Blue screen: is it due to ntoskrnl.exe?

zetopskateuse -  
 Julien -
Hello,

Since this morning I've experienced several blue screens. I regularly download software but haven't installed anything in about a week, and there was no issue until this morning. I feel like it happens shortly after opening Windows Live Mail: after trying twice to open my email and getting 2 blue screens, I restarted the computer and avoided opening my email, and for now, there's been no problem. What's curious is that it doesn't crash immediately upon opening WLM.
I have this report from Windows:

Problem signature:
Problem event name: BlueScreen
System version: 6.1.7600.2.0.0.768.3
Locale ID: 1036

Additional problem information:
BCCode: 19
BCP1: 0000000000000003
BCP2: FFFFFA80084C7940
BCP3: FFFFFA80084C7940
BCP4: FFFA80084C794000
OS Version: 6_1_7600
Service Pack: 0_0
Product: 768_1

Files helping to describe the problem:
C:\Windows\Minidump\120810-19422-01.dmp
C:\Users\Morgane\AppData\Local\Temp\WER-56581-0.sysdata.xml

Configuration: Windows 7 / Firefox 3.6.12

I also ran WhoCrashed following a post I read on a forum; here’s the report:

Crash Dump Analysis
--------------------------------------------------------------------------------

Crash dump directory: C:\windows\Minidump

Crash dumps are enabled on your computer.

On Wed 08/12/2010 12:07:38 GMT, your computer crashed
crash dump file: C:\windows\Minidump\120810-19422-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x70740)
Bugcheck code: 0x19 (0x3, 0xFFFFFA80084C7940, 0xFFFFFA80084C7940, 0xFFFA80084C794000)
Error: BAD_POOL_HEADER
file path: C:\windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that a pool header is corrupt.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.

On Wed 08/12/2010 12:07:38 GMT, your computer crashed
crash dump file: C:\windows\memory.dmp
This was probably caused by the following module: ntkrnlmp.exe (nt!KeBugCheckEx+0x0)
Bugcheck code: 0x19 (0x3, 0xFFFFFA80084C7940, 0xFFFFFA80084C7940, 0xFFFA80084C794000)
Error: BAD_POOL_HEADER
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that a pool header is corrupt.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.

On Wed 08/12/2010 11:56:18 GMT, your computer crashed
crash dump file: C:\windows\Minidump\120810-17674-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x70740)
Bugcheck code: 0xD1 (0x1500743, 0x2, 0x0, 0xFFFFF88004A7AED3)
Error: DRIVER_IRQL_NOT_LESS_OR_EQUAL
file path: C:\windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that a kernel-mode driver attempted to access pageable memory at a process IRQL that was too high.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.

But the applications ntoskrnl.exe and ntkrnlmp.exe are essential for booting Windows, right? So I don't know what to do. (I'm a complete beginner in this area)

One more thing: this may not be related, but Kaspersky has notified me several times recently that the kernel mode memory patch program was suspicious, but since I thought it was a legitimate program, I didn't take any action.

Thank you very much for your help :)

21 answers

  • 1
  • 2
  1. guigui0001 Posted messages 91 Status Member 17
     
    Hello,

    --> We will check that your system files have not been modified:

    * Once the PC is started, go to Start, then in the search bar, type cmd . Right-click on the result, then click on Run as administrator

    * In the command prompt window (the black window), type sfc/verifyonly and press enter.

    * At the end of the operation, post a screenshot in this topic.

    ==> To help you: Tutorial on sfc
    7
  • 1
  • 2