Can you do the following to set the symbol path: Click on WinDbg > File > Symbol File Path and then paste the following under "Symbol path": SRV*c:\symbols*http://msdl.microsoft.com/download/symbols Then click "OK" Then close WinDbg and answer "Yes" to the "Save information for workspace" question. Then rerun the analysis. It is not necessary to install any symbol package as setting the symbol path to Microsoft Symbol Server will allow the downloading of symbols as needed: http://support.microsoft.com/kb/311503 Symbols will now be downloaded to C:\Symbols as needed.

i am trying to debug a users new laptop that keeps crashing. i installed the windows sdk as well as the symbols for windows 7 sp1 retail version. i entered the symbol path and loaded the mini dump file and here is what i get. i'm not understanding why it keeps saying symbols could not be loaded or i have the wrong symbols. Here is the link to the symbols i downloaded. i chose the Windows 7 and Windows Server 2008 R2: Windows 7 Service Pack 1 Symbols retail, all language version. i downloaded and installed/extracted the files to a local directory on my pc. i pointed windbg to see that symbols folder and reloaded the dump file but keep getting those messages. any help would be greatly appreciated as i have 34 of these machines and i need to know if there is a specific driver causing this issue. http://msdn.microsoft.com/en-us/windows/hardware/gg463028 Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [\\jvend02w764\c$\Windows\Minidump\082212-12838-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: D:\Software\Windows SDK\symbols Executable search path is: Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2 *** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Built by: 7601.17835.amd64fre.win7sp1_gdr.120503-2030 Machine Name: Kernel base = 0xfffff800`03001000 PsLoadedModuleList = 0xfffff800`03245670 Debug session time: Wed Aug 22 10:09:38.794 2012 (UTC - 4:00) System Uptime: 0 days 0:02:06.679 Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2 *** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe Loading Kernel Symbols ............................................................... ................................................................ ...................................................... Loading User Symbols Loading unloaded module list ...... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 1E, {0, 0, 0, 0} ***** Kernel symbols are WRONG. Please fix symbols to do analysis. ************************************************************************* *** *** *** *** *** Your debugger is not using the correct symbols *** *** *** *** In order for this command to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Your debugger is not using the correct symbols *** *** *** *** In order for this command to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Your debugger is not using the correct symbols *** *** *** *** In order for this command to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Your debugger is not using the correct symbols *** *** *** *** In order for this command to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Your debugger is not using the correct symbols *** *** *** *** In order for this command to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Your debugger is not using the correct symbols *** *** *** *** In order for this command to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Your debugger is not using the correct symbols *** *** *** *** In order for this command to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Your debugger is not using the correct symbols *** *** *** *** In order for this command to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* Probably caused by : ntoskrnl.exe ( nt+7f190 ) Followup: MachineOwner ---------

