
fffff880`0192f000 fffff880`0197b000   volsnap  volsnap.sys  Sat Nov 20 03:20:08 2010 (4CE792C8)
fffff880`0197b000 fffff880`01983000   spldr    spldr.sys    Mon May 11 11:56:27 2009 (4A0858BB)
fffff880`01983000 fffff880`01993000   rskcore  rskcore.sys  Thu Jan 14 09:16:37 2010 (4B4F3555)
fffff880`01993000 fffff880`019a5000   mup      mup.sys      Mon Jul 13 18:23:45 2009 (4A5BC201)
fffff880`019cc000 fffff880`019f6000   cdrom    cdrom.sys    Sat Nov 20 03:19:20 2010 (4CE79298)
fffff880`019f6000 fffff880`019ff000   Null     Null.SYS     Mon Jul 13 18:19:37 2009 (4A5BC109)
fffff880`02a00000 fffff880`02a0b000   ws2ifsl  ws2ifsl.sys  Mon Jul 13 19:10:33 2009 (4A5BCCF9)
fffff880`02a0b000 fffff880`02a14000   wfplwf   wfplwf.sys   Mon Jul 13 19:09:26 2009 (4A5BCCB6)
fffff880`02a14000 fffff880`02a3a000   pacer    pacer.sys    Sat Nov 20 04:52:18 2010 (4CE7A862)
fffff880`02a3a000 fffff880`02a49000   netbios  netbios.sys  Mon Jul 13 19:09:26 2009 (4A5BCCB6)
fffff880`02a49000 fffff880`02a77000   vmhgfs   vmhgfs.sys   Wed Feb 15 09:43:56 2012 (4F3BD2BC)
fffff880`02a77000 fffff880`02a94000   serial   serial.sys   Mon Jul 13 19:00:40 2009 (4A5BCAA8)
fffff880`02a9e000 fffff880`02ab9000   wanarp   wanarp.sys   Sat Nov 20 04:52:36 2010 (4CE7A874)
fffff880`02ac5000 fffff880`02ad0000   Msfs     Msfs.SYS     Mon Jul 13 18:19:47 2009 (4A5BC113)
fffff880`02ad0000 fffff880`02ae1000   Npfs     Npfs.SYS     Mon Jul 13 18:19:48 2009 (4A5BC114)
fffff880`02ae1000 fffff880`02aee000   cdfdrv   cdfdrv.sys   Tue Dec 15 05:32:46 2009 (4B2773DE)
fffff880`02aee000 fffff880`02b10000   tdx      tdx.sys      Sat Nov 20 03:21:54 2010 (4CE79332)
fffff880`02b10000 fffff880`02b1d000   TDI      TDI.SYS      Sat Nov 20 03:22:06 2010 (4CE7933E)
fffff880`02b1d000 fffff880`02b30500   mfetdik  mfetdik.sys  Fri Dec 17 15:24:09 2010 (4D0BD4F9)
fffff880`02b31000 fffff880`02b76000   netbt    netbt.sys    Sat Nov 20 03:23:18 2010 (4CE79386)
fffff880`02b76000 fffff880`02bff000   afd      afd.sys      Tue Dec 27 21:59:20 2011 (4EFA9418)
fffff880`02e00000 fffff880`02e0c000   nsiproxy nsiproxy.sys Mon Jul 13 18:21:02 2009 (4A5BC15E)
fffff880`02e0c000 fffff880`02e17000   mssmbios mssmbios.sys Mon Jul 13 18:31:10 2009 (4A5BC3BE)
fffff880`02e17000 fffff880`02e26000   discache discache.sys Mon Jul 13 18:37:18 2009 (4A5BC52E)
fffff880`02e26000 fffff880`02e44000   dfsc     dfsc.sys     Sat Nov 20 03:26:31 2010 (4CE79447)
fffff880`02e44000 fffff880`02e5f000   ctxusbm  ctxusbm.sys  Mon Sep 07 13:09:28 2009 (4AA54C58)
fffff880`02e5f000 fffff880`02e76000   ctxpidmn ctxpidmn.sys Wed Feb 10 14:37:12 2010 (4B7318F8)
fffff880`02e76000 fffff880`02e9d000   CTXDVCS  CTXDVCS.SYS  Tue Oct 25 15:18:15 2011 (4EA71987)
fffff880`02e9d000 fffff880`02eae000   blbdrive blbdrive.sys Mon Jul 13 18:35:59 2009 (4A5BC4DF)
fffff880`02eb8000 fffff880`02ecc000   termdd   termdd.sys   Sat Nov 20 05:03:40 2010 (4CE7AB0C)
fffff880`02ecc000 fffff880`02f1d000   rdbss    rdbss.sys    Sat Nov 20 03:27:51 2010 (4CE79497)
fffff880`02f1d000 fffff880`02fcc000   picadm   picadm.sys   Tue Oct 25 15:12:17 2011 (4EA71821)
fffff880`02fcc000 fffff880`02fe0000   PICAVC   PICAVC.SYS   Tue Oct 25 15:11:51 2011 (4EA71807)
fffff880`02fe0000 fffff880`02fff000   picadd   picadd.sys   Tue Oct 25 15:16:06 2011 (4EA71906)
fffff880`03200000 fffff880`0322f000   ndiswan  ndiswan.sys  Sat Nov 20 04:52:32 2010 (4CE7A870)
fffff880`0322f000 fffff880`0324a000   raspppoe raspppoe.sys Mon Jul 13 19:10:17 2009 (4A5BCCE9)
fffff880`0324a000 fffff880`0326b000   raspptp  raspptp.sys  Sat Nov 20 04:52:31 2010 (4CE7A86F)
fffff880`0326b000 fffff880`03285000   rassstp  rassstp.sys  Mon Jul 13 19:10:25 2009 (4A5BCCF1)
fffff880`03285000 fffff880`03290000   rdpbus   rdpbus.sys   Mon Jul 13 19:17:46 2009 (4A5BCEAA)
fffff880`03290000 fffff880`03291480   swenum   swenum.sys   Mon Jul 13 19:00:18 2009 (4A5BCA92)
fffff880`032b1000 fffff880`032d7000   tunnel   tunnel.sys   Sat Nov 20 04:51:50 2010 (4CE7A846)
fffff880`032d7000 fffff880`032f5000   i8042prt i8042prt.sys Mon Jul 13 18:19:57 2009 (4A5BC11D)
fffff880`032f5000 fffff880`03304000   kbdclass kbdclass.sys Mon Jul 13 18:19:50 2009 (4A5BC116)
fffff880`03304000 fffff880`0330c000   vmmouse  vmmouse.sys  Mon Nov 30 22:44:04 2009 (4B149F14)
fffff880`0330c000 fffff880`0331b000   mouclass mouclass.sys Mon Jul 13 18:19:50 2009 (4A5BC116)
fffff880`0331b000 fffff880`03338000   parport  parport.sys  Mon Jul 13 19:00:40 2009 (4A5BCAA8)
fffff880`03338000 fffff880`03344000   serenum  serenum.sys  Mon Jul 13 19:00:33 2009 (4A5BCAA1)
fffff880`03344000 fffff880`03351000   fdc      fdc.sys      Mon Jul 13 19:00:54 2009 (4A5BCAB6)
fffff880`03351000 fffff880`0335f000   vgapnp   vgapnp.sys   Mon Jul 13 18:38:47 2009 (4A5BC587)
fffff880`0335f000 fffff880`03376000   vmxnet3n61x64 vmxnet3n61x64.sys Sat Dec 03 09:55:32 2011 (4EDA4674)
fffff880`03376000 fffff880`0337a500   CmBatt   CmBatt.sys   Mon Jul 13 18:31:03 2009 (4A5BC3B7)
fffff880`0337b000 fffff880`03391000   intelppm intelppm.sys Mon Jul 13 18:19:25 2009 (4A5BC0FD)
fffff880`03391000 fffff880`033a1000   CompositeBus CompositeBus.sys Sat Nov 20 04:33:17 2010 (4CE7A3ED)
fffff880`033a1000 fffff880`033b7000   AgileVpn AgileVpn.sys Mon Jul 13 19:10:24 2009 (4A5BCCF0)
fffff880`033b7000 fffff880`033db000   rasl2tp  rasl2tp.sys  Sat Nov 20 04:52:34 2010 (4CE7A872)
fffff880`033db000 fffff880`033e7000   ndistapi ndistapi.sys Mon Jul 13 19:10:00 2009 (4A5BCCD8)
fffff880`03400000 fffff880`0342d000   mrxsmb   mrxsmb.sys   Tue Apr 26 21:40:38 2011 (4DB78226)
fffff880`0344e000 fffff880`03491000   ks       ks.sys       Sat Nov 20 04:33:23 2010 (4CE7A3F3)
fffff880`03491000 fffff880`034a3000   umbus    umbus.sys    Sat Nov 20 04:44:37 2010 (4CE7A695)
fffff880`034a3000 fffff880`034ae000   flpydisk flpydisk.sys Mon Jul 13 19:00:54 2009 (4A5BCAB6)
fffff880`034ae000 fffff880`034c3000   NDProxy  NDProxy.SYS  Sat Nov 20 04:52:20 2010 (4CE7A864)
fffff880`034c3000 fffff880`034d1000   crashdmp crashdmp.sys Mon Jul 13 19:01:01 2009 (4A5BCABD)