thanks for the tip. here is the output. any suggestions on how to correct this? Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [\\jvendrell02w764\c$\Windows\Minidump\082212-9765-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols;D:\Software\Windows SDK\symbols Executable search path is: Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Built by: 7601.17835.amd64fre.win7sp1_gdr.120503-2030 Machine Name: Kernel base = 0xfffff800`0325c000 PsLoadedModuleList = 0xfffff800`034a0670 Debug session time: Wed Aug 22 11:08:14.057 2012 (UTC - 4:00) System Uptime: 0 days 0:15:42.230 Loading Kernel Symbols ............................................................... ................................................................ ........................................................ Loading User Symbols Loading unloaded module list ......... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 1E, {0, 0, 0, 0} Unable to load image \SystemRoot\system32\DRIVERS\iusb3xhc.sys, Win32 error 0n2 *** WARNING: Unable to verify timestamp for iusb3xhc.sys *** ERROR: Module load completed but symbols could not be loaded for iusb3xhc.sys *** WARNING: Unable to verify timestamp for win32k.sys Probably caused by : Pool_Corruption ( nt!ExDeferredFreePool+100 ) Followup: Pool_corruption --------- 0: kd> 0: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* KMODE_EXCEPTION_NOT_HANDLED (1e) This is a very common bugcheck. Usually the exception address pinpoints the driver/function that caused the problem. Always note this address as well as the link date of the driver/image that contains this address. Arguments: Arg1: 0000000000000000, The exception code that was not handled Arg2: 0000000000000000, The address that the exception occurred at Arg3: 0000000000000000, Parameter 0 of the exception Arg4: 0000000000000000, Parameter 1 of the exception Debugging Details: ------------------ EXCEPTION_CODE: (Win32) 0 (0) - The operation completed successfully. FAULTING_IP: +3139663532346234 00000000`00000000 ?? ??? EXCEPTION_PARAMETER1: 0000000000000000 EXCEPTION_PARAMETER2: 0000000000000000 ERROR_CODE: (NTSTATUS) 0 - STATUS_WAIT_0 BUGCHECK_STR: 0x1E_0 CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT PROCESS_NAME: System CURRENT_IRQL: 2 EXCEPTION_RECORD: fffff80000b9c4f8 -- (.exr 0xfffff80000b9c4f8) ExceptionAddress: fffff800034079bc (nt!ExDeferredFreePool+0x0000000000000100) ExceptionCode: c0000005 (Access violation) ExceptionFlags: 00000000 NumberParameters: 2 Parameter[0]: 0000000000000000 Parameter[1]: ffffffffffffffff Attempt to read from address ffffffffffffffff TRAP_FRAME: fffff80000b9c5a0 -- (.trap 0xfffff80000b9c5a0) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=fffffa80074c84e0 rbx=0000000000000000 rcx=fffff80003462740 rdx=c00100000b9d21e0 rsi=0000000000000000 rdi=0000000000000000 rip=fffff800034079bc rsp=fffff80000b9c730 rbp=0000000000000000 r8=c00100000b9d21e0 r9=fffffa800bfc5580 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei pl zr na po nc nt!ExDeferredFreePool+0x100: fffff800`034079bc 4c8b02 mov r8,qword ptr [rdx] ds:5cd0:c0010000`0b9d21e0=???????????????? Resetting default scope LAST_CONTROL_TRANSFER: from fffff800032d2bbe to fffff800032db190 STACK_TEXT: fffff800`00b9b5d8 fffff800`032d2bbe : fffff800`00b9b670 fffff800`00b9b698 fffff800`00b9bd50 fffff800`03306160 : nt!KeBugCheck fffff800`00b9b5e0 fffff800`03305e2d : fffff800`034e1770 fffff800`0341e2f0 fffff800`0325c000 fffff800`00b9c4f8 : nt!KiKernelCalloutExceptionHandler+0xe fffff800`00b9b610 fffff800`03304c05 : fffff800`03421fac fffff800`00b9b688 fffff800`00b9c4f8 fffff800`0325c000 : nt!RtlpExecuteHandlerForException+0xd fffff800`00b9b640 fffff800`03315b81 : fffff800`00b9c4f8 fffff800`00b9bd50 fffff800`00000000 fffffa80`0ad57360 : nt!RtlDispatchException+0x415 fffff800`00b9bd20 fffff800`032da842 : fffff800`00b9c4f8 00000000`00000000 fffff800`00b9c5a0 00000000`00000000 : nt!KiDispatchException+0x135 fffff800`00b9c3c0 fffff800`032d914a : 00000000`00000202 fffff800`032e081a fffff880`03502180 fffffa80`0b84f060 : nt!KiExceptionDispatch+0xc2 fffff800`00b9c5a0 fffff800`034079bc : fffff880`076db000 00000000`00000000 00000000`00010011 fffffa80`09a349d0 : nt!KiGeneralProtectionFault+0x10a fffff800`00b9c730 fffff800`034071a1 : 00000000`00000000 fffffa80`0ac13210 00000000`00000000 00000000`00000000 : nt!ExDeferredFreePool+0x100 fffff800`00b9c7c0 fffff800`03217865 : fffffa80`0ac13220 00000000`00000000 fffffa80`206c6148 fffffa80`07666102 : nt!ExFreePoolWithTag+0x411 fffff800`00b9c870 fffff880`04ca489f : fffffa80`076f31d0 fffffa80`09a28000 fffffa80`07477090 fffffa80`07666010 : hal!HalPutScatterGatherList+0x115 fffff800`00b9c8d0 fffffa80`076f31d0 : fffffa80`09a28000 fffffa80`07477090 fffffa80`07666010 fffffa80`07477090 : iusb3xhc+0x3789f fffff800`00b9c8d8 fffffa80`09a28000 : fffffa80`07477090 fffffa80`07666010 fffffa80`07477090 fffff880`04cb60da : 0xfffffa80`076f31d0 fffff800`00b9c8e0 fffffa80`07477090 : fffffa80`07666010 fffffa80`07477090 fffff880`04cb60da fffffa80`0ac29c70 : 0xfffffa80`09a28000 fffff800`00b9c8e8 fffffa80`07666010 : fffffa80`07477090 fffff880`04cb60da fffffa80`0ac29c70 fffff880`04cd8da0 : 0xfffffa80`07477090 fffff800`00b9c8f0 fffffa80`07477090 : fffff880`04cb60da fffffa80`0ac29c70 fffff880`04cd8da0 00000000`00000000 : 0xfffffa80`07666010 fffff800`00b9c8f8 fffff880`04cb60da : fffffa80`0ac29c70 fffff880`04cd8da0 00000000`00000000 fffffa80`07666010 : 0xfffffa80`07477090 fffff800`00b9c900 fffffa80`0ac29c70 : fffff880`04cd8da0 00000000`00000000 fffffa80`07666010 00000000`00000000 : iusb3xhc+0x490da fffff800`00b9c908 fffff880`04cd8da0 : 00000000`00000000 fffffa80`07666010 00000000`00000000 fffff880`04c9a85b : 0xfffffa80`0ac29c70 fffff800`00b9c910 00000000`00000000 : fffffa80`07666010 00000000`00000000 fffff880`04c9a85b fffffa80`07477090 : iusb3xhc+0x6bda0 STACK_COMMAND: kb FOLLOWUP_IP: nt!ExDeferredFreePool+100 fffff800`034079bc 4c8b02 mov r8,qword ptr [rdx] SYMBOL_STACK_INDEX: 7 SYMBOL_NAME: nt!ExDeferredFreePool+100 FOLLOWUP_NAME: Pool_corruption IMAGE_NAME: Pool_Corruption DEBUG_FLR_IMAGE_TIMESTAMP: 0 MODULE_NAME: Pool_Corruption FAILURE_BUCKET_ID: X64_0x1E_0_nt!ExDeferredFreePool+100 BUCKET_ID: X64_0x1E_0_nt!ExDeferredFreePool+100 Followup: Pool_corruption ---------