fffff880`034d1000 fffff880`034db000   dump_diskdump dump_diskdump.sys Fri Apr 22 15:04:32 2011 (4DB1DF50)
fffff880`034db000 fffff880`034f8000   dump_LSI_SAS dump_LSI_SAS.sys Mon May 18 19:20:23 2009 (4A11FB47)
fffff880`034f8000 fffff880`03504000   Dxapi    Dxapi.sys    Mon Jul 13 18:38:28 2009 (4A5BC574)
fffff880`03504000 fffff880`03512000   monitor  monitor.sys  Mon Jul 13 18:38:52 2009 (4A5BC58C)
fffff880`03512000 fffff880`03535000   luafv    luafv.sys    Mon Jul 13 18:26:13 2009 (4A5BC295)
fffff880`03535000 fffff880`03581000   CtxSbx   CtxSbx.sys   Wed Feb 10 14:37:29 2010 (4B731909)
fffff880`03581000 fffff880`03598000   CtxAltStr CtxAltStr.sys Tue Oct 25 18:44:49 2011 (4EA749F1)
fffff880`03598000 fffff880`035ad000   lltdio   lltdio.sys   Mon Jul 13 19:08:50 2009 (4A5BCC92)
fffff880`035ad000 fffff880`035c5000   rspndr   rspndr.sys   Mon Jul 13 19:08:50 2009 (4A5BCC92)
fffff880`035c5000 fffff880`035e3000   bowser   bowser.sys   Tue Feb 22 22:55:04 2011 (4D649328)
fffff880`035e3000 fffff880`035fb000   mpsdrv   mpsdrv.sys   Mon Jul 13 19:08:25 2009 (4A5BCC79)
fffff880`04200000 fffff880`04269000   srv2     srv2.sys     Thu Apr 28 22:05:46 2011 (4DBA2B0A)
fffff880`04297000 fffff880`042e5000   mrxsmb10 mrxsmb10.sys Fri Jul 08 21:34:28 2011 (4E17BE34)
fffff880`042e5000 fffff880`04309000   mrxsmb20 mrxsmb20.sys Tue Apr 26 21:39:37 2011 (4DB781E9)
fffff880`04309000 fffff880`043d2000   HTTP     HTTP.sys     Sat Nov 20 03:24:30 2010 (4CE793CE)
fffff880`043d2000 fffff880`043da000   vmmemctl vmmemctl.sys Wed Feb 15 09:54:48 2012 (4F3BD548)
fffff880`043da000 fffff880`043e6000   ctxpn    ctxpn.sys    Tue Oct 25 15:22:52 2011 (4EA71A9C)
fffff880`043e6000 fffff880`043f0000   ctxsmcdrv ctxsmcdrv.sys Tue Jan 19 18:42:54 2010 (4B56518E)
fffff880`04c2e000 fffff880`04cd4000   peauth   peauth.sys   Mon Jul 13 20:01:19 2009 (4A5BD8DF)
fffff880`04cd4000 fffff880`04d19000   picapar  picapar.sys  Mon Nov 07 14:54:11 2011 (4EB84573)
fffff880`04d19000 fffff880`04d69000   picaser  picaser.sys  Mon Nov 07 14:53:57 2011 (4EB84565)
fffff880`04d69000 fffff880`04d74000   secdrv   secdrv.SYS   Wed Sep 13 08:18:38 2006 (4508052E)
fffff880`04d74000 fffff880`04da5000   srvnet   srvnet.sys   Thu Apr 28 22:05:35 2011 (4DBA2AFF)
fffff880`04da5000 fffff880`04db7000   tcpipreg tcpipreg.sys Sat Nov 20 04:51:48 2010 (4CE7A844)
fffff880`04db7000 fffff880`04de2000   pdcrypt2 pdcrypt2.sys Tue Jan 19 18:47:06 2010 (4B56528A)
fffff880`04de2000 fffff880`04ded000   prepdrv  prepdrv.sys  Fri Sep 18 03:15:16 2009 (4AB34194)
fffff880`05600000 fffff880`0560f000   tssecsrv tssecsrv.sys Sat Nov 20 05:04:09 2010 (4CE7AB29)
fffff880`0560f000 fffff880`05648000   RDPWD    RDPWD.SYS    Fri Apr 27 22:55:20 2012 (4F9B6A28)
fffff880`05648000 fffff880`05652000   pdrframe pdrframe.sys Tue Jan 19 07:24:09 2010 (4B55B279)
fffff880`05658000 fffff880`056f0000   srv      srv.sys      Thu Apr 28 22:06:06 2011 (4DBA2B1E)
fffff880`056f0000 fffff880`05706300   mfeapfk  mfeapfk.sys  Fri Dec 17 15:24:38 2010 (4D0BD516)
fffff880`05707000 fffff880`05722900   mfeavfk  mfeavfk.sys  Fri Dec 17 15:25:14 2010 (4D0BD53A)
fffff880`05723000 fffff880`05732000   icatdwsk icatdwsk.sys Tue Oct 25 15:17:08 2011 (4EA71944)
fffff880`05732000 fffff880`057ba000   wdica    wdica.sys    Tue Oct 25 15:17:49 2011 (4EA7196D)
fffff880`057ba000 fffff880`057c4000   icareduc icareduc.sys Tue Jan 19 18:49:21 2010 (4B565311)
fffff880`057c4000 fffff880`057f2000   rdpdr    rdpdr.sys    Sat Nov 20 05:06:41 2010 (4CE7ABC1)
fffff880`057f2000 fffff880`057fd000   tdtcp    tdtcp.sys    Thu Feb 16 22:57:32 2012 (4F3DDE3C)
fffff880`076d1000 fffff880`076dc000   asyncmac asyncmac.sys Mon Jul 13 19:10:13 2009 (4A5BCCE5)
fffff960`00070000 fffff960`00385000   win32k   win32k.sys   Wed Jul 18 13:14:37 2012 (5006FD0D)
fffff960`00430000 fffff960`0044e000   dxg      dxg.sys      Mon Jul 13 18:38:28 2009 (4A5BC574)
fffff960`00740000 fffff960`0074a000   TSDDD    TSDDD.dll    Mon Jul 13 19:16:34 2009 (4A5BCE62)
fffff960`00940000 fffff960`00949000   framebuf framebuf.dll Mon Jul 13 18:38:47 2009 (4A5BC587)
fffff960`00b20000 fffff960`00bd4000   vdtw30   vdtw30.dll   Thu Nov 10 10:58:29 2011 (4EBC02B5)
fffff960`00c70000 fffff960`00c7a000   twexport twexport.sys Tue Jan 19 07:38:28 2010 (4B55B5D4)

Unloaded modules:
fffff880`07660000 fffff880`076d1000   spsys.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00071000
fffff880`018bf000 fffff880`018cd000   crashdmp.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0000E000
fffff880`019a5000 fffff880`019af000   dump_storport.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0000A000
fffff880`019af000 fffff880`019cc000   dump_LSI_SAS.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0001D000
fffff880`02a94000 fffff880`02a9e000   vmdebug.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0000A000
fffff880`00f26000 fffff880`00f41000   sacdrv.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0001B000
Closing open log file c:\debuglog.txt

Open in new window

0
Comment
Question by:mystikal1000
1 Comment
 
LVL 68

Accepted Solution

by:
Qlemo earned 500 total points
ID: 39216511
mfehidk is McAffe's Host Intrusion Detection Link Driver. Bad Pool Header is always an issue with a driver not managing the Paged/Non-Paged memory pool properly.
So my conclusion: This is a severe bug in McAffe's software. You'll have to uninstall it, or try to get a newer version, or contact them directly for a resolution.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Usually shares are where we want them for our users and we tend to take them for granted. There are times, however, when those shares may disappear causing difficulty for your users. One of the first things to try is searching for files that shou…
Every server (virtual or physical) needs a console: and the console can be provided through hardware directly connected, software for remote connections, local connections, through a KVM, etc. This document explains the different types of consol…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now