The driver that appears to be at issue is the iusb3xhc.sys which appears to be causing "pool corruption": BugCheck 1E, {0, 0, 0, 0} Unable to load image \SystemRoot\system32\DRIVERS\iusb3xhc.sys, Win32 error 0n2 *** WARNING: Unable to verify timestamp for iusb3xhc.sys *** ERROR: Module load completed but symbols could not be loaded for iusb3xhc.sys *** WARNING: Unable to verify timestamp for win32k.sys Probably caused by : Pool_Corruption ( nt!ExDeferredFreePool+100 ) The iusb3xhc.sys is an Intel USB 3.0 driver so try updating and/or reinstalling the Intel USB 3.0 driver. Does this error occur under a particular circumstance or does the error occur randomly?

seems to happen when he has a usb hp inkjet 8600 printer plugged into his dock station. the unit locks up, starts overheating. other times it will blue screen.

That's interesting. A similar error was reported in the following link and the problem appeared to be traced to the printer - scroll way down to see the responses: http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/Windows_7/Q_27717727.html If the problem persists can you zip up the minidump files in the C:\Windows\Minidump folder and make available (provide link) via Windows Live SkyDrive or similar site? The following link has information on using Windows Live SkyDrive: http://social.technet.microsoft.com/Forums/en-US/w7itproui/thread/4fc10639-02db-4665-993a-08d865088d65 I could take a look at the dump files and see if I can see anything else. Also, could you analyze the following file with WinDbg and see if there is any more information on the error: C:\Windows\MEMORY.DMP